Het is nu za aug 23, 2014 5:21 pm

Forumoverzicht » RSIT/DDS/HijackThis logfiles » Opgeloste RSIT/DDS/HijackThis logfiles




Dit onderwerp is gesloten, je kunt geen berichten wijzigen of nieuwe antwoorden plaatsen  [ 16 berichten ]  Ga naar pagina 1, 2  Volgende
Auteur Bericht
BerichtGeplaatst: za feb 15, 2014 10:22 am 
Offline
Lid

Geregistreerd: ma dec 28, 2009 8:34 pm
Berichten: 20
Besturingssysteem: vista
Bescherming: avast
Goede morgen,

Ik heb last van torntv. als ik de stappen volg om deze te verwijderen dan geeft hij bij malewarebytes dat ik hem heb en dat hij daarna verwijderd is maar als ik dan weer firefox open dan komt hij weer in beeld als ik wat wil zoeken via google..dan geeft hij eerst drie zoek opties aan die torntv dan heeft gevonden... om gek van te worden. bij programma's en onderdelen staat hij niet meer bij. dus geen idee wat nu te doen.




groetjes mariska


Je hebt geen permissies om de bijlage(n)) in dit bericht te zien.


Omhoog
 Profiel  
 
BerichtGeplaatst: za feb 15, 2014 12:47 pm 
Offline
Moderator
Avatar gebruiker

Geregistreerd: wo apr 13, 2005 3:54 pm
Berichten: 33552
Woonplaats: Kotje aan de kust.
Besturingssysteem: Windows 7
Bescherming: Malwarebytes pro
Download Afbeelding Zoek.zip naar het bureaublad.
  • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.

Antivirussoftware uitschakelen
Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met Zoek.exe.

Zoek.exe uitvoeren
Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.
  • Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
  • Dubbelklik vervolgens op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Klik nu op de knop "Run script".
  • Er verschijnt een popup met de melding dat er geen script aangetroffen is, druk gewoon op OK.
  • Zoek.exe gaat nu een scan + reparatie uitvoeren, bij sommige systemen kan deze langer dan een half uur duren.
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  • Post het geopende logje in het volgende bericht als bijlage.

Zoek.exe logbestand plaatsen
  • Voeg het logbestand met de naam "Zoek-results.log" als bijlage toe aan het volgende bericht.
    (Dit logbestand kunt u tevens terug vinden op de systeemschijf als C:\Zoek-results.log.)

_________________
****Afbeelding****
Lid van Team Opleiding.

traagheidtips
Keuze in AV
wat is een rootkit


Omhoog
 Profiel  
 
BerichtGeplaatst: za feb 15, 2014 5:13 pm 
Offline
Lid

Geregistreerd: ma dec 28, 2009 8:34 pm
Berichten: 20
Besturingssysteem: vista
Bescherming: avast
hoi,

bedankt voor je snelle antwoord.
hieronder mijn logje


Zoek.exe v5.0.0.0 Updated 15-February-2014
Tool run by mariska on za 15-02-2014 at 15:28:32,48.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\mariska\Downloads\zoek.exe [Scan all users] [Quick Scan] [Auto Clean]

==== System Restore Info ======================

15-2-2014 15:31:51 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Wondershare deleted successfully
C:\PROGRA~2\COMMON~1\337 deleted successfully
C:\PROGRA~2\COMMON~1\DESIGNER deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\ProgramData\Downloadd! keePer deleted successfully
C:\ProgramData\Oracle deleted successfully
C:\Users\mariska\AppData\Roaming\iPumper deleted successfully
C:\Users\mariska\AppData\Local\CUSTPDF Writer deleted successfully
C:\Users\mariska\AppData\Local\genienext deleted successfully
C:\Users\mariska\AppData\Local\kpn deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2617804057-1537295161-4098149944-1001\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} deleted successfully
HKEY_USERS\S-1-5-21-2617804057-1537295161-4098149944-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} deleted successfully
HKEY_USERS\S-1-5-21-2617804057-1537295161-4098149944-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110411591160} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411591160} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ASO3DiskOptimizer deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater17.3.0 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util SecretSauce deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util SecretSauce deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update SecretSauce deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\mariska\AppData\Roaming\Mozilla\Firefox\Profiles\ms9zvz7n.default

