Virus: ADS BY SHOWPASSWORD

Résolu
lulu1844 Messages postés 86 Date d'inscription   Statut Membre Dernière intervention   -  
Malekal_morte- Messages postés 180304 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   -
Bonjour ä tous,

je suis tout le temps embêtée par las pop-ups de ADS BY SHOWPASSWORD. J'ai essayé avec Malwarebytes, JRT, Adw cleaner mais ils sont toujours présentes.

Y-a-t il quelqu'un disponible à me donner un coup de main pour nettoyer l'ordi?

Votre soutiens est fort apprécié.
Merci
A voir également:

11 réponses

Réponse 1 / 11
Malekal_morte- Messages postés 180304 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 685
 
Salut,

Tu as installé des adwares et programmes parasites sur ton PC qui ouvrent des publicités et ralentissent l'ordinateur et les navigateurs WEB.
Voici la procédure à suivre pour les supprimer :

Suis la procédure suivante : https://www.commentcamarche.net/faq/2490-supprimer-les-adwares-publicites-intempestives-pop-up-etc
Fournis les rapports AdwCleaner et OTL via le site pjjoint comme cela est demandé.

Tu dois :
1/ Donne le rapport AdwCleaner.
2/ Réinitialiser les navigateurs
3/ Faire un scan OTL et fournir le ou les rapports.

Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
0
Réponse 2 / 11
lulu1844
 
Bonjour et merci pour avoir répondu.

Voici les rapports:

# AdwCleaner v3.212 - Rapport créé le 08/06/2014 à 14:48:49
# Mis à jour le 05/06/2014 par Xplode
# Système d'exploitation : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# Nom d'utilisateur : Verena - PC-DE-VERENA
# Exécuté depuis : C:\Users\Verena\Pictures\Downloads\adwcleaner_3.212 (1).exe
# Option : Nettoyer

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****

Fichier Supprimé : C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Fichier Supprimé : C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Raccourcis ] *****


***** [ Registre ] *****

Clé Supprimée : HKCU\Software\AppDataLow\Software\Show-Password

***** [ Navigateurs ] *****

-\\ Internet Explorer v7.0.6001.18639


-\\ Google Chrome v35.0.1916.114

[ Fichier : C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2462 octets] - [08/06/2014 11:07:27]
AdwCleaner[R1].txt - [1291 octets] - [08/06/2014 11:28:54]
AdwCleaner[R2].txt - [1065 octets] - [08/06/2014 12:47:56]
AdwCleaner[R3].txt - [1475 octets] - [08/06/2014 14:46:38]
AdwCleaner[S0].txt - [2548 octets] - [08/06/2014 11:08:46]
AdwCleaner[S1].txt - [1355 octets] - [08/06/2014 11:32:05]
AdwCleaner[S2].txt - [1399 octets] - [08/06/2014 14:48:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1459 octets] ##########

et le OTL
OTL logfile created on: 08.06.2014 15:32:31 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Verena\Pictures\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000100C | Country: Suisse | Language: FRS | Date Format: dd.MM.yyyy

2.93 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 43.71% Memory free
6.06 Gb Paging File | 3.66 Gb Available in Paging File | 60.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.17 Gb Total Space | 61.45 Gb Free Space | 42.62% Space Free | Partition Type: NTFS
Drive D: | 144.15 Gb Total Space | 143.87 Gb Free Space | 99.80% Space Free | Partition Type: NTFS

Computer Name: PC-DE-VERENA | User Name: Verena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 180 Days

[color=#E56717]========== Processes (SafeList) ==========/color

PRC - [2014.06.08 15:30:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Verena\Pictures\Downloads\OTL.exe
PRC - [2014.06.08 09:45:41 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2014.06.08 09:45:21 | 000,425,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2014.06.08 09:45:17 | 000,737,872 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2014.06.08 09:45:17 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2014.05.14 01:40:56 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014.05.09 13:45:54 | 000,263,048 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe
PRC - [2014.04.30 19:44:46 | 000,143,872 | ---- | M] () -- C:\Program Files\Show-Password-soft\Show-Passwordnt161.exe
PRC - [2014.04.30 19:44:46 | 000,077,312 | ---- | M] () -- C:\Program Files\Show-Password-soft\Show-Passwordh.exe
PRC - [2013.12.20 11:31:09 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Verena\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.09.11 00:02:24 | 000,809,480 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008.07.29 20:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2008.06.13 23:52:52 | 006,183,456 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.06.11 11:22:16 | 000,409,600 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008.05.14 18:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.05.14 18:05:22 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008.04.18 15:18:02 | 000,167,936 | ---- | M] (Acer Corp.) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2008.04.10 16:30:20 | 000,167,936 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
PRC - [2008.04.10 16:30:14 | 000,147,456 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2008.03.21 13:22:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008.03.18 21:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008.01.16 18:35:02 | 000,081,504 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe


[color=#E56717]========== Modules (No Company Name) ==========/color

MOD - [2014.05.14 01:40:54 | 000,414,536 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
MOD - [2014.05.14 01:40:53 | 013,695,816 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll
MOD - [2014.05.14 01:40:50 | 004,217,672 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll
MOD - [2014.05.14 01:40:43 | 001,732,424 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
MOD - [2014.04.30 19:44:46 | 000,077,312 | ---- | M] () -- C:\Program Files\Show-Password-soft\Show-Passwordh.exe
MOD - [2013.12.22 18:38:06 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c933fd5d1d27f268331890d7ddba8fec\System.ServiceProcess.ni.dll
MOD - [2013.12.22 18:38:00 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2013.12.22 18:24:54 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2013.12.22 18:24:44 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2013.12.22 18:23:30 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2013.12.22 18:23:12 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2008.07.29 20:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2008.06.11 11:21:46 | 000,204,800 | ---- | M] () -- C:\Windows\System32\SysHook.dll
MOD - [2008.05.14 18:05:10 | 000,227,888 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2008.05.08 08:30:45 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3006.0__3036420f80dd6947\Framework.Library.dll
MOD - [2008.05.08 08:30:45 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3006.0__4df5dcab8860d239\Framework.Utility.dll
MOD - [2008.05.08 08:30:45 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3006.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
MOD - [2008.04.10 16:30:22 | 000,753,664 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll
MOD - [2008.04.10 16:30:18 | 000,007,680 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll
MOD - [2008.04.04 03:00:58 | 000,003,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
MOD - [2003.06.07 23:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll


[color=#E56717]========== Services (SafeList) ==========/color

SRV - [2014.06.08 09:45:41 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014.06.08 09:45:23 | 001,039,440 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2014.06.08 09:45:17 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014.05.18 22:04:38 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.04.30 19:44:46 | 000,143,872 | ---- | M] () [Auto | Running] -- C:\Program Files\Show-Password-soft\Show-Passwordnt161.exe -- (Show-Password)
SRV - [2013.10.23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2008.05.14 18:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.03.21 13:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.03.18 21:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2008.01.16 18:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)


[color=#E56717]========== Driver Services (SafeList) ==========/color

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2014.06.08 12:56:54 | 000,110,296 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014.06.08 09:45:17 | 000,136,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2014.06.08 09:45:17 | 000,093,528 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.12.13 16:03:37 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2013.12.13 16:03:28 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2008.04.28 16:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.04.18 15:01:24 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008.03.21 10:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008.03.01 01:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.01.16 18:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)


[color=#E56717]========== Standard Registry (SafeList) ==========/color


[color=#E56717]========== Internet Explorer ==========/color

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vp32&d=1213&m=aspire_5735
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-4097970096-2108017137-3102837390-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vp32&d=1213&m=aspire_5735
IE - HKU\S-1-5-21-4097970096-2108017137-3102837390-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4097970096-2108017137-3102837390-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-4097970096-2108017137-3102837390-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vp32&d=1213&m=aspire_5735
IE - HKU\S-1-5-21-4097970096-2108017137-3102837390-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4097970096-2108017137-3102837390-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4097970096-2108017137-3102837390-1000\..\SearchScopes\{CAF5F9A9-FB81-4867-98C5-1B390C9729AF}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW
IE - HKU\S-1-5-21-4097970096-2108017137-3102837390-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-4097970096-2108017137-3102837390-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:14296


[color=#E56717]========== FireFox ==========/color

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{18724931-d673-4147-959c-3634ac59e5b5}: C:\Program Files\Show-Password\150.xpi


[color=#E56717]========== Chrome ==========/color

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://google.ch/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Drive = C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Recherche Google = C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-4097970096-2108017137-3102837390-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4097970096-2108017137-3102837390-1000..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4097970096-2108017137-3102837390-1000\..Trusted Ranges: GD ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CEB83D3-FC4C-4FDE-B150-6AB1C6FC0558}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E050CE38-3241-43F1-8365-271237D36273}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Verena\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Verena\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.03.27 14:31:11 | 000,000,000 | RHSD | M] - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

