virussen

[samey]

Beste

 

Ik zit weer met die virussen.

 

Kan iemand me helpen?

 

Heb het logje al:

 

Logfile of random's system information tool 1.10 (written by random/random)

Run by yassine at 2015-02-18 01:27:40

Microsoft Windows 7 Home Premium  Service Pack 1

System drive C: has 209 GB (74%) free of 285 GB

Total RAM: 3999 MB (36% free)

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 1:27:46, on 18/02/2015

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.17631)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe

C:\Program Files (x86)\TornPlusTV_version1.11\7478ed61-6d44-4df4-97f5-84cb4715dac9-10.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\XTab\cmdshell.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files (x86)\XTab\HPNotify.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Reverse Page\bin\ReversePage.expext.exe

C:\Program Files (x86)\Reverse Page\bin\ReversePage.BrowserAdapter.exe

C:\Program Files (x86)\Reverse Page\bin\ReversePage.BOASHelper.exe

C:\Program Files (x86)\Reverse Page\bin\ReversePage.BOASPRT.exe

C:\Program Files (x86)\Reverse Page\bin\ReversePage.BOAS.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files\trend micro\yassine.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34&q={searchTerms}

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34&q={searchTerms}

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\Program Files (x86)\Dynamo Combo\bin\Pac8807.js

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\XTab\SupTab.dll

O2 - BHO: Reverse Page 1.0.0.7 - {83dc36e5-db3f-461a-8fbc-245e44000b1f} - C:\Program Files (x86)\Reverse Page\ReversePagebho.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

O4 - HKCU\..\Run: [Gameo] C:\Users\yassine\AppData\Roaming\Gameo\gameo.exe "C:\Users\yassine\AppData\Roaming\Gameo\gameo.dat" mode:minimized

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [slimCleaner Plus] "C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe" /minimize

O4 - HKCU\..\Run: [TornTv Downloader] C:\Users\yassine\AppData\Roaming\TornTV.com\Torntv Downloader.exe /c=startup

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')

O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe

O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe

O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O20 - AppInit_DLLs:  

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) - globalUpdate - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe

O23 - Service: globalUpdate Update Service (globalUpdatem) (globalUpdatem) - globalUpdate - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: IHProtect Service - XTab system - C:\Program Files (x86)\XTab\ProtectService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: RtVOsdService Installer (RtVOsdService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: SlimWare Utility Service Launcher (SlimService) - SlimWare Utilities, Inc. - C:\Program Files\SlimService\SlimServiceFactory.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Torntv Downloader (trntv) - Cool Mirage - C:\Users\yassine\AppData\Roaming\TornTV.com\TornTVSvc.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Update Reverse Page - Unknown owner - C:\Program Files (x86)\Reverse Page\updateReversePage.exe

O23 - Service: Util Reverse Page - Unknown owner - C:\Program Files (x86)\Reverse Page\bin\utilReversePage.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) - SysTool PasSame LIMITED - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 12109 bytes

 

======Listing Processes======

 

 

 

\SystemRoot\System32\smss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

C:\Windows\system32\services.exe

winlogon.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service

taskeng.exe {AA36074E-69A1-4897-A20A-998700AC3BBF}

"taskhost.exe"

"C:\Windows\system32\Dwm.exe"

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

taskeng.exe {10765CDC-50ED-43CC-96D9-71DAE0999D22}

"C:\Program Files (x86)\TornPlusTV_version1.11\7478ed61-6d44-4df4-97f5-84cb4715dac9-6.exe" /rawdata=P/QonJXzFFP/GvT1Eo7xdtNE0hMBp9gYY62pW09ujJQvlV6czrIPdkatmWBXUeRoLoJ4SyDMlNqQTT9qxnAv/jkXm00MvEOcdYf2ZkEoaQdWtJXozFmKU9QJ+YWs14W4Qx3QVukbSBPGaeGzoKjDuPNGe2sH4nfiMOV6ytTW+oIyDySKnxvgdcw7oZ+4nicY+Jsgy4pn77FwnzVkXUujJXCQ0YAMyUj4yRdZTYHJi5RFzBFkqns6+6rZD7o/hxuWVJWzZ4bsLcoDYF7AMLDAK12r8AhtU+WPgYgJjLdbVvG74F4v5sJ22CQ8Hretl+5YWJNHpwU4KgLXqsSg2T+hJ62P2xldyeIXqt5RC9jkmN7TU3b0KfEDgIU/GHwfwJN4XbdX+Q32aG5M8vKvLgIF27v+Y7ITMoEllmNg3al8oYluhRTtl0i9o092a46TdrQhuWYPxDTOYV1QRO5fTTm38z7lt1TvwQ1lDXCVmDrlOd1jZVR7bx/BxR+yj2EiZIfGJNhTRIuZaA+6cuxjYxdBoAtDJfsmqXHOw8NNRTIeRqZIlMWjBIXTH8Z7H2FQrBt4KQSjiUHner3710zyBhqq2d3U+ZthQxTlwUyEwkV7M4Nxs8vaHtfcxXbaLi57uxg25xRk5E/VO3LjikCFkcpLDmNsVYe8Lqimw6RzRg2S6Jwmmnmx442bwywsYzSHmMFkkPCJqcKgWDwpNEm/ZJMOFo5ceV2aVreiydEy6Ixe4tbW6k7TVI+LBuxR8veHYiQ+KR1rMIn2ldJ5AIYXsbvKRsoXmNvXp1O93DiEf/N4cdAdSvJdmpe/Em9tCtM/H3+9BeCrt0uTOSZlLWV6oxESKAhHtCkpT9OWpzV/qjVGl47dh9se4CiZB2LxMv55g3zdzMmvX6LqQmzzfXiO/aVCtywT32jZKIwLS6RA7JzLPiy1fNmInAd//0Nlupd4vkd9Rl9hGNG+Oe6LSd0DS8n9EAvPnZMbVze7D9/FsAaSjOfgFnugdW3WBFmnW0Iwpmo3kMMFldQBeyrjFg0Wn3g+X+aSJWZldTQpzRYiARb44HR6zPZxnCb4hFgELQPNZpZfIc46gBiPJx5mWQh7wb7ksstkBG+OCsk7i8F6nojWNzGpwaoRvZqtNI1HWqjEKGmw8vK0T36Ztvv+yJPMQkjpwbjiDU+7B2c1oZCOyidIbwaA1vPWWJyhuMwKPUkU2yl0gyfnW2Xzi4Q0O8ALDRnxaOdlt/QuSGDKG/R9q7cttsuqOsjkf6Wl2/mBEy56TOtwHAkciPfOuPZoLRqwEnuovtTKdOvIGpzog5/9jyJqV9Nq1dUZz4E72usf4CN7flzYYZ1rYW5Bt2/9x9Nx//pVwApR6KcYtpdFiZb4/fu+NKaf0FYrgHg6m5fXfb/cd95tWewCFzG3EBHSo9au2Awu+hR22OkFaMi1OhjTr0Hzta6ns6qywzd4NJRoQYYkRyC5I+dQK/z5urLbh1+kiX3BdDeYMsyVOsg77AnJ5QJ7qazzN7odasSTF+JjWybQIdJTsb8+eKxENuSHbw+nLxlcH+Npt2c226bZ8ACpsoBxQofVr4YAtUK/jTzr0bfoq7ZM5h5M827k3dfJqc2wlbiNerOoNQZ5zR4+L3wJlYzshQWfHsbCaNZUmd3AFQhs3IH6qIdwAcKLawbxwv2lZj35PDiLrFpwkAJU3qebQnWyM3Cv3Lb4SNXlb7VBGwWnWMTAFyDYhdOhLT1RNbPkvXiitHiUBenv2LW5cTvTW9PB/YbnmIqC6dAbYtJ4nF+dbRMQRhsJFNCudPCqnw/SGN3ut6KT+RWAi0ogUcT4IVSR16MRrsubcX6XrP2uSf+NXNlIclN7jMWJAl7TQQZhyhjvJLXXlsZv7S6N2LBtJ6NiYDLXC+YD97bzwNmmojReLr1efDFTlKLYXG7GSWWjTrJ3ecZ1XMOI6U67e7TrkvhBzitoj52+CeTWHxnSOjvTAu905NIt1eEHpTwmc85o5oojpJoDFeKZ8tb/eBl6caN6Jn/Go/y2HI5SEQrzBwpZAKESVblzbpLYRXkSIHZypdVMOsDAPPoGairsacRVB4wiaAQp85aeZ9Gx13Wg/uT7wBd/duIrqJLgie3Tn0tkDoc29XPwHjmEwD7CYVHcxjj2jQx5lSCZY9D3hnCju3pxLoqAggnwjLsNwL+3CYtaUfWQzZ+4IEgVx8h240YyxGigogy83BMrelglgDLb/Tf0Wmm503RH+9D8f73fFqEvqpGm/AaAXst41NJz3JdQtt7CxMhO2FUx24Rxl2NQCzg1pS4DpIqpI6ZFex59HlgBhVbI2QhlzJnDx0vhjNK2uiPhBsDGU7AJGeUWcu1rFJpDMyK6YObOoUV2tpOM+hYEnNkPXzX+CRSwlRdvEESIuiFS9yVD9ZaxiO+KgxnOOJS5Ddl7qPZaLLhH6U6nxM3+7UdvfTj0ho7vpXSGnnsxtRtwzohil7DnhbfoHugqOnh8Se9JeWOWT65X8NuCCF5+9lf7PjjlnaFHpZuuHDV/CpNfiLHP/whPsMp79uGqeiRX483q

"C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe" -boot

"C:\Program Files (x86)\TornPlusTV_version1.11\7478ed61-6d44-4df4-97f5-84cb4715dac9-1-6.exe" /rawdata=mNFhDKub8MAQH+19pWOeNaSEtktXCrXZNml8ZuE1tdT41QY6YCSESKBxSZmr6SxA9WKwkRLgA6w57uPDtjIIOwR05iwUo73RtoUzO0GxBIp41jk8e0ps32tgbsts2wIphqSOXeISfAc198iJqG5bjOxMRSFXyvU/v3yjbd5drmgJ21dqVff+CangmiNE3J+apyIdfSUJ0Kthf8htYh9S2NcaDy6okAcpT0jrlWym6WAv5zk3M4qgBDlDhTqIR1lJlhWZMEsZVQwSLRPK7cAlyWujDXR/m1NIqrfqCiTzzcWgCYxTOKYlUY+ZkNnmJIqFZYcQ8Vt/k7h+wEsDLZDugrm/CrJ5pt7j2OykBit9OLRMiSzjgKivAl/Wf2FSAhAqrO6Eqbw7BCsKykUNtzMArFC4VmHcLlvvqYaINWtUregncAkthf5h60U0YONoDKru+08wuUD9mvAV2fjtVZcn6876sEOGqp/X+vS24Oiofu6nbA5QidB3Js2VMXi4PdOmCwvVTbBWdZf/kFKtlxXLUoG1egvPwf87eBSPGY6c4a2shWNtp9i+tIWh9diqEKQNCZ6XD24NAn6x9W1gdUaYQsknuZKxp3ngnIXdQPiGy/YPophW25FOL3+0DFdXGG42g1pTrmdHrfmKbIJ+kpfeHjD9KRCx+Tm7gQuKd4kZOLc0t9kbS+TYVkCAJ4lmYSVWEPioIDtlFCBZPjoGyxiuhYh1FJdTn6wPKDy7pwM9kzDTEA+LnL3UFHqenzYbY05X4RLylugyW1gDNOjaxT+jecTpdf+rFUngcfkZOD8qMip45u9T/e/pkOH5Px9jiODU+kPMtNkrEUny4r/TsPriwLET9maEwZukpAcuDYk6TolU7fI1MIJJOHKMgT6TRXeeJP1LOfs3skluY4AqM6xFQc6VHz80t/PE6QLtiyuSEQ/098hXQYgdMhRNZBEgWolUwUDQ/2tfLeazhIvFTKQI5ZisW05DJVhrlLSAKqJxbxg1e/aI9k9lO5KBmU9fj1O+MrmD35C3NnPkgQSwLaq0SNpBpfnT/l+Hd/9Si1Q3k/s6/bMcyJEFkAe3P3nGDtBJ6ip1vqBfTNBjE8DPr20d7aNHTVm88k2Aka7saNj+y9DCdHTmquBlEyMnUkvC3uk7b0aGDM1nQ22M87mYXimBT3eiPPTMkGJuyauBdZKvMZRtmmMrlYAWMRX7u98wXpdDXvvr39HSSwjzoFYpReGLa7IfNIDt+G4Jxwdl7fHIpttdRHHX3uKfEzhSJiNZmGNpogp4FMQ62VmW87VVRBUEm3LO0LDmtjpPBbkrHbwoB2iS2mewDlWpprAlFcafb3DChejiyFunNFeDIEEMIBRi5w==

"C:\Program Files (x86)\TornPlusTV_version1.11\7478ed61-6d44-4df4-97f5-84cb4715dac9-10.exe" /rawdata=a3Lgi61OnFONumfISxUHa18ZTUAY41+LU4WD1iqCLWeSm77wvcoYXOhuw1PpLT0fMA+34Bxsh2yONeqxtOpDF7CYqyEzArBHnARtw+6He6kqa14PJJ/TJvZvqoeuJF0aREsF8wvi622n2BtHFv7BZfhf9KUtKrcS4VikbjZt6CKoMYXLBJc9oYv0FnpDQ3L317QM7ihKMVdLehntUejWPBHTz+cLDC3wIYKPrYScaPoZW73wbt8NVOzwpbJgWHh6q1sPDrpnFPksA6ksmSpNuz3yTwdbD3HN9SfTGJ1o/R/Vime9W3haTHM19vONb9HYpJOiIDZldxc/VImf6+0eklS925NwQVkay5TFZ7OD1+Mi9kfMEwG6jKWIbvm1O2aSFBhGsW6v7JyjoK6VGuwBfrG01PJvQPq0lhBWfiFMoX+gC6ce/c5N1nsu/5Xrwyl9z+cocU2THE2pv+8xpi0Xrkls1Wk3sKKjWC5Zw152pMvJU5xRWvHW8AVJRv/qJuAcSe4B2pgmNcLFqsJ0uQp9VywyJUbv/irLa1Xc4KYhhoW6bE/4tD/BWbfDgrWjT95eQzISNFkVSKZuqzDHSK6+/kFGv2fsOR6ZMrsYgSau7d0P/PBI5PYDiIBNIle8qWng5QyeuZaVUA8baPdYae4KGnmlrjB6IzoLCDQx1sof0jWqGUHuSQbk6dJGg7sVLkflrXoiFClKID+Axx3Rbnbw1BtUSjTSxRzjK6Zta0YRoVyf5dYrSkM5b+XT7bkKqVHdu8iHyX55346kmbT+HaGEOPyh9nynqqt8lsSbRXu/WgJpDc3sNOn3ZC75LXupn/F1GVZe+gRF4fU1cuvqc0yIHw==

"C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe"

"C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service

"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service

"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"

"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe"

"C:\Program Files (x86)\XTab\ProtectService.exe"

"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" 

"C:\Windows\System32\igfxtray.exe" 

"C:\Windows\System32\hkcmd.exe" 

"C:\Windows\System32\igfxpers.exe" 

"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s

"C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden

"C:\Windows\System32\StikyNot.exe" 

"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" 

"C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe" 

"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"

"C:\Program Files\SlimService\SlimServiceFactory.exe"

"C:\Program Files (x86)\XTab\cmdshell.exe"

C:\Windows\system32\svchost.exe -k imgsvc

C:\Users\yassine\AppData\Roaming\TornTV.com\TornTVSvc.exe

taskeng.exe {5A8C485D-74DE-4C55-9A29-766BD4E531A9}

"C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe" 

HPNotify.exe -run

C:\Windows\system32\SearchIndexer.exe /Embedding

"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe" 

"C:\Program Files\Windows Media Player\wmpnetwk.exe"

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

"C:\Windows\System32\dinotify.exe" pnpui.dll,SimplifiedDINotification

"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe" /hidden

"C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe"

"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe"

"C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe"

"C:\Program Files\Realtek\RtVOsd\RtVOsd.exe"

C:\Windows\System32\svchost.exe -k secsvcs

"C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe" "<hpNotification><Toast><Title>HP Wireless Assistant</Title><Text>WLAN: Aan</Text><IconPath>C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WA_tray_32_on.ico</IconPath><ID>423125850</ID><Path>C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe</Path><Parameters></Parameters></Toast></hpNotification>"

