Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

URL:Mal infection and USB keys full of shortcuts [Solved]


  • This topic is locked This topic is locked

#1
akao

akao

    New Member

  • Member
  • Pip
  • 6 posts
Hi all,

After having plugged an infected USB key in my laptop, I get the following behavior:

- every file that I put on a key is now converted into a shortcut
- Avast is complaining about a URL:Mal infection and refers to some URL (playgame.servecounterstrike.com:3/is-ready) but it is unable to remove it
- my internet browsing is getting really slow, both with Chrome and Firefox. When I open a new tab, the browser just hangs for a few seconds.
- when I launch the Windows Task Manager, I only see the "processes" tab, the other tabs are hidden.

I installed (too late) MCShield to protect from USB infection. I don't know whether it would have helped.

Any help would be greatly appreciated. Here is the OTL log...
Cheers,
Akao


OTL logfile created on: 02/12/2013 21:11:05 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\llg\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 0000040c | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy

3,98 Gb Total Physical Memory | 1,02 Gb Available Physical Memory | 25,58% Memory free
7,96 Gb Paging File | 2,47 Gb Available in Paging File | 31,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582,56 Gb Total Space | 29,70 Gb Free Space | 5,10% Space Free | Partition Type: NTFS

Computer Name: GALOIS | User Name: llg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/28 13:35:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\llg\Desktop\OTL.exe
PRC - [2013/11/24 12:25:19 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/11/24 12:25:19 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/11/21 08:11:43 | 000,390,256 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2013/11/18 15:18:39 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/10/26 11:15:44 | 000,607,232 | ---- | M] (MyCity) -- C:\Program Files (x86)\MCShield\MCShieldRTM.exe
PRC - [2013/10/25 02:34:06 | 002,480,408 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/10/25 02:34:06 | 001,444,120 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/10/03 19:40:16 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2013/10/03 19:40:16 | 000,083,072 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files (x86)\Real\RealPlayer\Update\realonemessagecenter.exe
PRC - [2013/08/14 14:19:22 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/05/22 19:36:58 | 000,400,704 | ---- | M] () -- C:\Users\llg\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/10/12 13:02:44 | 000,054,760 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCService.exe
PRC - [2012/09/13 20:30:03 | 000,146,944 | ---- | M] (Andy Koppe) -- C:\cygwin\bin\mintty.exe
PRC - [2012/02/14 10:35:01 | 008,650,293 | ---- | M] (Free Software Foundation) -- C:\Users\llg\emacs-23.4\bin\emacs.exe
PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/03/31 14:37:36 | 000,146,592 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011/03/05 15:42:36 | 000,180,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2011/03/05 15:42:36 | 000,064,704 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2011/02/26 00:01:28 | 000,536,078 | ---- | M] () -- C:\cygwin\bin\bash.exe
PRC - [2011/02/23 13:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2011/02/15 10:47:02 | 002,757,312 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2011/02/01 12:20:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 12:20:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/12/01 05:42:14 | 000,104,712 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe
PRC - [2010/12/01 05:42:12 | 000,601,600 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\openvpn.exe
PRC - [2010/11/26 23:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/11/26 23:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010/09/13 17:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/09/13 17:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/11/08 23:18:00 | 000,065,216 | ---- | M] (WordWeb Software) -- C:\Program Files (x86)\WordWeb\wweb32.exe
PRC - [2007/11/21 03:12:27 | 003,297,280 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Talk\googletalk.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/24 12:25:19 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/11/21 08:11:44 | 003,008,624 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2013/11/21 08:11:44 | 000,158,832 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2013/11/21 08:11:44 | 000,023,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2013/11/18 15:18:38 | 003,363,952 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/11/14 12:29:31 | 000,399,312 | ---- | M] () -- C:\Users\llg\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
MOD - [2013/11/14 12:29:30 | 013,582,800 | ---- | M] () -- C:\Users\llg\AppData\Local\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
MOD - [2013/11/14 12:29:29 | 004,055,504 | ---- | M] () -- C:\Users\llg\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll
MOD - [2013/11/14 12:28:37 | 000,702,416 | ---- | M] () -- C:\Users\llg\AppData\Local\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
MOD - [2013/11/14 12:28:36 | 000,099,792 | ---- | M] () -- C:\Users\llg\AppData\Local\Google\Chrome\Application\31.0.1650.57\libegl.dll
MOD - [2013/11/14 12:28:34 | 001,619,408 | ---- | M] () -- C:\Users\llg\AppData\Local\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
MOD - [2013/10/29 07:27:29 | 001,127,152 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2013/10/10 02:58:35 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/10/10 02:49:57 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/10 02:49:41 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/09/13 02:07:39 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/08/18 15:09:23 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\72a01c3b91205094f1c3b17dee7eec97\IAStorUtil.ni.dll
MOD - [2013/08/16 22:41:34 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/16 22:41:07 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/16 22:39:51 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/12 04:22:40 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\c1135ff61820f7a77986a1139b92c126\IAStorCommon.ni.dll
MOD - [2013/07/12 02:58:23 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/05/22 19:36:58 | 000,400,704 | ---- | M] () -- C:\Users\llg\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
MOD - [2012/10/14 12:44:44 | 000,072,416 | ---- | M] () -- C:\Program Files\TortoiseGit\bin\zlib132.dll
MOD - [2012/10/14 12:44:36 | 000,392,416 | ---- | M] () -- C:\Program Files\TortoiseGit\bin\libgit232.dll
MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2012/05/12 04:09:28 | 000,236,864 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2012/05/04 22:07:17 | 000,165,902 | ---- | M] () -- C:\cygwin\bin\cygreadline7.dll
MOD - [2012/02/14 10:35:02 | 000,504,492 | ---- | M] () -- C:\Users\llg\emacs-23.4\bin\libxpm.dll
MOD - [2012/01/08 14:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2011/10/26 05:26:36 | 000,080,910 | ---- | M] () -- C:\cygwin\bin\cyggcc_s-1.dll
MOD - [2011/07/13 20:06:53 | 000,022,800 | ---- | M] () -- C:\Program Files (x86)\WordWeb\WUCNT.dll
MOD - [2011/02/26 00:01:28 | 000,536,078 | ---- | M] () -- C:\cygwin\bin\bash.exe
MOD - [2010/12/01 05:42:14 | 001,207,808 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\libeay32.dll
MOD - [2010/12/01 05:42:14 | 000,245,248 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\libssl32.dll
MOD - [2010/12/01 05:42:14 | 000,104,712 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe
MOD - [2010/12/01 05:42:14 | 000,086,528 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\libpkcs11-helper-1.dll
MOD - [2010/12/01 05:42:12 | 000,601,600 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\openvpn.exe
MOD - [2010/11/13 00:52:13 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/08/20 11:18:12 | 000,100,352 | ---- | M] () -- C:\Program Files (x86)\Graphviz 2.28\bin\zlib1.dll
MOD - [2010/08/17 16:38:28 | 000,230,529 | ---- | M] () -- C:\Program Files (x86)\Graphviz 2.28\bin\libpng14-14.dll
MOD - [2010/01/02 21:35:45 | 000,249,870 | ---- | M] () -- C:\cygwin\bin\cygncursesw-10.dll


========== Services (SafeList) ==========

SRV:64bit: - File not found [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe /service /sstates /sampleinterval=10000 /procinterval=5 /dllinterval=120 /counter=\Processor(_Total)\% Processor Time:1 /counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1 /counter=\Network Interface(*)\Bytes Total/sec:1 /expandcounter=\Processor Information(*)\Processor Frequency:1 & /expandcounter=\Processor(*)\% Idle Time:1 /expandcounter=\Processor(*)\% C1 Time:1 /expandcounter=\Processor(*)\% C2 Time:1 /expandcounter=\Processor(*)\%C3 & Time:1 /expandcounter=\Processor(*)\% Processor Time:1 /directory=C:\ProgramData\Sony Corporation\VAIO Care\inteldata -- (SampleCollector)
SRV:64bit: - [2013/11/24 12:25:19 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/11/19 19:01:36 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/08/27 15:32:32 | 000,961,624 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV:64bit: - [2013/08/01 10:18:44 | 001,368,624 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update\VUAgent.exe -- (VUAgent)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/10/12 13:02:44 | 000,054,760 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)
SRV:64bit: - [2011/07/19 03:45:52 | 000,104,096 | ---- | M] (Atheros Communication Inc.) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe -- (DCDhcpService)
SRV:64bit: - [2011/05/19 18:15:44 | 000,549,616 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2011/02/18 21:15:06 | 000,099,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2011/02/18 21:02:08 | 000,385,336 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2011/01/20 11:27:18 | 000,286,936 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/11/18 15:18:38 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/25 02:34:06 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/08/14 14:19:22 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/05/12 04:09:42 | 000,380,224 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/04/25 19:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Disabled | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe -- (KSS)
SRV - [2012/03/30 12:26:52 | 000,237,328 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\MSS\3.0.271\McCHSvc.exe -- (McComponentHostServiceSony)
SRV - [2012/03/12 05:07:58 | 002,429,544 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/03/31 14:37:36 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011/03/31 14:36:44 | 000,075,936 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011/03/05 15:42:36 | 000,064,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2011/02/23 13:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2011/02/21 11:55:08 | 000,113,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2011/02/21 11:55:08 | 000,067,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2011/02/01 12:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 12:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/01/20 11:16:26 | 000,887,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010/12/01 05:42:12 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2010/11/26 23:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/09/13 17:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/10/03 00:21:56 | 000,038,688 | ---- | M] (International Business Machines Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\IBM\SQLLIB\BIN\db2mgmtsvc.exe -- (DB2MGMTSVC_DB2COPY1)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/24 12:25:22 | 001,032,416 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/11/24 12:25:22 | 000,409,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/11/24 12:25:22 | 000,205,320 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/11/24 12:25:22 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/11/24 12:25:22 | 000,084,328 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/11/24 12:25:22 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/11/24 12:25:22 | 000,065,264 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/11/24 12:25:22 | 000,038,984 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/10/25 02:34:18 | 000,317,808 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvolwin7.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 18:21:48 | 000,029,352 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirwin7.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 18:21:46 | 000,768,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfswin7.sys -- (Sftfs)
DRV:64bit: - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaywin7.sys -- (Sftplay)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/06/11 09:37:16 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/12 05:08:08 | 000,340,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/03 16:41:58 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011/09/20 16:23:40 | 000,317,776 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/06/21 00:03:42 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/03/31 14:36:58 | 000,287,392 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011/03/31 14:36:58 | 000,283,296 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011/03/31 14:36:58 | 000,059,040 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011/03/31 14:36:56 | 000,259,232 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011/03/31 14:36:56 | 000,166,048 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011/03/31 14:36:56 | 000,109,216 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2011/03/31 14:36:56 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011/03/31 14:36:56 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011/03/29 07:51:30 | 000,425,064 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/29 04:57:20 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/22 16:27:05 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/01 05:42:14 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 15:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/04/26 21:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2010/02/08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/10 21:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 13:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2008/11/16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2005/04/13 22:17:52 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0801.sys -- (tap0801)
DRV - [2013/10/29 07:27:27 | 000,606,672 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys -- (RapportCerberus_59849)
DRV - [2013/10/25 02:34:18 | 000,399,312 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2013/10/25 02:34:18 | 000,284,176 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{36668FFD-7809-43FB-A609-999C5A7AB5FE}: "URL" = http://search.foxtab...tD&cr=156153484

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.eu/vaioportal
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{2DBDB1E5-2234-4FEE-A09B-8D211469ECAB}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKCU\..\SearchScopes\{36668FFD-7809-43FB-A609-999C5A7AB5FE}: "URL" = http://search.foxtab...tD&cr=156153484
IE - HKCU\..\SearchScopes\{6FE6255D-4C77-488A-8C06-55B6D7E26252}: "URL" = http://search.condui...&ctid=CT1060933
IE - HKCU\..\SearchScopes\{70E053D1-92F3-4272-877F-43F08F50963D}: "URL" = http://services.zini...}&rf=sonyslices
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = hellman:8080

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: keefox%40chris.tomlinson:1.2.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\llg\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\llg\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\llg\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/10/03 19:42:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/12/28 09:55:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/10/03 19:42:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/11/24 12:25:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files (x86)\AVG\AVG2012\Thunderbird\ [2012/02/08 07:49:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\WordWeb\WCaptureMoz [2011/08/10 09:56:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/11/25 19:08:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\Extensions
[2012/10/01 06:54:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\Extensions-BackupByFirefoxPortable
[2013/10/23 09:48:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\1rfkg9zg.demo\extensions
[2012/09/29 19:57:05 | 000,000,000 | ---D | M] ("Giant Savings") -- C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\1rfkg9zg.demo\extensions\[email protected]
[2012/09/29 20:00:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\1rfkg9zg.demo\extensions\staged
[2013/10/23 09:48:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\as1j89ur.mc-rc\extensions
[2012/09/29 20:17:29 | 000,000,000 | ---D | M] ("Giant Savings") -- C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\as1j89ur.mc-rc\extensions\[email protected]
[2012/06/12 23:11:21 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\as1j89ur.mc-rc\extensions\[email protected]
[2012/05/23 06:21:39 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\as1j89ur.mc-rc\extensions\[email protected]
[2012/09/29 20:17:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\as1j89ur.mc-rc\extensions\crossriderapp4[email protected]\chrome\content\extensionCode
[2013/11/22 20:42:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\rxwg9y49.default-1384287076279\extensions
[2013/11/19 00:49:16 | 000,000,000 | ---D | M] (Dictionnaires français) -- C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\rxwg9y49.default-1384287076279\extensions\[email protected]
[2013/11/22 20:42:21 | 000,000,000 | ---D | M] (KeeFox) -- C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\rxwg9y49.default-1384287076279\extensions\[email protected]
[2013/10/23 09:48:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\zkkxm7hy.default\extensions
[2011/09/29 21:06:23 | 000,000,000 | ---D | M] (Clippings) -- C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\zkkxm7hy.default\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}
[2012/09/29 19:57:05 | 000,000,000 | ---D | M] ("Giant Savings") -- C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\zkkxm7hy.default\extensions\[email protected]
[2011/07/05 13:59:34 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\zkkxm7hy.default\extensions\[email protected]
[2012/09/29 20:00:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\zkkxm7hy.default\extensions\staged
[2012/03/02 22:49:33 | 000,000,000 | ---D | M] (Download Youtube Videos +) -- C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\zkkxm7hy.default\extensions\[email protected]
[2012/04/16 09:23:40 | 000,061,854 | ---- | M] () (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\firefox\profiles\as1j89ur.mc-rc\extensions\[email protected]
[2012/07/25 08:53:41 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\firefox\profiles\as1j89ur.mc-rc\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/11/14 14:42:01 | 000,261,871 | ---- | M] () (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\firefox\profiles\rxwg9y49.default-1384287076279\extensions\{ad0d925d-88f8-47f1-85ea-8463569e756e}.xpi
[2012/02/01 22:34:37 | 001,331,409 | ---- | M] () (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\firefox\profiles\zkkxm7hy.default\extensions\[email protected]
[2011/07/05 10:11:21 | 000,016,294 | ---- | M] () (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\firefox\profiles\zkkxm7hy.default\extensions\[email protected]
[2012/02/22 18:51:53 | 000,060,945 | ---- | M] () (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\firefox\profiles\zkkxm7hy.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2011/07/07 13:33:53 | 000,062,210 | ---- | M] () (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\firefox\profiles\zkkxm7hy.default\extensions\{ad0d925d-88f8-47f1-85ea-8463569e756e}.xpi
[2012/01/05 20:02:00 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\firefox\profiles\zkkxm7hy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/08/18 19:16:41 | 000,688,571 | ---- | M] () (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\firefox\profiles\zkkxm7hy.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
[2013/11/05 20:45:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/11/05 20:45:57 | 000,000,000 | ---D | M] (eID België) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/11/05 20:45:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/18 15:18:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\llg\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\llg\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\llg\AppData\Local\Google\Chrome\Application\31.0.1650.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\llg\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\llg\AppData\Roaming\Mozilla\plugins\npatgpc.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Users\llg\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: avast! Online Security = C:\Users\llg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0\
CHR - Extension: RealDownloader = C:\Users\llg\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\
CHR - Extension: Google\u00A0Wallet = C:\Users\llg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: avast! Online Security = C:\Users\llg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0\
CHR - Extension: RealDownloader = C:\Users\llg\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\
CHR - Extension: Google\u00A0Wallet = C:\Users\llg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\

O1 HOSTS File: ([2013/11/15 09:02:17 | 000,001,052 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 10.150.15.150 pxpac.intra.commercial-union.fr
O1 - Hosts: 10.118.178.96 fr-andromaque
O1 - Hosts: 10.118.15.57 fr-weringia
O1 - Hosts: 10.118.15.57 fr-weringia.activ.aviva.corp
O1 - Hosts: 10.118.132.17 vip-px.main.aviva.eu.corp
O1 - Hosts: 10.118.188.137 fr-informatix
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [TortoiseHgOverlayIconServer] C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe ()
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [AmazonMP3DownloaderHelper] C:\Users\llg\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe ()
O4 - HKCU..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [iTunesHelper] wscript.exe //B "C:\Users\llg\AppData\Local\Temp\iTunesHelper.vbe" File not found
O4 - HKCU..\Run: [KSS] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
O4 - HKCU..\Run: [MCShield Monitor] C:\Program Files (x86)\MCShield\MCShieldRTM.exe (MyCity)
O4 - HKCU..\Run: [WordWeb] C:\Program Files (x86)\WordWeb\wweb32.exe (WordWeb Software)
O4 - Startup: C:\Users\llg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.10.2)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_10)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.10.10.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C617CD7-7035-419E-B78C-542814540E45}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8211A9E6-1587-4AA7-B5F4-89716FFEDA52}: DhcpNameServer = 10.10.10.4
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6799cd41-20b4-11e1-8492-78843ce2ad95}\Shell - "" = AutoRun
O33 - MountPoints2\{6799cd41-20b4-11e1-8492-78843ce2ad95}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/28 13:54:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
[2013/11/28 13:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\MCShield
[2013/11/28 13:54:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MCShield
[2013/11/28 13:34:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\llg\Desktop\OTL.exe
[2013/11/28 08:55:33 | 000,000,000 | -HSD | C] -- C:\found.001
[2013/11/28 06:39:22 | 001,204,601 | ---- | C] (El Desaparecido - SosVirus.net - UsbFix.net) -- C:\Users\llg\Desktop\UsbFix.exe
[2013/11/24 12:29:50 | 000,000,000 | ---D | C] -- C:\Users\llg\AppData\Roaming\AVAST Software
[2013/11/24 12:26:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013/11/24 12:25:46 | 000,065,264 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/11/24 12:25:45 | 001,032,416 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/11/24 12:25:44 | 000,409,832 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/11/24 12:25:44 | 000,084,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/11/24 12:25:44 | 000,038,984 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/11/24 12:25:42 | 000,092,544 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/11/24 12:25:21 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/11/20 23:37:00 | 000,000,000 | ---D | C] -- C:\Users\llg\Documents\Berlin
[2013/11/20 23:36:51 | 000,000,000 | ---D | C] -- C:\Users\llg\Documents\Sude
[2013/11/20 23:36:51 | 000,000,000 | ---D | C] -- C:\Users\llg\Documents\rvolution
[2013/11/20 22:18:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/11/20 22:17:56 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/11/20 22:17:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/11/20 22:16:10 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\llg\Documents\mbam-setup-1.75.0.1300.exe
[2013/11/12 21:11:20 | 000,000,000 | ---D | C] -- C:\Users\llg\Desktop\Old Firefox Data
[2013/11/05 21:57:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
[2013/11/05 21:57:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/11/05 20:45:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[6 C:\Users\llg\Documents\*.tmp files -> C:\Users\llg\Documents\*.tmp -> ]
[11 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/02 21:19:34 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1301682024-956692067-4001901071-1000UA.job
[2013/12/02 21:18:42 | 000,001,018 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1301682024-956692067-4001901071-1000Core.job
[2013/12/02 20:54:33 | 001,110,034 | ---- | M] () -- C:\Users\llg\Desktop\adwcleaner.exe
[2013/12/02 20:38:07 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/02 20:24:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/01 23:37:25 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/01 20:15:11 | 000,021,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/01 20:15:11 | 000,021,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/30 22:37:12 | 3206,959,104 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/29 17:43:14 | 002,156,150 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/29 17:43:14 | 000,923,110 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2013/11/29 17:43:14 | 000,825,942 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/29 17:43:14 | 000,215,190 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2013/11/29 17:43:14 | 000,186,270 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/28 13:54:42 | 002,633,042 | ---- | M] () -- C:\Users\llg\Desktop\MCShield-Setup.exe
[2013/11/28 13:36:03 | 000,000,037 | ---- | M] () -- C:\Users\llg\AppData\Roaming\mbam.context.scan
[2013/11/28 13:35:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\llg\Desktop\OTL.exe
[2013/11/28 06:39:28 | 001,204,601 | ---- | M] (El Desaparecido - SosVirus.net - UsbFix.net) -- C:\Users\llg\Desktop\UsbFix.exe
[2013/11/26 16:42:56 | 000,218,289 | ---- | M] () -- C:\Users\llg\Documents\Lettre d'info n5 novembre 2013.pdf
[2013/11/26 16:13:27 | 000,138,278 | ---- | M] () -- C:\Users\llg\Documents\performance-tests.pdf
[2013/11/26 15:16:27 | 000,000,429 | ---- | M] () -- C:\Users\llg\Documents\jmeter-report-tarif-5f-p4.csv
[2013/11/24 12:26:38 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/11/24 12:25:22 | 001,032,416 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/11/24 12:25:22 | 000,409,832 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/11/24 12:25:22 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/11/24 12:25:22 | 000,205,320 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/11/24 12:25:22 | 000,092,544 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/11/24 12:25:22 | 000,084,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/11/24 12:25:22 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/11/24 12:25:22 | 000,065,264 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/11/24 12:25:22 | 000,038,984 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/11/24 12:25:21 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/11/24 10:39:33 | 656,686,397 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/11/21 08:12:09 | 000,002,110 | ---- | M] () -- C:\Users\llg\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2013/11/20 22:18:09 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/20 22:16:18 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\llg\Documents\mbam-setup-1.75.0.1300.exe
[2013/11/20 20:33:11 | 000,001,026 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/11/19 19:01:40 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/19 19:01:37 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/19 17:29:21 | 000,299,470 | ---- | M] () -- C:\Users\llg\Documents\2013-11-19-Performance-Ontologie-Rewire.pdf
[2013/11/19 17:29:08 | 000,298,331 | ---- | M] () -- C:\Users\llg\Documents\2013-11-19-Performance-Ontologie-Rewire.odp
[2013/11/19 11:27:33 | 000,000,600 | ---- | M] () -- C:\Users\llg\AppData\Local\PUTTY.RND
[2013/11/14 22:05:31 | 000,002,350 | ---- | M] () -- C:\Users\llg\Desktop\Google Chrome.lnk
[2013/11/12 14:27:55 | 000,104,392 | ---- | M] () -- C:\Users\llg\Documents\Groupon - Laser.pdf
[2013/11/08 22:44:33 | 000,104,392 | ---- | M] () -- C:\Users\llg\Documents\Groupon - ADC21C886B.pdf
[2013/11/05 22:16:40 | 000,224,058 | ---- | M] () -- C:\Users\llg\Documents\Latest_Ornano.pdf
[6 C:\Users\llg\Documents\*.tmp files -> C:\Users\llg\Documents\*.tmp -> ]
[11 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/02 20:54:21 | 001,110,034 | ---- | C] () -- C:\Users\llg\Desktop\adwcleaner.exe
[2013/11/28 13:54:23 | 002,633,042 | ---- | C] () -- C:\Users\llg\Desktop\MCShield-Setup.exe
[2013/11/28 13:36:03 | 000,000,037 | ---- | C] () -- C:\Users\llg\AppData\Roaming\mbam.context.scan
[2013/11/26 16:42:55 | 000,218,289 | ---- | C] () -- C:\Users\llg\Documents\Lettre d'info n5 novembre 2013.pdf
[2013/11/26 16:12:24 | 000,138,278 | ---- | C] () -- C:\Users\llg\Documents\performance-tests.pdf
[2013/11/26 15:16:27 | 000,000,429 | ---- | C] () -- C:\Users\llg\Documents\jmeter-report-tarif-5f-p4.csv
[2013/11/24 12:26:38 | 000,001,926 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/11/24 12:25:46 | 000,205,320 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/11/24 12:25:46 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/11/20 22:18:09 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/20 21:48:54 | 069,558,262 | -HS- | C] () -- C:\Users\llg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
[2013/11/19 19:01:40 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/19 19:01:37 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/19 17:28:17 | 000,298,331 | ---- | C] () -- C:\Users\llg\Documents\2013-11-19-Performance-Ontologie-Rewire.odp
[2013/11/19 17:02:44 | 000,299,470 | ---- | C] () -- C:\Users\llg\Documents\2013-11-19-Performance-Ontologie-Rewire.pdf
[2013/11/19 11:26:31 | 000,000,600 | ---- | C] () -- C:\Users\llg\AppData\Local\PUTTY.RND
[2013/11/12 14:27:41 | 000,104,392 | ---- | C] () -- C:\Users\llg\Documents\Groupon - Laser.pdf
[2013/11/08 22:44:27 | 000,104,392 | ---- | C] () -- C:\Users\llg\Documents\Groupon - ADC21C886B.pdf
[2013/10/24 22:29:41 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2013/07/18 22:55:11 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2013/05/31 08:43:44 | 000,000,079 | ---- | C] () -- C:\Users\llg\.scala_history
[2012/11/15 13:56:08 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2012/11/12 14:59:21 | 000,000,033 | ---- | C] () -- C:\Windows\iltwain.ini
[2012/04/23 16:03:28 | 000,004,133 | ---- | C] () -- C:\Users\llg\OLSUSR05.sp.sql
[2012/04/23 16:03:28 | 000,002,087 | ---- | C] () -- C:\Users\llg\OLSBRA03.sp.sql
[2012/04/23 16:03:28 | 000,001,764 | ---- | C] () -- C:\Users\llg\OLSCIR01.sp.sql
[2012/04/23 16:03:28 | 000,001,575 | ---- | C] () -- C:\Users\llg\OLUUSR04.sp.sql
[2012/04/23 16:03:28 | 000,001,373 | ---- | C] () -- C:\Users\llg\OLUUSR06.sp.sql
[2012/04/23 16:03:28 | 000,000,950 | ---- | C] () -- C:\Users\llg\OLSDOC30.sp.sql
[2012/04/23 16:03:28 | 000,000,619 | ---- | C] () -- C:\Users\llg\OLUEVE04.sp.sql
[2012/04/23 16:03:28 | 000,000,316 | ---- | C] () -- C:\Users\llg\OLSJRN01.sp.sql
[2012/04/23 16:03:28 | 000,000,308 | ---- | C] () -- C:\Users\llg\T093.sp.sql
[2012/02/13 18:04:48 | 000,001,196 | ---- | C] () -- C:\Users\llg\.emacs
[2012/02/13 18:04:48 | 000,001,187 | ---- | C] () -- C:\Users\llg\.emacs~
[2011/12/28 15:59:31 | 000,000,212 | ---- | C] () -- C:\Windows\ildasmfnt.bin
[2011/12/07 10:06:52 | 000,007,597 | ---- | C] () -- C:\Users\llg\AppData\Local\Resmon.ResmonCfg
[2011/09/01 17:01:16 | 000,011,314 | ---- | C] () -- C:\Users\llg\gsview64.ini
[2011/08/23 13:29:51 | 000,000,168 | ---- | C] () -- C:\Users\llg\AppData\Roaming\.emacs
[2011/08/23 13:29:51 | 000,000,065 | ---- | C] () -- C:\Users\llg\AppData\Roaming\.emacs~
[2011/07/05 07:24:17 | 000,000,457 | ---- | C] () -- C:\Users\llg\clipdat2.rdf
[2011/07/04 09:55:48 | 000,000,171 | ---- | C] () -- C:\Users\llg\notes~
[2011/07/04 09:55:48 | 000,000,000 | ---- | C] () -- C:\Users\llg\notes