[color=#E56717]========== Files/Folders - Created Within 180 Days ==========/color

[2014.06.08 12:50:58 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014.06.08 12:50:23 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Verena\Desktop\JRT_NEW.exe
[2014.06.08 11:07:44 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014.06.08 11:07:25 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.06.08 10:23:34 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
[2014.06.08 10:15:50 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2014.06.08 10:15:50 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014.05.23 14:12:02 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2014.05.23 14:11:38 | 000,000,000 | ---D | C] -- C:\OEM
[2014.05.23 14:01:00 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\Microsoft Corporation
[2014.05.21 20:46:43 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014.05.21 20:46:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014.05.21 20:46:24 | 000,074,456 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014.05.21 20:46:24 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014.05.21 20:46:24 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014.05.21 20:46:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014.05.21 20:46:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014.04.30 19:44:47 | 000,000,000 | ---D | C] -- C:\Program Files\Show-Password-soft
[2014.04.03 09:44:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014.04.03 09:43:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2014.01.10 22:41:30 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Roaming\Skype
[2014.01.10 22:41:16 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2014.01.10 22:41:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014.01.10 22:41:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2014.01.10 22:41:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2014.01.09 22:29:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2014.01.09 21:13:47 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\Microsoft Games
[2014.01.06 21:14:39 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Roaming\OpenOffice
[2014.01.06 21:13:42 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
[2014.01.06 21:12:56 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice 4
[2014.01.06 14:22:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014.01.05 22:53:47 | 000,000,000 | R--D | C] -- C:\Users\Verena\Documents\Notes
[2014.01.03 19:21:56 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\cache
[2014.01.03 19:20:45 | 000,000,000 | ---D | C] -- C:\ProgramData\VistaCodecs
[2014.01.03 19:00:36 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Roaming\vlc
[2014.01.03 18:59:02 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013.12.25 17:35:05 | 000,000,000 | R--D | C] -- C:\Users\Verena\Documents\Verena documents
[2013.12.25 17:27:55 | 000,000,000 | ---D | C] -- C:\Users\Verena\Desktop\Show D 8 Jahre
[2013.12.21 23:06:47 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2013.12.21 23:06:47 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2013.12.21 23:06:47 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2013.12.21 21:45:38 | 000,000,000 | ---D | C] -- C:\Users\Verena\restore
[2013.12.21 21:10:28 | 000,000,000 | ---D | C] -- C:\ProgramData\tmp
[2013.12.21 21:10:28 | 000,000,000 | ---D | C] -- C:\ProgramData\hps
[2013.12.21 21:10:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Migros Photo Service
[2013.12.21 17:51:07 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2013.12.20 23:57:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013.12.20 22:48:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2013.12.20 21:01:00 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2013.12.20 21:00:57 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2013.12.20 21:00:57 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2013.12.20 20:51:42 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2013.12.20 20:29:00 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013.12.20 20:29:00 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2013.12.20 20:28:59 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2013.12.20 20:28:59 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2013.12.20 20:28:59 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2013.12.20 20:28:57 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2013.12.20 20:21:02 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2013.12.20 20:20:58 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2013.12.20 20:18:00 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2013.12.20 20:17:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2013.12.20 20:16:47 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2013.12.20 20:14:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2013.12.20 20:14:44 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2013.12.20 20:14:44 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2013.12.20 20:14:44 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2013.12.20 20:14:43 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2013.12.20 20:14:43 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2013.12.20 20:14:41 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2013.12.20 20:14:41 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2013.12.20 20:14:41 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2013.12.20 20:14:40 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2013.12.20 20:14:40 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2013.12.20 20:14:36 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2013.12.20 20:14:36 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2013.12.20 20:14:36 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2013.12.20 20:14:36 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2013.12.20 20:14:36 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2013.12.20 20:12:08 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2013.12.20 20:12:07 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2013.12.20 20:12:05 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2013.12.20 20:11:49 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.12.20 20:11:49 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.12.20 20:11:43 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2013.12.20 20:11:43 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2013.12.20 20:10:41 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2013.12.20 20:10:41 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2013.12.20 20:10:34 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2013.12.20 20:10:33 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2013.12.20 20:10:23 | 002,927,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2013.12.20 20:10:21 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2013.12.20 20:10:19 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2013.12.20 20:10:19 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013.12.20 20:10:16 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2013.12.20 20:10:16 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2013.12.20 20:10:16 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2013.12.20 20:10:16 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2013.12.20 20:10:16 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2013.12.20 20:10:16 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2013.12.20 