user.js not found
---- Lines ominent removed from prefs.js ----
user_pref("extensions.ominent.admin", false);
user_pref("extensions.ominent.aflt", "wedlmDefBrowser");
user_pref("extensions.ominent.appId", "{9A246976-806F-4B2E-B3B9-A9A58F5685AA}");
user_pref("extensions.ominent.autoRvrt", "false");
user_pref("extensions.ominent.cam", "");
user_pref("extensions.ominent.dfltLng", "");
user_pref("extensions.ominent.excTlbr", false);
user_pref("extensions.ominent.ffxUnstlRst", false);
user_pref("extensions.ominent.id", "e62559fe000000000000f4b7e25ac039");
user_pref("extensions.ominent.instlDay", "15995");
user_pref("extensions.ominent.instlRef", "9f1d0980");
user_pref("extensions.ominent.newTab", false);
user_pref("extensions.ominent.prdct", "ominent");
user_pref("extensions.ominent.prtnrId", "ominent");
user_pref("extensions.ominent.rvrt", "true");
user_pref("extensions.ominent.smplGrp", "Oct2013");
user_pref("extensions.ominent.tlbrId", "base");
user_pref("extensions.ominent.tlbrSrchUrl", "http://search.ominent.com/ws/?source=9f1d0980&tbp=main&toolbarid=base&u=e62559fe000000000000f4b7e25ac039&
user_pref("extensions.ominent.vrsn", "1.8.26.12");
user_pref("extensions.ominent.vrsnTs", "1.8.26.1216:19:35");
user_pref("extensions.ominent.vrsni", "1.8.26.12");
---- Lines snap.do removed from prefs.js ----
user_pref("browser.newtab.url", "http://feed.snap.do/?publisher=ShoppingHelper&dpid=RY_4730&co=NL&userid=6cb47c02-63ba-483c-c94a-5c1076ce7ba8&searchty
user_pref("browser.startup.homepage", "http://feed.snap.do/?publisher=ShoppingHelper&dpid=RY_4730&co=NL&userid=6cb47c02-63ba-483c-c94a-5c1076ce7ba8&se
user_pref("keyword.URL", "http://feed.snap.do/?publisher=ShoppingHelper&dpid=RY_4730&co=NL&userid=6cb47c02-63ba-483c-c94a-5c1076ce7ba8&searchtype=ds&i
---- Lines Torntv removed from prefs.js ----
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.cookie.testingGaq.value", "%22http%3A//extclickm
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.name", "Torntv V7.0");
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.cookie.testingGaq.value", "%22http%3A//extclickm
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.name", "Torntv V6.0");
---- Lines Web Search removed from prefs.js ----
user_pref("browser.search.defaultenginename", "Web Search");
user_pref("browser.search.selectedEngine", "Web Search");
---- Lines crossrider removed from prefs.js ----
user_pref("extensions.crossrider.bic", "143bded3565b1523ab19e9582e798e45");
---- Lines gophoto.it modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program
---- Lines mysearch removed from prefs.js ----
user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.
---- Lines a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040 removed from prefs.js ----
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.active", true);
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.addressbar", "NA");
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.addressbarenhanced", "");
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.asyncdb.was_copied", "true");
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.asyncdb_dbWasSet", true);
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.asyncdb_dbWasSet_FF25_FIX", true);
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.asyncinternaldb.was_copied", "true");
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.asyncinternaldb_dbWasSet", true);
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.asyncinternaldb_dbWasSet_FF25_FIX", true);
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.backgroundver", 4);
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.certdomaininstaller", "");
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.changeprevious", false);
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.cookie.au.expiration", "Fri Feb 01 2030 00:00:00
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.cookie.au.value", "%222014-2-15%22");
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.cookie.cnt.expiration", "Fri Feb 01 2030 00:00:0
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.cookie.cnt.value", "%22NL%22");
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.cookie.first_run.expiration", "Fri Feb 01 2030 0
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.cookie.first_run.value", "%221%22");
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.cookie.install.expiration", "Fri Feb 01 2030 00:
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.cookie.install.value", "%222014-1-23%22");
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.cookie.InstallationTime.expiration", "Fri Feb 01
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.cookie.InstallationTime.value", "1390460876");
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.cookie.jw_token.expiration", "Fri Feb 01 2030 00
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.cookie.jw_token.value", "%2211a9b3f7-ab91-6e1f-6
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.cookie.testingGaq.expiration", "Fri Feb 01 2030
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.description", "The must-have App extensions for
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.domain", "");
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.enablesearch", false);
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.homepage", "");
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.iframe", false);
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.InstallationTime", 1390460876);
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.internaldb.InstallerParamsCache.expiration", "Fr
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.internaldb.InstallerParamsCache.value", "%7B%22s
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.internaldb.InstallerUserIdentifiersCache.expirat
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.internaldb.InstallerUserIdentifiersCache.value",
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.internaldb.monetization_plugin_last_executable_r
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.internaldb.monetization_plugin_last_executable_r
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.internaldb.Resources_appVer.expiration", "Fri Fe
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.internaldb.Resources_appVer.value", "38");
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.internaldb.Resources_lastVersion.expiration", "F
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.internaldb.Resources_lastVersion.value", "2");
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.internaldb.Resources_meta.expiration", "Fri Feb
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.internaldb.Resources_nextCheck.expiration", "Sat
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.internaldb.Resources_queue.expiration", "Fri Feb
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.internaldb.Resources_remote_resources.expiration
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.internaldb.Resources_remote_resources.value", "%
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.lastDailyReport", "1392448684565");
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.lastUpdate", "1392448786230");
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.manifesturl", "");
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.newtab", "");
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.opensearch", "");
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.pluginsurl", "https://w9u6a2p6.ssl.hwcdn.net/plu
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.pluginsversion", 34);
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.publisher", "installdaddy");
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.searchstatus", 0);
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.setnewtab", false);
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.thankyou", "");
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.updateinterval", 360);
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.49040.ver", 38);
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.apps", "49040");
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.bic", "143bded3565b1523ab19e9582e798e45");
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.cid", 49040);
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.FilesValidatorDueTime", "1392448684508");
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.firstrun", false);
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.hadappinstalled", true);
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.installationdate", 1390460876);
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.modetype", "production");
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.reportInstall", true);
user_pref("extensions.a00cf40739c0d4c73823c9627a9ebda105ce0c3157a904c4684285c0df674cab0com49040.statsDailyCounter", 66);
---- Lines ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960 removed from prefs.js ----
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.active", true);
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.addressbar", "NA");
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.addressbarenhanced", "");
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.asyncdb.was_copied", "true");
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.asyncdb_dbWasSet", true);
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.asyncdb_dbWasSet_FF25_FIX", true);
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.asyncinternaldb.was_copied", "true");
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.asyncinternaldb_dbWasSet", true);
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.asyncinternaldb_dbWasSet_FF25_FIX", true);
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.backgroundver", 8);
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.certdomaininstaller", "");
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.changeprevious", false);
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.cookie.au.expiration", "Fri Feb 01 2030 00:00:00
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.cookie.au.value", "%222014-2-15%22");
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.cookie.cnt.expiration", "Fri Feb 01 2030 00:00:0
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.cookie.cnt.value", "%22NL%22");
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.cookie.first_run.expiration", "Fri Feb 01 2030 0
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.cookie.first_run.value", "%221%22");
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.cookie.install.expiration", "Fri Feb 01 2030 00:
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.cookie.install.value", "%222014-1-29%22");
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.cookie.InstallationTime.expiration", "Fri Feb 01
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.cookie.InstallationTime.value", "%221390978681%2
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.cookie.InstallerParams.expiration", "Fri Feb 01
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.cookie.InstallerParams.value", "%7B%22source_id%
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.cookie.testingGaq.expiration", "Fri Feb 01 2030
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.description", "The must-have App extensions for
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.domain", "");
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.enablesearch", false);
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.homepage", "");
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.iframe", false);
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.InstallationThankYouPage", true);
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.InstallationTime", 1390978681);
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.__defualt_browser__.expiration", "Fri
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.__defualt_browser__.value", "%22ff%22
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.installer.expiration", "Fri Feb 01 20
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.installer.value", "%7B%22InstallerIde
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.InstallerIdentifiers.expiration", "Fr
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.InstallerIdentifiers.value", "%7B%22i
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.InstallerParams.expiration", "Fri Feb
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.InstallerParams.value", "%7B%22source
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.InstallerParamsCache.expiration", "Fr
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.InstallerParamsCache.value", "%7B%22s
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.InstallerUserIdentifiersCache.expirat
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.InstallerUserIdentifiersCache.value",
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.monetization_plugin_last_executable_r
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.monetization_plugin_last_executable_r
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.Resources_appVer.expiration", "Fri Fe
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.Resources_appVer.value", "84");
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.Resources_lastVersion.expiration", "F
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.Resources_lastVersion.value", "4");
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.Resources_meta.expiration", "Fri Feb
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.Resources_nextCheck.expiration", "Sat
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.Resources_queue.expiration", "Fri Feb
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.Resources_remote_resources.expiration
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.Resources_remote_resources.value", "%
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.lastDailyReport", "1392448684568");
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.lastUpdate", "1392448786159");
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.manifesturl", "");
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.newtab", "");
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.opensearch", "");
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.pluginsurl", "https://w9u6a2p6.ssl.hwcdn.net/plu
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.pluginsversion", 76);
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.publisher", "installdaddy");
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.searchstatus", 0);
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.setnewtab", false);
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.thankyou", "");
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.updateinterval", 360);
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.ver", 84);
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.apps", "45960");
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.bic", "143bded3565b1523ab19e9582e798e45");
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.cid", 45960);
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.FilesValidatorDueTime", "1392448684532");
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.firstrun", false);
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.hadappinstalled", true);
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.installationdate", 1390979315);
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.modetype", "production");
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.reportInstall", true);
user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.statsDailyCounter", 50);
---- Lines extensions.UqGfbdZUdMJ8 removed from prefs.js ----
user_pref("extensions.UqGfbdZUdMJ8.epoch", "1383242654");
user_pref("extensions.UqGfbdZUdMJ8.url", "http://getproxy5.info/sync2/?q=hfZ9ofDSBShEAen0qjaEtMqLDe49CNU0jUEMCMlNhd9FrHwErTkEqjkGqjnMBzqUojwHrjaHrdw5r
---- Lines extensions.c2_OnVO4O removed from prefs.js ----
user_pref("extensions.c2_OnVO4O.epoch", "1383242654");
user_pref("extensions.c2_OnVO4O.url", "http://getsrv1.info/sync2/?q=hfZ9oemKA6aMCyVUojkErchTB6lKDzt4ok4rtNtVh7n0rjrFrds8rdk8rTnHtMFHhd9FrHwErHaFpda9rT
---- FireFox user.js and prefs.js backups ----

prefs_15-02-2014_1547_.backup

==== Deleting Files \ Folders ======================

C:\Users\mariska\daemonprocess.txt deleted
C:\Users\mariska\.android deleted
C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml deleted
C:\PROGRA~2\Advanced System Optimizer 3 deleted
C:\PROGRA~2\Driver Pro deleted
C:\PROGRA~2\COMMON~1\AVG Secure Search deleted
C:\PROGRA~2\COMMON~1\Wondershare deleted
C:\User Data\Default\Extensions deleted
C:\Users\mariska\AppData\Roaming\Wondershare deleted
C:\Users\mariska\AppData\Roaming\SkypEmoticons deleted
C:\Users\mariska\AppData\Roaming\iSafe deleted
C:\Users\mariska\AppData\Roaming\Driver Pro deleted
C:\Users\mariska\AppData\Roaming\Systweak deleted
C:\Users\mariska\AppData\Roaming\Optimizer Pro deleted
C:\ProgramData\WPM deleted
C:\ProgramData\InstallMate deleted
C:\ProgramData\SummerSoft deleted
C:\ProgramData\WinterSoft deleted
C:\Users\mariska\AppData\Local\iLivid deleted
C:\Users\mariska\AppData\Local\AVG Secure Search deleted
C:\Users\mariska\AppData\Local\jZip deleted
C:\Users\mariska\AppData\Local\Wondershare deleted
C:\Users\mariska\AppData\Local\Mobogenie deleted
C:\Users\mariska\AppData\Local\cache deleted
C:\Users\mariska\AppData\Local\SwvUpdater deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Registry Optimizer deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkypEmoticons deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Pro deleted
C:\Users\mariska\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk deleted
C:\Users\mariska\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk deleted
C:\Users\mariska\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\WINDOWS\SysNative\roboot64.exe deleted
C:\Users\mariska\AppData\LocalLow\Torntv V6.0 deleted
C:\Users\mariska\AppData\LocalLow\AVG Secure Search deleted
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
C:\windows\SysNative\tasks\Desk 365 RunAsStdUser deleted
C:\windows\SysNative\tasks\Escolade deleted
C:\WINDOWS\tasks\Registry Optimizer_DEFAULT.job deleted
C:\WINDOWS\tasks\Registry Optimizer_UPDATES.job deleted
C:\windows\SysNative\tasks\ASO-AutoCheckUpdate7Days deleted
C:\WINDOWS\tasks\ASO-AutoCheckUpdate7Days.job deleted
C:\windows\SysNative\tasks\ASO-OneClickCare deleted
C:\WINDOWS\tasks\ASO-OneClickCare.job deleted
C:\WINDOWS\Syswow64\SearchProtect deleted
C:\Users\mariska\Documents\Mobogenie deleted
C:\Users\mariska\Desktop\Search.lnk deleted
C:\Users\mariska\AppData\Roaming\Mozilla\Firefox\Profiles\ms9zvz7n.default\extensions\00cf4073-9c0d-4c73-823c-9627a9ebda10@5ce0c315-7a90-4c46-8428-5c0df674cab0.com deleted
C:\Users\mariska\AppData\Roaming\Mozilla\Firefox\Profiles\ms9zvz7n.default\extensions\e2fd07a6-e282-4f2e-8965-85565fcb6384@b69158e6-3c3b-476c-9d98-ae5838c5b707.com deleted
"C:\Users\mariska\AppData\Roaming\Mozilla\Firefox\Profiles\ms9zvz7n.default\extensions\gophoto@gophoto.it.xpi" deleted
"C:\PROGRA~2\jZip\jZipShell64x.dll" deleted
"C:\PROGRA~2\jZip" not deleted

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
====== C:\Users\mariska\AppData\Local\Temp ====
2014-02-09 10:22:45 F7EA8109ABAEE2471EFB3AABE2C52926 231424 ----a-w- C:\Users\mariska\AppData\Local\Temp\6_Offer_13.exe
2014-02-09 10:22:11 40395C175553CB14D2050888EFCCDF00 4961800 ----a-w- C:\Users\mariska\AppData\Local\Temp\vcredist_x64.exe
2014-02-09 10:21:57 0B850AE758CE934804D120213DF365D9 10363168 ----a-w- C:\Users\mariska\AppData\Local\Temp\BackupSetup.exe
2014-02-09 08:24:55 F26EA3CE6CED406A1313005645D39B8C 53896832 ----a-w- C:\Users\mariska\AppData\Local\Temp\{3F470DC3-9B77-4ABD-9C86-5FBB514F47F6}_emergency.exe
2014-02-05 10:10:10 41752A764AB0DD80BCD2706D114BCE70 205824 ----atw- C:\Users\mariska\AppData\Local\Temp\n2014\ins2014.exe
2014-02-02 14:36:59 4F2DAC9D2500387D24FAF05C5222A1D3 1071000 ----a-w- C:\Users\mariska\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe
2014-02-02 14:24:14 231156A50329A812285CF92591F82D45 36080263 ----a-w- C:\Users\mariska\AppData\Local\Temp\is2121167326\117051617_stp.EXE
====== Java Cache =====
2014-01-28 17:40:21 5556437ADB2FEFB9EF3C1DE829F2FDC5 3886 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\149c41c0-372c2eb5
2014-01-28 17:41:19 F49F270EF6F85D2DA5B64179251781B6 3836 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\54ea2280-5407cc04
2014-01-28 17:40:11 248EA24730B3A946A9661F741D5D864F 434404 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\142871ca-23f3f07d
2014-01-28 17:40:58 988B95C4B2E154107C8BAED21365A081 4551 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\34686a0a-3f41cc82
2014-01-28 17:40:58 CB6362CEC22951D49F2EEB5BDBD8ADCA 4477 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\40f3ecca-3d91382d
2014-01-28 17:41:19 6C91C70DEF679EE03FF11DC4D0B42245 7758 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\589385ca-2e772458
2014-01-28 17:41:19 D07DD6807516A14A50936397758D9EBE 7001 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\64ccef8a-24b69dda
2014-01-28 17:40:11 CD1C36D2535041D8596C3345769077D0 61583 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\36233f4c-59404178
2014-01-28 17:44:22 5556437ADB2FEFB9EF3C1DE829F2FDC5 3886 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\3de40ecc-3476060c
2014-01-28 17:49:29 5556437ADB2FEFB9EF3C1DE829F2FDC5 3886 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\76f2400c-5bfec580
2014-01-28 17:40:58 CB6362CEC22951D49F2EEB5BDBD8ADCA 4477 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\1e3eb0d-71e2331a
2014-01-28 17:41:19 1BED8044ADE1D9064A50488CF4B36904 4286 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\f851acd-1a754fa2
2014-01-28 17:40:19 79C66050F9B16460EE9B717E24F135AD 1908 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\37f1ae0e-78fc8b2b
2014-01-28 17:47:13 5556437ADB2FEFB9EF3C1DE829F2FDC5 3886 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\14381f0f-52e2a63b
2014-02-08 17:07:28 DEAF6352087E508284D3A7A302C7CC7A 171376 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\33b87cf-22a9db90
2014-02-08 17:07:17 2DF6F2D5689837B4566AA8F1782BE963 171376 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\33b87cf-47f54615-80.144.250.23-
2014-01-28 17:45:06 3FBAE7C1454CCAF458C4A50625B90970 4639 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\374acdcf-37cab9b0
2014-01-28 17:45:36 3FBAE7C1454CCAF458C4A50625B90970 4639 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\14519cd0-7e738aee
2014-01-28 17:41:19 31653C829CB0BEA0FADFA91C8D178A6A 7649 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\2c8a92d0-4aabbd7c
2014-01-28 17:41:19 D07DD6807516A14A50936397758D9EBE 7001 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\640acad0-25dc3a04
2014-01-28 17:50:10 1D9069B87F99C8FCA9855C3E93BECC54 1562 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\14d6b4d2-7e80a684
2014-02-08 17:07:18 456CFC428F4A4B23D801C6B2D8E37286 993655 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\7419ced2-632aa294-80.144.250.23-
2014-01-28 17:40:43 5556437ADB2FEFB9EF3C1DE829F2FDC5 3886 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\88fbf52-381b002e
2014-01-28 17:41:49 9DA21B02A1B7638D9D16BEA2D84E4F85 3998 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\57236f53-4a560504
2014-01-28 17:40:21 24EAF8DF5CA7ECDBD0F2B9628A61886E 3037 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\8061cd3-180e1f0d
2014-01-28 17:41:19 52AAFB86DF42327D64AC3A6F87020296 8615 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\ccd1513-5f45918a
2014-01-28 17:40:58 988B95C4B2E154107C8BAED21365A081 4551 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\29e5b495-7e7ee82b
2014-01-28 17:45:38 D45621996C94953FE614415F93CEF2C9 1568 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\47ace16-33e1b6ee
2014-01-28 17:48:56 5556437ADB2FEFB9EF3C1DE829F2FDC5 3886 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\57d74016-7c569334
2014-02-08 17:07:18 87E22F632EDA66B954C92D0E5D7180CF 279483 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\5c3bdf99-1d1301b5-81.37.210.115-
2014-01-28 17:41:19 52AAFB86DF42327D64AC3A6F87020296 8615 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\2eec949a-61281769
2014-01-28 17:40:21 06E84730130EE6C20300F3C7AA5C0C49 1322 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\a876bda-6113c53e
2014-01-28 17:40:09 0D2E38F7C89F854D4CB30B8EB7D72219 122973 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\ad2dd1a-5c8736bf
2014-01-28 17:41:49 9DA21B02A1B7638D9D16BEA2D84E4F85 3998 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\16712e1b-4cc558d7
2014-01-28 17:41:49 2758DF0FBE1446AEC4A9FD5442878570 1893 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\17acdd1c-19160246
2014-01-28 17:49:49 45FC87F52BFDDEBE3D2DD27D1489E3C5 4572 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\49d8af1c-6c02cbe5
2014-01-28 17:41:10 04AFA93B6830BDF450F7BAEC41B384A9 1309 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\4bb02a1c-39d0ca6d
2014-01-28 17:40:12 18AD24FFE563CFDB1867899DEEF39F2D 14183 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\6f86469c-4dc9e8e3
2014-01-28 17:40:58 5643A1298DAB101BABF58AD27E970B6E 4578 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\48d175dd-4fcda965
2014-01-28 17:40:21 1418A3A1E065D59DAEAA4073B9FD7EFA 2443 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\63d3d1c3-26f864fe
2014-01-22 14:00:26 1B0844A0F8572AEC5D51F97D1F11BB65 79 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\714b6d9f-6.0.lap
2014-01-28 17:43:05 5556437ADB2FEFB9EF3C1DE829F2FDC5 3886 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\79a4e9df-6ae3adcf
2014-01-28 17:40:21 A6D6380CD194311FAAEE4B73FF7C51B6 1312 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\4173e362-564e29cd
2014-01-28 17:41:46 68A9C17EBD85028FA0D0B5086549E64D 7804 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\5a6e2e22-62218d90
2014-01-28 17:40:39 7B3577647551D73FA333A2FD0CD99E9B 7792 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\6291c022-51aa9fbb
2014-01-28 17:40:21 00F09D31A96DD7E32C7A0CC357519038 2572 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\f1bc0e2-47d29042
2014-01-28 17:40:39 EF665F831E3C77FC82BB03A2FEE79F6C 1590 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\4188623-49c57acd
2014-01-28 17:40:21 F4CE3FC9ACCA76EFC574AB380E6234A4 1565 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\4afdae3-31b88dda
2014-01-28 17:40:21 1418A3A1E065D59DAEAA4073B9FD7EFA 2443 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\7c326023-248799b7
2014-01-28 17:40:11 EDF61476CFBD00D545EFEA856BC9B0A4 11236 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\69fba524-17c3b3f8
2014-01-28 17:49:17 5556437ADB2FEFB9EF3C1DE829F2FDC5 3886 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\d6856e4-4dab6d96
2014-01-28 17:47:31 363DD0D2A6B506805E618379AE78EC65 1293 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\8b2167-2737ecd0
2014-01-28 17:40:21 814EDA857A4F04C4A39C17AE78A6FF8A 2500 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\3a605384-72f73ee0
2014-01-28 17:40:58 3AE5083004B55B0A1ECFDF6BFCADA76D 4530 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\a75c8c4-4b54769e
2014-01-28 17:40:10 78896A5FC17B9E1C63F4106968CF8BBE 1811082 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\4cd672e8-72e20c04
2014-01-28 17:49:54 6FF9FB8C6D9694A8849F325B66D367F9 1691 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\4e7c5f6a-364f0ad7
2014-01-28 17:40:21 649E699D2126164C6476D99BC148C2FA 1443 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\75c6902b-4318b3dd
2014-01-28 17:41:19 6C91C70DEF679EE03FF11DC4D0B42245 7758 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\7ab97fab-1cab85ab
2014-01-28 17:40:09 7CC0B6A06AED4AD2C0DB61B6E676DC5B 5319 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\6293eaac-27a44af1
2014-01-28 17:49:49 63C7B2A5E51E6FECB44D12FC3F732DAC 5962 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\13d4a8ee-35abdfcf
2014-02-08 17:16:52 41DCA56B9116EE8EDBF9586227AC4132 916038 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\268592ae-3987e6f1-80.144.250.23-
2014-01-28 17:40:21 ECC9A04EDD27BE35D1516EAAA16736A7 1570 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\2f61496e-55098f1f
2014-01-28 17:40:58 9A7FB9FAA7057FB33A3C0ACA502F5E50 6156 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\41d74fae-67146b7e
2014-01-28 17:40:21 9F0120E99D5146C1A9FD09311EEE3149 2508 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\65e110ae-1b009a1b
2014-01-28 17:40:10 2CA4E4F28BC56F753DF6C4E296A56640 579641 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\449a992f-43718466
2014-01-28 17:40:20 534E274BBD3758A4CB312F69BDB5EF4E 10313 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\36736ab0-350bf13e
2014-01-28 17:41:19 1BED8044ADE1D9064A50488CF4B36904 4286 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\378443f0-50c38cf5
2014-01-28 17:40:21 5556437ADB2FEFB9EF3C1DE829F2FDC5 3886 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\61b75885-12909dac
2014-01-28 17:40:21 5556437ADB2FEFB9EF3C1DE829F2FDC5 3886 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\19ae84b3-1501a304
2014-02-08 17:07:29 C5EE5489CC845CEE3368C6EFCCAC7C20 161 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\5e33fff3-14e27db2
2014-02-08 17:16:52 E17DA5155ACA2FA1DB23C4F5463CDD11 1022742 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\130b18f4-23fdcfc4-80.144.250.23-
2014-01-28 17:40:21 C947FCA995AE3759804C4BA496C5DB71 1631 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\33a104b4-1d6fe10b
2014-01-28 17:39:59 E4E022CC37B0C9B4B4E3CC5D01805934 86 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\1a0b75-6.0.lap
2014-01-28 17:40:21 5556437ADB2FEFB9EF3C1DE829F2FDC5 3886 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\21af6ab5-30ba7c22
2014-01-28 17:40:09 614FF66EC64CC45F8DE7BF24871106DD 414196 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\e5ed035-3d4f87bf
2014-01-28 17:40:11 221F1C8EEFE4918BCBBE5EBCC10EE2D2 438812 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\34ddbb76-3485b6f0
2014-01-28 17:40:21 5556437ADB2FEFB9EF3C1DE829F2FDC5 3886 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\63eb2436-404a27ba
2014-01-28 17:41:19 6C91C70DEF679EE03FF11DC4D0B42245 7758 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\2faab9f8-4bfcd03a
2014-01-28 17:41:19 604F2A2064F8DEDD3F7B5B43E54597C4 8355 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\4c33adf8-4f025274
2014-01-28 17:40:21 CA71FB60D48D0375867A79FC4874C182 1683 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\3a2ffcb9-55d7979d
2014-01-28 17:39:59 9274F9021116C70F461BF3BAF2C6D9FF 1867445 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\4f747db9-63fff5e1
2014-01-28 17:41:19 604F2A2064F8DEDD3F7B5B43E54597C4 8355 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\599ab4fb-5643190e
2014-01-28 17:40:58 A577F14CE8AABF8967BED6578B6A5D2C 3950 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\730e21bc-4b667d9f
2014-01-28 17:40:58 5643A1298DAB101BABF58AD27E970B6E 4578 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\af3b6bf-3b4e0bd8
2014-01-28 17:44:22 5556437ADB2FEFB9EF3C1DE829F2FDC5 3886 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\cf2883f-34c5e466
2014-02-08 17:07:18 7E1C2C82DFFB0E8782742D01A07EA05E 5744780 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\532f4b08-4fbd28a0-80.144.254.249-
2014-01-28 17:40:09 7D2154E1E80E5D86060421A55FEAE652 397454 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\59734d88-213bcd00
2014-01-28 17:40:39 EF665F831E3C77FC82BB03A2FEE79F6C 1590 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\6c261388-1244efdc
2014-01-28 17:44:30 3F7FD238B9068E917971FBCF4D30B06F 1420 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\2657a2c9-785b247c
2014-01-22 14:21:32 EBC36795901CB68533E048DC1D208575 6687280 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin\80e20bf-665d3641
2014-01-22 14:21:32 2CC175EBFF5820DA23A0A2D376BCA777 51 ----a-w- C:\Users\mariska\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin\80e20bf-665d3641.muf
====== C:\WINDOWS\SysWOW64 =====
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
====== C:\WINDOWS\Sysnative\drivers =====
2014-01-29 06:51:44 A8995A7DAB5110EE2B8F4ADD2FFAB9D8 34544 ----a-w- C:\WINDOWS\Sysnative\drivers\Smb_driver_Intel.sys
2014-01-29 06:49:12 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\WINDOWS\Sysnative\drivers\Msft_Kernel_SynTP_01011.Wdf
2014-01-29 06:48:41 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\WINDOWS\Sysnative\drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2014-01-29 06:42:56 FA2B7507CD49908B2260949E52F8B9FE 3707864 ----a-w- C:\WINDOWS\Sysnative\drivers\RTKVHD64.sys
2014-01-29 06:42:55 C8C7EAD8098EA7468D651F3459657240 681905 ----a-w- C:\WINDOWS\Sysnative\drivers\RTAIODAT.DAT
2014-01-22 07:52:10 73BDD44A6088916964945886F9025409 108800 ----a-w- C:\WINDOWS\Sysnative\drivers\ssudbus.sys
2014-01-22 07:52:10 5252D7BC56E5E0ED715AEA8FE173A455 206080 ----a-w- C:\WINDOWS\Sysnative\drivers\ssudmdm.sys
====== C:\WINDOWS\Tasks ======
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2014-02-15 08:15:27 -------- d-----w- C:\Program Files\trend micro
======= C:\PROGRA~2 =====
2014-02-11 08:01:48 -------- d-----w- C:\PROGRA~2\BlueStacks
2014-02-07 15:31:51 -------- d-----w- C:\PROGRA~2\Mozilla Thunderbird
2014-02-05 09:40:16 -------- d-----w- C:\PROGRA~2\Hidden Expedtion Amazon
2014-02-02 15:03:11 -------- d-----w- C:\PROGRA~2\Time Relics - Raderen van het Licht
2014-02-02 14:58:41 -------- d-----w- C:\PROGRA~2\Farmington Tales
======= C: =====
====== C:\Users\mariska\AppData\Roaming ======
2014-02-02 15:04:17 -------- d-----w- C:\Users\mariska\AppData\Roaming\Vast Studios
2014-01-20 09:07:24 -------- d-----w- C:\Users\mariska\AppData\Roaming\.minecraft
2014-01-20 09:03:07 -------- d-----w- C:\Users\mariska\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
2014-01-20 08:57:08 -------- d-----w- C:\Users\mariska\AppData\Local\Adobe
====== C:\Users\mariska ======
2014-02-15 08:15:05 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\mariska\Downloads\RSITx64.exe
2014-02-11 08:01:48 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-02-11 08:01:14 -------- d-----w- C:\ProgramData\BlueStacksSetup
2014-02-11 08:01:11 -------- d-----w- C:\ProgramData\BlueStacks
2014-02-11 07:59:46 A9F7460E1D11428A46C9CE70C8FE9224 10414824 ----a-w- C:\Users\mariska\Downloads\BlueStacks-SplitInstaller_native.exe
2014-02-09 13:02:18 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\mariska\Downloads\Hay.Day.Hack__5850_il3488841.exe
2014-02-09 12:50:43 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\mariska\Downloads\HayDayHack Downloader__3687_i343883946_il3483171.exe
2014-02-09 12:49:18 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\mariska\Downloads\HayDayHack Downloader__3687_i343880578_il3482645.exe
2014-02-09 10:43:24 F2F1AD3DE36D22BB3E9A1BC84D73D922 5653504 ----a-w- C:\Users\mariska\Downloads\Hay Day Hack Tool 3.5.exe
2014-02-09 10:27:50 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\mariska\Downloads\Subway Surfers Resource Adder__5557_il139040.exe
2014-02-09 10:22:54 -------- d-----w- C:\ProgramData\Samsung
2014-02-08 05:53:40 5E61F0C9B643006BF229C85172AA5536 42771488 ----a-w- C:\Users\mariska\Downloads\drfone-android-recovery.exe
2014-02-07 05:57:10 34084C3276A38A2D92CD87F9A3BFAFD0 386383 ----a-w- C:\Users\mariska\Desktop\MagicLauncher_1.2.5.exe
2014-02-05 10:10:29 250076A01332969B24A3F2A9EA65955E 10847608 ----a-w- C:\Users\mariska\Desktop\mbam-setup-1.60.0.1800.exe
2014-02-05 09:40:34 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hidden Expedtion Amazon
2014-02-02 18:41:11 01976DDDD0ED8AED5D91F9A648E19377 4860129 ----a-w- C:\Users\mariska\Downloads\TreeCapitator1.6.4.exe
2014-02-02 15:04:11 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Time Relics - Raderen van het Licht
2014-02-02 15:00:26 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farmington Tales

====== C: exe-files ==
2014-02-15 08:15:27 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\mariska.exe
2014-02-15 08:06:07 338037EFA0E8E8699B2667D57B751574 118896 ----a-w- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe
2014-02-09 12:00:06 D963226B497FB5BBB5C5B768B3D6C0C7 5973552 ----a-w- C:\Program Files (x86)\AVG\AVG2013\avgcrema.exe
2014-02-09 11:24:39 FE7F874B518166C7075D6057641336E1 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2617804057-1537295161-4098149944-1001\$I7MIWE3.exe
2014-02-09 10:22:44 F7EA8109ABAEE2471EFB3AABE2C52926 231424 ----a-w- C:\Users\mariska\AppData\Local\Microsoft\Windows\INetCache\IE\DVH1GYUQ\Setup_product_5991[1].exe
2014-02-09 10:21:19 8A27DB882C784B0F205B1FF72C72F841 4624785 ----a-w- C:\Users\mariska\AppData\Local\Microsoft\Windows\INetCache\IE\43Y1AZKW\System_Speedup[1].exe
2014-02-09 10:21:16 D8F1B119544F6DE30E09594DFD352A67 5562137 ----a-w- C:\Users\mariska\AppData\Local\Microsoft\Windows\INetCache\IE\8PB29AH8\RegClean2[1].exe
2014-02-09 10:21:05 048B07AC45B65EB88E34AC838ED6142E 167588 ----a-w- C:\Users\mariska\AppData\Local\Microsoft\Windows\INetCache\IE\DVH1GYUQ\SearchProtectGeneric2[1].exe
=== C: other files ==
2014-02-11 08:04:58 C38CF03E2A8E1A7E63B4A70F990E8C53 142172210 ----a-w- C:\ProgramData\BlueStacksSetup\runtimedata_0.8.5.3042.zip
2014-02-09 11:16:36 34D1AF53B56BA6BA5249C34AEF84E2F9 1167108 ----a-w- C:\Users\mariska\Downloads\Hay Day Hack No Survey 2014.zip
2014-02-09 10:03:51 E125493B438005B4CC9DFD096C05F7B7 1759151 ----a-w- C:\Users\mariska\Downloads\HayDayHackTool.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-2617804057-1537295161-4098149944-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"Power2GoExpress8"="C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe"
"se"="C:\Users\mariska\AppData\Roaming\SkypEmoticons\SE.exe /minimized "
"uTorrent"="C:\Users\mariska\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED"
"Driver Pro"="C:\Program Files (x86)\Driver Pro\DPLauncher.exe"
"iLivid"="C:\Users\mariska\AppData\Local\iLivid\iLivid.exe -autorun"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BtTray"="C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
"RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
"HP Quick Launch"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe"
"AVG_UI"="C:\Program Files (x86)\AVG\AVG2013\avgui.exe /TRAYONLY"
"CLVirtualDrive"="C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe /R"
"HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"
"KPN Assistent"="C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe /auto"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"mobilegeni daemon"="C:\Program Files (x86)\Mobogenie\DaemonProcess.exe"
"BlueStacks Agent"="C:\Program Files (x86)\BlueStacks\HD-Agent.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"Power2GoExpress8"="C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe"
"se"="C:\Users\mariska\AppData\Roaming\SkypEmoticons\SE.exe /minimized "
"uTorrent"="C:\Users\mariska\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED"
"Driver Pro"="C:\Program Files (x86)\Driver Pro\DPLauncher.exe"
"iLivid"="C:\Users\mariska\AppData\Local\iLivid\iLivid.exe -autorun"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe"
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe"
"Persistence"="C:\WINDOWS\system32\igfxpers.exe"
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"
"RtsCM"="RTSCM64.EXE"
"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update"

==== Startup Folders ======================

2013-06-08 12:06:17 1099 ----a-w- C:\Users\mariska\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2013-09-10 13:44:42 2099 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- [Undetermined Task]
C:\WINDOWS\tasks\HPCeeScheduleFormariska.job --a-------- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [13-09-2010 21:15]
C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job --a-------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [29-08-2012 08:35]

==== Other Scheduled Tasks ======================

"C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\WINDOWS\SysNative\tasks\CLMLSvc_P2G8" [C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe]
"C:\WINDOWS\SysNative\tasks\HPCeeScheduleFormariska" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\WINDOWS\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{D8A84744-9283-4112-911B-879B74851380}" [C:\WINDOWS\system32\msfeedssync.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]
"C:\WINDOWS\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions ======================

ProfilePath: C:\Users\mariska\AppData\Roaming\Mozilla\Firefox\Profiles\ms9zvz7n.default
- United States English Spellchecker - %ProfilePath%\extensions\en-US@dictionaries.addons.mozilla.org
- leethax.net extension - %ProfilePath%\extensions\leethax@leethax.net.xpi
- printpdf - %ProfilePath%\extensions\printpdf@pavlov.net.xpi
- Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\mariska\AppData\Roaming\Mozilla\Firefox\Profiles\ms9zvz7n.default
FD6ACD9D85177259D442A0C4AC15F7B8 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll - Shockwave Flash
221B630B26951630BA834292AE2AF79E - C:\Users\mariska\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
D395F537D081C919C2FD97F7DDDA4174 - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
FC5866F7793AF2CBCD425CC4B8D32A9E - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll - Zylom Plugin


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://feed.snap.do/?publisher=ShoppingHelper&dpid=RY_4730&co=NL&userid=6cb47c02-63ba-483c-c94a-5c1076ce7ba8&searchtype=ds&q={searchTerms}&installDate=09/02/2014"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://feed.snap.do/?publisher=ShoppingHelper&dpid=RY_4730&co=NL&userid=6cb47c02-63ba-483c-c94a-5c1076ce7ba8&searchtype=ds&q={searchTerms}&installDate=09/02/2014"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://feed.snap.do/?publisher=ShoppingHelper&dpid=RY_4730&co=NL&userid=6cb47c02-63ba-483c-c94a-5c1076ce7ba8&searchtype=ds&q={searchTerms}&installDate=09/02/2014"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
"SearchAssistant"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{006ee092-9658-4fd6-bd8e-a21a348e59f5}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Apps.lnk - C:\Users\Public\Libraries\Apps.library-ms
C:\Users\Public\Desktop\Hidden Expedtion Amazon Deluxe.lnk - C:\Program Files (x86)\Hidden Expedtion Amazon\Hidden Expedition Amazon.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Users\Public\Desktop\Start BlueStacks.lnk - C:\Program Files (x86)\BlueStacks\HD-StartLauncher.exe
C:\Users\Public\Desktop\Time Relics - Raderen van het Licht.lnk - C:\Program Files (x86)\Time Relics - Raderen van het Licht\TimeRelics_GearsOfLight.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.nationzoom.com/?type=sc&ts=1 ... X139ES9V3S
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks\Start BlueStacks.lnk - C:\Program Files (x86)\BlueStacks\HD-StartLauncher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farmington Tales\Farmington Tales.lnk - C:\Program Files (x86)\Farmington Tales\Farmington Tales.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farmington Tales\Verwijder Farmington Tales.lnk - C:\Program Files (x86)\Farmington Tales\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hidden Expedtion Amazon\Hidden Expedtion Amazon Deluxe.lnk - C:\Program Files (x86)\Hidden Expedtion Amazon\Hidden Expedition Amazon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hidden Expedtion Amazon\Uninstall Hidden Expedtion Amazon.lnk - C:\Program Files (x86)\Hidden Expedtion Amazon\Uninstal.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Notifications.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Verwijder Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mystery P.I. - Lost in Los Angeles\Mystery P.I. - Lost in Los Angeles.lnk - C:\Program Files (x86)\Mystery P.I. - Lost in Los Angeles\mpi4.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mystery P.I. - Lost in Los Angeles\Verwijder Mystery P.I. - Lost in Los Angeles .lnk - C:\Program Files (x86)\Mystery P.I. - Lost in Los Angeles\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Time Relics - Raderen van het Licht\Time Relics - Raderen van het Licht.lnk - C:\Program Files (x86)\Time Relics - Raderen van het Licht\TimeRelics_GearsOfLight.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Time Relics - Raderen van het Licht\Verwijder Time Relics - Raderen van het Licht.lnk - C:\Program Files (x86)\Time Relics - Raderen van het Licht\unins000.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== shortcuts After Repair ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SkypEmoticons_is1 deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\iLivid deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\mariska\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\mariska\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\mariska\AppData\Local\Mozilla\Firefox\Profiles\ms9zvz7n.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache is not empty, a reboot is needed

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=4943 folders=378 2161227923 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\mariska\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\mariska\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied


groetjes Mariska


Omhoog
 Profiel  
 
BerichtGeplaatst: za feb 15, 2014 5:15 pm 
Offline
Lid

Geregistreerd: ma dec 28, 2009 8:34 pm
Berichten: 20
Besturingssysteem: vista
Bescherming: avast
was ik nog ff vergeten te zeggen maar de shopping helper smartbar zie ik ook nog steeds zitten. ik heb hem al geprobeerd te verwijderen via programma's en onderdelen maar het lukt me maar niet.

alvast bedankt,

groetjes Mariska


Omhoog
 Profiel  
 
BerichtGeplaatst: zo feb 16, 2014 1:56 pm 
Offline
Moderator
Avatar gebruiker

Geregistreerd: wo apr 13, 2005 3:54 pm
Berichten: 33552
Woonplaats: Kotje aan de kust.
Besturingssysteem: Windows 7
Bescherming: Malwarebytes pro
C:\Users\mariska\AppData\LocalLow\Torntv V6.0 deleted is iig al weg.

_________________
****Afbeelding****
Lid van Team Opleiding.

traagheidtips
Keuze in AV
wat is een rootkit


Omhoog
 Profiel  
 
BerichtGeplaatst: zo feb 16, 2014 2:04 pm 
Offline
Moderator
Avatar gebruiker

Geregistreerd: wo apr 13, 2005 3:54 pm
Berichten: 33552
Woonplaats: Kotje aan de kust.
Besturingssysteem: Windows 7
Bescherming: Malwarebytes pro
Download ZHPDiag naar het bureaublad.

Antivirussoftware uitschakelen
Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met ZHPDiag.

ZHPDiag installeren
  • Dubbelklik op zhpdiag.exe om de installatie te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Klik meerdere keren op "Suivant" om het installatieproces te doorlopen.
  • Klik op "Installer" wanneer daar om gevraagd wordt en op "Terminer" wanneer de installatie voltooid is.

ZHPDiag uitvoeren
Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.
  • Dubbelklik op de snelkoppeling met de naam ZHPDiag
  • Het startvenster verschijnt, klik nu op "Configureren".
  • Als de taal niet als Nederlands is ingesteld klik rechts onderaan op het Afbeeldingicoontje "Sélectionner une langue" en kies "Néerlandais".
  • Klik daarna links onderaan op het Afbeelding icoontje "Diagnosemogelijkheden".
  • Er wordt nu een scan van je systeem gemaakt wacht geduldig tot deze voltooid is.
Image

ZHPDiag.txt logbestand plaatsen
  • Voeg het logbestand met de naam "ZHPDiag.txt" als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden op het bureaublad.)
  • Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.

_________________
****Afbeelding****
Lid van Team Opleiding.

traagheidtips
Keuze in AV
wat is een rootkit


Omhoog
 Profiel  
 
BerichtGeplaatst: zo feb 16, 2014 5:29 pm 
Offline
Lid

Geregistreerd: ma dec 28, 2009 8:34 pm
Berichten: 20
Besturingssysteem: vista
Bescherming: avast
Hoi Eric,

blij dat die iig weg is. ik kan alleen dat icoontje dat hij gaat scannen niet vinden. die van mij ziet er anders uit. ik heb al verschillende dingen aangeklikt maar krijg het niet voor elkaar... zal ongetwijfeld wel wat fout doen maar geen idee wat. bij mij ziet het er anders uit, namelijk zo:
Afbeelding

alvast bedankt,

mariska


Omhoog
 Profiel  
 
BerichtGeplaatst: zo feb 16, 2014 6:07 pm 
Offline
Moderator
Avatar gebruiker

Geregistreerd: wo apr 13, 2005 3:54 pm
Berichten: 33552
Woonplaats: Kotje aan de kust.
Besturingssysteem: Windows 7
Bescherming: Malwarebytes pro
Niet op fix klikken maar op zoeken.

_________________
****Afbeelding****
Lid van Team Opleiding.

traagheidtips
Keuze in AV
wat is een rootkit


Omhoog
 Profiel  
 
BerichtGeplaatst: ma feb 17, 2014 8:36 am 
Offline
Lid

Geregistreerd: ma dec 28, 2009 8:34 pm
Berichten: 20
Besturingssysteem: vista
Bescherming: avast
ik snap er echt niets van. ik kan in het begin als ik het opgestart heb klikken op importeren of configureren. dan kom ik in het scherm zoals het bericht hiervoor. dan als ik met de muis alle icoontjes bij langs ga kom ik toch echt geen zoeken tegen :cry: .

icoontjes links onderaan zijn van links naar rechts:terug naar hoofdmenu, aanpassingen

die rechtsboven aan van boven naar onder zijn
CTFMON verwijderen
restore het hosts-bestand
herstelt u het register IFEO
reparaties de Master Boot Record
initialiseer de Prosy-instellingen
creatiepunt herstel systeem
herstelt verborgen bestanden
verwijderd flash bestanden
verwijderd tijdelijke bestanden
verwijderd lege CLSID-bestanden

en die rechtsonder aan van links naar rechts zijn:
verwijderingsprogramma's, schoon Windows manager, herstellen van quarantaine, lege quarantaine, register verslag, selecteer een taal.

dus roept u maar.. ik weet niet wat ik aan moet klikken

groetjes Mariska


Omhoog
 Profiel  
 
BerichtGeplaatst: ma feb 17, 2014 1:41 pm 
Offline
Moderator
Avatar gebruiker

Geregistreerd: wo apr 13, 2005 3:54 pm
Berichten: 33552
Woonplaats: Kotje aan de kust.
Besturingssysteem: Windows 7
Bescherming: Malwarebytes pro
Klik eens op importeren ?

_________________
****Afbeelding****
Lid van Team Opleiding.

traagheidtips
Keuze in AV
wat is een rootkit


Omhoog
 Profiel  
 
BerichtGeplaatst: ma feb 17, 2014 2:46 pm 
Offline
Lid

Geregistreerd: ma dec 28, 2009 8:34 pm
Berichten: 20
Besturingssysteem: vista
Bescherming: avast
dan gebeurd er het volgende... eerst krijg ik dit:

Afbeelding

en als ik dan ok klik krijg ik dit, links boven in het scherm knippert er dan een streepje...zo eentje als dat je wat kan typen:

Afbeelding

maar al wacht ik een uur dan gebeurd er nog niets...vreemd hé.

laar maar even weten wat ik moet doen of wat ik fout doe.

alvast bedankt maar weer

maris


Omhoog
 Profiel  
 
BerichtGeplaatst: ma feb 17, 2014 2:47 pm 
Offline
Lid

Geregistreerd: ma dec 28, 2009 8:34 pm
Berichten: 20
Besturingssysteem: vista
Bescherming: avast
ohja... ff wat vergeten. die icoontjes links onder zijn van links naar rechts:
schoon, terug naar hoofdmenu, het script verwijderen


Omhoog
 Profiel  
 
BerichtGeplaatst: ma feb 17, 2014 5:34 pm 
Offline
Moderator
Avatar gebruiker

Geregistreerd: wo apr 13, 2005 3:54 pm
Berichten: 33552
Woonplaats: Kotje aan de kust.
Besturingssysteem: Windows 7
Bescherming: Malwarebytes pro
Je zit ook de fix te openen en niet de ZHPDiag Probeer ZHPDiag eens te openen.

_________________
****Afbeelding****
Lid van Team Opleiding.

traagheidtips
Keuze in AV
wat is een rootkit


Omhoog
 Profiel  
 
BerichtGeplaatst: ma feb 17, 2014 7:28 pm 
Offline
Moderator
Avatar gebruiker

Geregistreerd: wo apr 13, 2005 3:54 pm
Berichten: 33552
Woonplaats: Kotje aan de kust.
Besturingssysteem: Windows 7
Bescherming: Malwarebytes pro
Wil het lukken?

_________________
****Afbeelding****
Lid van Team Opleiding.

traagheidtips
Keuze in AV
wat is een rootkit


Omhoog
 Profiel  
 
BerichtGeplaatst: wo feb 19, 2014 4:22 pm 
Offline
Lid

Geregistreerd: ma dec 28, 2009 8:34 pm
Berichten: 20
Besturingssysteem: vista
Bescherming: avast
ja gelukt :D .. wat ben ik ook een doos soms..niet te geloven..maar goed het is gelukt en hij is bij de bijlagen toegevoegd hahaha.

groetjes Mariska


Je hebt geen permissies om de bijlage(n)) in dit bericht te zien.


Omhoog
 Profiel  
 
Geef de vorige berichten weer:  Sorteer op  
Dit onderwerp is gesloten, je kunt geen berichten wijzigen of nieuwe antwoorden plaatsen  [ 16 berichten ]  Ga naar pagina 1, 2  Volgende

Forumoverzicht » RSIT/DDS/HijackThis logfiles » Opgeloste RSIT/DDS/HijackThis logfiles


Wie is er online

Gebruikers op dit forum: Bing [Bot] en 2 gasten


Je mag geen nieuwe onderwerpen in dit forum plaatsen
Je mag niet antwoorden op een onderwerp in dit forum
Je mag je berichten in dit forum niet wijzigen
Je mag je berichten niet uit dit forum verwijderen
Je mag geen bijlagen toevoegen in dit forum

Ga naar:  
Powered by phpBB® Forum Software © phpBB Group
phpBB.nl Vertaling