samey

Lid

Bekijk profiel Bekijk hun activiteit

Items
17
Registratiedatum
19 januari 2015
Laatst bezocht
22 februari 2015

samey's prestaties

Leerling (3/14)

Recente badges

Reputatie

virussen

samey reageerde op samey's topic in Archief Bestrijding malware & virussen

Dank je nogmaals!!!! Geen virussen meer...
- 22 februari 2015
- 8 antwoorden
virussen

samey reageerde op samey's topic in Archief Bestrijding malware & virussen

AdwCleanerS0.txt
- 19 februari 2015
- 8 antwoorden
virussen

samey reageerde op samey's topic in Archief Bestrijding malware & virussen

Ja klopt ik denk dat hier geen anti virus is, welke enhoe zet ik het erop? Alvast bedankt!
- 18 februari 2015
- 8 antwoorden
virussen

samey reageerde op samey's topic in Archief Bestrijding malware & virussen

Zoek.exe v5.0.0.0 Updated 17-February-2015 Tool run by yassine on wo 18/02/2015 at 13:54:40,09. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\yassine\Downloads\zoek.exe [scan all users] [script inserted] [Checkboxes used] ==== System Restore Info ====================== 18/02/2015 13:56:53 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Users\yassine\AppData\Roaming\hpqLog deleted successfully C:\Users\yassine\AppData\Local\Adobe deleted successfully C:\Users\yassine\AppData\Local\GGEmpire deleted successfully C:\Users\yassine\AppData\Local\StormFall deleted successfully C:\Users\yassine\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2682619030-2652341359-2438336200-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully HKEY_USERS\S-1-5-21-2682619030-2652341359-2438336200-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully HKEY_USERS\S-1-5-21-2682619030-2652341359-2438336200-1000\Software\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} deleted successfully HKEY_USERS\S-1-5-21-2682619030-2652341359-2438336200-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully HKEY_USERS\S-1-5-21-2682619030-2652341359-2438336200-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} deleted successfully HKEY_USERS\S-1-5-21-2682619030-2652341359-2438336200-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully HKEY_USERS\S-1-5-21-2682619030-2652341359-2438336200-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\globalUpdate deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\globalUpdate deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\globalUpdatem deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\globalUpdatem deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IHProtect Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IHProtect Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Trntv deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Trntv deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update Reverse Page deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update Reverse Page deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Update Reverse Page deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Update Reverse Page deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util Reverse Page deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util Reverse Page deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Util Reverse Page deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Util Reverse Page deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\WindowsMangerProtect deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WindowsMangerProtect deleted successfully ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command] @="C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command] @="C:\\Program Files\\Internet Explorer\\iexplore.exe" ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83dc36e5-db3f-461a-8fbc-245e44000b1f}] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "TornTv Downloader"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\XTab deleted C:\Users\yassine\AppData\Roaming\TornTV.com deleted C:\Program Files (x86)\globalUpdate deleted C:\ProgramData\WindowsMangerProtect deleted C:\ProgramData\fd5de37200000a7e deleted C:\Program Files (x86)\daf5332a-04c3-4f6e-907f-586f67b8798e deleted C:\Users\yassine\AppData\Roaming\key-find deleted C:\ProgramData\SlimWare Utilities Inc deleted C:\Program Files (x86)\CyberLink\869180b0-c1ce-4587-ba09-b3bff4cf5625.dll deleted C:\Program Files (x86)\CyberLink\daf5332a-04c3-4f6e-907f-586f67b8798e.dll deleted C:\PROGRA~3\IHProtectUpDate deleted C:\Users\yassine\AppData\Local\globalUpdate deleted C:\Users\yassine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url deleted C:\Users\yassine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com deleted C:\Windows\Tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-1-6.job deleted C:\Windows\Tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-1-7.job deleted C:\Windows\Tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-10_user.job deleted C:\Windows\Tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-5.job deleted C:\Windows\Tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-5_user.job deleted C:\Windows\Tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-6.job deleted C:\Windows\Tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-7.job deleted C:\windows\SysNative\Tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-1-6 deleted C:\windows\SysNative\Tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-1-7 deleted C:\windows\SysNative\Tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-10_user deleted C:\windows\SysNative\Tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-5 deleted C:\windows\SysNative\Tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-5_user deleted C:\windows\SysNative\Tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-6 deleted C:\windows\SysNative\Tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-7 deleted C:\Windows\tasks\JTOV.job deleted C:\windows\SysNative\tasks\JTOV deleted C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job deleted C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job deleted C:\windows\SysNative\tasks\globalUpdateUpdateTaskMachineCore deleted C:\windows\SysNative\tasks\globalUpdateUpdateTaskMachineUA deleted C:\windows\SysNative\drivers\{3ad5a8e4-b8a3-4333-9022-726dc1eda808}Gw64.sys deleted C:\windows\SysNative\drivers\{3e26b928-0db2-4fd1-bc29-c87d5b3a0564}Gw64.sys deleted C:\windows\SysNative\GroupPolicy\machine deleted C:\windows\SysNative\GroupPolicy\gpt.ini deleted C:\Users\yassine\Documents\Optimizer Pro deleted C:\Users\yassine\Desktop\Torntv Downloader.lnk deleted C:\Users\yassine\AppData\Roaming\JTOV.exe deleted "C:\Windows\tasks\DriverUpdate Scan.job" deleted "C:\Windows\tasks\DriverUpdate Startup.job" deleted "C:\DelFix.txt" deleted "C:\Users\yassine\AppData\Roaming\JTOV" deleted "C:\Program Files (x86)\Reverse Page\updateReversePage.exe" deleted "C:\Program Files (x86)\TornPlusTV_version1.11\7478ed61-6d44-4df4-97f5-84cb4715dac9-1-6.exe" deleted "C:\Program Files (x86)\TornPlusTV_version1.11\7478ed61-6d44-4df4-97f5-84cb4715dac9-10.exe" deleted "C:\Program Files (x86)\TornPlusTV_version1.11\7478ed61-6d44-4df4-97f5-84cb4715dac9-6.exe" deleted "C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe" deleted "C:\Program Files\SlimService\icudt46l.dat" deleted "C:\Program Files\SlimService\MyDefragDll.dll" deleted "C:\Program Files\SlimService\SlimService.exe" deleted "C:\Program Files\SlimService\SlimServiceFactory.exe" deleted "C:\Program Files\SlimCleaner Plus\default.ui" deleted "C:\Program Files\SlimCleaner Plus\main.ui" deleted "C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe" deleted "C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe" deleted "C:\PROGRA~2\TornPlusTV_version1.11\7478ed61-6d44-4df4-97f5-84cb4715dac9-1-6.exe" deleted "C:\PROGRA~2\TornPlusTV_version1.11\7478ed61-6d44-4df4-97f5-84cb4715dac9-10.exe" deleted "C:\PROGRA~2\TornPlusTV_version1.11\7478ed61-6d44-4df4-97f5-84cb4715dac9-6.exe" deleted "C:\PROGRA~2\Reverse Page\updateReversePage.exe" deleted "C:\Program Files (x86)\Reverse Page\bin\3e26b9280db24fd1bc29c87d5b3a0564.dll" deleted "C:\Program Files (x86)\Reverse Page\bin\3e26b9280db24fd1bc29c87d5b3a056464.dll" deleted "C:\Program Files (x86)\Reverse Page\bin\ReversePage.BOASHelper.exe" deleted "C:\Program Files (x86)\Reverse Page\bin\ReversePage.BrowserAdapter.exe" deleted "C:\Program Files (x86)\Reverse Page\bin\ReversePage.BrowserAdapter64.exe" not deleted "C:\Program Files (x86)\Reverse Page\bin\ReversePage.expext.exe" not deleted "C:\Program Files (x86)\Reverse Page\bin\ReversePage.expextdll.dll" not deleted "C:\Program Files (x86)\Reverse Page\bin\ReversePage.PurBrowse64.exe" deleted "C:\Program Files (x86)\Reverse Page\bin\utilReversePage.exe" deleted "C:\Program Files\SlimCleaner Plus\locales\nl.pak" deleted "C:\PROGRA~2\Reverse Page\bin\3e26b9280db24fd1bc29c87d5b3a0564.dll" deleted "C:\PROGRA~2\Reverse Page\bin\3e26b9280db24fd1bc29c87d5b3a056464.dll" deleted "C:\PROGRA~2\Reverse Page\bin\ReversePage.BOASHelper.exe" deleted "C:\PROGRA~2\Reverse Page\bin\ReversePage.BrowserAdapter.exe" deleted "C:\PROGRA~2\Reverse Page\bin\ReversePage.BrowserAdapter64.exe" not deleted "C:\PROGRA~2\Reverse Page\bin\ReversePage.expext.exe" not deleted "C:\PROGRA~2\Reverse Page\bin\ReversePage.expextdll.dll" not deleted "C:\PROGRA~2\Reverse Page\bin\ReversePage.PurBrowse64.exe" deleted "C:\PROGRA~2\Reverse Page\bin\utilReversePage.exe" deleted "C:\Program Files (x86)\Reverse Page" not deleted "C:\Program Files (x86)\TornPlusTV_version1.11" not deleted "C:\Program Files (x86)\DriverUpdate" deleted "C:\Program Files\SlimService" not deleted "C:\Program Files\SlimCleaner Plus" deleted "C:\Program Files (x86)\DriverUpdate" deleted "C:\PROGRA~2\TornPlusTV_version1.11" not deleted "C:\PROGRA~2\Reverse Page" not deleted "C:\Program Files (x86)\Reverse Page\bin" not deleted "C:\Program Files\SlimCleaner Plus\locales" deleted "C:\PROGRA~2\Reverse Page\bin" not deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\yassine\AppData\Local\Temp ==== 2015-02-15 21:39:05 55BAE15D523E4FABAA551023703D3FD9 2463384 ----a-w- C:\Users\yassine\AppData\Local\Temp\Wtmp3808561\tmp\XTab_v4.0.exe 2015-02-15 20:10:50 FEFEF2F226FD6BE184BC4A3378B02AAF 155648 ----a-w- C:\Users\yassine\AppData\Local\Temp\comh.245237\psmachine.dll 2015-02-15 20:10:50 FC7A2F466F7A0F3E873077505719C1A1 143360 ----a-w- C:\Users\yassine\AppData\Local\Temp\comh.245237\GoogleUpdateHelper.msi 2015-02-15 20:10:50 F98DE4108614E4BB81E95E58E36C7000 46080 ----a-w- C:\Users\yassine\AppData\Local\Temp\comh.245237\GoogleUpdateBroker.exe 2015-02-15 20:10:50 D858BA2EE718B1DB1CED20646E641D08 68608 ----a-w- C:\Users\yassine\AppData\Local\Temp\comh.245237\GoogleUpdate.exe 2015-02-15 20:10:50 8D90BB3A36521B50D0E512A781E36871 155648 ----a-w- C:\Users\yassine\AppData\Local\Temp\comh.245237\psuser.dll 2015-02-15 20:10:50 7E767B342E55EB1DFD74A65D24EA4B70 46080 ----a-w- C:\Users\yassine\AppData\Local\Temp\comh.245237\GoogleUpdateOnDemand.exe 2015-02-15 20:10:50 571A0327DFB906466645938B4D0EDF2F 761856 ----a-w- C:\Users\yassine\AppData\Local\Temp\comh.245237\goopdate.dll 2015-02-15 20:10:50 0C0E5B63A0A2394FC05A9FF63BD08013 220672 ----a-w- C:\Users\yassine\AppData\Local\Temp\comh.245237\npGoogleUpdate4.dll 2015-02-15 20:10:50 03114DADBD9977FC823F95B21FB987E7 72872 ----a-w- C:\Users\yassine\AppData\Local\Temp\comh.245237\GoogleCrashHandler.exe 2015-02-15 15:01:12 D7448DB479552A878E799F71E55EE0E7 459648 ----a-w- C:\Users\yassine\AppData\Local\Temp\ttv.exe 2015-02-08 21:52:16 55BAE15D523E4FABAA551023703D3FD9 2463384 ----a-w- C:\Users\yassine\AppData\Local\Temp\158AF40F-387C-4D75-B9F1-9186769876B9mp\tmp\XTab_v4.0.exe 2015-02-08 21:51:35 F20505FD62EE4534C005FDB8B76C6508 5645952 ----a-w- C:\Users\yassine\AppData\Local\Temp\optprosetup.exe 2015-02-08 21:47:53 5CA9819F8E7E44D7C197DCB57C897960 46903296 ----a-w- C:\Users\yassine\AppData\Local\Temp\SIOUT10718563\SlimCleanerPlus.msi 2015-02-08 21:47:28 D04925BD3CBCD7981A7C66871B8F0D0C 56672 ----a-w- C:\Users\yassine\AppData\Local\Temp\scp344D.tmp.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2015-02-12 13:05:00 4FD3763F3917201856B0CBCE310003EA 4300800 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2015-02-12 13:05:00 01BD2653F2185218837CF4A175617F8A 620032 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2015-02-11 12:27:18 F3F6BE20A03215209B61CA85B4A83E1F 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll 2015-02-11 12:27:18 C256EFD3655EC782F8094E96094E8F9E 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll 2015-02-11 12:27:18 B63A6FF4339C9B701A93D3973C7FB6D2 550912 ----a-w- C:\Windows\SysWOW64\kerberos.dll 2015-02-11 12:27:18 A12D64A94EC57079C2D96A741CB4FF53 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll 2015-02-11 12:27:18 7D94A9161E8432B8521E60E064B1D737 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll 2015-02-11 12:27:18 7C893DBA0A58855A99DA68B751FD223B 248832 ----a-w- C:\Windows\SysWOW64\schannel.dll 2015-02-11 12:27:18 3BB446DE24501FEA5FDB9A9DB23A22AE 221184 ----a-w- C:\Windows\SysWOW64\ncrypt.dll 2015-02-11 12:27:10 E1A4D24281526DDFEA418F729CDA9DC6 30720 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2015-02-11 12:27:10 D87759889FE7BCAE4461439139E62BAA 76288 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2015-02-11 12:27:10 B0F7BD3492C2D60A70F15AEADCE1E2A6 47616 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2015-02-11 12:27:09 94B1F7CE1AAA5542923E0AD63C4D0050 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-02-11 12:27:09 8E8137569741D3693F88DDF94CC38C20 1307136 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2015-02-11 12:27:09 74EA6C792F57E453261DA210C1BCEB53 342712 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll 2015-02-11 12:27:09 6FA05244FD2E40A3DC08337146B3C425 285696 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2015-02-11 12:27:09 3B9EF1B8E154D202D32A7765E2F33554 64000 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll 2015-02-11 12:27:08 8FBC9680719ACDA9351B67D906C682F4 688640 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2015-02-11 12:27:08 61C74D794C14E9FC94D93F5F0F72A3F9 19740160 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2015-02-11 12:27:07 FD6AF61AF029B9BC2CF4EFF57CDD5821 710144 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2015-02-11 12:27:07 AD3F5926EC2C1F21FB45D1CDED6E2A47 2052608 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2015-02-11 12:27:07 5FB7E9786F70F4072663746072C9E6CE 62464 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2015-02-11 12:27:07 47B26D89EF9973E2DD586D0C827F61A9 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2015-02-11 12:27:06 EF05E63ACC834470A07A2E73D519B5FA 418304 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2015-02-11 12:27:06 9A91F9B5035F54C2D0BA92CF9B16EE34 2277888 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2015-02-11 12:27:06 994E7459260D315573DD72783D1B78A7 478208 ----a-w- C:\Windows\SysWOW64\ieui.dll 2015-02-11 12:27:06 55A84600EAAF8F1D3F0E6206E2EF6D48 47104 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2015-02-11 12:27:06 28B2D3CB1B4306D476200D80AF7D87AD 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2015-02-11 12:27:05 78A1A938D51D4F83A772123B93EE1612 12829184 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2015-02-11 12:27:03 F285D499EC42969D963CA49EADA63218 1888256 ----a-w- C:\Windows\SysWOW64\wininet.dll 2015-02-11 12:27:03 9DEE691C8FDBC2DE6957F1AE873C78FC 503296 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2015-02-11 12:27:03 180168942E4A133C55E7BBF17DA3C142 1155072 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll 2015-02-11 12:27:02 6F10743069DFFC56DEE079204960844E 168960 ----a-w- C:\Windows\SysWOW64\msrating.dll 2015-02-11 12:26:30 6D227897A458DA8A9518DACDC88F1947 3917760 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2015-02-11 12:26:30 62C93E47A424A8EC79F3CF1719A2DCC6 3972544 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2015-02-11 12:26:29 97B7E7E3356F7F7FE5B948AB3ED707DD 43008 ----a-w- C:\Windows\SysWOW64\srclient.dll 2015-02-11 12:25:53 B3BC38B886CA53C92D52EF724A9F0D45 308224 ----a-w- C:\Windows\SysWOW64\scesrv.dll 2015-02-11 12:25:50 F2A743912D404A8866362836CFE7A648 686080 ----a-w- C:\Windows\SysWOW64\adtschema.dll 2015-02-11 12:25:49 F312300F29620F74E3AF3AF018151935 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll 2015-02-11 12:25:49 F29BC66CE4A5507A49FB20744A056E61 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll 2015-02-11 12:25:49 4E6934926B4C923CC0FF61C6D77814EF 50176 ----a-w- C:\Windows\SysWOW64\auditpol.exe 2015-02-11 12:25:49 43791D2F736C4E9BE9FE0B33A1E92A5D 60416 ----a-w- C:\Windows\SysWOW64\msobjs.dll 2015-02-11 12:25:49 36F152AE2F64B12771A44EA77124332B 146432 ----a-w- C:\Windows\SysWOW64\msaudite.dll 2015-02-11 12:25:15 793F6658ED65839FDB2957A4884CB63C 1230336 ----a-w- C:\Windows\SysWOW64\WindowsCodecs.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2015-02-12 13:05:00 D363FBB2D0223956FF61ADBDBF5499B1 814080 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2015-02-12 13:05:00 16ACAA0C01F31B39F39446188F6A3593 6041600 ----a-w- C:\Windows\Sysnative\jscript9.dll 2015-02-11 12:27:18 DDACB408E607655EC64269706BFD504C 341504 ----a-w- C:\Windows\Sysnative\schannel.dll 2015-02-11 12:27:18 C1F9E139B8AE80803CE44DC0377CA342 728064 ----a-w- C:\Windows\Sysnative\kerberos.dll 2015-02-11 12:27:18 A46A6C5AD462071B718EBF3C9E117849 309760 ----a-w- C:\Windows\Sysnative\ncrypt.dll 2015-02-11 12:27:18 8F33880F1863BE3925D3A0121FAC5E8F 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll 2015-02-11 12:27:18 6A06BCED1DF1CFE8A32E7D10ABAA7188 314880 ----a-w- C:\Windows\Sysnative\msv1_0.dll 2015-02-11 12:27:18 5350A548BEC957978B7014CDFF091542 210944 ----a-w- C:\Windows\Sysnative\wdigest.dll 2015-02-11 12:27:18 22E30E28865C32C3CF4F4E0E7E277FDC 22016 ----a-w- C:\Windows\Sysnative\credssp.dll 2015-02-11 12:27:10 71EBA93C5322A52A7E177E03E1AE7161 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2015-02-11 12:27:10 01A314677CC80041A63ED109B56A76B0 114688 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2015-02-11 12:27:09 F42B1DAAB5B7621341243878180446CD 34304 ----a-w- C:\Windows\Sysnative\iernonce.dll 2015-02-11 12:27:09 92BD5080B81EDFA32B0CEE8B923D62C3 77824 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2015-02-11 12:27:09 8076BB31004C1D763D5D4AEF9F0BDD4B 718848 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2015-02-11 12:27:09 68A2B96528F58D995882FBEB4D9658A5 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2015-02-11 12:27:07 1D824B5A200C284E1A546C2C50704471 389808 ----a-w- C:\Windows\Sysnative\iedkcs32.dll 2015-02-11 12:27:06 DF39C79DFC1C063493D2DB9B3237B29F 316928 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2015-02-11 12:27:06 CB2528D522FF1F5A7BF9B27D2FB250FF 1548288 ----a-w- C:\Windows\Sysnative\urlmon.dll 2015-02-11 12:27:06 97F037E09A706ACDA681D740DEE16AE4 968704 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2015-02-11 12:27:06 76DB5845E168173BBA2D3CCC4B363E42 801280 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2015-02-11 12:27:06 2E4F8664B54426C2F5523665B279E984 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2015-02-11 12:27:05 7A388AFC6885D22F4D988EE9B8D1291A 800768 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2015-02-11 12:27:05 512DD29CE6CDCB22EA615286DA7022E7 66560 ----a-w- C:\Windows\Sysnative\iesetup.dll 2015-02-11 12:27:04 A7A3775B0014B165D75A00A1F632E4B5 2885632 ----a-w- C:\Windows\Sysnative\iertutil.dll 2015-02-11 12:27:04 15842FB41A3BF2A2F5071518B38C957A 2125824 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2015-02-11 12:27:02 D7922F3AC6BF1EA77240E0061D648174 490496 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2015-02-11 12:27:02 CA3F410410DE9E5234217D33B9628224 633856 ----a-w- C:\Windows\Sysnative\ieui.dll 2015-02-11 12:27:02 A7814E76ED4ACE0694A83F6E4B6A7272 144384 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2015-02-11 12:27:02 6916B0663357B183B120D1A4DD7DDAB0 54784 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2015-02-11 12:27:01 E0F76B5B904E4F448641B2B506496351 14401024 ----a-w- C:\Windows\Sysnative\ieframe.dll 2015-02-11 12:27:00 A04F0C4A0B80C92F92E854E7157D6466 92160 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2015-02-11 12:27:00 4CE68D160D80AF6C9FDB5C60BA087DA5 1359360 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll 2015-02-11 12:26:59 BF57C911895454A8874E9DFA5716C624 584192 ----a-w- C:\Windows\Sysnative\vbscript.dll 2015-02-11 12:26:59 9DFE41A69DF70AAB75CB5BA8C1109EA2 2358272 ----a-w- C:\Windows\Sysnative\wininet.dll 2015-02-11 12:26:58 47162151E35EA0B7152B7C841FA21FDB 88064 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll 2015-02-11 12:26:58 4701399F7BA312353ADE8225F6EB512B 199680 ----a-w- C:\Windows\Sysnative\msrating.dll 2015-02-11 12:26:57 CD726C899BD9A398E8420564A957320B 25056256 ----a-w- C:\Windows\Sysnative\mshtml.dll 2015-02-11 12:26:31 9819614CA9EFB5A96493B379170B9D89 5554112 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe 2015-02-11 12:26:29 F7A3018D8F1825427BC11E912D5287CD 296960 ----a-w- C:\Windows\Sysnative\rstrui.exe 2015-02-11 12:26:29 D6CDCAF84810641D1D2B455750825ACA 50176 ----a-w- C:\Windows\Sysnative\srclient.dll 2015-02-11 12:26:29 0147AA370862201A443752351F135D31 503808 ----a-w- C:\Windows\Sysnative\srcore.dll 2015-02-11 12:25:53 FE72C89986E1BA32AD926A820491F23F 406528 ----a-w- C:\Windows\Sysnative\scesrv.dll 2015-02-11 12:25:50 C97662B6752BFEF07C565D96E8ECC98F 1461760 ----a-w- C:\Windows\Sysnative\lsasrv.dll 2015-02-11 12:25:50 6EAD88B508E4785F4AFDFD24F76E8839 686080 ----a-w- C:\Windows\Sysnative\adtschema.dll 2015-02-11 12:25:49 E0105F3B5B1C4B0F5B3D788A13504EC6 31232 ----a-w- C:\Windows\Sysnative\lsass.exe 2015-02-11 12:25:49 BE4927689BA39E18A104986CB1363C97 146432 ----a-w- C:\Windows\Sysnative\msaudite.dll 2015-02-11 12:25:49 94C6BCF9212E20866AC1558A32E9F228 28160 ----a-w- C:\Windows\Sysnative\secur32.dll 2015-02-11 12:25:49 857CED230A6B87E84FCA04B472A3CB1A 136192 ----a-w- C:\Windows\Sysnative\sspicli.dll 2015-02-11 12:25:49 51BB93FF96AE3882B4AF7CA11000D3A3 64000 ----a-w- C:\Windows\Sysnative\auditpol.exe 2015-02-11 12:25:49 2EE57F4491A402C04FCAA7D012493884 29184 ----a-w- C:\Windows\Sysnative\sspisrv.dll 2015-02-11 12:25:49 1798826FE9FFEA9E93E74A5868559D4A 60416 ----a-w- C:\Windows\Sysnative\msobjs.dll 2015-02-11 12:25:16 4861B9AF67E1B0154A55FDE4B3A61EB9 1424384 ----a-w- C:\Windows\Sysnative\WindowsCodecs.dll 2015-02-11 12:24:11 DF07110F77639E73D0537188703F44F6 3201536 ----a-w- C:\Windows\Sysnative\win32k.sys ====== C:\Windows\Sysnative\drivers ===== 2015-02-11 12:25:50 E45CDE1C8340DFEDF1D6724263F39E5B 458824 ----a-w- C:\Windows\Sysnative\drivers\cng.sys 2015-02-11 12:25:50 C60C6B9A2E50B0404F6789C62B428C03 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2015-02-11 12:25:49 78D152A9FD5747FF6AA89C79F0346F62 155072 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2015-02-08 21:47:32 F86D3216B54CCBB45022011B3C276C43 16152 ----a-w- C:\Windows\Sysnative\drivers\SWDUMon.sys ====== C:\Windows\Tasks ====== 2015-02-08 23:57:41 D8621573088E5C56CAB6BBFF2E556F2B 3036 ----a-w- C:\Windows\Sysnative\Tasks\SlimCleaner Plus (Scheduled Scan - yassine) 2015-02-08 23:57:40 59F6DA8D6674C44E1F4CA99C356D139F 370 ----a-w- C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - yassine).job 2015-01-23 19:05:49 D4B66BB812DDC59F71AB9759BA0E080B 3634 ----a-w- C:\Windows\Sysnative\Tasks\HPCustParticipation HP Deskjet 1000 J110 series 2015-01-23 18:59:30 9590FF01D43136DC6AEBD15FB68F59B7 940 ----a-w- C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-23 18:59:30 7B4041307E7801F5874A3B391550F43E 3878 ----a-w- C:\Windows\Sysnative\Tasks\Adobe Flash Player Updater ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-02-08 21:47:54 -------- d-----w- C:\Program Files\SlimService 2015-01-23 19:05:39 -------- d-----w- C:\Program Files\HP 2015-01-23 18:59:39 -------- d-----w- C:\Program Files\Google 2015-01-19 20:36:19 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2015-02-15 20:11:38 -------- d-----w- C:\PROGRA~2\Reverse Page 2015-02-15 20:10:48 -------- d-----w- C:\PROGRA~2\TornPlusTV_version1.11 2015-02-09 00:49:26 -------- d-----w- C:\PROGRA~2\OpenOffice 4 2015-01-23 19:05:57 -------- d-----w- C:\PROGRA~2\HP Photo Creations 2015-01-23 19:05:40 -------- d-----w- C:\PROGRA~2\HP 2015-01-21 18:32:28 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype 2015-01-21 18:32:27 -------- d-----r- C:\PROGRA~2\Skype ======= C: ===== ====== C:\Users\yassine\AppData\Roaming ====== 2015-02-09 00:50:24 -------- d-----w- C:\Users\yassine\AppData\Roaming\OpenOffice 2015-02-08 21:47:53 -------- d-----w- C:\Users\yassine\AppData\Local\Downloaded Installers 2015-02-08 21:47:32 -------- d-----w- C:\Users\yassine\AppData\Local\SlimWare Utilities Inc 2015-02-08 01:48:25 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google 2015-01-23 19:05:58 -------- d-----w- C:\Users\yassine\AppData\Locallow\Hewlett-Packard 2015-01-23 19:05:50 -------- d-----w- C:\Users\yassine\AppData\Roaming\HpUpdate 2015-01-23 19:05:01 -------- d-----w- C:\Users\yassine\AppData\Local\HP 2015-01-23 19:00:22 -------- d-----w- C:\Users\yassine\AppData\Roaming\Google 2015-01-21 19:04:07 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp 2015-01-21 19:04:07 -------- d-----w- C:\Users\yassine\AppData\Local\Temp 2015-01-21 19:04:07 -------- d-----w- C:\Users\Default\AppData\Local\Temp 2015-01-21 19:04:07 -------- d-----w- C:\Users\Default User\AppData\Local\Temp 2015-01-21 18:32:40 -------- d-----w- C:\Users\yassine\AppData\Local\Skype 2015-01-21 18:32:36 -------- d-----w- C:\Users\yassine\AppData\Roaming\Skype 2015-01-21 15:33:23 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp 2015-01-20 21:00:14 A356CC5CC8BA2EF59BE343527045D626 11509994 ----a-w- C:\Users\yassine\AppData\Local\package.nw.new ====== C:\Users\yassine ====== 2015-02-18 00:27:25 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\yassine\Downloads\RSITx64 (2).exe 2015-02-18 00:13:09 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\yassine\Downloads\RSITx64 (1).exe 2015-02-17 23:57:16 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\yassine\Downloads\RSITx64.exe 2015-02-15 21:40:32 E0E633E7219A0A4C8A3B9F7DE8AF846E 513736 ----a-w- C:\Users\yassine\Downloads\YourDownload (6).exe 2015-02-15 21:38:34 E0E633E7219A0A4C8A3B9F7DE8AF846E 513736 ----a-w- C:\Users\yassine\Downloads\YourDownload (5).exe 2015-02-15 21:38:10 E0E633E7219A0A4C8A3B9F7DE8AF846E 513736 ----a-w- C:\Users\yassine\Downloads\YourDownload (4).exe 2015-02-15 21:37:21 E0E633E7219A0A4C8A3B9F7DE8AF846E 513736 ----a-w- C:\Users\yassine\Downloads\YourDownload (3).exe 2015-02-15 20:10:07 E0E633E7219A0A4C8A3B9F7DE8AF846E 513736 ----a-w- C:\Users\yassine\Downloads\YourDownload (2).exe 2015-02-15 20:08:35 E0E633E7219A0A4C8A3B9F7DE8AF846E 513736 ----a-w- C:\Users\yassine\Downloads\YourDownload (1).exe 2015-02-15 19:57:46 E0E633E7219A0A4C8A3B9F7DE8AF846E 513736 ----a-w- C:\Users\yassine\Downloads\YourDownload.exe 2015-02-09 00:49:46 -------- d-s---w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1 2015-02-09 00:45:59 41C25B061772336930C28DBC828BB023 138907477 ----a-w- C:\Users\yassine\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_nl.exe 2015-02-08 21:50:45 CCD0DC94B78091A3F2D38AF0E08834D8 783616 ----a-w- C:\Users\yassine\Downloads\microsoft_office.exe 2015-02-08 21:47:55 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimCleaner Plus 2015-02-08 21:47:30 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate 2015-02-08 21:47:28 -------- d-----w- C:\Users\Public\Documents\Downloaded Installers 2015-02-08 21:47:09 D0EE837C6FA3712D461F4A78F0590905 834360 ----a-w- C:\Users\yassine\Downloads\DriverUpdate-setup.exe 2015-01-23 19:05:57 -------- d-----w- C:\ProgramData\Visan 2015-01-23 19:05:57 -------- d-----w- C:\ProgramData\HP Photo Creations 2015-01-23 19:05:39 -------- d-----w- C:\ProgramData\HP 2015-01-23 19:05:35 C6C86C8A8EBD81469F9C110702438405 57 ----a-w- C:\ProgramData\Ament.ini 2015-01-23 18:59:35 -------- d-----w- C:\ProgramData\Google 2015-01-21 18:32:28 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-01-21 18:32:23 -------- d-----w- C:\ProgramData\Skype ====== C: exe-files == 2015-02-18 13:18:01 FDADF069BA0260755FB5899B36B9A7D4 1786616 ----a-w- C:\Program Files (x86)\Reverse Page\bin\ReversePage.BOASPRT.exe 2015-02-18 13:18:01 E3966CC7F2C24030E5A028B12E5159E7 1649912 ----a-w- C:\Program Files (x86)\Reverse Page\bin\ReversePage.BOASHelper.exe 2015-02-18 13:18:01 6BC6236F8195C92B6875A67FBAEC7254 1791224 ----a-w- C:\Program Files (x86)\Reverse Page\bin\ReversePage.BOAS.exe 2015-02-18 13:17:46 72639229960302722F2CAD117581874E 105720 ----a-w- C:\Program Files (x86)\Reverse Page\bin\ReversePage.BrowserAdapter.exe 2015-02-18 00:27:25 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\yassine\Downloads\RSITx64 (2).exe 2015-02-18 00:13:09 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\yassine\Downloads\RSITx64 (1).exe 2015-02-17 23:57:16 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\yassine\Downloads\RSITx64.exe 2015-02-15 21:40:32 E0E633E7219A0A4C8A3B9F7DE8AF846E 513736 ----a-w- C:\Users\yassine\Downloads\YourDownload (6).exe 2015-02-15 21:39:05 9990A2C377418FF6DCD822323036F6BA 2463400 ----a-w- C:\Users\yassine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YVPCF97W\XTab_4.0.2.1716[1].exe 2015-02-15 21:39:05 55BAE15D523E4FABAA551023703D3FD9 2463384 ----a-w- C:\Users\yassine\AppData\Local\Temp\Wtmp3808561\tmp\XTab_v4.0.exe 2015-02-15 21:38:46 E876E34992E87644578F4E5D59F9D4A0 827648 ----a-w- C:\Users\yassine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YVPCF97W\TornTVApp[1].exe 2015-02-15 21:38:34 E0E633E7219A0A4C8A3B9F7DE8AF846E 513736 ----a-w- C:\Users\yassine\Downloads\YourDownload (5).exe 2015-02-15 21:38:10 E0E633E7219A0A4C8A3B9F7DE8AF846E 513736 ----a-w- C:\Users\yassine\Downloads\YourDownload (4).exe 2015-02-15 21:37:21 E0E633E7219A0A4C8A3B9F7DE8AF846E 513736 ----a-w- C:\Users\yassine\Downloads\YourDownload (3).exe 2015-02-15 20:18:02 BE69B895895066D1ECD3F2FE2C778307 123128 ----a-w- C:\Program Files (x86)\Reverse Page\bin\ReversePage.BrowserAdapter64.exe 2015-02-15 20:17:59 FCB5742759722250BD04B4C24C4CEE22 101624 ----a-w- C:\Program Files (x86)\Reverse Page\bin\ReversePage.expext.exe 2015-02-15 20:10:50 F98DE4108614E4BB81E95E58E36C7000 46080 ----a-w- C:\Users\yassine\AppData\Local\Temp\comh.245237\GoogleUpdateBroker.exe 2015-02-15 20:10:50 D858BA2EE718B1DB1CED20646E641D08 68608 ----a-w- C:\Users\yassine\AppData\Local\Temp\comh.245237\GoogleUpdate.exe 2015-02-15 20:10:50 7E767B342E55EB1DFD74A65D24EA4B70 46080 ----a-w- C:\Users\yassine\AppData\Local\Temp\comh.245237\GoogleUpdateOnDemand.exe 2015-02-15 20:10:50 03114DADBD9977FC823F95B21FB987E7 72872 ----a-w- C:\Users\yassine\AppData\Local\Temp\comh.245237\GoogleCrashHandler.exe 2015-02-15 20:10:07 E0E633E7219A0A4C8A3B9F7DE8AF846E 513736 ----a-w- C:\Users\yassine\Downloads\YourDownload (2).exe 2015-02-15 20:08:35 E0E633E7219A0A4C8A3B9F7DE8AF846E 513736 ----a-w- C:\Users\yassine\Downloads\YourDownload (1).exe 2015-02-15 19:57:59 FA18A83CD2D176C72692F149C549E247 1374032 ----a-w- C:\Users\yassine\AppData\Roaming\uTorrent\updates\3.4.2_37754.exe 2015-02-15 19:57:46 E0E633E7219A0A4C8A3B9F7DE8AF846E 513736 ----a-w- C:\Users\yassine\Downloads\YourDownload.exe 2015-02-15 15:01:12 D7448DB479552A878E799F71E55EE0E7 459648 ----a-w- C:\Users\yassine\AppData\Local\Temp\ttv.exe === C: other files == 2015-02-18 13:18:01 2CA05FE0268E4C5AA8D3AAD699671828 2411856 ----a-w- C:\Program Files (x86)\Reverse Page\bin\ReversePage.BOAS.zip 2015-02-16 15:44:28 2B4E9A99F48ACE7D3A4C1C1AA74281C7 103 ----a-w- C:\Users\yassine\AppData\Local\Temp\uttF894.tmp.bat 2015-02-15 21:38:59 94B47B3F4E73E60DBAB597C647681F54 444903 ----a-w- C:\Users\yassine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\302KFSKB\2[1].zip 2015-02-15 21:38:51 B94EC7DAD9891CF6E86A97F92E037BD6 2167878 ----a-w- C:\Users\yassine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\302KFSKB\1[1].zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2682619030-2652341359-2438336200-1000\Software\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden" "RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe" "Gameo"="C:\Users\yassine\AppData\Roaming\Gameo\gameo.exe C:\Users\yassine\AppData\Roaming\Gameo\gameo.dat mode:minimized" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "SlimCleaner Plus"="C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe /minimize" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Quick Launch"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" "HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden" "RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe" "Gameo"="C:\Users\yassine\AppData\Roaming\Gameo\gameo.exe C:\Users\yassine\AppData\Roaming\Gameo\gameo.dat mode:minimized" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "SlimCleaner Plus"="C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe /minimize" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s" "HPWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [07/02/2015 21:08] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [24/11/2014 17:42] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [24/11/2014 17:42] C:\Windows\tasks\SlimCleaner Plus (Scheduled Scan - yassine).job --a------ C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\HPCustParticipation HP Deskjet 1000 J110 series" ["C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe"] "C:\Windows\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe] "C:\Windows\SysNative\tasks\SlimCleaner Plus (Scheduled Scan - yassine)" [C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] ==== Chromium Look ====================== Google Chrome Version: 40.0.2214.111 (Up to date, latest Stable version: 40.0.2214.111) HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14/07/2014 18:22] Google Slides - yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Allin1Convert - yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl Reverse Page - yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\hocoomdoidhphekcfcplpmhllhkdnjaj FromDocToPDF - yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo Google Wallet - yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.publikeco00.publikeco.com_0.localstorage deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.publikeco00.publikeco.com_0.localstorage-journal deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.key-find.com_0.localstorage deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.key-find.com_0.localstorage-journal deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_allin1convert.dl.tb.ask.com_0.localstorage deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_allin1convert.dl.tb.ask.com_0.localstorage-journal deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_filesharefanatic.dl.tb.ask.com_0.localstorage deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_filesharefanatic.dl.tb.ask.com_0.localstorage-journal deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fromdoctopdf.dl.tb.ask.com_0.localstorage deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fromdoctopdf.dl.tb.ask.com_0.localstorage-journal deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.istartsurf.com_0.localstorage deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.istartsurf.com_0.localstorage-journal deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_driverupdate.nl.softonic.com_0.localstorage deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_driverupdate.nl.softonic.com_0.localstorage-journal deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_en.softonic.com_0.localstorage deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_en.softonic.com_0.localstorage-journal deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_microsoft-office-2007.nl.softonic.com_0.localstorage deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_microsoft-office-2007.nl.softonic.com_0.localstorage-journal deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_microsoft-office.nl.softonic.com_0.localstorage deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_microsoft-office.nl.softonic.com_0.localstorage-journal deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_microsoft-word.nl.softonic.com_0.localstorage deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_microsoft-word.nl.softonic.com_0.localstorage-journal deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nl.softonic.com_0.localstorage deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nl.softonic.com_0.localstorage-journal deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gcncagkkhfoombgbihckkccmkjemhohl_0.localstorage deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gcncagkkhfoombgbihckkccmkjemhohl_0.localstorage-journal deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lplgmijfnicgfhoccpjcbkidkkcaiapo_0.localstorage deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lplgmijfnicgfhoccpjcbkidkkcaiapo_0.localstorage-journal deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lplgmijfnicgfhoccpjcbkidkkcaiapo deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\hocoomdoidhphekcfcplpmhllhkdnjaj deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hocoomdoidhphekcfcplpmhllhkdnjaj_0.localstorage deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hocoomdoidhphekcfcplpmhllhkdnjaj_0.localstorage-journal deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hocoomdoidhphekcfcplpmhllhkdnjaj deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.istartsurf.com/?type=hp&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34" "Default_Page_URL"="http://www.istartsurf.com/?type=hp&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.istartsurf.com/web/?type=ds&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34&q={searchTerms}" "Default_Page_URL"="http://www.istartsurf.com/?type=hp&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34" "Start Page"="http://www.istartsurf.com/?type=hp&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34" "Search Page"="http://www.istartsurf.com/web/?type=ds&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34&q={searchTerms}" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.istartsurf.com/web/?type=ds&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34&q={searchTerms}" "Default_Page_URL"="http://www.istartsurf.com/?type=hp&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34" "Start Page"="http://www.istartsurf.com/?type=hp&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34" "Search Page"="http://www.istartsurf.com/web/?type=ds&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34&q={searchTerms}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Reset Google Chrome ====================== C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Benodigdheden kopen - HP Deskjet 1000 J110 series.lnk - C:\Program Files (x86)\HP\HP Deskjet 1000 J110 series\Bin\hpqDTSS.exe C:\Users\Public\Desktop\DriverUpdate.lnk - C:\Windows\Installer\{B2B04F8B-6444-4364-89C8-F3088D4E8D02}\Icon.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.istartsurf.com/?type=sc&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34 C:\Users\Public\Desktop\HP Deskjet 1000 J110 series.lnk - C:\Program Files (x86)\HP\HP Deskjet 1000 J110 series\Bin\HP Deskjet 1000 J110 series.exe -Start UDCDevicePage C:\Users\Public\Desktop\HP Photo Creations.lnk - C:\Program Files (x86)\HP Photo Creations\PhotoProduct.exe C:\Users\Public\Desktop\HP Support Assistant.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk - C:\Program Files (x86)\OpenOffice 4\program\soffice.exe C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe C:\Users\Public\Desktop\SlimCleaner Plus.lnk - C:\Windows\Installer\{BA219F82-20BF-49AD-A279-E2D69D3B9D3F}\Icon.exe C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe ==== shortcuts in Users Start Menu ====================== C:\Users\yassine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34 C:\Users\yassine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34 C:\Users\yassine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Popcorn Time.lnk - C:\Users\yassine\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe . C:\Users\yassine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Uninstall Popcorn Time.lnk - C:\Users\yassine\AppData\Local\Popcorn Time\Uninstall.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk - C:\Windows\ehome\ehshell.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk - C:\Windows\Installer\{90850413-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9\CyberLink PowerDVD 9.lnk - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVDLaunchPolicy.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate\DriverUpdate Help.lnk - C:\Windows\Installer\{B2B04F8B-6444-4364-89C8-F3088D4E8D02}\Icon.exe -help C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate\DriverUpdate.lnk - C:\Windows\Installer\{B2B04F8B-6444-4364-89C8-F3088D4E8D02}\Icon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chess.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Backgammon.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Checkers.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Spades.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mahjong.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.istartsurf.com/?type=sc&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Support Assistant.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Update.lnk - C:\Program Files (x86)\HP\HP Software Update\hpwucli.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Wireless Assistant.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1000 J110 series\Benodigdheden kopen.lnk - C:\Program Files (x86)\HP\HP Deskjet 1000 J110 series\Bin\hpqDTSS.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1000 J110 series\Help.lnk - C:\Program Files (x86)\HP\HP Deskjet 1000 J110 series\Bin\HelpViewer\hpqlpvwr.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1000 J110 series\HP Deskjet 1000 J110 series.lnk - C:\Program Files (x86)\HP\HP Deskjet 1000 J110 series\Bin\HP Deskjet 1000 J110 series.exe -Start UDCDevicePage C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1000 J110 series\HP Onderzoek productverbetering.lnk - C:\Program Files (x86)\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe /changesettings /UA 9.5 /DDV 0x0805 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1000 J110 series\Printer instellen en software.lnk - C:\Program Files (x86)\HP\HP Deskjet 1000 J110 series\Bin\USBSetupLauncher.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1000 J110 series\Verwijderen.lnk - C:\Windows\SysWOW64\msiexec.exe /qb /x {30583EC7-5BBC-4E61-9EC8-7A9A982E65F0} C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1000 J110 series\Website productondersteuning.lnk - C:\Program Files (x86)\HP\HP Deskjet 1000 J110 series\ProductSupportShortcut.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Photo Creations\HP Photo Creations verwijderen.lnk - C:\Program Files (x86)\HP Photo Creations\uninst.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Photo Creations\HP Photo Creations.lnk - C:\Program Files (x86)\HP Photo Creations\PhotoProduct.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\Aan de slag.lnk - C:\Program Files (x86)\Common Files\LightScribe\LSLauncher.exe 1 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\LightScribe Control Panel.lnk - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\LightScribe-website.lnk - C:\Program Files (x86)\Common Files\LightScribe\shortcuts\LightScribe Website.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\Sneldemo.lnk - C:\Program Files (x86)\Common Files\LightScribe\shortcuts\Quick Demo.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice Base.lnk - C:\Program Files (x86)\OpenOffice 4\program\sbase.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice Calc.lnk - C:\Program Files (x86)\OpenOffice 4\program\scalc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice Draw.lnk - C:\Program Files (x86)\OpenOffice 4\program\sdraw.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice Impress.lnk - C:\Program Files (x86)\OpenOffice 4\program\simpress.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice Math.lnk - C:\Program Files (x86)\OpenOffice 4\program\smath.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice Writer.lnk - C:\Program Files (x86)\OpenOffice 4\program\swriter.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice.lnk - C:\Program Files (x86)\OpenOffice 4\program\soffice.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery Manager\Recovery Disc Creation.lnk - C:\Program Files (x86)\Hewlett-Packard\Recovery\CDCreator.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery Manager\Recovery Manager.lnk - C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimCleaner Plus\SlimCleaner Plus.lnk - C:\Windows\Installer\{BA219F82-20BF-49AD-A279-E2D69D3B9D3F}\Icon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk - C:\Program Files (x86)\VideoLAN\VLC\Documentation.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk - C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk - C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --reset-config --reset-plugins-cache vlc://quit C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe -Iskins C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\yassine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.istartsurf.com/?type=sc&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34 C:\Users\yassine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34 C:\Users\yassine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\yassine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\yassine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.istartsurf.com/?type=sc&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34 C:\Users\yassine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34 C:\Users\yassine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Paint.lnk - C:\Windows\system32\mspaint.exe C:\Users\yassine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\yassine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 ==== shortcuts After Repair ====================== C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\yassine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\yassine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\yassine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\yassine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\yassine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\yassine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\yassine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\yassine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TYXBD2T7 will be deleted at reboot C:\Users\yassine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YVPCF97W will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=920 folders=284 166806488 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\yassine\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\yassine\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Program Files (x86)\Reverse Page\bin\ReversePage.BrowserAdapter64.exe" not found "C:\Program Files (x86)\Reverse Page\bin\ReversePage.expext.exe" not found "C:\Program Files (x86)\Reverse Page\bin\ReversePage.expextdll.dll" not found "C:\PROGRA~2\Reverse Page\bin\ReversePage.BrowserAdapter64.exe" not found "C:\PROGRA~2\Reverse Page\bin\ReversePage.expext.exe" not found "C:\PROGRA~2\Reverse Page\bin\ReversePage.expextdll.dll" not found "C:\Program Files (x86)\Reverse Page" not found "C:\Program Files (x86)\TornPlusTV_version1.11" not found "C:\Program Files\SlimService" not found "C:\PROGRA~2\TornPlusTV_version1.11" not found "C:\PROGRA~2\Reverse Page" not found "C:\Users\yassine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TYXBD2T7" not found "C:\Users\yassine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YVPCF97W" not found "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on wo 18/02/2015 at 14:27:53,88 ======================
- 18 februari 2015
- 8 antwoorden
virussen