20:10:15 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2013.12.20 20:10:15 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2013.12.20 20:10:15 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2013.12.20 20:10:10 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2013.12.20 20:10:10 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2013.12.20 20:10:10 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2013.12.20 20:10:10 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2013.12.20 20:10:08 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2013.12.20 20:10:02 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2013.12.20 20:10:00 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2013.12.20 20:09:34 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2013.12.20 20:09:34 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2013.12.20 20:09:34 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2013.12.20 20:09:34 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2013.12.20 20:09:34 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2013.12.20 20:09:34 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2013.12.20 20:09:34 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2013.12.20 20:09:20 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2013.12.20 20:09:18 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2013.12.20 20:09:14 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2013.12.20 20:09:14 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2013.12.20 20:09:13 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2013.12.20 20:09:07 | 002,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2013.12.20 20:09:07 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2013.12.20 20:08:57 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2013.12.20 20:08:57 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2013.12.20 20:08:22 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013.12.20 20:05:57 | 003,548,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.12.20 20:05:56 | 003,600,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.12.20 20:05:54 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2013.12.20 20:05:54 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2013.12.20 20:05:34 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2013.12.20 20:05:33 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2013.12.20 20:05:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013.12.20 20:05:07 | 002,042,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.12.20 20:04:52 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2013.12.20 20:04:52 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2013.12.20 20:04:50 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2013.12.20 20:04:49 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2013.12.20 20:04:47 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2013.12.20 19:59:46 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2013.12.20 19:59:46 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2013.12.20 19:59:46 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2013.12.20 19:59:46 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2013.12.20 19:59:46 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2013.12.20 19:59:46 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2013.12.20 19:59:45 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2013.12.20 19:59:23 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.12.20 19:59:21 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2013.12.20 19:59:21 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.12.20 19:59:21 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.12.20 19:59:21 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.12.20 19:59:21 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2013.12.20 19:59:21 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.12.20 19:59:20 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.12.20 19:59:20 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.12.20 19:59:20 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2013.12.20 19:59:20 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.12.20 19:59:20 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.12.20 19:59:15 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2013.12.20 19:59:15 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2013.12.20 19:59:10 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2013.12.20 19:59:10 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2013.12.20 19:59:10 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2013.12.20 19:58:59 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2013.12.20 19:58:48 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013.12.20 19:58:48 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2013.12.20 19:58:48 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013.12.20 19:58:48 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2013.12.20 19:54:06 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2013.12.20 19:54:06 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2013.12.20 19:53:02 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2013.12.20 19:51:11 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2013.12.20 19:51:09 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2013.12.20 19:51:09 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2013.12.20 19:51:09 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2013.12.20 19:50:44 | 000,380,928 | ---- | C] (Acer Incorporated) -- C:\Windows\AcerStore.exe
[2013.12.20 19:50:25 | 000,199,176 | ---- | C] (Dritek System Inc.) -- C:\Windows\GVUni.exe
[2013.12.20 19:49:33 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2013.12.20 19:49:33 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013.12.20 19:48:46 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2013.12.20 19:44:38 | 001,582,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2013.12.20 19:44:38 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2013.12.20 19:44:38 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2013.12.20 19:44:38 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2013.12.20 19:44:37 | 001,418,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2013.12.20 19:44:37 | 000,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2013.12.20 19:44:37 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2013.12.20 19:44:37 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2013.12.20 19:44:37 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2013.12.20 19:44:37 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2013.12.20 19:44:37 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2013.12.20 19:44:36 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2013.12.20 19:44:36 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2013.12.20 19:44:36 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2013.12.20 19:44:36 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2013.12.20 19:44:36 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2013.12.20 19:44:36 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2013.12.20 19:44:36 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2013.12.20 19:44:36 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2013.12.20 19:44:36 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2013.12.20 19:44:36 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2013.12.20 19:44:36 