problemen met acer 7739z, hijack log geplaatst

bosje · 25 juli 2013

I heb problemen met mijn acer 7739Z, valt soms uit, krijg dan een wit scherm met strepen.Wanneer de accu is opgeladen, moet ik hem aan de stroom zetten om weer op te starten. Ook mis ik allerlei bladwijzers en zijn de letters heel groot wat ik ook niet kan veranderen. heb een hijack logfile gemaakt, zie onder.

Alvast bedankt!

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:20:00, on 25-7-2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v10.0 (10.00.9200.16635)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

C:\Users\Janneke\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe

C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE

C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

C:\Program Files (x86)\F-Secure\fshoster32.exe

C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe

C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={116FCF24-5713-4CCE-96F7-2DF75C72875D}&mid=c3debec3538047d1b057e92931de3fbb-03b8408931bde2a31f932dfcaa1043d8b681383f〈=en&ds=ts023&pr=sa&d=2012-02-22 19:18:22&v=10.0.0.7&sap=hp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL

O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL

O4 - HKLM\..\Run: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"

O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d

O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

O4 - HKLM\..\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [F-Secure Hoster (54599)] "C:\Program Files (x86)\F-Secure\fshoster32.exe" -app -hosterid:1

O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHJE.EXE /EPT "EPLTarget\P0000000000000001" /M "Epson Stylus SX130" /EF "HKCU"

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Janneke\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')

O4 - Startup: Dropbox.lnk = Janneke\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: FRITZ!DSL Protect.lnk = C:\Program Files (x86)\FRITZ!DSL\FwebProt.exe

O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll

O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll

O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AVM IGD CTRL Service - Unknown owner - C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE (file missing)

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Program Files (x86)\Common Files\AVM\de_serv.exe

O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe

O23 - Service: Epson Redirect Agent (ENAgent) - SEIKO EPSON CORPORATION - C:\Windows\SysWOW64\ENAgent.exe

O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: F-Secure Dll Hoster (fshoster) - F-Secure Corporation - C:\Program Files (x86)\F-Secure\fshoster32.exe

O23 - Service: FSMA - F-Secure Corporation - C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE

O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe

O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 14816 bytes

iEscape · 25 juli 2013

@ Bosje1,

Van zodra 1 van de experts online is zal deze je zeker verder helpen aangaande je vraag/probleem.

Update

Wil je onderstaande ook uitvoeren:

Download en installeer Speccy.

Tijdens de installatie heb je nu de mogelijkheid om Nederlands als taal te selecteren.

Wanneer, tijdens het installeren van Speccy, de optie aangeboden wordt om Google Chrome of Google Toolbar "gratis" mee te installeren dien je de vinkjes weg te halen, tenzij dit een bewuste keuze is.

Start nu het programma en er zal een overzicht gemaakt worden van je hardware.

Als dit gereed is selecteer je bovenaan " Bestand - Publiceer Snapshot " en vervolgens bevestig je die keuze met " Ja ".

In het venster dat nu opent krijg je een link te zien, kopieer nu die link en plak die in je volgende bericht. Zo krijgen we een gedetailleerd overzicht van je hardware

25 juli 2013 aangepast door iEscape

bosje · 26 juli 2013

Onderstaand de link. vriendelijke groet

http://speccy.piriform.com/results/0MId0n0YPxca7KvBNnJpO2E

26 juli 2013 aangepast door iEscape
Overbodig quoted bericht verwijderd.

Jean-Pierre · 26 juli 2013

Ik heb je dubbelpost verwijderd want anders word het een ganse warboel.;-)

Asus · 26 juli 2013

Na 6 minuten activiteit hebben je moederbord en je processor een temperatuur van zo'n 50°C: wordt deze laptop op een gladde, harde en stofvrije ondergrond gebruikt ?...

Kan je een tweede linkje posten, geproduceerd na ruim een half uur tot een uur activiteit op de laptop ?...

kape · 26 juli 2013

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)

O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Download AdwCleaner by Xplode naar het bureaublad.

Sluit alle openstaande vensters.
Dubbelklik op AdwCleaner om hem te starten.
Klik vervolgens op Verwijderen.
Klik bij AdwCleaner – Informatie op OK
Klik bij AdwCleaner – Herstarten Noodzakelijk op OK

Dat tijdens de actie de snelkoppelingen verdwijnen, is normaal.

Nadat de PC opnieuw is opgestart, opent een logfile.

Post aansluitend de inhoud van dit log in je volgende bericht, samen met een nieuw logje van HijackThis.

bosje · 27 juli 2013

Na 6 minuten activiteit hebben je moederbord en je processor een temperatuur van zo'n 50°C: wordt deze laptop op een gladde, harde en stofvrije ondergrond gebruikt ?...
Kan je een tweede linkje posten, geproduceerd na ruim een half uur tot een uur activiteit op de laptop ?...

Ja de laptop staat inderdaad op een gladde, harde en stofvrije ondergrond.

hier nogmaals de link na een 45 minuten gebruik van de laptop.

http://speccy.piriform.com/results/inKupQgtpxmILJlmaXp42Vj

- - - Updated - - -

De genoemde items staan niet in de lijst.Ik heb het programma als administrator uitgevoerd.

- - - Updated - - -

wanneer ik de link AdwCleaner by Xplode volg krijg ik een melding dat het een schadelijke website is?

kape · 27 juli 2013

Download zoek.exe naar het bureaublad.

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
(hier of hier) kan je lezen hoe je dat doet.
Dubbelklik op Zoek.exe om de tool te starten.
Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
Klik op de knop "Options" en vink nu de onderstaande opties aan.
- Running processes
- Recently Created
- Startup Information
- Installed Programs
- HijackThis Log
- Firefox Look
- Chrome Look
- System Specs
- Silent Runners
- Firefox Defaults
- Reset Chrome
- Reset IE proxy
- Shortcut Fix
- IE Defaults
- Reset Hosts
- Auto Clean
[*] Klik nu op de knop "Run script".

[*] Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).

[*] Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.

[*] Post nu de inhoud van het geopende logje in het volgende bericht.

bosje · 28 juli 2013

Bijgaand het logje

Zoek.exe Version 4.0.0.4 Updated 26-07-2013

Tool run by Janneke on zo 28-07-2013 at 12:03:56,06.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Janneke\Downloads\zoek(1).exe [Checkboxes used]

==== Older Logs ======================

C:\zoek-results28-07-2013-1201.log 64 bytes

==== Running Processes ======================

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Launch Manager\dsiwmis.exe

C:\Windows\SysWOW64\ENAgent.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Program Files (x86)\Launch Manager\LMutilps32.exe

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files (x86)\F-Secure\fshoster32.exe

C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe

C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Windows\System32\igfxtray.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe

C:\Windows\System32\spool\drivers\x64\3\E_IATIHJE.EXE

C:\Users\Janneke\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe

C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe

C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSHDLL64.EXE

C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE

C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

C:\Program Files (x86)\F-Secure\fshoster32.exe

C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE

C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Windows\system32\taskhost.exe

C:\Users\Janneke\Downloads\zoek(1).exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

==== Reset Hosts File ======================

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.

127.0.0.1 localhost

::1 localhost

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Installed Programs ======================

???? ??? Windows Live

???? Windows Live

????? Windows Live

?????? ??????? ?? Windows Live

???????? ?????????? Windows Live

??????????? ?? Windows Live

Aangifte inkomstenbelasting 2012

ABBYY FineReader 9.0 Sprint

Acer Backup Manager

Acer Crystal Eye Webcam

Acer ePower Management

Acer eRecovery Management

Acer Registration

Acer ScreenSaver

Acer Updater

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.03) - Nederlands

Albelli Fotoboeken

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

AVM FRITZBox Printer

Backup Manager V3

Bonjour

CCleaner

clear.fi

clear.fi Client

Computer Security 12.71.102.0 (release)

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dropbox

EPSON Attach To Email

Epson Easy Photo Print 2

Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)

Epson Event Manager

EPSON File Manager

EPSON Scan

EPSON Scan Assistant

EPSON SX130 Series Printer Uninstall

EpsonNet Config V4

F-Secure CCF Reputation

F-Secure CCF Scanning 1.18.127.7931 (release)

F-Secure Network CCF 1.02.126

F-Secure Security Panel

Facebook Video Calling 1.2.0.287

ffdshow [rev 2527] [2008-12-19]

Fotogalerija Windows Live

Galeria de Fotografias do Windows Live

Galer¡a fotogr fica de Windows Live

Galeria fotogr…fica del Windows Live

Galeria fotografii uslugi Windows Live

Galerie de photos Windows Live

Galerie foto Windows Live

Gebruikershandleiding EPSON SX130 Series

HiJackThis

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

Identity Card

Intel PROSet Wireless

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® PROSet/Wireless WiFi Software

Junk Mail filter update

Kobo

Launch Manager

Malwarebytes Anti-Malware versie 1.75.0.1300

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile NLD Language Pack

Microsoft Application Error Reporting

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (Dutch) 2010

Microsoft Office Excel MUI (Dutch) 2010

Microsoft Office Groove MUI (Dutch) 2010

Microsoft Office InfoPath MUI (Dutch) 2010

Microsoft Office Klik-en-Klaar 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (Dutch) 2010

Microsoft Office Outlook MUI (Dutch) 2010

Microsoft Office PowerPoint MUI (Dutch) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Professional Plus 2013 - nl-nl

Microsoft Office Proof (Dutch) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (German) 2010

Microsoft Office Proofing (Dutch) 2010

Microsoft Office Publisher MUI (Dutch) 2010

Microsoft Office Shared 64-bit MUI (Dutch) 2010

Microsoft Office Shared MUI (Dutch) 2010

Microsoft Office Starter 2010 - Nederlands

Microsoft Office Word MUI (Dutch) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 22.0 (x86 nl)

Mozilla Maintenance Service

Mozilla Thunderbird 17.0.6 (x86 nl)

MSVCRT

MSVCRT_amd64

MyFreeCodec

MyWinLocker

MyWinLocker 4

MyWinLocker Suite

newsXpresso

Norton Online Backup

NTI Media Maker 9

Office 15 Click-to-Run Extensibility Component

Office 15 Click-to-Run Licensing Component

Office 15 Click-to-Run Localization Component

Online Safety 2.71.927.655

Poczta uslugi Windows Live

Podstawowe programy Windows Live

Posta Windows Live

QuickTime

Raccolta foto di Windows Live

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

S?????? f?t???af??? t?? Windows Live

Samsung Kies

SAMSUNG USB Driver for Mobile Phones

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition

Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)

Shredder

SkypeT 5.10

SlimComputer

Speccy

Spotnet

SUPERAntiSpyware

Synaptics Pointing Device Driver

Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Welcome Center

Windows Live ???