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/07/06 08:39:35 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\.emacs.d
[2012/08/16 08:43:06 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\.visualvm
[2013/07/10 14:44:17 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\Amazon
[2012/04/16 09:22:27 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\Audacity
[2013/11/24 12:29:50 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\AVAST Software
[2012/02/08 07:48:51 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\AVG2012
[2012/10/01 06:25:52 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\BitTyrant
[2012/05/14 10:47:56 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\EAC
[2011/07/19 16:07:40 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\EDO
[2011/10/06 13:17:46 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\EurekaLog
[2013/11/12 11:17:45 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\FileZilla
[2012/06/11 22:34:10 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\gnupg
[2013/11/17 13:54:42 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\gtk-2.0
[2013/10/24 23:11:37 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\iolo
[2012/09/14 14:11:35 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\IsolatedStorage
[2011/11/04 10:06:22 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\JustDecompile
[2012/02/11 15:38:47 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\JustVoip
[2013/12/01 23:37:07 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\KeePass
[2012/03/11 13:19:36 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\langmaster.com
[2013/01/21 13:32:08 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\NetBeans
[2013/09/18 19:22:29 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\Notepad++
[2011/07/02 11:53:10 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\OpenOffice.org
[2011/10/04 15:44:16 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\Scooter Software
[2013/03/18 10:56:38 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\SoftGrid Client
[2011/07/03 08:53:58 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\Subversion
[2013/06/27 22:46:33 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\SumatraPDF
[2011/07/04 09:58:22 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\Thunderbird
[2013/02/13 13:18:39 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\TP
[2013/11/24 11:19:30 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\uTorrent
[2013/01/16 11:39:23 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\webex

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:F3F2C8D5

< End of report >
  • 0

Advertisements


#2
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,161 posts
Hello akao and welcome to the Virus, Spyware, Malware Removal forum !!

My name is Crowbar and I'll be the malware removal Geek that will be helping you remove any infections you may have on your computer.

  • Please read all of my response through at least once before attempting to follow the procedures described.
  • Please save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.
  • Please follow the steps exactly as written, in the same order.
  • If there's anything you don't understand or isn't totally clear, please ask me any questions that you may have.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • This process is not an instant process - please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
  • Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.
Also please note before we begin:
Please be aware that removing Malware can be a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot %100 guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before we start.

Hello,
Sorry about the delay - if you still need help, please follow the instructions below for me which will give us a up to date look into your system :
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    qmgr.dll
    winsock.*
    /md5stop
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • Post the log it produces in your next reply.

In your next reply I would like to see:
  • OTL custom scan log
  • There should be another file on your desktop Extras.txt - please post that one as well

  • 0

#3
akao

akao

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi,
Thanks for your reply. Here is the log of the custom scan you suggested (I have not found any Extra log):

OTL logfile created on: 08/12/2013 10:57:20 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\llg\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 0000040c | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy

3,98 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 52,48% Memory free
7,96 Gb Paging File | 5,76 Gb Available in Paging File | 72,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582,56 Gb Total Space | 79,63 Gb Free Space | 13,67% Space Free | Partition Type: NTFS

Computer Name: GALOIS | User Name: llg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/28 13:35:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\llg\Desktop\OTL.exe
PRC - [2013/11/24 12:25:19 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/11/24 12:25:19 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/11/23 10:13:53 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
PRC - [2013/11/18 15:18:39 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/10/26 11:15:44 | 000,607,232 | ---- | M] (MyCity) -- C:\Program Files (x86)\MCShield\MCShieldRTM.exe
PRC - [2013/10/25 02:34:06 | 002,480,408 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/10/25 02:34:06 | 001,444,120 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/10/03 19:40:16 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2013/10/03 19:40:16 | 000,083,072 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files (x86)\Real\RealPlayer\Update\realonemessagecenter.exe
PRC - [2013/08/14 14:19:22 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/05/22 19:36:58 | 000,400,704 | ---- | M] () -- C:\Users\llg\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/10/12 13:02:44 | 000,054,760 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCService.exe
PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/03/31 14:37:36 | 000,146,592 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011/03/05 15:42:36 | 000,180,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2011/03/05 15:42:36 | 000,064,704 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2011/02/23 13:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2011/02/15 10:47:02 | 002,757,312 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2011/02/01 12:20:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 12:20:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/26 23:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/11/26 23:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010/09/13 17:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/09/13 17:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/11/08 23:18:00 | 000,065,216 | ---- | M] (WordWeb Software) -- C:\Program Files (x86)\WordWeb\wweb32.exe
PRC - [2007/11/21 03:12:27 | 003,297,280 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Talk\googletalk.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/24 12:25:19 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/11/23 10:13:53 | 016,237,448 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll
MOD - [2013/11/18 15:18:38 | 003,363,952 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/10/29 07:27:29 | 001,127,152 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2013/10/10 02:58:35 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/10/10 02:49:57 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/10 02:49:41 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/09/13 02:09:01 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll
MOD - [2013/09/13 02:07:39 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/08/18 15:09:23 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\72a01c3b91205094f1c3b17dee7eec97\IAStorUtil.ni.dll
MOD - [2013/08/16 22:41:34 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/16 22:41:07 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/16 22:39:51 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/12 04:22:40 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\c1135ff61820f7a77986a1139b92c126\IAStorCommon.ni.dll
MOD - [2013/07/12 02:58:23 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/05/22 19:36:58 | 000,400,704 | ---- | M] () -- C:\Users\llg\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2012/05/12 04:09:28 | 000,236,864 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/07/13 20:06:53 | 000,022,800 | ---- | M] () -- C:\Program Files (x86)\WordWeb\WUCNT.dll
MOD - [2011/07/01 09:28:15 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_fr_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010/11/13 00:52:13 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll


========== Services (SafeList) ==========

SRV:64bit: - File not found [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe /service /sstates /sampleinterval=10000 /procinterval=5 /dllinterval=120 /counter=\Processor(_Total)\% Processor Time:1 /counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1 /counter=\Network Interface(*)\Bytes Total/sec:1 /expandcounter=\Processor Information(*)\Processor Frequency:1 & /expandcounter=\Processor(*)\% Idle Time:1 /expandcounter=\Processor(*)\% C1 Time:1 /expandcounter=\Processor(*)\% C2 Time:1 /expandcounter=\Processor(*)\%C3 & Time:1 /expandcounter=\Processor(*)\% Processor Time:1 /directory=C:\ProgramData\Sony Corporation\VAIO Care\inteldata -- (SampleCollector)
SRV:64bit: - [2013/11/24 12:25:19 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/11/19 19:01:36 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/08/27 15:32:32 | 000,961,624 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV:64bit: - [2013/08/01 10:18:44 | 001,368,624 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update\VUAgent.exe -- (VUAgent)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/10/12 13:02:44 | 000,054,760 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)
SRV:64bit: - [2011/07/19 03:45:52 | 000,104,096 | ---- | M] (Atheros Communication Inc.) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe -- (DCDhcpService)
SRV:64bit: - [2011/05/19 18:15:44 | 000,549,616 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2011/02/18 21:15:06 | 000,099,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2011/02/18 21:02:08 | 000,385,336 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2011/01/20 11:27:18 | 000,286,936 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/11/18 15:18:38 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/25 02:34:06 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/05 09:34:30 | 000,171,680 | ---- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/08/14 14:19:22 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/05/12 04:09:42 | 000,380,224 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/04/25 19:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Disabled | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe -- (KSS)
SRV - [2012/03/30 12:26:52 | 000,237,328 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\MSS\3.0.271\McCHSvc.exe -- (McComponentHostServiceSony)
SRV - [2012/03/12 05:07:58 | 002,429,544 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/03/31 14:37:36 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011/03/31 14:36:44 | 000,075,936 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011/03/05 15:42:36 | 000,064,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2011/02/23 13:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2011/02/21 11:55:08 | 000,113,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2011/02/21 11:55:08 | 000,067,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2011/02/01 12:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 12:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/01/20 11:16:26 | 000,887,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010/12/01 05:42:12 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2010/11/26 23:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/09/13 17:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/10/03 00:21:56 | 000,038,688 | ---- | M] (International Business Machines Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\IBM\SQLLIB\BIN\db2mgmtsvc.exe -- (DB2MGMTSVC_DB2COPY1)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/24 12:25:22 | 001,032,416 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/11/24 12:25:22 | 000,409,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/11/24 12:25:22 | 000,205,320 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/11/24 12:25:22 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/11/24 12:25:22 | 000,084,328 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/11/24 12:25:22 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/11/24 12:25:22 | 000,065,264 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/11/24 12:25:22 | 000,038,984 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/10/25 02:34:18 | 000,317,808 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvolwin7.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 18:21:48 | 000,029,352 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirwin7.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 18:21:46 | 000,768,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfswin7.sys -- (Sftfs)
DRV:64bit: - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaywin7.sys -- (Sftplay)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/06/11 09:37:16 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/12 05:08:08 | 000,340,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/03 16:41:58 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011/09/20 16:23:40 | 000,317,776 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/06/21 00:03:42 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/03/31 14:36:58 | 000,287,392 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011/03/31 14:36:58 | 000,283,296 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011/03/31 14:36:58 | 000,059,040 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011/03/31 14:36:56 | 000,259,232 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011/03/31 14:36:56 | 000,166,048 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011/03/31 14:36:56 | 000,109,216 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2011/03/31 14:36:56 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011/03/31 14:36:56 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011/03/29 07:51:30 | 000,425,064 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/29 04:57:20 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/22 16:27:05 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/01 05:42:14 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 15:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/04/26 21:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2010/02/08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/10 21:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 13:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2008/11/16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2005/04/13 22:17:52 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0801.sys -- (tap0801)
DRV - [2013/10/29 07:27:27 | 000,606,672 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys -- (RapportCerberus_59849)
DRV - [2013/10/25 02:34:18 | 000,399,312 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2013/10/25 02:34:18 | 000,284,176 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{36668FFD-7809-43FB-A609-999C5A7AB5FE}: "URL" = http://search.foxtab...tD&cr=156153484

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.eu/vaioportal
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{2DBDB1E5-2234-4FEE-A09B-8D211469ECAB}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKCU\..\SearchScopes\{36668FFD-7809-43FB-A609-999C5A7AB5FE}: "URL" = http://search.foxtab...tD&cr=156153484
IE - HKCU\..\SearchScopes\{6FE6255D-4C77-488A-8C06-55B6D7E26252}: "URL" = http://search.condui...&ctid=CT1060933
IE - HKCU\..\SearchScopes\{70E053D1-92F3-4272-877F-43F08F50963D}: "URL" = http://services.zini...}&rf=sonyslices
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = hellman:8080

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: keefox%40chris.tomlinson:1.2.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\llg\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\llg\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\llg\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/10/03 19:42:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/12/28 09:55:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/10/03 19:42:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/11/24 12:25:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files (x86)\AVG\AVG2012\Thunderbird\ [2012/02/08 07:49:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\WordWeb\WCaptureMoz [2011/08/10 09:56:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/11/25 19:08:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\Extensions
[2012/10/01 06:54:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\Extensions-BackupByFirefoxPortable
[2013/10/23 09:48:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\1rfkg9zg.demo\extensions
[2012/09/29 19:57:05 | 000,000,000 | ---D | M] ("Giant Savings") -- C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\1rfkg9zg.demo\extensions\[email protected]
[2012/09/29 20:00:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\1rfkg9zg.demo\extensions\staged
[2013/10/23 09:48:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\as1j89ur.mc-rc\extensions
[2012/09/29 20:17:29 | 000,000,000 | ---D | M] ("Giant Savings") -- C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\as1j89ur.mc-rc\extensions\[email protected]
[2012/06/12 23:11:21 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\as1j89ur.mc-rc\extensions\[email protected]
[2012/05/23 06:21:39 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\as1j89ur.mc-rc\extensions\[email protected]
[2012/09/29 20:17:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\as1j89ur.mc-rc\extensions\[email protected]\chrome\content\extensionCode
[2013/11/22 20:42:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\rxwg9y49.default-1384287076279\extensions
[2013/11/19 00:49:16 | 000,000,000 | ---D | M] (Dictionnaires français) -- C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\rxwg9y49.default-1384287076279\extensions\[email protected]
[2013/11/22 20:42:21 | 000,000,000 | ---D | M] (KeeFox) -- C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\rxwg9y49.default-1384287076279\extensions\[email protected]
[2013/10/23 09:48:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\zkkxm7hy.default\extensions
[2011/09/29 21:06:23 | 000,000,000 | ---D | M] (Clippings) -- C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\zkkxm7hy.default\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}
[2012/09/29 19:57:05 | 000,000,000 | ---D | M] ("Giant Savings") -- C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\zkkxm7hy.default\extensions\[email protected]
[2011/07/05 13:59:34 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\zkkxm7hy.default\extensions\[email protected]
[2012/09/29 20:00:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\zkkxm7hy.default\extensions\staged
[2012/03/02 22:49:33 | 000,000,000 | ---D | M] (Download Youtube Videos +) -- C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\zkkxm7hy.default\extensions\[email protected]
[2012/04/16 09:23:40 | 000,061,854 | ---- | M] () (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\firefox\profiles\as1j89ur.mc-rc\extensions\[email protected]
[2012/07/25 08:53:41 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\firefox\profiles\as1j89ur.mc-rc\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/11/14 14:42:01 | 000,261,871 | ---- | M] () (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\firefox\profiles\rxwg9y49.default-1384287076279\extensions\{ad0d925d-88f8-47f1-85ea-8463569e756e}.xpi
[2012/02/01 22:34:37 | 001,331,409 | ---- | M] () (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\firefox\profiles\zkkxm7hy.default\extensions\[email protected]
[2011/07/05 10:11:21 | 000,016,294 | ---- | M] () (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\firefox\profiles\zkkxm7hy.default\extensions\[email protected]
[2012/02/22 18:51:53 | 000,060,945 | ---- | M] () (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\firefox\profiles\zkkxm7hy.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2011/07/07 13:33:53 | 000,062,210 | ---- | M] () (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\firefox\profiles\zkkxm7hy.default\extensions\{ad0d925d-88f8-47f1-85ea-8463569e756e}.xpi
[2012/01/05 20:02:00 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\firefox\profiles\zkkxm7hy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/08/18 19:16:41 | 000,688,571 | ---- | M] () (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\firefox\profiles\zkkxm7hy.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
[2013/11/05 20:45:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/11/05 20:45:57 | 000,000,000 | ---D | M] (eID België) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/11/05 20:45:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/18 15:18:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\llg\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\llg\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\llg\AppData\Local\Google\Chrome\Application\31.0.1650.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\llg\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\llg\AppData\Roaming\Mozilla\plugins\npatgpc.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Users\llg\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: avast! Online Security = C:\Users\llg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0\
CHR - Extension: RealDownloader = C:\Users\llg\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\
CHR - Extension: Google\u00A0Wallet = C:\Users\llg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: avast! Online Security = C:\Users\llg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0\
CHR - Extension: RealDownloader = C:\Users\llg\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\
CHR - Extension: Google\u00A0Wallet = C:\Users\llg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\