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2013.12.20 19:44:35 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2013.12.20 19:43:49 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2013.12.20 19:43:49 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2013.12.20 19:43:49 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2013.12.20 19:42:47 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2013.12.20 19:42:29 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2013.12.20 19:42:29 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2013.12.20 19:41:10 | 000,885,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2013.12.20 19:40:34 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2013.12.20 19:39:09 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2013.12.20 19:38:48 | 001,695,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2013.12.20 19:37:02 | 000,988,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2013.12.20 19:37:02 | 000,927,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2013.12.20 19:37:02 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2013.12.20 19:37:02 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2013.12.20 19:37:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2013.12.20 19:37:01 | 000,615,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2013.12.20 19:37:01 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2013.12.20 19:37:01 | 000,019,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2013.12.20 19:37:01 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2013.12.20 19:35:56 | 000,000,000 | ---D | C] -- C:\Windows\Users
[2013.12.20 19:35:23 | 000,207,368 | ---- | C] (Dritek System Inc.) -- C:\Windows\UNINST32.EXE
[2013.12.20 19:35:19 | 003,658,752 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\NETw5v32.sys
[2013.12.20 19:35:19 | 002,756,608 | ---- | C] (Intel Corporation) -- C:\Windows\System32\NETw5r32.dll
[2013.12.20 19:35:19 | 000,659,456 | ---- | C] (Intel Corporation) -- C:\Windows\System32\NETw5c32.dll
[2013.12.20 19:35:06 | 001,202,560 | ---- | C] (Agere Systems) -- C:\Windows\System32\drivers\AGRSM.sys
[2013.12.20 19:35:06 | 000,054,824 | ---- | C] (Agere Systems) -- C:\Windows\agrsmdel.exe
[2013.12.20 19:35:06 | 000,013,312 | ---- | C] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
[2013.12.20 19:35:06 | 000,013,312 | ---- | C] (Agere Systems) -- C:\Windows\System32\agrscoin.dll
[2013.12.20 19:34:50 | 005,697,536 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxress.dll
[2013.12.20 19:34:50 | 003,313,664 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igdumd32.dll
[2013.12.20 19:34:50 | 002,420,736 | ---- | C] (Intel Corporation) -- C:\Windows\System32\ig4icd32.dll
[2013.12.20 19:34:50 | 002,179,072 | ---- | C] (Intel Corporation) -- C:\Windows\System32\ig4dev32.dll
[2013.12.20 19:34:50 | 002,174,976 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igd10umd32.dll
[2013.12.20 19:34:50 | 000,641,560 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxcfg.exe
[2013.12.20 19:34:50 | 000,536,576 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igdumdx32.dll
[2013.12.20 19:34:50 | 000,278,528 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrell.lrc
[2013.12.20 19:34:50 | 000,274,432 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrita.lrc
[2013.12.20 19:34:50 | 000,274,432 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrdeu.lrc
[2013.12.20 19:34:50 | 000,270,336 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrnld.lrc
[2013.12.20 19:34:50 | 000,270,336 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrfra.lrc
[2013.12.20 19:34:50 | 000,270,336 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxresp.lrc
[2013.12.20 19:34:50 | 000,262,144 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrrus.lrc
[2013.12.20 19:34:50 | 000,262,144 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrptg.lrc
[2013.12.20 19:34:50 | 000,258,048 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrptb.lrc
[2013.12.20 19:34:50 | 000,258,048 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrplk.lrc
[2013.12.20 19:34:50 | 000,258,048 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrhun.lrc
[2013.12.20 19:34:50 | 000,253,952 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrsve.lrc
[2013.12.20 19:34:50 | 000,253,952 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrdan.lrc
[2013.12.20 19:34:50 | 000,253,952 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrcsy.lrc
[2013.12.20 19:34:50 | 000,249,856 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxTMM.dll
[2013.12.20 19:34:50 | 000,249,856 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrtrk.lrc
[2013.12.20 19:34:50 | 000,249,856 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrsky.lrc
[2013.12.20 19:34:50 | 000,249,856 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrnor.lrc
[2013.12.20 19:34:50 | 000,249,856 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrfin.lrc
[2013.12.20 19:34:50 | 000,245,760 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrslv.lrc
[2013.12.20 19:34:50 | 000,245,760 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrenu.lrc
[2013.12.20 19:34:50 | 000,233,472 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrtha.lrc
[2013.12.20 19:34:50 | 000,225,280 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrara.lrc
[2013.12.20 19:34:50 | 000,221,184 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrheb.lrc
[2013.12.20 19:34:50 | 000,204,800 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxpph.dll
[2013.12.20 19:34:50 | 000,180,224 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrjpn.lrc
[2013.12.20 19:34:50 | 000,176,128 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrkor.lrc
[2013.12.20 19:34:50 | 000,170,520 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxzoom.exe
[2013.12.20 19:34:50 | 000,151,552 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrchs.lrc
[2013.12.20 19:34:50 | 000,147,456 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrcht.lrc
[2013.12.20 19:34:50 | 000,135,168 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxdo.dll
[2013.12.20 19:34:50 | 000,126,976 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxcpl.cpl
[2013.12.20 19:34:50 | 000,106,496 | ---- | C] (Intel Corporation) -- C:\Windows\System32\hccutils.dll
[2013.12.20 19:34:50 | 000,069,632 | ---- | C] (Intel Corporation) -- C:\Windows\System32\oemdspif.dll
[2013.12.20 19:34:50 | 000,051,712 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.dll
[2013.12.20 19:34:50 | 000,024,576 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxexps.dll
[2013.12.20 19:34:46 | 000,020,480 | ---- | C] (Wistron Corp.) -- C:\Windows\PATCHFUL.EXE
[2013.12.20 19:34:45 | 000,000,000 | ---D | C] -- C:\Windows\Lan
[2013.12.20 13:12:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Desktop
[2013.12.20 13:06:32 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\CyberLink
[2013.12.20 13:06:28 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\SoftDMA
[2013.12.20 13:06:26 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\Acer Arcade Deluxe
[2013.12.20 13:06:25 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Roaming\CyberLink
[2013.12.20 12:55:45 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\Microsoft Help
[2013.12.20 12:51:20 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Local\Macromedia
0
Réponse 3 / 11
Malekal_morte- Messages postés 180304 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 685
 