samey plaatste een topic in Archief Bestrijding malware & virussen

Beste Ik zit weer met die virussen. Kan iemand me helpen? Heb het logje al: Logfile of random's system information tool 1.10 (written by random/random) Run by yassine at 2015-02-18 01:27:40 Microsoft Windows 7 Home Premium Service Pack 1 System drive C: has 209 GB (74%) free of 285 GB Total RAM: 3999 MB (36% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 1:27:46, on 18/02/2015 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.17631) Boot mode: Normal Running processes: C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe C:\Program Files (x86)\TornPlusTV_version1.11\7478ed61-6d44-4df4-97f5-84cb4715dac9-10.exe C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\XTab\cmdshell.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Program Files (x86)\XTab\HPNotify.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Reverse Page\bin\ReversePage.expext.exe C:\Program Files (x86)\Reverse Page\bin\ReversePage.BrowserAdapter.exe C:\Program Files (x86)\Reverse Page\bin\ReversePage.BOASHelper.exe C:\Program Files (x86)\Reverse Page\bin\ReversePage.BOASPRT.exe C:\Program Files (x86)\Reverse Page\bin\ReversePage.BOAS.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files\trend micro\yassine.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34&q={searchTerms} R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34&q={searchTerms} R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\Program Files (x86)\Dynamo Combo\bin\Pac8807.js R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\XTab\SupTab.dll O2 - BHO: Reverse Page 1.0.0.7 - {83dc36e5-db3f-461a-8fbc-245e44000b1f} - C:\Program Files (x86)\Reverse Page\ReversePagebho.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe O4 - HKCU\..\Run: [Gameo] C:\Users\yassine\AppData\Roaming\Gameo\gameo.exe "C:\Users\yassine\AppData\Roaming\Gameo\gameo.dat" mode:minimized O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [slimCleaner Plus] "C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe" /minimize O4 - HKCU\..\Run: [TornTv Downloader] C:\Users\yassine\AppData\Roaming\TornTV.com\Torntv Downloader.exe /c=startup O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user') O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O20 - AppInit_DLLs: O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) - globalUpdate - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe O23 - Service: globalUpdate Update Service (globalUpdatem) (globalUpdatem) - globalUpdate - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: IHProtect Service - XTab system - C:\Program Files (x86)\XTab\ProtectService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: RtVOsdService Installer (RtVOsdService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: SlimWare Utility Service Launcher (SlimService) - SlimWare Utilities, Inc. - C:\Program Files\SlimService\SlimServiceFactory.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Torntv Downloader (trntv) - Cool Mirage - C:\Users\yassine\AppData\Roaming\TornTV.com\TornTVSvc.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Update Reverse Page - Unknown owner - C:\Program Files (x86)\Reverse Page\updateReversePage.exe O23 - Service: Util Reverse Page - Unknown owner - C:\Program Files (x86)\Reverse Page\bin\utilReversePage.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) - SysTool PasSame LIMITED - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12109 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe C:\Windows\system32\services.exe winlogon.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service taskeng.exe {AA36074E-69A1-4897-A20A-998700AC3BBF} "taskhost.exe" "C:\Windows\system32\Dwm.exe" C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork taskeng.exe {10765CDC-50ED-43CC-96D9-71DAE0999D22} "C:\Program Files (x86)\TornPlusTV_version1.11\7478ed61-6d44-4df4-97f5-84cb4715dac9-6.exe" /rawdata=P/QonJXzFFP/GvT1Eo7xdtNE0hMBp9gYY62pW09ujJQvlV6czrIPdkatmWBXUeRoLoJ4SyDMlNqQTT9qxnAv/jkXm00MvEOcdYf2ZkEoaQdWtJXozFmKU9QJ+YWs14W4Qx3QVukbSBPGaeGzoKjDuPNGe2sH4nfiMOV6ytTW+oIyDySKnxvgdcw7oZ+4nicY+Jsgy4pn77FwnzVkXUujJXCQ0YAMyUj4yRdZTYHJi5RFzBFkqns6+6rZD7o/hxuWVJWzZ4bsLcoDYF7AMLDAK12r8AhtU+WPgYgJjLdbVvG74F4v5sJ22CQ8Hretl+5YWJNHpwU4KgLXqsSg2T+hJ62P2xldyeIXqt5RC9jkmN7TU3b0KfEDgIU/GHwfwJN4XbdX+Q32aG5M8vKvLgIF27v+Y7ITMoEllmNg3al8oYluhRTtl0i9o092a46TdrQhuWYPxDTOYV1QRO5fTTm38z7lt1TvwQ1lDXCVmDrlOd1jZVR7bx/BxR+yj2EiZIfGJNhTRIuZaA+6cuxjYxdBoAtDJfsmqXHOw8NNRTIeRqZIlMWjBIXTH8Z7H2FQrBt4KQSjiUHner3710zyBhqq2d3U+ZthQxTlwUyEwkV7M4Nxs8vaHtfcxXbaLi57uxg25xRk5E/VO3LjikCFkcpLDmNsVYe8Lqimw6RzRg2S6Jwmmnmx442bwywsYzSHmMFkkPCJqcKgWDwpNEm/ZJMOFo5ceV2aVreiydEy6Ixe4tbW6k7TVI+LBuxR8veHYiQ+KR1rMIn2ldJ5AIYXsbvKRsoXmNvXp1O93DiEf/N4cdAdSvJdmpe/Em9tCtM/H3+9BeCrt0uTOSZlLWV6oxESKAhHtCkpT9OWpzV/qjVGl47dh9se4CiZB2LxMv55g3zdzMmvX6LqQmzzfXiO/aVCtywT32jZKIwLS6RA7JzLPiy1fNmInAd//0Nlupd4vkd9Rl9hGNG+Oe6LSd0DS8n9EAvPnZMbVze7D9/FsAaSjOfgFnugdW3WBFmnW0Iwpmo3kMMFldQBeyrjFg0Wn3g+X+aSJWZldTQpzRYiARb44HR6zPZxnCb4hFgELQPNZpZfIc46gBiPJx5mWQh7wb7ksstkBG+OCsk7i8F6nojWNzGpwaoRvZqtNI1HWqjEKGmw8vK0T36Ztvv+yJPMQkjpwbjiDU+7B2c1oZCOyidIbwaA1vPWWJyhuMwKPUkU2yl0gyfnW2Xzi4Q0O8ALDRnxaOdlt/QuSGDKG/R9q7cttsuqOsjkf6Wl2/mBEy56TOtwHAkciPfOuPZoLRqwEnuovtTKdOvIGpzog5/9jyJqV9Nq1dUZz4E72usf4CN7flzYYZ1rYW5Bt2/9x9Nx//pVwApR6KcYtpdFiZb4/fu+NKaf0FYrgHg6m5fXfb/cd95tWewCFzG3EBHSo9au2Awu+hR22OkFaMi1OhjTr0Hzta6ns6qywzd4NJRoQYYkRyC5I+dQK/z5urLbh1+kiX3BdDeYMsyVOsg77AnJ5QJ7qazzN7odasSTF+JjWybQIdJTsb8+eKxENuSHbw+nLxlcH+Npt2c226bZ8ACpsoBxQofVr4YAtUK/jTzr0bfoq7ZM5h5M827k3dfJqc2wlbiNerOoNQZ5zR4+L3wJlYzshQWfHsbCaNZUmd3AFQhs3IH6qIdwAcKLawbxwv2lZj35PDiLrFpwkAJU3qebQnWyM3Cv3Lb4SNXlb7VBGwWnWMTAFyDYhdOhLT1RNbPkvXiitHiUBenv2LW5cTvTW9PB/YbnmIqC6dAbYtJ4nF+dbRMQRhsJFNCudPCqnw/SGN3ut6KT+RWAi0ogUcT4IVSR16MRrsubcX6XrP2uSf+NXNlIclN7jMWJAl7TQQZhyhjvJLXXlsZv7S6N2LBtJ6NiYDLXC+YD97bzwNmmojReLr1efDFTlKLYXG7GSWWjTrJ3ecZ1XMOI6U67e7TrkvhBzitoj52+CeTWHxnSOjvTAu905NIt1eEHpTwmc85o5oojpJoDFeKZ8tb/eBl6caN6Jn/Go/y2HI5SEQrzBwpZAKESVblzbpLYRXkSIHZypdVMOsDAPPoGairsacRVB4wiaAQp85aeZ9Gx13Wg/uT7wBd/duIrqJLgie3Tn0tkDoc29XPwHjmEwD7CYVHcxjj2jQx5lSCZY9D3hnCju3pxLoqAggnwjLsNwL+3CYtaUfWQzZ+4IEgVx8h240YyxGigogy83BMrelglgDLb/Tf0Wmm503RH+9D8f73fFqEvqpGm/AaAXst41NJz3JdQtt7CxMhO2FUx24Rxl2NQCzg1pS4DpIqpI6ZFex59HlgBhVbI2QhlzJnDx0vhjNK2uiPhBsDGU7AJGeUWcu1rFJpDMyK6YObOoUV2tpOM+hYEnNkPXzX+CRSwlRdvEESIuiFS9yVD9ZaxiO+KgxnOOJS5Ddl7qPZaLLhH6U6nxM3+7UdvfTj0ho7vpXSGnnsxtRtwzohil7DnhbfoHugqOnh8Se9JeWOWT65X8NuCCF5+9lf7PjjlnaFHpZuuHDV/CpNfiLHP/whPsMp79uGqeiRX483q "C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe" -boot "C:\Program Files (x86)\TornPlusTV_version1.11\7478ed61-6d44-4df4-97f5-84cb4715dac9-1-6.exe" /rawdata=mNFhDKub8MAQH+19pWOeNaSEtktXCrXZNml8ZuE1tdT41QY6YCSESKBxSZmr6SxA9WKwkRLgA6w57uPDtjIIOwR05iwUo73RtoUzO0GxBIp41jk8e0ps32tgbsts2wIphqSOXeISfAc198iJqG5bjOxMRSFXyvU/v3yjbd5drmgJ21dqVff+CangmiNE3J+apyIdfSUJ0Kthf8htYh9S2NcaDy6okAcpT0jrlWym6WAv5zk3M4qgBDlDhTqIR1lJlhWZMEsZVQwSLRPK7cAlyWujDXR/m1NIqrfqCiTzzcWgCYxTOKYlUY+ZkNnmJIqFZYcQ8Vt/k7h+wEsDLZDugrm/CrJ5pt7j2OykBit9OLRMiSzjgKivAl/Wf2FSAhAqrO6Eqbw7BCsKykUNtzMArFC4VmHcLlvvqYaINWtUregncAkthf5h60U0YONoDKru+08wuUD9mvAV2fjtVZcn6876sEOGqp/X+vS24Oiofu6nbA5QidB3Js2VMXi4PdOmCwvVTbBWdZf/kFKtlxXLUoG1egvPwf87eBSPGY6c4a2shWNtp9i+tIWh9diqEKQNCZ6XD24NAn6x9W1gdUaYQsknuZKxp3ngnIXdQPiGy/YPophW25FOL3+0DFdXGG42g1pTrmdHrfmKbIJ+kpfeHjD9KRCx+Tm7gQuKd4kZOLc0t9kbS+TYVkCAJ4lmYSVWEPioIDtlFCBZPjoGyxiuhYh1FJdTn6wPKDy7pwM9kzDTEA+LnL3UFHqenzYbY05X4RLylugyW1gDNOjaxT+jecTpdf+rFUngcfkZOD8qMip45u9T/e/pkOH5Px9jiODU+kPMtNkrEUny4r/TsPriwLET9maEwZukpAcuDYk6TolU7fI1MIJJOHKMgT6TRXeeJP1LOfs3skluY4AqM6xFQc6VHz80t/PE6QLtiyuSEQ/098hXQYgdMhRNZBEgWolUwUDQ/2tfLeazhIvFTKQI5ZisW05DJVhrlLSAKqJxbxg1e/aI9k9lO5KBmU9fj1O+MrmD35C3NnPkgQSwLaq0SNpBpfnT/l+Hd/9Si1Q3k/s6/bMcyJEFkAe3P3nGDtBJ6ip1vqBfTNBjE8DPr20d7aNHTVm88k2Aka7saNj+y9DCdHTmquBlEyMnUkvC3uk7b0aGDM1nQ22M87mYXimBT3eiPPTMkGJuyauBdZKvMZRtmmMrlYAWMRX7u98wXpdDXvvr39HSSwjzoFYpReGLa7IfNIDt+G4Jxwdl7fHIpttdRHHX3uKfEzhSJiNZmGNpogp4FMQ62VmW87VVRBUEm3LO0LDmtjpPBbkrHbwoB2iS2mewDlWpprAlFcafb3DChejiyFunNFeDIEEMIBRi5w== "C:\Program Files (x86)\TornPlusTV_version1.11\7478ed61-6d44-4df4-97f5-84cb4715dac9-10.exe" /rawdata=a3Lgi61OnFONumfISxUHa18ZTUAY41+LU4WD1iqCLWeSm77wvcoYXOhuw1PpLT0fMA+34Bxsh2yONeqxtOpDF7CYqyEzArBHnARtw+6He6kqa14PJJ/TJvZvqoeuJF0aREsF8wvi622n2BtHFv7BZfhf9KUtKrcS4VikbjZt6CKoMYXLBJc9oYv0FnpDQ3L317QM7ihKMVdLehntUejWPBHTz+cLDC3wIYKPrYScaPoZW73wbt8NVOzwpbJgWHh6q1sPDrpnFPksA6ksmSpNuz3yTwdbD3HN9SfTGJ1o/R/Vime9W3haTHM19vONb9HYpJOiIDZldxc/VImf6+0eklS925NwQVkay5TFZ7OD1+Mi9kfMEwG6jKWIbvm1O2aSFBhGsW6v7JyjoK6VGuwBfrG01PJvQPq0lhBWfiFMoX+gC6ce/c5N1nsu/5Xrwyl9z+cocU2THE2pv+8xpi0Xrkls1Wk3sKKjWC5Zw152pMvJU5xRWvHW8AVJRv/qJuAcSe4B2pgmNcLFqsJ0uQp9VywyJUbv/irLa1Xc4KYhhoW6bE/4tD/BWbfDgrWjT95eQzISNFkVSKZuqzDHSK6+/kFGv2fsOR6ZMrsYgSau7d0P/PBI5PYDiIBNIle8qWng5QyeuZaVUA8baPdYae4KGnmlrjB6IzoLCDQx1sof0jWqGUHuSQbk6dJGg7sVLkflrXoiFClKID+Axx3Rbnbw1BtUSjTSxRzjK6Zta0YRoVyf5dYrSkM5b+XT7bkKqVHdu8iHyX55346kmbT+HaGEOPyh9nynqqt8lsSbRXu/WgJpDc3sNOn3ZC75LXupn/F1GVZe+gRF4fU1cuvqc0yIHw== "C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe" "C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service "C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service "C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe" "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe" "C:\Program Files (x86)\XTab\ProtectService.exe" "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" "C:\Windows\System32\igfxtray.exe" "C:\Windows\System32\hkcmd.exe" "C:\Windows\System32\igfxpers.exe" "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s "C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden "C:\Windows\System32\StikyNot.exe" "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" "C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe" "C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe" "C:\Program Files\SlimService\SlimServiceFactory.exe" "C:\Program Files (x86)\XTab\cmdshell.exe" C:\Windows\system32\svchost.exe -k imgsvc C:\Users\yassine\AppData\Roaming\TornTV.com\TornTVSvc.exe taskeng.exe {5A8C485D-74DE-4C55-9A29-766BD4E531A9} "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe" HPNotify.exe -run C:\Windows\system32\SearchIndexer.exe /Embedding "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe" C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation "C:\Program Files\Synaptics\SynTP\SynTPHelper.exe" "C:\Program Files\Windows Media Player\wmpnetwk.exe" C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe "C:\Windows\System32\dinotify.exe" pnpui.dll,SimplifiedDINotification "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe" /hidden "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe" "C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe" "C:\Program Files\Realtek\RtVOsd\RtVOsd.exe" C:\Windows\System32\svchost.exe -k secsvcs "C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe" "<hpNotification><Toast><Title>HP Wireless Assistant</Title><Text>WLAN: Aan</Text><IconPath>C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WA_tray_32_on.ico</IconPath><ID>423125850</ID><Path>C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe</Path><Parameters></Parameters></Toast></hpNotification>" "taskhost.exe" "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.istartsurf.com/?type=sc&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="5536.0.2095136506\483293684" --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,6,18,39 --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x2a42 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2086 --ignored=" --type=renderer " /prefetch:822062411 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=nl --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Freud/DomRel-Enable/enable/EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/ControlEnforce/ExtensionInstallVerification/None/GoogleNow/Enable/NewProfileManagement/Enabled/OmniboxBundledExperimentV1/Dev_TwoWayClustering_HUPScoringExperiment_HQPDisabled_A3_Postperiod/PasswordGeneration/Disabled/QUIC/EnabledWithFecHeaders/RememberCertificateErrorDecisions/Default/SPDY/Spdy4Enabled-default/SRTPromptFieldTrial/On/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_88/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/WebRTC-IPv6Default/Default/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="5536.2.1890367496\1299331195" /prefetch:673131151 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=nl --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Freud/DomRel-Enable/enable/EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/ControlEnforce/ExtensionInstallVerification/None/GoogleNow/Enable/NewProfileManagement/Enabled/OmniboxBundledExperimentV1/Dev_TwoWayClustering_HUPScoringExperiment_HQPDisabled_A3_Postperiod/PasswordGeneration/Disabled/QUIC/EnabledWithFecHeaders/RememberCertificateErrorDecisions/Default/SPDY/Spdy4Enabled-default/SRTPromptFieldTrial/On/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_88/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/WebRTC-IPv6Default/Default/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="5536.5.125351398\1161615998" /prefetch:673131151 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=nl --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Freud/DomRel-Enable/enable/EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/ControlEnforce/ExtensionInstallVerification/None/GoogleNow/Enable/NewProfileManagement/Enabled/OmniboxBundledExperimentV1/Dev_TwoWayClustering_HUPScoringExperiment_HQPDisabled_A3_Postperiod/PasswordGeneration/Disabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/QUIC/EnabledWithFecHeaders/RememberCertificateErrorDecisions/Default/SPDY/Spdy4Enabled-default/SRTPromptFieldTrial/On/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_88/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/WebRTC-IPv6Default/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="5536.24.1001168397\1848707167" /prefetch:673131151 "C:\Windows\system32\wuauclt.exe" "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="5536.42.756017308\1331702232" --ppapi-flash-args=enable_hw_video_decode=1 --lang=nl --ignored=" --type=renderer " /prefetch:-632637702 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=nl --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Freud/DomRel-Enable/enable/EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/ControlEnforce/ExtensionInstallVerification/None/GoogleNow/Enable/NewProfileManagement/Enabled/OmniboxBundledExperimentV1/Dev_TwoWayClustering_HUPScoringExperiment_HQPDisabled_A3_Postperiod/PasswordGeneration/Disabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/QUIC/EnabledWithFecHeaders/RememberCertificateErrorDecisions/Default/SPDY/Spdy4Enabled-default/SRTPromptFieldTrial/On/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_88/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/WebRTC-IPv6Default/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="5536.44.460582597\829059096" /prefetch:673131151 "C:\Program Files (x86)\Reverse Page\updateReversePage.exe" "C:\Program Files (x86)\Reverse Page\bin\utilReversePage.exe" /ieg ee95b94c-f689-4a14-b802-102a641c773e /is fmxqtbe "C:\Program Files (x86)\Reverse Page\bin\ReversePage.PurBrowse64.exe" /l false /s false /c "Reverse Page" /t "C:\Program Files (x86)\Reverse Page\bin\TEMP" /i "http://apireversepageco-a.akamaihd.net/gsrs?is=fmxqtbe&bp=PB3&g=00000000-0000-0000-0000-000000000000" /d {3e26b928-0db2-4fd1-bc29-c87d5b3a0564}Gw64 /p 99680eb8-57cc-4de6-ac75-880f3661f91c:chrome /p ee95b94c-f689-4a14-b802-102a641c773e:iexplore /h cdn.sharedaddomain.com,cdn.sharedaddomain2.com 0 10 "C:\Program Files (x86)\Reverse Page\bin\bau" true \??\C:\Windows\system32\conhost.exe "685238796872307071-20359116156955430523336791-6084281581521189478-610604714 /ch 99680eb8-57cc-4de6-ac75-880f3661f91c /ie ee95b94c-f689-4a14-b802-102a641c773e /z "n=ReversePage&is=fmxqtbe&dpt=20" /ch 99680eb8-57cc-4de6-ac75-880f3661f91c /ie ee95b94c-f689-4a14-b802-102a641c773e /z "n=ReversePage&is=fmxqtbe&dpt=20" /w 910 /h 100 /cg 781b796f-6d63-4c5e-88c0-4aed1bdbe18a /gc 1 /ff 1 /ie 1 /is fmxqtbe "C:\Program Files (x86)\Reverse Page\bin\ReversePage.BOASPRT.exe" /w 910 /h 100 /hw 722452 /g 781b796f-6d63-4c5e-88c0-4aed1bdbe18a /is fmxqtbe "C:\Program Files (x86)\Reverse Page\bin\ReversePage.BOAS.exe" /w 910 /h 100 /hw 722452 /g 781b796f-6d63-4c5e-88c0-4aed1bdbe18a /is fmxqtbe /bt 0 /ps \\.\pipe\boa{82A8655B-B9D3-42BF-A304-77CAC2119DE3} /bv 40 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=nl --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Freud/DomRel-Enable/enable/EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/ControlEnforce/ExtensionInstallVerification/None/GoogleNow/Enable/NewProfileManagement/Enabled/OmniboxBundledExperimentV1/Dev_TwoWayClustering_HUPScoringExperiment_HQPDisabled_A3_Postperiod/PasswordGeneration/Disabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/QUIC/EnabledWithFecHeaders/RememberCertificateErrorDecisions/Default/SPDY/Spdy4Enabled-default/SRTPromptFieldTrial/On/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_88/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/WebRTC-IPv6Default/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="5536.81.476090730\1047219983" /prefetch:673131151 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=nl --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Freud/DomRel-Enable/enable/EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/ControlEnforce/ExtensionInstallVerification/None/GoogleNow/Enable/NewProfileManagement/Enabled/OmniboxBundledExperimentV1/Dev_TwoWayClustering_HUPScoringExperiment_HQPDisabled_A3_Postperiod/PasswordGeneration/Disabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/QUIC/EnabledWithFecHeaders/RememberCertificateErrorDecisions/Default/SHA1ToolbarUIJune2016/Warning/SPDY/Spdy4Enabled-default/SRTPromptFieldTrial/On/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_88/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/WebRTC-IPv6Default/Default/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="5536.95.832674062\736293016" /prefetch:673131151 "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe9_ Global\UsGthrCtrlFltPipeMssGthrPipe9 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516 "C:\Users\yassine\Downloads\RSITx64 (1).exe" ======Scheduled tasks folder====== C:\Windows\tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-1-6.job - C:\Program Files (x86)\TornPlusTV_version1.11\7478ed61-6d44-4df4-97f5-84cb4715dac9-1-6.exe /rawdata=mNFhDKub8MAQH+19pWOeNaSEtktXCrXZNml8ZuE1tdT41QY6YCSESKBxSZmr6SxA9WKwkRLgA6w57uPDtjIIOwR05iwUo73RtoUzO0GxBIp41jk8e0ps32tgbsts2wIphqSOXeISfAc198iJqG5bjOxMRSFXyvU/v3yjbd5drmgJ21dqVff+CangmiNE3J+apyIdfSUJ0Kthf8htYh9S2NcaDy6okAcpT0jrlWym6WAv5zk3M4qgBDlDhTqIR1lJlhWZMEsZVQwSLRPK7cAlyWujDXR/m1NIqrfqCiTzzcWgCYxTOKYlUY+ZkNnmJIqFZYcQ8Vt/k7h+wEsDLZDugrm/CrJ5pt7j2OykBit9OLRMiSzjgKivAl/Wf2FSAhAqrO6Eqbw7BCsKykUNtzMArFC4VmHcLlvvqYaINWtUregncAkthf5h60U0YONoDKru+08wuUD9mvAV2fjtVZcn6876sEOGqp/X+vS24Oiofu6nbA5QidB3Js2VMXi4PdOmCwvVTbBWdZf/kFKtlxXLUoG1egvPwf87eBSPGY6c4a2shWNtp9i+tIWh9diqEKQNCZ6XD24NAn6x9W1gdUaYQsknuZKxp3ngnIXdQPiGy/YPophW25FOL3+0DFdXGG42g1pTrmdHrfmKbIJ+kpfeHjD9KRCx+Tm7gQuKd4kZOLc0t9kbS+TYVkCAJ4lmYSVWEPioIDtlFCBZPjoGyxiuhYh1FJdTn6wPKDy7pwM9kzDTEA+LnL3UFHqenzYbY05X4RLylugyW1gDNOjaxT+jecTpdf+rFUngcfkZOD8qMip45u9T/e/pkOH5Px9jiODU+kPMtNkrEUny4r/TsPriwLET9maEwZukpAcuDYk6TolU7fI1MIJJOHKMgT6TRXeeJP1LOfs3skluY4AqM6xFQc6VHz80t/PE6QLtiyuSEQ/098hXQYgdMhRNZBEgWolUwUDQ/2tfLeazhIvFTKQI5ZisW05DJVhrlLSAKqJxbxg1e/aI9k9lO5KBmU9fj1O+MrmD35C3NnPkgQSwLaq0SNpBpfnT/l+Hd/9Si1Q3k/s6/bMcyJEFkAe3P3nGDtBJ6ip1vqBfTNBjE8DPr20d7aNHTVm88k2Aka7saNj+y9DCdHTmquBlEyMnUkvC3uk7b0aGDM1nQ22M87mYXimBT3eiPPTMkGJuyauBdZKvMZRtmmMrlYAWMRX7u98wXpdDXvvr39HSSwjzoFYpReGLa7IfNIDt+G4Jxwdl7fHIpttdRHHX3uKfEzhSJiNZmGNpogp4FMQ62VmW87VVRBUEm3LO0LDmtjpPBbkrHbwoB2iS2mewDlWpprAlFcafb3DChejiyFunNFeDIEEMIBRi5w== C:\Windows\tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-1-7.job - C:\Program Files (x86)\TornPlusTV_version1.11\7478ed61-6d44-4df4-97f5-84cb4715dac9-1-7.exe /rawdata=RrRy9GISTSoVJ10gbr617GlAh2PCyWHBM9jUL1q09UxRoGTBZkbKzEKMYTNAvGP9LOk74FlA70Ms5138OU9toIQpez/rXs1QxE6qCth6nwjmk4jRRQYiGN05hOH4z+DJuI6r5tdpgdB9FW8sTvVWTpQoLG82i9ksVwlsIOD5mwJMVK19iz1ht7KhgDB/mfPF6S2nFlFSnXS3sC0bUQGXRBcuXL6qDO/VVGKXT+B+xuQ7rHzG8n6cUDb1Yl+OLe3+warOZDUE5UeWS5Unci+OW9w1VPWPvsvFu2S3s/6roShk8EpH8fWqAhuyYqOzwXYToeBOXX2oPrGWd1LANLeY903FhrPqHr0qXlKybdVnyaGunse6s0876aoa5246sYTPtHN4NsJ3EVIcTzFSPklPKHzDlqT2rQybzZlF0nyGtmEw3MMvsk600D54uAz/WrcrV7vtJPB/0euga3kYIXfUkg31nmUpVXvzFn/K1Ouvi70DcCxa3WR85dE0J69BUn9xwhBQDQoLPzIvn0kFqIpt1Row1z8Tc6r6h1WG5GESWNIYEj3DmzA9fq1V09dv3h81FulzMez9zdjoFAjREmGGTsk90KcESTGq9s5njJebNxSNe+n9t9sehEsLmlKu6CkIeq3Xn38TiAH+iG55qXWP15zuQ4V/LiFVybKzeyp6vfINBMczhgevBpqqF2uCD3dj6ColsMNdyoXfRkSCJjiplt+BcWmcVciBvaa25FdqUWSf9GTarNzGmX9Uyiay/pT5QhXGl+qnfSF4FHWWBTXsIQW3orfuEaT+FdgBnpBOp5YZZsfs1UwkiRQCeuyIKq8pvUMyKtz9PevAg+/vx23OyGloiaX8jk6EkPrMsHUqEWRFIc8SOA16mHWYM53EKgnkKsW4vU52NXjUtHNeisUjOj6DiBxp/erlTk9HoSiLFKPF+rhypjLEGXkjk5N4+rnaIsBbIAXBDa3W9YVCIlDpnUlL2VzGFVo4HZbJjmA0E3gaHa6rwGy9WhoouR/c3yIVtGSnoehMYLlCSZfUTKFOUU3hyyhQpNBdeBxCWEZtMlzZMdhDI3M14NrmazUUZvt8aKWtmSe8Q8e76FvaARFfkCkZ9aicQO1irigFz9X/9RjobUx13cJ3q8+fd92rCcGoAMb5UkvhpplJWKng3clB4+7XGRyK4XfF8y2GqoQXpK20eZdi5mkPzmXSxsgkOR0KUQ/pX23QP4ksxe28spFfdxeRdPL1TnCs7JcBoGAEys4BBVGYtmI0EdACsMVF6G6q9Xr77VnpzQEuUrXRXLoZmycIvX9Aq3HzSqyEtOCRGY2UtIdHPGbdOU7kvBPWFYtvShQz+FjRteGg6Pq6dA2DjxLkbxse/asyBkQaxl3Mt487yBu1GFl+RTnCEDR4ipTpb6/06Nm3rWEhtxI8V0ZwLnvk1BD9Vsk3NypmkGYRiDBn33D2ehMmKUTQY97QBY+rBx8Br7eeVHOHMxFVKkDWAJgD4i7emOoCcDY8VwDVBUGrLsmEqsdR/8vh32kyMtlQ C:\Windows\tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-10_user.job - C:\Program Files (x86)\TornPlusTV_version1.11\7478ed61-6d44-4df4-97f5-84cb4715dac9-10.exe /rawdata=a3Lgi61OnFONumfISxUHa18ZTUAY41+LU4WD1iqCLWeSm77wvcoYXOhuw1PpLT0fMA+34Bxsh2yONeqxtOpDF7CYqyEzArBHnARtw+6He6kqa14PJJ/TJvZvqoeuJF0aREsF8wvi622n2BtHFv7BZfhf9KUtKrcS4VikbjZt6CKoMYXLBJc9oYv0FnpDQ3L317QM7ihKMVdLehntUejWPBHTz+cLDC3wIYKPrYScaPoZW73wbt8NVOzwpbJgWHh6q1sPDrpnFPksA6ksmSpNuz3yTwdbD3HN9SfTGJ1o/R/Vime9W3haTHM19vONb9HYpJOiIDZldxc/VImf6+0eklS925NwQVkay5TFZ7OD1+Mi9kfMEwG6jKWIbvm1O2aSFBhGsW6v7JyjoK6VGuwBfrG01PJvQPq0lhBWfiFMoX+gC6ce/c5N1nsu/5Xrwyl9z+cocU2THE2pv+8xpi0Xrkls1Wk3sKKjWC5Zw152pMvJU5xRWvHW8AVJRv/qJuAcSe4B2pgmNcLFqsJ0uQp9VywyJUbv/irLa1Xc4KYhhoW6bE/4tD/BWbfDgrWjT95eQzISNFkVSKZuqzDHSK6+/kFGv2fsOR6ZMrsYgSau7d0P/PBI5PYDiIBNIle8qWng5QyeuZaVUA8baPdYae4KGnmlrjB6IzoLCDQx1sof0jWqGUHuSQbk6dJGg7sVLkflrXoiFClKID+Axx3Rbnbw1BtUSjTSxRzjK6Zta0YRoVyf5dYrSkM5b+XT7bkKqVHdu8iHyX55346kmbT+HaGEOPyh9nynqqt8lsSbRXu/WgJpDc3sNOn3ZC75LXupn/F1GVZe+gRF4fU1cuvqc0yIHw== C:\Windows\tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-5.job - C:\Program Files (x86)\TornPlusTV_version1.11\7478ed61-6d44-4df4-97f5-84cb4715dac9-5.exe /rawdata=I3nzolvGBPLU8MtUfqLmDeJdBLi6BBcSMkxHWNThkBuTdrWQL4Nc3QpeWaY8gXj45sTnIkWaIXHEMmRsiHdiwhychZSja3ke7c2P2lcsGl7nUZPpgrqhOuJGgPCSaUi/qkcH0cjtFJQci7RsgTHTXM82R8rFHOV7LRnpEvI68f2ryOd0tZ3VyC8ker29WSemAoH72g3l6fJ9AMpCnvz/Xgz7ZWvbM4qfweg6NHOjCKodUCkqXhjoCFrNGYesGGat8+5K9GTHpZ9KyQm+E8Ro+QISIuV5C9tMDoPhppmtisFRBc0IXviWvlcR+7J0UvwbGs2Sc9cy3+pj46W9rUMxUiJvDO3NHh1EdozUToObWUB7N5Hj5xX8ECYaOsCMU22Q6XxX+tvCIbts43uCoJ66F0YXK1QZv6OHpzxXcZQ+Tzbdr8W+6VXwfd89D5P1QkTGMFRgrRyUvy9nTmxW8QGfqXpveaGiStuRsmNRiI/JY2MxXzvOxFJkISaW185+0vSfQguAIMxBkknYj8MZ5J1abWwr4+sYc7CqlOfACxceu6efu8fbYxvrNuFP2k98C7Z882Ijc1AB9uML7yX4G5VDaizW6QhF2aBzeMMPVmYWYmB/M/S9dCxoIdzkRxYbr5WjmV/pMM2WdbdgcmZeNFXqTz7EoP3WhLrxMO90QIwUHKJ4G9DbBI3Lq1TNogCmsxl4WKLqix1lir5cXU5lA1rwWyORjG9L74XYEY4Ghe39Gl57HV64jhuSUxxflb6jYSfINM6D0bh459Hw4LMSSYJZ7KKZ2fAxKpq2s8J7PCyiCd03/OtSz0wo3HwjZaQAe/PH+tztZTt2jjH3LxskFZUm4oweWObp6dnv9Cfujc2l4z3y06i9Ye+ibSCH1H0p5M5CFSArY5cGA5UTFz1CQaambxxJFiHHXinY7XJ7+NKQijCQx1PIMUnNqAa0bH6GfJCA8GYWHqRdGZYpuh2BQwupKS8RTgTcZqWvhJoq+cMHvXQss7O/xrIkc0xWVwMnP1tI C:\Windows\tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-5_user.job - C:\Program Files (x86)\TornPlusTV_version1.11\7478ed61-6d44-4df4-97f5-84cb4715dac9-5.exe /rawdata=I3nzolvGBPLU8MtUfqLmDeJdBLi6BBcSMkxHWNThkBuTdrWQL4Nc3QpeWaY8gXj45sTnIkWaIXHEMmRsiHdiwhychZSja3ke7c2P2lcsGl7nUZPpgrqhOuJGgPCSaUi/qkcH0cjtFJQci7RsgTHTXM82R8rFHOV7LRnpEvI68f2ryOd0tZ3VyC8ker29WSemAoH72g3l6fJ9AMpCnvz/Xgz7ZWvbM4qfweg6NHOjCKodUCkqXhjoCFrNGYesGGat8+5K9GTHpZ9KyQm+E8Ro+QISIuV5C9tMDoPhppmtisFRBc0IXviWvlcR+7J0UvwbGs2Sc9cy3+pj46W9rUMxUiJvDO3NHh1EdozUToObWUB7N5Hj5xX8ECYaOsCMU22Q6XxX+tvCIbts43uCoJ66F0YXK1QZv6OHpzxXcZQ+Tzbdr8W+6VXwfd89D5P1QkTGMFRgrRyUvy9nTmxW8QGfqXpveaGiStuRsmNRiI/JY2MxXzvOxFJkISaW185+0vSfQguAIMxBkknYj8MZ5J1abWwr4+sYc7CqlOfACxceu6efu8fbYxvrNuFP2k98C7Z882Ijc1AB9uML7yX4G5VDaizW6QhF2aBzeMMPVmYWYmB/M/S9dCxoIdzkRxYbr5WjmV/pMM2WdbdgcmZeNFXqTz7EoP3WhLrxMO90QIwUHKJ4G9DbBI3Lq1TNogCmsxl4WKLqix1lir5cXU5lA1rwWyORjG9L74XYEY4Ghe39Gl57HV64jhuSUxxflb6jYSfINM6D0bh459Hw4LMSSYJZ7KKZ2fAxKpq2s8J7PCyiCd03/OtSz0wo3HwjZaQAe/PH+tztZTt2jjH3LxskFZUm4ltq9KsuXCBN2MusU1sMPSOheyaxATh0YDL6ckLWvJ16tUqp18/ZHpp2wq1atK5QaiVgZ2NEi8S1IrHqE9gIkUaEjvJA22AuUe174E1Dk2XnwlIC85kkwaQqNeUC8TXccm5LwrI7RfEqFc7kH9eqL5maqWiPDDBO127gOco0uO0A C:\Windows\tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-6.job - C:\Program Files (x86)\TornPlusTV_version1.11\7478ed61-6d44-4df4-97f5-84cb4715dac9-6.exe /rawdata=P/QonJXzFFP/GvT1Eo7xdtNE0hMBp9gYY62pW09ujJQvlV6czrIPdkatmWBXUeRoLoJ4SyDMlNqQTT9qxnAv/jkXm00MvEOcdYf2ZkEoaQdWtJXozFmKU9QJ+YWs14W4Qx3QVukbSBPGaeGzoKjDuPNGe2sH4nfiMOV6ytTW+oIyDySKnxvgdcw7oZ+4nicY+Jsgy4pn77FwnzVkXUujJXCQ0YAMyUj4yRdZTYHJi5RFzBFkqns6+6rZD7o/hxuWVJWzZ4bsLcoDYF7AMLDAK12r8AhtU+WPgYgJjLdbVvG74F4v5sJ22CQ8Hretl+5YWJNHpwU4KgLXqsSg2T+hJ62P2xldyeIXqt5RC9jkmN7TU3b0KfEDgIU/GHwfwJN4XbdX+Q32aG5M8vKvLgIF27v+Y7ITMoEllmNg3al8oYluhRTtl0i9o092a46TdrQhuWYPxDTOYV1QRO5fTTm38z7lt1TvwQ1lDXCVmDrlOd1jZVR7bx/BxR+yj2EiZIfGJNhTRIuZaA+6cuxjYxdBoAtDJfsmqXHOw8NNRTIeRqZIlMWjBIXTH8Z7H2FQrBt4KQSjiUHner3710zyBhqq2d3U+ZthQxTlwUyEwkV7M4Nxs8vaHtfcxXbaLi57uxg25xRk5E/VO3LjikCFkcpLDmNsVYe8Lqimw6RzRg2S6Jwmmnmx442bwywsYzSHmMFkkPCJqcKgWDwpNEm/ZJMOFo5ceV2aVreiydEy6Ixe4tbW6k7TVI+LBuxR8veHYiQ+KR1rMIn2ldJ5AIYXsbvKRsoXmNvXp1O93DiEf/N4cdAdSvJdmpe/Em9tCtM/H3+9BeCrt0uTOSZlLWV6oxESKAhHtCkpT9OWpzV/qjVGl47dh9se4CiZB2LxMv55g3zdzMmvX6LqQmzzfXiO/aVCtywT32jZKIwLS6RA7JzLPiy1fNmInAd//0Nlupd4vkd9Rl9hGNG+Oe6LSd0DS8n9EAvPnZMbVze7D9/FsAaSjOfgFnugdW3WBFmnW0Iwpmo3kMMFldQBeyrjFg0Wn3g+X+aSJWZldTQpzRYiARb44HR6zPZxnCb4hFgELQPNZpZfIc46gBiPJx5mWQh7wb7ksstkBG+OCsk7i8F6nojWNzGpwaoRvZqtNI1HWqjEKGmw8vK0T36Ztvv+yJPMQkjpwbjiDU+7B2c1oZCOyidIbwaA1vPWWJyhuMwKPUkU2yl0gyfnW2Xzi4Q0O8ALDRnxaOdlt/QuSGDKG/R9q7cttsuqOsjkf6Wl2/mBEy56TOtwHAkciPfOuPZoLRqwEnuovtTKdOvIGpzog5/9jyJqV9Nq1dUZz4E72usf4CN7flzYYZ1rYW5Bt2/9x9Nx//pVwApR6KcYtpdFiZb4/fu+NKaf0FYrgHg6m5fXfb/cd95tWewCFzG3EBHSo9au2Awu+hR22OkFaMi1OhjTr0Hzta6ns6qywzd4NJRoQYYkRyC5I+dQK/z5urLbh1+kiX3BdDeYMsyVOsg77AnJ5QJ7qazzN7odasSTF+JjWybQIdJTsb8+eKxENuSHbw+nLxlcH+Npt2c226bZ8ACpsoBxQofVr4YAtUK/jTzr0bfoq7ZM5h5M827k3dfJqc2wlbiNerOoNQZ5zR4+L3wJlYzshQWfHsbCaNZUmd3AFQhs3IH6qIdwAcKLawbxwv2lZj35PDiLrFpwkAJU3qebQnWyM3Cv3Lb4SNXlb7VBGwWnWMTAFyDYhdOhLT1RNbPkvXiitHiUBenv2LW5cTvTW9PB/YbnmIqC6dAbYtJ4nF+dbRMQRhsJFNCudPCqnw/SGN3ut6KT+RWAi0ogUcT4IVSR16MRrsubcX6XrP2uSf+NXNlIclN7jMWJAl7TQQZhyhjvJLXXlsZv7S6N2LBtJ6NiYDLXC+YD97bzwNmmojReLr1efDFTlKLYXG7GSWWjTrJ3ecZ1XMOI6U67e7TrkvhBzitoj52+CeTWHxnSOjvTAu905NIt1eEHpTwmc85o5oojpJoDFeKZ8tb/eBl6caN6Jn/Go/y2HI5SEQrzBwpZAKESVblzbpLYRXkSIHZypdVMOsDAPPoGairsacRVB4wiaAQp85aeZ9Gx13Wg/uT7wBd/duIrqJLgie3Tn0tkDoc29XPwHjmEwD7CYVHcxjj2jQx5lSCZY9D3hnCju3pxLoqAggnwjLsNwL+3CYtaUfWQzZ+4IEgVx8h240YyxGigogy83BMrelglgDLb/Tf0Wmm503RH+9D8f73fFqEvqpGm/AaAXst41NJz3JdQtt7CxMhO2FUx24Rxl2NQCzg1pS4DpIqpI6ZFex59HlgBhVbI2QhlzJnDx0vhjNK2uiPhBsDGU7AJGeUWcu1rFJpDMyK6YObOoUV2tpOM+hYEnNkPXzX+CRSwlRdvEESIuiFS9yVD9ZaxiO+KgxnOOJS5Ddl7qPZaLLhH6U6nxM3+7UdvfTj0ho7vpXSGnnsxtRtwzohil7DnhbfoHugqOnh8Se9JeWOWT65X8NuCCF5+9lf7PjjlnaFHpZuuHDV/CpNfiLHP/whPsMp79uGqeiRX483q C:\Windows\tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-7.job - C:\Program Files (x86)\TornPlusTV_version1.11\7478ed61-6d44-4df4-97f5-84cb4715dac9-7.exe /rawdata=MdLeKEx/cnWm7d4URPbZeKImUs3Jjx30dy7CtTZ2wHCvLhDlO6sOH9Bh1U5RtUsrfIAtwXoefQSvk2S0yoYOZIX2xiu9Qp2SDJ2fJmBWY0qxdkDeFTgiTVVQ88+JANVhgFwxwAwjKVgP9mqCPkHFrnHJdEtz/I6KncvpvkFSvKSfdExtD2kqsA5hIt7/k4f+RJUJePWSkWQslJ6WItcI+EhGH+PyE0K8ebbt82IkICfKyqy4cyxyYh/AYq0MxnzfmdkJEsCIyVPElfXV7Iic8UraPB2/D81X/4IyO3VfKlpbuxm009iICX+O6TCup97DcVryETYqAxPQmHtsB5AbkVugWyr6g95hb81tOGwnRHE98U6gncBOfjsa1W0b+TR6RdjZelFtRl7Oj4ugnpYVEYjs/pFziQb5Qhf/Yhm7L8P84HuENLw4hVxDZE5xmpPc/HINFKFfX1013VMBlhY4IXABvP8ygIdHKsp8NpNgUjARXhk+tl/Be97nXx3Ipt8Oged28IKqCR9+9p5U7pTo5xA8F9Rwd8O+XzV4zQd7kbvTMmX7ZOOQZlgaPL/QfO+j85bNaQPUzWbQF/T+cxP/91015ILtvvnC62a6hbpUf08SUdYx3mIWGSLsR0+GsD/ZG0LTEyQMunmE89/fB6JG57gm4QfyZsK76RzoKQqs0UA8H3aP/C6yKLY9U/FhocHH70JEsPwY8ZwQ2PlWjLiopJWlwduPCLRjsb03Ot65EK3k1hMeSQttBsWbFasH3I3USO6/7cACtSkuLI2Kk0TJUKaIKjXr+0TP/sFJqunJQrA614VKppFHgVT/Mnpy9FIglplCYssO86Z28zuhs3xI4cHrp5fibACrW2UwWGib7w4kZJVD3ay4FrR/+72N1Q//d4HPUqi/QSwmAmS6zzFU1bbvOVqNtCqX3t9MWY03CSO6KfNn+kK8KDRX0YkRX4erO12INnxpCeWt//XH2zXLXtAkziMxMxQCCEhAr+UH1M7tnVu/y5CN0LTkfa168GP2oc2j164loEvFENbETAFjMej22RgQhHp+1ke2db41MIeqVVv63a9Y4o8goBRp8jYplk1OFmA1rPa1En2v8TZYlEkJDn42+osDsVe0308XOGz8n+orybXIP83ajzQhztrjLkKV0Rv2AWZprWtf8K74t1B8w0Yr/R0zotZM4ma/JFt+6y0HeX4qsMULMM+r+Sm8/wFwCB7BbllutT6Rm8CdR/hv+rMTRYVAT/JmHr2vsAndtzBKM5MaiVfmvV1JRdqgqmJhTYiGzAuzvwZ/PDDBWz7aF1VLUGbgYcljv4BdjpYnikUnqHqe7rr2N3k5MOmrjL0RPHzuHfkgeo7MD8Kc/qlrwKDqy/ift3RgJ6uY3/4FuhdJ+lzfB57REow9WiksyYtUgBbZCk0fOGsk87EHivxuOL5xeie+EJ/KmbRvbC93mP4IG3qP84KBIKZjwhbyX9ax0FhUjVCqNwWP3EffpZS3lwIV1SZqTRaqiZLVVxCqSOnBiGKD+/e4v81PkF54xre//AtIdCYYNR5aWdvymd8iVzuY3Jfk8fcMezra+vUdPwUUpEfi7L4c4bxb3QWrzhxedckRGknai80mb0ELhMVgj3Ltk/Qsu+iz6jUnAS3pEmu3/7lqtVZWV2/yzauXfnxJ7jyugxIbse0ZLLtALxNDN8NUjecKB9g9Q1MdRegZHMEhsBPfUJAfywABs8xdY2BiBi+alxFRayn7xywNU3y4JUhInv6NDO3O7XvKhpyO7ZprgIEcAtEYA6WdIbYhZqSRXFFEDpXyLujL3SkmHTciiuTb2wAgflkFt1bucjKuOwj6QqMg2cYa/Mnx3v3Esel0kGSvP3v2uPOLdQyJBpXVgjtu3AkI6JSGvyhqpNWR4PzwsK9mVpMkhRUrIB78jViONqgGEAZ4mS0IAQCrZoov11pVJaAfiY4prXaArqloChPuV7sts7OotleI9V2ss+HrBYozk1DfYxJyRvXeoPIs+DDrCO7oY/phT7W4SZZb6hZkRsu/gjdAOawet0ochozMnNwXhGfCW9MYqZshoT16NVV0IdEsKjPqoTNo8i8825kONvME2rHyc2G0Y0EBr3pCffv18PfujdtVCAX3662XYw9mRJkaL5lAkYffPpmX6laORu7T3aRxc9q5S3Twp+Bq+yeqxbJw/9cPxuCu4pcF9ccxYvcZegijgqxT7Yq1AT8jlNa2Z8IKE1wDZDTxz1+hGsJsn0a8CpwZMzKqDnTdtULlOukc3Sb6MsYBOyauQjSX790wAmjr4NZ1jmC+trkB8Ece4Ex8O01d0HTTBWyyykRJntKWp+IsmHvLQ4APpbWvQquPRvr4CN5xsuHLY1+ZxtA6QRjvhUqQeSo4vS0Zue/zVmndPW/BtIlhWdLAftD9qO37rkUnYX3+PP1V9+QFj8H8NV4V2Rq4hwJdundwgSbkX4G5FOLFKClTbCv1vFTpiKCXtfFBsd8DX3A+rzRB7PkiKQhPf4nzFTXNxCL0w8Cd8s/n7qyzZGcHLSDThZvwi7pMGBLLwQ5+0GDU C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe C:\Windows\tasks\DriverUpdate Scan.job - C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe scheduled C:\Windows\tasks\DriverUpdate Startup.job - C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe -boot C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /c C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /ua /installsource scheduler C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler C:\Windows\tasks\JTOV.job - C:\Users\yassine\AppData\Roaming\JTOV.exe /infocmdline=v3cEVu5Ycy/rJZcjIJVsMdJuROqLPe2sNt1DlOzna1ZRU/5C26e239fHZkSvNa7CYHcUBWDYSMp2nFC1koioaUcwpyzEkii35U/WU0tOgRXLrJCQnJs4FBSVQ/4Z0f0ric7M/0W7chK8LrVLzvuhNwHXezVVaM8FwBkWcWPxvSZFwnmy1PNCETwsx+lRScONR2v6cBTo4p5JajT8Fdg5uKtDDS7DnX3jfG2Val2LxOtz0tdciC6OJnUMUlKp6xLi1l2ZbQMTb9oGnPd8yp7nFnkSzS/AQ6NH0hXqEFx2DfyvuZDBQT+Oe/z/djXkFRbKEXXuoxZQm1duM/nwlu3bDbE//ZF0E9M5vx7t07okTq2bW2k3Jp+hxB5vSjI8m/uLFt/ou83joqabkBKctYJGUIpfEref8y9NY118SGdZUEJdw/VocCj86DOriRm6keGVG87KypbULoSQHm+nQLUt19CXEfquExvXCAjPtkj1XHKOmJGEoR4/G4Nc/OTNT5xN C:\Windows\tasks\SlimCleaner Plus (Scheduled Scan - yassine).job - C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe /doScheduledScan ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-01-24 256456] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14 2117216] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}] IETabPage Class - C:\Program Files (x86)\XTab\SupTab.dll [2015-01-16 210096] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83dc36e5-db3f-461a-8fbc-245e44000b1f}] Reverse Page 1.0.0.7 - C:\Program Files (x86)\Reverse Page\ReversePagebho.dll [2015-02-15 269048] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-01-24 194504] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14 1709152] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-01-24 256456] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-01-24 194504] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-09-13 2281256] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-07-29 166424] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-07-29 391192] "Persistence"=C:\Windows\system32\igfxpers.exe [2010-07-29 410648] "RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2010-09-22 6489704] "HPWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe [2010-07-21 8192] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"=C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2010-08-16 2736128] "RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe [2009-07-14 427520] "Gameo"=C:\Users\yassine\AppData\Roaming\Gameo\gameo.exe C:\Users\yassine\AppData\Roaming\Gameo\gameo.dat mode:minimized [] "Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-12-11 30877280] "SlimCleaner Plus"=C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [2014-12-23 26165568] "TornTv Downloader"=C:\Users\yassine\AppData\Roaming\TornTV.com\Torntv Downloader.exe [2015-01-22 306176] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "HP Quick Launch"=C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [2010-09-28 584760] "HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30 96056] ""= [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=" " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2010-02-21 269824] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "MSVideo8"=VfWWDM32.