O1 HOSTS File: ([2013/11/15 09:02:17 | 000,001,052 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 10.150.15.150 pxpac.intra.commercial-union.fr
O1 - Hosts: 10.118.178.96 fr-andromaque
O1 - Hosts: 10.118.15.57 fr-weringia
O1 - Hosts: 10.118.15.57 fr-weringia.activ.aviva.corp
O1 - Hosts: 10.118.132.17 vip-px.main.aviva.eu.corp
O1 - Hosts: 10.118.188.137 fr-informatix
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [TortoiseHgOverlayIconServer] C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe ()
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [AmazonMP3DownloaderHelper] C:\Users\llg\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe ()
O4 - HKCU..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [KSS] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
O4 - HKCU..\Run: [MCShield Monitor] C:\Program Files (x86)\MCShield\MCShieldRTM.exe (MyCity)
O4 - HKCU..\Run: [WordWeb] C:\Program Files (x86)\WordWeb\wweb32.exe (WordWeb Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.10.2)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_10)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C617CD7-7035-419E-B78C-542814540E45}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/12/07 10:14:16 | 000,000,000 | ---D | C] -- C:\UsbFix
[2013/12/07 00:10:21 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2013/12/07 00:09:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/12/06 20:17:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
[2013/12/06 20:17:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZHPDiag
[2013/12/06 20:17:47 | 000,000,000 | ---D | C] -- C:\Users\llg\AppData\Roaming\ZHP
[2013/12/06 20:17:12 | 006,859,047 | ---- | C] (Nicolas Coolman ) -- C:\Users\llg\Desktop\ZHPDiag2.exe
[2013/12/03 13:31:03 | 000,000,000 | ---D | C] -- C:\Users\llg\Documents\Europcar
[2013/11/28 13:54:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
[2013/11/28 13:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\MCShield
[2013/11/28 13:54:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MCShield
[2013/11/28 13:34:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\llg\Desktop\OTL.exe
[2013/11/28 08:55:33 | 000,000,000 | ---D | C] -- C:\found.001
[2013/11/28 06:39:22 | 001,204,601 | ---- | C] (El Desaparecido - SosVirus.net - UsbFix.net) -- C:\Users\llg\Desktop\UsbFix.exe
[2013/11/24 12:29:50 | 000,000,000 | ---D | C] -- C:\Users\llg\AppData\Roaming\AVAST Software
[2013/11/24 12:26:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013/11/24 12:25:46 | 000,065,264 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/11/24 12:25:45 | 001,032,416 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/11/24 12:25:44 | 000,409,832 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/11/24 12:25:44 | 000,084,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/11/24 12:25:44 | 000,038,984 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/11/24 12:25:42 | 000,092,544 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/11/24 12:25:21 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/11/20 23:37:00 | 000,000,000 | ---D | C] -- C:\Users\llg\Documents\Berlin
[2013/11/20 23:36:51 | 000,000,000 | ---D | C] -- C:\Users\llg\Documents\Sude
[2013/11/20 23:36:51 | 000,000,000 | ---D | C] -- C:\Users\llg\Documents\rvolution
[2013/11/20 22:18:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/11/20 22:17:56 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/11/20 22:17:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/11/20 22:16:10 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\llg\Documents\mbam-setup-1.75.0.1300.exe
[2013/11/12 21:11:20 | 000,000,000 | ---D | C] -- C:\Users\llg\Desktop\Old Firefox Data
[6 C:\Users\llg\Documents\*.tmp files -> C:\Users\llg\Documents\*.tmp -> ]
[11 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/08 10:53:15 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/08 10:46:37 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/08 10:46:26 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1301682024-956692067-4001901071-1000UA.job
[2013/12/08 10:45:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/07 21:18:14 | 000,001,018 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1301682024-956692067-4001901071-1000Core.job
[2013/12/07 18:56:07 | 002,163,168 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/07 18:56:07 | 000,925,486 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2013/12/07 18:56:07 | 000,828,046 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/07 18:56:07 | 000,216,572 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2013/12/07 18:56:07 | 000,187,314 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/07 13:02:02 | 000,028,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/07 13:02:02 | 000,028,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/07 12:52:44 | 3206,959,104 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/07 10:42:37 | 000,002,070 | ---- | M] () -- C:\Users\llg\Desktop\SosVirus sur Facebook.lnk
[2013/12/07 10:42:37 | 000,002,062 | ---- | M] () -- C:\Users\llg\Desktop\UsbFix Faire un Don.lnk
[2013/12/07 10:42:37 | 000,002,046 | ---- | M] () -- C:\Users\llg\Desktop\SosVirus Forum Gratuit.lnk
[2013/12/07 10:12:55 | 001,204,601 | ---- | M] (El Desaparecido - SosVirus.net - UsbFix.net) -- C:\Users\llg\Desktop\UsbFix.exe
[2013/12/07 00:17:27 | 002,138,174 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/12/06 20:42:28 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin
[2013/12/06 20:17:49 | 000,001,947 | ---- | M] () -- C:\Users\llg\Desktop\ZHPFix.lnk
[2013/12/06 20:17:49 | 000,001,820 | ---- | M] () -- C:\Users\llg\Desktop\ZHPDiag.lnk
[2013/12/06 20:17:25 | 006,859,047 | ---- | M] (Nicolas Coolman ) -- C:\Users\llg\Desktop\ZHPDiag2.exe
[2013/12/06 14:32:30 | 006,612,143 | ---- | M] () -- C:\Users\llg\Documents\Doc de prsentation des structures emploi.pdf
[2013/12/05 21:21:09 | 000,002,350 | ---- | M] () -- C:\Users\llg\Desktop\Google Chrome.lnk
[2013/12/05 15:42:34 | 000,104,392 | ---- | M] () -- C:\Users\llg\Documents\Groupon - Laser.pdf
[2013/12/02 20:54:33 | 001,110,034 | ---- | M] () -- C:\Users\llg\Desktop\adwcleaner.exe
[2013/11/28 13:54:42 | 002,633,042 | ---- | M] () -- C:\Users\llg\Desktop\MCShield-Setup.exe
[2013/11/28 13:35:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\llg\Desktop\OTL.exe
[2013/11/26 16:42:56 | 000,218,289 | ---- | M] () -- C:\Users\llg\Documents\Lettre d'info n5 novembre 2013.pdf
[2013/11/26 16:13:27 | 000,138,278 | ---- | M] () -- C:\Users\llg\Documents\performance-tests.pdf
[2013/11/26 15:16:27 | 000,000,429 | ---- | M] () -- C:\Users\llg\Documents\jmeter-report-tarif-5f-p4.csv
[2013/11/24 12:26:38 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/11/24 12:25:22 | 001,032,416 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/11/24 12:25:22 | 000,409,832 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/11/24 12:25:22 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/11/24 12:25:22 | 000,205,320 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/11/24 12:25:22 | 000,092,544 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/11/24 12:25:22 | 000,084,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/11/24 12:25:22 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/11/24 12:25:22 | 000,065,264 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/11/24 12:25:22 | 000,038,984 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/11/24 12:25:21 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/11/24 10:39:33 | 656,686,397 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/11/21 08:12:09 | 000,002,110 | ---- | M] () -- C:\Users\llg\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2013/11/20 22:18:09 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/20 22:16:18 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\llg\Documents\mbam-setup-1.75.0.1300.exe
[2013/11/20 20:33:11 | 000,001,026 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/11/19 19:01:40 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/19 19:01:37 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/19 17:29:21 | 000,299,470 | ---- | M] () -- C:\Users\llg\Documents\2013-11-19-Performance-Ontologie-Rewire.pdf
[2013/11/19 17:29:08 | 000,298,331 | ---- | M] () -- C:\Users\llg\Documents\2013-11-19-Performance-Ontologie-Rewire.odp
[2013/11/19 11:27:33 | 000,000,600 | ---- | M] () -- C:\Users\llg\AppData\Local\PUTTY.RND
[2013/11/08 22:44:33 | 000,104,392 | ---- | M] () -- C:\Users\llg\Documents\Groupon - ADC21C886B.pdf
[6 C:\Users\llg\Documents\*.tmp files -> C:\Users\llg\Documents\*.tmp -> ]
[11 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/07 10:42:37 | 000,002,070 | ---- | C] () -- C:\Users\llg\Desktop\SosVirus sur Facebook.lnk
[2013/12/07 10:42:37 | 000,002,062 | ---- | C] () -- C:\Users\llg\Desktop\UsbFix Faire un Don.lnk
[2013/12/07 10:42:37 | 000,002,046 | ---- | C] () -- C:\Users\llg\Desktop\SosVirus Forum Gratuit.lnk
[2013/12/06 20:42:28 | 000,000,512 | ---- | C] () -- C:\PhysicalDisk0_MBR.bin
[2013/12/06 20:17:49 | 000,001,947 | ---- | C] () -- C:\Users\llg\Desktop\ZHPFix.lnk
[2013/12/06 20:17:49 | 000,001,820 | ---- | C] () -- C:\Users\llg\Desktop\ZHPDiag.lnk
[2013/12/06 14:32:25 | 006,612,143 | ---- | C] () -- C:\Users\llg\Documents\Doc de prsentation des structures emploi.pdf
[2013/12/05 15:42:26 | 000,104,392 | ---- | C] () -- C:\Users\llg\Documents\Groupon - Laser.pdf
[2013/12/02 20:54:21 | 001,110,034 | ---- | C] () -- C:\Users\llg\Desktop\adwcleaner.exe
[2013/11/28 13:54:23 | 002,633,042 | ---- | C] () -- C:\Users\llg\Desktop\MCShield-Setup.exe
[2013/11/26 16:42:55 | 000,218,289 | ---- | C] () -- C:\Users\llg\Documents\Lettre d'info n5 novembre 2013.pdf
[2013/11/26 16:12:24 | 000,138,278 | ---- | C] () -- C:\Users\llg\Documents\performance-tests.pdf
[2013/11/26 15:16:27 | 000,000,429 | ---- | C] () -- C:\Users\llg\Documents\jmeter-report-tarif-5f-p4.csv
[2013/11/24 12:26:38 | 000,001,926 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/11/24 12:25:46 | 000,205,320 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/11/24 12:25:46 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/11/20 22:18:09 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/19 19:01:40 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/19 19:01:37 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/19 17:28:17 | 000,298,331 | ---- | C] () -- C:\Users\llg\Documents\2013-11-19-Performance-Ontologie-Rewire.odp
[2013/11/19 17:02:44 | 000,299,470 | ---- | C] () -- C:\Users\llg\Documents\2013-11-19-Performance-Ontologie-Rewire.pdf
[2013/11/19 11:26:31 | 000,000,600 | ---- | C] () -- C:\Users\llg\AppData\Local\PUTTY.RND
[2013/11/08 22:44:27 | 000,104,392 | ---- | C] () -- C:\Users\llg\Documents\Groupon - ADC21C886B.pdf
[2013/10/24 22:29:41 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2013/07/18 22:55:11 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2013/05/31 08:43:44 | 000,000,079 | ---- | C] () -- C:\Users\llg\.scala_history
[2012/11/15 13:56:08 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2012/11/12 14:59:21 | 000,000,033 | ---- | C] () -- C:\Windows\iltwain.ini
[2012/04/23 16:03:28 | 000,004,133 | ---- | C] () -- C:\Users\llg\OLSUSR05.sp.sql
[2012/04/23 16:03:28 | 000,002,087 | ---- | C] () -- C:\Users\llg\OLSBRA03.sp.sql
[2012/04/23 16:03:28 | 000,001,764 | ---- | C] () -- C:\Users\llg\OLSCIR01.sp.sql
[2012/04/23 16:03:28 | 000,001,575 | ---- | C] () -- C:\Users\llg\OLUUSR04.sp.sql
[2012/04/23 16:03:28 | 000,001,373 | ---- | C] () -- C:\Users\llg\OLUUSR06.sp.sql
[2012/04/23 16:03:28 | 000,000,950 | ---- | C] () -- C:\Users\llg\OLSDOC30.sp.sql
[2012/04/23 16:03:28 | 000,000,619 | ---- | C] () -- C:\Users\llg\OLUEVE04.sp.sql
[2012/04/23 16:03:28 | 000,000,316 | ---- | C] () -- C:\Users\llg\OLSJRN01.sp.sql
[2012/04/23 16:03:28 | 000,000,308 | ---- | C] () -- C:\Users\llg\T093.sp.sql
[2012/02/13 18:04:48 | 000,001,196 | ---- | C] () -- C:\Users\llg\.emacs
[2012/02/13 18:04:48 | 000,001,187 | ---- | C] () -- C:\Users\llg\.emacs~
[2011/12/28 15:59:31 | 000,000,212 | ---- | C] () -- C:\Windows\ildasmfnt.bin
[2011/12/07 10:06:52 | 000,007,597 | ---- | C] () -- C:\Users\llg\AppData\Local\Resmon.ResmonCfg
[2011/09/01 17:01:16 | 000,011,314 | ---- | C] () -- C:\Users\llg\gsview64.ini
[2011/08/23 13:29:51 | 000,000,168 | ---- | C] () -- C:\Users\llg\AppData\Roaming\.emacs
[2011/08/23 13:29:51 | 000,000,065 | ---- | C] () -- C:\Users\llg\AppData\Roaming\.emacs~
[2011/07/05 07:24:17 | 000,000,457 | ---- | C] () -- C:\Users\llg\clipdat2.rdf
[2011/07/04 09:55:48 | 000,000,171 | ---- | C] () -- C:\Users\llg\notes~
[2011/07/04 09:55:48 | 000,000,000 | ---- | C] () -- C:\Users\llg\notes

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/07/06 08:39:35 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\.emacs.d
[2012/08/16 08:43:06 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\.visualvm
[2013/07/10 14:44:17 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\Amazon
[2012/04/16 09:22:27 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\Audacity
[2013/11/24 12:29:50 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\AVAST Software
[2012/02/08 07:48:51 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\AVG2012
[2012/10/01 06:25:52 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\BitTyrant
[2012/05/14 10:47:56 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\EAC
[2011/07/19 16:07:40 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\EDO
[2011/10/06 13:17:46 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\EurekaLog
[2013/12/05 17:14:05 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\FileZilla
[2012/06/11 22:34:10 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\gnupg
[2013/11/17 13:54:42 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\gtk-2.0
[2013/10/24 23:11:37 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\iolo
[2012/09/14 14:11:35 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\IsolatedStorage
[2011/11/04 10:06:22 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\JustDecompile
[2012/02/11 15:38:47 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\JustVoip
[2013/12/06 17:42:47 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\KeePass
[2012/03/11 13:19:36 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\langmaster.com
[2013/01/21 13:32:08 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\NetBeans
[2013/09/18 19:22:29 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\Notepad++
[2011/07/02 11:53:10 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\OpenOffice.org
[2011/10/04 15:44:16 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\Scooter Software
[2013/03/18 10:56:38 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\SoftGrid Client
[2011/07/03 08:53:58 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\Subversion
[2013/06/27 22:46:33 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\SumatraPDF
[2011/07/04 09:58:22 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\Thunderbird
[2013/02/13 13:18:39 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\TP
[2013/11/24 11:19:30 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\uTorrent
[2013/01/16 11:39:23 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\webex
[2013/12/06 20:43:12 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\ZHP

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/14 02:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/27 06:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/14 02:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/21 04:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/21 04:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2013/09/25 02:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/14 02:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/14 02:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 23:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/09 06:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/09 05:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/21 04:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/21 04:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/21 04:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 07:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/14 02:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/14 02:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/14 02:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/14 02:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/21 04:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/14 02:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/14 02:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/14 02:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/14 02:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/14 02:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 18:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/14 02:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 12:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 07:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2013/09/25 02:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/14 02:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/21 04:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/21 04:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/21 04:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2013/09/25 02:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/14 02:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/21 04:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/21 04:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/21 04:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/21 04:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/21 04:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/21 04:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/14 02:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 06:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/21 04:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/21 04:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/21 04:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/21 04:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/21 04:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/21 04:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/21 04:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/21 04:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/21 04:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/14 02:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 23:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/21 04:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/14 02:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/21 04:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: QMGR.DLL >
[2010/11/21 04:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010/11/21 04:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll

< MD5 for: SERVICES >
[2011/07/03 17:03:44 | 000,000,094 | --S- | M] () MD5=713F38DC6C1E73D06F1516873E1E8919 -- C:\cygwin\etc\services
[2009/06/10 22:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.ASFX >
[2012/04/04 06:54:08 | 000,002,637 | ---- | M] () MD5=016DFC4F3F133AE19338EECD1924886A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ro_RO\Services\Services.asfx
[2012/04/04 06:54:08 | 000,002,970 | ---- | M] () MD5=05A68D76420994EF8DF33184BFA98E04 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\uk_UA\Services\Services.asfx
[2012/04/04 06:54:04 | 000,002,555 | ---- | M] () MD5=272301585AC133486E70228DA27659AC -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\zh_TW\Services\Services.asfx
[2012/04/04 06:54:02 | 000,002,562 | ---- | M] () MD5=27CE9BD3209B549BB776B8C877455A91 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\nb_NO\Services\Services.asfx
[2012/04/04 06:54:02 | 000,002,632 | ---- | M] () MD5=2998A4AE8D0EF5122CCB985CF7E9D9D3 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ko_KR\Services\Services.asfx
[2012/04/04 06:54:02 | 000,002,545 | ---- | M] () MD5=2EEC9DDBD0B4EE5F65532322C383938A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\zh_CN\Services\Services.asfx
[2012/04/04 06:54:04 | 000,002,629 | ---- | M] () MD5=3A0082D76426A87FB4937D426C491C10 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\cs_CZ\Services\Services.asfx
[2012/04/04 06:54:04 | 000,002,590 | ---- | M] () MD5=448953BD0CF26CE03D9E7CC1A7B278BC -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\tr_TR\Services\Services.asfx
[2012/04/04 06:53:58 | 000,002,605 | ---- | M] () MD5=5A2C5D0DA3EAAB2AA77F16947D0E14FF -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\it_IT\Services\Services.asfx
[2012/04/04 06:54:04 | 000,002,679 | ---- | M] () MD5=5DD2704563A6A79C466E44CD966B2655 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\hu_HU\Services\Services.asfx
[2012/04/04 06:53:56 | 000,002,711 | ---- | M] () MD5=6B0E7B068BD530B8FCEBC04CC8844AA9 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ja_JP\Services\Services.asfx
[2012/04/04 06:54:08 | 000,002,582 | ---- | M] () MD5=797FC263D59784AD1498560C34FA7DA1 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sl_SI\Services\Services.asfx
[2012/04/04 06:53:56 | 000,002,626 | ---- | M] () MD5=8073B18DC740B965256CE0957E363AC5 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\fr_FR\Services\Services.asfx
[2012/04/04 06:54:02 | 000,002,634 | ---- | M] () MD5=912DD5C0C7C8D7572AD598414D56E24A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\pt_BR\Services\Services.asfx
[2012/04/04 06:53:56 | 000,002,655 | ---- | M] () MD5=ABFBB9D0398492D849690C344C1316BB -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\de_DE\Services\Services.asfx
[2012/04/04 06:54:08 | 000,002,638 | ---- | M] () MD5=C2C37202B0E55877A64ADDBDE738284E -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sk_SK\Services\Services.asfx
[2012/04/04 06:54:04 | 000,002,589 | ---- | M] () MD5=C313AD3602D4965A1918E86B9F3E84CF -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\pl_PL\Services\Services.asfx
[2012/04/04 06:54:10 | 000,002,609 | ---- | M] () MD5=C7FA88C21103C70826F274A0E865AEDF -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ca_ES\Services\Services.asfx
[2012/04/04 06:54:10 | 000,002,576 | ---- | M] () MD5=D27D52045EB6A2EE031F7D2EA0349BC3 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\eu_ES\Services\Services.asfx
[2012/04/04 06:54:02 | 000,002,560 | ---- | M] () MD5=D5642B1BFE0A70231D14C11D3D3FD60D -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\da_DK\Services\Services.asfx
[2012/04/04 06:54:08 | 000,002,588 | ---- | M] () MD5=DB216743CDE75637621E2FD39431BBD4 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\hr_HR\Services\Services.asfx
[2012/04/04 06:53:58 | 000,002,620 | ---- | M] () MD5=DCF7A8843832327386B81ABD189AC236 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\es_ES\Services\Services.asfx
[2012/04/04 06:54:04 | 000,002,997 | ---- | M] () MD5=DD3F4DAF426555D8D85FF4D7C5A04F37 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ru_RU\Services\Services.asfx
[2010/11/15 20:02:32 | 000,000,228 | R--- | M] () MD5=E09422BE0C7636A7B63A1527C4C1372D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx
[2012/04/04 06:54:02 | 000,002,599 | ---- | M] () MD5=F09D769A94767C3C7E7015A5C6C99A39 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\fi_FI\Services\Services.asfx
[2012/04/04 06:53:58 | 000,002,628 | ---- | M] () MD5=F844D742DB53C7D671BF7ED6517414D1 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\nl_NL\Services\Services.asfx
[2012/04/04 06:53:58 | 000,002,582 | ---- | M] () MD5=FED4BDA3B6A9EB9DB59C254D8C987495 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sv_SE\Services\Services.asfx

< MD5 for: SERVICES.ASFX1 >
[2010/11/15 20:02:32 | 000,000,228 | R--- | M] () MD5=A7B7A4CC1A717292474115CD3A4AC121 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx1

< MD5 for: SERVICES.ASFX10 >
[2010/11/15 20:02:34 | 000,000,233 | R--- | M] () MD5=3382FAB54FC906B0E40269D903A8D690 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx10

< MD5 for: SERVICES.ASFX11 >
[2010/11/15 20:02:26 | 000,000,227 | R--- | M] () MD5=F36865AB3B9813962B7EDBE66FA1C28A -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx11

< MD5 for: SERVICES.ASFX12 >
[2010/11/15 20:02:30 | 000,000,225 | R--- | M] () MD5=9287C7268CC0F37F1DDE18CEBB128685 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx12

< MD5 for: SERVICES.ASFX13 >
[2010/11/15 20:02:30 | 000,000,228 | R--- | M] () MD5=95326C46AC2654AFF5C8543DFE22CCB3 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx13

< MD5 for: SERVICES.ASFX14 >
[2010/11/15 20:02:26 | 000,000,228 | R--- | M] () MD5=14DA84ECAF57B5ADA36B9093FF04CF32 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx14

< MD5 for: SERVICES.ASFX15 >
[2010/11/15 20:02:26 | 000,000,231 | R--- | M] () MD5=CF94F061685A38BABE0BBD463191EDE7 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx15

< MD5 for: SERVICES.ASFX16 >
[2010/11/15 20:02:34 | 000,000,232 | R--- | M] () MD5=B6E63D87C73CED2D6B433C542C5C3965 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx16

< MD5 for: SERVICES.ASFX17 >
[2010/11/15 20:02:34 | 000,000,230 | R--- | M] () MD5=545E97C4F4CEA743A8D86B685EE2EDBB -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx17

< MD5 for: SERVICES.ASFX18 >
[2010/11/15 20:02:24 | 000,000,230 | R--- | M] () MD5=2577B66F38E0DEA25F328DA4A0FED322 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx18

< MD5 for: SERVICES.ASFX19 >
[2010/11/15 20:02:26 | 000,000,225 | R--- | M] () MD5=0A27F1D6595A69800A43CDE155B1E4A0 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx19

< MD5 for: SERVICES.ASFX2 >
[2010/11/15 20:02:36 | 000,000,264 | R--- | M] () MD5=0652D24D4E2799851A6DF1705E2BFFDA -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx2

< MD5 for: SERVICES.ASFX20 >
[2010/11/15 20:02:38 | 000,000,231 | R--- | M] () MD5=C85F2519DC6AECF93F67AA613A320136 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx20

< MD5 for: SERVICES.ASFX21 >
[2010/11/15 20:02:26 | 000,000,231 | R--- | M] () MD5=8C95C0528EA7049A1DFC7A7342461D75 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx21

< MD5 for: SERVICES.ASFX22 >
[2010/11/15 20:02:24 | 000,000,231 | R--- | M] () MD5=9F2731666F5771CC5C1E4EEDC8FB8607 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx22