Le rapport OTL est à donner via pjjoint, comme demandé/expliqué.
0
Réponse 4 / 11
lulu1844 Messages postés 86 Date d'inscription   Statut Membre Dernière intervention  
 
voici le lien:
https://pjjoint.malekal.com/files.php?id=20140608_p6v14z11r11y9

et pour les extras:
https://pjjoint.malekal.com/files.php?id=20140608_c9d13k6p7r15
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 11
Malekal_morte- Messages postés 180304 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 685
 
* Relance OTL.
Copie/colle le script ci-dessous en gras dans la fenêtre OTL, tout en bas, dans la partie Personnalisation.


:OTL
SRV - [2014.04.30 19:44:46 | 000,143,872 | ---- | M] () [Auto | Running] -- C:\Program Files\Show-Password-soft\Show-Passwordnt161.exe -- (Show-Password)
[2014.06.08 16:45:27 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\Show-Password_wd.job
:files
C:\Program Files\Show-Password-soft\



Clic sur Correction.


* poste le rapport ici

Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
0
Réponse 6 / 11
lulu1844 Messages postés 86 Date d'inscription   Statut Membre Dernière intervention  
 
le voici:

========== OTL ==========
Service Show-Password stopped successfully!
Service Show-Password deleted successfully!
C:\Program Files\Show-Password-soft\Show-Passwordnt161.exe moved successfully.
C:\Windows\Tasks\Show-Password_wd.job moved successfully.
========== FILES ==========
Folder move failed. C:\Program Files\Show-Password-soft scheduled to be moved on reboot.

OTL by OldTimer - Version 3.2.69.0 log created on 06082014_174531

Files\Folders moved on Reboot...
Folder move failed. C:\Program Files\Show-Password-soft scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
0
Réponse 7 / 11
Malekal_morte- Messages postés 180304 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 685
 
y a du mieux au niveau des pubs?
0
Réponse 8 / 11
lulu1844 Messages postés 86 Date d'inscription   Statut Membre Dernière intervention  
 
ça tout l'aire, Merci !!

est-il propre maintenant?
0
Réponse 9 / 11
Malekal_morte- Messages postés 180304 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 685
 
oui :)

Installe Malwarebyte's Anti-Malware : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Fais des scans réguliers avec, il est efficace.



Pour ne plus te faire avoir.
A lire - Programmes parasites / PUPs : https://www.malekal.com/adwares-pup-protection/


0
Réponse 10 / 11
lulu1844 Messages postés 86 Date d'inscription   Statut Membre Dernière intervention  
 
Merci pour la patience.
Je peu le considérer désormais comme résolu.

Amicalement
0
Malekal_morte- Messages postés 180304 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 685
 
Pas de soucis :)
0
Réponse 11 / 11
Malekal_morte- Messages postés 180304 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 685
 
Au fait ton Windows n'est pas à jour, faudrait installer le service pack 2 : http://www.microsoft.com/fr-fr/download/details.aspx?id=16468

Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
message de postmaster incessant !
wasap -
wasap -

9 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses