buffer overflow

Beste,

Al enkele dagen heb ik problemen met het opstarten van mijn computer ( alleen bureelblad achtergrond )

Na een bulguard scan blijken er meerdere problemen te zijn.

In de twee eerste punten in adobe flash player blijkt het om een buffer overflow te gaan.

kunnen jullie mij aub helpen om deze problemen op te lossen?

Dank u Dummy

Download RSIT van de onderstaande locaties en sla deze op het bureaublad op.

Hier staat een beschrijving hoe je kan kijken of je een 32- of 64-bitversie van Windows heeft.

• RSIT 32 bit (RSIT.exe)
  
• RSIT 64 bit (RSITx64.exe)
  

Dubbelklik op RSIT.exe om de tool te starten.

• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Vervolgens wordt de "Disclaimer of warranty" getoond, klik vervolgens op "Continue"
  
• Wanneer de tool gereed is worden er twee kladblok bestanden geopend genaamd "Log.txt" en "Info.txt" .
  

RSIT Logbestanden plaatsen

• Voeg het logbestand met de naam "Log.txt" als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden in de map ""C:\\rsit")
  
• Het logbestand met de naam "Info.txt" wat geminimaliseerd is hoeft u niet te plaatsen. (Dit logbestand wordt enkel de eerst keer bij het uitvoeren aangemaakt).
  
• Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.
  

Bekijk ook de instructievideo.

Kape,

Hierbij het gevraagde logje

Logfile of random's system information tool 1.09 (written by random/random)

Run by francois at 2014-05-13 17:07:28

Microsoft Windows 7 Professional Service Pack 1

System drive C: has 405 GB (88%) free of 460 GB

Total RAM: 3983 MB (18% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:07:37, on 13-5-2014

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.17041)

Boot mode: Normal

Running processes:

c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe

C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE

C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe

C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe

C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe

C:\Program Files\BullGuard Ltd\BullGuard\files32\spamfilter\LittleHook.exe

C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe

C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files\trend micro\francois.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN België: Hotmail, Skype, nieuws, entertainment, lifestyle en meer!

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN België: Hotmail, Skype, nieuws, entertainment, lifestyle en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN België: Hotmail, Skype, nieuws, entertainment, lifestyle en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN België: Hotmail, Skype, nieuws, entertainment, lifestyle en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

O4 - HKLM\..\Run: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"

O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

O4 - HKLM\..\Run: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe

O4 - HKLM\..\Run: [DBAgent] "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe

O4 - HKCU\..\RunOnce: [uninstall C:\Users\francois\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\francois\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"

O4 - HKCU\..\RunOnce: [uninstall C:\Users\francois\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\francois\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"

O4 - HKCU\..\RunOnce: [uninstall C:\Users\francois\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\francois\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

O9 - Extra button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BGAntiphishingIE.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: BullGuard Behavioural Detection (BsBhvScan) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe

O23 - Service: BullGuard scanning service (BsScanner) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe

O23 - Service: BullGuard update service (BsUpdate) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Company - c:\Windows\SysWOW64\flcdlock.exe

O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

O23 - Service: McAfee Endpoint Encryption Agent - Unknown owner - C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Seagate Dashboard Services - Seagate Technology LLC - C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe

O23 - Service: Seagate MobileBackup Service - Seagate Technology LLC - C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 13245 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe"

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\SvcHost.exe -k BullGuard_Main

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

"C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe"

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"

"C:\Program Files\Bonjour\mDNSResponder.exe"

C:\Windows\System32\SvcHost.exe -k BullGuard_Backup

"C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe"

C:\Windows\System32\SvcHost.exe -k BullGuard_Cache

C:\Windows\System32\SvcHost.exe -k BullGuard

C:\Windows\System32\SvcHost.exe -k BullGuard_Proxy

"C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe"

"C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe"

"c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe"

"C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe"

"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"

"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"

"C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe"

"C:\Program Files (x86)\PDF Complete\pdfsvc.exe" /startedbyscm:66B66708-40E2BE4D-pdfcService

"C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe"

"C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe"

C:\Windows\system32\svchost.exe -k imgsvc

"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe"

"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"

WLIDSvcM.exe 3064

"C:\Windows\system32\Dwm.exe"

"c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"

C:\Windows\Explorer.EXE

"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray

taskeng.exe {C6436258-011E-4141-8FD8-EE22D63DEC69}

"taskhost.exe"

"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-e8ed6e07-c8ef-4aae-a201-c0d407b23338 -SystemEventPortName:HostProcess-055c88e4-c6be-46b1-866d-2c64e6ba8f79 -IoCancelEventPortName:HostProcess-e6086eba-1f22-4505-9d14-3ba75e5d5494 -NonStateChangingEventPortName:HostProcess-332f6418-80b3-41ab-9b41-0bce4c6259db -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:009f1245-bf6d-4790-bc1d-c68a9b0e65f0 -DeviceGroupId:

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\wbem\wmiprvse.exe

"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"

"C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe"

"C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe"

C:\Windows\servicing\TrustedInstaller.exe

"C:\Windows\System32\igfxtray.exe"

"C:\Windows\System32\hkcmd.exe"

"C:\Windows\System32\igfxpers.exe"

"C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe" -boot

"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

"C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe"

"C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"

"C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe"

"C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart

"C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe"

"C:\Program Files\BullGuard Ltd\BullGuard\files32\spamfilter\LittleHook.exe"

C:\Windows\system32\SearchIndexer.exe /Embedding

"C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe" -background

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"

"C:\Windows\system32\SearchFilterHost.exe" 0 528 532 540 65536 536

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

"C:\Program Files\Windows Media Player\wmpnetwk.exe"

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}

"C:\Program Files (x86)\Windows Live\Mail\wlmail.exe"

"C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe" -Embedding

"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"

"C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe"

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "http://www.pc-helpforum.be/f167/buffer-overflow-70060-new/"

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="6516.0.541495586\1673791666" --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,1,5,14,28 --gpu-vendor-id=0x8086 --gpu-device-id=0x0152 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=9.17.10.2932 --ignored=" --type=renderer " /prefetch:822062411

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/EmbeddedSearch/Group2 pct:10b stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ExtensionInstallVerification/Control/GoogleNow/Default/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_31/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --enable-software-compositing --channel="6516.1.283358539\1778825388" /prefetch:673131151

"C:\Users\francois\Downloads\RSITx64 (1).exe"

C:\Windows\System32\svchost.exe -k WerSvcGroup

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

C:\Windows\tasks\HPCeeScheduleForfrancois.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-03-14 553384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-03-14 210856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]

HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28 303416]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3134413B-49B4-425C-98A5-893C1F195601}]