"taskhost.exe"

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.istartsurf.com/?type=sc&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="5536.0.2095136506\483293684" --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,6,18,39 --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x2a42 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2086 --ignored=" --type=renderer " /prefetch:822062411

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=nl --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Freud/DomRel-Enable/enable/EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/ControlEnforce/ExtensionInstallVerification/None/GoogleNow/Enable/NewProfileManagement/Enabled/OmniboxBundledExperimentV1/Dev_TwoWayClustering_HUPScoringExperiment_HQPDisabled_A3_Postperiod/PasswordGeneration/Disabled/QUIC/EnabledWithFecHeaders/RememberCertificateErrorDecisions/Default/SPDY/Spdy4Enabled-default/SRTPromptFieldTrial/On/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_88/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/WebRTC-IPv6Default/Default/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="5536.2.1890367496\1299331195" /prefetch:673131151

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=nl --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Freud/DomRel-Enable/enable/EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/ControlEnforce/ExtensionInstallVerification/None/GoogleNow/Enable/NewProfileManagement/Enabled/OmniboxBundledExperimentV1/Dev_TwoWayClustering_HUPScoringExperiment_HQPDisabled_A3_Postperiod/PasswordGeneration/Disabled/QUIC/EnabledWithFecHeaders/RememberCertificateErrorDecisions/Default/SPDY/Spdy4Enabled-default/SRTPromptFieldTrial/On/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_88/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/WebRTC-IPv6Default/Default/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="5536.5.125351398\1161615998" /prefetch:673131151

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=nl --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Freud/DomRel-Enable/enable/EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/ControlEnforce/ExtensionInstallVerification/None/GoogleNow/Enable/NewProfileManagement/Enabled/OmniboxBundledExperimentV1/Dev_TwoWayClustering_HUPScoringExperiment_HQPDisabled_A3_Postperiod/PasswordGeneration/Disabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/QUIC/EnabledWithFecHeaders/RememberCertificateErrorDecisions/Default/SPDY/Spdy4Enabled-default/SRTPromptFieldTrial/On/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_88/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/WebRTC-IPv6Default/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="5536.24.1001168397\1848707167" /prefetch:673131151

"C:\Windows\system32\wuauclt.exe"

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="5536.42.756017308\1331702232" --ppapi-flash-args=enable_hw_video_decode=1 --lang=nl --ignored=" --type=renderer " /prefetch:-632637702

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=nl --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Freud/DomRel-Enable/enable/EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/ControlEnforce/ExtensionInstallVerification/None/GoogleNow/Enable/NewProfileManagement/Enabled/OmniboxBundledExperimentV1/Dev_TwoWayClustering_HUPScoringExperiment_HQPDisabled_A3_Postperiod/PasswordGeneration/Disabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/QUIC/EnabledWithFecHeaders/RememberCertificateErrorDecisions/Default/SPDY/Spdy4Enabled-default/SRTPromptFieldTrial/On/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_88/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/WebRTC-IPv6Default/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="5536.44.460582597\829059096" /prefetch:673131151

"C:\Program Files (x86)\Reverse Page\updateReversePage.exe"

"C:\Program Files (x86)\Reverse Page\bin\utilReversePage.exe"

 /ieg ee95b94c-f689-4a14-b802-102a641c773e /is fmxqtbe

"C:\Program Files (x86)\Reverse Page\bin\ReversePage.PurBrowse64.exe"  /l false /s false /c "Reverse Page" /t "C:\Program Files (x86)\Reverse Page\bin\TEMP" /i "http://apireversepageco-a.akamaihd.net/gsrs?is=fmxqtbe&bp=PB3&g=00000000-0000-0000-0000-000000000000" /d {3e26b928-0db2-4fd1-bc29-c87d5b3a0564}Gw64 /p 99680eb8-57cc-4de6-ac75-880f3661f91c:chrome /p ee95b94c-f689-4a14-b802-102a641c773e:iexplore /h cdn.sharedaddomain.com,cdn.sharedaddomain2.com 0 10 "C:\Program Files (x86)\Reverse Page\bin\bau" true

\??\C:\Windows\system32\conhost.exe "685238796872307071-20359116156955430523336791-6084281581521189478-610604714

 /ch 99680eb8-57cc-4de6-ac75-880f3661f91c /ie ee95b94c-f689-4a14-b802-102a641c773e /z "n=ReversePage&is=fmxqtbe&dpt=20"

 /ch 99680eb8-57cc-4de6-ac75-880f3661f91c /ie ee95b94c-f689-4a14-b802-102a641c773e /z "n=ReversePage&is=fmxqtbe&dpt=20"

 /w 910 /h 100 /cg 781b796f-6d63-4c5e-88c0-4aed1bdbe18a /gc 1 /ff 1 /ie 1 /is fmxqtbe

"C:\Program Files (x86)\Reverse Page\bin\ReversePage.BOASPRT.exe" /w 910 /h 100 /hw 722452 /g 781b796f-6d63-4c5e-88c0-4aed1bdbe18a /is fmxqtbe

"C:\Program Files (x86)\Reverse Page\bin\ReversePage.BOAS.exe" /w 910 /h 100 /hw 722452 /g 781b796f-6d63-4c5e-88c0-4aed1bdbe18a /is fmxqtbe /bt 0 /ps \\.\pipe\boa{82A8655B-B9D3-42BF-A304-77CAC2119DE3} /bv 40

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=nl --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Freud/DomRel-Enable/enable/EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/ControlEnforce/ExtensionInstallVerification/None/GoogleNow/Enable/NewProfileManagement/Enabled/OmniboxBundledExperimentV1/Dev_TwoWayClustering_HUPScoringExperiment_HQPDisabled_A3_Postperiod/PasswordGeneration/Disabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/QUIC/EnabledWithFecHeaders/RememberCertificateErrorDecisions/Default/SPDY/Spdy4Enabled-default/SRTPromptFieldTrial/On/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_88/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/WebRTC-IPv6Default/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="5536.81.476090730\1047219983" /prefetch:673131151

 

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=nl --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Freud/DomRel-Enable/enable/EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/ControlEnforce/ExtensionInstallVerification/None/GoogleNow/Enable/NewProfileManagement/Enabled/OmniboxBundledExperimentV1/Dev_TwoWayClustering_HUPScoringExperiment_HQPDisabled_A3_Postperiod/PasswordGeneration/Disabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/QUIC/EnabledWithFecHeaders/RememberCertificateErrorDecisions/Default/SHA1ToolbarUIJune2016/Warning/SPDY/Spdy4Enabled-default/SRTPromptFieldTrial/On/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_88/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/WebRTC-IPv6Default/Default/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="5536.95.832674062\736293016" /prefetch:673131151

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe9_ Global\UsGthrCtrlFltPipeMssGthrPipe9 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" 

"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516 

"C:\Users\yassine\Downloads\RSITx64 (1).exe" 

 

======Scheduled tasks folder======

 

C:\Windows\tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-1-6.job - C:\Program Files (x86)\TornPlusTV_version1.11\7478ed61-6d44-4df4-97f5-84cb4715dac9-1-6.exe  /rawdata=mNFhDKub8MAQH+19pWOeNaSEtktXCrXZNml8ZuE1tdT41QY6YCSESKBxSZmr6SxA9WKwkRLgA6w57uPDtjIIOwR05iwUo73RtoUzO0GxBIp41jk8e0ps32tgbsts2wIphqSOXeISfAc198iJqG5bjOxMRSFXyvU/v3yjbd5drmgJ21dqVff+CangmiNE3J+apyIdfSUJ0Kthf8htYh9S2NcaDy6okAcpT0jrlWym6WAv5zk3M4qgBDlDhTqIR1lJlhWZMEsZVQwSLRPK7cAlyWujDXR/m1NIqrfqCiTzzcWgCYxTOKYlUY+ZkNnmJIqFZYcQ8Vt/k7h+wEsDLZDugrm/CrJ5pt7j2OykBit9OLRMiSzjgKivAl/Wf2FSAhAqrO6Eqbw7BCsKykUNtzMArFC4VmHcLlvvqYaINWtUregncAkthf5h60U0YONoDKru+08wuUD9mvAV2fjtVZcn6876sEOGqp/X+vS24Oiofu6nbA5QidB3Js2VMXi4PdOmCwvVTbBWdZf/kFKtlxXLUoG1egvPwf87eBSPGY6c4a2shWNtp9i+tIWh9diqEKQNCZ6XD24NAn6x9W1gdUaYQsknuZKxp3ngnIXdQPiGy/YPophW25FOL3+0DFdXGG42g1pTrmdHrfmKbIJ+kpfeHjD9KRCx+Tm7gQuKd4kZOLc0t9kbS+TYVkCAJ4lmYSVWEPioIDtlFCBZPjoGyxiuhYh1FJdTn6wPKDy7pwM9kzDTEA+LnL3UFHqenzYbY05X4RLylugyW1gDNOjaxT+jecTpdf+rFUngcfkZOD8qMip45u9T/e/pkOH5Px9jiODU+kPMtNkrEUny4r/TsPriwLET9maEwZukpAcuDYk6TolU7fI1MIJJOHKMgT6TRXeeJP1LOfs3skluY4AqM6xFQc6VHz80t/PE6QLtiyuSEQ/098hXQYgdMhRNZBEgWolUwUDQ/2tfLeazhIvFTKQI5ZisW05DJVhrlLSAKqJxbxg1e/aI9k9lO5KBmU9fj1O+MrmD35C3NnPkgQSwLaq0SNpBpfnT/l+Hd/9Si1Q3k/s6/bMcyJEFkAe3P3nGDtBJ6ip1vqBfTNBjE8DPr20d7aNHTVm88k2Aka7saNj+y9DCdHTmquBlEyMnUkvC3uk7b0aGDM1nQ22M87mYXimBT3eiPPTMkGJuyauBdZKvMZRtmmMrlYAWMRX7u98wXpdDXvvr39HSSwjzoFYpReGLa7IfNIDt+G4Jxwdl7fHIpttdRHHX3uKfEzhSJiNZmGNpogp4FMQ62VmW87VVRBUEm3LO0LDmtjpPBbkrHbwoB2iS2mewDlWpprAlFcafb3DChejiyFunNFeDIEEMIBRi5w== 

C:\Windows\tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-1-7.job - C:\Program Files (x86)\TornPlusTV_version1.11\7478ed61-6d44-4df4-97f5-84cb4715dac9-1-7.exe  /rawdata=RrRy9GISTSoVJ10gbr617GlAh2PCyWHBM9jUL1q09UxRoGTBZkbKzEKMYTNAvGP9LOk74FlA70Ms5138OU9toIQpez/rXs1QxE6qCth6nwjmk4jRRQYiGN05hOH4z+DJuI6r5tdpgdB9FW8sTvVWTpQoLG82i9ksVwlsIOD5mwJMVK19iz1ht7KhgDB/mfPF6S2nFlFSnXS3sC0bUQGXRBcuXL6qDO/VVGKXT+B+xuQ7rHzG8n6cUDb1Yl+OLe3+warOZDUE5UeWS5Unci+OW9w1VPWPvsvFu2S3s/6roShk8EpH8fWqAhuyYqOzwXYToeBOXX2oPrGWd1LANLeY903FhrPqHr0qXlKybdVnyaGunse6s0876aoa5246sYTPtHN4NsJ3EVIcTzFSPklPKHzDlqT2rQybzZlF0nyGtmEw3MMvsk600D54uAz/WrcrV7vtJPB/0euga3kYIXfUkg31nmUpVXvzFn/K1Ouvi70DcCxa3WR85dE0J69BUn9xwhBQDQoLPzIvn0kFqIpt1Row1z8Tc6r6h1WG5GESWNIYEj3DmzA9fq1V09dv3h81FulzMez9zdjoFAjREmGGTsk90KcESTGq9s5njJebNxSNe+n9t9sehEsLmlKu6CkIeq3Xn38TiAH+iG55qXWP15zuQ4V/LiFVybKzeyp6vfINBMczhgevBpqqF2uCD3dj6ColsMNdyoXfRkSCJjiplt+BcWmcVciBvaa25FdqUWSf9GTarNzGmX9Uyiay/pT5QhXGl+qnfSF4FHWWBTXsIQW3orfuEaT+FdgBnpBOp5YZZsfs1UwkiRQCeuyIKq8pvUMyKtz9PevAg+/vx23OyGloiaX8jk6EkPrMsHUqEWRFIc8SOA16mHWYM53EKgnkKsW4vU52NXjUtHNeisUjOj6DiBxp/erlTk9HoSiLFKPF+rhypjLEGXkjk5N4+rnaIsBbIAXBDa3W9YVCIlDpnUlL2VzGFVo4HZbJjmA0E3gaHa6rwGy9WhoouR/c3yIVtGSnoehMYLlCSZfUTKFOUU3hyyhQpNBdeBxCWEZtMlzZMdhDI3M14NrmazUUZvt8aKWtmSe8Q8e76FvaARFfkCkZ9aicQO1irigFz9X/9RjobUx13cJ3q8+fd92rCcGoAMb5UkvhpplJWKng3clB4+7XGRyK4XfF8y2GqoQXpK20eZdi5mkPzmXSxsgkOR0KUQ/pX23QP4ksxe28spFfdxeRdPL1TnCs7JcBoGAEys4BBVGYtmI0EdACsMVF6G6q9Xr77VnpzQEuUrXRXLoZmycIvX9Aq3HzSqyEtOCRGY2UtIdHPGbdOU7kvBPWFYtvShQz+FjRteGg6Pq6dA2DjxLkbxse/asyBkQaxl3Mt487yBu1GFl+RTnCEDR4ipTpb6/06Nm3rWEhtxI8V0ZwLnvk1BD9Vsk3NypmkGYRiDBn33D2ehMmKUTQY97QBY+rBx8Br7eeVHOHMxFVKkDWAJgD4i7emOoCcDY8VwDVBUGrLsmEqsdR/8vh32kyMtlQ 

C:\Windows\tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-10_user.job - C:\Program Files (x86)\TornPlusTV_version1.11\7478ed61-6d44-4df4-97f5-84cb4715dac9-10.exe  /rawdata=a3Lgi61OnFONumfISxUHa18ZTUAY41+LU4WD1iqCLWeSm77wvcoYXOhuw1PpLT0fMA+34Bxsh2yONeqxtOpDF7CYqyEzArBHnARtw+6He6kqa14PJJ/TJvZvqoeuJF0aREsF8wvi622n2BtHFv7BZfhf9KUtKrcS4VikbjZt6CKoMYXLBJc9oYv0FnpDQ3L317QM7ihKMVdLehntUejWPBHTz+cLDC3wIYKPrYScaPoZW73wbt8NVOzwpbJgWHh6q1sPDrpnFPksA6ksmSpNuz3yTwdbD3HN9SfTGJ1o/R/Vime9W3haTHM19vONb9HYpJOiIDZldxc/VImf6+0eklS925NwQVkay5TFZ7OD1+Mi9kfMEwG6jKWIbvm1O2aSFBhGsW6v7JyjoK6VGuwBfrG01PJvQPq0lhBWfiFMoX+gC6ce/c5N1nsu/5Xrwyl9z+cocU2THE2pv+8xpi0Xrkls1Wk3sKKjWC5Zw152pMvJU5xRWvHW8AVJRv/qJuAcSe4B2pgmNcLFqsJ0uQp9VywyJUbv/irLa1Xc4KYhhoW6bE/4tD/BWbfDgrWjT95eQzISNFkVSKZuqzDHSK6+/kFGv2fsOR6ZMrsYgSau7d0P/PBI5PYDiIBNIle8qWng5QyeuZaVUA8baPdYae4KGnmlrjB6IzoLCDQx1sof0jWqGUHuSQbk6dJGg7sVLkflrXoiFClKID+Axx3Rbnbw1BtUSjTSxRzjK6Zta0YRoVyf5dYrSkM5b+XT7bkKqVHdu8iHyX55346kmbT+HaGEOPyh9nynqqt8lsSbRXu/WgJpDc3sNOn3ZC75LXupn/F1GVZe+gRF4fU1cuvqc0yIHw== 

C:\Windows\tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-5.job - C:\Program Files (x86)\TornPlusTV_version1.11\7478ed61-6d44-4df4-97f5-84cb4715dac9-5.exe  /rawdata=I3nzolvGBPLU8MtUfqLmDeJdBLi6BBcSMkxHWNThkBuTdrWQL4Nc3QpeWaY8gXj45sTnIkWaIXHEMmRsiHdiwhychZSja3ke7c2P2lcsGl7nUZPpgrqhOuJGgPCSaUi/qkcH0cjtFJQci7RsgTHTXM82R8rFHOV7LRnpEvI68f2ryOd0tZ3VyC8ker29WSemAoH72g3l6fJ9AMpCnvz/Xgz7ZWvbM4qfweg6NHOjCKodUCkqXhjoCFrNGYesGGat8+5K9GTHpZ9KyQm+E8Ro+QISIuV5C9tMDoPhppmtisFRBc0IXviWvlcR+7J0UvwbGs2Sc9cy3+pj46W9rUMxUiJvDO3NHh1EdozUToObWUB7N5Hj5xX8ECYaOsCMU22Q6XxX+tvCIbts43uCoJ66F0YXK1QZv6OHpzxXcZQ+Tzbdr8W+6VXwfd89D5P1QkTGMFRgrRyUvy9nTmxW8QGfqXpveaGiStuRsmNRiI/JY2MxXzvOxFJkISaW185+0vSfQguAIMxBkknYj8MZ5J1abWwr4+sYc7CqlOfACxceu6efu8fbYxvrNuFP2k98C7Z882Ijc1AB9uML7yX4G5VDaizW6QhF2aBzeMMPVmYWYmB/M/S9dCxoIdzkRxYbr5WjmV/pMM2WdbdgcmZeNFXqTz7EoP3WhLrxMO90QIwUHKJ4G9DbBI3Lq1TNogCmsxl4WKLqix1lir5cXU5lA1rwWyORjG9L74XYEY4Ghe39Gl57HV64jhuSUxxflb6jYSfINM6D0bh459Hw4LMSSYJZ7KKZ2fAxKpq2s8J7PCyiCd03/OtSz0wo3HwjZaQAe/PH+tztZTt2jjH3LxskFZUm4oweWObp6dnv9Cfujc2l4z3y06i9Ye+ibSCH1H0p5M5CFSArY5cGA5UTFz1CQaambxxJFiHHXinY7XJ7+NKQijCQx1PIMUnNqAa0bH6GfJCA8GYWHqRdGZYpuh2BQwupKS8RTgTcZqWvhJoq+cMHvXQss7O/xrIkc0xWVwMnP1tI 

C:\Windows\tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-5_user.job - C:\Program Files (x86)\TornPlusTV_version1.11\7478ed61-6d44-4df4-97f5-84cb4715dac9-5.exe  /rawdata=I3nzolvGBPLU8MtUfqLmDeJdBLi6BBcSMkxHWNThkBuTdrWQL4Nc3QpeWaY8gXj45sTnIkWaIXHEMmRsiHdiwhychZSja3ke7c2P2lcsGl7nUZPpgrqhOuJGgPCSaUi/qkcH0cjtFJQci7RsgTHTXM82R8rFHOV7LRnpEvI68f2ryOd0tZ3VyC8ker29WSemAoH72g3l6fJ9AMpCnvz/Xgz7ZWvbM4qfweg6NHOjCKodUCkqXhjoCFrNGYesGGat8+5K9GTHpZ9KyQm+E8Ro+QISIuV5C9tMDoPhppmtisFRBc0IXviWvlcR+7J0UvwbGs2Sc9cy3+pj46W9rUMxUiJvDO3NHh1EdozUToObWUB7N5Hj5xX8ECYaOsCMU22Q6XxX+tvCIbts43uCoJ66F0YXK1QZv6OHpzxXcZQ+Tzbdr8W+6VXwfd89D5P1QkTGMFRgrRyUvy9nTmxW8QGfqXpveaGiStuRsmNRiI/JY2MxXzvOxFJkISaW185+0vSfQguAIMxBkknYj8MZ5J1abWwr4+sYc7CqlOfACxceu6efu8fbYxvrNuFP2k98C7Z882Ijc1AB9uML7yX4G5VDaizW6QhF2aBzeMMPVmYWYmB/M/S9dCxoIdzkRxYbr5WjmV/pMM2WdbdgcmZeNFXqTz7EoP3WhLrxMO90QIwUHKJ4G9DbBI3Lq1TNogCmsxl4WKLqix1lir5cXU5lA1rwWyORjG9L74XYEY4Ghe39Gl57HV64jhuSUxxflb6jYSfINM6D0bh459Hw4LMSSYJZ7KKZ2fAxKpq2s8J7PCyiCd03/OtSz0wo3HwjZaQAe/PH+tztZTt2jjH3LxskFZUm4ltq9KsuXCBN2MusU1sMPSOheyaxATh0YDL6ckLWvJ16tUqp18/ZHpp2wq1atK5QaiVgZ2NEi8S1IrHqE9gIkUaEjvJA22AuUe174E1Dk2XnwlIC85kkwaQqNeUC8TXccm5LwrI7RfEqFc7kH9eqL5maqWiPDDBO127gOco0uO0A 

C:\Windows\tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-6.job - C:\Program Files (x86)\TornPlusTV_version1.11\7478ed61-6d44-4df4-97f5-84cb4715dac9-6.exe  /rawdata=P/QonJXzFFP/GvT1Eo7xdtNE0hMBp9gYY62pW09ujJQvlV6czrIPdkatmWBXUeRoLoJ4SyDMlNqQTT9qxnAv/jkXm00MvEOcdYf2ZkEoaQdWtJXozFmKU9QJ+YWs14W4Qx3QVukbSBPGaeGzoKjDuPNGe2sH4nfiMOV6ytTW+oIyDySKnxvgdcw7oZ+4nicY+Jsgy4pn77FwnzVkXUujJXCQ0YAMyUj4yRdZTYHJi5RFzBFkqns6+6rZD7o/hxuWVJWzZ4bsLcoDYF7AMLDAK12r8AhtU+WPgYgJjLdbVvG74F4v5sJ22CQ8Hretl+5YWJNHpwU4KgLXqsSg2T+hJ62P2xldyeIXqt5RC9jkmN7TU3b0KfEDgIU/GHwfwJN4XbdX+Q32aG5M8vKvLgIF27v+Y7ITMoEllmNg3al8oYluhRTtl0i9o092a46TdrQhuWYPxDTOYV1QRO5fTTm38z7lt1TvwQ1lDXCVmDrlOd1jZVR7bx/BxR+yj2EiZIfGJNhTRIuZaA+6cuxjYxdBoAtDJfsmqXHOw8NNRTIeRqZIlMWjBIXTH8Z7H2FQrBt4KQSjiUHner3710zyBhqq2d3U+ZthQxTlwUyEwkV7M4Nxs8vaHtfcxXbaLi57uxg25xRk5E/VO3LjikCFkcpLDmNsVYe8Lqimw6RzRg2S6Jwmmnmx442bwywsYzSHmMFkkPCJqcKgWDwpNEm/ZJMOFo5ceV2aVreiydEy6Ixe4tbW6k7TVI+LBuxR8veHYiQ+KR1rMIn2ldJ5AIYXsbvKRsoXmNvXp1O93DiEf/N4cdAdSvJdmpe/Em9tCtM/H3+9BeCrt0uTOSZlLWV6oxESKAhHtCkpT9OWpzV/qjVGl47dh9se4CiZB2LxMv55g3zdzMmvX6LqQmzzfXiO/aVCtywT32jZKIwLS6RA7JzLPiy1fNmInAd//0Nlupd4vkd9Rl9hGNG+Oe6LSd0DS8n9EAvPnZMbVze7D9/FsAaSjOfgFnugdW3WBFmnW0Iwpmo3kMMFldQBeyrjFg0Wn3g+X+aSJWZldTQpzRYiARb44HR6zPZxnCb4hFgELQPNZpZfIc46gBiPJx5mWQh7wb7ksstkBG+OCsk7i8F6nojWNzGpwaoRvZqtNI1HWqjEKGmw8vK0T36Ztvv+yJPMQkjpwbjiDU+7B2c1oZCOyidIbwaA1vPWWJyhuMwKPUkU2yl0gyfnW2Xzi4Q0O8ALDRnxaOdlt/QuSGDKG/R9q7cttsuqOsjkf6Wl2/mBEy56TOtwHAkciPfOuPZoLRqwEnuovtTKdOvIGpzog5/9jyJqV9Nq1dUZz4E72usf4CN7flzYYZ1rYW5Bt2/9x9Nx//pVwApR6KcYtpdFiZb4/fu+NKaf0FYrgHg6m5fXfb/cd95tWewCFzG3EBHSo9au2Awu+hR22OkFaMi1OhjTr0Hzta6ns6qywzd4NJRoQYYkRyC5I+dQK/z5urLbh1+kiX3BdDeYMsyVOsg77AnJ5QJ7qazzN7odasSTF+JjWybQIdJTsb8+eKxENuSHbw+nLxlcH+Npt2c226bZ8ACpsoBxQofVr4YAtUK/jTzr0bfoq7ZM5h5M827k3dfJqc2wlbiNerOoNQZ5zR4+L3wJlYzshQWfHsbCaNZUmd3AFQhs3IH6qIdwAcKLawbxwv2lZj35PDiLrFpwkAJU3qebQnWyM3Cv3Lb4SNXlb7VBGwWnWMTAFyDYhdOhLT1RNbPkvXiitHiUBenv2LW5cTvTW9PB/YbnmIqC6dAbYtJ4nF+dbRMQRhsJFNCudPCqnw/SGN3ut6KT+RWAi0ogUcT4IVSR16MRrsubcX6XrP2uSf+NXNlIclN7jMWJAl7TQQZhyhjvJLXXlsZv7S6N2LBtJ6NiYDLXC+YD97bzwNmmojReLr1efDFTlKLYXG7GSWWjTrJ3ecZ1XMOI6U67e7TrkvhBzitoj52+CeTWHxnSOjvTAu905NIt1eEHpTwmc85o5oojpJoDFeKZ8tb/eBl6caN6Jn/Go/y2HI5SEQrzBwpZAKESVblzbpLYRXkSIHZypdVMOsDAPPoGairsacRVB4wiaAQp85aeZ9Gx13Wg/uT7wBd/duIrqJLgie3Tn0tkDoc29XPwHjmEwD7CYVHcxjj2jQx5lSCZY9D3hnCju3pxLoqAggnwjLsNwL+3CYtaUfWQzZ+4IEgVx8h240YyxGigogy83BMrelglgDLb/Tf0Wmm503RH+9D8f73fFqEvqpGm/AaAXst41NJz3JdQtt7CxMhO2FUx24Rxl2NQCzg1pS4DpIqpI6ZFex59HlgBhVbI2QhlzJnDx0vhjNK2uiPhBsDGU7AJGeUWcu1rFJpDMyK6YObOoUV2tpOM+hYEnNkPXzX+CRSwlRdvEESIuiFS9yVD9ZaxiO+KgxnOOJS5Ddl7qPZaLLhH6U6nxM3+7UdvfTj0ho7vpXSGnnsxtRtwzohil7DnhbfoHugqOnh8Se9JeWOWT65X8NuCCF5+9lf7PjjlnaFHpZuuHDV/CpNfiLHP/whPsMp79uGqeiRX483q 

C:\Windows\tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-7.job - C:\Program Files (x86)\TornPlusTV_version1.11\7478ed61-6d44-4df4-97f5-84cb4715dac9-7.exe  /rawdata=MdLeKEx/cnWm7d4URPbZeKImUs3Jjx30dy7CtTZ2wHCvLhDlO6sOH9Bh1U5RtUsrfIAtwXoefQSvk2S0yoYOZIX2xiu9Qp2SDJ2fJmBWY0qxdkDeFTgiTVVQ88+JANVhgFwxwAwjKVgP9mqCPkHFrnHJdEtz/I6KncvpvkFSvKSfdExtD2kqsA5hIt7/k4f+RJUJePWSkWQslJ6WItcI+EhGH+PyE0K8ebbt82IkICfKyqy4cyxyYh/AYq0MxnzfmdkJEsCIyVPElfXV7Iic8UraPB2/D81X/4IyO3VfKlpbuxm009iICX+O6TCup97DcVryETYqAxPQmHtsB5AbkVugWyr6g95hb81tOGwnRHE98U6gncBOfjsa1W0b+TR6RdjZelFtRl7Oj4ugnpYVEYjs/pFziQb5Qhf/Yhm7L8P84HuENLw4hVxDZE5xmpPc/HINFKFfX1013VMBlhY4IXABvP8ygIdHKsp8NpNgUjARXhk+tl/Be97nXx3Ipt8Oged28IKqCR9+9p5U7pTo5xA8F9Rwd8O+XzV4zQd7kbvTMmX7ZOOQZlgaPL/QfO+j85bNaQPUzWbQF/T+cxP/91015ILtvvnC62a6hbpUf08SUdYx3mIWGSLsR0+GsD/ZG0LTEyQMunmE89/fB6JG57gm4QfyZsK76RzoKQqs0UA8H3aP/C6yKLY9U/FhocHH70JEsPwY8ZwQ2PlWjLiopJWlwduPCLRjsb03Ot65EK3k1hMeSQttBsWbFasH3I3USO6/7cACtSkuLI2Kk0TJUKaIKjXr+0TP/sFJqunJQrA614VKppFHgVT/Mnpy9FIglplCYssO86Z28zuhs3xI4cHrp5fibACrW2UwWGib7w4kZJVD3ay4FrR/+72N1Q//d4HPUqi/QSwmAmS6zzFU1bbvOVqNtCqX3t9MWY03CSO6KfNn+kK8KDRX0YkRX4erO12INnxpCeWt//XH2zXLXtAkziMxMxQCCEhAr+UH1M7tnVu/y5CN0LTkfa168GP2oc2j164loEvFENbETAFjMej22RgQhHp+1ke2db41MIeqVVv63a9Y4o8goBRp8jYplk1OFmA1rPa1En2v8TZYlEkJDn42+osDsVe0308XOGz8n+orybXIP83ajzQhztrjLkKV0Rv2AWZprWtf8K74t1B8w0Yr/R0zotZM4ma/JFt+6y0HeX4qsMULMM+r+Sm8/wFwCB7BbllutT6Rm8CdR/hv+rMTRYVAT/JmHr2vsAndtzBKM5MaiVfmvV1JRdqgqmJhTYiGzAuzvwZ/PDDBWz7aF1VLUGbgYcljv4BdjpYnikUnqHqe7rr2N3k5MOmrjL0RPHzuHfkgeo7MD8Kc/qlrwKDqy/ift3RgJ6uY3/4FuhdJ+lzfB57REow9WiksyYtUgBbZCk0fOGsk87EHivxuOL5xeie+EJ/KmbRvbC93mP4IG3qP84KBIKZjwhbyX9ax0FhUjVCqNwWP3EffpZS3lwIV1SZqTRaqiZLVVxCqSOnBiGKD+/e4v81PkF54xre//AtIdCYYNR5aWdvymd8iVzuY3Jfk8fcMezra+vUdPwUUpEfi7L4c4bxb3QWrzhxedckRGknai80mb0ELhMVgj3Ltk/Qsu+iz6jUnAS3pEmu3/7lqtVZWV2/yzauXfnxJ7jyugxIbse0ZLLtALxNDN8NUjecKB9g9Q1MdRegZHMEhsBPfUJAfywABs8xdY2BiBi+alxFRayn7xywNU3y4JUhInv6NDO3O7XvKhpyO7ZprgIEcAtEYA6WdIbYhZqSRXFFEDpXyLujL3SkmHTciiuTb2wAgflkFt1bucjKuOwj6QqMg2cYa/Mnx3v3Esel0kGSvP3v2uPOLdQyJBpXVgjtu3AkI6JSGvyhqpNWR4PzwsK9mVpMkhRUrIB78jViONqgGEAZ4mS0IAQCrZoov11pVJaAfiY4prXaArqloChPuV7sts7OotleI9V2ss+HrBYozk1DfYxJyRvXeoPIs+DDrCO7oY/phT7W4SZZb6hZkRsu/gjdAOawet0ochozMnNwXhGfCW9MYqZshoT16NVV0IdEsKjPqoTNo8i8825kONvME2rHyc2G0Y0EBr3pCffv18PfujdtVCAX3662XYw9mRJkaL5lAkYffPpmX6laORu7T3aRxc9q5S3Twp+Bq+yeqxbJw/9cPxuCu4pcF9ccxYvcZegijgqxT7Yq1AT8jlNa2Z8IKE1wDZDTxz1+hGsJsn0a8CpwZMzKqDnTdtULlOukc3Sb6MsYBOyauQjSX790wAmjr4NZ1jmC+trkB8Ece4Ex8O01d0HTTBWyyykRJntKWp+IsmHvLQ4APpbWvQquPRvr4CN5xsuHLY1+ZxtA6QRjvhUqQeSo4vS0Zue/zVmndPW/BtIlhWdLAftD9qO37rkUnYX3+PP1V9+QFj8H8NV4V2Rq4hwJdundwgSbkX4G5FOLFKClTbCv1vFTpiKCXtfFBsd8DX3A+rzRB7PkiKQhPf4nzFTXNxCL0w8Cd8s/n7qyzZGcHLSDThZvwi7pMGBLLwQ5+0GDU 

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe  

C:\Windows\tasks\DriverUpdate Scan.job - C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe  scheduled 

C:\Windows\tasks\DriverUpdate Startup.job - C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe  -boot 

C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe  /c 

C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe  /ua /installsource scheduler 

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe  /c 

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe  /ua /installsource scheduler 

C:\Windows\tasks\JTOV.job - C:\Users\yassine\AppData\Roaming\JTOV.exe  /infocmdline=v3cEVu5Ycy/rJZcjIJVsMdJuROqLPe2sNt1DlOzna1ZRU/5C26e239fHZkSvNa7CYHcUBWDYSMp2nFC1koioaUcwpyzEkii35U/WU0tOgRXLrJCQnJs4FBSVQ/4Z0f0ric7M/0W7chK8LrVLzvuhNwHXezVVaM8FwBkWcWPxvSZFwnmy1PNCETwsx+lRScONR2v6cBTo4p5JajT8Fdg5uKtDDS7DnX3jfG2Val2LxOtz0tdciC6OJnUMUlKp6xLi1l2ZbQMTb9oGnPd8yp7nFnkSzS/AQ6NH0hXqEFx2DfyvuZDBQT+Oe/z/djXkFRbKEXXuoxZQm1duM/nwlu3bDbE//ZF0E9M5vx7t07okTq2bW2k3Jp+hxB5vSjI8m/uLFt/ou83joqabkBKctYJGUIpfEref8y9NY118SGdZUEJdw/VocCj86DOriRm6keGVG87KypbULoSQHm+nQLUt19CXEfquExvXCAjPtkj1XHKOmJGEoR4/G4Nc/OTNT5xN 

C:\Windows\tasks\SlimCleaner Plus (Scheduled Scan - yassine).job - C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe   /doScheduledScan 

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-01-24 256456]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]

Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14 2117216]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]

IETabPage Class - C:\Program Files (x86)\XTab\SupTab.dll [2015-01-16 210096]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83dc36e5-db3f-461a-8fbc-245e44000b1f}]

Reverse Page 1.0.0.7 - C:\Program Files (x86)\Reverse Page\ReversePagebho.dll [2015-02-15 269048]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-01-24 194504]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]

Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14 1709152]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-01-24 256456]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-01-24 194504]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-09-13 2281256]

"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-07-29 166424]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-07-29 391192]

"Persistence"=C:\Windows\system32\igfxpers.exe [2010-07-29 410648]

"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2010-09-22 6489704]

"HPWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe [2010-07-21 8192]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"=C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2010-08-16 2736128]

"RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe [2009-07-14 427520]

"Gameo"=C:\Users\yassine\AppData\Roaming\Gameo\gameo.exe C:\Users\yassine\AppData\Roaming\Gameo\gameo.dat mode:minimized []

"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-12-11 30877280]

"SlimCleaner Plus"=C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [2014-12-23 26165568]

"TornTv Downloader"=C:\Users\yassine\AppData\Roaming\TornTV.com\Torntv Downloader.exe [2015-01-22 306176]

 

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"HP Quick Launch"=C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [2010-09-28 584760]

"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30 96056]

""= []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=" "

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2010-02-21 269824]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=1

"NoActiveDesktopChanges"=1

"ForceActiveDesktopOn"=0

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"MSVideo8"=VfWWDM32.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

 

======File associations======

 

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

 

======List of files/folders created in the last 1 month======

 

2015-02-18 01:27:40 ----D---- C:\rsit

2015-02-17 14:22:09 ----A---- C:\Windows\system32\drivers\{3e26b928-0db2-4fd1-bc29-c87d5b3a0564}Gw64.sys

2015-02-16 16:45:00 ----D---- C:\ProgramData\fd5de37200000a7e

2015-02-15 21:18:02 ----A---- C:\Windows\system32\drivers\{3ad5a8e4-b8a3-4333-9022-726dc1eda808}Gw64.sys

2015-02-15 21:11:38 ----D---- C:\Program Files (x86)\Reverse Page

2015-02-15 21:10:53 ----D---- C:\Program Files (x86)\daf5332a-04c3-4f6e-907f-586f67b8798e

2015-02-15 21:10:51 ----D---- C:\Program Files (x86)\globalUpdate

2015-02-15 21:10:51 ----A---- C:\Users\yassine\AppData\Roaming\JTOV.exe

2015-02-15 21:10:48 ----D---- C:\Program Files (x86)\TornPlusTV_version1.11

2015-02-15 21:10:24 ----D---- C:\Users\yassine\AppData\Roaming\TornTV.com

2015-02-12 14:05:00 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll

2015-02-12 14:05:00 ----A---- C:\Windows\SYSWOW64\jscript9.dll

2015-02-12 14:05:00 ----A---- C:\Windows\system32\jscript9diag.dll

2015-02-12 14:05:00 ----A---- C:\Windows\system32\jscript9.dll

2015-02-11 13:27:18 ----A---- C:\Windows\SYSWOW64\wdigest.dll

2015-02-11 13:27:18 ----A---- C:\Windows\SYSWOW64\TSpkg.dll

2015-02-11 13:27:18 ----A---- C:\Windows\SYSWOW64\schannel.dll

2015-02-11 13:27:18 ----A---- C:\Windows\SYSWOW64\ncrypt.dll

2015-02-11 13:27:18 ----A---- C:\Windows\SYSWOW64\msv1_0.dll

2015-02-11 13:27:18 ----A---- C:\Windows\SYSWOW64\kerberos.dll

2015-02-11 13:27:18 ----A---- C:\Windows\SYSWOW64\credssp.dll

2015-02-11 13:27:18 ----A---- C:\Windows\system32\wdigest.dll

2015-02-11 13:27:18 ----A---- C:\Windows\system32\TSpkg.dll

2015-02-11 13:27:18 ----A---- C:\Windows\system32\schannel.dll

2015-02-11 13:27:18 ----A---- C:\Windows\system32\ncrypt.dll

2015-02-11 13:27:18 ----A---- C:\Windows\system32\msv1_0.dll

2015-02-11 13:27:18 ----A---- C:\Windows\system32\kerberos.dll

2015-02-11 13:27:18 ----A---- C:\Windows\system32\credssp.dll

2015-02-11 13:27:10 ----A---- C:\Windows\SYSWOW64\mshtmled.dll

2015-02-11 13:27:10 ----A---- C:\Windows\SYSWOW64\iernonce.dll

2015-02-11 13:27:10 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll

2015-02-11 13:27:10 ----A---- C:\Windows\system32\ieetwproxystub.dll

2015-02-11 13:27:10 ----A---- C:\Windows\system32\ieetwcollector.exe

2015-02-11 13:27:09 ----A---- C:\Windows\SYSWOW64\urlmon.dll

2015-02-11 13:27:09 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll

2015-02-11 13:27:09 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll

2015-02-11 13:27:09 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll

2015-02-11 13:27:09 ----A---- C:\Windows\SYSWOW64\dxtrans.dll

2015-02-11 13:27:09 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll

2015-02-11 13:27:09 ----A---- C:\Windows\system32\iernonce.dll

2015-02-11 13:27:09 ----A---- C:\Windows\system32\ie4uinit.exe

2015-02-11 13:27:08 ----A---- C:\Windows\SYSWOW64\mshtml.dll

2015-02-11 13:27:08 ----A---- C:\Windows\SYSWOW64\msfeeds.dll

2015-02-11 13:27:07 ----A---- C:\Windows\SYSWOW64\iesetup.dll

2015-02-11 13:27:07 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll

2015-02-11 13:27:07 ----A---- C:\Windows\system32\iedkcs32.dll

2015-02-11 13:27:06 ----A---- C:\Windows\SYSWOW64\jsproxy.dll

2015-02-11 13:27:06 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe

2015-02-11 13:27:06 ----A---- C:\Windows\SYSWOW64\ieui.dll

2015-02-11 13:27:06 ----A---- C:\Windows\SYSWOW64\iertutil.dll

2015-02-11 13:27:06 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll

2015-02-11 13:27:06 ----A---- C:\Windows\system32\urlmon.dll

2015-02-11 13:27:06 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe

2015-02-11 13:27:06 ----A---- C:\Windows\system32\msfeeds.dll

2015-02-11 13:27:06 ----A---- C:\Windows\system32\ieetwcollectorres.dll

2015-02-11 13:27:06 ----A---- C:\Windows\system32\dxtrans.dll

2015-02-11 13:27:05 ----A---- C:\Windows\SYSWOW64\ieframe.dll

2015-02-11 13:27:05 ----A---- C:\Windows\system32\iesetup.dll

2015-02-11 13:27:05 ----A---- C:\Windows\system32\ieapfltr.dll

2015-02-11 13:27:04 ----A---- C:\Windows\system32\iertutil.dll

2015-02-11 13:27:03 ----A---- C:\Windows\SYSWOW64\wininet.dll

2015-02-11 13:27:03 ----A---- C:\Windows\SYSWOW64\vbscript.dll

2015-02-11 13:27:03 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll

2015-02-11 13:27:02 ----A---- C:\Windows\SYSWOW64\msrating.dll

2015-02-11 13:27:02 ----A---- C:\Windows\system32\jsproxy.dll

2015-02-11 13:27:02 ----A---- C:\Windows\system32\ieUnatt.exe

2015-02-11 13:27:02 ----A---- C:\Windows\system32\ieui.dll

2015-02-11 13:27:02 ----A---- C:\Windows\system32\dxtmsft.dll

2015-02-11 13:27:01 ----A---- C:\Windows\system32\ieframe.dll

2015-02-11 13:27:00 ----A---- C:\Windows\system32\mshtmlmedia.dll

2015-02-11 13:27:00 ----A---- C:\Windows\system32\mshtmled.dll

2015-02-11 13:26:59 ----A---- C:\Windows\system32\wininet.dll

2015-02-11 13:26:59 ----A---- C:\Windows\system32\vbscript.dll

2015-02-11 13:26:58 ----A---- C:\Windows\system32\msrating.dll

2015-02-11 13:26:58 ----A---- C:\Windows\system32\MshtmlDac.dll

2015-02-11 13:26:57 ----A---- C:\Windows\system32\mshtml.dll

2015-02-11 13:26:31 ----A---- C:\Windows\system32\ntoskrnl.exe

2015-02-11 13:26:30 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe

2015-02-11 13:26:30 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe

2015-02-11 13:26:29 ----A---- C:\Windows\SYSWOW64\srclient.dll

2015-02-11 13:26:29 ----A---- C:\Windows\system32\srcore.dll

2015-02-11 13:26:29 ----A---- C:\Windows\system32\srclient.dll

2015-02-11 13:26:29 ----A---- C:\Windows\system32\rstrui.exe

2015-02-11 13:25:53 ----A---- C:\Windows\SYSWOW64\scesrv.dll

2015-02-11 13:25:53 ----A---- C:\Windows\system32\scesrv.dll

2015-02-11 13:25:50 ----A---- C:\Windows\SYSWOW64\adtschema.dll

2015-02-11 13:25:50 ----A---- C:\Windows\system32\lsasrv.dll

2015-02-11 13:25:50 ----A---- C:\Windows\system32\drivers\ksecdd.sys

2015-02-11 13:25:50 ----A---- C:\Windows\system32\drivers\cng.sys

2015-02-11 13:25:50 ----A---- C:\Windows\system32\adtschema.dll

2015-02-11 13:25:49 ----A---- C:\Windows\SYSWOW64\sspicli.dll

2015-02-11 13:25:49 ----A---- C:\Windows\SYSWOW64\secur32.dll

2015-02-11 13:25:49 ----A---- C:\Windows\SYSWOW64\msobjs.dll

2015-02-11 13:25:49 ----A---- C:\Windows\SYSWOW64\msaudite.dll

2015-02-11 13:25:49 ----A---- C:\Windows\SYSWOW64\auditpol.exe

2015-02-11 13:25:49 ----A---- C:\Windows\system32\sspisrv.dll

2015-02-11 13:25:49 ----A---- C:\Windows\system32\sspicli.dll

2015-02-11 13:25:49 ----A---- C:\Windows\system32\secur32.dll

2015-02-11 13:25:49 ----A---- C:\Windows\system32\msobjs.dll

2015-02-11 13:25:49 ----A---- C:\Windows\system32\msaudite.dll

2015-02-11 13:25:49 ----A---- C:\Windows\system32\lsass.exe

2015-02-11 13:25:49 ----A---- C:\Windows\system32\drivers\ksecpkg.sys

2015-02-11 13:25:49 ----A---- C:\Windows\system32\auditpol.exe

2015-02-11 13:25:16 ----A---- C:\Windows\system32\WindowsCodecs.dll

2015-02-11 13:25:15 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll

2015-02-11 13:24:11 ----A---- C:\Windows\system32\win32k.sys

2015-02-09 01:50:24 ----D---- C:\Users\yassine\AppData\Roaming\OpenOffice

2015-02-09 01:49:26 ----D---- C:\Program Files (x86)\OpenOffice 4

2015-02-08 22:52:27 ----D---- C:\ProgramData\IHProtectUpDate

2015-02-08 22:52:26 ----D---- C:\Program Files (x86)\XTab

2015-02-08 22:52:15 ----D---- C:\ProgramData\WindowsMangerProtect

2015-02-08 22:52:09 ----D---- C:\Users\yassine\AppData\Roaming\key-find

2015-02-08 22:47:55 ----D---- C:\ProgramData\SlimWare Utilities Inc

2015-02-08 22:47:54 ----D---- C:\Program Files\SlimService

2015-02-08 22:47:54 ----D---- C:\Program Files\SlimCleaner Plus

2015-02-08 22:47:32 ----A---- C:\Windows\system32\drivers\SWDUMon.sys

2015-02-08 22:47:30 ----D---- C:\Program Files (x86)\DriverUpdate

2015-01-27 01:22:34 ----A---- C:\DelFix.txt

2015-01-23 20:05:57 ----D---- C:\ProgramData\Visan

2015-01-23 20:05:57 ----D---- C:\ProgramData\HP Photo Creations

2015-01-23 20:05:57 ----D---- C:\Program Files (x86)\HP Photo Creations

2015-01-23 20:05:50 ----D---- C:\Users\yassine\AppData\Roaming\HpUpdate

2015-01-23 20:05:40 ----D---- C:\Program Files (x86)\HP

2015-01-23 20:05:39 ----D---- C:\ProgramData\HP

2015-01-23 20:05:39 ----D---- C:\Program Files\HP

2015-01-23 20:05:35 ----A---- C:\ProgramData\Ament.ini

2015-01-23 20:00:22 ----D---- C:\Users\yassine\AppData\Roaming\Google

2015-01-23 19:59:39 ----D---- C:\Program Files\Google

2015-01-23 19:59:35 ----D---- C:\ProgramData\Google

2015-01-23 19:59:28 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe

2015-01-23 19:59:24 ----D---- C:\Windows\system32\Macromed

2015-01-21 20:07:45 ----SHD---- C:\$RECYCLE.BIN

2015-01-21 20:07:45 ----D---- C:\Users\yassine\AppData\Roaming\hpqLog

2015-01-21 20:04:07 ----D---- C:\Windows\Temp

2015-01-21 20:04:07 ----A---- C:\Windows\zoek-delete.exe

2015-01-21 19:32:36 ----D---- C:\Users\yassine\AppData\Roaming\Skype

2015-01-21 19:32:27 ----RD---- C:\Program Files (x86)\Skype

2015-01-21 19:32:23 ----D---- C:\ProgramData\Skype

2015-01-20 22:00:47 ----A---- C:\Windows\SYSWOW64\msvcr100.dll

2015-01-19 21:36:19 ----D---- C:\Program Files\trend micro

 

======List of files/folders modified in the last 1 month======

 

2015-02-18 01:27:46 ----D---- C:\Windows\Prefetch

2015-02-17 22:42:48 ----SHD---- C:\System Volume Information

2015-02-17 22:28:35 ----A---- C:\Windows\win.ini

2015-02-17 21:15:42 ----D---- C:\Windows\system32\config

2015-02-17 16:59:54 ----D---- C:\Users\yassine\AppData\Roaming\vlc

2015-02-17 14:22:09 ----D---- C:\Windows\system32\drivers

2015-02-16 16:45:08 ----RD---- C:\Program Files (x86)

2015-02-16 16:45:05 ----D---- C:\Windows\system32\Tasks

2015-02-16 16:45:00 ----HD---- C:\ProgramData

2015-02-16 16:44:36 ----D---- C:\Users\yassine\AppData\Roaming\uTorrent

2015-02-16 00:35:33 ----D---- C:\Windows\system32\wdi

2015-02-15 23:06:53 ----D---- C:\Windows\system32\GroupPolicy

2015-02-15 21:42:56 ----D---- C:\Windows\System32

2015-02-15 21:42:56 ----D---- C:\Windows\inf

2015-02-15 21:42:56 ----A---- C:\Windows\system32\PerfStringBackup.INI

2015-02-15 21:11:23 ----D---- C:\Windows\Tasks

2015-02-15 21:11:01 ----D---- C:\Program Files (x86)\CyberLink

2015-02-15 21:10:56 ----SHD---- C:\Windows\Installer

2015-02-15 01:28:55 ----D---- C:\Windows\system32\NDF

2015-02-14 12:26:34 ----D---- C:\Windows\system32\catroot2

2015-02-12 18:27:12 ----D---- C:\Windows\rescache

2015-02-12 14:09:38 ----D---- C:\Windows\winsxs

2015-02-12 14:09:37 ----D---- C:\Windows\SYSWOW64\en-US

2015-02-12 14:09:37 ----D---- C:\Windows\SysWOW64

2015-02-12 14:09:37 ----D---- C:\Windows\system32\en-US

2015-02-12 14:03:20 ----D---- C:\Windows\system32\catroot

2015-02-12 00:18:00 ----D---- C:\Windows\system32\nl-NL

2015-02-12 00:18:00 ----D---- C:\Program Files\Internet Explorer

2015-02-12 00:17:59 ----D---- C:\Windows\SYSWOW64\nl-NL

2015-02-12 00:17:59 ----D---- C:\Windows\SYSWOW64\fr-FR

2015-02-12 00:17:59 ----D---- C:\Windows\SYSWOW64\de-DE

2015-02-12 00:17:58 ----D---- C:\Windows\system32\fr-FR

2015-02-12 00:17:58 ----D---- C:\Windows\system32\de-DE

2015-02-12 00:17:57 ----D---- C:\Program Files (x86)\Internet Explorer

2015-02-09 01:49:52 ----RSD---- C:\Windows\assembly

2015-02-09 01:49:32 ----RSD---- C:\Windows\Fonts

2015-02-09 01:47:59 ----D---- C:\Program Files\Common Files\Microsoft Shared

2015-02-08 22:47:54 ----RD---- C:\Program Files

2015-01-26 22:32:08 ----SD---- C:\Users\yassine\AppData\Roaming\Microsoft

2015-01-26 22:29:33 ----D---- C:\Program Files (x86)\Microsoft Office

2015-01-26 22:29:06 ----D---- C:\Program Files (x86)\MSECache

2015-01-23 20:05:58 ----D---- C:\Program Files (x86)\Hewlett-Packard

2015-01-23 20:05:44 ----D---- C:\Windows\system32\DriverStore

2015-01-23 19:59:39 ----D---- C:\Program Files (x86)\Google

2015-01-21 20:06:55 ----D---- C:\Windows

2015-01-21 19:32:28 ----D---- C:\Program Files (x86)\Common Files

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-04-13 540696]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]

R1 {3ad5a8e4-b8a3-4333-9022-726dc1eda808}Gw64;{3ad5a8e4-b8a3-4333-9022-726dc1eda808}Gw64; C:\Windows\system32\drivers\{3ad5a8e4-b8a3-4333-9022-726dc1eda808}Gw64.sys [2015-02-15 48792]

R1 {3e26b928-0db2-4fd1-bc29-c87d5b3a0564}Gw64;{3e26b928-0db2-4fd1-bc29-c87d5b3a0564}Gw64; C:\Windows\system32\drivers\{3e26b928-0db2-4fd1-bc29-c87d5b3a0564}Gw64.sys [2015-02-16 48792]

R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

R3 clwvd;CyberLink WebCam Virtual Driver; C:\Windows\system32\DRIVERS\clwvd.sys [2010-09-28 31088]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2010-02-21 10300800]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-09-22 2494056]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys [2010-09-10 1014624]

R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-03-23 347680]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-09-13 1390640]

S3 cpuz134;cpuz134; \??\C:\Users\yassine\AppData\Local\Temp\cpuz134\cpuz134_x64.sys []

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]

S3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056]

S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

S3 SWDUMon;SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [2015-02-17 16152]

S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]

S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AERTFilters;Andrea RT Filters Service; C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]

R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]

R2 HP Health Check Service;HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2010-10-07 126008]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-09-17 92216]

R2 HPWMISVC;HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-09-28 26680]

R2 IHProtect Service;IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [2015-01-16 158896]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-08-16 73728]

R2 RtVOsdService;RtVOsdService Installer; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]

R2 SlimService;SlimWare Utility Service Launcher; C:\Program Files\SlimService\SlimServiceFactory.exe [2014-12-23 244544]

R2 trntv;Torntv Downloader; C:\Users\yassine\AppData\Roaming\TornTV.com\TornTVSvc.exe [2015-01-22 23552]

R2 Update Reverse Page;Update Reverse Page; C:\Program Files (x86)\Reverse Page\updateReversePage.exe [2015-02-17 399096]

R2 Util Reverse Page;Util Reverse Page; C:\Program Files (x86)\Reverse Page\bin\utilReversePage.exe [2015-02-17 399096]

R2 WindowsMangerProtect;WindowsMangerProtect Service; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [2015-02-08 487056]

R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2010-09-17 735288]

S2 globalUpdate;globalUpdate Update Service (globalUpdate); C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-02-15 68608]

S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-24 107912]

S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-07 267440]

S3 globalUpdatem;globalUpdate Update Service (globalUpdatem); C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-02-15 68608]

S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-24 107912]

S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2015-01-23 194032]

S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-01-12 114688]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-11-26 1255736]

 

-----------------EOF-----------------

 

[kape]

Het is niet de eerste keer dat we je hier met virussen zien opdagen. Maar er is ook nergens een antivirusprogramma op deze PC te bemerken, tenzij je mij kan overtuigen dat dit wél het geval is. Dan graag even een toelichting over welk programma en hoe actueel dat is ? Maar laat me sterk betwijfelen of daar een positief antwoord op komt. Dus toch maar best eentje installeren ... en dat kan zelfs gratis met AVG, Antivir of Avast.

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

Download Zoek.exe naar het bureaublad (niet de .zip- of .rar-versie)

• Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
• Dubbelklik op Zoek.exe om de tool te starten.
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C};c
C:\Program Files (x86)\XTab;fs
TornTv Downloader;s
C:\Users\yassine\AppData\Roaming\TornTV.com;fs
globalUpdate;s
globalUpdatem;s
C:\Program Files (x86)\globalUpdate;fs
IHProtect Service;s
Trntv;s
Update Reverse Page;s
Util Reverse Page;s
C:\Program Files (x86)\Reverse Page;fs
WindowsMangerProtect;s
C:\ProgramData\WindowsMangerProtect;fs
C:\Program Files (x86)\TornPlusTV_version1.11;fs
C:\Program Files (x86)\DriverUpdate;fs
C:\Windows\tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-1-6.job;f
C:\Windows\tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-1-7.job;f
C:\Windows\tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-10_user.job;f
C:\Windows\tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-5.job;f
C:\Windows\tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-5_user.job;f
C:\Windows\tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-6.job;f
C:\Windows\tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-7.job;f
C:\Windows\tasks\DriverUpdate Scan.job;f
C:\Windows\tasks\DriverUpdate Startup.job;f
C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job;f
C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job;f
C:\Windows\tasks\JTOV.job;f
C:\Users\yassine\AppData\Roaming\JTOV.exe;f
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}];r64
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83dc36e5-db3f-461a-8fbc-245e44000b1f}];r64
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run];r64
"TornTv Downloader"=-;r64
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows];r64
"AppInit_DLLs"=-,r64
C:\ProgramData\fd5de37200000a7e;fs
C:\Program Files (x86)\daf5332a-04c3-4f6e-907f-586f67b8798e;fs
CHRdefaults;
C:\ProgramData\IHProtectUpDate
C:\Users\yassine\AppData\Roaming\key-find;fs
C:\ProgramData\SlimWare Utilities Inc;fs
C:\Program Files\SlimService;fs
C:\Program Files\SlimCleaner Plus;fs
C:\Program Files (x86)\DriverUpdate;fs
C:\DelFix.txt;f
emptyfolderscheck;delete
startupall;
filesrcm;

• Klik op de knop "More options" en vink nu de onderstaande opties aan.
• Do a Quick Scan
• Auto Clean
• De optie "Scan All Users" staat standaard aangevinkt.
• Klik nu op de knop "Run script".
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
• Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
• Post het geopende logje in het volgende bericht als bijlage.

Zoek.exe logbestand plaatsen

• Voeg het logbestand met de naam "Zoek-results.log" als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden op de systeemschijf als C:\Zoek-results.log.)
• Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.

[samey]

 

Zoek.exe v5.0.0.0 Updated 17-February-2015

Tool run by yassine on wo 18/02/2015 at 13:54:40,09.

Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\yassine\Downloads\zoek.exe [scan all users] [script inserted] [Checkboxes used]

 

==== System Restore Info ======================

 

18/02/2015 13:56:53 Zoek.exe System Restore Point Created Succesfully.

 

==== Empty Folders Check ======================

 

C:\Users\yassine\AppData\Roaming\hpqLog deleted successfully

C:\Users\yassine\AppData\Local\Adobe deleted successfully

C:\Users\yassine\AppData\Local\GGEmpire deleted successfully

C:\Users\yassine\AppData\Local\StormFall deleted successfully

C:\Users\yassine\AppData\Local\VirtualStore deleted successfully

 

==== Deleting CLSID Registry Keys ======================

 

HKEY_USERS\S-1-5-21-2682619030-2652341359-2438336200-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully

HKEY_USERS\S-1-5-21-2682619030-2652341359-2438336200-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully

HKEY_USERS\S-1-5-21-2682619030-2652341359-2438336200-1000\Software\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} deleted successfully

HKEY_USERS\S-1-5-21-2682619030-2652341359-2438336200-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully

HKEY_USERS\S-1-5-21-2682619030-2652341359-2438336200-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} deleted successfully

HKEY_USERS\S-1-5-21-2682619030-2652341359-2438336200-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully

HKEY_USERS\S-1-5-21-2682619030-2652341359-2438336200-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully

 

==== Deleting CLSID Registry Values ======================

 

 

==== Deleting Services ======================

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\globalUpdate deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\globalUpdate deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\globalUpdatem deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\globalUpdatem deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IHProtect Service deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IHProtect Service deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Trntv deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Trntv deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update Reverse Page deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update Reverse Page deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Update Reverse Page deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Update Reverse Page deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util Reverse Page deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util Reverse Page deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Util Reverse Page deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Util Reverse Page deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\WindowsMangerProtect deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WindowsMangerProtect deleted successfully

 

==== Registry Fix Code ======================

 

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command]

@="C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]

@="C:\\Program Files\\Internet Explorer\\iexplore.exe"

 

==== Registry Fix Code x64 ======================

 

Windows Registry Editor Version 5.00

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}] 

[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83dc36e5-db3f-461a-8fbc-245e44000b1f}] 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] 

"TornTv Downloader"=- 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 

 

==== Deleting Files \ Folders ======================

 

C:\Program Files (x86)\XTab deleted

C:\Users\yassine\AppData\Roaming\TornTV.com deleted

C:\Program Files (x86)\globalUpdate deleted

C:\ProgramData\WindowsMangerProtect deleted

C:\ProgramData\fd5de37200000a7e deleted

C:\Program Files (x86)\daf5332a-04c3-4f6e-907f-586f67b8798e deleted

C:\Users\yassine\AppData\Roaming\key-find deleted

C:\ProgramData\SlimWare Utilities Inc deleted

C:\Program Files (x86)\CyberLink\869180b0-c1ce-4587-ba09-b3bff4cf5625.dll deleted

C:\Program Files (x86)\CyberLink\daf5332a-04c3-4f6e-907f-586f67b8798e.dll deleted

C:\PROGRA~3\IHProtectUpDate deleted

C:\Users\yassine\AppData\Local\globalUpdate deleted

C:\Users\yassine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url deleted

C:\Users\yassine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com deleted

C:\Windows\Tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-1-6.job deleted

C:\Windows\Tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-1-7.job deleted

C:\Windows\Tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-10_user.job deleted

C:\Windows\Tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-5.job deleted

C:\Windows\Tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-5_user.job deleted

C:\Windows\Tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-6.job deleted

C:\Windows\Tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-7.job deleted

C:\windows\SysNative\Tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-1-6 deleted

C:\windows\SysNative\Tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-1-7 deleted

C:\windows\SysNative\Tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-10_user deleted

C:\windows\SysNative\Tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-5 deleted

C:\windows\SysNative\Tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-5_user deleted

C:\windows\SysNative\Tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-6 deleted

C:\windows\SysNative\Tasks\7478ed61-6d44-4df4-97f5-84cb4715dac9-7 deleted

C:\Windows\tasks\JTOV.job deleted

C:\windows\SysNative\tasks\JTOV deleted

C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job deleted

C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job deleted

C:\windows\SysNative\tasks\globalUpdateUpdateTaskMachineCore deleted

C:\windows\SysNative\tasks\globalUpdateUpdateTaskMachineUA deleted

C:\windows\SysNative\drivers\{3ad5a8e4-b8a3-4333-9022-726dc1eda808}Gw64.sys deleted

C:\windows\SysNative\drivers\{3e26b928-0db2-4fd1-bc29-c87d5b3a0564}Gw64.sys deleted

C:\windows\SysNative\GroupPolicy\machine deleted

C:\windows\SysNative\GroupPolicy\gpt.ini deleted

C:\Users\yassine\Documents\Optimizer Pro deleted

C:\Users\yassine\Desktop\Torntv Downloader.lnk deleted

C:\Users\yassine\AppData\Roaming\JTOV.exe deleted

"C:\Windows\tasks\DriverUpdate Scan.job" deleted

"C:\Windows\tasks\DriverUpdate Startup.job" deleted

"C:\DelFix.txt" deleted

"C:\Users\yassine\AppData\Roaming\JTOV" deleted

"C:\Program Files (x86)\Reverse Page\updateReversePage.exe" deleted

"C:\Program Files (x86)\TornPlusTV_version1.11\7478ed61-6d44-4df4-97f5-84cb4715dac9-1-6.exe" deleted

"C:\Program Files (x86)\TornPlusTV_version1.11\7478ed61-6d44-4df4-97f5-84cb4715dac9-10.exe" deleted

"C:\Program Files (x86)\TornPlusTV_version1.11\7478ed61-6d44-4df4-97f5-84cb4715dac9-6.exe" deleted

"C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe" deleted

"C:\Program Files\SlimService\icudt46l.dat" deleted

"C:\Program Files\SlimService\MyDefragDll.dll" deleted

"C:\Program Files\SlimService\SlimService.exe" deleted

"C:\Program Files\SlimService\SlimServiceFactory.exe" deleted

"C:\Program Files\SlimCleaner Plus\default.ui" deleted

"C:\Program Files\SlimCleaner Plus\main.ui" deleted

"C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe" deleted

"C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe" deleted

"C:\PROGRA~2\TornPlusTV_version1.11\7478ed61-6d44-4df4-97f5-84cb4715dac9-1-6.exe" deleted

"C:\PROGRA~2\TornPlusTV_version1.11\7478ed61-6d44-4df4-97f5-84cb4715dac9-10.exe" deleted

"C:\PROGRA~2\TornPlusTV_version1.11\7478ed61-6d44-4df4-97f5-84cb4715dac9-6.exe" deleted

"C:\PROGRA~2\Reverse Page\updateReversePage.exe" deleted

"C:\Program Files (x86)\Reverse Page\bin\3e26b9280db24fd1bc29c87d5b3a0564.dll" deleted

"C:\Program Files (x86)\Reverse Page\bin\3e26b9280db24fd1bc29c87d5b3a056464.dll" deleted

"C:\Program Files (x86)\Reverse Page\bin\ReversePage.BOASHelper.exe" deleted

"C:\Program Files (x86)\Reverse Page\bin\ReversePage.BrowserAdapter.exe" deleted

"C:\Program Files (x86)\Reverse Page\bin\ReversePage.BrowserAdapter64.exe" not deleted

"C:\Program Files (x86)\Reverse Page\bin\ReversePage.expext.exe" not deleted

"C:\Program Files (x86)\Reverse Page\bin\ReversePage.expextdll.dll" not deleted

"C:\Program Files (x86)\Reverse Page\bin\ReversePage.PurBrowse64.exe" deleted

"C:\Program Files (x86)\Reverse Page\bin\utilReversePage.exe" deleted

"C:\Program Files\SlimCleaner Plus\locales\nl.pak" deleted

"C:\PROGRA~2\Reverse Page\bin\3e26b9280db24fd1bc29c87d5b3a0564.dll" deleted

"C:\PROGRA~2\Reverse Page\bin\3e26b9280db24fd1bc29c87d5b3a056464.dll" deleted

"C:\PROGRA~2\Reverse Page\bin\ReversePage.BOASHelper.exe" deleted

"C:\PROGRA~2\Reverse Page\bin\ReversePage.BrowserAdapter.exe" deleted

"C:\PROGRA~2\Reverse Page\bin\ReversePage.BrowserAdapter64.exe" not deleted

"C:\PROGRA~2\Reverse Page\bin\ReversePage.expext.exe" not deleted

"C:\PROGRA~2\Reverse Page\bin\ReversePage.expextdll.dll" not deleted

"C:\PROGRA~2\Reverse Page\bin\ReversePage.PurBrowse64.exe" deleted

"C:\PROGRA~2\Reverse Page\bin\utilReversePage.exe" deleted

"C:\Program Files (x86)\Reverse Page" not deleted

"C:\Program Files (x86)\TornPlusTV_version1.11" not deleted

"C:\Program Files (x86)\DriverUpdate" deleted

"C:\Program Files\SlimService" not deleted

"C:\Program Files\SlimCleaner Plus" deleted

"C:\Program Files (x86)\DriverUpdate" deleted

"C:\PROGRA~2\TornPlusTV_version1.11" not deleted

"C:\PROGRA~2\Reverse Page" not deleted

"C:\Program Files (x86)\Reverse Page\bin" not deleted

"C:\Program Files\SlimCleaner Plus\locales" deleted

"C:\PROGRA~2\Reverse Page\bin" not deleted

 

==== Files Recently Created / Modified ======================

 

====== C:\Windows ====

====== C:\Users\yassine\AppData\Local\Temp ====

2015-02-15 21:39:05 55BAE15D523E4FABAA551023703D3FD9 2463384 ----a-w- C:\Users\yassine\AppData\Local\Temp\Wtmp3808561\tmp\XTab_v4.0.exe

2015-02-15 20:10:50 FEFEF2F226FD6BE184BC4A3378B02AAF 155648 ----a-w- C:\Users\yassine\AppData\Local\Temp\comh.245237\psmachine.dll

2015-02-15 20:10:50 FC7A2F466F7A0F3E873077505719C1A1 143360 ----a-w- C:\Users\yassine\AppData\Local\Temp\comh.245237\GoogleUpdateHelper.msi

2015-02-15 20:10:50 F98DE4108614E4BB81E95E58E36C7000 46080 ----a-w- C:\Users\yassine\AppData\Local\Temp\comh.245237\GoogleUpdateBroker.exe

2015-02-15 20:10:50 D858BA2EE718B1DB1CED20646E641D08 68608 ----a-w- C:\Users\yassine\AppData\Local\Temp\comh.245237\GoogleUpdate.exe

2015-02-15 20:10:50 8D90BB3A36521B50D0E512A781E36871 155648 ----a-w- C:\Users\yassine\AppData\Local\Temp\comh.245237\psuser.dll

2015-02-15 20:10:50 7E767B342E55EB1DFD74A65D24EA4B70 46080 ----a-w- C:\Users\yassine\AppData\Local\Temp\comh.245237\GoogleUpdateOnDemand.exe

2015-02-15 20:10:50 571A0327DFB906466645938B4D0EDF2F 761856 ----a-w- C:\Users\yassine\AppData\Local\Temp\comh.245237\goopdate.dll

2015-02-15 20:10:50 0C0E5B63A0A2394FC05A9FF63BD08013 220672 ----a-w- C:\Users\yassine\AppData\Local\Temp\comh.245237\npGoogleUpdate4.dll

2015-02-15 20:10:50 03114DADBD9977FC823F95B21FB987E7 72872 ----a-w- C:\Users\yassine\AppData\Local\Temp\comh.245237\GoogleCrashHandler.exe

2015-02-15 15:01:12 D7448DB479552A878E799F71E55EE0E7 459648 ----a-w- C:\Users\yassine\AppData\Local\Temp\ttv.exe

2015-02-08 21:52:16 55BAE15D523E4FABAA551023703D3FD9 2463384 ----a-w- C:\Users\yassine\AppData\Local\Temp\158AF40F-387C-4D75-B9F1-9186769876B9mp\tmp\XTab_v4.0.exe

2015-02-08 21:51:35 F20505FD62EE4534C005FDB8B76C6508 5645952 ----a-w- C:\Users\yassine\AppData\Local\Temp\optprosetup.exe

2015-02-08 21:47:53 5CA9819F8E7E44D7C197DCB57C897960 46903296 ----a-w- C:\Users\yassine\AppData\Local\Temp\SIOUT10718563\SlimCleanerPlus.msi

2015-02-08 21:47:28 D04925BD3CBCD7981A7C66871B8F0D0C 56672 ----a-w- C:\Users\yassine\AppData\Local\Temp\scp344D.tmp.exe

====== Java Cache =====

====== C:\Windows\SysWOW64 =====

2015-02-12 13:05:00 4FD3763F3917201856B0CBCE310003EA 4300800 ----a-w- C:\Windows\SysWOW64\jscript9.dll

2015-02-12 13:05:00 01BD2653F2185218837CF4A175617F8A 620032 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll

2015-02-11 12:27:18 F3F6BE20A03215209B61CA85B4A83E1F 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll

2015-02-11 12:27:18 C256EFD3655EC782F8094E96094E8F9E 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll

2015-02-11 12:27:18 B63A6FF4339C9B701A93D3973C7FB6D2 550912 ----a-w- C:\Windows\SysWOW64\kerberos.dll

2015-02-11 12:27:18 A12D64A94EC57079C2D96A741CB4FF53 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll

2015-02-11 12:27:18 7D94A9161E8432B8521E60E064B1D737 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll

2015-02-11 12:27:18 7C893DBA0A58855A99DA68B751FD223B 248832 ----a-w- C:\Windows\SysWOW64\schannel.dll

2015-02-11 12:27:18 3BB446DE24501FEA5FDB9A9DB23A22AE 221184 ----a-w- C:\Windows\SysWOW64\ncrypt.dll

2015-02-11 12:27:10 E1A4D24281526DDFEA418F729CDA9DC6 30720 ----a-w- C:\Windows\SysWOW64\iernonce.dll

2015-02-11 12:27:10 D87759889FE7BCAE4461439139E62BAA 76288 ----a-w- C:\Windows\SysWOW64\mshtmled.dll

2015-02-11 12:27:10 B0F7BD3492C2D60A70F15AEADCE1E2A6 47616 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll

2015-02-11 12:27:09 94B1F7CE1AAA5542923E0AD63C4D0050 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2015-02-11 12:27:09 8E8137569741D3693F88DDF94CC38C20 1307136 ----a-w- C:\Windows\SysWOW64\urlmon.dll

2015-02-11 12:27:09 74EA6C792F57E453261DA210C1BCEB53 342712 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll

2015-02-11 12:27:09 6FA05244FD2E40A3DC08337146B3C425 285696 ----a-w- C:\Windows\SysWOW64\dxtrans.dll

2015-02-11 12:27:09 3B9EF1B8E154D202D32A7765E2F33554 64000 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll

2015-02-11 12:27:08 8FBC9680719ACDA9351B67D906C682F4 688640 ----a-w- C:\Windows\SysWOW64\msfeeds.dll

2015-02-11 12:27:08 61C74D794C14E9FC94D93F5F0F72A3F9 19740160 ----a-w- C:\Windows\SysWOW64\mshtml.dll

2015-02-11 12:27:07 FD6AF61AF029B9BC2CF4EFF57CDD5821 710144 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll

2015-02-11 12:27:07 AD3F5926EC2C1F21FB45D1CDED6E2A47 2052608 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl

2015-02-11 12:27:07 5FB7E9786F70F4072663746072C9E6CE 62464 ----a-w- C:\Windows\SysWOW64\iesetup.dll

2015-02-11 12:27:07 47B26D89EF9973E2DD586D0C827F61A9 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb

2015-02-11 12:27:06 EF05E63ACC834470A07A2E73D519B5FA 418304 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll

2015-02-11 12:27:06 9A91F9B5035F54C2D0BA92CF9B16EE34 2277888 ----a-w- C:\Windows\SysWOW64\iertutil.dll

2015-02-11 12:27:06 994E7459260D315573DD72783D1B78A7 478208 ----a-w- C:\Windows\SysWOW64\ieui.dll

2015-02-11 12:27:06 55A84600EAAF8F1D3F0E6206E2EF6D48 47104 ----a-w- C:\Windows\SysWOW64\jsproxy.dll

2015-02-11 12:27:06 28B2D3CB1B4306D476200D80AF7D87AD 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe

2015-02-11 12:27:05 78A1A938D51D4F83A772123B93EE1612 12829184 ----a-w- C:\Windows\SysWOW64\ieframe.dll

2015-02-11 12:27:03 F285D499EC42969D963CA49EADA63218 1888256 ----a-w- C:\Windows\SysWOW64\wininet.dll

2015-02-11 12:27:03 9DEE691C8FDBC2DE6957F1AE873C78FC 503296 ----a-w- C:\Windows\SysWOW64\vbscript.dll

2015-02-11 12:27:03 180168942E4A133C55E7BBF17DA3C142 1155072 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll

2015-02-11 12:27:02 6F10743069DFFC56DEE079204960844E 168960 ----a-w- C:\Windows\SysWOW64\msrating.dll

2015-02-11 12:26:30 6D227897A458DA8A9518DACDC88F1947 3917760 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe

2015-02-11 12:26:30 62C93E47A424A8EC79F3CF1719A2DCC6 3972544 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe

2015-02-11 12:26:29 97B7E7E3356F7F7FE5B948AB3ED707DD 43008 ----a-w- C:\Windows\SysWOW64\srclient.dll

2015-02-11 12:25:53 B3BC38B886CA53C92D52EF724A9F0D45 308224 ----a-w- C:\Windows\SysWOW64\scesrv.dll

2015-02-11 12:25:50 F2A743912D404A8866362836CFE7A648 686080 ----a-w- C:\Windows\SysWOW64\adtschema.dll

2015-02-11 12:25:49 F312300F29620F74E3AF3AF018151935 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll

2015-02-11 12:25:49 F29BC66CE4A5507A49FB20744A056E61 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll

2015-02-11 12:25:49 4E6934926B4C923CC0FF61C6D77814EF 50176 ----a-w- C:\Windows\SysWOW64\auditpol.exe

2015-02-11 12:25:49 43791D2F736C4E9BE9FE0B33A1E92A5D 60416 ----a-w- C:\Windows\SysWOW64\msobjs.dll

2015-02-11 12:25:49 36F152AE2F64B12771A44EA77124332B 146432 ----a-w- C:\Windows\SysWOW64\msaudite.dll

2015-02-11 12:25:15 793F6658ED65839FDB2957A4884CB63C 1230336 ----a-w- C:\Windows\SysWOW64\WindowsCodecs.dll

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

2015-02-12 13:05:00 D363FBB2D0223956FF61ADBDBF5499B1 814080 ----a-w- C:\Windows\Sysnative\jscript9diag.dll

2015-02-12 13:05:00 16ACAA0C01F31B39F39446188F6A3593 6041600 ----a-w- C:\Windows\Sysnative\jscript9.dll

2015-02-11 12:27:18 DDACB408E607655EC64269706BFD504C 341504 ----a-w- C:\Windows\Sysnative\schannel.dll

2015-02-11 12:27:18 C1F9E139B8AE80803CE44DC0377CA342 728064 ----a-w- C:\Windows\Sysnative\kerberos.dll

2015-02-11 12:27:18 A46A6C5AD462071B718EBF3C9E117849 309760 ----a-w- C:\Windows\Sysnative\ncrypt.dll

2015-02-11 12:27:18 8F33880F1863BE3925D3A0121FAC5E8F 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll

2015-02-11 12:27:18 6A06BCED1DF1CFE8A32E7D10ABAA7188 314880 ----a-w- C:\Windows\Sysnative\msv1_0.dll

2015-02-11 12:27:18 5350A548BEC957978B7014CDFF091542 210944 ----a-w- C:\Windows\Sysnative\wdigest.dll

2015-02-11 12:27:18 22E30E28865C32C3CF4F4E0E7E277FDC 22016 ----a-w- C:\Windows\Sysnative\credssp.dll

2015-02-11 12:27:10 71EBA93C5322A52A7E177E03E1AE7161 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll

2015-02-11 12:27:10 01A314677CC80041A63ED109B56A76B0 114688 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe

2015-02-11 12:27:09 F42B1DAAB5B7621341243878180446CD 34304 ----a-w- C:\Windows\Sysnative\iernonce.dll

2015-02-11 12:27:09 92BD5080B81EDFA32B0CEE8B923D62C3 77824 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll

2015-02-11 12:27:09 8076BB31004C1D763D5D4AEF9F0BDD4B 718848 ----a-w- C:\Windows\Sysnative\ie4uinit.exe

2015-02-11 12:27:09 68A2B96528F58D995882FBEB4D9658A5 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb

2015-02-11 12:27:07 1D824B5A200C284E1A546C2C50704471 389808 ----a-w- C:\Windows\Sysnative\iedkcs32.dll

2015-02-11 12:27:06 DF39C79DFC1C063493D2DB9B3237B29F 316928 ----a-w- C:\Windows\Sysnative\dxtrans.dll

2015-02-11 12:27:06 CB2528D522FF1F5A7BF9B27D2FB250FF 1548288 ----a-w- C:\Windows\Sysnative\urlmon.dll

2015-02-11 12:27:06 97F037E09A706ACDA681D740DEE16AE4 968704 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe

2015-02-11 12:27:06 76DB5845E168173BBA2D3CCC4B363E42 801280 ----a-w- C:\Windows\Sysnative\msfeeds.dll

2015-02-11 12:27:06 2E4F8664B54426C2F5523665B279E984 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll

2015-02-11 12:27:05 7A388AFC6885D22F4D988EE9B8D1291A 800768 ----a-w- C:\Windows\Sysnative\ieapfltr.dll

2015-02-11 12:27:05 512DD29CE6CDCB22EA615286DA7022E7 66560 ----a-w- C:\Windows\Sysnative\iesetup.dll

2015-02-11 12:27:04 A7A3775B0014B165D75A00A1F632E4B5 2885632 ----a-w- C:\Windows\Sysnative\iertutil.dll

2015-02-11 12:27:04 15842FB41A3BF2A2F5071518B38C957A 2125824 ----a-w- C:\Windows\Sysnative\inetcpl.cpl

2015-02-11 12:27:02 D7922F3AC6BF1EA77240E0061D648174 490496 ----a-w- C:\Windows\Sysnative\dxtmsft.dll

2015-02-11 12:27:02 CA3F410410DE9E5234217D33B9628224 633856 ----a-w- C:\Windows\Sysnative\ieui.dll

2015-02-11 12:27:02 A7814E76ED4ACE0694A83F6E4B6A7272 144384 ----a-w- C:\Windows\Sysnative\ieUnatt.exe

2015-02-11 12:27:02 6916B0663357B183B120D1A4DD7DDAB0 54784 ----a-w- C:\Windows\Sysnative\jsproxy.dll

2015-02-11 12:27:01 E0F76B5B904E4F448641B2B506496351 14401024 ----a-w- C:\Windows\Sysnative\ieframe.dll

2015-02-11 12:27:00 A04F0C4A0B80C92F92E854E7157D6466 92160 ----a-w- C:\Windows\Sysnative\mshtmled.dll

2015-02-11 12:27:00 4CE68D160D80AF6C9FDB5C60BA087DA5 1359360 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll

2015-02-11 12:26:59 BF57C911895454A8874E9DFA5716C624 584192 ----a-w- C:\Windows\Sysnative\vbscript.dll

2015-02-11 12:26:59 9DFE41A69DF70AAB75CB5BA8C1109EA2 2358272 ----a-w- C:\Windows\Sysnative\wininet.dll

2015-02-11 12:26:58 47162151E35EA0B7152B7C841FA21FDB 88064 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll

2015-02-11 12:26:58 4701399F7BA312353ADE8225F6EB512B 199680 ----a-w- C:\Windows\Sysnative\msrating.dll

2015-02-11 12:26:57 CD726C899BD9A398E8420564A957320B 25056256 ----a-w- C:\Windows\Sysnative\mshtml.dll

2015-02-11 12:26:31 9819614CA9EFB5A96493B379170B9D89 5554112 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe

2015-02-11 12:26:29 F7A3018D8F1825427BC11E912D5287CD 296960 ----a-w- C:\Windows\Sysnative\rstrui.exe

2015-02-11 12:26:29 D6CDCAF84810641D1D2B455750825ACA 50176 ----a-w- C:\Windows\Sysnative\srclient.dll

2015-02-11 12:26:29 0147AA370862201A443752351F135D31 503808 ----a-w- C:\Windows\Sysnative\srcore.dll

2015-02-11 12:25:53 FE72C89986E1BA32AD926A820491F23F 406528 ----a-w- C:\Windows\Sysnative\scesrv.dll

2015-02-11 12:25:50 C97662B6752BFEF07C565D96E8ECC98F 1461760 ----a-w- C:\Windows\Sysnative\lsasrv.dll

2015-02-11 12:25:50 6EAD88B508E4785F4AFDFD24F76E8839 686080 ----a-w- C:\Windows\Sysnative\adtschema.dll

2015-02-11 12:25:49 E0105F3B5B1C4B0F5B3D788A13504EC6 31232 ----a-w- C:\Windows\Sysnative\lsass.exe

2015-02-11 12:25:49 BE4927689BA39E18A104986CB1363C97 146432 ----a-w- C:\Windows\Sysnative\msaudite.dll

2015-02-11 12:25:49 94C6BCF9212E20866AC1558A32E9F228 28160 ----a-w- C:\Windows\Sysnative\secur32.dll

2015-02-11 12:25:49 857CED230A6B87E84FCA04B472A3CB1A 136192 ----a-w- C:\Windows\Sysnative\sspicli.dll

2015-02-11 12:25:49 51BB93FF96AE3882B4AF7CA11000D3A3 64000 ----a-w- C:\Windows\Sysnative\auditpol.exe

2015-02-11 12:25:49 2EE57F4491A402C04FCAA7D012493884 29184 ----a-w- C:\Windows\Sysnative\sspisrv.dll

2015-02-11 12:25:49 1798826FE9FFEA9E93E74A5868559D4A 60416 ----a-w- C:\Windows\Sysnative\msobjs.dll

2015-02-11 12:25:16 4861B9AF67E1B0154A55FDE4B3A61EB9 1424384 ----a-w- C:\Windows\Sysnative\WindowsCodecs.dll

2015-02-11 12:24:11 DF07110F77639E73D0537188703F44F6 3201536 ----a-w- C:\Windows\Sysnative\win32k.sys

====== C:\Windows\Sysnative\drivers =====

2015-02-11 12:25:50 E45CDE1C8340DFEDF1D6724263F39E5B 458824 ----a-w- C:\Windows\Sysnative\drivers\cng.sys

2015-02-11 12:25:50 C60C6B9A2E50B0404F6789C62B428C03 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys

2015-02-11 12:25:49 78D152A9FD5747FF6AA89C79F0346F62 155072 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys

2015-02-08 21:47:32 F86D3216B54CCBB45022011B3C276C43 16152 ----a-w- C:\Windows\Sysnative\drivers\SWDUMon.sys

====== C:\Windows\Tasks ======

2015-02-08 23:57:41 D8621573088E5C56CAB6BBFF2E556F2B 3036 ----a-w- C:\Windows\Sysnative\Tasks\SlimCleaner Plus (Scheduled Scan - yassine)

2015-02-08 23:57:40 59F6DA8D6674C44E1F4CA99C356D139F 370 ----a-w- C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - yassine).job

2015-01-23 19:05:49 D4B66BB812DDC59F71AB9759BA0E080B 3634 ----a-w- C:\Windows\Sysnative\Tasks\HPCustParticipation HP Deskjet 1000 J110 series

2015-01-23 18:59:30 9590FF01D43136DC6AEBD15FB68F59B7 940 ----a-w- C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-01-23 18:59:30 7B4041307E7801F5874A3B391550F43E 3878 ----a-w- C:\Windows\Sysnative\Tasks\Adobe Flash Player Updater

====== C:\Windows\Temp ======

======= C:\Program Files =====

2015-02-08 21:47:54 -------- d-----w- C:\Program Files\SlimService

2015-01-23 19:05:39 -------- d-----w- C:\Program Files\HP

2015-01-23 18:59:39 -------- d-----w- C:\Program Files\Google

2015-01-19 20:36:19 -------- d-----w- C:\Program Files\trend micro

======= C:\PROGRA~2 =====

2015-02-15 20:11:38 -------- d-----w- C:\PROGRA~2\Reverse Page

2015-02-15 20:10:48 -------- d-----w- C:\PROGRA~2\TornPlusTV_version1.11

2015-02-09 00:49:26 -------- d-----w- C:\PROGRA~2\OpenOffice 4

2015-01-23 19:05:57 -------- d-----w- C:\PROGRA~2\HP Photo Creations

2015-01-23 19:05:40 -------- d-----w- C:\PROGRA~2\HP

2015-01-21 18:32:28 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype

2015-01-21 18:32:27 -------- d-----r- C:\PROGRA~2\Skype

======= C: =====

====== C:\Users\yassine\AppData\Roaming ======

2015-02-09 00:50:24 -------- d-----w- C:\Users\yassine\AppData\Roaming\OpenOffice

2015-02-08 21:47:53 -------- d-----w- C:\Users\yassine\AppData\Local\Downloaded Installers

2015-02-08 21:47:32 -------- d-----w- C:\Users\yassine\AppData\Local\SlimWare Utilities Inc

2015-02-08 01:48:25 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google

2015-01-23 19:05:58 -------- d-----w- C:\Users\yassine\AppData\Locallow\Hewlett-Packard

2015-01-23 19:05:50 -------- d-----w- C:\Users\yassine\AppData\Roaming\HpUpdate

2015-01-23 19:05:01 -------- d-----w- C:\Users\yassine\AppData\Local\HP

2015-01-23 19:00:22 -------- d-----w- C:\Users\yassine\AppData\Roaming\Google

2015-01-21 19:04:07 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp

2015-01-21 19:04:07 -------- d-----w- C:\Users\yassine\AppData\Local\Temp

2015-01-21 19:04:07 -------- d-----w- C:\Users\Default\AppData\Local\Temp

2015-01-21 19:04:07 -------- d-----w- C:\Users\Default User\AppData\Local\Temp

2015-01-21 18:32:40 -------- d-----w- C:\Users\yassine\AppData\Local\Skype

2015-01-21 18:32:36 -------- d-----w- C:\Users\yassine\AppData\Roaming\Skype

2015-01-21 15:33:23 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp

2015-01-20 21:00:14 A356CC5CC8BA2EF59BE343527045D626 11509994 ----a-w- C:\Users\yassine\AppData\Local\package.nw.new

====== C:\Users\yassine ======

2015-02-18 00:27:25 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\yassine\Downloads\RSITx64 (2).exe

2015-02-18 00:13:09 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\yassine\Downloads\RSITx64 (1).exe

2015-02-17 23:57:16 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\yassine\Downloads\RSITx64.exe

2015-02-15 21:40:32 E0E633E7219A0A4C8A3B9F7DE8AF846E 513736 ----a-w- C:\Users\yassine\Downloads\YourDownload (6).exe

2015-02-15 21:38:34 E0E633E7219A0A4C8A3B9F7DE8AF846E 513736 ----a-w- C:\Users\yassine\Downloads\YourDownload (5).exe

2015-02-15 21:38:10 E0E633E7219A0A4C8A3B9F7DE8AF846E 513736 ----a-w- C:\Users\yassine\Downloads\YourDownload (4).exe

2015-02-15 21:37:21 E0E633E7219A0A4C8A3B9F7DE8AF846E 513736 ----a-w- C:\Users\yassine\Downloads\YourDownload (3).exe

2015-02-15 20:10:07 E0E633E7219A0A4C8A3B9F7DE8AF846E 513736 ----a-w- C:\Users\yassine\Downloads\YourDownload (2).exe

2015-02-15 20:08:35 E0E633E7219A0A4C8A3B9F7DE8AF846E 513736 ----a-w- C:\Users\yassine\Downloads\YourDownload (1).exe

2015-02-15 19:57:46 E0E633E7219A0A4C8A3B9F7DE8AF846E 513736 ----a-w- C:\Users\yassine\Downloads\YourDownload.exe

2015-02-09 00:49:46 -------- d-s---w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1

2015-02-09 00:45:59 41C25B061772336930C28DBC828BB023 138907477 ----a-w- C:\Users\yassine\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_nl.exe

2015-02-08 21:50:45 CCD0DC94B78091A3F2D38AF0E08834D8 783616 ----a-w- C:\Users\yassine\Downloads\microsoft_office.exe

2015-02-08 21:47:55 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimCleaner Plus

2015-02-08 21:47:30 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate

2015-02-08 21:47:28 -------- d-----w- C:\Users\Public\Documents\Downloaded Installers

2015-02-08 21:47:09 D0EE837C6FA3712D461F4A78F0590905 834360 ----a-w- C:\Users\yassine\Downloads\DriverUpdate-setup.exe

2015-01-23 19:05:57 -------- d-----w- C:\ProgramData\Visan

2015-01-23 19:05:57 -------- d-----w- C:\ProgramData\HP Photo Creations

2015-01-23 19:05:39 -------- d-----w- C:\ProgramData\HP

2015-01-23 19:05:35 C6C86C8A8EBD81469F9C110702438405 57 ----a-w- C:\ProgramData\Ament.ini

2015-01-23 18:59:35 -------- d-----w- C:\ProgramData\Google

2015-01-21 18:32:28 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2015-01-21 18:32:23 -------- d-----w- C:\ProgramData\Skype

 

====== C: exe-files ==

2015-02-18 13:18:01 FDADF069BA0260755FB5899B36B9A7D4 1786616 ----a-w- C:\Program Files (x86)\Reverse Page\bin\ReversePage.BOASPRT.exe

2015-02-18 13:18:01 E3966CC7F2C24030E5A028B12E5159E7 1649912 ----a-w- C:\Program Files (x86)\Reverse Page\bin\ReversePage.BOASHelper.exe

2015-02-18 13:18:01 6BC6236F8195C92B6875A67FBAEC7254 1791224 ----a-w- C:\Program Files (x86)\Reverse Page\bin\ReversePage.BOAS.exe

2015-02-18 13:17:46 72639229960302722F2CAD117581874E 105720 ----a-w- C:\Program Files (x86)\Reverse Page\bin\ReversePage.BrowserAdapter.exe

2015-02-18 00:27:25 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\yassine\Downloads\RSITx64 (2).exe

2015-02-18 00:13:09 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\yassine\Downloads\RSITx64 (1).exe

2015-02-17 23:57:16 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\yassine\Downloads\RSITx64.exe

2015-02-15 21:40:32 E0E633E7219A0A4C8A3B9F7DE8AF846E 513736 ----a-w- C:\Users\yassine\Downloads\YourDownload (6).exe

2015-02-15 21:39:05 9990A2C377418FF6DCD822323036F6BA 2463400 ----a-w- C:\Users\yassine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YVPCF97W\XTab_4.0.2.1716[1].exe

2015-02-15 21:39:05 55BAE15D523E4FABAA551023703D3FD9 2463384 ----a-w- C:\Users\yassine\AppData\Local\Temp\Wtmp3808561\tmp\XTab_v4.0.exe

2015-02-15 21:38:46 E876E34992E87644578F4E5D59F9D4A0 827648 ----a-w- C:\Users\yassine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YVPCF97W\TornTVApp[1].exe

2015-02-15 21:38:34 E0E633E7219A0A4C8A3B9F7DE8AF846E 513736 ----a-w- C:\Users\yassine\Downloads\YourDownload (5).exe

2015-02-15 21:38:10 E0E633E7219A0A4C8A3B9F7DE8AF846E 513736 ----a-w- C:\Users\yassine\Downloads\YourDownload (4).exe

2015-02-15 21:37:21 E0E633E7219A0A4C8A3B9F7DE8AF846E 513736 ----a-w- C:\Users\yassine\Downloads\YourDownload (3).exe

2015-02-15 20:18:02 BE69B895895066D1ECD3F2FE2C778307 123128 ----a-w- C:\Program Files (x86)\Reverse Page\bin\ReversePage.BrowserAdapter64.exe

2015-02-15 20:17:59 FCB5742759722250BD04B4C24C4CEE22 101624 ----a-w- C:\Program Files (x86)\Reverse Page\bin\ReversePage.expext.exe

2015-02-15 20:10:50 F98DE4108614E4BB81E95E58E36C7000 46080 ----a-w- C:\Users\yassine\AppData\Local\Temp\comh.245237\GoogleUpdateBroker.exe

2015-02-15 20:10:50 D858BA2EE718B1DB1CED20646E641D08 68608 ----a-w- C:\Users\yassine\AppData\Local\Temp\comh.245237\GoogleUpdate.exe

2015-02-15 20:10:50 7E767B342E55EB1DFD74A65D24EA4B70 46080 ----a-w- C:\Users\yassine\AppData\Local\Temp\comh.245237\GoogleUpdateOnDemand.exe

2015-02-15 20:10:50 03114DADBD9977FC823F95B21FB987E7 72872 ----a-w- C:\Users\yassine\AppData\Local\Temp\comh.245237\GoogleCrashHandler.exe

2015-02-15 20:10:07 E0E633E7219A0A4C8A3B9F7DE8AF846E 513736 ----a-w- C:\Users\yassine\Downloads\YourDownload (2).exe

2015-02-15 20:08:35 E0E633E7219A0A4C8A3B9F7DE8AF846E 513736 ----a-w- C:\Users\yassine\Downloads\YourDownload (1).exe

2015-02-15 19:57:59 FA18A83CD2D176C72692F149C549E247 1374032 ----a-w- C:\Users\yassine\AppData\Roaming\uTorrent\updates\3.4.2_37754.exe

2015-02-15 19:57:46 E0E633E7219A0A4C8A3B9F7DE8AF846E 513736 ----a-w- C:\Users\yassine\Downloads\YourDownload.exe

2015-02-15 15:01:12 D7448DB479552A878E799F71E55EE0E7 459648 ----a-w- C:\Users\yassine\AppData\Local\Temp\ttv.exe

=== C: other files ==

2015-02-18 13:18:01 2CA05FE0268E4C5AA8D3AAD699671828 2411856 ----a-w- C:\Program Files (x86)\Reverse Page\bin\ReversePage.BOAS.zip

2015-02-16 15:44:28 2B4E9A99F48ACE7D3A4C1C1AA74281C7 103 ----a-w- C:\Users\yassine\AppData\Local\Temp\uttF894.tmp.bat

2015-02-15 21:38:59 94B47B3F4E73E60DBAB597C647681F54 444903 ----a-w- C:\Users\yassine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\302KFSKB\2[1].zip

2015-02-15 21:38:51 B94EC7DAD9891CF6E86A97F92E037BD6 2167878 ----a-w- C:\Users\yassine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\302KFSKB\1[1].zip

 

==== Startup Registry Enabled ======================

 

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

 

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

 

[HKEY_USERS\S-1-5-21-2682619030-2652341359-2438336200-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden"

"RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe"

"Gameo"="C:\Users\yassine\AppData\Roaming\Gameo\gameo.exe C:\Users\yassine\AppData\Roaming\Gameo\gameo.dat mode:minimized"

"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"

"SlimCleaner Plus"="C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe /minimize"

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"

 

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

 

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

 

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Quick Launch"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe"

"HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden"

"RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe"

"Gameo"="C:\Users\yassine\AppData\Roaming\Gameo\gameo.exe C:\Users\yassine\AppData\Roaming\Gameo\gameo.dat mode:minimized"

"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"

"SlimCleaner Plus"="C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe /minimize"

 

==== Startup Registry Enabled x64 ======================

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\Windows\system32\igfxtray.exe"

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"

"Persistence"="C:\Windows\system32\igfxpers.exe"

"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"

"HPWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden"

"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

 

==== Task Scheduler Jobs ======================

 

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [07/02/2015 21:08]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [24/11/2014 17:42]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [24/11/2014 17:42]

C:\Windows\tasks\SlimCleaner Plus (Scheduled Scan - yassine).job --a------ C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe []

 

==== Other Scheduled Tasks ======================

 

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\HPCustParticipation HP Deskjet 1000 J110 series" ["C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe"]

"C:\Windows\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe]

"C:\Windows\SysNative\tasks\SlimCleaner Plus (Scheduled Scan - yassine)" [C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe]

"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]

"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]

 

==== Chromium Look ======================

 

Google Chrome Version: 40.0.2214.111 (Up to date, latest Stable version: 40.0.2214.111)

 

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14/07/2014 18:22]

 

Google Slides - yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek

Google Docs - yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Google Sheets - yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap

Allin1Convert - yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl

Reverse Page - yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\hocoomdoidhphekcfcplpmhllhkdnjaj

FromDocToPDF - yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo

Google Wallet - yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

 

==== Chromium Fix ======================

 

C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully

C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully

C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully

C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully

C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.publikeco00.publikeco.com_0.localstorage deleted successfully

C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.publikeco00.publikeco.com_0.localstorage-journal deleted successfully

C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.key-find.com_0.localstorage deleted successfully

C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.key-find.com_0.localstorage-journal deleted successfully

C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_allin1convert.dl.tb.ask.com_0.localstorage deleted successfully

C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_allin1convert.dl.tb.ask.com_0.localstorage-journal deleted successfully

C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_filesharefanatic.dl.tb.ask.com_0.localstorage deleted successfully

C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_filesharefanatic.dl.tb.ask.com_0.localstorage-journal deleted successfully

C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fromdoctopdf.dl.tb.ask.com_0.localstorage deleted successfully

C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fromdoctopdf.dl.tb.ask.com_0.localstorage-journal deleted successfully

C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.istartsurf.com_0.localstorage deleted successfully

C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.istartsurf.com_0.localstorage-journal deleted successfully

C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_driverupdate.nl.softonic.com_0.localstorage deleted successfully

C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_driverupdate.nl.softonic.com_0.localstorage-journal deleted successfully

C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_en.softonic.com_0.localstorage deleted successfully

C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_en.softonic.com_0.localstorage-journal deleted successfully

C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_microsoft-office-2007.nl.softonic.com_0.localstorage deleted successfully

C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_microsoft-office-2007.nl.softonic.com_0.localstorage-journal deleted successfully

C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_microsoft-office.nl.softonic.com_0.localstorage deleted successfully

C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_microsoft-office.nl.softonic.com_0.localstorage-journal deleted successfully

C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_microsoft-word.nl.softonic.com_0.localstorage deleted successfully

C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_microsoft-word.nl.softonic.com_0.localstorage-journal deleted successfully

C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nl.softonic.com_0.localstorage deleted successfully

C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nl.softonic.com_0.localstorage-journal deleted successfully

C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl deleted successfully

C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gcncagkkhfoombgbihckkccmkjemhohl_0.localstorage deleted successfully

C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gcncagkkhfoombgbihckkccmkjemhohl_0.localstorage-journal deleted successfully

C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo deleted successfully

C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lplgmijfnicgfhoccpjcbkidkkcaiapo_0.localstorage deleted successfully

C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lplgmijfnicgfhoccpjcbkidkkcaiapo_0.localstorage-journal deleted successfully

C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lplgmijfnicgfhoccpjcbkidkkcaiapo deleted successfully

C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\hocoomdoidhphekcfcplpmhllhkdnjaj deleted successfully

C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hocoomdoidhphekcfcplpmhllhkdnjaj_0.localstorage deleted successfully

C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hocoomdoidhphekcfcplpmhllhkdnjaj_0.localstorage-journal deleted successfully

C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hocoomdoidhphekcfcplpmhllhkdnjaj deleted successfully

 

==== Set IE to Default ======================

 

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.istartsurf.com/?type=hp&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34"

"Default_Page_URL"="http://www.istartsurf.com/?type=hp&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://www.istartsurf.com/web/?type=ds&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34&q={searchTerms}"

"Default_Page_URL"="http://www.istartsurf.com/?type=hp&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34"

"Start Page"="http://www.istartsurf.com/?type=hp&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34"

"Search Page"="http://www.istartsurf.com/web/?type=ds&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34&q={searchTerms}"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://www.istartsurf.com/web/?type=ds&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34&q={searchTerms}"

"Default_Page_URL"="http://www.istartsurf.com/?type=hp&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34"

"Start Page"="http://www.istartsurf.com/?type=hp&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34"

"Search Page"="http://www.istartsurf.com/web/?type=ds&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34&q={searchTerms}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}] not found

 

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Page"="http://www.google.com"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

 

==== All HKCU SearchScopes ======================

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

 

==== Reset Google Chrome ======================

 

C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

 

==== shortcuts on All Users Desktop ======================

 

C:\Users\Public\Desktop\Benodigdheden kopen - HP Deskjet 1000 J110 series.lnk - C:\Program Files (x86)\HP\HP Deskjet 1000 J110 series\Bin\hpqDTSS.exe 

C:\Users\Public\Desktop\DriverUpdate.lnk - C:\Windows\Installer\{B2B04F8B-6444-4364-89C8-F3088D4E8D02}\Icon.exe 

C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.istartsurf.com/?type=sc&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34

C:\Users\Public\Desktop\HP Deskjet 1000 J110 series.lnk - C:\Program Files (x86)\HP\HP Deskjet 1000 J110 series\Bin\HP Deskjet 1000 J110 series.exe -Start UDCDevicePage

C:\Users\Public\Desktop\HP Photo Creations.lnk - C:\Program Files (x86)\HP Photo Creations\PhotoProduct.exe 

C:\Users\Public\Desktop\HP Support Assistant.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe 

C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk - C:\Program Files (x86)\OpenOffice 4\program\soffice.exe 

C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe 

C:\Users\Public\Desktop\SlimCleaner Plus.lnk - C:\Windows\Installer\{BA219F82-20BF-49AD-A279-E2D69D3B9D3F}\Icon.exe 

C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe 

 

==== shortcuts in Users Start Menu ======================

 

C:\Users\yassine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34

C:\Users\yassine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34

C:\Users\yassine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Popcorn Time.lnk - C:\Users\yassine\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe .

C:\Users\yassine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Uninstall Popcorn Time.lnk - C:\Users\yassine\AppData\Local\Popcorn Time\Uninstall.exe 

 

==== shortcuts in All Users Start Menu ======================

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk - C:\Windows\ehome\ehshell.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk - C:\Windows\Installer\{90850413-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -  

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -  

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -  

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9\CyberLink PowerDVD 9.lnk - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVDLaunchPolicy.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate\DriverUpdate Help.lnk - C:\Windows\Installer\{B2B04F8B-6444-4364-89C8-F3088D4E8D02}\Icon.exe -help

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate\DriverUpdate.lnk - C:\Windows\Installer\{B2B04F8B-6444-4364-89C8-F3088D4E8D02}\Icon.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chess.lnk -  

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Backgammon.lnk -  

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Checkers.lnk -  

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Spades.lnk -  

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mahjong.lnk -  

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.istartsurf.com/?type=sc&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Support Assistant.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Update.lnk - C:\Program Files (x86)\HP\HP Software Update\hpwucli.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Wireless Assistant.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1000 J110 series\Benodigdheden kopen.lnk - C:\Program Files (x86)\HP\HP Deskjet 1000 J110 series\Bin\hpqDTSS.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1000 J110 series\Help.lnk - C:\Program Files (x86)\HP\HP Deskjet 1000 J110 series\Bin\HelpViewer\hpqlpvwr.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1000 J110 series\HP Deskjet 1000 J110 series.lnk - C:\Program Files (x86)\HP\HP Deskjet 1000 J110 series\Bin\HP Deskjet 1000 J110 series.exe -Start UDCDevicePage

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1000 J110 series\HP Onderzoek productverbetering.lnk - C:\Program Files (x86)\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe /changesettings /UA 9.5 /DDV 0x0805

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1000 J110 series\Printer instellen en software.lnk - C:\Program Files (x86)\HP\HP Deskjet 1000 J110 series\Bin\USBSetupLauncher.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1000 J110 series\Verwijderen.lnk - C:\Windows\SysWOW64\msiexec.exe /qb /x {30583EC7-5BBC-4E61-9EC8-7A9A982E65F0}

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1000 J110 series\Website productondersteuning.lnk - C:\Program Files (x86)\HP\HP Deskjet 1000 J110 series\ProductSupportShortcut.url 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Photo Creations\HP Photo Creations verwijderen.lnk - C:\Program Files (x86)\HP Photo Creations\uninst.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Photo Creations\HP Photo Creations.lnk - C:\Program Files (x86)\HP Photo Creations\PhotoProduct.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\Aan de slag.lnk - C:\Program Files (x86)\Common Files\LightScribe\LSLauncher.exe 1

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\LightScribe Control Panel.lnk - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\LightScribe-website.lnk - C:\Program Files (x86)\Common Files\LightScribe\shortcuts\LightScribe Website.url 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\Sneldemo.lnk - C:\Program Files (x86)\Common Files\LightScribe\shortcuts\Quick Demo.url 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice Base.lnk - C:\Program Files (x86)\OpenOffice 4\program\sbase.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice Calc.lnk - C:\Program Files (x86)\OpenOffice 4\program\scalc.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice Draw.lnk - C:\Program Files (x86)\OpenOffice 4\program\sdraw.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice Impress.lnk - C:\Program Files (x86)\OpenOffice 4\program\simpress.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice Math.lnk - C:\Program Files (x86)\OpenOffice 4\program\smath.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice Writer.lnk - C:\Program Files (x86)\OpenOffice 4\program\swriter.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice.lnk - C:\Program Files (x86)\OpenOffice 4\program\soffice.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery Manager\Recovery Disc Creation.lnk - C:\Program Files (x86)\Hewlett-Packard\Recovery\CDCreator.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery Manager\Recovery Manager.lnk - C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimCleaner Plus\SlimCleaner Plus.lnk - C:\Windows\Installer\{BA219F82-20BF-49AD-A279-E2D69D3B9D3F}\Icon.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk - C:\Program Files (x86)\VideoLAN\VLC\Documentation.url 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk - C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk - C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --reset-config --reset-plugins-cache vlc://quit

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe -Iskins

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe 

 

==== shortcuts in Quick Launch ======================

 

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

C:\Users\yassine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.istartsurf.com/?type=sc&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34

C:\Users\yassine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34

C:\Users\yassine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  

C:\Users\yassine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

C:\Users\yassine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.istartsurf.com/?type=sc&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34

C:\Users\yassine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1424036336&from=ild&uid=ST9320423AS_W330BD34

C:\Users\yassine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Paint.lnk - C:\Windows\system32\mspaint.exe 

C:\Users\yassine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe 

C:\Users\yassine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1

 

==== shortcuts After Repair ======================

 

C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 

C:\Users\yassine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe 

C:\Users\yassine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 

C:\Users\yassine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 

C:\Users\yassine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 

C:\Users\yassine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 

C:\Users\yassine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe 

 

==== Deleting Registry Keys ======================

 

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload deleted successfully

 

==== Empty IE Cache ======================

 

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\yassine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\yassine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TYXBD2T7 will be deleted at reboot

C:\Users\yassine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YVPCF97W will be deleted at reboot

 

==== Empty FireFox Cache ======================

 

No FireFox Profiles found

 

==== Empty Chrome Cache ======================

 

C:\Users\yassine\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

 

==== Empty All Flash Cache ======================

 

Flash Cache Emptied Successfully

 

==== Empty All Java Cache ======================

 

No Java Cache Found

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=920 folders=284 166806488 bytes)

 

==== Empty Temp Folders ======================

 

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\yassine\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

 

==== After Reboot ======================

 

==== Empty Temp Folders ======================

 

C:\Windows\Temp successfully emptied

C:\Users\yassine\AppData\Local\Temp successfully emptied

 

==== Empty Recycle Bin ======================

 

C:\$RECYCLE.BIN successfully emptied

 

==== Deleting Files / Folders ======================

 

"C:\Program Files (x86)\Reverse Page\bin\ReversePage.BrowserAdapter64.exe"  not found

"C:\Program Files (x86)\Reverse Page\bin\ReversePage.expext.exe"  not found

"C:\Program Files (x86)\Reverse Page\bin\ReversePage.expextdll.dll"  not found

"C:\PROGRA~2\Reverse Page\bin\ReversePage.BrowserAdapter64.exe"  not found

"C:\PROGRA~2\Reverse Page\bin\ReversePage.expext.exe"  not found

"C:\PROGRA~2\Reverse Page\bin\ReversePage.expextdll.dll"  not found

"C:\Program Files (x86)\Reverse Page"  not found

"C:\Program Files (x86)\TornPlusTV_version1.11"  not found

"C:\Program Files\SlimService"  not found

"C:\PROGRA~2\TornPlusTV_version1.11"  not found

"C:\PROGRA~2\Reverse Page"  not found

"C:\Users\yassine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TYXBD2T7" not found

"C:\Users\yassine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YVPCF97W" not found

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

 

==== EOF on wo 18/02/2015 at 14:27:53,88 ======================

[samey]

Ja klopt ik denk dat hier geen anti virus is, welke enhoe zet ik het erop? Alvast bedankt!

[kape]

Download AdwCleaner by Xplode naar het bureaublad (verwijder eerst eventuele aanwezige oudere versies van deze tool op je PC, zodat je nu de meest recente database van AdwCleaner kan gebruiken).

• Sluit alle openstaande vensters.
• Dubbelklik op AdwCleaner om hem te starten.
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren,
• Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
• Klik op Scan.
• Klik vervolgens op Clean.
• Klik bij Herstarten Noodzakelijk op OK

Nadat de PC opnieuw is opgestart, opent meestal een logfile.
Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner[s0].txt.

Logbestand plaatsen

• Voeg het logbestand met de naam C:\AdwCleaner\AdwCleaner[s0].txt als bijlage toe aan het volgende bericht.
• Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.

 

Download en installeer dan (mijn voorkeur) de gratis versie van Avast !

[samey]

AdwCleanerS0.txt

[kape]

Flinke opruiming alweer ... nu nog merkbare virusverschijnselen ?

[samey]

Dank je nogmaals!!!! Geen virussen meer...

[kape]

Uitstekend ... dan mag je nu de gebruikte tools nog verwijderen:

 

Download Delfix by Xplode naar het bureaublad.

Dubbelklik op Delfix.exe om de tool te starten.
Zet nu vinkjes voor de volgende items:

• Remove disinfection tools
• Purge System Restore
• Reset system settings

Klik nu op "Run" en wacht geduldig tot de tool gereed is.
Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft u echter niet te plaatsen.

 

Daarna mag je dit topic afsluiten door bovenaan op "Modereer Onderwerp" en "Sluiten" te klikken.