danny1976

Lid

Bekijk profiel Bekijk hun activiteit

Items
2
Registratiedatum
1 oktober 2013
Laatst bezocht
2 oktober 2013

danny1976's prestaties

Nieuweling (1/14)

Recente badges

Reputatie

verwijderen mallware troep

danny1976 reageerde op danny1976's topic in Archief Bestrijding malware & virussen

Zoek.exe Version 4.0.0.4 Updated 27-September-2013 Tool run by otis on di 01-10-2013 at 22:09:31,45. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\otis\AppData\Local\Temp\Rar$EX93.888\zoek.exe [script inserted] [Checkboxes used] ==== System Restore Info ====================== 1-10-2013 22:13:28 Zoek.exe System Restore Point Created Succesfully. ==== Possible Rootkit Infection ====================== C:\Windows\installer\{3e238814-def8-5251-4d05-1ca0ec60d85d}\L C:\Windows\installer\{3e238814-def8-5251-4d05-1ca0ec60d85d}\U C:\Windows\installer\{3e238814-def8-5251-4d05-1ca0ec60d85d}\L\00000004.@ ==== Creating Sample_01-10-2013_2221.zip ====================== Process chrome.exe killed Copied file C:\Users\otis\AppData\Roaming\BabMaint.exe to sample\BabMaint.exe sample\BabMaint.exe renamed to CC1A55091FD96BCB624AD791CD15D179 C:\Users\Public\Desktop\sample_01-10-2013_2221.zip created successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2102026880-3765431175-3054695707-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully HKEY_USERS\S-1-5-21-2102026880-3765431175-3054695707-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully HKEY_USERS\S-1-5-21-2102026880-3765431175-3054695707-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully HKEY_USERS\S-1-5-21-2102026880-3765431175-3054695707-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully HKEY_USERS\S-1-5-21-2102026880-3765431175-3054695707-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully HKEY_USERS\S-1-5-21-2102026880-3765431175-3054695707-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0E7CFE28-70E5-4C6B-8E15-BD4DC91286E2} deleted successfully HKEY_USERS\S-1-5-21-2102026880-3765431175-3054695707-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-2102026880-3765431175-3054695707-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-2102026880-3765431175-3054695707-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD24} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BitGuard deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BitGuard deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Jxzwyjgf deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Jxzwyjgf deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Kooyxunb deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Kooyxunb deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Pxcocxlw deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Pxcocxlw deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rrojutsg deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Rrojutsg deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Yontoo Desktop Updater deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Yontoo Desktop Updater deleted successfully ==== FireFox Fix ====================== Deleted from C:\Users\otis\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js: Added to C:\Users\otis\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "bProtector Start Page"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "bProtectorDefaultScope"=- ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Yontoo Desktop"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Deleting Files \ Folders ====================== "C:\windows\SysNative\Tasks\DSite" deleted "C:\Users\otis\Downloads\iLividSetup-r757-n-bc.exe" deleted "C:\Users\otis\Downloads\iLividSetup.exe" deleted "C:\Users\otis\Downloads\codec_pack_740423_ch.exe" deleted "C:\Windows\wininit.ini" deleted "C:\windows\SysNative\Tasks\EPUpdater" deleted "C:\Windows\tasks\DSite.job" deleted "C:\windows\SysNative\tasks\BitGuard" deleted "C:\Users\otis\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\putlockerdownloader3@putlockerdownloader.com.xpi" deleted "C:\Users\otis\Desktop\Search.lnk" deleted "C:\Users\otis\AppData\Roaming\BabMaint.exe" deleted "C:\Windows\installer\{3e238814-def8-5251-4d05-1ca0ec60d85d}\L\00000004.@" deleted "C:\Windows\installer\{3e238814-def8-5251-4d05-1ca0ec60d85d}\L\201d3dde" deleted "C:\Windows\installer\{3e238814-def8-5251-4d05-1ca0ec60d85d}\L\76603ac3" deleted "C:\Users\otis\AppData\Roaming\Yontoo\YontooDesktop.exe" deleted "C:\Users\otis\AppData\Roaming\Yontoo\YontooDesktop.exe" deleted "C:\Users\otis\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll" deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.settings" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bl" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\dm" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\uninstall.exe" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\00" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\01" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\02" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\03" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\10" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\11" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\12" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\13" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\20" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\21" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\22" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\23" not deleted "C:\Users\otis\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll" deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.settings" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bl" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\dm" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\uninstall.exe" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\00" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\01" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\02" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\03" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\10" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\11" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\12" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\13" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\20" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\21" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\22" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\23" not deleted "C:\Windows\installer\{3e238814-def8-5251-4d05-1ca0ec60d85d}" deleted "C:\Users\otis\AppData\Roaming\Delta" deleted "C:\Windows\installer\{3e238814-def8-5251-4d05-1ca0ec60d85d}\L" deleted "C:\Windows\installer\{3e238814-def8-5251-4d05-1ca0ec60d85d}\U" deleted "C:\Program Files (x86)\Delta" deleted "C:\Program Files (x86)\Yontoo" deleted "C:\Users\otis\AppData\Roaming\Yontoo" deleted "C:\ProgramData\BitGuard" not deleted "C:\Windows\syswow64\appdata" deleted "C:\Program Files (x86)\Delta" deleted "C:\Program Files (x86)\hdvidcodec.com" deleted "C:\Program Files (x86)\HappyLyrics" deleted "C:\Program Files (x86)\Yontoo" deleted "C:\Program Files (x86)\PutLockerDownloader" deleted "C:\found.000" deleted "C:\Users\otis\AppData\Roaming\BabSolution" deleted "C:\Users\otis\AppData\Roaming\Babylon" deleted "C:\Users\otis\AppData\Roaming\Yontoo" deleted "C:\Users\otis\AppData\Roaming\Delta" deleted "C:\Users\otis\AppData\Roaming\DSite" deleted "C:\Users\otis\AppData\Roaming\OpenCandy" deleted "C:\ProgramData\Ask" deleted "C:\ProgramData\APN" deleted "C:\ProgramData\BitGuard" not deleted "C:\ProgramData\boost_interprocess" deleted "C:\ProgramData\DSearchLink" deleted "C:\ProgramData\Wincert" deleted "C:\ProgramData\Tarma Installer" deleted "C:\ProgramData\Babylon" deleted "C:\Users\otis\AppData\Local\PutLockerDownloader" deleted "C:\Users\otis\AppData\Local\Software" deleted "C:\Users\otis\AppData\Local\PackageAware" deleted "C:\Users\otis\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc" deleted "C:\Users\otis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard" deleted "C:\Users\otis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com" deleted "C:\Users\otis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PutLockerDownloader.com" deleted "C:\Users\otis\AppData\LocalLow\Delta" deleted "C:\Windows\SysWow64\searchplugins" deleted "C:\Windows\SysWow64\Extensions" deleted "C:\Users\otis\AppData\Roaming\Yontoo\dat" deleted "C:\ProgramData\BitGuard\2.6.1694.246" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings" not deleted "C:\Users\otis\AppData\Roaming\Yontoo\dat" deleted "C:\ProgramData\BitGuard\2.6.1694.246" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings" not deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\otis\AppData\Local\Temp ==== 2013-10-01 20:08:11 122A32A068A76C220AD47B3C2780407C 1263104 ----a-w- C:\Users\otis\AppData\Local\Temp\Rar$EX93.888\Z-Analyse.exe 2013-09-29 20:53:30 B212865E7E478A28A97268F960079A8D 132096 ----a-w- C:\Users\otis\AppData\Local\Temp\F4307D98-BAB0-7891-8D2A-26F170C14DCA\Latest\BExternal.dll 2013-09-29 20:53:30 A21DE5067618D4F2DF261416315ED120 6144 ----a-w- C:\Users\otis\AppData\Local\Temp\F4307D98-BAB0-7891-8D2A-26F170C14DCA\Latest\IEHelper.dll 2013-09-29 20:53:30 0F66E8E2340569FB17E774DAC2010E31 520234 ----a-w- C:\Users\otis\AppData\Local\Temp\F4307D98-BAB0-7891-8D2A-26F170C14DCA\Latest\sqlite3.dll 2013-09-29 20:53:00 A0C27BA64BA52ECFF34D5C7DB93CA9D3 36080263 ----a-w- C:\Users\otis\AppData\Local\Temp\is2121167326\225535300_stp.EXE 2013-09-24 05:38:19 E1D607BD288B979FECE0770324EE6F11 245672 ----a-w- C:\Users\otis\AppData\Local\Temp\F4307D98-BAB0-7891-8D2A-26F170C14DCA\Latest\ccp.exe 2013-09-23 09:57:43 5D213EC175B9C1BE6B5F245C17A294EB 324976 ----a-w- C:\Users\otis\AppData\Local\Temp\bus7F7C\fntupdtr.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2013-10-01 19:09:01 0B094C1308FFDEBF433D7CE0675CF099 512 ----a-w- C:\Windows\Sysnative\F39D4DE6-98B8-4E05-91BD-549E8A8248BD ====== C:\Windows\Sysnative\drivers ===== 2013-09-10 23:46:35 059F00DEF82BF41E433B7ED465847726 155584 ----a-w- C:\Windows\Sysnative\drivers\ataport.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-10-01 18:35:34 -------- d-----w- C:\Program Files\trend micro ======= C:\Program Files (x86) ===== ======= C: ===== ====== C:\Users\otis\AppData\Roaming ====== 2013-09-29 20:57:14 8DE9F588DFB1641F2C0EA05BD4B60605 218 ----a-w- C:\Users\otis\AppData\Local\recently-used.xbel 2013-09-29 20:55:03 -------- d-----w- C:\Users\otis\AppData\Local\avgchrome 2013-09-29 20:53:54 -------- d-----w- C:\Users\otis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitLord ====== C:\Users\otis ====== 2013-10-01 18:35:04 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\otis\Downloads\RSITx64.exe 2013-10-01 18:05:19 DC5E900D2F88A9478024B9BEEF3A12B0 303856 ----a-w- C:\Users\otis\Downloads\download_file.exe 2013-09-29 21:03:28 1462F441FBEE47D53EFADA97CED09816 172752 ----a-w- C:\Users\otis\Downloads\JJCale23Album-8bpG9pPX.exe 2013-09-29 21:03:00 497E4C014014BD648B3A021E517C34D9 677696 ----a-w- C:\Users\otis\Downloads\jj_cale_23_album_BitLord.exe 2013-09-29 20:54:31 DF72ABFFDC1157AD6E0BB9BE90830C94 723824 ----a-w- C:\Users\otis\Downloads\BitLordInstall (3).exe 2013-09-29 20:53:47 -------- d-----w- C:\ProgramData\BitGuard 2013-09-29 20:52:44 DF72ABFFDC1157AD6E0BB9BE90830C94 723824 ----a-w- C:\Users\otis\Downloads\BitLordInstall (2).exe 2013-09-18 11:08:34 907282FF6142415DA6E83C8F1B497C73 314080 ----a-w- C:\Users\otis\Downloads\download_torntv (1).exe 2013-09-18 11:08:21 907282FF6142415DA6E83C8F1B497C73 314080 ----a-w- C:\Users\otis\Downloads\download_torntv.exe ====== C: exe-files == 2013-10-01 20:08:11 122A32A068A76C220AD47B3C2780407C 1263104 ----a-w- C:\Users\otis\AppData\Local\Temp\Rar$EX93.888\Z-Analyse.exe 2013-10-01 18:35:35 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\otis.exe 2013-10-01 18:35:04 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\otis\Downloads\RSITx64.exe 2013-10-01 18:05:19 DC5E900D2F88A9478024B9BEEF3A12B0 303856 ----a-w- C:\Users\otis\Downloads\download_file.exe 2013-09-29 21:03:28 1462F441FBEE47D53EFADA97CED09816 172752 ----a-w- C:\Users\otis\Downloads\JJCale23Album-8bpG9pPX.exe 2013-09-29 21:03:00 497E4C014014BD648B3A021E517C34D9 677696 ----a-w- C:\Users\otis\Downloads\jj_cale_23_album_BitLord.exe 2013-09-29 20:54:31 DF72ABFFDC1157AD6E0BB9BE90830C94 723824 ----a-w- C:\Users\otis\Downloads\BitLordInstall (3).exe 2013-09-29 20:53:52 425622F8DB2694C34D1908A77612ACFC 2845664 ----a-w- C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\uninstall.exe 2013-09-29 20:53:50 425622F8DB2694C34D1908A77612ACFC 2845664 ----a-w- C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe 2013-09-29 20:53:00 A0C27BA64BA52ECFF34D5C7DB93CA9D3 36080263 ----a-w- C:\Users\otis\AppData\Local\Temp\is2121167326\225535300_stp.EXE 2013-09-29 20:52:44 DF72ABFFDC1157AD6E0BB9BE90830C94 723824 ----a-w- C:\Users\otis\Downloads\BitLordInstall (2).exe === C: other files == 2013-10-01 20:21:30 166B141DBD72ECE02C47D4694FA5CE95 57597 ----a-w- C:\Users\Public\Desktop\sample_01-10-2013_2221.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2102026880-3765431175-3054695707-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"="C:\Users\otis\AppData\Local\Google\Update\GoogleUpdate.exe /c" "Spotify Web Helper"="C:\Users\otis\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "MyTomTomSA.exe"="C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"="C:\Users\otis\AppData\Local\Google\Update\GoogleUpdate.exe /c" "Spotify Web Helper"="C:\Users\otis\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "MyTomTomSA.exe"="C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BullGuard"="C:\Program Files\BullGuard Ltd\BullGuard Antivirus\bullguard.exe -boot" "BullGuardUpdate2"="c:\program files\bullguard ltd\bullguard antivirus\BullGuardUpdate2.exe" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acer AnySync] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Acer AnySync" "hkey"="HKCU" "command"="\"C:\\Program Files\\Acer\\AcerSync\\AcerSync.exe\" /autostartup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APSDaemon" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ArcadeMovieService] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ArcadeMovieService" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Acer\\clear.fi\\Movie\\clear.fiMovieService.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BackupManagerTray] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BackupManagerTray" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\NTI\\Acer Backup Manager\\BackupManagerTray.exe\" -h -k" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Dolby Advanced Audio v2] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Dolby Advanced Audio v2" "hkey"="HKLM" "command"="\"C:\\Dolby PCEE4\\pcee4.exe\" -autostart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ETDCtrl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ETDCtrl" "hkey"="HKLM" "command"="%ProgramFiles%\\Elantech\\ETDCtrl.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Google Update" "hkey"="HKCU" "command"="\"C:\\Users\\otis\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HotKeysCmds" "hkey"="HKLM" "command"="C:\\Windows\\system32\\hkcmd.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IgfxTray" "hkey"="HKLM" "command"="C:\\Windows\\system32\\igfxtray.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IntelTBRunOnce] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IntelTBRunOnce" "hkey"="HKLM" "command"="wscript.exe //b //nologo \"C:\\Program Files\\Intel\\TurboBoost\\RunTBGadgetOnce.vbs\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LManager] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LManager" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Launch Manager\\LManager.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\M-Audio Taskbar Icon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="M-Audio Taskbar Icon" "hkey"="HKLM" "command"="C:\\Windows\\system32\\M-AudioTaskBarIcon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mcui_exe] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="mcui_exe" "hkey"="HKLM" "command"="\"C:\\Program Files\\McAfee.com\\Agent\\mcagent.exe\" /runkey" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msnmsgr" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Windows Live\\Messenger\\msnmsgr.exe\" /background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Norton Online Backup] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Norton Online Backup" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Symantec\\Norton Online Backup\\NOBuClient.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Persistence" "hkey"="HKLM" "command"="C:\\Windows\\system32\\igfxpers.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Power Management] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Power Management" "hkey"="HKLM" "command"="C:\\Program Files\\Acer\\Acer ePower Management\\ePowerTray.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="QuickTime Task" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVBg_Dolby] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RtHDVBg_Dolby" "hkey"="HKLM" "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVBg64.exe /FORPCEE4 " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RtHDVCpl" "hkey"="HKLM" "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Spotify" "hkey"="HKCU" "command"="\"C:\\Users\\otis\\AppData\\Roaming\\Spotify\\Spotify.exe\" /uri spotify:autostart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Spotify Web Helper" "hkey"="HKCU" "command"="\"C:\\Users\\otis\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SuiteTray] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SuiteTray" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\EgisTec MyWinLockerSuite\\x86\\SuiteTray.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\McAfee Security Scan Plus.lnk" "backup"="C:\\Windows\\pss\\McAfee Security Scan Plus.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~2\\MCAFEE~1\\30937D~1.207\\SSSCHE~1.EXE " "item"="McAfee Security Scan Plus" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08-07-2012 17:08] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08-07-2012 17:08] ==== Firefox Extensions ====================== ExtDir: C:\Users\otis\AppData\Roaming\Mozilla\Firefox\Profiles\extensions - HDvid Codec - %ExtDir%\hdvc@hdvc.com.xpi ==== Firefox Plugins ====================== ==== Deleting Files \ Folders ====================== "C:\Users\otis\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\hdvc@hdvc.com.xpi" deleted ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions eooncjejnppfjjklapaamhcdmjbilmde - C:\Users\otis\AppData\Roaming\BabSolution\CR\Delta.crx[] koalekbhpbggkcfhkkbolikjoaobbppi - C:\Program Files (x86)\PutLockerDownloader\PutLockerDownloader10.crx[] kpkbnefaikfaeadgidhpoanckoiaheli - C:\Program Files (x86)\HDvidCodec.com\HDvidCodec10.crx[] niapdbllcanepiiimjjndipklodoedlc - C:\Program Files (x86)\Yontoo\YontooLayers.crx[] nohfdhapjjlndfgjnmdlcabloeembdkj - C:\Users\otis\AppData\Roaming\BabSolution\CR\delta2.crx[] YouTube - otis - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - otis - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Delta Toolbar - otis - Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde PutLockerDownloader V3.0 - otis - Default\Extensions\koalekbhpbggkcfhkkbolikjoaobbppi HDvid Codec - otis - Default\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli Chrome In-App Payments service - otis - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Delta Toolbar - otis - Default\Extensions\nohfdhapjjlndfgjnmdlcabloeembdkj Gmail - otis - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chrome Fix ====================== C:\Users\otis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_en.softonic.com_0.localstorage deleted successfully C:\Users\otis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_en.softonic.com_0.localstorage-journal deleted successfully C:\Users\otis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.delta-search.com_0.localstorage deleted successfully C:\Users\otis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.delta-search.com_0.localstorage-journal deleted successfully C:\Users\otis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www2.delta-search.com_0.localstorage deleted successfully C:\Users\otis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www2.delta-search.com_0.localstorage-journal deleted successfully C:\Users\otis\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde deleted successfully C:\Users\otis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage deleted successfully C:\Users\otis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage-journal deleted successfully C:\Users\otis\AppData\Local\Google\Chrome\User Data\Default\Extensions\koalekbhpbggkcfhkkbolikjoaobbppi deleted successfully C:\Users\otis\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli deleted successfully C:\Users\otis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niapdbllcanepiiimjjndipklodoedlc_0.localstorage deleted successfully C:\Users\otis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niapdbllcanepiiimjjndipklodoedlc_0.localstorage-journal deleted successfully C:\Users\otis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nohfdhapjjlndfgjnmdlcabloeembdkj deleted successfully C:\Users\otis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nohfdhapjjlndfgjnmdlcabloeembdkj_0.localstorage deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.searchgol.com/?babsrc=HP_ss&mntrId=6C359439E582A7D9&affID=119357&tsp=5020" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} SearchGol Url="http://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=6C359439E582A7D9&affID=119357&tsp=5020" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Reset Google Chrome ====================== C:\Users\otis\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\otis\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\koalekbhpbggkcfhkkbolikjoaobbppi deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\nohfdhapjjlndfgjnmdlcabloeembdkj deleted successfully ==== HijackThis Entries ====================== R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\otis\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\otis\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [MyTomTomSA.exe] "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user') O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard Antivirus\Files32\Antiphishing\IE\BGAntiphishingIE.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: c:\progra~3\bitguard\261694~1.246\{c16c1~1\bitguard.dll c:\PROGRA~1\BULLGU~1\BULLGU~1\Files32\BgAgent.dll O23 - Service: AcerSyncSystemService - Unknown owner - C:\Program Files\Acer\AcerSync\AcerSyncSystemService.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: BullGuard Behavioural Detection (BsBhvScan) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard Antivirus\BullGuardBhvScanner.exe O23 - Service: BullGuard scanning service (BsScanner) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard Antivirus\BullGuardScanner.exe O23 - Service: BullGuard update service (BsUpdate) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard Antivirus\BullGuardUpdate.exe O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe O23 - Service: Intel® Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\otis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\otis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\otis\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\otis\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\otis\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\otis\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.settings" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bl" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\dm" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\uninstall.exe" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\00" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\01" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\02" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\03" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\10" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\11" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\12" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\13" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\20" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\21" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\22" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\23" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.settings" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bl" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\dm" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\uninstall.exe" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\00" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\01" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\02" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\03" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\10" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\11" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\12" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\13" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\20" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\21" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\22" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\23" not found "C:\ProgramData\BitGuard" not found "C:\ProgramData\BitGuard" not found ==== EOF on di 01-10-2013 at 22:32:18,84 ======================
- 1 oktober 2013
- 3 antwoorden
verwijderen mallware troep

danny1976 plaatste een topic in Archief Bestrijding malware & virussen

Hey, ik zou graag alle mallwartroep van mn laptop verwijderen. zoals aangegeven in de instructies de kopie van het logje... Chrz bij voorbaat:-) Logfile of random's system information tool 1.09 (written by random/random) Run by otis at 2013-10-01 20:49:10 Microsoft Windows 7 Home Premium Service Pack 1 System drive C: has 450 GB (65%) free of 697 GB Total RAM: 8044 MB (74% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:49:19, on 1-10-2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16686) Boot mode: Normal Running processes: C:\Program Files (x86)\Launch Manager\LMworker.exe C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe C:\Users\otis\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Users\otis\AppData\Roaming\Yontoo\YontooDesktop.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Users\otis\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\otis\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\otis\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\otis\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\otis\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\otis\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\otis\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Users\otis\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\trend micro\otis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search-Gol R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll O3 - Toolbar: Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\otis\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\otis\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [Yontoo Desktop] "C:\Users\otis\AppData\Roaming\Yontoo\YontooDesktop.exe" O4 - HKCU\..\Run: [MyTomTomSA.exe] "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user') O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard Antivirus\Files32\Antiphishing\IE\BGAntiphishingIE.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: c:\progra~3\bitguard\261694~1.246\{c16c1~1\bitguard.dll c:\PROGRA~1\BULLGU~1\BULLGU~1\Files32\BgAgent.dll O23 - Service: AcerSyncSystemService - Unknown owner - C:\Program Files\Acer\AcerSync\AcerSyncSystemService.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: BitGuard - Unknown owner - C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe O23 - Service: BullGuard Behavioural Detection (BsBhvScan) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard Antivirus\BullGuardBhvScanner.exe O23 - Service: BullGuard scanning service (BsScanner) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard Antivirus\BullGuardScanner.exe O23 - Service: BullGuard update service (BsUpdate) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard Antivirus\BullGuardUpdate.exe O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe O23 - Service: Intel® Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11607 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs winlogon.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe 25029584 \??\C:\Windows\system32\conhost.exe "5824840381686010903-18027422691922422325-2049112790-129503714526246239-1961998064 C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files\Acer\AcerSync\AcerSyncSystemService.exe" taskeng.exe {CDBF4DAE-0C2A-4743-8A33-005411EB82DC} "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" "taskhost.exe" "C:\Windows\system32\Dwm.exe" C:\Windows\Explorer.EXE C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe "C:\Program Files\BullGuard Ltd\BullGuard Antivirus\BullGuardBhvScanner.exe" C:\Windows\System32\SvcHost.exe -k BullGuard_Proxy C:\Windows\System32\SvcHost.exe -k BullGuard_Main "C:\Program Files\BullGuard Ltd\BullGuard Antivirus\BullGuardScanner.exe" "C:\Program Files\BullGuard Ltd\BullGuard Antivirus\BullGuardUpdate.exe" "C:\Program Files (x86)\Launch Manager\dsiwmis.exe" taskeng.exe {E2327717-77CA-4FCF-BF91-217A30796764} "C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe" "C:\Program Files (x86)\Acer\Registration\GREGsvc.exe" "C:\Program Files (x86)\Launch Manager\LMworker.exe" "C:\Program Files (x86)\Launch Manager\LMutilps32.exe" --system-level-mutex="Local\{B904A927-FE6B-48fd-8C83-6B807BED1F9C}" --enable-wmi-window "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe" /PROTECT "C:\Program Files\Acer\Acer Updater\UpdaterService.exe" "C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe" "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE "C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe" C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe" C:\Windows\system32\svchost.exe -k imgsvc "C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe" "C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe" "C:\Users\otis\AppData\Roaming\Yontoo\YontooDesktop.exe" C:\Windows\System32\SvcHost.exe -k BullGuard "c:\program files\bullguard ltd\bullguard antivirus\BgWsc.exe" /prodpath "c:\program files\bullguard ltd\bullguard antivirus\BullGuard.exe" /setav expire /setas off \??\C:\Windows\system32\conhost.exe "-1521619505761228823-492565048-611304787823710032-775744610-1775627880-1003310377 "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe" "C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe" "C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe" /TUStart /pid:2220 "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE" "C:\Program Files\BullGuard Ltd\BullGuard Antivirus\BullGuard.exe" -boot "C:\Users\otis\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "C:\Users\otis\AppData\Roaming\Yontoo\YontooDesktop.exe" "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-5eea4b5e-43ca-44ba-a3af-5d034019b6b1 -SystemEventPortName:HostProcess-f911719d-c628-4dc4-be5c-2de3022b49b8 -IoCancelEventPortName:HostProcess-c92e679b-e25b-4f86-9b48-ad1ee91fffde -NonStateChangingEventPortName:HostProcess-33793497-2d36-4987-96f6-234f2845821a -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:e3815e18-b02c-4d95-ba2c-0d14b20980b2 -DeviceGroupId:WpdFsGroup C:\Windows\system32\SearchIndexer.exe /Embedding "C:\Program Files\Windows Media Player\wmpnetwk.exe" C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k LocalServicePeerNet "C:\Users\otis\AppData\Local\Google\Chrome\Application\chrome.exe" "C:\Users\otis\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="4588.0.1489080464\299165264" --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,9,19 --gpu-vendor-id=0x8086 --gpu-device-id=0x0126 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2418 --ignored=" --type=renderer " /prefetch:822062411 C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7} "C:\Users\otis\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group2 pct:remainder use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/NewMenuStyle/Compact2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-1-Percent/group_19/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/default/" --extension-process --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="4588.3.1485289857\711466530" /prefetch:673131151 "C:\Users\otis\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group2 pct:remainder use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/NewMenuStyle/Compact2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictor/Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-1-Percent/group_19/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --instant-process --enable-threaded-compositing --disable-html-notifications --channel="4588.5.1416450963\1213709881" /prefetch:673131151 "C:\Users\otis\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group2 pct:remainder use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/NewMenuStyle/Compact2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictor/Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-1-Percent/group_19/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="4588.6.1105352769\1334482266" /prefetch:673131151 "C:\Users\otis\AppData\Local\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="4588.7.18103347\1852769411" --lang=nl --ignored=" --type=renderer " /prefetch:-632637702 "C:\Users\otis\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group2 pct:remainder use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/NewMenuStyle/Compact2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictor/Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-1-Percent/group_19/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="4588.10.661753608\1257467262" /prefetch:673131151 "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe" "C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe" "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" "C:\Windows\system32\wuauclt.exe" "C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto -critical "C:\Program Files\EgisTec IPS\PMMUpdate.exe" "C:\Program Files\EgisTec IPS\EgisUpdate.exe" "C:\Windows\system32\NOTEPAD.EXE" C:\rsit\info.txt "C:\Users\otis\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group2 pct:remainder use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/NewMenuStyle/Compact2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictor/Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-1-Percent/group_19/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="4588.13.143587142\1678753115" /prefetch:673131151 "C:\Users\otis\Downloads\RSITx64.exe" C:\Windows\system32\wbem\wmiprvse.exe ======Scheduled tasks folder====== C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job C:\Windows\tasks\DSite.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2102026880-3765431175-3054695707-1000Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2102026880-3765431175-3054695707-1000UA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29 529280] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-06-01 462752] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29 441216] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] delta Helper Object - C:\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll [2013-08-15 314264] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-06-01 171424] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] Yontoo - C:\Program Files (x86)\Yontoo\YontooIEClient.dll [2013-04-17 197920] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar] {82E1477C-B154-48D3-9891-33D83C26BCD3} - Delta Toolbar - C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll [2013-08-15 300952] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "BullGuard"=C:\Program Files\BullGuard Ltd\BullGuard Antivirus\bullguard.exe [2013-06-06 970080] "BullGuardUpdate2"=c:\program files\bullguard ltd\bullguard antivirus\BullGuardUpdate2.exe [2013-06-06 2531168] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"=C:\Users\otis\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-11 116648] "Spotify Web Helper"=C:\Users\otis\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [2013-03-22 1103768] "Yontoo Desktop"=C:\Users\otis\AppData\Roaming\Yontoo\YontooDesktop.exe [2013-04-17 42784] "MyTomTomSA.exe"=C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [2013-04-17 455608] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer AnySync] C:\Program Files\Acer\AcerSync\AcerSync.exe [2011-06-16 3044456] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [2011-08-27 177448] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [2011-04-24 297280] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dolby Advanced Audio v2] C:\Dolby PCEE4\pcee4.exe [2011-06-01 506712] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe [2011-04-05 2589992] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] C:\Users\otis\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-11 116648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] C:\Windows\system32\hkcmd.exe [2011-06-21 392472] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] C:\Windows\system32\igfxtray.exe [2011-06-21 167704] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelTBRunOnce] wscript.exe //b //nologo C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [2011-07-01 1103440] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M-Audio Taskbar Icon] C:\Windows\system32\M-AudioTaskBarIcon.exe [2011-10-18 924464] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [2012-03-08 4280184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2010-06-02 1155928] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] C:\Windows\system32\igfxpers.exe [2011-06-21 416024] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [2011-08-02 1831016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe [2011-10-24 421888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2011-08-16 2277480] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-08-16 12673128] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify] C:\Users\otis\AppData\Roaming\Spotify\Spotify.exe [2013-03-22 4477336] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper] C:\Users\otis\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [2013-03-22 1103768] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [2011-09-20 341360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] C:\PROGRA~2\MCAFEE~1\30937D~1.207\SSSCHE~1.EXE [] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\PROGRA~3\Wincert\WIN64C~1.DLL c:\PROGRA~1\BULLGU~1\BULLGU~1\BgAgent.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2011-06-10 389632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BsMain] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BsScanner] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BsUpdate] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "MSVideo8"=VfWWDM32.dll "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "wave2"=wdmaud.drv "midi2"=wdmaud.drv "mixer2"=wdmaud.drv "aux2"=wdmaud.drv "wave3"=wdmaud.drv "midi3"=wdmaud.drv "mixer3"=wdmaud.drv "wave4"=wdmaud.drv "midi4"=wdmaud.drv "mixer4"=wdmaud.drv "wave5"=wdmaud.drv "midi5"=wdmaud.drv "mixer5"=wdmaud.drv "wave6"=wdmaud.drv "midi6"=wdmaud.drv "mixer6"=wdmaud.drv "aux3"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 3 months====== 2013-10-01 20:35:34 ----D---- C:\rsit 2013-10-01 20:35:34 ----D---- C:\Program Files\trend micro 2013-09-29 22:54:21 ----D---- C:\Users\otis\AppData\Roaming\Delta 2013-09-29 22:54:21 ----D---- C:\Program Files (x86)\Mozilla Firefox 2013-09-29 22:54:21 ----D---- C:\Program Files (x86)\Delta 2013-09-29 22:53:47 ----D---- C:\ProgramData\BitGuard 2013-09-29 22:53:45 ----D---- C:\ProgramData\DSearchLink 2013-09-13 11:24:50 ----A---- C:\Windows\SYSWOW64\ieui.dll 2013-09-13 11:24:50 ----A---- C:\Windows\system32\ieui.dll 2013-09-13 11:24:49 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe 2013-09-13 11:24:49 ----A---- C:\Windows\SYSWOW64\iesetup.dll 2013-09-13 11:24:49 ----A---- C:\Windows\SYSWOW64\iernonce.dll 2013-09-13 11:24:49 ----A---- C:\Windows\system32\iesetup.dll 2013-09-13 11:24:49 ----A---- C:\Windows\system32\iernonce.dll 2013-09-13 11:24:48 ----A---- C:\Windows\SYSWOW64\iesysprep.dll 2013-09-13 11:24:48 ----A---- C:\Windows\SYSWOW64\iertutil.dll 2013-09-13 11:24:48 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe 2013-09-13 11:24:48 ----A---- C:\Windows\system32\iesysprep.dll 2013-09-13 11:24:48 ----A---- C:\Windows\system32\iertutil.dll 2013-09-13 11:24:48 ----A---- C:\Windows\system32\ie4uinit.exe 2013-09-13 11:24:47 ----A---- C:\Windows\SYSWOW64\msfeeds.dll 2013-09-13 11:24:47 ----A---- C:\Windows\SYSWOW64\jscript.dll 2013-09-13 11:24:47 ----A---- C:\Windows\system32\msfeeds.dll 2013-09-13 11:24:47 ----A---- C:\Windows\system32\jscript.dll 2013-09-13 11:24:46 ----A---- C:\Windows\system32\jscript9.dll 2013-09-13 11:24:45 ----A---- C:\Windows\SYSWOW64\urlmon.dll 2013-09-13 11:24:45 ----A---- C:\Windows\SYSWOW64\jscript9.dll 2013-09-13 11:24:45 ----A---- C:\Windows\system32\urlmon.dll 2013-09-13 11:24:44 ----A---- C:\Windows\SYSWOW64\wininet.dll 2013-09-13 11:24:44 ----A---- C:\Windows\SYSWOW64\jsproxy.dll 2013-09-13 11:24:44 ----A---- C:\Windows\system32\jsproxy.dll 2013-09-13 11:24:43 ----A---- C:\Windows\SYSWOW64\ieframe.dll 2013-09-13 11:24:43 ----A---- C:\Windows\system32\wininet.dll 2013-09-13 11:24:42 ----A---- C:\Windows\system32\ieframe.dll 2013-09-13 11:24:41 ----A---- C:\Windows\system32\mshtml.dll 2013-09-13 11:24:38 ----A---- C:\Windows\SYSWOW64\mshtml.dll 2013-09-11 01:46:35 ----A---- C:\Windows\system32\drivers\ataport.sys 2013-09-11 01:46:34 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe 2013-09-11 01:46:33 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe 2013-09-11 01:46:33 ----A---- C:\Windows\system32\ntoskrnl.exe 2013-09-11 01:46:33 ----A---- C:\Windows\system32\ntdll.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2013-09-11 01:46:32 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2013-09-11 01:46:32 ----A---- C:\Windows\SYSWOW64\wow32.dll 2013-09-11 01:46:32 ----A---- C:\Windows\SYSWOW64\user.exe 2013-09-11 01:46:32 ----A---- C:\Windows\SYSWOW64\setup16.exe 2013-09-11 01:46:32 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll 2013-09-11 01:46:32 ----A---- C:\Windows\SYSWOW64\ntdll.dll 2013-09-11 01:46:32 ----A---- C:\Windows\SYSWOW64\KernelBase.dll 2013-09-11 01:46:32 ----A---- C:\Windows\SYSWOW64\kernel32.dll 2013-09-11 01:46:32 ----A---- C:\Windows\SYSWOW64\instnm.exe 2013-09-11 01:46:32 ----A---- C:\Windows\SYSWOW64\apisetschema.dll 2013-09-11 01:46:32 ----A---- C:\Windows\system32\wow64win.dll 2013-09-11 01:46:32 ----A---- C:\Windows\system32\wow64cpu.dll 2013-09-11 01:46:32 ----A---- C:\Windows\system32\wow64.dll 2013-09-11 01:46:32 ----A---- C:\Windows\system32\winsrv.dll 2013-09-11 01:46:32 ----A---- C:\Windows\system32\smss.exe 2013-09-11 01:46:32 ----A---- C:\Windows\system32\ntvdm64.dll 2013-09-11 01:46:32 ----A---- C:\Windows\system32\KernelBase.dll 2013-09-11 01:46:32 ----A---- C:\Windows\system32\kernel32.dll 2013-09-11 01:46:32 ----A---- C:\Windows\system32\csrsrv.dll 2013-09-11 01:46:32 ----A---- C:\Windows\system32\conhost.exe 2013-09-11 01:46:32 ----A---- C:\Windows\system32\apisetschema.dll 2013-09-11 01:46:31 ----A---- C:\Windows\system32\win32k.sys 2013-09-11 01:46:27 ----A---- C:\Windows\system32\shell32.dll 2013-09-11 01:46:26 ----A---- C:\Windows\SYSWOW64\shell32.dll 2013-09-11 01:46:25 ----A---- C:\Windows\SYSWOW64\shdocvw.dll 2013-09-11 01:46:25 ----A---- C:\Windows\system32\shdocvw.dll 2013-08-15 23:35:24 ----A---- C:\Windows\SYSWOW64\crypt32.dll 2013-08-15 23:35:24 ----A---- C:\Windows\system32\crypt32.dll 2013-08-15 23:35:23 ----A---- C:\Windows\SYSWOW64\wintrust.dll 2013-08-15 23:35:23 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll 2013-08-15 23:35:23 ----A---- C:\Windows\SYSWOW64\cryptnet.dll 2013-08-15 23:35:23 ----A---- C:\Windows\system32\wintrust.dll 2013-08-15 23:35:23 ----A---- C:\Windows\system32\cryptsvc.dll 2013-08-15 23:35:23 ----A---- C:\Windows\system32\cryptnet.dll 2013-08-15 23:35:15 ----A---- C:\Windows\SYSWOW64\tzres.dll 2013-08-15 23:35:15 ----A---- C:\Windows\system32\tzres.dll 2013-08-15 23:35:12 ----A---- C:\Windows\SYSWOW64\WMVDECOD.DLL 2013-08-15 23:35:12 ----A---- C:\Windows\system32\WMVDECOD.DLL 2013-08-15 23:35:11 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll 2013-08-15 23:35:11 ----A---- C:\Windows\system32\rpcrt4.dll 2013-08-15 23:35:11 ----A---- C:\Windows\system32\drivers\tssecsrv.sys 2013-08-15 23:35:11 ----A---- C:\Windows\system32\drivers\tcpip.sys 2013-07-24 22:52:21 ----D---- C:\Program Files (x86)\Rockstar Games 2013-07-23 23:17:17 ----D---- C:\Program Files (x86)\Rage 2013-07-23 23:16:51 ----SHD---- C:\Windows\ei_temp 2013-07-10 21:20:29 ----A---- C:\Windows\SYSWOW64\qedit.dll 2013-07-10 21:20:29 ----A---- C:\Windows\system32\qedit.dll 2013-07-10 21:20:14 ----A---- C:\Windows\system32\DWrite.dll 2013-07-10 21:20:13 ----A---- C:\Windows\SYSWOW64\DWrite.dll 2013-07-08 23:27:46 ----A---- C:\Windows\SYSWOW64\REX Shared Library.dll 2013-07-08 23:27:46 ----A---- C:\Windows\SYSWOW64\ReWire.dll 2013-07-03 12:49:12 ----D---- C:\Users\otis\AppData\Roaming\PowerCinema ======List of files/folders modified in the last 3 months====== 2013-10-01 20:49:16 ----D---- C:\ProgramData\BullGuard 2013-10-01 20:36:07 ----D---- C:\Windows\Prefetch 2013-10-01 20:35:34 ----RD---- C:\Program Files 2013-10-01 20:27:33 ----D---- C:\Windows\Temp 2013-10-01 20:27:32 ----A---- C:\Windows\SYSWOW64\log.txt 2013-10-01 20:27:15 ----D---- C:\Windows\System32 2013-10-01 20:25:42 ----D---- C:\ProgramData\clear.fi 2013-10-01 20:25:39 ----D---- C:\Users\otis\AppData\Roaming\Yontoo 2013-10-01 20:25:34 ----D---- C:\Windows\system32\config 2013-10-01 20:25:19 ----D---- C:\Windows\system32\Tasks 2013-09-29 23:06:56 ----SHD---- C:\System Volume Information 2013-09-29 23:03:48 ----A---- C:\Users\otis\AppData\Roaming\bitlord_log.txt 2013-09-29 22:54:59 ----D---- C:\Users\otis\AppData\Roaming\BitLord 2013-09-29 22:54:21 ----D---- C:\Program Files (x86) 2013-09-29 22:53:54 ----SHD---- C:\Windows\Installer 2013-09-29 22:53:47 ----HD---- C:\ProgramData 2013-09-29 22:51:36 ----A---- C:\Windows\wininit.ini 2013-09-17 12:36:46 ----D---- C:\Windows\rescache 2013-09-15 19:05:44 ----D---- C:\Windows\Microsoft.NET 2013-09-15 19:05:19 ----RSD---- C:\Windows\assembly 2013-09-14 21:59:54 ----D---- C:\Windows\winsxs 2013-09-14 21:57:42 ----D---- C:\Windows\SysWOW64 2013-09-14 21:57:42 ----D---- C:\Program Files (x86)\Internet Explorer 2013-09-14 21:57:41 ----D---- C:\Program Files\Internet Explorer 2013-09-14 21:57:40 ----D---- C:\Windows\AppPatch 2013-09-14 21:57:39 ----D---- C:\Windows\SYSWOW64\nl-NL 2013-09-14 21:57:39 ----D---- C:\Windows\system32\nl-NL 2013-09-14 21:57:37 ----D---- C:\Windows\system32\DriverStore 2013-09-14 21:57:37 ----D---- C:\Windows\system32\drivers 2013-09-14 21:57:25 ----D---- C:\Users\otis\AppData\Roaming\SoftGrid Client 2013-09-14 00:06:59 ----D---- C:\Users\otis\AppData\Roaming\BSplayer 2013-09-13 11:25:20 ----D---- C:\Windows\system32\catroot 2013-09-13 11:25:18 ----D---- C:\Windows\system32\catroot2 2013-09-13 11:24:31 ----D---- C:\Windows\inf 2013-09-13 11:24:31 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI 2013-09-13 11:24:30 ----D---- C:\Program Files (x86)\Microsoft Application Virtualization Client 2013-08-16 03:02:13 ----A---- C:\Windows\system32\PerfStringBackup.INI 2013-08-01 23:10:36 ----D---- C:\Program Files (x86)\Google 2013-08-01 01:46:22 ----D---- C:\Windows 2013-07-24 22:52:37 ----HD---- C:\Program Files (x86)\InstallShield Installation Information 2013-07-22 19:47:53 ----D---- C:\ProgramData\McAfee 2013-07-11 13:56:25 ----D---- C:\Program Files\Microsoft Silverlight 2013-07-11 13:56:24 ----D---- C:\Program Files (x86)\Microsoft Silverlight 2013-07-11 13:55:36 ----D---- C:\Program Files\Windows Defender 2013-07-11 13:55:36 ----D---- C:\Program Files (x86)\Windows Defender 2013-07-11 13:55:35 ----D---- C:\Program Files\Windows Journal 2013-07-10 21:30:57 ----D---- C:\Users\otis\AppData\Roaming\Spotify 2013-07-08 23:27:00 ----D---- C:\Program Files (x86)\Ableton 2013-07-07 14:59:17 ----D---- C:\Users\otis\AppData\Roaming\Ableton ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys [2011-04-26 557848] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888] R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2013-01-19 564824] R1 BdSpy;BdSpy; C:\Windows\system32\drivers\BdSpy.sys [2013-03-18 68720] R1 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2011-11-19 22648] R1 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2011-11-19 20520] R1 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-11-19 62776] R1 NovaShieldFilterDriver;NovaShieldFilterDriver; C:\Windows\system32\DRIVERS\NSKernel.sys [2012-06-26 256072] R1 NovaShieldTDIDriver;NovaShieldTDIDriver; C:\Windows\system32\DRIVERS\NSNetmon.sys [2012-06-26 25160] R1 StarPortLite;StarPort Storage Controller (Lite); C:\Windows\system32\DRIVERS\StarPortLite.sys [2012-04-20 118888] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] R2 acedrv11;acedrv11; \??\C:\Windows\system32\drivers\acedrv11.sys [2010-02-24 191616] R2 TurboB;Turbo Boost UI Monitor driver; C:\Windows\system32\DRIVERS\TurboB.sys [2010-11-30 16120] R3 b57xdbd;Broadcom xD Picture Bus Driver Service; C:\Windows\system32\DRIVERS\b57xdbd.sys [2011-01-21 67624] R3 b57xdmp;Broadcom xD Picture vstorp client drv; C:\Windows\system32\DRIVERS\b57xdmp.sys [2011-01-21 19496] R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2011-06-08 4729408] R3 BdNet;BdNet; C:\Windows\system32\drivers\BdNet.sys [2012-10-04 34928] R3 bScsiMSa;bScsiMSa; C:\Windows\system32\DRIVERS\bScsiMSa.sys [2011-05-17 51240] R3 bScsiSDa;bScsiSDa; C:\Windows\system32\DRIVERS\bScsiSDa.sys [2011-05-06 86056] R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2011-04-05 142632] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-06-10 12230912] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-08-16 3056360] R3 IntcDAud;Intel® Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2011-05-10 425000] R3 MEIx64;Intel® Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344] R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2011-09-20 18432] R3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys [2013-06-26 767144] R3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys [2013-06-26 273576] R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2013-06-26 28840] R3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys [2013-06-26 23208] R3 Trufos;Trufos; C:\Windows\system32\DRIVERS\Trufos.sys [2013-01-25 350160] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-11-16 11880] R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2011-09-20 17408] S1 jxzwyjgf;jxzwyjgf; \??\C:\Windows\system32\drivers\jxzwyjgf.sys [] S1 kooyxunb;kooyxunb; \??\C:\Windows\system32\drivers\kooyxunb.sys [] S1 pxcocxlw;pxcocxlw; \??\C:\Windows\system32\drivers\pxcocxlw.sys [] S1 rrojutsg;rrojutsg; \??\C:\Windows\system32\drivers\rrojutsg.sys [] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2013-06-04 103448] S3 MADFUVENOM;Service for M-Audio Venom DFU; C:\Windows\system32\DRIVERS\MAudioVenom_DFU.sys [2011-10-18 47792] S3 MAUSBVENOM;Service for M-Audio Venom; C:\Windows\system32\DRIVERS\MAudioVenom.sys [2011-10-18 201008] S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352] S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2013-06-04 203672] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 usb_rndisx;USB RNDIS-adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AcerSyncSystemService;AcerSyncSystemService; C:\Program Files\Acer\AcerSync\AcerSyncSystemService.exe [2011-06-16 81304] R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] R2 BitGuard;BitGuard; C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [2013-09-23 2845664] R2 BsBhvScan;BullGuard Behavioural Detection; C:\Program Files\BullGuard Ltd\BullGuard Antivirus\BullGuardBhvScanner.exe [2013-06-06 384352] R2 BsFileScan;BullGuard on-access service; C:\Windows\System32\SvcHost.exe [2009-07-14 27136] R2 BsMailProxy;BullGuard e-mail monitoring service; C:\Windows\System32\SvcHost.exe [2009-07-14 27136] R2 BsMain;BullGuard main service; C:\Windows\System32\SvcHost.exe [2009-07-14 27136] R2 BsScanner;BullGuard scanning service; C:\Program Files\BullGuard Ltd\BullGuard Antivirus\BullGuardScanner.exe [2013-06-06 243552] R2 BsUpdate;BullGuard update service; C:\Program Files\BullGuard Ltd\BullGuard Antivirus\BullGuardUpdate.exe [2013-09-18 353120] R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2013-04-22 822504] R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360] R2 ePowerSvc;ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-08-02 872552] R2 GREGService;GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592] R2 Live Updater Service;Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624] R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2011-02-01 326168] R2 NOBU;Norton Online Backup; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-06-02 2804568] R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832] R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-06-26 523944] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2013-01-31 2402080] R2 UNS;Intel® Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280] R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 27136] R2 Yontoo Desktop Updater;Yontoo Desktop Updater; C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe [2013-04-17 23552] R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-06-26 207528] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-08 116648] S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] S3 EgisTec Ticket Service;EgisTec Ticket Service; C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-06-21 173424] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-11-19 655624] S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-08 116648] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352] S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0; C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-30 149504] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-06-12 1255736] S3 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-29 2292096] S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] -----------------EOF-----------------
- 1 oktober 2013
- 3 antwoorden

Inloggen

danny1976

Items

Registratiedatum

Laatst bezocht

danny1976's prestaties

Nieuweling (1/14)

Recente badges

Reputatie

verwijderen mallware troep

verwijderen mallware troep

OVER ONS

SITEMAP

Home

Info

Handleidingen & Tips

Activiteit

Belangrijke informatie