< MD5 for: SERVICES.ASFX23 >
[2010/11/15 20:02:26 | 000,000,225 | R--- | M] () MD5=0E89BE53F56B22390CF61584B649CE01 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx23

< MD5 for: SERVICES.ASFX24 >
[2010/11/15 20:02:32 | 000,000,229 | R--- | M] () MD5=E57594DB9B9D78AB4B53D34CAFEB8497 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx24

< MD5 for: SERVICES.ASFX25 >
[2010/11/15 20:02:36 | 000,000,232 | R--- | M] () MD5=611CB9CC21D2DDAD711690671F70EF39 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx25

< MD5 for: SERVICES.ASFX3 >
[2010/11/15 20:02:34 | 000,000,229 | R--- | M] () MD5=F9824728970AC8199BABDC9CBA5E038C -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx3

< MD5 for: SERVICES.ASFX4 >
[2010/11/15 20:02:26 | 000,000,226 | R--- | M] () MD5=55EA57D90AE22BDF0132597EF0D7C9C7 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx4

< MD5 for: SERVICES.ASFX5 >
[2010/11/15 20:02:34 | 000,000,233 | R--- | M] () MD5=846C265B751189E88B74F0155DB6B828 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx5

< MD5 for: SERVICES.ASFX6 >
[2010/11/15 20:02:36 | 000,000,231 | R--- | M] () MD5=89BD37C4118540FD5AA8CDD0C24D6C0A -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx6

< MD5 for: SERVICES.ASFX7 >
[2010/11/15 20:02:34 | 000,000,245 | R--- | M] () MD5=0B82FAB8FF5F988C5311DF1144A7D740 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx7

< MD5 for: SERVICES.ASFX8 >
[2010/11/15 20:02:34 | 000,000,231 | R--- | M] () MD5=5226417D3C8206000A8983BDC1243075 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx8

< MD5 for: SERVICES.ASFX9 >
[2010/11/15 20:02:30 | 000,000,234 | R--- | M] () MD5=EBD8D036504F2935675F5F432F076DBA -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx9

< MD5 for: SERVICES.CFG >
[2012/12/18 15:28:18 | 000,558,791 | ---- | M] () MD5=A9983CC532F9B3FB1E87918D2313731D -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2010/11/15 20:02:22 | 000,032,633 | R--- | M] () MD5=EA1C35DD541D60819D55482130BD585D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2011/07/01 09:28:14 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=18A525B3727F2AE7E8D440F42FC82C2E -- C:\Windows\SysNative\fr-FR\services.exe.mui
[2011/07/01 09:28:14 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=18A525B3727F2AE7E8D440F42FC82C2E -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_68750ba1329f3c6f\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 05:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 05:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 21:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 21:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2011/07/01 09:28:13 | 000,092,751 | ---- | M] () MD5=1E203CFA3C6C7661317793BEEBA3423B -- C:\Windows\SysNative\fr-FR\services.msc
[2011/07/01 09:28:15 | 000,092,751 | ---- | M] () MD5=1E203CFA3C6C7661317793BEEBA3423B -- C:\Windows\SysWOW64\fr-FR\services.msc
[2011/07/01 09:28:13 | 000,092,751 | ---- | M] () MD5=1E203CFA3C6C7661317793BEEBA3423B -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a2b6db8d0908d662\services.msc
[2011/07/01 09:28:15 | 000,092,751 | ---- | M] () MD5=1E203CFA3C6C7661317793BEEBA3423B -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4698400950ab652c\services.msc
[2009/06/10 21:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/06/10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/06/10 21:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/06/10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 21:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 21:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.RDB >
[2011/01/17 18:14:34 | 000,237,568 | ---- | M] () MD5=507957679AE4579C15D57FA741EA6FFA -- C:\Program Files (x86)\OpenOffice.org 3\URE\misc\services.rdb
[2011/01/17 18:14:04 | 005,539,328 | ---- | M] () MD5=F2B666905F7FDAA80C86A101A7DE62F9 -- C:\Program Files (x86)\OpenOffice.org 3\Basis\program\services.rdb

< MD5 for: SERVICES.SETTINGS >
[2013/11/28 13:34:53 | 000,001,622 | ---- | M] () MD5=81E136EBBD0008284F9A2F23402FF2CF -- C:\Users\llg\AppData\Roaming\NetBeans\7.2.1\config\Windows2Local\Components\services.settings

< MD5 for: SERVICES.WSTCGRP >
[2013/11/28 13:34:55 | 000,000,225 | ---- | M] () MD5=E4AD31A486D75BC449F02775904D2430 -- C:\Users\llg\AppData\Roaming\NetBeans\7.2.1\config\Windows2Local\Groups\InitialLayout\services.wstcgrp
[2013/11/28 13:34:55 | 000,000,225 | ---- | M] () MD5=E4AD31A486D75BC449F02775904D2430 -- C:\Users\llg\AppData\Roaming\NetBeans\7.2.1\config\Windows2Local\Groups\OpenedProjects\services.wstcgrp

< MD5 for: SERVICES.WSTCREF >
[2013/11/28 13:34:54 | 000,000,176 | ---- | M] () MD5=BDB30002ACB3465677D4A533D3D039EB -- C:\Users\llg\AppData\Roaming\NetBeans\7.2.1\config\Windows2Local\Modes\explorer\services.wstcref

< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< MD5 for: WINSOCK.H >
[2011/05/01 20:40:23 | 000,016,310 | ---- | M] () MD5=530DC7A218E4A5D8ABCF92050CE18A96 -- C:\cygwin\usr\i686-pc-mingw32\sys-root\mingw\include\winsock.h
[2012/12/18 12:03:15 | 000,012,188 | ---- | M] () MD5=70CC5EA9C2009EE5BD210547182C7D09 -- C:\cygwin\usr\include\w32api\winsock.h
[2009/09/30 19:27:20 | 000,038,471 | ---- | M] () MD5=B2A415C3F1450F80F57AF83212F3C7AA -- C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Include\WinSock.h
[2010/04/19 20:44:40 | 000,038,471 | ---- | M] () MD5=B2A415C3F1450F80F57AF83212F3C7AA -- C:\Program Files\Microsoft SDKs\Windows\v7.1\Include\WinSock.h

< dir "%systemdrive%\*" /S /A:L /C >
Le volume dans le lecteur C n'a pas de nom.
Le numro de srie du volume est A2AC-C1C6
Rpertoire de C:\
14/07/2009 06:08 <JONCTION> Documents and Settings [C:\Users]
0 fichier(s) 0 octets
Rpertoire de C:\Program Files
01/07/2011 10:34 <JONCTION> Fichiers communs [C:\Program Files\Common Files]
0 fichier(s) 0 octets
Rpertoire de C:\Program Files\Windows NT
01/07/2011 10:34 <JONCTION> Accessoires [C:\Program Files\Windows NT\Accessories]
0 fichier(s) 0 octets
Rpertoire de C:\ProgramData
14/07/2009 06:08 <JONCTION> Application Data [C:\ProgramData]
01/07/2011 10:34 <JONCTION> Bureau [C:\Users\Public\Desktop]
14/07/2009 06:08 <JONCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 06:08 <JONCTION> Documents [C:\Users\Public\Documents]
01/07/2011 10:34 <JONCTION> Favoris [C:\Users\Public\Favorites]
14/07/2009 06:08 <JONCTION> Favorites [C:\Users\Public\Favorites]
01/07/2011 10:34 <JONCTION> Menu Dmarrer [C:\ProgramData\Microsoft\Windows\Start Menu]
01/07/2011 10:34 <JONCTION> Modles [C:\ProgramData\Microsoft\Windows\Templates]
14/07/2009 06:08 <JONCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 06:08 <JONCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 fichier(s) 0 octets
Rpertoire de C:\ProgramData\Microsoft\Windows\Start Menu
01/07/2011 10:34 <JONCTION> Programmes [C:\ProgramData\Microsoft\Windows\Start Menu\Programs]
0 fichier(s) 0 octets
Rpertoire de C:\Users
14/07/2009 06:08 <SYMLINKD> All Users [C:\ProgramData]
14/07/2009 06:08 <JONCTION> Default User [C:\Users\Default]
0 fichier(s) 0 octets
Rpertoire de C:\Users\All Users
14/07/2009 06:08 <JONCTION> Application Data [C:\ProgramData]
01/07/2011 10:34 <JONCTION> Bureau [C:\Users\Public\Desktop]
14/07/2009 06:08 <JONCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 06:08 <JONCTION> Documents [C:\Users\Public\Documents]
01/07/2011 10:34 <JONCTION> Favoris [C:\Users\Public\Favorites]
14/07/2009 06:08 <JONCTION> Favorites [C:\Users\Public\Favorites]
01/07/2011 10:34 <JONCTION> Menu Dmarrer [C:\ProgramData\Microsoft\Windows\Start Menu]
01/07/2011 10:34 <JONCTION> Modles [C:\ProgramData\Microsoft\Windows\Templates]
14/07/2009 06:08 <JONCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 06:08 <JONCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 fichier(s) 0 octets
Rpertoire de C:\Users\All Users\Microsoft\Windows\Start Menu
01/07/2011 10:34 <JONCTION> Programmes [C:\ProgramData\Microsoft\Windows\Start Menu\Programs]
0 fichier(s) 0 octets
Rpertoire de C:\Users\db2admin
06/07/2011 10:05 <JONCTION> Application Data [C:\Users\db2admin\AppData\Roaming]
06/07/2011 10:05 <JONCTION> Cookies [C:\Users\db2admin\AppData\Roaming\Microsoft\Windows\Cookies]
06/07/2011 10:05 <JONCTION> Local Settings [C:\Users\db2admin\AppData\Local]
06/07/2011 10:05 <JONCTION> Menu Dmarrer [C:\Users\db2admin\AppData\Roaming\Microsoft\Windows\Start Menu]
06/07/2011 10:05 <JONCTION> Mes documents [C:\Users\db2admin\Documents]
06/07/2011 10:05 <JONCTION> Modles [C:\Users\db2admin\AppData\Roaming\Microsoft\Windows\Templates]
06/07/2011 10:05 <JONCTION> Recent [C:\Users\db2admin\AppData\Roaming\Microsoft\Windows\Recent]
06/07/2011 10:05 <JONCTION> SendTo [C:\Users\db2admin\AppData\Roaming\Microsoft\Windows\SendTo]
06/07/2011 10:05 <JONCTION> Voisinage d'impression [C:\Users\db2admin\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
06/07/2011 10:05 <JONCTION> Voisinage rseau [C:\Users\db2admin\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
0 fichier(s) 0 octets
Rpertoire de C:\Users\db2admin\AppData\Local
06/07/2011 10:05 <JONCTION> Application Data [C:\Users\db2admin\AppData\Local]
06/07/2011 10:05 <JONCTION> Historique [C:\Users\db2admin\AppData\Local\Microsoft\Windows\History]
06/07/2011 10:05 <JONCTION> Temporary Internet Files [C:\Users\db2admin\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 fichier(s) 0 octets
Rpertoire de C:\Users\db2admin\AppData\Roaming\Microsoft\Windows\Start Menu
06/07/2011 10:05 <JONCTION> Programmes [C:\Users\db2admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
0 fichier(s) 0 octets
Rpertoire de C:\Users\db2admin\Documents
06/07/2011 10:05 <JONCTION> Ma musique [C:\Users\db2admin\Music]
06/07/2011 10:05 <JONCTION> Mes images [C:\Users\db2admin\Pictures]
06/07/2011 10:05 <JONCTION> Mes vidos [C:\Users\db2admin\Videos]
0 fichier(s) 0 octets
Rpertoire de C:\Users\Default
14/07/2009 06:08 <JONCTION> Application Data [C:\Users\Default\AppData\Roaming]
14/07/2009 06:08 <JONCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
14/07/2009 06:08 <JONCTION> Local Settings [C:\Users\Default\AppData\Local]
01/07/2011 10:34 <JONCTION> Menu Dmarrer [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
01/07/2011 10:34 <JONCTION> Mes documents [C:\Users\Default\Documents]
01/07/2011 10:34 <JONCTION> Modles [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
14/07/2009 06:08 <JONCTION> My Documents [C:\Users\Default\Documents]
14/07/2009 06:08 <JONCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009 06:08 <JONCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009 06:08 <JONCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009 06:08 <JONCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009 06:08 <JONCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009 06:08 <JONCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
01/07/2011 10:34 <JONCTION> Voisinage d'impression [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
01/07/2011 10:34 <JONCTION> Voisinage rseau [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
0 fichier(s) 0 octets
Rpertoire de C:\Users\Default\AppData\Local
14/07/2009 06:08 <JONCTION> Application Data [C:\Users\Default\AppData\Local]
01/07/2011 10:34 <JONCTION> Historique [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009 06:08 <JONCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009 06:08 <JONCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 fichier(s) 0 octets
Rpertoire de C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu
01/07/2011 10:34 <JONCTION> Programmes [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
0 fichier(s) 0 octets
Rpertoire de C:\Users\Default\Documents
01/07/2011 10:34 <JONCTION> Ma musique [C:\Users\Default\Music]
01/07/2011 10:34 <JONCTION> Mes images [C:\Users\Default\Pictures]
01/07/2011 10:34 <JONCTION> Mes vidos [C:\Users\Default\Videos]
14/07/2009 06:08 <JONCTION> My Music [C:\Users\Default\Music]
14/07/2009 06:08 <JONCTION> My Pictures [C:\Users\Default\Pictures]
14/07/2009 06:08 <JONCTION> My Videos [C:\Users\Default\Videos]
0 fichier(s) 0 octets
Rpertoire de C:\Users\llg
01/07/2011 10:34 <JONCTION> Application Data [C:\Users\llg\AppData\Roaming]
01/07/2011 10:34 <JONCTION> Cookies [C:\Users\llg\AppData\Roaming\Microsoft\Windows\Cookies]
01/07/2011 10:34 <JONCTION> Local Settings [C:\Users\llg\AppData\Local]
01/07/2011 10:34 <JONCTION> Menu Dmarrer [C:\Users\llg\AppData\Roaming\Microsoft\Windows\Start Menu]
01/07/2011 10:34 <JONCTION> Mes documents [C:\Users\llg\Documents]
01/07/2011 10:34 <JONCTION> Modles [C:\Users\llg\AppData\Roaming\Microsoft\Windows\Templates]
01/07/2011 10:34 <JONCTION> Recent [C:\Users\llg\AppData\Roaming\Microsoft\Windows\Recent]
01/07/2011 10:34 <JONCTION> SendTo [C:\Users\llg\AppData\Roaming\Microsoft\Windows\SendTo]
01/07/2011 10:34 <JONCTION> Voisinage d'impression [C:\Users\llg\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
01/07/2011 10:34 <JONCTION> Voisinage rseau [C:\Users\llg\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
0 fichier(s) 0 octets
Rpertoire de C:\Users\llg\AppData\Local
01/07/2011 10:34 <JONCTION> Application Data [C:\Users\llg\AppData\Local]
01/07/2011 10:34 <JONCTION> Historique [C:\Users\llg\AppData\Local\Microsoft\Windows\History]
01/07/2011 10:34 <JONCTION> Temporary Internet Files [C:\Users\llg\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 fichier(s) 0 octets
Rpertoire de C:\Users\llg\AppData\Roaming\Microsoft\Windows\Start Menu
01/07/2011 10:34 <JONCTION> Programmes [C:\Users\llg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
0 fichier(s) 0 octets
Rpertoire de C:\Users\llg\Documents
01/07/2011 10:34 <JONCTION> Ma musique [C:\Users\llg\Music]
01/07/2011 10:34 <JONCTION> Mes images [C:\Users\llg\Pictures]
01/07/2011 10:34 <JONCTION> Mes vidos [C:\Users\llg\Videos]
0 fichier(s) 0 octets
Rpertoire de C:\Users\Public\Documents
01/07/2011 10:34 <JONCTION> Ma musique [C:\Users\Public\Music]
01/07/2011 10:34 <JONCTION> Mes images [C:\Users\Public\Pictures]
01/07/2011 10:34 <JONCTION> Mes vidos [C:\Users\Public\Videos]
14/07/2009 06:08 <JONCTION> My Music [C:\Users\Public\Music]
14/07/2009 06:08 <JONCTION> My Pictures [C:\Users\Public\Pictures]
14/07/2009 06:08 <JONCTION> My Videos [C:\Users\Public\Videos]
0 fichier(s) 0 octets
Total des fichiers lists:
0 fichier(s) 0 octets
93 Rp(s) 85.577.138.176 octets libres

========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:F3F2C8D5

< End of report >
  • 0

#4
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,161 posts
Hi -
I do see lots of adware on here, let's clean that up and procede from there --
Don't worry about not finding the extras.txt file, I will generate a fresh one a little later

I notice that you have one or more P2P (Peer to Peer) file sharing programs installed on your computer.
  • uTorrent
  • bittyrant
This is a very easy way to get infected, as many of the files that can be downloaded with these P2P programs are infected with all sorts of malware.
You also open up a direct connection between unknown computers and your computer.
You put your system at a very big risk by downloading these files, and that is why we recommend
that you remove these programs from your computer.
Please visit the following site:
P2P File Sharing: Evaluate the Risks
If you do not want to remove them, please DO NOT use them while we are cleaning your machine, but be assured, if you download files using P2P programs, odds are that you will get an infection at some point.

If you need any help removing them I will be glad to assist you.

I am curious about these entries in your hosts file

O1 - Hosts: 10.150.15.150 pxpac.intra.commercial-union.fr
O1 - Hosts: 10.118.178.96 fr-andromaque
O1 - Hosts: 10.118.15.57 fr-weringia
O1 - Hosts: 10.118.15.57 fr-weringia.activ.aviva.corp
O1 - Hosts: 10.118.132.17 vip-px.main.aviva.eu.corp
O1 - Hosts: 10.118.188.137 fr-informatix

Are theses entres in your hosts file something you have added yourself?
Step 1
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL

Step 2
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile
  • The log file is also saved as C:\AdwCleaner[S1].txt

Step 3
Posted ImagePlease download Junkware Removal Tool to your desktop.

  • Right-mouse click JRT.exe and select "Run as Administrator" the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • post the contents of JRT.txt into your next message.

Step 4
  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan

Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

In your next reply I would like to see:
  • OTL fix log
  • ADWcleaner log
  • Junkware Removal Tool log - JRT.txt
  • RogueKiller log file
  • Answer to my question at the top of this post
  • How is the computer running now?

  • 0

#5
akao

akao

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
As you suggested, I have removed the two P2P clients.

About the extra lines that you spotted in my 'hosts' file, they were used to access some servers in spite of a failure of a DNS configuration.
As it was only meant to be a temporary fix, I've deleted these lines.

Here is the OTL log:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{36668FFD-7809-43FB-A609-999C5A7AB5FE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36668FFD-7809-43FB-A609-999C5A7AB5FE}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{36668FFD-7809-43FB-A609-999C5A7AB5FE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36668FFD-7809-43FB-A609-999C5A7AB5FE}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6FE6255D-4C77-488A-8C06-55B6D7E26252}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6FE6255D-4C77-488A-8C06-55B6D7E26252}\ not found.
C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\1rfkg9zg.demo\extensions\[email protected]\skin folder moved successfully.
C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\1rfkg9zg.demo\extensions\[email protected]\locale\en-US folder moved successfully.
C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\1rfkg9zg.demo\extensions\[email protected]\locale folder moved successfully.
C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\1rfkg9zg.demo\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\1rfkg9zg.demo\extensions\[email protected]\defaults folder moved successfully.
C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\1rfkg9zg.demo\extensions\[email protected]\chrome\content\lib folder moved successfully.
C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\1rfkg9zg.demo\extensions\[email protected]\chrome\content folder moved successfully.
C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\1rfkg9zg.demo\extensions\[email protected]\chrome folder moved successfully.
C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\1rfkg9zg.demo\extensions\[email protected] folder moved successfully.
C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\as1j89ur.mc-rc\extensions\[email protected]\skin folder moved successfully.
C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\as1j89ur.mc-rc\extensions\[email protected]\locale\en-US folder moved successfully.
C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\as1j89ur.mc-rc\extensions\[email protected]\locale folder moved successfully.
C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\as1j89ur.mc-rc\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\as1j89ur.mc-rc\extensions\[email protected]\defaults folder moved successfully.
C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\as1j89ur.mc-rc\extensions\[email protected]\chrome\content\lib folder moved successfully.
C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\as1j89ur.mc-rc\extensions\[email protected]\chrome\content\extensionCode folder moved successfully.
C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\as1j89ur.mc-rc\extensions\[email protected]\chrome\content folder moved successfully.
C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\as1j89ur.mc-rc\extensions\[email protected]\chrome folder moved successfully.
C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\as1j89ur.mc-rc\extensions\[email protected] folder moved successfully.
Folder C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\as1j89ur.mc-rc\extensions\[email protected]\chrome\content\extensionCode\ not found.
C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\zkkxm7hy.default\extensions\[email protected]\skin folder moved successfully.
C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\zkkxm7hy.default\extensions\[email protected]\locale\en-US folder moved successfully.
C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\zkkxm7hy.default\extensions\[email protected]\locale folder moved successfully.
C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\zkkxm7hy.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\zkkxm7hy.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\zkkxm7hy.default\extensions\[email protected]\chrome\content\lib folder moved successfully.
C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\zkkxm7hy.default\extensions\[email protected]\chrome\content folder moved successfully.
C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\zkkxm7hy.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\zkkxm7hy.default\extensions\[email protected] folder moved successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
ADS C:\ProgramData\TEMP:F3F2C8D5 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: db2admin
->Temp folder emptied: 154161 bytes
->Temporary Internet Files folder emptied: 84511 bytes
->Java cache emptied: 248000 bytes
->FireFox cache emptied: 50271026 bytes
->Flash cache emptied: 56958 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: llg
->Temp folder emptied: 50107540 bytes
->Temporary Internet Files folder emptied: 395379534 bytes
->Java cache emptied: 1161840 bytes
->FireFox cache emptied: 171823224 bytes
->Google Chrome cache emptied: 367155910 bytes
->Flash cache emptied: 70944 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1950063521 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 132885 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 751 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2848,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12082013_210325

Files\Folders moved on Reboot...
C:\Users\llg\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\llg\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...





Here is the AdwCleaner log:


# AdwCleaner v3.014 - Rapport cr le 08/12/2013 21:20:09
# Mis jour le 01/12/2013 par Xplode
# Systme d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : llg - GALOIS
# Excut depuis : C:\Users\llg\Desktop\adwcleaner.exe
# Option : Nettoyer

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****


***** [ Raccourcis ] *****


***** [ Registre ] *****


***** [ Navigateurs ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v25.0.1 (en-US)

[ Fichier : C:\Users\llg\AppData\Roaming\Mozilla\Firefox\Profiles\1rfkg9zg.demo\prefs.js ]


[ Fichier : C:\Users\llg\AppData\Roaming\Mozilla\Firefox\Profiles\as1j89ur.mc-rc\prefs.js ]


[ Fichier : C:\Users\llg\AppData\Roaming\Mozilla\Firefox\Profiles\rxwg9y49.default-1384287076279\prefs.js ]


[ Fichier : C:\Users\llg\AppData\Roaming\Mozilla\Firefox\Profiles\zkkxm7hy.default\prefs.js ]


[ Fichier : C:\Users\db2admin\AppData\Roaming\Mozilla\Firefox\Profiles\uloa0kc2.default\prefs.js ]


-\\ Google Chrome v

[ Fichier : C:\Users\llg\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [51296 octets] - [23/10/2013 09:36:24]
AdwCleaner[R1].txt - [2036 octets] - [22/11/2013 21:02:20]
AdwCleaner[R2].txt - [1570 octets] - [27/11/2013 10:22:37]
AdwCleaner[R3].txt - [1690 octets] - [02/12/2013 20:57:09]
AdwCleaner[R4].txt - [1750 octets] - [06/12/2013 19:23:20]
AdwCleaner[R5].txt - [1870 octets] - [08/12/2013 21:18:40]
AdwCleaner[S0].txt - [52124 octets] - [23/10/2013 09:47:32]
AdwCleaner[S1].txt - [2107 octets] - [22/11/2013 23:54:36]
AdwCleaner[S2].txt - [1631 octets] - [27/11/2013 10:42:43]
AdwCleaner[S3].txt - [1811 octets] - [06/12/2013 19:52:51]
AdwCleaner[S4].txt - [1791 octets] - [08/12/2013 21:20:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1851 octets] ##########


JRT log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by llg on dim. 08/12/2013 at 21:31:48,16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1301682024-956692067-4001901071-1000\Software\sweetim



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ammyy"
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{0003572C-3A10-447A-A060-CF941AA7A923}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{0212576A-20C9-48C0-B933-D3E2D5BC93A0}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{03CFE266-F1A4-48F0-B66C-061FE43AB19B}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{045F4807-0EAF-407F-B95A-F39EB7459CB1}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{060C0961-5122-4B0E-AC40-5E6BFE84297F}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{0683BF66-B4C6-4F6C-9B6A-9387728AE1A9}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{08108F22-89BF-4F70-9630-9BF753C25FCF}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{0A0591BF-A04A-4EE3-B1F6-3F56300287E0}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{0B830C27-D52E-4021-9892-EF053B166161}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{0CBBF980-E6FB-4CF3-A508-85A5EADC0E37}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{0D274F33-EEB6-4C9C-B54D-26812271AD17}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{0DBD4264-B5C2-4245-AC4C-9D1A4771E1CC}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{0ECD8233-40CA-41B7-B95F-8EF9996F576A}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{0EE560C2-31C6-42A1-BE23-F70C0DDF5A48}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{0F2DA9A5-B3F4-4F6C-B430-8E6C77FF353C}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{100E6BDA-8038-4FCE-BFB6-48DE0FCFBEBD}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{1099B307-C371-42E9-89C2-C9863772F2CD}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{10DB964A-BE9B-49EA-824A-50026F5B4B4B}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{1160A521-33A4-4188-9583-9B8730067838}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{11961A0D-8D18-4E69-AD27-85883D76F99B}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{11BB6BFB-70D7-49F3-AF49-E2C7AB6304BE}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{11D2578C-4FED-487D-8F2F-FF150EC67F72}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{142E672C-4761-4AEA-869E-02DEEB5BE7BB}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{17F2D4CA-7D57-4850-ACDD-E9A61C53448D}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{18EB7636-718B-4AA0-B155-A2F6AD0B35A9}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{1AB58FFB-6DA1-4B27-B3B8-9C7098D6F160}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{1B019722-DF9E-4C81-B653-EA922245519C}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{1B4B8387-7D2E-4096-BA7E-1BD491A78362}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{1CAFD8F6-D29C-4955-888D-31F0971DE9B9}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{1CD4CED5-4E28-475A-B660-D4858E78A91E}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{1FA80D45-80FD-4EFD-8413-A563E88B46AE}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{2223153C-0CCA-4004-81C1-62EECD4D09D1}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{224DD9A4-5597-4C16-955A-355B11178EB3}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{251955F2-2D1D-4F00-BB1B-17FF3D7604F5}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{2547B4EE-DC07-4736-97BA-666742625E14}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{294A5AF5-D41F-4E39-B966-465385E9B90C}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{2C389E9E-F76B-4C88-B390-18CB0426ABEC}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{2F60E831-5627-4524-BF28-7ED0BF421F07}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{316D7CD2-932B-4971-A2D2-9665A4C83B93}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{33A627C2-B888-40B7-AD44-F298766A796C}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{37C98427-8BAE-4DC1-849A-A30D522809DC}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{3A4AAF99-729E-4F34-9B83-9DAB37D1B84E}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{3A592FB2-B026-4B49-BC38-047D6072831E}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{3D750D8F-E474-4717-BD3E-D8DD55F1FF4D}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{40A42E36-1493-41A9-94EB-A3CC86BA4E73}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{40D23B30-CB4A-4071-A27E-349BEC5F2E03}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{431E0766-88FF-44F6-9114-9E05C227C3AC}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{47DF6A83-24A3-4B61-B339-923EDAB812F0}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{49CEF72D-CD03-44A9-BDDA-61E9992837A2}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{4B024995-A3F1-49B8-A844-27E420C09577}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{4BA658BF-142A-4590-91E8-CD2CAA4533C3}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{4BFE2720-3189-4DF5-9C38-7B73D972E931}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{4CCFCC5D-EAEB-47AA-88F3-DF61EC9ED2E2}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{4CDD96D3-474B-41D7-9CF1-7C98F86D5AE3}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{4DF5DD0F-F2A5-4791-8B86-A405215BBD2A}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{531494E5-77C1-4FC7-9DB3-8E70C9F541A6}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{53BF06D9-CF41-4BE5-BE25-5F3632ACB7CB}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{547D06BF-C6F6-4BAE-8C7B-8E2DB062AC17}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{55522321-F4D5-49DB-8804-5C976EACE80C}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{55F3B0A4-E016-40AD-8210-60945A47A755}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{569BDA0A-23B7-4252-9453-E4B76C36CD97}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{57095FC7-1ED1-4A2B-BDCF-CBF5E0464901}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{5757DBDC-4E6E-4B5C-B5C9-1E081054CF29}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{5760737B-987D-414D-9544-D58E8684B857}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{59C7C23D-AE5A-42F9-9D8E-2109D8DEF813}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{59FAEC14-516B-4806-BA77-B5C5D5C7B88C}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{5A167D40-6038-49B3-A4A8-895451B45960}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{5BE95019-EE5C-4E16-B3C5-1F95849529DC}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{5EFB82A6-0340-4BDE-A104-B972B8ADDFF5}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{5F0A5F22-2EBD-41C4-8315-4166D2FE778C}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{61B32EFB-20A7-4A61-A121-5F719C2F7360}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{625EFF28-C525-4B79-9155-63CF1171C5EB}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{62A265B0-2400-4CB3-8D52-55499F4FF3CF}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{62EFF299-9A40-4FE7-A252-483B1A184947}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{65798544-07C9-47E3-A660-CB3BB6B970FB}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{65ED3889-0D7F-4EBF-87B1-96EBCB0624CA}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{66295341-66AB-4B93-A476-A0263DD341E6}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{68942D8F-25A0-4853-B8F0-EBA34F5095E4}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{689FB3D0-84E2-42A1-A180-F09D0C1CB9BE}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{6AD72DBC-33C1-4868-BF47-2247BCDF865A}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{6BA88B73-CF9C-4D20-A39D-A24995DFD781}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{6DC570DC-1325-4763-A44F-B621337D9CB4}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{6F3BF8E9-7C64-4954-9D1F-A3E102C3C35E}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{6F47DC11-FCCB-496E-BCFF-AA7D1317218B}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{6F48E2E0-6FF2-41A0-95FA-B52E58BDE0E6}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{70172993-93B8-407A-A52E-E99F8F82B3A6}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{7257AADC-9FBF-4FAD-B2AA-7F18CC4CA8C4}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{72E5C467-2F5C-4834-9110-2BF88088F7E6}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{7420DF12-242E-4D91-984D-D8F397447737}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{74A1D8B7-55AB-4C74-941B-3138E84207B0}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{75BF427A-13FC-4F1D-94BC-9995F5B58EC9}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{79F88862-905E-4A49-8790-6276FF9EA591}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{7A5BFA5D-9E69-4F4F-804E-2F303322A2D9}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{7B7486A6-7D9B-4828-97D1-D7D41C8B5939}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{7C4DEC11-CF1D-43EC-BD92-A9A5AE02CAFB}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{7D875CDD-22C3-4762-AE57-CCCCB263B0AB}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{7DB96A8F-DB31-4174-90EC-D42FB46D1A76}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{7EF18E91-C360-4BE5-BBBB-016969759F2F}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{810A9A5C-2746-4B4A-9BF8-802471CC9FF3}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{81DD9EE1-AF97-4D24-9838-91212264C51C}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{839CD215-63BE-4BC9-AE6A-BA94D5DD60DE}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{852203BA-D224-4398-B0DD-0AEECDA73D43}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{854AF7EB-F62D-4972-9E2E-B522BBB76173}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{85512328-450E-42D3-B943-EC0A48C53A4A}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{86104DE2-0350-48D7-833B-547C9E2B8250}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{8DC5D5DE-0779-49BB-A2F6-9020E9AC2BCA}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{901B6743-AF62-4205-8044-F5097BFB366C}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{90B76FC8-047C-4BE0-B277-C34F837AD48F}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{94D635C5-7439-4125-AF01-AEFE8645F33B}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{955C2AD4-AA82-4DCC-9D92-71D7CBFA1E9E}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{97AAFDA2-BC38-40D7-AEC1-11B2D0D1BD87}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{98DF3F45-5E46-4083-A5D8-C214E7BF4098}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{9AAA7406-E428-4767-BB9A-BA961A322238}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{9D87335F-7DBF-4A2C-BA68-6A0F21C3C121}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{9FC63EFD-D18E-428B-B935-795F47088D30}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{A0BE6AF2-73A7-4F24-9D9D-087789116A69}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{A36F37B1-DA34-42A3-9450-7E77BFF1972A}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{A3B12261-9018-4DBD-AA7D-0825BFBFB864}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{A6EB9EC4-037B-4AC6-9B82-7D519C7FF53B}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{A723FF7C-0C45-4F24-B6CD-0F0258001737}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{A8F3DFF8-7E10-4C21-9346-ACD123FE8D34}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{A98FC7A4-8265-43B8-85C5-4BF5B6433B31}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{AA130393-0CF7-4B43-817A-BA09B1DE25AC}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{B147BFA8-7DBE-442E-970A-446801A883D9}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{B59EE44E-D736-4412-B616-0E83D6D14C80}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{B5CFD5A6-FF11-49EA-827B-D4D05ECEAC82}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{B87E04B9-8EC2-4753-B3FE-0924EDABE22C}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{B8B72550-4FB5-48D0-B9CB-C89C7F81A725}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{B90DBCB0-CE88-4748-88ED-0F2D0B5D39C1}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{B976F004-EB76-49C5-A803-6C32ADA7515F}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{BC09AD39-6B0A-4011-9DFA-3D1B0E53F840}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{BDA6005E-44CF-4584-B7A6-7323FC5261C1}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{BDEF76F9-B867-43EE-9F97-82B0DED6B61D}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{BE237211-8360-4661-9595-3967C92EB357}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{BF1F0BB3-7695-4EDB-A98B-7744176EBB33}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{C2733301-BBB5-4E68-A6AA-4AF95E0D0DB4}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{C2C541E8-34BA-4E0E-9901-3F8EC3C4D803}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{C387439C-13B8-4376-9793-FBF57979F3D0}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{C4B7D895-9B78-4327-89B4-111C00CC34D3}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{C70EAC84-F7B6-4C09-96EF-655AF1F77A11}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{C77BA7F4-95D8-499E-B3BC-B258E711E4B3}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{C82102BF-A9F9-4048-91DE-963E3E3BA4D0}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{C83700CA-9567-44B6-B9B9-AAB9A57A9065}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{C970AD62-C435-46A9-AC36-4EE7C29D2393}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{CB4DFF90-A2D4-4E08-BA41-B22980FE7FB9}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{CBD567E3-D6E7-4CEE-B738-E1C572D7DBC6}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{CD3D3C3B-9BAC-4851-8125-321E224B0B6F}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{CD72BDA3-94F4-4BAA-A845-5E89571014DF}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{CD7FBCFE-0A68-4BF7-8D41-6BC3F7C4176C}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{CEADA7BD-059C-4425-9617-56E1EE85D26D}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{D73EE3A7-6B13-4A4D-AF21-8729D7E5ADD7}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{D870C391-14DE-4016-9B71-223250FD1414}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{D9E86C02-4B9C-4837-9804-14A7C64308D8}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{DA02B391-D27A-4930-BE41-1334CFD9DFDA}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{DA54556F-7E98-4850-A56E-D017610D1261}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{DAA0B018-9621-4C91-95D3-4A35B249D897}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{DCDB75D2-5D88-43E8-8998-60AD22F6A58C}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{DD66C430-CD2B-4E16-AF6D-5450304C7E3E}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{DF9DFA8D-B65A-4C09-ADF8-4C50B12C8E6B}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{E0D73D47-587D-4687-AA75-55F527A1C3DD}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{E2C2FC46-28B5-488C-88BE-71E63D0ED723}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{E4D5370B-0650-4F2C-80DB-0F85F720A745}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{E5BDB922-BEF0-4EC6-A939-A1E40726A68C}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{E633A19A-CF52-4B62-88E1-DA4AA1AEF09D}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{E69B7A04-7AFE-4A50-9330-443C8CF944CC}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{E6ADA005-9CCF-43B9-A35F-6D19CD997ACE}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{E7F65688-9065-4DFD-9E17-EE149A93E1B1}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{EDF7D44D-A354-45E3-AFB5-6CA662D3771C}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{EF46DE20-D6A8-4CC3-8AF8-945B8B1598D8}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{EFC256B9-90BB-4AE0-8B20-1451AEFF8A7B}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{F6250EB8-3BD7-4239-B6AC-ACFBBD261EDA}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{F6369F32-49C7-4DFA-A3B6-EB9E0BA3B8EF}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{F695A4F9-972C-41D8-B1EB-C992DE0EEF67}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{F7F2C935-91C0-44DF-AC6F-FDDB7309C7E4}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{F966A5AC-6A56-4F98-A671-FB6539BE2A06}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{F9A71A11-C8F7-4684-BFA9-C7DCD450F87C}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{FBA46FC8-64FD-4D74-A329-1BA2A19270F4}
Successfully deleted: [Empty Folder] C:\Users\llg\appdata\local\{FF5C3D85-A3BF-434B-9358-31CFB3A4278D}



~~~ FireFox

Emptied folder: C:\Users\llg\AppData\Roaming\mozilla\firefox\profiles\rxwg9y49.default-1384287076279\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on dim. 08/12/2013 at 21:43:09,82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Log of RogueKiller:

RogueKiller V8.7.11 [Dec 3 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.adlice.com/forum/
Site Web : http://www.sur-la-to...om/RogueKiller/
Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur : llg [Droits d'admin]
Mode : Recherche -- Date : 12/08/2013 21:56:09
| ARK || FAK || MBR |

Processus malicieux : 0

Entrees de registre : 7
[RUN][SUSP PATH] HKCU\[...]\Run : AmazonMP3DownloaderHelper (C:\Users\llg\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [7]) -> TROUV
[RUN][SUSP PATH] HKUS\S-1-5-21-1301682024-956692067-4001901071-1000\[...]\Run : AmazonMP3DownloaderHelper (C:\Users\llg\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [7]) -> TROUV
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (hellman:8080 [Country: (Private Address) (XX), City: (Private Address)]) -> TROUV
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> TROUV
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> TROUV
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUV
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUV

Tches planifies : 0

Entres Startup : 0

Navigateurs web : 5
[FF][PROXY] as1j89ur.mc-rc : user_pref("network.proxy.hxxp", "hellman"); -> TROUV
[FF][PROXY] as1j89ur.mc-rc : user_pref("network.proxy.hxxp_port", 8080); -> TROUV
[FF][PROXY] as1j89ur.mc-rc : user_pref("network.proxy.type", 2); -> TROUV
[FF][PROXY] zkkxm7hy.default : user_pref("network.proxy.hxxp", "hellman"); -> TROUV
[FF][PROXY] zkkxm7hy.default : user_pref("network.proxy.hxxp_port", 8080); -> TROUV

Fichiers / Dossiers particuliers:

Driver : [NON CHARGE 0x0]

Ruches Externes:

Infection :

Fichier HOSTS:
--> %SystemRoot%\System32\drivers\etc\hosts




MBR Verif:

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HM641JI +++++
--- User ---
[MBR] f14a7eafe7b669d7e96099d11f68f2b3
[BSP] fed53bd3680f88b8d90a77ddf8a2ed8c : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13837 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 28340224 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 28545024 | Size: 596541 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[0]_S_12082013_215609.txt >>




My laptop is already running much faster now. For instance, Firefox is faster to start.
Many thanks for these hints. I'm ready for the next step.

Cheers,
Akao
  • 0

#6
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,161 posts
Glad to hear the computer is happier!

Step 1

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Step 2
Do you know what this proxy is for?

"ProxyServer" = hellman:8080

If you set this on purpose then skip this step otherwise:

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan

Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.

Posted Image

  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
Posted Image
  • The report has been created on the desktop.

  • Next click on the ProxyFix
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

Step 3
Download Security Check from here or here.
  • Save it to your Desktop.
  • Right click SecurityCheck.exe, select Run as administrator, and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

In your next reply I would like to see:
  • OTL log
  • checkup.txt
  • All the new RKreport files from your desktop
  • Any current symptoms?

  • 0

#7
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,161 posts
Forgot to add one more thing, and you can do this after the other steps -
Run OTL by right clicking on the icon and selecting Run as administrator
  • Click on the NONE button (it's up on the top just under Quick Scan) - next look in the Extra Registry section and select Use SafeList
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • The OTL.txt file will be mostly blank, so don't bother posting that one, but please post the Extras.txt log

  • 0

#8
akao

akao

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi,
Here is my latest OTL file, from Step 1:

OTL logfile created on: 09/12/2013 16:13:14 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\llg\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 0000040c | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy

3,98 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 51,52% Memory free
7,96 Gb Paging File | 5,98 Gb Available in Paging File | 75,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582,56 Gb Total Space | 127,49 Gb Free Space | 21,89% Space Free | Partition Type: NTFS

Computer Name: GALOIS | User Name: llg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/09 15:03:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\llg\Desktop\OTL.exe
PRC - [2013/11/24 12:25:19 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/11/24 12:25:19 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/10/26 11:15:44 | 000,607,232 | ---- | M] (MyCity) -- C:\Program Files (x86)\MCShield\MCShieldRTM.exe
PRC - [2013/10/25 02:34:06 | 002,480,408 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/10/25 02:34:06 | 001,444,120 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/10/03 19:40:16 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2013/08/14 14:19:22 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/05/22 19:36:58 | 000,400,704 | ---- | M] () -- C:\Users\llg\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/03/31 14:37:36 | 000,146,592 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011/03/05 15:42:36 | 000,180,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2011/03/05 15:42:36 | 000,064,704 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2011/02/23 13:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2011/02/15 10:47:02 | 002,757,312 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2011/02/01 12:20:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 12:20:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/12/01 05:42:14 | 000,104,712 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe
PRC - [2010/12/01 05:42:12 | 000,601,600 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\openvpn.exe
PRC - [2010/11/26 23:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/11/26 23:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010/09/13 17:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/09/13 17:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/11/08 23:18:00 | 000,065,216 | ---- | M] (WordWeb Software) -- C:\Program Files (x86)\WordWeb\wweb32.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/24 12:25:19 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/10/29 07:27:29 | 001,127,152 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2013/10/10 02:58:35 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/10/10 02:49:57 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/10 02:49:41 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/09/13 02:07:39 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/08/18 15:09:23 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\72a01c3b91205094f1c3b17dee7eec97\IAStorUtil.ni.dll
MOD - [2013/08/16 22:41:34 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/16 22:41:07 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/16 22:39:51 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/12 04:22:40 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\c1135ff61820f7a77986a1139b92c126\IAStorCommon.ni.dll
MOD - [2013/07/12 02:58:23 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/05/22 19:36:58 | 000,400,704 | ---- | M] () -- C:\Users\llg\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2011/07/13 20:06:53 | 000,022,800 | ---- | M] () -- C:\Program Files (x86)\WordWeb\WUCNT.dll
MOD - [2010/12/01 05:42:14 | 001,207,808 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\libeay32.dll
MOD - [2010/12/01 05:42:14 | 000,245,248 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\libssl32.dll
MOD - [2010/12/01 05:42:14 | 000,104,712 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe
MOD - [2010/12/01 05:42:14 | 000,086,528 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\libpkcs11-helper-1.dll
MOD - [2010/12/01 05:42:12 | 000,601,600 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\openvpn.exe
MOD - [2010/11/13 00:52:13 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll


========== Services (SafeList) ==========

SRV:64bit: - File not found [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe /service /sstates /sampleinterval=10000 /procinterval=5 /dllinterval=120 /counter=\Processor(_Total)\% Processor Time:1 /counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1 /counter=\Network Interface(*)\Bytes Total/sec:1 /expandcounter=\Processor Information(*)\Processor Frequency:1 & /expandcounter=\Processor(*)\% Idle Time:1 /expandcounter=\Processor(*)\% C1 Time:1 /expandcounter=\Processor(*)\% C2 Time:1 /expandcounter=\Processor(*)\%C3 & Time:1 /expandcounter=\Processor(*)\% Processor Time:1 /directory=C:\ProgramData\Sony Corporation\VAIO Care\inteldata -- (SampleCollector)
SRV:64bit: - [2013/11/24 12:25:19 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/11/19 19:01:36 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/08/27 15:32:32 | 000,961,624 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV:64bit: - [2013/08/01 10:18:44 | 001,368,624 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update\VUAgent.exe -- (VUAgent)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/10/12 13:02:44 | 000,054,760 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)
SRV:64bit: - [2011/07/19 03:45:52 | 000,104,096 | ---- | M] (Atheros Communication Inc.) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe -- (DCDhcpService)
SRV:64bit: - [2011/05/19 18:15:44 | 000,549,616 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2011/02/18 21:15:06 | 000,099,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2011/02/18 21:02:08 | 000,385,336 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2011/01/20 11:27:18 | 000,286,936 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/11/18 15:18:38 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/25 02:34:06 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/05 09:34:30 | 000,171,680 | ---- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/08/14 14:19:22 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/05/12 04:09:42 | 000,380,224 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/04/25 19:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Disabled | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe -- (KSS)
SRV - [2012/03/30 12:26:52 | 000,237,328 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\MSS\3.0.271\McCHSvc.exe -- (McComponentHostServiceSony)
SRV - [2012/03/12 05:07:58 | 002,429,544 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/03/31 14:37:36 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011/03/31 14:36:44 | 000,075,936 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011/03/05 15:42:36 | 000,064,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2011/02/23 13:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2011/02/21 11:55:08 | 000,113,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2011/02/21 11:55:08 | 000,067,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2011/02/01 12:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 12:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/01/20 11:16:26 | 000,887,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010/12/01 05:42:12 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2010/11/26 23:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/09/13 17:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/10/03 00:21:56 | 000,038,688 | ---- | M] (International Business Machines Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\IBM\SQLLIB\BIN\db2mgmtsvc.exe -- (DB2MGMTSVC_DB2COPY1)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/24 12:25:22 | 001,032,416 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/11/24 12:25:22 | 000,409,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/11/24 12:25:22 | 000,205,320 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/11/24 12:25:22 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/11/24 12:25:22 | 000,084,328 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/11/24 12:25:22 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/11/24 12:25:22 | 000,065,264 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/11/24 12:25:22 | 000,038,984 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/10/25 02:34:18 | 000,317,808 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvolwin7.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 18:21:48 | 000,029,352 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirwin7.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 18:21:46 | 000,768,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfswin7.sys -- (Sftfs)
DRV:64bit: - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaywin7.sys -- (Sftplay)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/06/11 09:37:16 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/12 05:08:08 | 000,340,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/03 16:41:58 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011/09/20 16:23:40 | 000,317,776 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/06/21 00:03:42 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/03/31 14:36:58 | 000,287,392 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011/03/31 14:36:58 | 000,283,296 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011/03/31 14:36:58 | 000,059,040 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011/03/31 14:36:56 | 000,259,232 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011/03/31 14:36:56 | 000,166,048 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011/03/31 14:36:56 | 000,109,216 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2011/03/31 14:36:56 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011/03/31 14:36:56 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011/03/29 07:51:30 | 000,425,064 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/29 04:57:20 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/22 16:27:05 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/01 05:42:14 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 15:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/04/26 21:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2010/02/08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/10 21:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 13:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2008/11/16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2005/04/13 22:17:52 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0801.sys -- (tap0801)
DRV - [2013/10/29 07:27:27 | 000,606,672 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys -- (RapportCerberus_59849)
DRV - [2013/10/25 02:34:18 | 000,399,312 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2013/10/25 02:34:18 | 000,284,176 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.eu/vaioportal
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{2DBDB1E5-2234-4FEE-A09B-8D211469ECAB}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKCU\..\SearchScopes\{70E053D1-92F3-4272-877F-43F08F50963D}: "URL" = http://services.zini...}&rf=sonyslices
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = hellman:8080
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://10.118.14.31:8080/cgu.pac

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: keefox%40chris.tomlinson:1.2.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\llg\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\llg\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\llg\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/10/03 19:42:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/12/28 09:55:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/10/03 19:42:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/11/24 12:25:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files (x86)\AVG\AVG2012\Thunderbird\ [2012/02/08 07:49:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\WordWeb\WCaptureMoz [2011/08/10 09:56:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/11/25 19:08:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\Extensions
[2012/10/01 06:54:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\Extensions-BackupByFirefoxPortable
[2013/12/08 21:04:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\1rfkg9zg.demo\extensions
[2012/09/29 20:00:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\1rfkg9zg.demo\extensions\staged
[2013/12/08 21:04:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\as1j89ur.mc-rc\extensions
[2012/06/12 23:11:21 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\as1j89ur.mc-rc\extensions\[email protected]
[2012/05/23 06:21:39 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\as1j89ur.mc-rc\extensions\[email protected]
[2013/11/22 20:42:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\rxwg9y49.default-1384287076279\extensions
[2013/11/19 00:49:16 | 000,000,000 | ---D | M] (Dictionnaires français) -- C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\rxwg9y49.default-1384287076279\extensions\[email protected]
[2013/11/22 20:42:21 | 000,000,000 | ---D | M] (KeeFox) -- C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\rxwg9y49.default-1384287076279\extensions\[email protected]
[2013/12/08 21:04:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\zkkxm7hy.default\extensions
[2011/09/29 21:06:23 | 000,000,000 | ---D | M] (Clippings) -- C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\zkkxm7hy.default\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}
[2011/07/05 13:59:34 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\zkkxm7hy.default\extensions\[email protected]
[2012/09/29 20:00:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\zkkxm7hy.default\extensions\staged
[2012/03/02 22:49:33 | 000,000,000 | ---D | M] (Download Youtube Videos +) -- C:\Users\llg\AppData\Roaming\mozilla\Firefox\Profiles\zkkxm7hy.default\extensions\[email protected]
[2012/04/16 09:23:40 | 000,061,854 | ---- | M] () (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\firefox\profiles\as1j89ur.mc-rc\extensions\[email protected]
[2012/07/25 08:53:41 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\firefox\profiles\as1j89ur.mc-rc\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/11/14 14:42:01 | 000,261,871 | ---- | M] () (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\firefox\profiles\rxwg9y49.default-1384287076279\extensions\{ad0d925d-88f8-47f1-85ea-8463569e756e}.xpi
[2012/02/01 22:34:37 | 001,331,409 | ---- | M] () (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\firefox\profiles\zkkxm7hy.default\extensions\[email protected]
[2011/07/05 10:11:21 | 000,016,294 | ---- | M] () (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\firefox\profiles\zkkxm7hy.default\extensions\[email protected]
[2012/02/22 18:51:53 | 000,060,945 | ---- | M] () (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\firefox\profiles\zkkxm7hy.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2011/07/07 13:33:53 | 000,062,210 | ---- | M] () (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\firefox\profiles\zkkxm7hy.default\extensions\{ad0d925d-88f8-47f1-85ea-8463569e756e}.xpi
[2012/01/05 20:02:00 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\firefox\profiles\zkkxm7hy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/08/18 19:16:41 | 000,688,571 | ---- | M] () (No name found) -- C:\Users\llg\AppData\Roaming\mozilla\firefox\profiles\zkkxm7hy.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
[2013/11/05 20:45:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/11/05 20:45:57 | 000,000,000 | ---D | M] (eID België) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/11/05 20:45:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/18 15:18:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\llg\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\llg\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\llg\AppData\Local\Google\Chrome\Application\31.0.1650.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\llg\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\llg\AppData\Roaming\Mozilla\plugins\npatgpc.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Users\llg\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: avast! Online Security = C:\Users\llg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0\
CHR - Extension: RealDownloader = C:\Users\llg\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\
CHR - Extension: Google\u00A0Wallet = C:\Users\llg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: avast! Online Security = C:\Users\llg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0\
CHR - Extension: RealDownloader = C:\Users\llg\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\
CHR - Extension: Google\u00A0Wallet = C:\Users\llg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\

O1 HOSTS File: ([2013/12/09 16:13:08 | 000,001,058 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [TortoiseHgOverlayIconServer] C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe ()
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [AmazonMP3DownloaderHelper] C:\Users\llg\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe ()
O4 - HKCU..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [KSS] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
O4 - HKCU..\Run: [MCShield Monitor] C:\Program Files (x86)\MCShield\MCShieldRTM.exe (MyCity)
O4 - HKCU..\Run: [WordWeb] C:\Program Files (x86)\WordWeb\wweb32.exe (WordWeb Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.10.10.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8211A9E6-1587-4AA7-B5F4-89716FFEDA52}: DhcpNameServer = 10.10.10.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9894A506-464E-4F95-9DA9-CAF2E88ADC22}: DhcpNameServer = 10.150.252.144 10.118.10.164 10.118.146.42
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/08 21:46:30 | 000,000,000 | ---D | C] -- C:\Users\llg\Desktop\RK_Quarantine
[2013/12/08 21:31:40 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/12/08 21:30:14 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\llg\Desktop\JRT.exe
[2013/12/08 21:03:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/12/07 10:14:16 | 000,000,000 | ---D | C] -- C:\UsbFix
[2013/12/07 00:10:21 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2013/12/07 00:09:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/12/06 20:17:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
[2013/12/06 20:17:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZHPDiag
[2013/12/06 20:17:47 | 000,000,000 | ---D | C] -- C:\Users\llg\AppData\Roaming\ZHP
[2013/12/06 20:17:12 | 006,859,047 | ---- | C] (Nicolas Coolman ) -- C:\Users\llg\Desktop\ZHPDiag2.exe
[2013/12/03 13:31:03 | 000,000,000 | ---D | C] -- C:\Users\llg\Documents\Europcar
[2013/11/28 13:54:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
[2013/11/28 13:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\MCShield
[2013/11/28 13:54:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MCShield
[2013/11/28 13:34:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\llg\Desktop\OTL.exe
[2013/11/28 08:55:33 | 000,000,000 | ---D | C] -- C:\found.001
[2013/11/28 06:39:22 | 001,204,601 | ---- | C] (El Desaparecido - SosVirus.net - UsbFix.net) -- C:\Users\llg\Desktop\UsbFix.exe
[2013/11/24 12:29:50 | 000,000,000 | ---D | C] -- C:\Users\llg\AppData\Roaming\AVAST Software
[2013/11/24 12:26:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013/11/24 12:25:46 | 000,065,264 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/11/24 12:25:45 | 001,032,416 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/11/24 12:25:44 | 000,409,832 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/11/24 12:25:44 | 000,084,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/11/24 12:25:44 | 000,038,984 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/11/24 12:25:42 | 000,092,544 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/11/24 12:25:21 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/11/20 23:37:00 | 000,000,000 | ---D | C] -- C:\Users\llg\Documents\Berlin
[2013/11/20 23:36:51 | 000,000,000 | ---D | C] -- C:\Users\llg\Documents\Sude
[2013/11/20 23:36:51 | 000,000,000 | ---D | C] -- C:\Users\llg\Documents\rvolution
[2013/11/20 22:18:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/11/20 22:17:56 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/11/20 22:17:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/11/20 22:16:10 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\llg\Documents\mbam-setup-1.75.0.1300.exe
[6 C:\Users\llg\Documents\*.tmp files -> C:\Users\llg\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/09 16:13:08 | 000,001,058 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/12/09 15:37:59 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/09 15:18:21 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1301682024-956692067-4001901071-1000UA.job
[2013/12/09 15:03:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\llg\Desktop\OTL.exe
[2013/12/09 14:52:44 | 000,011,386 | ---- | M] () -- C:\Users\llg\gsview64.ini
[2013/12/09 14:51:45 | 006,566,046 | ---- | M] () -- C:\Users\llg\Documents\RainCode.zip
[2013/12/09 14:03:16 | 000,028,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/09 14:03:16 | 000,028,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/09 13:58:41 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/09 13:55:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/09 13:55:48 | 3206,959,104 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/09 13:20:27 | 000,121,764 | ---- | M] () -- C:\Users\llg\Documents\groupon - pasteis.pdf
[2013/12/08 21:45:47 | 003,580,416 | ---- | M] () -- C:\Users\llg\Desktop\RogueKiller.exe
[2013/12/08 21:30:18 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\llg\Desktop\JRT.exe
[2013/12/08 21:18:14 | 000,001,018 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1301682024-956692067-4001901071-1000Core.job
[2013/12/08 21:16:50 | 001,110,034 | ---- | M] () -- C:\Users\llg\Desktop\adwcleaner.exe
[2013/12/07 18:56:07 | 002,163,168 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/07 18:56:07 | 000,925,486 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2013/12/07 18:56:07 | 000,828,046 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/07 18:56:07 | 000,216,572 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2013/12/07 18:56:07 | 000,187,314 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/07 10:42:37 | 000,002,070 | ---- | M] () -- C:\Users\llg\Desktop\SosVirus sur Facebook.lnk
[2013/12/07 10:42:37 | 000,002,062 | ---- | M] () -- C:\Users\llg\Desktop\UsbFix Faire un Don.lnk
[2013/12/07 10:42:37 | 000,002,046 | ---- | M] () -- C:\Users\llg\Desktop\SosVirus Forum Gratuit.lnk
[2013/12/07 10:12:55 | 001,204,601 | ---- | M] (El Desaparecido - SosVirus.net - UsbFix.net) -- C:\Users\llg\Desktop\UsbFix.exe
[2013/12/07 00:17:27 | 002,138,174 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/12/06 20:42:28 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin
[2013/12/06 20:17:49 | 000,001,947 | ---- | M] () -- C:\Users\llg\Desktop\ZHPFix.lnk
[2013/12/06 20:17:49 | 000,001,820 | ---- | M] () -- C:\Users\llg\Desktop\ZHPDiag.lnk
[2013/12/06 20:17:25 | 006,859,047 | ---- | M] (Nicolas Coolman ) -- C:\Users\llg\Desktop\ZHPDiag2.exe
[2013/12/06 14:32:30 | 006,612,143 | ---- | M] () -- C:\Users\llg\Documents\Doc de prsentation des structures emploi.pdf
[2013/12/05 21:21:09 | 000,002,350 | ---- | M] () -- C:\Users\llg\Desktop\Google Chrome.lnk
[2013/12/05 15:42:34 | 000,104,392 | ---- | M] () -- C:\Users\llg\Documents\Groupon - Laser.pdf
[2013/11/28 13:54:42 | 002,633,042 | ---- | M] () -- C:\Users\llg\Desktop\MCShield-Setup.exe
[2013/11/26 16:42:56 | 000,218,289 | ---- | M] () -- C:\Users\llg\Documents\Lettre d'info n5 novembre 2013.pdf
[2013/11/26 16:13:27 | 000,138,278 | ---- | M] () -- C:\Users\llg\Documents\performance-tests.pdf
[2013/11/26 15:16:27 | 000,000,429 | ---- | M] () -- C:\Users\llg\Documents\jmeter-report-tarif-5f-p4.csv
[2013/11/24 12:26:38 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/11/24 12:25:22 | 001,032,416 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/11/24 12:25:22 | 000,409,832 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/11/24 12:25:22 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/11/24 12:25:22 | 000,205,320 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/11/24 12:25:22 | 000,092,544 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/11/24 12:25:22 | 000,084,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/11/24 12:25:22 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/11/24 12:25:22 | 000,065,264 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/11/24 12:25:22 | 000,038,984 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/11/24 12:25:21 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/11/24 10:39:33 | 656,686,397 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/11/21 08:12:09 | 000,002,110 | ---- | M] () -- C:\Users\llg\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2013/11/20 22:18:09 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/20 22:16:18 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\llg\Documents\mbam-setup-1.75.0.1300.exe
[2013/11/20 20:33:11 | 000,001,026 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/11/19 19:01:40 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/19 19:01:37 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/19 17:29:21 | 000,299,470 | ---- | M] () -- C:\Users\llg\Documents\2013-11-19-Performance-Ontologie-Rewire.pdf
[2013/11/19 17:29:08 | 000,298,331 | ---- | M] () -- C:\Users\llg\Documents\2013-11-19-Performance-Ontologie-Rewire.odp
[2013/11/19 11:27:33 | 000,000,600 | ---- | M] () -- C:\Users\llg\AppData\Local\PUTTY.RND
[6 C:\Users\llg\Documents\*.tmp files -> C:\Users\llg\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/09 14:51:42 | 006,566,046 | ---- | C] () -- C:\Users\llg\Documents\RainCode.zip
[2013/12/09 13:20:26 | 000,121,764 | ---- | C] () -- C:\Users\llg\Documents\groupon - pasteis.pdf
[2013/12/08 21:45:45 | 003,580,416 | ---- | C] () -- C:\Users\llg\Desktop\RogueKiller.exe
[2013/12/07 10:42:37 | 000,002,070 | ---- | C] () -- C:\Users\llg\Desktop\SosVirus sur Facebook.lnk
[2013/12/07 10:42:37 | 000,002,062 | ---- | C] () -- C:\Users\llg\Desktop\UsbFix Faire un Don.lnk
[2013/12/07 10:42:37 | 000,002,046 | ---- | C] () -- C:\Users\llg\Desktop\SosVirus Forum Gratuit.lnk
[2013/12/06 20:42:28 | 000,000,512 | ---- | C] () -- C:\PhysicalDisk0_MBR.bin
[2013/12/06 20:17:49 | 000,001,947 | ---- | C] () -- C:\Users\llg\Desktop\ZHPFix.lnk
[2013/12/06 20:17:49 | 000,001,820 | ---- | C] () -- C:\Users\llg\Desktop\ZHPDiag.lnk
[2013/12/06 14:32:25 | 006,612,143 | ---- | C] () -- C:\Users\llg\Documents\Doc de prsentation des structures emploi.pdf
[2013/12/05 15:42:26 | 000,104,392 | ---- | C] () -- C:\Users\llg\Documents\Groupon - Laser.pdf
[2013/12/02 20:54:21 | 001,110,034 | ---- | C] () -- C:\Users\llg\Desktop\adwcleaner.exe
[2013/11/28 13:54:23 | 002,633,042 | ---- | C] () -- C:\Users\llg\Desktop\MCShield-Setup.exe
[2013/11/26 16:42:55 | 000,218,289 | ---- | C] () -- C:\Users\llg\Documents\Lettre d'info n5 novembre 2013.pdf
[2013/11/26 16:12:24 | 000,138,278 | ---- | C] () -- C:\Users\llg\Documents\performance-tests.pdf
[2013/11/26 15:16:27 | 000,000,429 | ---- | C] () -- C:\Users\llg\Documents\jmeter-report-tarif-5f-p4.csv
[2013/11/24 12:26:38 | 000,001,926 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/11/24 12:25:46 | 000,205,320 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/11/24 12:25:46 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/11/20 22:18:09 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/19 19:01:40 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/19 19:01:37 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/19 17:28:17 | 000,298,331 | ---- | C] () -- C:\Users\llg\Documents\2013-11-19-Performance-Ontologie-Rewire.odp
[2013/11/19 17:02:44 | 000,299,470 | ---- | C] () -- C:\Users\llg\Documents\2013-11-19-Performance-Ontologie-Rewire.pdf
[2013/11/19 11:26:31 | 000,000,600 | ---- | C] () -- C:\Users\llg\AppData\Local\PUTTY.RND
[2013/10/24 22:29:41 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2013/07/18 22:55:11 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2013/05/31 08:43:44 | 000,000,079 | ---- | C] () -- C:\Users\llg\.scala_history
[2012/11/15 13:56:08 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2012/11/12 14:59:21 | 000,000,033 | ---- | C] () -- C:\Windows\iltwain.ini
[2012/02/13 18:04:48 | 000,001,196 | ---- | C] () -- C:\Users\llg\.emacs
[2012/02/13 18:04:48 | 000,001,187 | ---- | C] () -- C:\Users\llg\.emacs~
[2011/12/28 15:59:31 | 000,000,212 | ---- | C] () -- C:\Windows\ildasmfnt.bin
[2011/12/07 10:06:52 | 000,007,597 | ---- | C] () -- C:\Users\llg\AppData\Local\Resmon.ResmonCfg
[2011/09/01 17:01:16 | 000,011,386 | ---- | C] () -- C:\Users\llg\gsview64.ini
[2011/08/23 13:29:51 | 000,000,168 | ---- | C] () -- C:\Users\llg\AppData\Roaming\.emacs
[2011/08/23 13:29:51 | 000,000,065 | ---- | C] () -- C:\Users\llg\AppData\Roaming\.emacs~
[2011/07/05 07:24:17 | 000,000,457 | ---- | C] () -- C:\Users\llg\clipdat2.rdf
[2011/07/04 09:55:48 | 000,000,171 | ---- | C] () -- C:\Users\llg\notes~
[2011/07/04 09:55:48 | 000,000,000 | ---- | C] () -- C:\Users\llg\notes

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/07/06 08:39:35 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\.emacs.d
[2012/08/16 08:43:06 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\.visualvm
[2013/07/10 14:44:17 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\Amazon
[2012/04/16 09:22:27 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\Audacity
[2013/11/24 12:29:50 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\AVAST Software
[2012/02/08 07:48:51 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\AVG2012
[2012/10/01 06:25:52 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\BitTyrant
[2012/05/14 10:47:56 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\EAC
[2011/07/19 16:07:40 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\EDO
[2011/10/06 13:17:46 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\EurekaLog
[2013/12/05 17:14:05 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\FileZilla
[2012/06/11 22:34:10 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\gnupg
[2013/11/17 13:54:42 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\gtk-2.0
[2013/10/24 23:11:37 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\iolo
[2012/09/14 14:11:35 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\IsolatedStorage
[2011/11/04 10:06:22 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\JustDecompile
[2012/02/11 15:38:47 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\JustVoip
[2013/12/06 17:42:47 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\KeePass
[2012/03/11 13:19:36 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\langmaster.com
[2013/01/21 13:32:08 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\NetBeans
[2013/09/18 19:22:29 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\Notepad++
[2011/07/02 11:53:10 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\OpenOffice.org
[2011/10/04 15:44:16 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\Scooter Software
[2013/03/18 10:56:38 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\SoftGrid Client
[2011/07/03 08:53:58 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\Subversion
[2013/06/27 22:46:33 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\SumatraPDF
[2011/07/04 09:58:22 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\Thunderbird
[2013/02/13 13:18:39 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\TP
[2013/12/08 20:47:35 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\uTorrent
[2013/01/16 11:39:23 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\webex
[2013/12/06 20:43:12 | 000,000,000 | ---D | M] -- C:\Users\llg\AppData\Roaming\ZHP

========== Purity Check ==========



< End of report >


I've skipped Step 2, because the proxy is there on purpose (even if it is disabled for the time being).

Checkup.txt:

Results of screen317's Security Check version 0.99.77
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java™ 6 Update 39
Java 7 Update 10
Java™ SE Development Kit 6 Update 39
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.9.900.152
Adobe Reader 10.1.6 Adobe Reader out of Date!
Mozilla Firefox (25.0.1)
Mozilla Thunderbird (24.1.1)
Google Chrome 31.0.1650.57
Google Chrome 31.0.1650.63
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: =
````````````````````End of Log``````````````````````


It seems that I have 2 versions of Flash Player. I guess I should remove the oldest one.