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2015-02-18 01:27:40 ----D---- C:\rsit 2015-02-17 14:22:09 ----A---- C:\Windows\system32\drivers\{3e26b928-0db2-4fd1-bc29-c87d5b3a0564}Gw64.sys 2015-02-16 16:45:00 ----D---- C:\ProgramData\fd5de37200000a7e 2015-02-15 21:18:02 ----A---- C:\Windows\system32\drivers\{3ad5a8e4-b8a3-4333-9022-726dc1eda808}Gw64.sys 2015-02-15 21:11:38 ----D---- C:\Program Files (x86)\Reverse Page 2015-02-15 21:10:53 ----D---- C:\Program Files (x86)\daf5332a-04c3-4f6e-907f-586f67b8798e 2015-02-15 21:10:51 ----D---- C:\Program Files (x86)\globalUpdate 2015-02-15 21:10:51 ----A---- C:\Users\yassine\AppData\Roaming\JTOV.exe 2015-02-15 21:10:48 ----D---- C:\Program Files (x86)\TornPlusTV_version1.11 2015-02-15 21:10:24 ----D---- C:\Users\yassine\AppData\Roaming\TornTV.com 2015-02-12 14:05:00 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll 2015-02-12 14:05:00 ----A---- C:\Windows\SYSWOW64\jscript9.dll 2015-02-12 14:05:00 ----A---- C:\Windows\system32\jscript9diag.dll 2015-02-12 14:05:00 ----A---- C:\Windows\system32\jscript9.dll 2015-02-11 13:27:18 ----A---- C:\Windows\SYSWOW64\wdigest.dll 2015-02-11 13:27:18 ----A---- C:\Windows\SYSWOW64\TSpkg.dll 2015-02-11 13:27:18 ----A---- C:\Windows\SYSWOW64\schannel.dll 2015-02-11 13:27:18 ----A---- C:\Windows\SYSWOW64\ncrypt.dll 2015-02-11 13:27:18 ----A---- C:\Windows\SYSWOW64\msv1_0.dll 2015-02-11 13:27:18 ----A---- C:\Windows\SYSWOW64\kerberos.dll 2015-02-11 13:27:18 ----A---- C:\Windows\SYSWOW64\credssp.dll 2015-02-11 13:27:18 ----A---- C:\Windows\system32\wdigest.dll 2015-02-11 13:27:18 ----A---- C:\Windows\system32\TSpkg.dll 2015-02-11 13:27:18 ----A---- C:\Windows\system32\schannel.dll 2015-02-11 13:27:18 ----A---- C:\Windows\system32\ncrypt.dll 2015-02-11 13:27:18 ----A---- C:\Windows\system32\msv1_0.dll 2015-02-11 13:27:18 ----A---- C:\Windows\system32\kerberos.dll 2015-02-11 13:27:18 ----A---- C:\Windows\system32\credssp.dll 2015-02-11 13:27:10 ----A---- C:\Windows\SYSWOW64\mshtmled.dll 2015-02-11 13:27:10 ----A---- C:\Windows\SYSWOW64\iernonce.dll 2015-02-11 13:27:10 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll 2015-02-11 13:27:10 ----A---- C:\Windows\system32\ieetwproxystub.dll 2015-02-11 13:27:10 ----A---- C:\Windows\system32\ieetwcollector.exe 2015-02-11 13:27:09 ----A---- C:\Windows\SYSWOW64\urlmon.dll 2015-02-11 13:27:09 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll 2015-02-11 13:27:09 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll 2015-02-11 13:27:09 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll 2015-02-11 13:27:09 ----A---- C:\Windows\SYSWOW64\dxtrans.dll 2015-02-11 13:27:09 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-02-11 13:27:09 ----A---- C:\Windows\system32\iernonce.dll 2015-02-11 13:27:09 ----A---- C:\Windows\system32\ie4uinit.exe 2015-02-11 13:27:08 ----A---- C:\Windows\SYSWOW64\mshtml.dll 2015-02-11 13:27:08 ----A---- C:\Windows\SYSWOW64\msfeeds.dll 2015-02-11 13:27:07 ----A---- C:\Windows\SYSWOW64\iesetup.dll 2015-02-11 13:27:07 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll 2015-02-11 13:27:07 ----A---- C:\Windows\system32\iedkcs32.dll 2015-02-11 13:27:06 ----A---- C:\Windows\SYSWOW64\jsproxy.dll 2015-02-11 13:27:06 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe 2015-02-11 13:27:06 ----A---- C:\Windows\SYSWOW64\ieui.dll 2015-02-11 13:27:06 ----A---- C:\Windows\SYSWOW64\iertutil.dll 2015-02-11 13:27:06 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll 2015-02-11 13:27:06 ----A---- C:\Windows\system32\urlmon.dll 2015-02-11 13:27:06 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe 2015-02-11 13:27:06 ----A---- C:\Windows\system32\msfeeds.dll 2015-02-11 13:27:06 ----A---- C:\Windows\system32\ieetwcollectorres.dll 2015-02-11 13:27:06 ----A---- C:\Windows\system32\dxtrans.dll 2015-02-11 13:27:05 ----A---- C:\Windows\SYSWOW64\ieframe.dll 2015-02-11 13:27:05 ----A---- C:\Windows\system32\iesetup.dll 2015-02-11 13:27:05 ----A---- C:\Windows\system32\ieapfltr.dll 2015-02-11 13:27:04 ----A---- C:\Windows\system32\iertutil.dll 2015-02-11 13:27:03 ----A---- C:\Windows\SYSWOW64\wininet.dll 2015-02-11 13:27:03 ----A---- C:\Windows\SYSWOW64\vbscript.dll 2015-02-11 13:27:03 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll 2015-02-11 13:27:02 ----A---- C:\Windows\SYSWOW64\msrating.dll 2015-02-11 13:27:02 ----A---- C:\Windows\system32\jsproxy.dll 2015-02-11 13:27:02 ----A---- C:\Windows\system32\ieUnatt.exe 2015-02-11 13:27:02 ----A---- C:\Windows\system32\ieui.dll 2015-02-11 13:27:02 ----A---- C:\Windows\system32\dxtmsft.dll 2015-02-11 13:27:01 ----A---- C:\Windows\system32\ieframe.dll 2015-02-11 13:27:00 ----A---- C:\Windows\system32\mshtmlmedia.dll 2015-02-11 13:27:00 ----A---- C:\Windows\system32\mshtmled.dll 2015-02-11 13:26:59 ----A---- C:\Windows\system32\wininet.dll 2015-02-11 13:26:59 ----A---- C:\Windows\system32\vbscript.dll 2015-02-11 13:26:58 ----A---- C:\Windows\system32\msrating.dll 2015-02-11 13:26:58 ----A---- C:\Windows\system32\MshtmlDac.dll 2015-02-11 13:26:57 ----A---- C:\Windows\system32\mshtml.dll 2015-02-11 13:26:31 ----A---- C:\Windows\system32\ntoskrnl.exe 2015-02-11 13:26:30 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe 2015-02-11 13:26:30 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe 2015-02-11 13:26:29 ----A---- C:\Windows\SYSWOW64\srclient.dll 2015-02-11 13:26:29 ----A---- C:\Windows\system32\srcore.dll 2015-02-11 13:26:29 ----A---- C:\Windows\system32\srclient.dll 2015-02-11 13:26:29 ----A---- C:\Windows\system32\rstrui.exe 2015-02-11 13:25:53 ----A---- C:\Windows\SYSWOW64\scesrv.dll 2015-02-11 13:25:53 ----A---- C:\Windows\system32\scesrv.dll 2015-02-11 13:25:50 ----A---- C:\Windows\SYSWOW64\adtschema.dll 2015-02-11 13:25:50 ----A---- C:\Windows\system32\lsasrv.dll 2015-02-11 13:25:50 ----A---- C:\Windows\system32\drivers\ksecdd.sys 2015-02-11 13:25:50 ----A---- C:\Windows\system32\drivers\cng.sys 2015-02-11 13:25:50 ----A---- C:\Windows\system32\adtschema.dll 2015-02-11 13:25:49 ----A---- C:\Windows\SYSWOW64\sspicli.dll 2015-02-11 13:25:49 ----A---- C:\Windows\SYSWOW64\secur32.dll 2015-02-11 13:25:49 ----A---- C:\Windows\SYSWOW64\msobjs.dll 2015-02-11 13:25:49 ----A---- C:\Windows\SYSWOW64\msaudite.dll 2015-02-11 13:25:49 ----A---- C:\Windows\SYSWOW64\auditpol.exe 2015-02-11 13:25:49 ----A---- C:\Windows\system32\sspisrv.dll 2015-02-11 13:25:49 ----A---- C:\Windows\system32\sspicli.dll 2015-02-11 13:25:49 ----A---- C:\Windows\system32\secur32.dll 2015-02-11 13:25:49 ----A---- C:\Windows\system32\msobjs.dll 2015-02-11 13:25:49 ----A---- C:\Windows\system32\msaudite.dll 2015-02-11 13:25:49 ----A---- C:\Windows\system32\lsass.exe 2015-02-11 13:25:49 ----A---- C:\Windows\system32\drivers\ksecpkg.sys 2015-02-11 13:25:49 ----A---- C:\Windows\system32\auditpol.exe 2015-02-11 13:25:16 ----A---- C:\Windows\system32\WindowsCodecs.dll 2015-02-11 13:25:15 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll 2015-02-11 13:24:11 ----A---- C:\Windows\system32\win32k.sys 2015-02-09 01:50:24 ----D---- C:\Users\yassine\AppData\Roaming\OpenOffice 2015-02-09 01:49:26 ----D---- C:\Program Files (x86)\OpenOffice 4 2015-02-08 22:52:27 ----D---- C:\ProgramData\IHProtectUpDate 2015-02-08 22:52:26 ----D---- C:\Program Files (x86)\XTab 2015-02-08 22:52:15 ----D---- C:\ProgramData\WindowsMangerProtect 2015-02-08 22:52:09 ----D---- C:\Users\yassine\AppData\Roaming\key-find 2015-02-08 22:47:55 ----D---- C:\ProgramData\SlimWare Utilities Inc 2015-02-08 22:47:54 ----D---- C:\Program Files\SlimService 2015-02-08 22:47:54 ----D---- C:\Program Files\SlimCleaner Plus 2015-02-08 22:47:32 ----A---- C:\Windows\system32\drivers\SWDUMon.sys 2015-02-08 22:47:30 ----D---- C:\Program Files (x86)\DriverUpdate 2015-01-27 01:22:34 ----A---- C:\DelFix.txt 2015-01-23 20:05:57 ----D---- C:\ProgramData\Visan 2015-01-23 20:05:57 ----D---- C:\ProgramData\HP Photo Creations 2015-01-23 20:05:57 ----D---- C:\Program Files (x86)\HP Photo Creations 2015-01-23 20:05:50 ----D---- C:\Users\yassine\AppData\Roaming\HpUpdate 2015-01-23 20:05:40 ----D---- C:\Program Files (x86)\HP 2015-01-23 20:05:39 ----D---- C:\ProgramData\HP 2015-01-23 20:05:39 ----D---- C:\Program Files\HP 2015-01-23 20:05:35 ----A---- C:\ProgramData\Ament.ini 2015-01-23 20:00:22 ----D---- C:\Users\yassine\AppData\Roaming\Google 2015-01-23 19:59:39 ----D---- C:\Program Files\Google 2015-01-23 19:59:35 ----D---- C:\ProgramData\Google 2015-01-23 19:59:28 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe 2015-01-23 19:59:24 ----D---- C:\Windows\system32\Macromed 2015-01-21 20:07:45 ----SHD---- C:\$RECYCLE.BIN 2015-01-21 20:07:45 ----D---- C:\Users\yassine\AppData\Roaming\hpqLog 2015-01-21 20:04:07 ----D---- C:\Windows\Temp 2015-01-21 20:04:07 ----A---- C:\Windows\zoek-delete.exe 2015-01-21 19:32:36 ----D---- C:\Users\yassine\AppData\Roaming\Skype 2015-01-21 19:32:27 ----RD---- C:\Program Files (x86)\Skype 2015-01-21 19:32:23 ----D---- C:\ProgramData\Skype 2015-01-20 22:00:47 ----A---- C:\Windows\SYSWOW64\msvcr100.dll 2015-01-19 21:36:19 ----D---- C:\Program Files\trend micro ======List of files/folders modified in the last 1 month====== 2015-02-18 01:27:46 ----D---- C:\Windows\Prefetch 2015-02-17 22:42:48 ----SHD---- C:\System Volume Information 2015-02-17 22:28:35 ----A---- C:\Windows\win.ini 2015-02-17 21:15:42 ----D---- C:\Windows\system32\config 2015-02-17 16:59:54 ----D---- C:\Users\yassine\AppData\Roaming\vlc 2015-02-17 14:22:09 ----D---- C:\Windows\system32\drivers 2015-02-16 16:45:08 ----RD---- C:\Program Files (x86) 2015-02-16 16:45:05 ----D---- C:\Windows\system32\Tasks 2015-02-16 16:45:00 ----HD---- C:\ProgramData 2015-02-16 16:44:36 ----D---- C:\Users\yassine\AppData\Roaming\uTorrent 2015-02-16 00:35:33 ----D---- C:\Windows\system32\wdi 2015-02-15 23:06:53 ----D---- C:\Windows\system32\GroupPolicy 2015-02-15 21:42:56 ----D---- C:\Windows\System32 2015-02-15 21:42:56 ----D---- C:\Windows\inf 2015-02-15 21:42:56 ----A---- C:\Windows\system32\PerfStringBackup.INI 2015-02-15 21:11:23 ----D---- C:\Windows\Tasks 2015-02-15 21:11:01 ----D---- C:\Program Files (x86)\CyberLink 2015-02-15 21:10:56 ----SHD---- C:\Windows\Installer 2015-02-15 01:28:55 ----D---- C:\Windows\system32\NDF 2015-02-14 12:26:34 ----D---- C:\Windows\system32\catroot2 2015-02-12 18:27:12 ----D---- C:\Windows\rescache 2015-02-12 14:09:38 ----D---- C:\Windows\winsxs 2015-02-12 14:09:37 ----D---- C:\Windows\SYSWOW64\en-US 2015-02-12 14:09:37 ----D---- C:\Windows\SysWOW64 2015-02-12 14:09:37 ----D---- C:\Windows\system32\en-US 2015-02-12 14:03:20 ----D---- C:\Windows\system32\catroot 2015-02-12 00:18:00 ----D---- C:\Windows\system32\nl-NL 2015-02-12 00:18:00 ----D---- C:\Program Files\Internet Explorer 2015-02-12 00:17:59 ----D---- C:\Windows\SYSWOW64\nl-NL 2015-02-12 00:17:59 ----D---- C:\Windows\SYSWOW64\fr-FR 2015-02-12 00:17:59 ----D---- C:\Windows\SYSWOW64\de-DE 2015-02-12 00:17:58 ----D---- C:\Windows\system32\fr-FR 2015-02-12 00:17:58 ----D---- C:\Windows\system32\de-DE 2015-02-12 00:17:57 ----D---- C:\Program Files (x86)\Internet Explorer 2015-02-09 01:49:52 ----RSD---- C:\Windows\assembly 2015-02-09 01:49:32 ----RSD---- C:\Windows\Fonts 2015-02-09 01:47:59 ----D---- C:\Program Files\Common Files\Microsoft Shared 2015-02-08 22:47:54 ----RD---- C:\Program Files 2015-01-26 22:32:08 ----SD---- C:\Users\yassine\AppData\Roaming\Microsoft 2015-01-26 22:29:33 ----D---- C:\Program Files (x86)\Microsoft Office 2015-01-26 22:29:06 ----D---- C:\Program Files (x86)\MSECache 2015-01-23 20:05:58 ----D---- C:\Program Files (x86)\Hewlett-Packard 2015-01-23 20:05:44 ----D---- C:\Windows\system32\DriverStore 2015-01-23 19:59:39 ----D---- C:\Program Files (x86)\Google 2015-01-21 20:06:55 ----D---- C:\Windows 2015-01-21 19:32:28 ----D---- C:\Program Files (x86)\Common Files ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-04-13 540696] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888] R1 {3ad5a8e4-b8a3-4333-9022-726dc1eda808}Gw64;{3ad5a8e4-b8a3-4333-9022-726dc1eda808}Gw64; C:\Windows\system32\drivers\{3ad5a8e4-b8a3-4333-9022-726dc1eda808}Gw64.sys [2015-02-15 48792] R1 {3e26b928-0db2-4fd1-bc29-c87d5b3a0564}Gw64;{3e26b928-0db2-4fd1-bc29-c87d5b3a0564}Gw64; C:\Windows\system32\drivers\{3e26b928-0db2-4fd1-bc29-c87d5b3a0564}Gw64.sys [2015-02-16 48792] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] R3 clwvd;CyberLink WebCam Virtual Driver; C:\Windows\system32\DRIVERS\clwvd.sys [2010-09-28 31088] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2010-02-21 10300800] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-09-22 2494056] R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys [2010-09-10 1014624] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-03-23 347680] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-09-13 1390640] S3 cpuz134;cpuz134; \??\C:\Users\yassine\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352] S3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056] S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] S3 SWDUMon;SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [2015-02-17 16152] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AERTFilters;Andrea RT Filters Service; C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208] R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176] R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520] R2 HP Health Check Service;HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2010-10-07 126008] R2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-09-17 92216] R2 HPWMISVC;HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-09-28 26680] R2 IHProtect Service;IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [2015-01-16 158896] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-08-16 73728] R2 RtVOsdService;RtVOsdService Installer; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392] R2 SlimService;SlimWare Utility Service Launcher; C:\Program Files\SlimService\SlimServiceFactory.exe [2014-12-23 244544] R2 trntv;Torntv Downloader; C:\Users\yassine\AppData\Roaming\TornTV.com\TornTVSvc.exe [2015-01-22 23552] R2 Update Reverse Page;Update Reverse Page; C:\Program Files (x86)\Reverse Page\updateReversePage.exe [2015-02-17 399096] R2 Util Reverse Page;Util Reverse Page; C:\Program Files (x86)\Reverse Page\bin\utilReversePage.exe [2015-02-17 399096] R2 WindowsMangerProtect;WindowsMangerProtect Service; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [2015-02-08 487056] R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2010-09-17 735288] S2 globalUpdate;globalUpdate Update Service (globalUpdate); C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-02-15 68608] S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-24 107912] S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-07 267440] S3 globalUpdatem;globalUpdate Update Service (globalUpdatem); C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-02-15 68608] S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-24 107912] S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2015-01-23 194032] S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-01-12 114688] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-11-26 1255736] -----------------EOF-----------------
- 18 februari 2015
- 8 antwoorden
Hoe mijn virussen verwijderen