Windows Live ????

Windows Live Argazki Galeria

Windows Live Communications Platform

Windows Live Essentials

Windows Live Fotogal‚ria

Windows Live Fotogalerie

Windows Live Fotogalleri

Windows Live Fotograf Galerisi

Windows Live Fot¢t r

Windows Live Galeria de Fotos

Windows Live Galerija fotografija

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Temel Par‡alar

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Liven asennusty”kalu

Windows Liven s„hk”posti

Windows Liven valokuvavalikoima

WinRAR archiver

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\Janneke\AppData\Roaming\Mozilla\Firefox\Profiles\liq1p9cc.default-1368089841419\prefs.js:

user_pref("browser.startup.homepage", "http://www.startpagina.nl/");

user_pref("browser.search.selectedEngine", "Zoeken.nl");

user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Janneke\AppData\Roaming\Mozilla\Firefox\Profiles\liq1p9cc.default-1368089841419\prefs.js:

user_pref("browser.startup.homepage", "http://www.google.com");

user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.newtab.url", "http://www.google.com/");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\Janneke\AppData\Roaming\Mozilla\Firefox\Profiles\lvk87zm8.default-1373308778076\prefs.js:

Added to C:\Users\Janneke\AppData\Roaming\Mozilla\Firefox\Profiles\lvk87zm8.default-1373308778076\prefs.js:

user_pref("browser.startup.homepage", "http://www.google.com");

user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.newtab.url", "http://www.google.com/");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

"C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml" deleted

"C:\Users\Janneke\Downloads\SoftonicDownloader_voor_samsung-kies.exe" deleted

"C:\Windows\wininit.ini" deleted

"C:\found.000" deleted

"C:\Users\Janneke\AppData\Roaming\iWin" deleted

"C:\ProgramData\InstallMate" deleted

"C:\Users\Janneke\AppData\Local\Software" deleted

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)

Memory (RAM): 3765 MB

CPU Info: Intel® Pentium® CPU P6200 @ 2.13GHz

CPU Speed: 2162.3 MHz

Sound Card: Speakers (Realtek High Definiti |

Display Adapters: Intel® HD Graphics | Intel® HD Graphics | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver

Monitors: 1x; Generic PnP Monitor |

Screen Resolution: 1600 X 900 - 32 bit

Network: Network Present

Network Adapters: Microsoft Virtual WiFi Miniport Adapter #2 | Microsoft Virtual WiFi Miniport Adapter | Intel® Centrino® Wireless-N 100 | Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)

CD / DVD Drives: 1x (D: | ) D: SlimtypeDVD A DS8A5SH

Ports: COM Ports NOT Present. LPT Port NOT Present.

Mouse: 16 Button Wheel Mouse Present

Hard Disks: C: 450.7GB | Q: 0.0MB

Hard Disks - Free: C: 386.9GB | Q: 0.0MB

Manufacturer *: Insyde Corp.

BIOS Info: AT/AT COMPATIBLE | 07/21/11 | ACRSYS - 1

Time Zone: West-Europa (standaardtijd)

Motherboard *: Acer HMA71_CP

Internet Explorer Version: 10.0.9200.16635

Sun Java version: No Java Installed?

Country: Nederland

Language: NLD

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\Janneke\AppData\Local\Temp ====

====== C:\Windows\SysWOW64 =====

2013-07-24 17:25:41 BF1D2CFAE91C1E835902ECA27F8F7470 2706432 ----a-w- C:\Windows\SysWOW64\mshtml.tlb

2013-07-24 17:25:40 6A32A12A2C76B729D6485D04FCFB2175 391168 ----a-w- C:\Windows\SysWOW64\ieui.dll

2013-07-24 17:25:37 F4A608A800C1BB6838797390CBBC1269 33280 ----a-w- C:\Windows\SysWOW64\iernonce.dll

2013-07-24 17:25:37 B6A67646BD7E3A0AF2515703CBBD9A1C 61440 ----a-w- C:\Windows\SysWOW64\iesetup.dll

2013-07-24 17:25:37 0D2F075863C2FA4F84FB95AC00B95151 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-07-24 17:25:36 DED7DCF831A05D21F49510EA03F8F2C5 109056 ----a-w- C:\Windows\SysWOW64\iesysprep.dll

2013-07-24 17:25:35 FE29131E35902038066C924CF9C59DF8 2046976 ----a-w- C:\Windows\SysWOW64\iertutil.dll

2013-07-24 17:25:31 EED047A0C528813D6AAF4F4F8B2C40C4 493056 ----a-w- C:\Windows\SysWOW64\msfeeds.dll

2013-07-24 17:25:29 52F71A5790E1B6FFC34648F3B311EEE1 690688 ----a-w- C:\Windows\SysWOW64\jscript.dll

2013-07-24 17:25:24 CB811C14C225DD07B98E676DFB0221E6 2877440 ----a-w- C:\Windows\SysWOW64\jscript9.dll

2013-07-24 17:25:22 225D276C730DF08CC83EABAC407F0D75 1141248 ----a-w- C:\Windows\SysWOW64\urlmon.dll

2013-07-24 17:25:18 AC9A9B64AF7005E488390E38AE00D117 39424 ----a-w- C:\Windows\SysWOW64\jsproxy.dll

2013-07-24 17:25:16 9BF7C7654EFD098EE3A27B49492A382A 1767936 ----a-w- C:\Windows\SysWOW64\wininet.dll

2013-07-24 17:25:05 CC3FD6DEEE458D0BE9A69241E0749717 13760512 ----a-w- C:\Windows\SysWOW64\ieframe.dll

2013-07-24 17:24:31 AF31E7D2C385F647ADFD5F5736B3BA64 14329856 ----a-w- C:\Windows\SysWOW64\mshtml.dll

2013-07-23 19:10:21 674EB817CF6E43B7DF3EC26E06E98D98 509440 ----a-w- C:\Windows\SysWOW64\qedit.dll

2013-07-23 19:10:12 56D61BE56DA22334829E14CDE6A8C1FE 1620480 ----a-w- C:\Windows\SysWOW64\WMVDECOD.DLL

2013-07-23 19:06:22 1C0E369575F387460E2A5F28269B2CC4 1247744 ----a-w- C:\Windows\SysWOW64\DWrite.dll

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

2013-07-24 17:25:43 C9EC09E4BF3290331C25F0D12C93CEBF 2706432 ----a-w- C:\Windows\Sysnative\mshtml.tlb

2013-07-24 17:25:39 17B4359BB4BD72F8EB4F92B1DC4E4EB5 526336 ----a-w- C:\Windows\Sysnative\ieui.dll

2013-07-24 17:25:37 CDB7670A5C0F7D230ADC72F542D41AD8 39936 ----a-w- C:\Windows\Sysnative\iernonce.dll

2013-07-24 17:25:37 AC127B02DD2C8FD41AC4162BA738F2ED 67072 ----a-w- C:\Windows\Sysnative\iesetup.dll

2013-07-24 17:25:37 34EACF2330282CCABA61F8DC43F16FD5 51712 ----a-w- C:\Windows\Sysnative\ie4uinit.exe

2013-07-24 17:25:36 6E1803473B6BCBA4C2FB31582DE12D7D 89600 ----a-w- C:\Windows\Sysnative\RegisterIEPKEYs.exe

2013-07-24 17:25:36 557F4ACCA6426112E28F19AAD734C971 136704 ----a-w- C:\Windows\Sysnative\iesysprep.dll

2013-07-24 17:25:33 9E0D8010D7368856617D3FE0FA5DA58F 2648576 ----a-w- C:\Windows\Sysnative\iertutil.dll

2013-07-24 17:25:30 5A41FA3CB4E47560A26B183429F41D73 603136 ----a-w- C:\Windows\Sysnative\msfeeds.dll

2013-07-24 17:25:29 4A3D82F996C5B700D42ACCA94C2B9ABD 855552 ----a-w- C:\Windows\Sysnative\jscript.dll

2013-07-24 17:25:26 BEFD16482A3859071F563D2614EE2484 3958784 ----a-w- C:\Windows\Sysnative\jscript9.dll

2013-07-24 17:25:21 792685A9538424CC1F3FA6A816FE147C 1365504 ----a-w- C:\Windows\Sysnative\urlmon.dll

2013-07-24 17:25:18 B7B4D3A39BE24D7ABC69C06F44FCC5B1 53248 ----a-w- C:\Windows\Sysnative\jsproxy.dll

2013-07-24 17:25:14 FAF6EC2460AD5FBBD38D8E1AE28B0D77 2241024 ----a-w- C:\Windows\Sysnative\wininet.dll

2013-07-24 17:24:56 391CD109EF28629644C267C855314DEE 15404032 ----a-w- C:\Windows\Sysnative\ieframe.dll

2013-07-24 17:24:49 9586EC4E1CC39CCBA26A5E7DFE774C9E 19238912 ----a-w- C:\Windows\Sysnative\mshtml.dll

2013-07-23 19:10:21 A3EC566925BEC505E2418C1AC14E541E 624128 ----a-w- C:\Windows\Sysnative\qedit.dll

2013-07-23 19:10:14 8B6CBE2FA2BAEDE2A3F5C96733481911 1887744 ----a-w- C:\Windows\Sysnative\WMVDECOD.DLL

2013-07-23 19:09:03 73601028E7C44154318AE91D2EB2EDB3 3153920 ----a-w- C:\Windows\Sysnative\win32k.sys

2013-07-23 19:06:23 DD85F00EC31F77315AE992B7B0411D65 1643520 ----a-w- C:\Windows\Sysnative\DWrite.dll

====== C:\Windows\Sysnative\drivers =====

2013-07-25 17:48:01 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

2013-07-26 14:06:06 -------- d-----w- C:\Program Files\Speccy

======= C:\Program Files (x86) =====

2013-07-25 17:18:20 -------- d-----w- C:\Program Files (x86)\Trend Micro

======= C: =====

====== C:\Users\Janneke\AppData\Roaming ======

2013-07-25 17:47:47 -------- d-----w- C:\users\Janneke\AppData\Local\Programs

====== C:\Users\Janneke ======

2013-07-26 14:06:11 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy

2013-07-26 14:05:15 8AEB5D7CF5182094977760A765FA5B01 5126104 ----a-w- C:\Users\Janneke\Downloads\spsetup122.exe

2013-07-25 17:31:28 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\Janneke\Downloads\mbam-setup-1.75.0.1300.exe

====== C: exe-files ==

2013-07-28 10:02:05 9F0EAB5C94DF90AB9182DC76D37B2234 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-604675852-2658481320-257885064-1000\$IUB0DC7.exe

2013-07-28 10:00:57 5E7B15DDA20402630F6FDA3239A02B44 167424 ----a-w- C:\$Recycle.Bin\S-1-5-21-604675852-2658481320-257885064-1000\$RUB0DC7.exe

2013-07-26 14:05:15 8AEB5D7CF5182094977760A765FA5B01 5126104 ----a-w- C:\Users\Janneke\Downloads\spsetup122.exe

2013-07-25 17:52:51 8A104BB2D7E46B4212E60F4EB2E80882 926896 ----a-w- C:\Program Files (x86)\Mozilla Thunderbird\updated\uninstall\helper.exe

2013-07-25 17:52:51 6E7AC0037D149ABBC93C8CCF4E48F876 21912 ----a-w- C:\Program Files (x86)\Mozilla Thunderbird\updated\WSEnable.exe

2013-07-25 17:52:51 18436E58084B449DC05986D6A2D5A4AB 271768 ----a-w- C:\Program Files (x86)\Mozilla Thunderbird\updated\updater.exe

2013-07-25 17:52:50 35EC0913B382B3E476A81B446C951582 389016 ----a-w- C:\Program Files (x86)\Mozilla Thunderbird\updated\thunderbird.exe

2013-07-25 17:52:50 0749B125E71E43CCFC9C9556B1A26D2C 17304 ----a-w- C:\Program Files (x86)\Mozilla Thunderbird\updated\plugin-container.exe

2013-07-25 17:52:48 BA7BC321BFEF85B525A9417693B1FF09 117144 ----a-w- C:\Program Files (x86)\Mozilla Thunderbird\updated\maintenanceservice.exe

2013-07-25 17:52:48 70706F1CDBF62098DC2B6B1BCAD98931 193448 ----a-w- C:\Program Files (x86)\Mozilla Thunderbird\updated\maintenanceservice_installer.exe

2013-07-25 17:52:45 636DBC13746ADA696B03D0ABF4F185EA 116632 ----a-w- C:\Program Files (x86)\Mozilla Thunderbird\updated\crashreporter.exe

2013-07-25 17:31:28 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\Janneke\Downloads\mbam-setup-1.75.0.1300.exe

2013-07-24 18:06:31 3B615E81E65427A9CA1BAB659CB9AE2C 217768 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\MSOXMLED.EXE

2013-07-24 18:06:13 058F3C3812DF160EA8C657073D2C6DA8 545976 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\MSOSQM.EXE

2013-07-24 18:06:08 B3AAF9AA9494FD3E394E815D0243C78E 838352 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\DW20.EXE

2013-07-24 18:06:06 FD79AD9C846C8927CC4E61FCBBDD259E 207528 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\MSOXMLED.EXE

2013-07-24 18:05:52 35A367074A2997C66D7851E56C398C6E 282800 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\msoia.exe

2013-07-24 18:04:48 191BF6249C22140567656B76C8E0F179 78576 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE

2013-07-24 18:04:46 3149CBB89064792BD28D5C958E7EAB13 6807768 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\CMigrate.exe

2013-07-24 17:33:21 540351899E0C3C356B888B16AA3FD4EE 39584 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\AppSharingHookController64.exe

2013-07-24 17:32:46 7750DF3801A17047AA2D3FF676E58FB8 5086424 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CMigrate.exe

2013-07-24 17:32:37 81FEBC588DE208F6DFF1491C11771761 9398448 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\PDFREFLOW.EXE

2013-07-24 17:32:28 820EC98C0FDBD7FB448D8D29179C69FC 869552 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\protocolhandler.exe

2013-07-24 17:32:15 F011F7E4334C553808A3FF2D20D729AB 470248 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\DWTRIG20.EXE

2013-07-24 17:31:12 CEB06609DBF517C94DF91B55D555DD09 1044696 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe

2013-07-24 17:31:12 CE3F9F3D771AEAACEA10919D1FE70546 50392 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\SETLANG.EXE

2013-07-24 17:31:12 A0819E1DFC8596EDF557B665E7912BA4 496320 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\MSOUC.EXE

2013-07-24 17:31:12 7539AD8EC9EC1087B0AF6F2D228B2CEC 228544 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\CLVIEW.EXE

2013-07-24 17:31:12 33DBE90D23F89BBBD88A6A4850CB382B 87240 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\NAMECONTROLSERVER.EXE

2013-07-24 17:31:10 F34170D0F106876967CA3E41F9E88BBA 448704 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE

2013-07-24 17:31:10 93E82977AA11EA9D2270EFAE7125237A 476888 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\SELFCERT.EXE

2013-07-24 17:31:10 2778C851E681AB04D1E701F34EFD5A1E 700064 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\MSQRY32.EXE

2013-07-24 17:31:09 099C8AFD71749BA039FA15381025E11E 21856928 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\excelcnv.exe

2013-07-24 17:31:08 B27A68E6D1BB76FF6C8FE897F8FFD2B5 4522688 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\GRAPH.EXE

2013-07-24 17:31:07 C3CEF36300810435B738E2AEFCA947AC 513264 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\IEContentService.exe

2013-07-24 17:30:45 E844CEC5240711925F48403D285DBD3E 40680 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\SCANPST.EXE

2013-07-24 17:30:45 5A13E66D96A830D8D467B30281C28B66 569592 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\ORGCHART.EXE

2013-07-24 17:30:44 F6B64FB94579BE905C11D7E73710010F 33440 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\AppSharingHookController.exe

2013-07-24 17:30:44 CEF0CCFE37E92C6683F1689B98AEC518 664736 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\UcMapi.exe

2013-07-24 17:30:44 B8BDA4C15FAB9DABC50830F909C8F59F 1292496 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\OcPubMgr.exe

2013-07-24 17:30:44 2C21EC4F840198FF9B76764D001112B3 6479016 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\lynchtmlconv.exe

2013-07-24 17:30:41 56CFED3896CEF26DD223FF07A4582187 153256 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\CNFNOT32.EXE

2013-07-24 17:30:41 462D7A9C445816604F6932FAA1A37D32 33976 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\msotd.exe

2013-07-24 17:30:41 3BDC0F3645DC6C73F8AD601DD5C8025C 33968 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\msoev.exe

2013-07-24 17:30:39 EE59534878F805D2685252BA165A242B 524488 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\VPREVIEW.EXE

2013-07-24 17:27:15 3E23732C5F9F3525C6CCE886D7C055C0 564432 ----a-w- C:\Program Files\Microsoft Office 15\root\Integration\Integrator.exe

2013-07-24 17:25:37 34EACF2330282CCABA61F8DC43F16FD5 51712 ----a-w- C:\Windows\System32\ie4uinit.exe

2013-07-24 17:25:37 0D2F075863C2FA4F84FB95AC00B95151 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-07-24 17:25:36 6E1803473B6BCBA4C2FB31582DE12D7D 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-07-24 17:25:32 30E7CA4620500FE012EB464F0E1DE91E 770648 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe

2013-07-24 17:25:31 98C6F2A9A981A54222602B87C6310BDE 775256 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe

2013-07-24 17:23:48 6FF609790BB0F7B85C05E66C530334C7 18571424 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\lync.exe

2013-07-24 17:23:45 EA54CD87F23B1B218C10983D6A3850C6 8199344 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE

2013-07-24 17:23:45 75F77C29FCAFA87C94D87CAE9C10C05A 1781416 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\INFOPATH.EXE

2013-07-24 17:23:32 2280707C7708B21C11854A444B6366CD 18631848 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE

2013-07-24 17:23:20 78D3328062B4C80A7BF40D33D9F912CF 1745064 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\ONENOTE.EXE

2013-07-24 17:23:08 BC0AC422724688D16A935EBC856EC538 15505576 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\MSACCESS.EXE

2013-07-23 19:10:11 06820BD4E4243A40F3E28DA5FD38D1E7 1923232 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE

2013-07-23 19:10:03 585373776346FB4DC7C5A573FF49AE66 10756264 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\MSPUB.EXE

2013-07-23 19:10:01 B9831F6BD6AC8E6A4BF9A91873A59098 25591968 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\EXCEL.EXE

2013-07-23 19:09:20 311C7304983FAA322E8654FC64E4ED6B 933544 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\FIRSTRUN.EXE

=== C: other files ==

2013-07-25 17:52:46 E10BA029B10D46D9E75E35105A703EBE 548209 ----a-w- C:\Program Files (x86)\Mozilla Thunderbird\updated\distribution\extensions\tbtestpilot@labs.mozilla.com.xpi

2013-07-25 17:48:01 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-07-24 18:09:08 00217871D0AD07454C787155D5FF6CA7 84720 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\Ocomprivate.zip

2013-07-24 18:09:02 70B4AEDB7E21B274F95D281CE517FCFA 85147 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\Microsoft.Lync.Model.zip

2013-07-23 19:09:03 73601028E7C44154318AE91D2EB2EDB3 3153920 ----a-w- C:\Windows\System32\win32k.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-604675852-2658481320-257885064-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"

"EPLTarget\P0000000000000001"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHJE.EXE /EPT EPLTarget\P0000000000000001 /M Epson Stylus SX130 /EF HKCU"

"Facebook Update"="C:\Users\Janneke\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SuiteTray"="C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

"EgisTecPMMUpdate"="C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"

"EgisUpdate"="C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe -d"

"LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe"

"ArcadeMovieService"="C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"

"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"

"F-Secure Manager"="C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE /splash"

"EEventManager"="C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"F-Secure Hoster (54599)"="C:\Program Files (x86)\F-Secure\fshoster32.exe -app -hosterid:1"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"

"EPLTarget\P0000000000000001"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHJE.EXE /EPT EPLTarget\P0000000000000001 /M Epson Stylus SX130 /EF HKCU"

"Facebook Update"="C:\Users\Janneke\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"

"IntelPAN"="C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe /tf Intel PAN Tray"

"IgfxTray"="C:\Windows\system32\igfxtray.exe"

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"

"Persistence"="C:\Windows\system32\igfxpers.exe"

"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BackupManagerTray]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="BackupManagerTray"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\NTI\\Acer Backup Manager\\BackupManagerTray.exe\" -h -k"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPLTarget]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPLTarget\P0000000000000000]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="EPLTarget\\P0000000000000000"

"hkey"="HKCU"

"command"="C:\\Windows\\system32\\spool\\DRIVERS\\x64\\3\\E_IATIHJE.EXE /EPT \"EPLTarget\\P0000000000000000\" /M \"Epson Stylus SX130\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPLTarget\P0000000000000001]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="EPLTarget\\P0000000000000001"

"hkey"="HKCU"

"command"="C:\\Windows\\system32\\spool\\DRIVERS\\x64\\3\\E_IATIHJE.EXE /EPT \"EPLTarget\\P0000000000000001\" /M \"Epson Stylus SX130\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesAirMessage]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="KiesAirMessage"

"hkey"="HKCU"

"command"="C:\\Program Files (x86)\\Samsung\\Kies\\KiesAirMessage.exe -startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesPreload]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="KiesPreload"

"hkey"="HKCU"

"command"="C:\\Program Files (x86)\\Samsung\\Kies\\Kies.exe /preload"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesTrayAgent]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="KiesTrayAgent"

"hkey"="HKLM"

"command"="C:\\Program Files (x86)\\Samsung\\Kies\\KiesTrayAgent.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="msnmsgr"

"hkey"="HKCU"

"command"="\"C:\\Program Files (x86)\\Windows Live\\Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Norton Online Backup]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Norton Online Backup"

"hkey"="HKLM"

"command"="C:\\Program Files (x86)\\Symantec\\Norton Online Backup\\NOBuClient.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Power Management]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Power Management"

"hkey"="HKLM"

"command"="C:\\Program Files\\Acer\\Acer ePower Management\\ePowerTray.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="QuickTime Task"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Janneke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]

"path"="C:\\Users\\Janneke\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dropbox.lnk"

"backup"="C:\\Windows\\pss\\Dropbox.lnk.Startup"

"backupExtension"=".Startup"

"command"="C:\\Users\\Janneke\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe /systemstartup"

"item"="Dropbox"

==== Startup Folders ======================

2013-05-19 10:41:24 1057 ----a-w- C:\users\Janneke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

2012-01-25 17:23:23 1300 ----a-w- C:\users\Janneke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [11-06-2013 21:25]

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-604675852-2658481320-257885064-1000Core.job --a------ [undetermined Task]

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-604675852-2658481320-257885064-1000UA.job --a------ C:\Users\Janneke\AppData\Local\Facebook\Update\FacebookUpdate.exe [16-05-2013 19:16]

C:\Windows\tasks\Scheduled scanning task.job --a------ C:\PROGRA2\F-Secure\apps\COMPUT1\ANTI-V1\fsav.exe []

==== Firefox Extensions ======================

ProfilePath: C:\Users\Janneke\AppData\Roaming\Mozilla\Firefox\Profiles\liq1p9cc.default-1368089841419

- NoSquint - %ProfilePath%\extensions\nosquint@urandom.ca.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Janneke\AppData\Roaming\Mozilla\Firefox\Profiles\liq1p9cc.default-1368089841419

22BD99646AC2FFD371DC54724B2E049A - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll - Microsoft Office 2013

18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013

3D76B5C0E02ECC19C1F5756E8FD97F72 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll - Shockwave Flash

0B31B0F8FA99CFD009C8FBEA9E20C9DE - C:\Users\Janneke\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin

Profilepath: C:\Users\Janneke\AppData\Roaming\Mozilla\Firefox\Profiles\lvk87zm8.default-1373308778076

22BD99646AC2FFD371DC54724B2E049A - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll - Microsoft Office 2013

18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013

3D76B5C0E02ECC19C1F5756E8FD97F72 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll - Shockwave Flash

0B31B0F8FA99CFD009C8FBEA9E20C9DE - C:\Users\Janneke\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://isearch.avg.com/?cid={116FCF24-5713-4CCE-96F7-2DF75C72875D}&mid=c3debec3538047d1b057e92931de3fbb-03b8408931bde2a31f932dfcaa1043d8b681383f〈=en&ds=ts023&pr=sa&d=2012-02-22 19:18:22&v=10.0.0.7&sap=hp"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://isearch.avg.com/?cid={116FCF24-5713-4CCE-96F7-2DF75C72875D}&mid=c3debec3538047d1b057e92931de3fbb-03b8408931bde2a31f932dfcaa1043d8b681383f〈=en&ds=ts023&pr=sa&d=2012-02-22"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{95B7759C-8C7F-4BF1-B163-73684A933233}"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

{95B7759C-8C7F-4BF1-B163-73684A933233} AVG Secure Search Url="http://isearch.avg.com/search?cid={116FCF24-5713-4CCE-96F7-2DF75C72875D}&mid=c3debec3538047d1b057e92931de3fbb-03b8408931bde2a31f932dfcaa1043d8b681383f〈=en&ds=ts023&pr=sa&d=2012-02-22"

==== Reset Google Chrome ======================

Nothing found to reset

==== shortcuts on Users Desktops ======================

C:\Users\Janneke\Desktop\Albelli.lnk - C:\Users\Janneke\AppData\Local\Albelli Fotoboeken\apc.exe

C:\Users\Janneke\Desktop\Dropbox.lnk - C:\Users\Janneke\AppData\Roaming\Dropbox\bin\Dropbox.exe /home

C:\Users\Janneke\Desktop\HiJackThis.lnk - C:\Users\Janneke\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

C:\Users\Janneke\Desktop\Microsoft Office - Snelkoppeling.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

C:\Users\Janneke\Desktop\Microsoft Office 2013 - Snelkoppeling.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013

C:\Users\Janneke\Desktop\cleaners\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe

C:\Users\Janneke\Desktop\cleaners\SlimComputer.lnk - C:\Windows\Installer\{83A34773-F701-46E1-9414-657F35391413}\Icon.exe

C:\Users\Janneke\Desktop\cleaners\SUPERAntiSpyware Free Edition.lnk - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Aangifte inkomstenbelasting 2012.lnk - C:\Program Files (x86)\Belastingdienst\Aangifte inkomstenbelasting\2012\ib2012.exe

C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe

C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe

C:\Users\Public\Desktop\EPSON Scan.lnk - C:\Windows\twain_32\escndv\escndv.exe

C:\Users\Public\Desktop\F-Secure Security Panel.lnk - C:\Program Files (x86)\F-Secure\trigger.exe --open-launchpad --operator-id 54599

C:\Users\Public\Desktop\Gebruikershandleiding EPSON SX130 Series.lnk - C:\Program Files (x86)\Epson Software\Epson Manual\EPSON SX130 Series\nl\Useg\index.htm

C:\Users\Public\Desktop\Kobo.lnk - C:\Program Files (x86)\Kobo\Kobo.exe --affiliate kobodesktop

C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Users\Public\Desktop\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

C:\Users\Public\Desktop\QuickTime Player.lnk - C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe

C:\Users\Public\Desktop\Samsung Kies (Lite).lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe /lite

C:\Users\Public\Desktop\Samsung Kies.lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe

C:\Users\Public\Desktop\Speccy.lnk - C:\Program Files\Speccy\Speccy64.exe

C:\Users\Public\Desktop\Spotnet.lnk - C:\Program Files (x86)\Spotnet\Spotnet.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Janneke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Janneke\AppData\Roaming\Dropbox\bin\Dropbox.exe /home

C:\Users\Janneke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\Janneke\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe

C:\Users\Janneke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk - C:\Users\Janneke\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

C:\Users\Janneke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Janneke\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.chm

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Verwijder Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\Silverlight.Configuration.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy\Speccy.lnk - C:\Program Files\Speccy\Speccy64.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy\Uninstall Speccy.lnk - C:\Program Files\Speccy\uninst.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Janneke\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Janneke\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE /recycle

C:\Users\Janneke\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

C:\Users\Janneke\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe /lite

C:\Users\Janneke\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe

C:\Users\Janneke\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Janneke\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Janneke\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe

C:\Users\Janneke\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d91276b0be3e46b\pinned.lnk -

C:\Users\Janneke\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Janneke\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Users\Janneke\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Welcome Center.lnk - C:\Program Files (x86)\Acer\Welcome Center\OEMWelcomeCenter.exe

C:\Users\Janneke\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1

==== Reset IE Proxy ======================

Value(s) before fix:

"ProxyOverride"="*.local"

"ProxyEnable"=dword:00000000

Value(s) after fix:

"ProxyEnable"=dword:00000000

==== HijackThis Entries ======================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={116FCF24-5713-4CCE-96F7-2DF75C72875D}&mid=c3debec3538047d1b057e92931de3fbb-03b8408931bde2a31f932dfcaa1043d8b681383f〈=en&ds=ts023&pr=sa&d=2012-02-22

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

F2 - REG:system.ini: UserInit=userinit.exe

O1 - Hosts: ::1 localhost