Here is the Extras log by OTL (I selected "Scan" instead of "Quick scan" because the latter didn't produce any 'Extras' file and seemed to change the Extra Registry settings, I hope this is OK, otherwise I'll give it another try):

OTL Extras logfile created on: 09/12/2013 17:27:47 - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\llg\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 0000040c | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy

3,98 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 43,05% Memory free
7,96 Gb Paging File | 5,45 Gb Available in Paging File | 68,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582,56 Gb Total Space | 127,27 Gb Free Space | 21,85% Space Free | Partition Type: NTFS

Computer Name: GALOIS | User Name: llg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [grepWin...] -- C:\Program Files\grepWin\grepWin.exe /searchpath:"%1" (http://tools.tortoisesvn.net)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [grepWin...] -- C:\Program Files\grepWin\grepWin.exe /searchpath:"%1" (http://tools.tortoisesvn.net)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0968FB4A-5009-4C15-9F56-621D576424B1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1ADA86D8-77C3-4424-B725-B1ACB6252498}" = lport=53 | protocol=17 | dir=in | app=c:\program files\sony\vaio smart network\wfda\dcdhcpservice.exe |
"{2EEAAE20-0887-4E3E-9ECB-4F6CFCDBD55D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{2FFD4F5B-DDD2-4FE8-A20C-5F505FE1D4ED}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3A79126B-1EEB-4C73-88A3-31AF3E748A0B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{474363A3-83BD-49F6-9DFB-719CC382214D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5247FB7A-15C1-4554-8664-07C7D6D0C0B5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{607C202F-FBF4-41DE-9F91-8EFBAF98A363}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{67106DE1-5EA3-46AB-9B3E-6DCA2517D150}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6DA81B4B-B6B7-4101-A93F-F4E665DC2B88}" = lport=2799 | protocol=6 | dir=in | name=altova license metering port (tcp) |
"{8F5961E2-0F57-4991-9621-A95417778580}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A45B9253-16F4-4996-8549-24D69C2828D8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A850AF22-B283-439C-A5DA-1E625FA33860}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AF6363D5-D4EC-4E70-A5AB-5817D7A9231C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DF2661E5-BD05-4973-9D2C-99E15856323B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ECCC2651-6C53-4846-B7E9-AEE835BC971C}" = lport=2799 | protocol=17 | dir=in | name=altova license metering port (udp) |
"{F0BE6BBF-3C38-420C-B2C2-DB2FA8F5F2B1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F8EE96B3-0C5A-4B7A-AB0A-C0C33C9BC063}" = lport=80 | protocol=6 | dir=in | app=c:\program files\sony\vaio smart network\wfda\wifidirectapplication.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{027C9ED0-CD0B-43A1-89FF-BF48D9B4C99E}" = protocol=6 | dir=in | app=c:\program files\sony\vaio smart network\wfda\wifidirectapplication.exe |
"{06429CB2-BA27-4D21-9EC1-2737F9929FFD}" = protocol=17 | dir=in | app=c:\program files\sony\vaio smart network\wfda\wifidirectapplication.exe |
"{0E898C08-77D7-4E75-9EAA-25309B0FE7FB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0EF5789C-B3A2-47BC-9097-E87358AC10DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{13C8191A-0569-40D9-9DC8-1D367D715583}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"{1CA5E388-61E9-4350-A70D-0B193097B0D4}" = protocol=17 | dir=in | app=c:\windows\splwow64.exe |
"{1DF1C725-182A-48D8-A961-5D711C3D8040}" = protocol=17 | dir=in | app=c:\program files\sony\vaio smart network\wfda\wifidirectapplication.exe |
"{1F122C69-6F3C-4BB8-A817-91ECFB87FEC7}" = protocol=6 | dir=in | app=c:\cygwin\home\llg\devel\maven-ontologie\outils-ontologie\jdk1.6.0_39\bin\java.exe |
"{2680F55C-D667-4A49-A762-6C72A48DC56F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{26DC5B6D-F53D-4175-B0DD-3BEA7ACE4E71}" = protocol=17 | dir=in | app=c:\cygwin\home\llg\devel\maven-ontologie\outils-ontologie\jdk1.6.0_39\bin\java.exe |
"{26EC7369-A23C-470D-8D3D-6787D0F30AD9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{29235B31-AE79-4AC9-BD5A-1C0E588AD65B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{2F3F43CE-DF08-4CF8-8864-456A378167E0}" = protocol=6 | dir=in | app=c:\cygwin\home\llg\devel\scala\eclipse\eclipse.exe |
"{2F46C387-2627-45E0-AADE-3A07E94DF6EE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{310DE4E7-7E28-45AC-A55D-D605BC43147C}" = protocol=17 | dir=in | app=c:\cygwin\home\llg\devel\maven_ontologie\outils-ontologie\jdk1.6.0_39\bin\java.exe |
"{3DF50C63-93E7-43E3-BCC9-7F7C8BE086C8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{46D92EB2-11D1-452F-AEAC-D8E6A02D4D29}" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_26\jre\bin\java.exe |
"{4B63E641-64E7-42C0-AEEC-777FB8A5073C}" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_26\bin\java.exe |
"{4E37986E-DBC2-4CC1-8DA1-E801109CE5CC}" = protocol=6 | dir=in | app=c:\windows\splwow64.exe |
"{5063332C-D0A1-4278-B897-C5DC5038E9F6}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{556FA35D-C2D5-4B99-9943-B6E7E54EB933}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgam.exe |
"{5639A064-463B-4DA0-8B6F-7B1741DDDDAE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{568A1478-BA7A-4A6A-B98F-E66CD084FB4B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{5CCCC992-EED7-4F21-968A-37091988B1A1}" = protocol=17 | dir=in | app=c:\program files\java\jdk1.7.0_09\bin\java.exe |
"{611B84CD-FD11-44E9-B780-B5F701FA4D23}" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_26\jre\bin\java.exe |
"{61611566-BAF7-4079-94C7-3A3EB5431D1C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6354FA97-1B90-42F9-A0EA-AAE10DAF7630}" = protocol=6 | dir=in | app=c:\program files\sony\vaio smart network\wfda\wifidirectapplication.exe |
"{6477851D-E5CA-4CF5-9129-22BF5A761EB2}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{6F7EEC6E-E201-4785-B092-77E6F5BCF333}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{7397A57D-56B0-40F5-AB7E-CCC26355F85D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{74B9AB4C-FCAA-444E-92EE-B81E45325A50}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7555E3AE-7E34-4DA8-A66D-FB93F656827A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{7ADF2E87-F576-46EF-9981-1AF5CFFAD8C2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{7BE9AA37-0639-4397-BBD7-D51783FB5E40}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{7D68C145-C4E2-4DF7-9CD5-3A6785537125}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{80B397F3-95E2-4FC4-8BBF-1367B356824A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8F031AFA-448A-459E-9DC8-A7C1210EEE3E}" = protocol=6 | dir=in | app=c:\program files\netbeans 7.2.1\bin\netbeans64.exe |
"{906EE088-DA96-4BB5-8BD3-9C0E6B8BEC91}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgam.exe |
"{90CD2E25-F5BB-406F-AA5B-2491A34C7548}" = protocol=17 | dir=in | app=c:\program files (x86)\justvoip.com\justvoip\justvoip.exe |
"{917FE6BF-3B80-4238-B336-1431E80CAA07}" = protocol=6 | dir=in | app=c:\program files\java\jdk1.7.0_09\bin\java.exe |
"{92CE6CAE-7794-408D-AAC2-03296BC124D1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9372B0FC-4BF4-47F8-9151-EDC8ABD584FB}" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_26\bin\jhat.exe |
"{9751FA5A-FFA7-48E9-B11A-48F50F5F2694}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9C2D6B97-9B15-4717-B198-BCA1F1400437}" = protocol=17 | dir=in | app=c:\users\llg\appdata\roaming\utorrent\utorrent.exe |
"{9D514E7F-FD27-42FA-AC58-1942D7829387}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{9F39EDEC-50C6-483F-AFC9-A849F9D5A437}" = protocol=6 | dir=out | app=system |
"{A6FED054-F3D1-484E-829E-8578ED3F2E6B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{A7C4D393-8A17-450C-BCA6-99F74E11462A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{AFF1EF9F-F264-4A7B-A293-9A17E13CEDDC}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{B4B3BC03-E44C-4DF3-AB41-639411113494}" = protocol=17 | dir=in | app=c:\users\llg\appdata\local\temp\rar$exa0.093\lighttable\lighttable.exe |
"{B57F0B43-A9BB-4C36-94F0-EEB8A5FF48DB}" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_26\bin\java.exe |
"{B59AE571-D993-4334-AD24-F50AF1502407}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"{B6EFDD22-51D5-46B4-AEC0-7F8C712B4462}" = protocol=6 | dir=in | app=c:\cygwin\home\llg\devel\maven_ontologie\outils-ontologie\jdk1.6.0_39\bin\java.exe |
"{B978C919-E865-44DE-855F-9A34F27F389A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BFD4AFB6-6A66-4370-BB5E-96800F765992}" = protocol=6 | dir=in | app=c:\users\llg\appdata\local\temp\rar$exa0.916\lighttable\lighttable.exe |
"{CA86AD4E-4D3B-4D26-BE2F-D6095B445352}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CE344E90-8367-4028-ADB6-CD31115356B4}" = protocol=6 | dir=in | app=c:\users\llg\appdata\local\temp\rar$exa0.093\lighttable\lighttable.exe |
"{CE7C2155-7B2A-47A8-B4A2-5A94AA40FB77}" = protocol=6 | dir=in | app=c:\program files (x86)\justvoip.com\justvoip\justvoip.exe |
"{D064274F-B563-4387-B178-33A2EF1DDC31}" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_26\bin\jhat.exe |
"{D09CC879-B9AC-4CA5-B4C6-4A330D04B620}" = protocol=6 | dir=in | app=c:\program files (x86)\bittyrant\azureus.exe |
"{D22D0C70-6924-4CA1-A69E-0595F3C85845}" = protocol=6 | dir=in | app=c:\users\llg\appdata\roaming\utorrent\utorrent.exe |
"{E05455E1-8122-4CB5-970A-CCF1206A049B}" = protocol=17 | dir=in | app=c:\users\llg\appdata\local\temp\rar$exa0.916\lighttable\lighttable.exe |
"{E2A7A120-1882-4992-84A8-C8688649A7D7}" = protocol=17 | dir=in | app=c:\cygwin\home\llg\devel\scala\eclipse\eclipse.exe |
"{F0379E35-4620-412F-875E-DED5557003B2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{F33EC7E9-B7CB-4D87-998D-09A09A1B5B63}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F6D6083B-3C92-4E5F-813C-B842C8241D50}" = protocol=17 | dir=in | app=c:\program files\netbeans 7.2.1\bin\netbeans64.exe |
"{FAC8E50C-7E92-4A95-AB6F-D1F073C944B3}" = protocol=17 | dir=in | app=c:\program files (x86)\bittyrant\azureus.exe |
"TCP Query User{13FD0D9F-B074-47D0-90E5-21AA52CB55D6}C:\program files\netbeans 7.2.1\bin\netbeans64.exe" = protocol=6 | dir=in | app=c:\program files\netbeans 7.2.1\bin\netbeans64.exe |
"TCP Query User{16A23E8D-25E6-4C61-8CB2-100A926E1974}C:\program files (x86)\bittyrant\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittyrant\azureus.exe |
"TCP Query User{170ABB67-CBC7-4E6F-9192-B1C85E08FDFC}C:\users\llg\appdata\local\temp\rar$exa0.093\lighttable\lighttable.exe" = protocol=6 | dir=in | app=c:\users\llg\appdata\local\temp\rar$exa0.093\lighttable\lighttable.exe |
"TCP Query User{2F921900-B831-4A60-829E-84E1876B42FF}C:\program files (x86)\openvpn\bin\openvpn.exe" = protocol=6 | dir=in | app=c:\program files (x86)\openvpn\bin\openvpn.exe |
"TCP Query User{33EBD4AB-08B4-4044-8516-64086FE6201F}C:\program files\java\jdk1.6.0_26\bin\jhat.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_26\bin\jhat.exe |
"TCP Query User{3AA29829-D6FA-4725-A8A7-5FBDFE4F56D0}C:\eclipse\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\eclipse\eclipse\eclipse.exe |
"TCP Query User{443823C8-190D-4D4A-8C9C-C32A24885766}C:\program files\java\jdk1.7.0_09\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.7.0_09\bin\java.exe |
"TCP Query User{46C5349A-8DE0-4B86-96FC-A32104EDB70B}C:\program files\java\jdk1.7.0_09\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.7.0_09\jre\bin\java.exe |
"TCP Query User{5828F8E5-468D-42DD-9122-2E6388518D5F}C:\cygwin\home\llg\devel\maven-ontologie\outils-ontologie\jdk1.6.0_39\bin\java.exe" = protocol=6 | dir=in | app=c:\cygwin\home\llg\devel\maven-ontologie\outils-ontologie\jdk1.6.0_39\bin\java.exe |
"TCP Query User{794CA8C6-0E5E-4E04-9A18-2C872D159A3E}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{7B5D959D-02D6-48B2-8F60-511A8494C2EA}C:\windows\splwow64.exe" = protocol=6 | dir=in | app=c:\windows\splwow64.exe |
"TCP Query User{7EC5AC96-1C40-4307-9060-629EFD357F5C}C:\program files\java\jdk1.7.0_45\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.7.0_45\bin\java.exe |
"TCP Query User{8F2A448B-4958-4AB2-AE62-52BE96EED625}C:\program files (x86)\justvoip.com\justvoip\justvoip.exe" = protocol=6 | dir=in | app=c:\program files (x86)\justvoip.com\justvoip\justvoip.exe |
"TCP Query User{9FD07884-1BBE-4454-B3E3-F0C778384B14}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"TCP Query User{A7ABC446-4B32-4FDE-AE61-6B545D3D0965}C:\program files\java\jdk1.6.0_26\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_26\jre\bin\java.exe |
"TCP Query User{A9C1C8A7-0676-411F-B69A-33E60CF73A6B}C:\program files\java\jdk1.6.0_26\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_26\bin\java.exe |
"TCP Query User{B6CA8566-0298-460C-BBAB-D6581F036658}C:\users\llg\appdata\local\temp\rar$exa0.916\lighttable\lighttable.exe" = protocol=6 | dir=in | app=c:\users\llg\appdata\local\temp\rar$exa0.916\lighttable\lighttable.exe |
"TCP Query User{C1EA0C87-74F2-4B45-9B12-355506AD3BFF}C:\cygwin\home\llg\devel\maven_ontologie\outils-ontologie\jdk1.6.0_39\bin\java.exe" = protocol=6 | dir=in | app=c:\cygwin\home\llg\devel\maven_ontologie\outils-ontologie\jdk1.6.0_39\bin\java.exe |
"TCP Query User{EA865920-92D0-4D74-B7BD-25B4FE1B1B5C}C:\cygwin\home\llg\devel\scala\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\cygwin\home\llg\devel\scala\eclipse\eclipse.exe |
"UDP Query User{00528853-5413-429D-AB3B-5C8C56A81D65}C:\program files\java\jdk1.6.0_26\bin\jhat.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_26\bin\jhat.exe |
"UDP Query User{09640962-1ECC-4801-A109-3DC8F2A9CC8F}C:\program files\netbeans 7.2.1\bin\netbeans64.exe" = protocol=17 | dir=in | app=c:\program files\netbeans 7.2.1\bin\netbeans64.exe |
"UDP Query User{1BB76E51-4DEE-4C74-B216-183770F35EBB}C:\cygwin\home\llg\devel\maven_ontologie\outils-ontologie\jdk1.6.0_39\bin\java.exe" = protocol=17 | dir=in | app=c:\cygwin\home\llg\devel\maven_ontologie\outils-ontologie\jdk1.6.0_39\bin\java.exe |
"UDP Query User{1CEBF141-710F-473D-B195-2FEBEEBD5986}C:\windows\splwow64.exe" = protocol=17 | dir=in | app=c:\windows\splwow64.exe |
"UDP Query User{286AB771-C97E-4DF0-850B-D131F853F92A}C:\program files\java\jdk1.6.0_26\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_26\jre\bin\java.exe |
"UDP Query User{3AE65DC6-747D-4640-A340-9C4764D412C6}C:\users\llg\appdata\local\temp\rar$exa0.093\lighttable\lighttable.exe" = protocol=17 | dir=in | app=c:\users\llg\appdata\local\temp\rar$exa0.093\lighttable\lighttable.exe |
"UDP Query User{408134C6-337D-4B6A-A3B4-522D53870423}C:\users\llg\appdata\local\temp\rar$exa0.916\lighttable\lighttable.exe" = protocol=17 | dir=in | app=c:\users\llg\appdata\local\temp\rar$exa0.916\lighttable\lighttable.exe |
"UDP Query User{4110E16F-1BE9-4D94-A828-B793904A228A}C:\program files (x86)\openvpn\bin\openvpn.exe" = protocol=17 | dir=in | app=c:\program files (x86)\openvpn\bin\openvpn.exe |
"UDP Query User{4952A057-A6E6-4D48-877D-338511BEC06C}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{64CB5E73-1883-4CB1-A464-02ACEBBDBC97}C:\program files (x86)\bittyrant\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittyrant\azureus.exe |
"UDP Query User{68C99107-2876-43D3-AA83-262C1FB34CCC}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{6943012D-37CC-4F28-B10C-0D59D9BF9273}C:\cygwin\home\llg\devel\scala\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\cygwin\home\llg\devel\scala\eclipse\eclipse.exe |
"UDP Query User{71641FAC-15B9-4BAA-A5C0-EE5F027E5C74}C:\program files\java\jdk1.6.0_26\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_26\bin\java.exe |
"UDP Query User{7400A360-58A6-4AC1-A626-B2849C0A2002}C:\eclipse\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\eclipse\eclipse\eclipse.exe |
"UDP Query User{979926C9-A67C-4BD7-8614-66384C3F609C}C:\program files\java\jdk1.7.0_09\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.7.0_09\bin\java.exe |
"UDP Query User{9EE2BB5D-8CEA-428F-81FE-A03613AAE6C9}C:\program files (x86)\justvoip.com\justvoip\justvoip.exe" = protocol=17 | dir=in | app=c:\program files (x86)\justvoip.com\justvoip\justvoip.exe |
"UDP Query User{A66FF981-2917-4F52-A304-4AC8DC5E8BEC}C:\program files\java\jdk1.7.0_45\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.7.0_45\bin\java.exe |
"UDP Query User{CBCABE88-3351-4332-804E-22FE750DF5F8}C:\program files\java\jdk1.7.0_09\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.7.0_09\jre\bin\java.exe |
"UDP Query User{E3B744FF-5F3C-4E0F-A98F-1E70244DA381}C:\cygwin\home\llg\devel\maven-ontologie\outils-ontologie\jdk1.6.0_39\bin\java.exe" = protocol=17 | dir=in | app=c:\cygwin\home\llg\devel\maven-ontologie\outils-ontologie\jdk1.6.0_39\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{0C6C4C8A-3B96-4681-90BA-0E15CDE96298}" = Microsoft SQL Server 2008 Management Studio
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{108C8C1D-DA02-4A6C-94CD-5603F6A6FC72}" = Microsoft SQL Server 2008 Management Studio
"{115B60D5-BBDB-490E-AF2E-064D37A3CE01}" = Media Gallery
"{12FD5B1F-FDE2-42D7-A0D8-C94ECF52A92B}" = grepWin x64
"{133D3F07-D558-46CE-80E8-F4D75DBBAD63}" = PMB VAIO Edition Plug-in
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{183C740A-0406-380F-A235-2EC2F8A28D13}" = Microsoft Windows SDK MSHelp (30514)
"{18C5A65B-0A39-40B5-B958-63055AFAB65C}" = Microsoft SQL Server Setup Support Files (English)
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1DD03A94-C815-46EF-A43A-B36694002A7C}" = TortoiseSVN 1.6.16.21511 (64 bit)
"{1E6ED082-E32D-4B2B-8B6A-70B094815135}" = Microsoft SQL Server System CLR Types (x64)
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java™ 6 Update 26 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417045FF}" = Java 7 Update 45 (64-bit)
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2D290715-B0FC-3898-9247-62F803A585DF}" = Microsoft Windows SDK for Windows 7 Redistributable Components for Common Tools (30514)
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{312395BC-7CC2-434C-A660-30250276A926}" = SSLx64
"{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{377672F0-6B8A-467D-8DDC-79338BCCD531}" = 64 Bit HP CIO Components Installer
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{48A7B11D-C3E1-3BEE-AF6C-8976F6E705A6}" = Microsoft Windows SDK for Windows 7 Redistributable Components for Application Verifier (30514)
"{4B5F58F7-C7D1-3CE3-9B37-B657F0852643}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{4EFA8109-732B-4026-9F0C-B70ECF3F9293}" = Windows Live Remote Service Resources
"{4F31AC31-0A28-4F5A-8416-513972DA1F79}" = Sony Corporation
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{54C2B4E9-DD13-4AA4-B09A-A6EF68F9359A}" = Microsoft SQL Server 2005 Analysis Services (64-bit)
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{64A3A4F4-B792-11D6-A78A-00B0D0170090}" = Java SE Development Kit 7 Update 9 (64-bit)
"{64A3A4F4-B792-11D6-A78A-00B0D0170450}" = Java SE Development Kit 7 Update 45 (64-bit)
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{65A4AB53-C269-441A-B75F-38FFD8F48CB6}" = TortoiseGit 1.7.14.0 (64 bit)
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{68570626-1BF6-310B-AF69-6CD686C04AEA}" = Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514)
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6B7DE186-374B-4873-AEC1-7464DA337DD6}" = VU5x64
"{6C8D7973-31F9-32E1-A820-8DD857910323}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{73D8B59D-0BFF-4B5B-A031-FAB3AC629E56}" = Microsoft SQL Server 2005 Tools (64-bit)
"{751EE164-9F12-4E57-ADB0-02D8F34A10AD}" = Microsoft SQL Server Native Client
"{75C95C84-264F-4CC7-8A7E-346444E6C7C1}" = VAIO Improvement Validation
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{7C903D14-7EF4-4B71-BF78-2BCAFC499EB1}" = SQLXML4
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
"{84452C2C-BDCC-36F3-A189-CE15F02A47FB}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{84E30D73-E30F-3A02-BAA0-5353C04DD18A}" = Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{88BAE373-00F4-3E33-828F-96E89E5E0CB9}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
"{89026002-A893-42D9-9E20-6829B844735E}" = Application Verifier (x64)
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FF0ACBD-17A5-3637-95F4-D7C69723E2BF}" = Microsoft Visual Studio 2010 Performance Collection Tools SP1 - ENU
"{90140000-006D-040C-1000-0000000FF1CE}" = Microsoft Office Dmarrer en un clic 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{951E6223-AC28-345E-BCF4-B55C1267E321}" = Microsoft Windows SDK for Windows 7 Samples (30514)
"{9CFA7A85-AEB6-487B-9C8E-C3C9432AA8F7}" = TortoiseOverlays
"{9E96DFB0-0BE0-367A-BB8E-7790ACFF0B56}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - FRA
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{9F672527-2BE4-47AB-B061-C057BDE30B30}" = Windows Live Remote Client Resources
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A0B0F02C-410B-3DE3-9740-EC4C3D902532}" = Microsoft Windows SDK for Windows 7 Common Utilities (30514)
"{A2C55034-8DAF-3755-BA85-CC321707FE99}" = Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools
"{A39AE3AE-9808-39D2-AB7B-FF5F0335095E}" = Microsoft .NET Framework 4 Extended FRA Language Pack
"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Pilote 3D Vision 269.73
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panneau de configuration NVIDIA 269.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Pilote graphique 269.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Logiciel systme PhysX 9.12.0507
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Pilote audio HD : 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B7D0C3BC-CB39-3CA1-9295-A23A93994893}" = Microsoft Windows SDK for Windows 7 Redistributable Components for Windows Debugging Tools (30514)
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C92556F2-4950-48CF-ABA3-F0026B05BCE8}" = Microsoft SQL Server 2005 Backward compatibility
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CC7F202A-23FB-4B44-8716-292F3747799C}" = TortoiseHg 2.1.4 (x64)
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D21540A9-37AC-40FC-8106-15A4C1A2DD1A}" = Oracle VM VirtualBox 4.1.4
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D55EAC07-7207-44BD-B524-0F063F327743}" = VIx64
"{D57519D3-2E37-3E34-94AF-4D59BFAB87E6}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
"{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{EC635BC0-0D7C-4CA2-9B87-2A330C298CB2}" = VAIO Care
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{F14F2E25-99AF-42A9-977C-F6D0352DC59F}" = Microsoft SQL Server 2005 (64-bit)
"{F1C4B89A-8BF0-3D7C-8095-BAE412FBEA3F}" = Microsoft Windows SDK .NET Framework Tools (30514)
"{F1DC5C16-9B1F-467B-85E3-CB48C27AC50D}" = VESx64
"{F2611404-06BF-4E67-A5B7-8DB2FFC1CBF6}" = VSNx64
"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"CNXT_AUDIO_HDA" = Conexant HD Audio
"GPL Ghostscript 9.02" = GPL Ghostscript
"GSview 4.9" = GSview 4.9
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"Microsoft .NET Framework 4 Extended FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Extended FRA
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - FRA" = Module linguistique Microsoft Visual Studio 2010 Tools pour Office Runtime (x64) - FRA
"nbi-glassfish-mod-3.1.2.23.2" = GlassFish Server Open Source Edition 3.1.2.2
"nbi-nb-base-7.2.1.0.201210100934" = NetBeans IDE 7.2.1
"nbi-tomcat-7.0.27.0.0" = Apache Tomcat 7.0.27
"Protege 3.4.7" = Protege 3.4.7
"R for Windows 2.15.1_is1" = R for Windows 2.15.1
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"TortoiseCVS_is1" = TortoiseCVS 1.12.5
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.44-1 (x64)
"WinRAR archiver" = WinRAR 5.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{01C5A10F-AD9B-405B-853A-6659841A1242}" = Microsoft SQL Server 2008 Policies
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{046885A1-B4AE-4459-A0D1-8C93706698D6}" =
"{05653DE1-6567-40C6-B930-39D399B64369}" = OpenOffice.org 3.3
"{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{09B7C7EB-3140-4B5E-842F-9C79A7137139}" = Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
"{09C52940-A4D1-4409-A7CC-1AAE630CF578}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B43A744-B1B8-4089-9BD1-9D41C7EC0AA3}" = Microsoft SQL Server 2005 Books Online (English)
"{0BE273CD-AAB9-361B-8C32-D955EAC929E3}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven shkposti
"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Paralar
"{123DE6D6-9566-4777-AC81-E6D86FFA95DA}" = HL-4150CDN
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{13EC74A6-4707-4D26-B9B9-E173403F3B08}" = Quick Web Access
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{182407D7-2F76-468D-AA19-C40ACB779457}" = StyleCop 4.7.6.0
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1AA5BD63-6614-44B2-88A7-605191EDB835}" = Dotfuscator Software Services - Community Edition
"{1B0545C4-620F-4661-A369-C4D113F24932}" = Windows Live Writer Resources
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{21DD6041-7251-40FA-9D06-C5EB30268E0F}" = Qualcomm Atheros Direct Connect
"{22008CF9-2B54-4022-AFD8-3B7D42C89E6B}" = PMB VAIO Edition Plug-in
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2303F9E7-6293-4A85-BC21-CA226FAD5CE4}" = Windows Live Mail
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İin Windows Live Mesh ActiveX Denetimi
"{2460EA85-D9D1-4D44-915E-6019271AFB1D}" = VC9RunTimeX64
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25AF1025-095C-4AA9-A3FD-29710D3C3AE5}" = Remote Keyboard
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{260E3D78-94E6-47EC-8E29-46301572BB1E}" = Control ActiveX Windows Live Mesh pentru conexiuni la distanță
"{26A24AE4-039D-4CA4-87B4-2F83216039FF}" = Java™ 6 Update 39
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C09B3BC-47CF-49B7-8EC6-7F12C72D252F}" = NVIDIA PhysX
"{2C8FBAB0-4564-47B8-AC4B-9C7401B94BF2}" = Основи Windows Live
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{328b4b27-557b-47e3-841e-3c86ab40a831}_is1" = Mono for Windows 2.10.8
"{32A3A4F4-B792-11D6-A78A-00B0D0160390}" = Java™ SE Development Kit 6 Update 39
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}" = PMB VAIO Edition Guide
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}" = ActiveX-kontroll fr fjrranslutningar fr Windows Live Mesh
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3A26D9BD-0F73-432D-B522-2BA18138F7EF}" = VAIO Improvement
"{3A94F54D-A8A4-4B82-B346-92B4D56A2708}" = VESx86
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{45191C61-3D04-4D03-B78A-592DF13264CC}" = Windows Live Messenger
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}" = Windows Live Meshin etyhteyksien ActiveX-komponentti
"{4DD806F7-1DCA-33D4-A5F3-75E5FF021912}" = Microsoft FxCop 10.0
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype 6.11
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents
"{550B72C4-F404-4812-971F-947E835A877E}" = Gtk# for .Net 2.12.10
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrle ActiveX Windows Live Mesh pour connexions distance
"{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = Outil de restauration de donnes VAIO
"{5A37B181-B8D0-48C3-B4A4-5DC1ED104CED}" = VC9RunTime
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5AEE236C-0100-464B-BD2E-883AA70A5D73}" = IBM Data Server Runtime Client - DB2COPY1
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = Prise en charge du transfert VAIO
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{61438020-DDD4-42FA-99A2-50225441980A}" = ArcSoft Magic-i Visual Effects 2
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63C43435-F428-42BA-8E7B-5848749D9262}" = SSLx86
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB}" = Microsoft SQL Server Compact 3.5 SP1 Query Tools English
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6756D5CA-3E31-4308-9BF0-79DFD1AF196E}" = Елемент керування Windows Live Mesh ActiveX для віддалених підключень
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6AC57EEF-2733-4DE6-81BB-E78ACB964C22}" = Windows Live Photo Common
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezrlő tvoli kapcsolatokhoz
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{70EED410-697B-4193-A2CB-2F790F82B420}" = VAIO Data Restore Tool
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fottr
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}" = VAIO - Clavier distance
"{73D8886A-D416-4687-B609-0D3836BA410C}" = VAIO Event Service
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{76F9F5C5-FF87-4ED8-B63C-2A25A299C4AA}" = CVSNT 2.5.05.3744
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{7A56D81D-6406-40E7-9184-8AC1769C4D69}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Atheros WiFi Driver Installation
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{80651674-74AA-4155-AF2D-1339E628D187}" = Windows Live Movie Maker
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" =
"{8356CB97-A48F-44CB-837A-A12838DC4669}" = PMB VAIO Edition Plug-in
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime
"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" =
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustykalu
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilit pour Microsoft Office System 2007
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91BD94FE-ADCA-49CC-BE96-97D4BBC36FAF}" = Windows Live Mesh
"{92280FD3-A119-41E6-A740-A62DBA4DFB53}" = Windows Live UX Platform Language Pack
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-0137-040C-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogalria
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B088046-8A01-4355-99DD-8530C022F682}" = VCCx86
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger
"{A49A517F-5332-4665-922C-6D9AD31ADD4F}" = VSNx86
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{AB82EDB5-9F7B-3C3C-A678-28016363063C}" = Microsoft FxCop 1.36
"{ABB6AC00-F1D8-4EBF-8128-830D090B76C0}" = Microsoft SQL Server 2000 Sample Database Scripts
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.6) MUI
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}" = ActiveX контрола на Windows Live Mesh за отдалечени връзки
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B6190387-0036-4BEB-8D74-A0AFC5F14706}" = Ovldac prvek ActiveX platformy Windows Live Mesh pro vzdlen připojen
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{B8991D99-88FD-41F2-8C32-DB70278D5C30}" = VWSTx86
"{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU
"{BC537AE0-88AF-47ED-B762-33B0D62B5188}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
"{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C115A674-A398-49E5-9C6E-C0A541D3EA10}" = Фотоколекція Windows Live
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C25EF637-BE7A-4761-9B45-9069989C319F}" = Microsoft Visual Studio 2005 Premier Partner Edition - ENU
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}" = Ovldac prvok ActiveX programu Windows Live Mesh pre vzdialen pripojenia
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = Manuel VAIO
"{C72E35E5-C5C6-4328-AD9A-BBCCC816A2E6}" = VAIO Hardware Diagnostics
"{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}" = ArcSoft WebCam Companion 4
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader
"{C9DCF4E9-A41B-40E7-B028-2255E36D2A1C}" = TortoiseOverlays
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE07BE71-510D-414A-92D4-DFF47631848A}" = Simple Build Tool
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D17C2A58-E0EA-4DD7-A2D6-C448FD25B6F6}" = VIx86
"{D1E59FCE-D5AC-4FFC-8249-30080F1EA612}_is1" = iceScrum Server version 1.0
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D437FFB6-5C49-4DAC-ABAE-33FF065FE7CC}" = Graphviz 2.28
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4197D6B-F046-33E7-ABDE-51FF373FDC76}" = Windows SDK IntellisenseNFX
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligaes Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5D03B2E-B2D4-477F-A60D-8E1969D821FA}" = Adobe Flash Player 10 ActiveX
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F28C98E9-BAC1-41FF-81F2-8885925CCB48}" = Windows Live Writer
"{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger
"{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FA870BF1-44A1-4B7D-93E1-C101369AF0C1}" = VAIO - Media Gallery
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avast" = avast! Free Antivirus
"BeyondCompare3_is1" = Beyond Compare Version 3.3.2
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"FileZilla Client" = FileZilla Client 3.5.3
"Freecorder5.11" = Freecorder 5
"GermanBerlitz_com_fr_fr_German_is1" = Berlitz Allemand
"Git_is1" = Git version 1.7.11-preview20120710
"HTML Help Workshop" = HTML Help Workshop
"InstallShield_{22008CF9-2B54-4022-AFD8-3B7D42C89E6B}" = VAIO - PMB VAIO Edition Plug-in
"InstallShield_{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}" = VAIO - PMB VAIO Edition Guide
"InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect
"InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"JustVoip_is1" = JustVoip
"KeePass Password Safe_is1" = KeePass Password Safe 1.24
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.20
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MCShield" = MCShield ::Anti-Malware Tool::
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 25.0.1 (x86 en-US)" = Mozilla Firefox 25.0.1 (x86 en-US)
"Mozilla Thunderbird 24.1.1 (x86 fr)" = Mozilla Thunderbird 24.1.1 (x86 fr)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Dmarrer en un clic 2010
"OpenVPN" = OpenVPN 2.2-beta5
"Rapport_msi" = Trusteer Scurit des points d'accs
"RAR Password Cracker" = RAR Password Cracker 4.12
"RealPlayer 16.0" = RealPlayer
"splashtop" = Quick Web Access
"SumatraPDF" = SumatraPDF
"Usbfix" = UsbFix By El Desaparecido
"VAIO Help and Support" =
"VAIO Hero Screensaver - Summer 2011 Screensaver" = VAIO Hero Screensaver - Summer 2011 Screensaver
"VLC media player" = VLC media player 2.1.1
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live
"WinMerge_is1" = WinMerge 2.12.4
"WordWeb" = WordWeb
"ZHPDiag_is1" = ZHPDiag 2013