samey reageerde op samey's topic in Archief Bestrijding malware & virussen

Hartelijk dank voor deze!!!! Ik wens jullie allen verder het beste toe.... Groetjes...
- 27 januari 2015
- 19 antwoorden
samey reageerde op een bericht in een topic: Hoe mijn virussen verwijderen 27 januari 2015
Hoe mijn virussen verwijderen

samey reageerde op samey's topic in Archief Bestrijding malware & virussen

Echt super nu!!! DANK U, DANK U, DANK U!!!
- 23 januari 2015
- 19 antwoorden
samey reageerde op een bericht in een topic: Hoe mijn virussen verwijderen 23 januari 2015
Hoe mijn virussen verwijderen

samey reageerde op samey's topic in Archief Bestrijding malware & virussen

# AdwCleaner v4.108 - Rapport aangemaakt 22/01/2015 op 23:47:49 # Laatste Update 17/01/2015 door Xplode # Database : 2015-01-22.3 [Live] # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits) # Gebruikersnaam : yassine - YASSINE-HP # Gestart vanuit : C:\Users\yassine\Downloads\adwcleaner_4.108 (1).exe # Optie : Verwijderen ***** [ Services ] ***** [#] Service Verwijderd : 051cdb72 Service Verwijderd : {641e52b1-3179-43ed-8bcb-f688871e52b0}Gw64 [#] Service Verwijderd : {ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gw64 [#] Service Verwijderd : {ecd6aae4-019c-44b2-a0e5-570904275d66}Gw64 ***** [ Bestanden / Mappen ] ***** Map Verwijderd : C:\ProgramData\MailUpdate Map Verwijderd : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlvPlayer Map Verwijderd : C:\Users\yassine\AppData\Roaming\MailUpdate Map Verwijderd : C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd Bestand Verwijderd : C:\Users\Public\Desktop\FlvPlayer.lnk ***** [ Taken ] ***** Taak Verwijderd : LaunchSignup Taak Verwijderd : Optimizer Pro Schedule Taak Verwijderd : PC Speed Maximizer Schedule Taak Verwijderd : ReimageUpdater Taak Verwijderd : Reimage Reminder ***** [ Snelkoppelingen ] ***** ***** [ Register ] ***** Sleutel Verwijderd : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd Sleutel Verwijderd : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Linkey.Linkey Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup Waarde Verwijderd : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64] Waarde Verwijderd : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86] Waarde Verwijderd : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64] Waarde Verwijderd : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\SettingsManagerIEHelper.DNSGuard.1 Sleutel Verwijderd : HKLM\SOFTWARE\Classes\SettingsManagerIEHelper.DNSGuard Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\iedll.dll Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{6A7CD9EC-D8BD-4340-BCD0-77C09A282921} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{E1842850-FB16-4471-B327-7343FBAED55C} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{AA760BA8-5862-4BC5-9263-4452CBC0B264} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{4613B1C1-FBC0-43C3-A4B9-B1D6CD360BB3} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{726E90BE-DC22-4965-B215-E0784DC26F47} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{93D511B5-143B-4A99-ABFC-B5B78AD0AE1B} Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\CLSID\{E1842850-FB16-4471-B327-7343FBAED55C} Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8} Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{AA760BA8-5862-4BC5-9263-4452CBC0B264} Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{4613B1C1-FBC0-43C3-A4B9-B1D6CD360BB3} Sleutel Verwijderd : HKCU\Software\InstallCore Sleutel Verwijderd : HKCU\Software\Linkey Sleutel Verwijderd : HKCU\Software\Optimizer Pro Sleutel Verwijderd : HKCU\Software\pc speed maximizer Sleutel Verwijderd : HKCU\Software\SmdmF Sleutel Verwijderd : HKCU\Software\Reimage Sleutel Verwijderd : HKCU\Software\gameo Sleutel Verwijderd : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Sleutel Verwijderd : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F} Sleutel Verwijderd : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Sleutel Verwijderd : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} Sleutel Verwijderd : HKLM\SOFTWARE\FlvPlayer Sleutel Verwijderd : HKLM\SOFTWARE\Linkey Sleutel Verwijderd : HKLM\SOFTWARE\omiga-plusSoftware Sleutel Verwijderd : HKLM\SOFTWARE\SmdmF Sleutel Verwijderd : HKLM\SOFTWARE\SupDp Sleutel Verwijderd : HKLM\SOFTWARE\SupTab Sleutel Verwijderd : HKLM\SOFTWARE\supWindowsMangerProtect Sleutel Verwijderd : HKLM\SOFTWARE\IHProtect Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\FlvPlayer Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Linkey Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Reimage Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a} Gegevens Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\Users\yassine\AppData\Local\Linkey\IEEXTE~1\ietlb.dll Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\chatango.com Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\default-search.net Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\st.chatango.com Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.default-search.net ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17496 -\\ Google Chrome v40.0.2214.91 ************************* AdwCleaner[R0].txt - [7676 octets] - [22/01/2015 23:44:59] AdwCleaner[s0].txt - [6902 octets] - [22/01/2015 23:47:49] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6962 octets] ##########
- 22 januari 2015
- 19 antwoorden
samey reageerde op een bericht in een topic: Hoe mijn virussen verwijderen 22 januari 2015
Hoe mijn virussen verwijderen

samey reageerde op samey's topic in Archief Bestrijding malware & virussen

Zoek.exe v5.0.0.0 Updated 18-01-2015 Tool run by yassine on wo 21/01/2015 at 19:43:45,80. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\yassine\Downloads\zoek (4).exe [scan all users] [script inserted] ==== Older Logs ====================== C:\zoek-results2015-01-21-153904.log 67969 bytes ==== Empty Folders Check ====================== C:\Users\yassine\AppData\Roaming\hpqLog deleted successfully C:\Users\yassine\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\Dynamo Combo not found ==== Chromium Look ====================== Google Chrome Version: 39.0.2171.71 (Possible outdated, latest Stable version: 39.0.2171.99) HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14/07/2014 18:22] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions fcfenmboojpjinhpgggodefccipikbpd - No path found[] Docs - yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/nl-be/?pc=UP97&ocid=UP97DHP" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/nl-be/?pc=UP97&ocid=UP97DHP" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox" ==== Reset Google Chrome ====================== C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\yassine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\yassine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3URU9FDG will be deleted at reboot C:\Users\yassine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7EKXSJ6V will be deleted at reboot C:\Users\yassine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7YBN38P will be deleted at reboot C:\Users\yassine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZEJ9C75L will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1450 folders=184 364354964 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\yassine\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\yassine\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\yassine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3URU9FDG" not found "C:\Users\yassine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7EKXSJ6V" not found "C:\Users\yassine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7YBN38P" not found "C:\Users\yassine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZEJ9C75L" not found "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on wo 21/01/2015 at 20:07:42,74 ======================
- 21 januari 2015
- 19 antwoorden
Hoe mijn virussen verwijderen

samey reageerde op samey's topic in Archief Bestrijding malware & virussen

Enorm bedankt, ik zal het volgende bericht nu ook doen...
- 21 januari 2015
- 19 antwoorden
samey reageerde op een bericht in een topic: Hoe mijn virussen verwijderen 21 januari 2015
Hoe mijn virussen verwijderen

samey reageerde op samey's topic in Archief Bestrijding malware & virussen

Jaaaa super, amai wat een verschil hihi
- 21 januari 2015
- 19 antwoorden
Hoe mijn virussen verwijderen

samey reageerde op samey's topic in Archief Bestrijding malware & virussen

sorry ik kreeg het weer niet in een bestand..
- 21 januari 2015
- 19 antwoorden
Hoe mijn virussen verwijderen

samey reageerde op samey's topic in Archief Bestrijding malware & virussen

Zoek.exe v5.0.0.0 Updated 18-01-2015 Tool run by yassine on wo 21/01/2015 at 16:00:35,54. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\yassine\Downloads\zoek (1).exe [scan all users] [script inserted] [Checkboxes used] ==== System Restore Info ====================== 21/01/2015 16:06:29 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Users\yassine\AppData\Roaming\hpqLog deleted successfully C:\Users\yassine\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2682619030-2652341359-2438336200-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0d1d1b75-b188-4bca-a7cf-2a5e816ba08f} deleted successfully HKEY_USERS\S-1-5-21-2682619030-2652341359-2438336200-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0d1d1b75-b188-4bca-a7cf-2a5e816ba08f} deleted successfully HKEY_USERS\S-1-5-21-2682619030-2652341359-2438336200-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1e52125a-63a7-4e1c-bdea-36d8f19b4ed7} deleted successfully HKEY_USERS\S-1-5-21-2682619030-2652341359-2438336200-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1e52125a-63a7-4e1c-bdea-36d8f19b4ed7} deleted successfully HKEY_USERS\S-1-5-21-2682619030-2652341359-2438336200-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully HKEY_USERS\S-1-5-21-2682619030-2652341359-2438336200-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully HKEY_USERS\S-1-5-21-2682619030-2652341359-2438336200-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} deleted successfully HKEY_USERS\S-1-5-21-2682619030-2652341359-2438336200-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} deleted successfully HKEY_USERS\S-1-5-21-2682619030-2652341359-2438336200-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872711a5-8df5-4c99-8b61-ffdda2487127} deleted successfully HKEY_USERS\S-1-5-21-2682619030-2652341359-2438336200-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872711a5-8df5-4c99-8b61-ffdda2487127} deleted successfully HKEY_USERS\S-1-5-21-2682619030-2652341359-2438336200-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{b6f842f2-855d-4473-a5ce-f010c1e4701d} deleted successfully HKEY_USERS\S-1-5-21-2682619030-2652341359-2438336200-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{b6f842f2-855d-4473-a5ce-f010c1e4701d} deleted successfully HKEY_USERS\S-1-5-21-2682619030-2652341359-2438336200-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ce09cac8-7cf1-4227-921a-33e9e9d21a48} deleted successfully HKEY_USERS\S-1-5-21-2682619030-2652341359-2438336200-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ce09cac8-7cf1-4227-921a-33e9e9d21a48} deleted successfully HKEY_USERS\S-1-5-21-2682619030-2652341359-2438336200-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{fa64754a-032e-46f5-b1b1-327522c72046} deleted successfully HKEY_USERS\S-1-5-21-2682619030-2652341359-2438336200-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{fa64754a-032e-46f5-b1b1-327522c72046} deleted successfully HKEY_USERS\S-1-5-21-2682619030-2652341359-2438336200-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{986c37a1-7b65-476f-80dc-54f80bd4b0d6} deleted successfully HKEY_USERS\S-1-5-21-2682619030-2652341359-2438336200-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{986c37a1-7b65-476f-80dc-54f80bd4b0d6} deleted successfully HKEY_USERS\S-1-5-21-2682619030-2652341359-2438336200-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully HKEY_USERS\S-1-5-21-2682619030-2652341359-2438336200-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0d1d1b75-b188-4bca-a7cf-2a5e816ba08f} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0d1d1b75-b188-4bca-a7cf-2a5e816ba08f} deleted successfully HKEY_CLASSES_ROOT\CLSID\{0d1d1b75-b188-4bca-a7cf-2a5e816ba08f} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{0d1d1b75-b188-4bca-a7cf-2a5e816ba08f} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0d1d1b75-b188-4bca-a7cf-2a5e816ba08f} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0d1d1b75-b188-4bca-a7cf-2a5e816ba08f} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1e52125a-63a7-4e1c-bdea-36d8f19b4ed7} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1e52125a-63a7-4e1c-bdea-36d8f19b4ed7} deleted successfully HKEY_CLASSES_ROOT\CLSID\{1e52125a-63a7-4e1c-bdea-36d8f19b4ed7} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1e52125a-63a7-4e1c-bdea-36d8f19b4ed7} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1e52125a-63a7-4e1c-bdea-36d8f19b4ed7} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1e52125a-63a7-4e1c-bdea-36d8f19b4ed7} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully HKEY_CLASSES_ROOT\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872711a5-8df5-4c99-8b61-ffdda2487127} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872711a5-8df5-4c99-8b61-ffdda2487127} deleted successfully HKEY_CLASSES_ROOT\CLSID\{872711a5-8df5-4c99-8b61-ffdda2487127} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{872711a5-8df5-4c99-8b61-ffdda2487127} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872711a5-8df5-4c99-8b61-ffdda2487127} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872711a5-8df5-4c99-8b61-ffdda2487127} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{b6f842f2-855d-4473-a5ce-f010c1e4701d} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{b6f842f2-855d-4473-a5ce-f010c1e4701d} deleted successfully HKEY_CLASSES_ROOT\CLSID\{b6f842f2-855d-4473-a5ce-f010c1e4701d} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{b6f842f2-855d-4473-a5ce-f010c1e4701d} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b6f842f2-855d-4473-a5ce-f010c1e4701d} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b6f842f2-855d-4473-a5ce-f010c1e4701d} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ce09cac8-7cf1-4227-921a-33e9e9d21a48} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ce09cac8-7cf1-4227-921a-33e9e9d21a48} deleted successfully HKEY_CLASSES_ROOT\CLSID\{ce09cac8-7cf1-4227-921a-33e9e9d21a48} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ce09cac8-7cf1-4227-921a-33e9e9d21a48} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce09cac8-7cf1-4227-921a-33e9e9d21a48} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce09cac8-7cf1-4227-921a-33e9e9d21a48} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{fa64754a-032e-46f5-b1b1-327522c72046} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{fa64754a-032e-46f5-b1b1-327522c72046} deleted successfully HKEY_CLASSES_ROOT\CLSID\{fa64754a-032e-46f5-b1b1-327522c72046} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{fa64754a-032e-46f5-b1b1-327522c72046} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fa64754a-032e-46f5-b1b1-327522c72046} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fa64754a-032e-46f5-b1b1-327522c72046} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{986c37a1-7b65-476f-80dc-54f80bd4b0d6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{986c37a1-7b65-476f-80dc-54f80bd4b0d6} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-2682619030-2652341359-2438336200-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} deleted successfully ==== Running Processes ====================== C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\PC Speed Maximizer\SPMSchedule.exe C:\Program Files (x86)\Optimizer Pro 3.11\OptProSmartScan.exe C:\Program Files (x86)\Optimizer Pro 3.11\OptProReminder.exe C:\Users\yassine\AppData\Roaming\Gameo\gameo.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Users\yassine\AppData\Roaming\Gameo\gameo.exe C:\Users\yassine\AppData\Roaming\Gameo\gameo.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files (x86)\XTab\ProtectService.exe C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\Dynamo Combo\updateDynamoCombo.exe C:\Program Files (x86)\XTab\cmdshell.exe C:\Users\yassine\AppData\Roaming\Gameo\gameo.exe C:\Program Files (x86)\XTab\HPNotify.exe C:\Program Files (x86)\Dynamo Combo\bin\utilDynamoCombo.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter.exe C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.expext.exe C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BOASHelper.exe C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BRT.Helper.exe C:\Users\yassine\Downloads\zoek (1).exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BackupStack deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BackupStack deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\UPDATE Dynamo Combo deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UPDATE Dynamo Combo deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\UPDATE Dynamo Combo deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\UPDATE Dynamo Combo deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util Dynamo Combo deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util Dynamo Combo deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Util Dynamo Combo deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Util Dynamo Combo deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\WindowsMangerProtect deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WindowsMangerProtect deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IHProtect Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IHProtect Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SmdmFService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SmdmFService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\F06DEFF2-5B9C-490D-910F-35D3A91196222 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\F06DEFF2-5B9C-490D-910F-35D3A91196222 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ReimageRealTimeProtector deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ReimageRealTimeProtector deleted successfully ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0d1d1b75-b188-4bca-a7cf-2a5e816ba08f}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1e52125a-63a7-4e1c-bdea-36d8f19b4ed7}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872711a5-8df5-4c99-8b61-ffdda2487127}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b6f842f2-855d-4473-a5ce-f010c1e4701d}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce09cac8-7cf1-4227-921a-33e9e9d21a48}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fa64754a-032e-46f5-b1b1-327522c72046}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0d1d1b75-b188-4bca-a7cf-2a5e816ba08f}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1e52125a-63a7-4e1c-bdea-36d8f19b4ed7}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872711a5-8df5-4c99-8b61-ffdda2487127}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{986c37a1-7b65-476f-80dc-54f80bd4b0d6}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b6f842f2-855d-4473-a5ce-f010c1e4701d}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce09cac8-7cf1-4227-921a-33e9e9d21a48}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fa64754a-032e-46f5-b1b1-327522c72046}] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Optimizer Pro"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Deleting Files \ Folders ====================== C:\ProgramData\deal4reaal deleted C:\ProgramData\ShopPerMausTeR deleted C:\ProgramData\KingCouapion deleted C:\ProgramData\saviinagtoeyiou deleted C:\ProgramData\deaelPEak deleted C:\ProgramData\RooyalSHOpperrApP deleted C:\PROGRAM Files (x86)\XTab deleted C:\Users\yassine\AppData\Local\Linkey deleted C:\ProgramData\WindowsMangerProtect deleted C:\Users\yassine\AppData\Roaming\PC Speed Maximizer deleted C:\ProgramData\IHProtectUpDate deleted C:\Users\yassine\AppData\Roaming\omiga-plus deleted C:\Users\yassine\AppData\Roaming\FlvPlayer deleted C:\ProgramData\kondnekoajliejgdcechmoffohmfhfdh deleted C:\ProgramData\772c849670da8cb deleted C:\Program Files\Reimage deleted C:\Users\yassine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\StormFall.lnk deleted C:\Users\yassine\AppData\Roaming\RHEng deleted C:\Users\yassine\AppData\Roaming\StormFall deleted C:\Users\yassine\AppData\Roaming\GoldenGate deleted C:\Users\yassine\AppData\Roaming\OpenCandy deleted C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Browse and Search the Internet.lnk deleted C:\PROGRA~3\APN deleted C:\PROGRA~3\smdmf deleted C:\PROGRA~3\Reimage Protector deleted C:\Users\yassine\AppData\Local\StormFall deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2 deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair deleted C:\Users\yassine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup deleted C:\Users\yassine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk deleted C:\Users\yassine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormFall deleted C:\Users\yassine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gameo.lnk deleted C:\rei deleted C:\Users\yassine\Downloads\ReimageRepair.exe deleted C:\Users\yassine\AppData\LocalLow\DataMngr deleted C:\Windows\Reimage.ini deleted C:\windows\SysNative\tasks\PC Speed Maximizer Schedule deleted C:\windows\SysNative\tasks\ReimageUpdater deleted C:\windows\SysNative\Tasks\Reimage Reminder deleted C:\windows\SysNative\Tasks\LaunchSignup deleted C:\windows\SysNative\tasks\StormFall TW1 deleted C:\windows\SysNative\tasks\StormFall TW2 deleted C:\windows\SysNative\tasks\Optimizer Pro Schedule deleted C:\windows\SysNative\drivers\{641e52b1-3179-43ed-8bcb-f688871e52b0}Gw64.sys deleted C:\windows\SysNative\drivers\{ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gw64.sys deleted C:\windows\SysNative\drivers\{ecd6aae4-019c-44b2-a0e5-570904275d66}Gw64.sys deleted C:\windows\SysNative\GroupPolicy\machine deleted C:\windows\SysNative\GroupPolicy\gpt.ini deleted C:\Users\yassine\Documents\Optimizer Pro deleted C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk deleted C:\Users\yassine\Desktop\Optimizer Pro.lnk deleted C:\Users\yassine\Desktop\Sync Folder.lnk deleted C:\Users\yassine\Desktop\MyPC Backup.lnk deleted C:\Users\yassine\Desktop\PC Speed Maximizer.lnk deleted "C:\Program Files (x86)\Optimizer Pro 3.11\OptProReminder.exe" deleted "C:\Program Files (x86)\Optimizer Pro 3.11\OptProSmartScan.exe" deleted "C:\Program Files (x86)\MyPC Backup\AlphaFS.dll" deleted "C:\Program Files (x86)\MyPC Backup\BackupStackUI.dll" deleted "C:\Program Files (x86)\MyPC Backup\GetText.dll" deleted "C:\Program Files (x86)\MyPC Backup\LinqBridge.dll" deleted "C:\Program Files (x86)\MyPC Backup\Microsoft.Win32.TaskScheduler.dll" deleted "C:\Program Files (x86)\MyPC Backup\MPCBClient.dll" deleted "C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe" deleted "C:\Program Files (x86)\MyPC Backup\Newtonsoft.Json.dll" deleted "C:\Program Files (x86)\MyPC Backup\ObjectListView.dll" deleted "C:\Program Files (x86)\MyPC Backup\Shared Stack.dll" deleted "C:\Program Files (x86)\MyPC Backup\System.Data.SQLite.DLL" deleted "C:\Program Files (x86)\Dynamo Combo\updateDynamoCombo.exe" deleted "C:\Program Files (x86)\Dynamo Combo\updateDynamoCombo.exe" deleted "C:\Program Files (x86)\PC Speed Maximizer\SPMSchedule.exe" deleted "C:\PROGRA~2\PC Speed Maximizer\SPMSchedule.exe" deleted "C:\PROGRA~2\MyPC Backup\AlphaFS.dll" deleted "C:\PROGRA~2\MyPC Backup\BackupStackUI.dll" deleted "C:\PROGRA~2\MyPC Backup\GetText.dll" deleted "C:\PROGRA~2\MyPC Backup\LinqBridge.dll" deleted "C:\PROGRA~2\MyPC Backup\Microsoft.Win32.TaskScheduler.dll" deleted "C:\PROGRA~2\MyPC Backup\MPCBClient.dll" deleted "C:\PROGRA~2\MyPC Backup\MyPC Backup.exe" deleted "C:\PROGRA~2\MyPC Backup\Newtonsoft.Json.dll" deleted "C:\PROGRA~2\MyPC Backup\ObjectListView.dll" deleted "C:\PROGRA~2\MyPC Backup\Shared Stack.dll" deleted "C:\PROGRA~2\MyPC Backup\System.Data.SQLite.DLL" deleted "C:\Users\yassine\AppData\Roaming\Gameo\d3dcompiler_46.dll" deleted "C:\Users\yassine\AppData\Roaming\Gameo\ffmpegsumo.dll" deleted "C:\Users\yassine\AppData\Roaming\Gameo\gameo.exe" deleted "C:\Users\yassine\AppData\Roaming\Gameo\icudtl.dat" deleted "C:\Users\yassine\AppData\Roaming\Gameo\libEGL.dll" deleted "C:\Users\yassine\AppData\Roaming\Gameo\libGLESv2.dll" deleted "C:\Users\yassine\AppData\Roaming\Gameo\nw.pak" deleted "C:\Users\yassine\AppData\Local\Gameo\cookies" deleted "C:\Users\yassine\AppData\Local\Gameo\cookies-journal" deleted "C:\Users\yassine\AppData\Local\Gameo\lockfile" deleted "C:\Users\yassine\AppData\Local\Gameo\QuotaManager" deleted "C:\Users\yassine\AppData\Local\Gameo\QuotaManager-journal" deleted "C:\Users\yassine\AppData\Local\Gameo\Web Data" deleted "C:\PROGRA~2\Dynamo Combo\updateDynamoCombo.exe" deleted "C:\Program Files (x86)\MyPC Backup\x64\SQLite.Interop.dll" deleted "C:\Program Files (x86)\Dynamo Combo\bin\641e52b1317943ed8bcbf688871e52b064.dll" deleted "C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BOASHelper.exe" deleted "C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe" deleted "C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BRT.Helper.exe" deleted "C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.expext.exe" deleted "C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.expextdll.dll" deleted "C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.PurBrowse64.exe" deleted "C:\Program Files (x86)\Dynamo Combo\bin\sqlite3.dll" deleted "C:\Program Files (x86)\Dynamo Combo\bin\utilDynamoCombo.exe" deleted "C:\Program Files (x86)\Dynamo Combo\bin\641e52b1317943ed8bcbf688871e52b064.dll" deleted "C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BOASHelper.exe" deleted "C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe" deleted "C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BRT.Helper.exe" deleted "C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.expext.exe" deleted "C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.expextdll.dll" deleted "C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.PurBrowse64.exe" deleted "C:\Program Files (x86)\Dynamo Combo\bin\sqlite3.dll" deleted "C:\Program Files (x86)\Dynamo Combo\bin\utilDynamoCombo.exe" deleted "C:\PROGRA~2\MyPC Backup\x64\SQLite.Interop.dll" deleted "C:\Users\yassine\AppData\Local\Gameo\databases\Databases.db" deleted "C:\Users\yassine\AppData\Local\Gameo\GPUCache\data_0" deleted "C:\Users\yassine\AppData\Local\Gameo\GPUCache\data_1" deleted "C:\Users\yassine\AppData\Local\Gameo\GPUCache\data_2" deleted "C:\Users\yassine\AppData\Local\Gameo\GPUCache\data_3" deleted "C:\Users\yassine\AppData\Local\Gameo\GPUCache\index" deleted "C:\Users\yassine\AppData\Local\Gameo\Local Storage\file__0.localstorage" deleted "C:\Users\yassine\AppData\Local\Gameo\IndexedDB\file__0.indexeddb.leveldb\000055.log" deleted "C:\Users\yassine\AppData\Local\Gameo\IndexedDB\file__0.indexeddb.leveldb\000056.ldb" deleted "C:\Users\yassine\AppData\Local\Gameo\IndexedDB\file__0.indexeddb.leveldb\LOCK" deleted "C:\Users\yassine\AppData\Local\Gameo\IndexedDB\file__0.indexeddb.leveldb\LOG" deleted "C:\Users\yassine\AppData\Local\Gameo\IndexedDB\file__0.indexeddb.leveldb\MANIFEST-000053" deleted "C:\PROGRA~2\Dynamo Combo\bin\641e52b1317943ed8bcbf688871e52b064.dll" deleted "C:\PROGRA~2\Dynamo Combo\bin\DynamoCombo.BOASHelper.exe" deleted "C:\PROGRA~2\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe" deleted "C:\PROGRA~2\Dynamo Combo\bin\DynamoCombo.BRT.Helper.exe" deleted "C:\PROGRA~2\Dynamo Combo\bin\DynamoCombo.expext.exe" deleted "C:\PROGRA~2\Dynamo Combo\bin\DynamoCombo.expextdll.dll" deleted "C:\PROGRA~2\Dynamo Combo\bin\DynamoCombo.PurBrowse64.exe" deleted "C:\PROGRA~2\Dynamo Combo\bin\sqlite3.dll" deleted "C:\PROGRA~2\Dynamo Combo\bin\utilDynamoCombo.exe" deleted "C:\Program Files (x86)\Optimizer Pro 3.11" deleted "C:\Program Files (x86)\MyPC Backup" not deleted "C:\Program Files (x86)\Dynamo Combo" not deleted "C:\Program Files (x86)\Dynamo Combo" not deleted "C:\Program Files (x86)\PC Speed Maximizer" deleted "C:\PROGRA~2\PC Speed Maximizer" deleted "C:\PROGRA~2\MyPC Backup" not deleted "C:\Users\yassine\AppData\Roaming\Gameo" deleted "C:\Users\yassine\AppData\Local\Gameo" deleted "C:\PROGRA~2\Dynamo Combo" not deleted "C:\Program Files (x86)\MyPC Backup\x64" not deleted "C:\Program Files (x86)\Dynamo Combo\bin" not deleted "C:\Program Files (x86)\Dynamo Combo\bin" not deleted "C:\PROGRA~2\MyPC Backup\x64" not deleted "C:\Users\yassine\AppData\Local\Gameo\databases" deleted "C:\Users\yassine\AppData\Local\Gameo\GPUCache" deleted "C:\Users\yassine\AppData\Local\Gameo\IndexedDB" deleted "C:\Users\yassine\AppData\Local\Gameo\Local Storage" deleted "C:\Users\yassine\AppData\Local\Gameo\IndexedDB\file__0.indexeddb.leveldb" deleted "C:\PROGRA~2\Dynamo Combo\bin" not deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 3999 MB CPU Info: Celeron® Dual-Core CPU T3500 @ 2.10GHz CPU Speed: 2107,6 MHz Sound Card: Luidsprekers (Realtek High Defi | Display Adapters: Mobile Intel® 4 Series Express Chipset Family | Mobile Intel® 4 Series Express Chipset Family | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1366 X 768 - 32 bit Network: Network Present Network Adapters: Ralink RT5390 802.11b/g/n WiFi Adapter | Realtek PCIe FE Family Controller CD / DVD Drives: 1x (E: | ) E: hp CDDVDW TS-L633R Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 278,0GB | D: 19,8GB Hard Disks - Free: C: 207,7GB | D: 1,7GB Manufacturer *: Hewlett-Packard BIOS Info: AT/AT COMPATIBLE | 04/07/11 | HPQOEM - 1 Time Zone: Romance (standaardtijd) Motherboard *: Hewlett-Packard 1605 Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Spyware: Windows Defender disabled (Outdated) Default Browser: Google Chrome 39.0.2171.71 Internet Explorer Version: 11.0.9600.17501 Google Chrome version: 39.0.2171.71 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\yassine\AppData\Local\Temp ==== 2015-01-21 14:49:38 9EE20E6E2E3F94714D44F739B9A228F4 17048240 ----a-w- C:\Users\yassine\AppData\Local\Temp\nw2276_15657\plugins\NPSWF32_14_0_0_179.dll 2015-01-21 14:49:36 CDA956C83B7D59D1A886C4155C8D2F57 90112 ----a-w- C:\Users\yassine\AppData\Local\Temp\nw2276_15657\node_modules\gameo_utils\build\Release\gameo_utils.dll 2015-01-21 14:49:36 43F8EEB04CBBF8791B74A851EE250525 491520 ----a-w- C:\Users\yassine\AppData\Local\Temp\nw2276_15657\node_modules\is-reaction\reaction.dll 2015-01-21 14:31:49 9EE20E6E2E3F94714D44F739B9A228F4 17048240 ----a-w- C:\Users\yassine\AppData\Local\Temp\nw2420_6734\plugins\NPSWF32_14_0_0_179.dll 2015-01-21 14:31:46 CDA956C83B7D59D1A886C4155C8D2F57 90112 ----a-w- C:\Users\yassine\AppData\Local\Temp\nw2420_6734\node_modules\gameo_utils\build\Release\gameo_utils.dll 2015-01-21 14:31:46 43F8EEB04CBBF8791B74A851EE250525 491520 ----a-w- C:\Users\yassine\AppData\Local\Temp\nw2420_6734\node_modules\is-reaction\reaction.dll 2015-01-21 13:47:55 9EE20E6E2E3F94714D44F739B9A228F4 17048240 ----a-w- C:\Users\yassine\AppData\Local\Temp\nw2400_18519\plugins\NPSWF32_14_0_0_179.dll 2015-01-21 13:47:54 43F8EEB04CBBF8791B74A851EE250525 491520 ----a-w- C:\Users\yassine\AppData\Local\Temp\nw2400_18519\node_modules\is-reaction\reaction.dll 2015-01-21 13:47:53 CDA956C83B7D59D1A886C4155C8D2F57 90112 ----a-w- C:\Users\yassine\AppData\Local\Temp\nw2400_18519\node_modules\gameo_utils\build\Release\gameo_utils.dll 2015-01-20 20:58:35 9EE20E6E2E3F94714D44F739B9A228F4 17048240 ----a-w- C:\Users\yassine\AppData\Local\Temp\nw2432_21485\plugins\NPSWF32_14_0_0_179.dll 2015-01-20 20:58:35 43F8EEB04CBBF8791B74A851EE250525 491520 ----a-w- C:\Users\yassine\AppData\Local\Temp\nw2432_21485\node_modules\is-reaction\reaction.dll 2015-01-20 20:58:34 CDA956C83B7D59D1A886C4155C8D2F57 90112 ----a-w- C:\Users\yassine\AppData\Local\Temp\nw2432_21485\node_modules\gameo_utils\build\Release\gameo_utils.dll 2015-01-19 22:23:54 9EE20E6E2E3F94714D44F739B9A228F4 17048240 ----a-w- C:\Users\yassine\AppData\Local\Temp\nw2400_11080\plugins\NPSWF32_14_0_0_179.dll 2015-01-19 22:23:53 43F8EEB04CBBF8791B74A851EE250525 491520 ----a-w- C:\Users\yassine\AppData\Local\Temp\nw2400_11080\node_modules\is-reaction\reaction.dll 2015-01-19 22:23:52 CDA956C83B7D59D1A886C4155C8D2F57 90112 ----a-w- C:\Users\yassine\AppData\Local\Temp\nw2400_11080\node_modules\gameo_utils\build\Release\gameo_utils.dll 2015-01-19 20:24:33 5AB7B941CFBDA9E2163A3906DE0B5EAB 13352664 ----a-w- C:\Users\yassine\AppData\Local\Temp\ReimagePackage.exe 2015-01-19 15:35:39 9EE20E6E2E3F94714D44F739B9A228F4 17048240 ----a-w- C:\Users\yassine\AppData\Local\Temp\nw2408_17884\plugins\NPSWF32_14_0_0_179.dll 2015-01-19 15:35:37 CDA956C83B7D59D1A886C4155C8D2F57 90112 ----a-w- C:\Users\yassine\AppData\Local\Temp\nw2408_17884\node_modules\gameo_utils\build\Release\gameo_utils.dll 2015-01-19 15:35:37 43F8EEB04CBBF8791B74A851EE250525 491520 ----a-w- C:\Users\yassine\AppData\Local\Temp\nw2408_17884\node_modules\is-reaction\reaction.dll 2015-01-19 15:06:55 9EE20E6E2E3F94714D44F739B9A228F4 17048240 ----a-w- C:\Users\yassine\AppData\Local\Temp\nw2424_28446\plugins\NPSWF32_14_0_0_179.dll 2015-01-19 15:06:53 CDA956C83B7D59D1A886C4155C8D2F57 90112 ----a-w- C:\Users\yassine\AppData\Local\Temp\nw2424_28446\node_modules\gameo_utils\build\Release\gameo_utils.dll 2015-01-19 15:06:53 43F8EEB04CBBF8791B74A851EE250525 491520 ----a-w- C:\Users\yassine\AppData\Local\Temp\nw2424_28446\node_modules\is-reaction\reaction.dll 2015-01-19 13:35:33 9EE20E6E2E3F94714D44F739B9A228F4 17048240 ----a-w- C:\Users\yassine\AppData\Local\Temp\nw5012_7464\plugins\NPSWF32_14_0_0_179.dll 2015-01-19 13:35:32 43F8EEB04CBBF8791B74A851EE250525 491520 ----a-w- C:\Users\yassine\AppData\Local\Temp\nw5012_7464\node_modules\is-reaction\reaction.dll 2015-01-19 13:35:31 CDA956C83B7D59D1A886C4155C8D2F57 90112 ----a-w- C:\Users\yassine\AppData\Local\Temp\nw5012_7464\node_modules\gameo_utils\build\Release\gameo_utils.dll 2015-01-19 13:35:04 9EE20E6E2E3F94714D44F739B9A228F4 17048240 ----a-w- C:\Users\yassine\AppData\Local\Temp\nw2404_22928\plugins\NPSWF32_14_0_0_179.dll 2015-01-19 13:35:01 CDA956C83B7D59D1A886C4155C8D2F57 90112 ----a-w- C:\Users\yassine\AppData\Local\Temp\nw2404_22928\node_modules\gameo_utils\build\Release\gameo_utils.dll 2015-01-19 13:35:01 43F8EEB04CBBF8791B74A851EE250525 491520 ----a-w- C:\Users\yassine\AppData\Local\Temp\nw2404_22928\node_modules\is-reaction\reaction.dll 2015-01-19 07:36:37 9EE20E6E2E3F94714D44F739B9A228F4 17048240 ----a-w- C:\Users\yassine\AppData\Local\Temp\nw2392_27807\plugins\NPSWF32_14_0_0_179.dll 2015-01-19 07:36:37 43F8EEB04CBBF8791B74A851EE250525 491520 ----a-w- C:\Users\yassine\AppData\Local\Temp\nw2392_27807\node_modules\is-reaction\reaction.dll 2015-01-19 07:36:36 CDA956C83B7D59D1A886C4155C8D2F57 90112 ----a-w- C:\Users\yassine\AppData\Local\Temp\nw2392_27807\node_modules\gameo_utils\build\Release\gameo_utils.dll 2015-01-17 20:55:46 9EE20E6E2E3F94714D44F739B9A228F4 17048240 ----a-w- C:\Users\yassine\AppData\Local\Temp\nw2372_24946\plugins\NPSWF32_14_0_0_179.dll 2015-01-17 20:55:44 CDA956C83B7D59D1A886C4155C8D2F57 90112 ----a-w- C:\Users\yassine\AppData\Local\Temp\nw2372_24946\node_modules\gameo_utils\build\Release\gameo_utils.dll 2015-01-17 20:55:44 43F8EEB04CBBF8791B74A851EE250525 491520 ----a-w- C:\Users\yassine\AppData\Local\Temp\nw2372_24946\node_modules\is-reaction\reaction.dll 2015-01-17 05:30:10 9EE20E6E2E3F94714D44F739B9A228F4 17048240 ----a-w- C:\Users\yassine\AppData\Local\Temp\nw2404_11862\plugins\NPSWF32_14_0_0_179.dll 2015-01-17 05:30:09 CDA956C83B7D59D1A886C4155C8D2F57 90112 ----a-w- C:\Users\yassine\AppData\Local\Temp\nw2404_11862\node_modules\gameo_utils\build\Release\gameo_utils.dll 2015-01-17 05:30:09 43F8EEB04CBBF8791B74A851EE250525 491520 ----a-w- C:\Users\yassine\AppData\Local\Temp\nw2404_11862\node_modules\is-reaction\reaction.dll 2015-01-15 20:58:01 9EE20E6E2E3F94714D44F739B9A228F4 17048240 ----a-w- C:\Users\yassine\AppData\Local\Temp\nw2500_14534\plugins\NPSWF32_14_0_0_179.dll 2015-01-15 20:58:00 43F8EEB04CBBF8791B74A851EE250525 491520 ----a-w- C:\Users\yassine\AppData\Local\Temp\nw2500_14534\node_modules\is-reaction\reaction.dll 2015-01-15 20:57:59 CDA956C83B7D59D1A886C4155C8D2F57 90112 ----a-w- C:\Users\yassine\AppData\Local\Temp\nw2500_14534\node_modules\gameo_utils\build\Release\gameo_utils.dll 2015-01-13 23:06:36 9EE20E6E2E3F94714D44F739B9A228F4 17048240 ----a-w- C:\Users\yassine\AppData\Local\Temp\nw5544_26598\plugins\NPSWF32_14_0_0_179.dll 2015-01-13 23:06:35 CDA956C83B7D59D1A886C4155C8D2F57 90112 ----a-w- C:\Users\yassine\AppData\Local\Temp\nw5544_26598\node_modules\gameo_utils\build\Release\gameo_utils.dll 2015-01-13 23:06:35 43F8EEB04CBBF8791B74A851EE250525 491520 ----a-w- C:\Users\yassine\AppData\Local\Temp\nw5544_26598\node_modules\is-reaction\reaction.dll 2015-01-13 23:05:54 FF102E22D65CC581D501A35F767AC851 40137640 ----a-w- C:\Users\yassine\AppData\Local\Temp\is135831044\7DD354DE_stp.EXE 2015-01-13 22:48:51 BCBA8747AB53932F8613C006444078E9 297672 ----a-w- C:\Users\yassine\AppData\Local\Temp\CloudBackup753.exe 2015-01-13 22:48:44 B7372D9FE6922F54C6E4F62D77A1AE96 583472 ----a-w- C:\Users\yassine\AppData\Local\Temp\is135831044\64C2F02D_stp.EXE 2015-01-13 22:48:36 D1BC3B498AAF34D0CDC4FEA37C79842D 840928 ----a-w- C:\Users\yassine\AppData\Local\Temp\is135831044\6CF59B58_stp.EXE ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2015-01-20 21:00:47 67EC459E42D3081DD8FD34356F7CAFC1 770384 ----a-w- C:\Windows\SysWOW64\msvcr100.dll 2015-01-13 19:22:35 FE48346938C1CDDDF4E4097DB9B99764 52224 ----a-w- C:\Windows\SysWOW64\nlaapi.dll 2015-01-13 19:22:35 92940397DFFB4D237EA5BB22FF912BDC 156672 ----a-w- C:\Windows\SysWOW64\ncsi.dll 2015-01-13 19:22:27 2AF481C03C0383ADE09FFEDA0C583140 3971512 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-13 19:22:26 8A289EF0AE709327D6AA9769E108B5A6 3916728 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-13 19:22:25 9606307F5E1EABA98ACB61206EFC2127 43008 ----a-w- C:\Windows\SysWOW64\srclient.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2015-01-13 19:22:36 5B9954AE9FD4682DADD5EBC0301366B0 52736 ----a-w- C:\Windows\Sysnative\TSWbPrxy.exe 2015-01-13 19:22:35 D4FAC263861BAE06971C7F7D0A8EBF15 216576 ----a-w- C:\Windows\Sysnative\ncsi.dll 2015-01-13 19:22:35 B6A58491307B4CADA572583D863DC602 210432 ----a-w- C:\Windows\Sysnative\profsvc.dll 2015-01-13 19:22:35 8B301D474B478E9A92823BAB50A7BC49 303616 ----a-w- C:\Windows\Sysnative\nlasvc.dll 2015-01-13 19:22:35 46BB91A169B9B31FF44EB04C48EC1D41 70656 ----a-w- C:\Windows\Sysnative\nlaapi.dll 2015-01-13 19:22:28 0A70B8D78AF95894E221DDAC6482DF6D 5553592 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe 2015-01-13 19:22:25 F4846789B3795F14DCB7D92ED1DAF74F 503808 ----a-w- C:\Windows\Sysnative\srcore.dll 2015-01-13 19:22:25 DE595EACC79006E7B15B848BF0831E78 296960 ----a-w- C:\Windows\Sysnative\rstrui.exe 2015-01-13 19:22:25 BA6D609BAB615991E8791CA1DFFD034C 50176 ----a-w- C:\Windows\Sysnative\srclient.dll ====== C:\Windows\Sysnative\drivers ===== 2015-01-13 19:22:34 AE3334958D8F631FF14A0AEB3D7EFB3A 141312 ----a-w- C:\Windows\Sysnative\drivers\mrxdav.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-01-19 20:36:19 -------- d-----w- C:\Program Files\trend micro 2015-01-15 16:37:06 -------- d-----w- C:\Program Files\Microsoft Silverlight ======= C:\PROGRA~2 ===== 2015-01-15 16:37:06 -------- d-----w- C:\PROGRA~2\Microsoft Silverlight 2015-01-13 22:49:10 -------- d-----w- C:\PROGRA~2\Dynamo Combo 2015-01-13 22:48:54 -------- d-----w- C:\PROGRA~2\MyPC Backup 2014-12-26 16:22:15 -------- d-----w- C:\PROGRA~2\Microsoft Office 2014-12-26 16:21:12 -------- d-----w- C:\PROGRA~2\MSECache ======= C: ===== ====== C:\Users\yassine\AppData\Roaming ====== 2015-01-20 21:00:14 D81ED201FA05F970B9F5EC7FDFA794AF 11098758 ----a-w- C:\Users\yassine\AppData\Local\package.nw.new 2015-01-13 22:49:26 -------- d-----w- C:\Users\yassine\AppData\Roaming\MailUpdate 2015-01-07 01:23:43 -------- d-----w- C:\Users\yassine\AppData\Local\Diagnostics 2014-12-26 15:04:02 -------- d-----w- C:\Users\yassine\AppData\Locallow\Temp ====== C:\Users\yassine ====== 2015-01-19 20:35:52 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\yassine\Downloads\RSITx64.exe 2015-01-19 20:31:32 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\yassine\Downloads\RSIT.exe 2015-01-15 20:58:54 02C1EE40968BAA67C3A785CDA9807125 262 --sha-r- C:\ProgramData\ntuser.pol 2015-01-15 16:37:13 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-01-15 16:33:00 2EDE6612B7042D8582819CAB084E6883 13087456 ----a-w- C:\Users\yassine\Downloads\Silverlight_x64 (1).exe 2015-01-13 23:05:29 619A805B30ABF974FF3CE30FB6C2A130 802960 ----a-w- C:\Users\yassine\Downloads\FlvPlayerSetup (1).exe 2015-01-13 22:49:26 -------- d-----w- C:\ProgramData\MailUpdate 2015-01-13 22:48:50 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlvPlayer 2015-01-13 22:13:20 CC35041EC4A4DF264CAF92ECEF8FC781 802960 ----a-w- C:\Users\yassine\Downloads\FlvPlayerSetup.exe ====== C: exe-files == 2015-01-21 15:27:05 0BB319CD0FC407D0D844EB5DDEF9E25D 121592 ----a-w- C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter64.exe 2015-01-21 15:26:58 FB36BF67FEE73AB504173FA44D39651F 161528 ----a-w- C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BRT.Helper.exe 2015-01-21 15:26:58 F2EA795CC27ABD186E4E58AF47FCCC61 103936 ----a-w- C:\Program Files (x86)\Dynamo Combo\bin\certUtil\certutil.exe 2015-01-21 15:26:51 F67B43F437081053CE22941B282A06C4 1786616 ----a-w- C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BOASPRT.exe 2015-01-21 15:26:50 75510DFE10F22F6883B34B69E11047B8 1791224 ----a-w- C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BOAS.exe 2015-01-21 15:26:34 75ED59F9D3382AB80CB38A436B3FB776 104184 ----a-w- C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter.exe 2015-01-19 20:36:20 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\yassine.exe 2015-01-19 20:35:52 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\yassine\Downloads\RSITx64.exe 2015-01-19 20:31:32 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\yassine\Downloads\RSIT.exe 2015-01-19 20:25:10 BC2A6C999C0874081131BD38405924E3 16508360 ----a-w- C:\Users\yassine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YRDVWW1R\ProtectorPackage2007x64a[1].exe 2015-01-19 20:24:33 5AB7B941CFBDA9E2163A3906DE0B5EAB 13352664 ----a-w- C:\Users\yassine\AppData\Local\Temp\ReimagePackage.exe 2015-01-19 20:24:33 5AB7B941CFBDA9E2163A3906DE0B5EAB 13352664 ----a-w- C:\Users\yassine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LBXKHJX0\ReimagePackage1804x64[1].exe 2015-01-19 07:41:16 28A2C00940537771896D546051C128EA 101624 ----a-w- C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.expext.exe 2015-01-19 07:41:08 B9EC673A58BA5BB77DB851BF6F0F0950 1649912 ----a-w- C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BOASHelper.exe 2015-01-15 16:33:00 2EDE6612B7042D8582819CAB084E6883 13087456 ----a-w- C:\Users\yassine\Downloads\Silverlight_x64 (1).exe === C: other files == 2015-01-21 15:26:58 5E8D639E16CA56283151906661C481EF 1824847 ----a-w- C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BRT.zip 2015-01-21 15:26:58 13650CEE5242DAA4E5D3455A3C8405D4 1337367 ----a-w- C:\Program Files (x86)\Dynamo Combo\bin\certutil.zip 2015-01-21 15:26:55 989E75C4B99BF377BAA0149A7233E1AF 94356 ----a-w- C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.expext.zip 2015-01-21 15:26:50 277C610643ADD1E01A55068E741B8C37 2411909 ----a-w- C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BOAS.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2682619030-2652341359-2438336200-1000\Software\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden" "RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe" "Gameo"="C:\Users\yassine\AppData\Roaming\Gameo\gameo.exe C:\Users\yassine\AppData\Roaming\Gameo\gameo.dat mode:minimized" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Quick Launch"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden" "RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe" "Gameo"="C:\Users\yassine\AppData\Roaming\Gameo\gameo.exe C:\Users\yassine\AppData\Roaming\Gameo\gameo.dat mode:minimized" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\Users\\yassine\\AppData\\Local\\Linkey\\IEEXTE~1\\ietlb.dll " ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s" "HPWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " ==== Task Scheduler Jobs ====================== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [24/11/2014 17:42] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [24/11/2014 17:42] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] ==== Chromium Look ====================== Google Chrome Version: 39.0.2171.71 (Possible outdated, latest Stable version: 39.0.2171.99) HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions fgbcffenncokfocljomejddmgcpppjom - No path found[] fpmeembnagmagppkgghhfjfdfajdfcah - C:\Users\yassine\AppData\Local\Linkey\ChromeExtension\ChromeExtension.crx[] Music Maker - yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdblcahgpgoandbbidibfjnlfkmpccaf WasteNoTime - yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\enebomhlllfaccbelnjhfgblnalofhch Default-Search_IS - yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgbcffenncokfocljomejddmgcpppjom Linkey - yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpmeembnagmagppkgghhfjfdfajdfcah FullScreen for GoogleMaps - yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\kapgobifldgnkpcgoejmkfoemkajilcj Cars 2 World Grand Prix Races - yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkpnakihjiclpakoaggnpaphjjjjelo Page Rank - yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndiecnlfaibiffoeijpjnblnmdlcpog ==== Chromium Startpages ====================== C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://isearch.omiga-plus.com/?type=hp&ts=1421189366&from=cor&uid=ST9320423AS_W330BD34", "startup_urls": [ "http://isearch.omiga-plus.com/?type=hp&ts=1421189366&from=cor&uid=ST9320423AS_W330BD34" ], ==== Chromium Fix ====================== C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage-journal deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.publikeco00.publikeco.com_0.localstorage deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.publikeco00.publikeco.com_0.localstorage-journal deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.williamhill.com_0.localstorage deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.williamhill.com_0.localstorage-journal deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage-journal deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_searches.omiga-plus.com_0.localstorage deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_searches.omiga-plus.com_0.localstorage-journal deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.speedanalysis.net_0.localstorage deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.speedanalysis.net_0.localstorage-journal deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.omiga-plus.com_0.localstorage deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.omiga-plus.com_0.localstorage-journal deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_microsoft-word.nl.softonic.com_0.localstorage deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_microsoft-word.nl.softonic.com_0.localstorage-journal deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_customers-research.com_0.localstorage deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_customers-research.com_0.localstorage-journal deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpmeembnagmagppkgghhfjfdfajdfcah deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgbcffenncokfocljomejddmgcpppjom deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdblcahgpgoandbbidibfjnlfkmpccaf deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bdblcahgpgoandbbidibfjnlfkmpccaf_0.localstorage deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bdblcahgpgoandbbidibfjnlfkmpccaf_0.localstorage-journal deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bdblcahgpgoandbbidibfjnlfkmpccaf deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\enebomhlllfaccbelnjhfgblnalofhch deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_enebomhlllfaccbelnjhfgblnalofhch_0.localstorage deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_enebomhlllfaccbelnjhfgblnalofhch_0.localstorage-journal deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\kapgobifldgnkpcgoejmkfoemkajilcj deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kapgobifldgnkpcgoejmkfoemkajilcj_0.localstorage deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kapgobifldgnkpcgoejmkfoemkajilcj_0.localstorage-journal deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkpnakihjiclpakoaggnpaphjjjjelo deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kfkpnakihjiclpakoaggnpaphjjjjelo_0.localstorage deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kfkpnakihjiclpakoaggnpaphjjjjelo_0.localstorage-journal deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndiecnlfaibiffoeijpjnblnmdlcpog deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lndiecnlfaibiffoeijpjnblnmdlcpog_0.localstorage deleted successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lndiecnlfaibiffoeijpjnblnmdlcpog_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.default-search.net?sid=492&aid=311&itype=a&ver=15005&tm=591&src=hmp" "Search Page"="http://isearch.omiga-plus.com/web/?type=dspp&ts=1421189373&from=cor&uid=ST9320423AS_W330BD34&q={searchTerms}" "Default_Page_URL"="http://isearch.omiga-plus.com/?type=hppp&ts=1421189373&from=cor&uid=ST9320423AS_W330BD34" "Default_Search_URL"="http://isearch.omiga-plus.com/web/?type=dspp&ts=1421189373&from=cor&uid=ST9320423AS_W330BD34&q={searchTerms}" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://isearch.omiga-plus.com/web/?type=ds&ts=1421189366&from=cor&uid=ST9320423AS_W330BD34&q={searchTerms}" "Default_Page_URL"="http://isearch.omiga-plus.com/?type=hppp&ts=1421189373&from=cor&uid=ST9320423AS_W330BD34" "Start Page"="http://isearch.omiga-plus.com/?type=hppp&ts=1421189373&from=cor&uid=ST9320423AS_W330BD34" "Search Page"="http://isearch.omiga-plus.com/web/?type=ds&ts=1421189366&from=cor&uid=ST9320423AS_W330BD34&q={searchTerms}" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://isearch.omiga-plus.com/web/?type=ds&ts=1421189366&from=cor&uid=ST9320423AS_W330BD34&q={searchTerms}" "Default_Page_URL"="http://isearch.omiga-plus.com/?type=hppp&ts=1421189373&from=cor&uid=ST9320423AS_W330BD34" "Start Page"="http://isearch.omiga-plus.com/?type=hppp&ts=1421189373&from=cor&uid=ST9320423AS_W330BD34" "Search Page"="http://isearch.omiga-plus.com/web/?type=ds&ts=1421189366&from=cor&uid=ST9320423AS_W330BD34&q={searchTerms}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" ==== Reset Google Chrome ====================== C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2682619030-2652341359-2438336200-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1} deleted successfully HKEY_CLASSES_ROOT\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-2682619030-2652341359-2438336200-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{54739D49-AC03-4C57-9264-C5195596B3A1} deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fpmeembnagmagppkgghhfjfdfajdfcah deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fgbcffenncokfocljomejddmgcpppjom deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2FA77785-00C3-A920-6452-D4FE5C9C129F} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{35E0D123-1F22-9AE6-F973-B7ECA46E8BFE} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5C28578D-D0F1-699F-01B0-CC0653A28C11} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A2616871-3463-BCEE-5AFA-73773317A381} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C60D3D4E-3B20-5AB3-7F2C-9C946AD4080F} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F6423EE4-93D8-FA04-D09D-A8598F6EFDFD} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gameo deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Repair deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Settings Manager deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\omiga-plus uninstall deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PC Speed Maximizer_is1 deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe O4 - HKCU\..\Run: [Gameo] C:\Users\yassine\AppData\Roaming\Gameo\gameo.exe "C:\Users\yassine\AppData\Roaming\Gameo\gameo.dat" mode:minimized O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user') O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O20 - AppInit_DLLs: C:\Users\yassine\AppData\Local\Linkey\IEEXTE~1\ietlb.dll O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: RtVOsdService Installer (RtVOsdService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\yassine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\yassine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1450 folders=184 364354964 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\yassine\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\yassine\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Program Files (x86)\MyPC Backup" not found "C:\Program Files (x86)\Dynamo Combo" not found "C:\Program Files (x86)\Dynamo Combo" not found "C:\PROGRA~2\MyPC Backup" not found "C:\PROGRA~2\Dynamo Combo" not found ==== EOF on wo 21/01/2015 at 16:39:04,01 ======================
- 21 januari 2015
- 19 antwoorden
samey reageerde op een bericht in een topic: Hoe mijn virussen verwijderen 21 januari 2015
Hoe mijn virussen verwijderen

samey reageerde op samey's topic in Archief Bestrijding malware & virussen

Sorry ik kreeg het niet in een bestand heb ik het maa zo gedaan... Laptop werkt ook een beetje op mijn zenuwen alles is ongelooflijk traag. Dit is een familie laptop vandaar al die rotzooi
- 21 januari 2015
- 19 antwoorden
Hoe mijn virussen verwijderen

samey reageerde op samey's topic in Archief Bestrijding malware & virussen

Zoek.exe v5.0.0.0 Updated 18-01-2015 Tool run by yassine on wo 21/01/2015 at 16:00:35,54. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\yassine\Downloads\zoek (1).exe [scan all users] [script inserted] [Checkboxes used] ===== Runcheck 16:05:09,24 ===== --- Create Environment Variables 16:05:16,01 --- Create System Restore Point 16:05:40,08 --- Checking Input 16:06:35,24 --- AU AppData Check 16:06:59,62 --- Remove From Windows Installer 16:07:17,42 --- Empty Folders Check 16:10:45,62 --- Registry HKLM Software Check 16:10:45,64
- 21 januari 2015
- 19 antwoorden

Inloggen

samey

Items

Registratiedatum

Laatst bezocht

samey's prestaties

Leerling (3/14)

Recente badges

Reputatie

virussen

virussen

virussen

virussen

virussen

Hoe mijn virussen verwijderen

Hoe mijn virussen verwijderen

Hoe mijn virussen verwijderen

Hoe mijn virussen verwijderen

Hoe mijn virussen verwijderen

Hoe mijn virussen verwijderen

Hoe mijn virussen verwijderen

Hoe mijn virussen verwijderen

Hoe mijn virussen verwijderen

Hoe mijn virussen verwijderen

OVER ONS

SITEMAP

Home

Info

Handleidingen & Tips

Activiteit

Belangrijke informatie