File Sanitizer for HP ProtectTools - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2012-03-09 122456]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-30 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Aanmeldhulp voor Microsoft-account - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-30 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]

HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28 286520]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"=C:\Windows\system32\igfxtray.exe [2013-01-11 172144]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2013-01-11 399984]

"Persistence"=C:\Windows\system32\igfxpers.exe [2013-01-11 441968]

"BullGuard"=C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe [2014-04-10 1088336]

"BullGuardUpdate2"=c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe [2014-03-12 2913104]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"NCPluginUpdater"=C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [2014-04-22 21720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14 20724384]

"Uploader"=C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [2014-02-10 126056]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Uninstall C:\Users\francois\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"=C:\Windows\system32\cmd.exe [2010-11-21 345088]

"Uninstall C:\Users\francois\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"=C:\Windows\system32\cmd.exe [2010-11-21 345088]

"Uninstall C:\Users\francois\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64"=C:\Windows\system32\cmd.exe [2010-11-21 345088]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"HP KEYBOARDx"=C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE [2010-02-11 710656]

"PDF Complete"=C:\Program Files (x86)\PDF Complete\pdfsty.exe [2012-10-16 684064]

"File Sanitizer"=c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [2012-03-09 12310616]

""= []

"DBAgent"=C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2014-02-10 1519176]

"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-09-13 59720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2013-01-11 442880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]

wlnotify.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"notification packages"=DPPassFilter

scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BsMain]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BsScanner]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BsUpdate]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableLinkedConnections"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=1

"NoActiveDesktopChanges"=1

"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=lvcod64.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"MSVideo"=vfwwdm32.dll

"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-05-12 17:02:40 ----D---- C:\Program Files\BullGuard Ltd

2014-05-11 18:45:59 ----D---- C:\Program Files (x86)\SystemRequirementsLab

2014-05-11 18:45:48 ----D---- C:\Users\francois\AppData\Roaming\SystemRequirementsLab

2014-05-11 10:32:45 ----D---- C:\Users\francois\AppData\Roaming\AVG

2014-05-11 10:31:30 ----D---- C:\ProgramData\AVG

2014-05-11 10:31:02 ----SHD---- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}

2014-05-11 10:01:00 ----A---- C:\malware.txt

2014-05-11 09:43:04 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys

2014-05-11 09:42:54 ----D---- C:\ProgramData\Malwarebytes

2014-05-11 09:42:54 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-05-11 09:42:54 ----A---- C:\Windows\system32\drivers\mwac.sys

2014-05-11 09:42:54 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys

2014-05-11 09:42:54 ----A---- C:\Windows\system32\drivers\mbam.sys

2014-05-11 09:00:41 ----D---- C:\Users\francois\AppData\Roaming\TuneUp Software

2014-05-11 08:58:11 ----HD---- C:\ProgramData\Common Files

2014-05-11 08:58:10 ----D---- C:\ProgramData\MFAData

2014-05-10 13:36:59 ----D---- C:\Program Files\Common Files\BullGuard Ltd

2014-05-10 09:25:39 ----D---- C:\Windows\SYSWOW64\siscardplugins

2014-05-07 00:55:02 ----SD---- C:\Windows\system32\CompatTel

2014-05-06 16:21:40 ----A---- C:\Windows\system32\aepdu.dll

2014-05-06 16:21:40 ----A---- C:\Windows\system32\aeinv.dll

2014-05-03 00:59:43 ----A---- C:\Windows\system32\mshtml.dll

2014-05-03 00:59:41 ----A---- C:\Windows\SYSWOW64\mshtml.dll

2014-04-30 18:57:36 ----A---- C:\Windows\SYSWOW64\javaws.exe

2014-04-30 18:57:29 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll

2014-04-30 18:57:29 ----A---- C:\Windows\SYSWOW64\javaw.exe

2014-04-30 18:57:29 ----A---- C:\Windows\SYSWOW64\java.exe

2014-04-30 18:57:18 ----D---- C:\Program Files (x86)\Java

2014-04-29 17:34:07 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe

2014-04-25 11:08:14 ----D---- C:\Program Files\Recuva

2014-04-23 16:51:08 ----D---- C:\Windows\nl

======List of files/folders modified in the last 1 month======

2014-05-13 17:07:36 ----D---- C:\Program Files\trend micro

2014-05-13 17:07:32 ----D---- C:\Windows\Temp

2014-05-13 17:07:25 ----D---- C:\Windows\Prefetch

2014-05-13 17:06:23 ----A---- C:\Windows\SYSWOW64\log.txt

2014-05-13 17:05:44 ----D---- C:\Users\francois\AppData\Roaming\Skype

2014-05-13 17:05:42 ----D---- C:\ProgramData\BullGuard

2014-05-13 17:05:35 ----D---- C:\Windows\System32

2014-05-13 17:05:08 ----D---- C:\Windows\system32\config

2014-05-13 17:05:04 ----D---- C:\ProgramData\PDFC

2014-05-13 16:35:35 ----SHD---- C:\System Volume Information

2014-05-13 16:26:40 ----D---- C:\Windows\inf

2014-05-13 16:26:40 ----A---- C:\Windows\system32\PerfStringBackup.INI

2014-05-13 16:20:27 ----D---- C:\Windows\system32\catroot2

2014-05-13 16:20:04 ----D---- C:\Windows

2014-05-12 17:24:59 ----SHD---- C:\Windows\Installer

2014-05-12 17:24:59 ----HD---- C:\Config.Msi

2014-05-12 17:24:55 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe

2014-05-12 17:03:25 ----D---- C:\Windows\system32\Tasks

2014-05-12 17:03:17 ----D---- C:\Windows\system32\drivers

2014-05-12 17:03:15 ----D---- C:\Windows\system32\DriverStore

2014-05-12 17:03:15 ----D---- C:\Windows\system32\catroot

2014-05-12 17:02:43 ----D---- C:\Windows\SysWOW64

2014-05-12 17:02:40 ----RD---- C:\Program Files

2014-05-12 16:50:33 ----D---- C:\Users\francois\AppData\Roaming\BullGuard

2014-05-11 18:45:59 ----RD---- C:\Program Files (x86)

2014-05-11 12:52:48 ----HD---- C:\ProgramData

2014-05-11 10:38:57 ----D---- C:\Users\francois\AppData\Roaming\HpUpdate

2014-05-11 10:38:57 ----D---- C:\Users\francois\AppData\Roaming\hpqLog

2014-05-11 10:38:57 ----D---- C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}

2014-05-11 10:02:10 ----D---- C:\Windows\nl-NL

2014-05-10 14:12:47 ----D---- C:\Windows\Tasks

2014-05-10 14:12:23 ----A---- C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

2014-05-10 13:36:59 ----D---- C:\Program Files\Common Files

2014-05-10 09:25:38 ----D---- C:\Program Files (x86)\Belgium Identity Card

2014-05-10 09:25:30 ----D---- C:\drivers

2014-05-07 00:55:09 ----D---- C:\Windows\winsxs

2014-04-25 14:49:55 ----SD---- C:\Users\francois\AppData\Roaming\Microsoft

2014-04-25 11:43:32 ----D---- C:\Windows\Logs

2014-04-23 16:55:24 ----D---- C:\Windows\Microsoft.NET

2014-04-23 16:54:35 ----RSD---- C:\Windows\assembly

2014-04-23 16:50:02 ----D---- C:\Program Files (x86)\Windows Live

2014-04-23 16:49:51 ----D---- C:\Program Files\Windows Live

2014-04-20 17:52:36 ----D---- C:\Users\francois\AppData\Roaming\DriverFinder

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2011-11-30 568600]

R0 MfeEpeOpal;MfeEpeOpal; C:\Windows\system32\drivers\MfeEpeOpal.sys [2013-02-21 91176]

R0 MfeEpePc;MfeEpePc; C:\Windows\system32\drivers\MfeEpePc.sys [2013-02-21 158760]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]

R1 AFW;Agnitum Firewall Driver; C:\Windows\system32\DRIVERS\afw.sys [2014-02-26 42760]

R1 BdAgent;BullGuard Security Agent; C:\Windows\system32\DRIVERS\BdAgent.sys [2014-02-26 117192]

R1 BdSpy;BdSpy; C:\Windows\system32\drivers\BdSpy.sys [2014-02-26 67680]

R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]

R1 NovaShieldFilterDriver;NovaShieldFilterDriver; C:\Windows\system32\DRIVERS\NSKernel.sys [2014-02-26 296368]

R1 NovaShieldTDIDriver;NovaShieldTDIDriver; C:\Windows\system32\DRIVERS\NSNetmon.sys [2014-02-26 27544]

R3 afwcore;afwcore; C:\Windows\system32\DRIVERS\afwcore.sys [2014-02-26 469256]

R3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2013-03-26 108312]

R3 BdNet;BdNet; C:\Windows\system32\DRIVERS\BdNet.sys [2014-03-19 34896]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2013-01-11 5353888]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-11-16 3074664]

R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2014-04-03 25816]

R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2014-05-13 119512]

R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2014-04-03 63192]

R3 MEIx64;Intel® Management Engine Interface ; C:\Windows\system32\drivers\HECIx64.sys [2012-04-11 60184]

R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2012-04-11 676968]

R3 Trufos;Trufos; C:\Windows\system32\DRIVERS\Trufos.sys [2014-02-26 350160]

R3 WinUsb;WinUsb-stuurprogramma; C:\Windows\system32\drivers\WinUSB.sys [2010-11-21 41984]

S3 cxbu0x64;SmartTerminal XX44; C:\Windows\system32\DRIVERS\cxbu0x64.sys [2007-04-17 115456]

S3 DAMDrv;DAMDrv; C:\Windows\system32\DRIVERS\DAMDrv64.sys [2012-11-09 64832]

S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]

S3 EraserUtilDrv11312;EraserUtilDrv11312; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys []

S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2013-02-05 57840]

S3 LVRS64;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]

S3 LVUVC64;Logitech QuickCam Pro 9000(UVC); C:\Windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]

S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2011-08-17 19968]

S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2011-08-17 27136]

S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]

S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2013-03-01 259144]

S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]

S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]

S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]

S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]

S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2011-08-17 9216]

S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]

S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2013-08-29 33280]

S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2011-08-17 9216]

S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]

S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184]

R2 BsBackup;BullGuard backup service; C:\Windows\System32\SvcHost.exe [2009-07-14 27136]

R2 BsBhvScan;BullGuard Behavioural Detection; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [2014-05-12 520016]

R2 BsCache;BullGuard cache service; C:\Windows\System32\SvcHost.exe [2009-07-14 27136]

R2 BsFileScan;BullGuard on-access service; C:\Windows\System32\SvcHost.exe [2009-07-14 27136]

R2 BsFire;BullGuard firewall service; C:\Windows\System32\SvcHost.exe [2009-07-14 27136]

R2 BsMailProxy;BullGuard e-mail monitoring service; C:\Windows\System32\SvcHost.exe [2009-07-14 27136]

R2 BsMain;BullGuard main service; C:\Windows\System32\SvcHost.exe [2009-07-14 27136]

R2 BsScanner;BullGuard scanning service; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [2014-03-12 245584]

R2 BsUpdate;BullGuard update service; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [2014-04-10 363344]

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]

R2 DpHost;@c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [2012-07-21 494456]

R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2013-11-04 92160]

R2 HPFSService;File Sanitizer for HP ProtectTools; c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2012-03-09 372824]

R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [2014-04-01 49464]

R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2012-04-11 277784]

R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-04-03 1809720]

R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-04-03 857912]

R2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2013-02-21 1327104]

R2 pdfcDispatcher;PDF Document Manager; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-10-16 1135136]

R2 Seagate Dashboard Services;Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2014-02-10 16000]

R2 Seagate MobileBackup Service;Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [2014-02-10 157264]

R2 TeamViewer9;TeamViewer 9; C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-03-25 4971840]

R2 UMVPFSrv;UMVPFSrv; C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]

S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-31 116648]

S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-12 257712]

S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]

S3 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]

S3 cphs;Intel® Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2013-01-11 277616]

S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; c:\Windows\SysWOW64\flcdlock.exe [2012-11-19 477056]

S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2014-03-31 1512640]

S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-31 116648]

S3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2013-05-14 1129760]

S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-03-06 111616]

S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]

S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-01-31 1255736]

S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

Download Zoek.exe naar het bureaublad (niet de .zip- of .rar-versie)

• Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce];r64
 "Uninstall C:\Users\francois\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"=-;r64
 "Uninstall C:\Users\francois\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"=-;r64
 "Uninstall C:\Users\francois\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64"=-;r64
 [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run];r64
 ""=-;r64
 C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308};fs
 C:\Users\francois\AppData\Roaming\DriverFinder;fs
 emptyfolderscheck;delete 
startupall; 
filesrcm;

• Klik op de knop "Options" en vink nu de onderstaande opties aan.
  
• Do a Quick Scan
  
  
• Auto Clean
  
• De optie "Scan All Users" staat standaard aangevinkt.
  
• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht als bijlage.
  

Zoek.exe logbestand plaatsen

• Voeg het logbestand met de naam "Zoek-results.log" als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden op de systeemschijf als C:\\Zoek-results.log.)
  
• Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.
  

Kape,

Hierbij hopelijk het gevraagde logje.Door èèn of andere reden kan ik de auto clean niet aanvinken. Ook heeft Bulguard een geinfecteerd

bestand gemeld (D9F.tmp )

Zoek.exe v5.0.0.0 Updated 14-April-2014

Tool run by francois on vr 16-05-2014 at 17:26:27,47.

Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\francois\Downloads\zoek.exe [scan all users] [script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-14-144854.log 19547 bytes

C:\zoek-results2014-05-14-152817.log 18770 bytes

C:\zoek-results2014-05-14-160008.log 1137 bytes

C:\zoek-results2014-05-14-174955.log 28013 bytes

C:\zoek-results2014-05-15-143054.log 26320 bytes

==== Empty Folders Check ======================

C:\PROGRA~3\HPQLOG deleted successfully

C:\Users\francois\AppData\Roaming\SystemRequirementsLab deleted successfully

C:\Users\francois\AppData\Local\PDFC deleted successfully

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Uninstall C:\Users\francois\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"=-

"Uninstall C:\Users\francois\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"=-

"Uninstall C:\Users\francois\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64"=-

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

""=-

==== Deleting Files \ Folders ======================

C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} not found

C:\Users\francois\AppData\Roaming\DriverFinder not found

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\francois\AppData\Local\Temp ====

2014-05-16 18:11:00 BDE6DF76A1ADD4E35ACB0A2F48CE86E8 46929408 ----a-w- C:\Users\francois\AppData\Local\Temp\is838815544\26392654_stp.MSI

2014-05-15 16:59:04 E83B541C71965CFA1DEFF846CD6E9ECD 604552 ----atw- C:\Users\francois\AppData\Local\Temp\{12FC9CF6-F94C-4EC4-9918-DB8C74A5181A}\npGoogleUpdate3.dll

2014-05-15 16:59:04 7DA05F2CD5C1F41EFB7FFBA3DCBD8C2B 189320 ----atw- C:\Users\francois\AppData\Local\Temp\{12FC9CF6-F94C-4EC4-9918-DB8C74A5181A}\psuser_64.dll

2014-05-15 16:59:04 74D1953F791F4F07B1BADEBE96F81AE0 189320 ----atw- C:\Users\francois\AppData\Local\Temp\{12FC9CF6-F94C-4EC4-9918-DB8C74A5181A}\psmachine_64.dll

2014-05-15 16:59:04 725CCC67C2C70D3BCCB0617609DE9366 166792 ----atw- C:\Users\francois\AppData\Local\Temp\{12FC9CF6-F94C-4EC4-9918-DB8C74A5181A}\psuser.dll

2014-05-15 16:59:04 0DDCADC31B0191CE083519A974989474 166792 ----atw- C:\Users\francois\AppData\Local\Temp\{12FC9CF6-F94C-4EC4-9918-DB8C74A5181A}\psmachine.dll

2014-05-15 16:59:02 0928B9C3F2193EE265AA5E9B163D96EB 1698184 ----atw- C:\Users\francois\AppData\Local\Temp\{12FC9CF6-F94C-4EC4-9918-DB8C74A5181A}\goopdate.dll

2014-05-15 16:59:02 039DE3F65C7992994F788EAC8E79BF4F 884504 ----a-w- C:\Users\francois\AppData\Local\Temp\{12FC9CF6-F94C-4EC4-9918-DB8C74A5181A}\GoogleUpdateSetup.exe

2014-05-15 16:59:01 E093151047BBFFC0CD78D52F36490206 51080 ----atw- C:\Users\francois\AppData\Local\Temp\{12FC9CF6-F94C-4EC4-9918-DB8C74A5181A}\GoogleUpdateOnDemand.exe

2014-05-15 16:59:01 7E6B107120108B3A15BFECE0DE3201DB 228744 ----atw- C:\Users\francois\AppData\Local\Temp\{12FC9CF6-F94C-4EC4-9918-DB8C74A5181A}\GoogleCrashHandler.exe

2014-05-15 16:59:01 6EFC5F64258FE0D9DA3CCFA7FF4D84BD 114568 ----atw- C:\Users\francois\AppData\Local\Temp\{12FC9CF6-F94C-4EC4-9918-DB8C74A5181A}\GoogleUpdateComRegisterShell64.exe

2014-05-15 16:59:01 5B371C3304C06AE62729236F98A2DD20 26112 ----atw- C:\Users\francois\AppData\Local\Temp\{12FC9CF6-F94C-4EC4-9918-DB8C74A5181A}\GoogleUpdateHelper.msi

2014-05-15 16:59:01 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Users\francois\AppData\Local\Temp\{12FC9CF6-F94C-4EC4-9918-DB8C74A5181A}\GoogleUpdate.exe

2014-05-15 16:59:01 398F40FAE5ADA9521544393F1F67A17E 51080 ----atw- C:\Users\francois\AppData\Local\Temp\{12FC9CF6-F94C-4EC4-9918-DB8C74A5181A}\GoogleUpdateBroker.exe

2014-05-15 16:59:01 0D5CE0E5AEC3ACC7930AB955334B8533 281480 ----atw- C:\Users\francois\AppData\Local\Temp\{12FC9CF6-F94C-4EC4-9918-DB8C74A5181A}\GoogleCrashHandler64.exe

2014-05-15 16:29:02 3F512AF8DB108FCA028BA731CE0B4700 224408 ----a-w- C:\Users\francois\AppData\Local\Temp\{AC76BA86-7AD7-1043-7B44-AB0000000001}\FixTransforms.exe

====== Java Cache =====

====== C:\Windows\SysWOW64 =====

2014-05-15 22:38:01 FBCF3F01177953EBF1E735643621CCF5 69632 ----a-w- C:\Windows\SysWOW64\mshtmled.dll

2014-05-15 22:38:00 EB5347F6149D3FF25F4D609A21A3BD67 17382912 ----a-w- C:\Windows\SysWOW64\mshtml.dll

2014-05-15 22:38:00 10D531ADC7B8FB36C7361D44AF6E8AB6 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb

2014-05-15 16:39:12 E9D88493FBDB36D4B65C6F2F7F122C95 12874240 ----a-w- C:\Windows\SysWOW64\shell32.dll

2014-05-15 16:37:52 9DE19EA21DF99AF15BA5A947E5317F9E 550912 ----a-w- C:\Windows\SysWOW64\kerberos.dll

2014-05-15 16:37:52 4D59F470985D08139E42D15842816C47 3969984 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe

2014-05-15 16:37:51 ED195AC76E10F17F6DD60C49666F2A83 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll

2014-05-15 16:37:51 31FA2485DFC773F1E718A4D19F443FA9 3914176 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe

2014-05-15 16:37:49 995B39A08421C7725D1DF8DACEBBFC89 538112 ----a-w- C:\Windows\SysWOW64\objsel.dll

2014-05-15 16:37:48 FBC78B5D12A4F5A62D9C91E0E0E46D46 49664 ----a-w- C:\Windows\SysWOW64\adprovider.dll

2014-05-15 16:37:48 834A859BB331B0B2CCAE25BB1986F80D 47616 ----a-w- C:\Windows\SysWOW64\dpapiprovider.dll

2014-05-15 16:37:48 828185688FDAAE6C7959B884ABED1766 247808 ----a-w- C:\Windows\SysWOW64\schannel.dll

2014-05-15 16:37:48 62C0798CC68EBF42F29C92E6CD6DC3D6 36864 ----a-w- C:\Windows\SysWOW64\dimsroam.dll

2014-05-15 16:37:48 5E11C55CC4D9330E55CCB22B1F20BB33 35328 ----a-w- C:\Windows\SysWOW64\wincredprovider.dll

2014-05-15 16:37:48 541BB9B4C899ADCC5D3DB89208C1F409 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll

2014-05-15 16:37:48 461B713DE7F353C6447B744F1A049930 274944 ----a-w- C:\Windows\SysWOW64\KernelBase.dll

2014-05-15 16:37:48 3A1ABE045A3E30799576E83A2D012B43 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll

2014-05-15 16:37:48 38A30B8E4216BE24D30F766EF3BAC2C7 48128 ----a-w- C:\Windows\SysWOW64\capiprovider.dll

2014-05-15 16:37:48 335FA669FC952BC4888CEDBDB42607E2 51200 ----a-w- C:\Windows\SysWOW64\cngprovider.dll

2014-05-15 16:37:47 C94CE65AE7701E9FDBA889045543E27C 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll

2014-05-15 16:37:47 75878492F2B33405EEF900F8C16C6D08 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll

2014-05-15 16:37:47 2A86C18CE6869C77FCEB62F3B47D4D5B 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

2014-05-16 10:51:30 8EC8DF61F41CF85210734F9E55870C7E 576 ----a-w- C:\Windows\Sysnative\F39D4DE6-98B8-4E05-91BD-549E8A8248BD

2014-05-15 22:38:01 A920E1336F9FEA95477763E2CC15891B 84992 ----a-w- C:\Windows\Sysnative\mshtmled.dll

2014-05-15 22:38:01 797E2E5C309AFF76990D5B7AF457EACA 23544320 ----a-w- C:\Windows\Sysnative\mshtml.dll

2014-05-15 22:38:00 A45BFDCFD5864F658289A165E6E0227F 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb

2014-05-15 16:39:13 427015D56DF17241F634611557146C57 14175744 ----a-w- C:\Windows\Sysnative\shell32.dll

2014-05-15 16:39:09 4A795989DF0043973711B666D36D2678 477184 ----a-w- C:\Windows\Sysnative\aepdu.dll

2014-05-15 16:39:09 485FB1F3792FF7B5D5EBB99AB870E588 424448 ----a-w- C:\Windows\Sysnative\aeinv.dll

2014-05-15 16:37:54 9358149234A4F3FE00CF5C2096DC1652 1460736 ----a-w- C:\Windows\Sysnative\lsasrv.dll

2014-05-15 16:37:52 B19C8390A1D641B9AC4490D4828A7B5E 728064 ----a-w- C:\Windows\Sysnative\kerberos.dll

2014-05-15 16:37:51 E2A483E796D5FC7E447725FD01D98FA0 314880 ----a-w- C:\Windows\Sysnative\msv1_0.dll

2014-05-15 16:37:51 89EF1CE0CE43AB8F55247D746739A321 722944 ----a-w- C:\Windows\Sysnative\objsel.dll

2014-05-15 16:37:50 6B47CF5C27865DDF6680E4D834FBE34F 5550016 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe

2014-05-15 16:37:49 B6D8C1202DACA028AD94BDA2795CBBE9 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll

2014-05-15 16:37:48 CF13522172342AD8196B329C15D68E23 44544 ----a-w- C:\Windows\Sysnative\dimsroam.dll

2014-05-15 16:37:48 C072064F95579C0D6D86AF5B3DC53192 136192 ----a-w- C:\Windows\Sysnative\sspicli.dll

2014-05-15 16:37:48 BDA8B14AFE99A0C52BFEA64C5AC62171 52736 ----a-w- C:\Windows\Sysnative\dpapiprovider.dll

2014-05-15 16:37:48 9D942180B5B6CE1C882B9CC54EA1F275 57344 ----a-w- C:\Windows\Sysnative\cngprovider.dll

2014-05-15 16:37:48 9A3C6D8593F29A9F66744A3D4E6309B2 39936 ----a-w- C:\Windows\Sysnative\wincredprovider.dll

2014-05-15 16:37:48 851BB346CD59D9B3BC8854384C7DD5C3 424960 ----a-w- C:\Windows\Sysnative\KernelBase.dll

2014-05-15 16:37:48 692E9886B2A475684F7E3294BF66E97D 56832 ----a-w- C:\Windows\Sysnative\adprovider.dll

2014-05-15 16:37:48 4959DE74643CBC4B83E5BC99486A4FC9 53760 ----a-w- C:\Windows\Sysnative\capiprovider.dll

2014-05-15 16:37:48 481F70241D4EA038BB02590A30F15A23 340992 ----a-w- C:\Windows\Sysnative\schannel.dll

2014-05-15 16:37:48 26AF184300C0868D854D5A3092234E24 210944 ----a-w- C:\Windows\Sysnative\wdigest.dll

2014-05-15 16:37:48 204F3F58212B3E422C90BD9691A2DF28 31232 ----a-w- C:\Windows\Sysnative\lsass.exe

2014-05-15 16:37:47 82A72E99AA1CF0B04D3B9843CBA3AEC1 22016 ----a-w- C:\Windows\Sysnative\credssp.dll

2014-05-15 16:37:47 8098627D0AA1706D69C5AF3F74332ABB 29184 ----a-w- C:\Windows\Sysnative\sspisrv.dll

2014-05-15 16:37:47 39312B37C5FE5138F99680A49ACD3AEA 28160 ----a-w- C:\Windows\Sysnative\secur32.dll

====== C:\Windows\Sysnative\drivers =====

2014-05-15 16:37:48 353009DEDF918B2A51414F330CF72DEC 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys

2014-05-15 16:37:48 1C2D8E18AA8FD50CD04C15CC27F7F5AB 155072 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys

====== C:\Windows\Tasks ======

2014-05-14 15:22:56 7293899135567DCF26577D20618BB21E 3140 ----a-w- C:\Windows\Sysnative\Tasks\{5AA7AE5A-0F3D-4BD9-BADC-7B573F02BA81}

2014-04-21 07:26:07 3FC11217900B73DD76587B4ADF6CD98E 3756 ----a-w- C:\Windows\Sysnative\Tasks\francois Merge

2014-04-21 07:26:06 91C781488A64BD7C45DC167DC7A81C7A 3740 ----a-w- C:\Windows\Sysnative\Tasks\francois

====== C:\Windows\Temp ======

======= C:\Program Files =====

2014-05-16 18:11:39 -------- d-----w- C:\Program Files\WinZip

2014-04-25 09:08:14 -------- d-----w- C:\Program Files\Recuva

======= C:\PROGRA~2 =====

2014-05-15 16:30:54 6103040 ----a-w- C:\PROGRA~2\GUTF805.tmp

2014-05-15 16:30:54 -------- d-----w- C:\PROGRA~2\GUMF7E5.tmp

2014-05-15 15:31:01 -------- d-----w- C:\PROGRA~2\Better_MarkIt

2014-05-15 15:31:00 -------- d-----w- C:\PROGRA~2\SearchProtect

2014-05-14 16:39:15 -------- d-----w- C:\PROGRA~2\DYMO ILP219

2014-04-30 16:57:18 -------- d-----w- C:\PROGRA~2\Java

======= C: =====

2014-05-11 08:01:00 DD1ECB6E5CD40D83CA8E1A59A2E1802F 1861 ----a-w- C:\malware.txt

====== C:\Users\francois\AppData\Roaming ======

2014-05-16 18:11:50 -------- d-----w- C:\Users\francois\AppData\Local\WinZip

2014-05-15 16:51:49 -------- d-----w- C:\Users\francois\AppData\Roaming\HpUpdate

2014-05-15 15:31:18 -------- d-----w- C:\Users\francois\AppData\Local\SearchProtect

2014-05-15 14:13:43 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp

2014-05-15 14:13:43 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp

2014-05-15 14:13:43 -------- d-----w- C:\Users\Default\AppData\Local\Temp

2014-05-15 14:13:43 -------- d-----w- C:\Users\Default User\AppData\Local\Temp

2014-05-11 08:32:45 -------- d-----w- C:\Users\francois\AppData\Roaming\AVG

2014-05-11 08:32:45 -------- d-----w- C:\Users\francois\AppData\Local\AVG

2014-05-11 07:00:41 -------- d-----w- C:\Users\francois\AppData\Roaming\TuneUp Software

2014-04-27 07:46:52 -------- d-sh--w- C:\Users\francois\AppData\Locallow\EmieUserList

2014-04-27 07:46:52 -------- d-sh--w- C:\Users\francois\AppData\Locallow\EmieSiteList

2014-04-23 13:58:10 -------- d-sh--w- C:\Users\francois\AppData\Local\EmieUserList

2014-04-23 13:58:10 -------- d-sh--w- C:\Users\francois\AppData\Local\EmieSiteList

====== C:\Users\francois ======

2014-05-16 18:11:51 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip

2014-05-16 18:11:40 -------- d-----w- C:\ProgramData\WinZip

2014-05-16 18:10:50 B2E28034AFD84C49CAF5613FDBA8A836 820840 ----a-w- C:\Users\francois\Downloads\winzip180nl.exe

2014-05-11 08:31:30 -------- d-----w- C:\ProgramData\AVG

2014-05-11 06:58:11 -------- d--h--w- C:\ProgramData\Common Files

2014-05-10 07:24:54 B2E88A6033AFFFB634872015D329A2A2 45870584 ----a-w- C:\Users\francois\Downloads\eID-QuickInstaller-407-7453-signed_tcm227-246722.exe

2014-05-09 22:59:10 -------- d-----r- C:\Windows\SysNative\config\systemprofile\Searches

2014-04-25 09:08:15 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva

====== C: exe-files ==

2014-05-16 18:10:50 B2E28034AFD84C49CAF5613FDBA8A836 820840 ----a-w- C:\Users\francois\Downloads\winzip180nl.exe

2014-05-15 21:30:14 6FC454773ABF8DE9A33B35E03525140D 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe

2014-05-15 21:30:14 49B70FBEEC01A69CA9AC115C109E9CDD 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleUpdateBroker.exe

2014-05-15 16:59:24 9CC8D8A7D9A268A389003A1EF7A4B0E3 37103584 ----a-w- C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\34.0.1847.137\34.0.1847.137_chrome_installer.exe

2014-05-15 16:59:02 039DE3F65C7992994F788EAC8E79BF4F 884504 ----a-w- C:\Users\francois\AppData\Local\Temp\{12FC9CF6-F94C-4EC4-9918-DB8C74A5181A}\GoogleUpdateSetup.exe

2014-05-15 16:59:01 E093151047BBFFC0CD78D52F36490206 51080 ----atw- C:\Users\francois\AppData\Local\Temp\{12FC9CF6-F94C-4EC4-9918-DB8C74A5181A}\GoogleUpdateOnDemand.exe

2014-05-15 16:59:01 7E6B107120108B3A15BFECE0DE3201DB 228744 ----atw- C:\Users\francois\AppData\Local\Temp\{12FC9CF6-F94C-4EC4-9918-DB8C74A5181A}\GoogleCrashHandler.exe

2014-05-15 16:59:01 6EFC5F64258FE0D9DA3CCFA7FF4D84BD 114568 ----atw- C:\Users\francois\AppData\Local\Temp\{12FC9CF6-F94C-4EC4-9918-DB8C74A5181A}\GoogleUpdateComRegisterShell64.exe

2014-05-15 16:59:01 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Users\francois\AppData\Local\Temp\{12FC9CF6-F94C-4EC4-9918-DB8C74A5181A}\GoogleUpdate.exe

2014-05-15 16:59:01 398F40FAE5ADA9521544393F1F67A17E 51080 ----atw- C:\Users\francois\AppData\Local\Temp\{12FC9CF6-F94C-4EC4-9918-DB8C74A5181A}\GoogleUpdateBroker.exe

2014-05-15 16:59:01 0D5CE0E5AEC3ACC7930AB955334B8533 281480 ----atw- C:\Users\francois\AppData\Local\Temp\{12FC9CF6-F94C-4EC4-9918-DB8C74A5181A}\GoogleCrashHandler64.exe

2014-05-15 16:39:10 94566D109585C5867B01B761276C2D1F 155136 ----a-w- C:\Windows\System32\CompatTel\QueryAppBlock.exe

2014-05-15 16:39:10 6FF6FF2DD6B7CDD07049DCA1F7A18319 31232 ----a-w- C:\Windows\System32\CompatTel\wicainventory.exe

2014-05-15 16:39:08 BE472797288F53AA9F56974B1A1FC18F 918672 ----a-w- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleUpdateSetup.exe

2014-05-15 16:37:52 4D59F470985D08139E42D15842816C47 3969984 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe

2014-05-15 16:37:51 31FA2485DFC773F1E718A4D19F443FA9 3914176 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe

2014-05-15 16:37:50 6B47CF5C27865DDF6680E4D834FBE34F 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe

2014-05-15 16:37:48 204F3F58212B3E422C90BD9691A2DF28 31232 ----a-w- C:\Windows\System32\lsass.exe

2014-05-15 16:31:41 D893431503D5112DC3B799DF963D2AC8 114568 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleUpdateComRegisterShell64.exe

2014-05-15 16:31:39 D5A444B63637EC0932172C6719A10252 263048 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe

2014-05-15 16:31:39 720546B84ED5229E1584C8F3533A2F12 328072 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe

2014-05-15 16:30:58 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleUpdate.exe

2014-05-15 16:30:55 BE472797288F53AA9F56974B1A1FC18F 918672 ----a-w- C:\Program Files (x86)\GUMF7E5.tmp\GoogleUpdateSetup.exe

2014-05-15 16:30:54 D893431503D5112DC3B799DF963D2AC8 114568 ----atw- C:\Program Files (x86)\GUMF7E5.tmp\GoogleUpdateComRegisterShell64.exe

2014-05-15 16:30:54 D5A444B63637EC0932172C6719A10252 263048 ----atw- C:\Program Files (x86)\GUMF7E5.tmp\GoogleCrashHandler.exe

2014-05-15 16:30:54 BE472797288F53AA9F56974B1A1FC18F 918672 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.24.7\GoogleUpdateSetup.exe

2014-05-15 16:30:54 720546B84ED5229E1584C8F3533A2F12 328072 ----atw- C:\Program Files (x86)\GUMF7E5.tmp\GoogleCrashHandler64.exe

2014-05-15 16:30:54 6FC454773ABF8DE9A33B35E03525140D 51080 ----atw- C:\Program Files (x86)\GUMF7E5.tmp\GoogleUpdateOnDemand.exe

2014-05-15 16:30:54 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files (x86)\GUMF7E5.tmp\GoogleUpdate.exe

2014-05-15 16:30:54 49B70FBEEC01A69CA9AC115C109E9CDD 51080 ----atw- C:\Program Files (x86)\GUMF7E5.tmp\GoogleUpdateBroker.exe

2014-05-15 16:30:01 46DFB17591B23DDB4E857E87E092A60D 520016 ----a-w- C:\Program Files\BullGuard Ltd\BullGuard Premium Protection\BullGuardBhvScanner.exe

2014-05-15 16:30:00 D7D07CBC58375BF0964BB711A225B72C 1088336 ----a-w- C:\Program Files\BullGuard Ltd\BullGuard Premium Protection\BullGuard.exe

2014-05-15 16:29:55 D7D07CBC58375BF0964BB711A225B72C 1088336 ----a-w- C:\ProgramData\BullGuard\Update\Download\APPDIR\BullGuard.exe

2014-05-15 16:29:54 46DFB17591B23DDB4E857E87E092A60D 520016 ----a-w- C:\ProgramData\BullGuard\Update\Download\APPDIR\BullGuardBhvScanner.exe

2014-05-15 16:29:02 3F512AF8DB108FCA028BA731CE0B4700 224408 ----a-w- C:\Users\francois\AppData\Local\Temp\{AC76BA86-7AD7-1043-7B44-AB0000000001}\FixTransforms.exe

2014-05-10 07:24:54 B2E88A6033AFFFB634872015D329A2A2 45870584 ----a-w- C:\Users\francois\Downloads\eID-QuickInstaller-407-7453-signed_tcm227-246722.exe

=== C: other files ==

2014-05-15 16:37:48 353009DEDF918B2A51414F330CF72DEC 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2014-05-15 16:37:48 1C2D8E18AA8FD50CD04C15CC27F7F5AB 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2360198663-3772854805-1710210973-1001\Software\Microsoft\Windows\CurrentVersion\Run]

"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"

"Uploader"="C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe"

"DriverFinder"="C:\Program Files (x86)\DriverFinder\DriverFinder.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-21-2360198663-3772854805-1710210973-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Uninstall C:\Users\francois\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\francois\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"

"Uninstall C:\Users\francois\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\francois\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"

"Uninstall C:\Users\francois\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\francois\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP KEYBOARDx"="C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"

"PDF Complete"="C:\Program Files (x86)\PDF Complete\pdfsty.exe"

"File Sanitizer"="c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe"

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"

"DBAgent"="C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe /WinStart"

"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"

"Uploader"="C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe"

"DriverFinder"="C:\Program Files (x86)\DriverFinder\DriverFinder.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Uninstall C:\Users\francois\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\francois\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"

"Uninstall C:\Users\francois\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\francois\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"

"Uninstall C:\Users\francois\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\francois\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\Windows\system32\igfxtray.exe"

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"

"Persistence"="C:\Windows\system32\igfxpers.exe"

"BullGuard"="C:\Program Files\BullGuard Ltd\BullGuard Premium Protection\BullGuard.exe -boot"

"BullGuardUpdate2"="c:\program files\bullguard ltd\bullguard premium protection\BullGuardUpdate2.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update"

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [15-05-2014 19:25]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [31-01-2014 16:09]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [31-01-2014 16:09]

C:\Windows\tasks\HPCeeScheduleForfrancois.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [15-07-2011 14:43]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]

"C:\Windows\SysNative\tasks\francois" [C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe]

"C:\Windows\SysNative\tasks\francois DBAgent 2 0" ["C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe"]

"C:\Windows\SysNative\tasks\francois Merge" ["C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe"]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\HPCeeScheduleForfrancois" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]

"C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe"]

"C:\Windows\SysNative\tasks\RMCreator" [C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe]

"C:\Windows\SysNative\tasks\Seagate_Install_Launch" [C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe]

"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{8A231337-FA78-46FA-9845-84E4B82D4E7E}" [C:\Windows\system32\msfeedssync.exe]

"C:\Windows\SysNative\tasks\{1841DA4E-62B7-4983-B5E6-60F175A76155}" [C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe]

"C:\Windows\SysNative\tasks\{3FEBB57D-5BCD-4B3D-8718-8E499823B8B9}" [C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe]

"C:\Windows\SysNative\tasks\{50BF9B93-D742-49A0-956B-0525B0F40CDD}" [C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe]

"C:\Windows\SysNative\tasks\{64934EDC-A23B-44EA-9E65-7AB14AC071F6}" [C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe]

"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]

"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]

"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]

"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]

"C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe]

"C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"antiphishing@bullguard"="C:\Program Files\BullGuard Ltd\BullGuard Premium Protection\Files32\Antiphishing\FF\antiphishing@bullguard" [15-05-2014 18:21]

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== C:\zoek_backup content ======================

C:\zoek_backup (files=13 folders=22 26954629 bytes)

==== EOF on vr 16-05-2014 at 20:19:04,94 ======================

Dubbelklik op Zoek.exe om de tool te starten.

• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

 
 C:\Users\francois\AppData\Local\SearchProtect;fs
 C:\malware.txt;f
 C:\Program Files (x86)\GUMF7E5.tmp;fs
 [HKEY_USERS\S-1-5-21-2360198663-3772854805-1710210973-1001\Software\Microsoft\Windows\CurrentVersion\Run];r64
 "DriverFinder"=-;r64
 C:\Program Files (x86)\DriverFinder;fs
 [HKEY_USERS\S-1-5-21-2360198663-3772854805-1710210973-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce];r64
 "Uninstall C:\Users\francois\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"=-;r64
 "Uninstall C:\Users\francois\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"=-;r64
 "Uninstall C:\Users\francois\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64"=-;r64
 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run];r64
 "DriverFinder"=-;r64
 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce];r64
"Uninstall C:\Users\francois\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"=-;r64   
"Uninstall C:\Users\francois\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"=-;r64
 "Uninstall C:\Users\francois\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64”=-;r64
  autoclean;

• De optie "Scan All Users" staat standaard aangevinkt.
  
• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht als bijlage.
  

Zoek.exe logbestand plaatsen

• Voeg het logbestand met de naam "Zoek-results.log" als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden op de systeemschijf als C:\\Zoek-results.log.)
  
• Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.
  

Zoek.exe v5.0.0.0 Updated 20-05-2014

Tool run by francois on di 20-05-2014 at 19:03:55,57.

Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\francois\Downloads\zoek (78)\zoek.exe [scan all users] [script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-14-144854.log 19547 bytes

C:\zoek-results2014-05-14-152817.log 18770 bytes

C:\zoek-results2014-05-14-160008.log 1137 bytes

C:\zoek-results2014-05-14-174955.log 28013 bytes

C:\zoek-results2014-05-15-143054.log 26320 bytes

C:\zoek-results2014-05-16-181904.log 26356 bytes

C:\zoek-results2014-05-18-103040.log 6601 bytes

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[HKEY_USERS\S-1-5-21-2360198663-3772854805-1710210973-1001\Software\Microsoft\Windows\CurrentVersion\Run]

"DriverFinder"=-

[HKEY_USERS\S-1-5-21-2360198663-3772854805-1710210973-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Uninstall C:\Users\francois\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"=-

"Uninstall C:\Users\francois\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"=-

"Uninstall C:\Users\francois\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"DriverFinder"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Uninstall C:\Users\francois\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"=-

"Uninstall C:\Users\francois\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"=-

"Uninstall C:\Users\francois\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64”=-

==== Deleting Files \ Folders ======================

C:\Users\francois\AppData\Local\SearchProtect not found

C:\Program Files (x86)\GUMF7E5.tmp not found

C:\Program Files (x86)\DriverFinder not found

"C:\malware.txt" not found

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"antiphishing@bullguard"="C:\Program Files\BullGuard Ltd\BullGuard Premium Protection\Files32\Antiphishing\FF\antiphishing@bullguard" [15-05-2014 18:21]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

ncffjdbbodifgldkcbhmiiljfcnbgjab - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\dpchrome.crx[21-07-2012 03:00]

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://g.uk.msn.com/HPCOM13/33"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://g.uk.msn.com/HPCOM13/33"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CMDTDFJS"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

{D944BB61-2E34-4DBF-A683-47E505C587DC} eBay Url="http://rover.ebay.com/rover/1/1553-111073-34115-12/4?satitle={searchTerms}"

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\francois\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\francois\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\francois\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=220 folders=47 56953031 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\francois\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\francois\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on di 20-05-2014 at 19:22:39,35 ======================

Download AdwCleaner by Xplode naar het bureaublad.

• Sluit alle openstaande vensters.
  
• Dubbelklik op AdwCleaner om hem te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren,
  
• Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Klik vervolgens op Scan.
  
• Klik vervolgens op Clean als er items zijn gevonden.
  
• Klik bij Herstarten Noodzakelijk op OK
  

Nadat de PC opnieuw is opgestart, opent meestal een logfile.

Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner[s0].txt.

Logbestand plaatsen

• Voeg het logbestand met de naam C:\AdwCleaner\AdwCleaner[s0].txt als bijlage toe aan het volgende bericht.
  
• Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.
  

# AdwCleaner v3.210 - Rapport aangemaakt 21/05/2014 op 15:45:46

# Laatste Update 19/05/2014 door Xplode

# Besturingssysteem : Windows 7 Professional Service Pack 1 (64 bits)

# Gebruikersnaam : francois - FRANCOIS-HP

# Gestart vanuit : C:\Users\francois\Downloads\adwcleaner_3.210.exe

# Optie : Scannen

***** [ Services ] *****

***** [ Bestanden / Mappen ] *****

Map Gevonden : C:\Users\francois\AppData\LocalLow\SiteRanker

***** [ Snelkoppelingen ] *****

***** [ Register ] *****

Sleutel Gevonden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}

Sleutel Gevonden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

Sleutel Gevonden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}

Sleutel Gevonden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}

Sleutel Gevonden : HKCU\Software\Softonic

Sleutel Gevonden : [x64] HKCU\Software\Softonic

Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}

Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}

Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}

Sleutel Gevonden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Google Chrome v34.0.1847.137

[ Bestand : C:\Users\francois\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gevonden [search Provider] : hxxp://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80090&iwk=300&lng=en

Gevonden [Homepage] : hxxp://www.inbox.com/homepage.aspx?tbid=80090&iwk=300&lng=en

Gevonden [Extension] : booedmolknjekdopkepjjeckmjkdpfgl

Gevonden [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R0].txt - [2278 octets] - [21/05/2014 15:45:46]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2338 octets] ##########

En hoe gedraagt de PC zich nu ?