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.18
"Google Chrome" = Google Chrome
"ListDialogRunner" = ListDialogRunner

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 09/12/2013 02:16:35 | Computer Name = Galois | Source = WinMgmt | ID = 10
Description =

Error - 09/12/2013 04:49:41 | Computer Name = Galois | Source = WinMgmt | ID = 10
Description =

Error - 09/12/2013 08:38:58 | Computer Name = Galois | Source = WinMgmt | ID = 10
Description =

Error - 09/12/2013 08:57:36 | Computer Name = Galois | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 09/12/2013 09:33:45 | Computer Name = Galois | Source = Schannel | ID = 36888
Description = Lalerte fatale suivante a t gnre: 10. Ltat derreur interne
est 10.

Error - 09/12/2013 09:43:27 | Computer Name = Galois | Source = Schannel | ID = 36888
Description = Lalerte fatale suivante a t gnre: 10. Ltat derreur interne
est 10.

Error - 09/12/2013 09:43:27 | Computer Name = Galois | Source = Schannel | ID = 36888
Description = Lalerte fatale suivante a t gnre: 10. Ltat derreur interne
est 10.

Error - 09/12/2013 09:43:27 | Computer Name = Galois | Source = Schannel | ID = 36888
Description = Lalerte fatale suivante a t gnre: 10. Ltat derreur interne
est 10.

Error - 09/12/2013 09:44:37 | Computer Name = Galois | Source = Schannel | ID = 36888
Description = Lalerte fatale suivante a t gnre: 10. Ltat derreur interne
est 10.

Error - 09/12/2013 09:44:37 | Computer Name = Galois | Source = Schannel | ID = 36888
Description = Lalerte fatale suivante a t gnre: 10. Ltat derreur interne
est 10.

Error - 09/12/2013 09:44:37 | Computer Name = Galois | Source = Schannel | ID = 36888
Description = Lalerte fatale suivante a t gnre: 10. Ltat derreur interne
est 10.

Error - 09/12/2013 09:49:06 | Computer Name = Galois | Source = Schannel | ID = 36888
Description = Lalerte fatale suivante a t gnre: 10. Ltat derreur interne
est 10.

Error - 09/12/2013 09:49:06 | Computer Name = Galois | Source = Schannel | ID = 36888
Description = Lalerte fatale suivante a t gnre: 10. Ltat derreur interne
est 10.

Error - 09/12/2013 09:49:06 | Computer Name = Galois | Source = Schannel | ID = 36888
Description = Lalerte fatale suivante a t gnre: 10. Ltat derreur interne
est 10.


< End of report >

Current symptoms: a few hours ago, the "start menu" became unresponsive (I was able to open it, but unable to start any application from its icons or from the search box). A reboot solved the problem.
Since then, I haven't experienced any problem, the system seems more responsive than before but still slow to open a session. No more alert from Avast so far.

thanks for your time,
Akao
  • 0

#9
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,161 posts
Hi again,
Good job so far :thumbsup:

Here is the Extras log by OTL (I selected "Scan" instead of "Quick scan" because the latter didn't produce any 'Extras' file and seemed to change the Extra Registry settings, I hope this is OK, otherwise I'll give it another try):


The Extras.txt log is Perfect, thanks for catching my error.

It seems that I have 2 versions of Flash Player. I guess I should remove the oldest one.

:thumbsup:

I would also encourage you to uninstall your old version of Java - Java 6 Update 26
The bad guys have been picking on Java for a while now, actually if you don't need Java for anything I recommend uninstalling it completely. If you do need it, you should keep it updated at all times.
It would also be wise to update your Adobe Reader, as it's also picked on these days.

Let's continue sweeping for anything left over --

Step 1
Posted Image Please run Malwarebytes' Anti-Malware

  • Go to the Update tab and check for updates, please install any updates found.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 2
Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image
You will however need to disable your current installed Anti-Virus, how to do so can be read here.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files/ESET/ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

In your next reply I would like to see:
  • MalwareBytes log file
  • ESET online scan log - careful, this one is easy to miss

  • 0

#10
akao

akao

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi Crowbar,

So far so good... Here you go:

MalwareBytes AM log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Version de la base de donnes: v2013.12.10.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
llg :: GALOIS [administrateur]

11/12/2013 21:56:00
mbam-log-2013-12-11 (21-56-00).txt

Type d'examen: Examen rapide
Options d'examen actives: Mmoire | Dmarrage | Registre | Systme de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen dsactives: P2P
Elment(s) analys(s): 240013
Temps coul: 6 minute(s), 46 seconde(s)

Processus mmoire dtect(s): 0
(Aucun lment nuisible dtect)

Module(s) mmoire dtect(s): 0
(Aucun lment nuisible dtect)

Cl(s) du Registre dtecte(s): 0
(Aucun lment nuisible dtect)

Valeur(s) du Registre dtecte(s): 0
(Aucun lment nuisible dtect)

Elment(s) de donnes du Registre dtect(s): 0
(Aucun lment nuisible dtect)

Dossier(s) dtect(s): 0
(Aucun lment nuisible dtect)

Fichier(s) dtect(s): 0
(Aucun lment nuisible dtect)

(fin)


Eset log:

[email protected] as downloader log:
all ok
[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4751042ebab95447b29c8a602f9546b3
# engine=16223
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-12-11 08:09:30
# local_time=2013-12-11 09:09:30 (+0100, Paris, Madrid)
# country="Belgium"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 71 77 1500224 1503860 0 0
# compatibility_mode=5893 16776573 100 94 41108 138422420 0 0
# scanned=482648
# found=7
# cleaned=7
# scan_time=40118
sh=7E06A29E7405324FFD68A4D91342DBE34E2F0C01 ft=1 fh=6b96eed0a57ad4dc vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\llg\AppData\Local\Temp\CT1060933\ieLogic.exe.vir"
sh=C9AF1788F6F8647A6A6291E2777C8E4E3B62DCC9 ft=0 fh=0000000000000000 vn="VBS/Agent.NDH worm (deleted - quarantined)" ac=C fn="C:\UsbFix\Upload_UsbFix.zip"
sh=D59C8B0AE7DD7799A48FC9EEAAC0833F009A5DD7 ft=0 fh=0000000000000000 vn="VBS/Agent.NDH worm (cleaned by deleting - quarantined)" ac=C fn="C:\UsbFix\Quarantine\C\Users\llg\AppData\Local\Temp\iTunesHelper.vbe.vir"
sh=2E5265F35F75A50C89E592E127BC80E1E45AA840 ft=1 fh=665395c0536173b7 vn="a variant of Win32/RemoteAdmin.Ammyy.B application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\llg\Downloads\AA_v3.2.exe"
sh=1B8796479A78B2A1863F556A0B54CFCA074E1DBE ft=1 fh=24d918c17770239b vn="a variant of Win32/RemoteAdmin.Ammyy.B application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\llg\Downloads\AA_v3.exe"
sh=EEBFC04D6B8FDE9B014214CC83DFBEFBF545D437 ft=1 fh=386346820fc68a16 vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\llg\Downloads\PDFCreator-1_3_2_setup.exe"
sh=6A859B87A0320253D474441D76A966AA85F25AE0 ft=0 fh=0000000000000000 vn="multiple threats (deleted - quarantined)" ac=C fn="C:\Windows\Installer\509aa80.msi"


No more symptoms today...

Cheers,
Akao
  • 0

#11
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,161 posts
Great news that there are no more symptoms :thumbsup:

I did originally want you to make sure the option to remove found threats was not checked for the ESET scan - but no harm done. You can see the files it removed, but had you unchecked that box, we could have told it not to delete your ammyy program.
I can give you some instructions to get it out of quarantine , but it's probably easier to just download it again
if you need to salvage it:

Restore quarantined files after closing the ESET Online Scanner window:
1. Click Start Computer or My Computer Local Disk (C:) and then double-click Program Files ESET ESET Online Scanner.
2. Double-click OnlineScannerApp.
Posted Image
3. Click Start. After the virus signature database finishes updating, click Stop.
4. Click Manage quarantine, click the file you want to restore from quarantine and then click Restore
Posted Image

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Go to control panel
  • Select folder options (Appearance > Folder options in category view)
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.


Posted Image
Do you use Java If you do not use it, you are better off uninstalling it completely. Go to your Control Panel, Uninstall a Program, then find any instance of Java in the list and click on Uninstall - do this until there are no instances of Java in the list. If you do use Java....
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version



SPRING CLEAN

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
CryptoPrevent
Please intstall this program to ensure that the crypto ransomware malware does not take hold of your system.
Posted Image


Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programs on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read these two articles:
How did I get infected in the first place ?
So how did I get infectd in the first place

Keep safe :wave:
  • 0

#12
akao

akao

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi Crowbar,

Everything has been cleaned, I'm up to date and safe... Thank you very much for your time and your help.

Take care,
Akao
  • 0

#13
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,161 posts
You are welcome! :thumbsup:
  • 0

#14
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,161 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP