Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
dutchcoppi
Hoi Ben,
ik ben van van geen kwaad bewust :-S
Hallo Ben,
hierbij het logje :
Zoek.exe Version 4.0.0.4 Updated 10-August-2013
Tool run by Geert on zo 11-08-2013 at 15:35:25,65.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Geert\Bureaublad\zoek.exe
==== Older Logs ======================
C:\zoek-results10-08-2013-0932.log 38947 bytes
==== Suspicious Entries Found ======================
“3389:TCP”=“3389:TCP:*:Enabled:@xpsp2res.dll,-22009”
“1900:UDP”=“1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007”
“2869:TCP”=“2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008”
“26675:TCP”=“26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service”
“1723:TCP”=“1723:TCP:*:Enabled:@xpsp2res.dll,-22015”
“1701:UDP”=“1701:UDP:*:Enabled:@xpsp2res.dll,-22016”
“500:UDP”=“500:UDP:*:Enabled:@xpsp2res.dll,-22017”
“139:TCP”=“139:TCP:*:Enabled:@xpsp2res.dll,-22004”
“445:TCP”=“445:TCP:*:Enabled:@xpsp2res.dll,-22005”
“137:UDP”=“137:UDP:*:Enabled:@xpsp2res.dll,-22001”
“138:UDP”=“138:UDP:*:Enabled:@xpsp2res.dll,-22002”
“3389:TCP”=“3389:TCP:*:Enabled:@xpsp2res.dll,-22009”
“139:TCP”=“139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004”
“445:TCP”=“445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005”
“137:UDP”=“137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001”
“138:UDP”=“138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002”
“1900:UDP”=“1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007”
“2869:TCP”=“2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008”
“26675:TCP”=“26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service”
“1723:TCP”=“1723:TCP:*:Enabled:@xpsp2res.dll,-22015”
“1701:UDP”=“1701:UDP:*:Enabled:@xpsp2res.dll,-22016”
“500:UDP”=“500:UDP:*:Enabled:@xpsp2res.dll,-22017”
“1033:TCP”=“1033:TCP:*:Enabled:Akamai NetSession Interface”
“5000:UDP”=“5000:UDP:*:Enabled:Akamai NetSession Interface”
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
ProfilePath: C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\c3kwohmx.default
user.js not found
—- Lines yahoo removed from prefs.js —-
user_pref(“google.toolbar.subscribe.aggregators.myyahoo.desc”, “My Yahoo!”);
user_pref(“google.toolbar.subscribe.aggregators.myyahoo.id”, “myyahoo”);
user_pref(“google.toolbar.subscribe.aggregators.myyahoo.order”, “3”);
user_pref(“google.toolbar.subscribe.aggregators.myyahoo.title”, “My Yahoo”);
user_pref(“google.toolbar.subscribe.aggregators.myyahoo.url”, “http://add.my.yahoo.com/rss?url=%feed%”);
—- Lines yahoo modified from prefs.js —-
—- FireFox user.js and prefs.js backups —-
prefs_11-08-2013_1539_.backup
ProfilePath: C:\Documents and Settings\Jelle\Application Data\Mozilla\Firefox\Profiles\k854hlti.default
user.js not found
—- Lines yahoo removed from prefs.js —-
—- Lines yahoo modified from prefs.js —-
—- FireFox user.js and prefs.js backups —-
prefs_11-08-2013_1539_.backup
ProfilePath: C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\imehe7nk.default
user.js not found
—- Lines yahoo removed from prefs.js —-
—- Lines yahoo modified from prefs.js —-
—- FireFox user.js and prefs.js backups —-
prefs_11-08-2013_1539_.backup
==== Startup Registry Enabled ======================
“DWQueuedReporting”=“C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe -t”
“H/PC Connection Agent”=“C:\Program Files\Microsoft ActiveSync\wcescomm.exe”
“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe /background”
“MyTomTomSA.exe”=“C:\Program Files\MyTomTom 3\MyTomTomSA.exe”
“OfficeSyncProcess”=“C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE”
“DWQueuedReporting”=“C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe -t”
“BCSSync”=“C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices”
“NvCplDaemon”=“RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup”
“nwiz”=“nwiz.exe /install”
“NvMediaCenter”=“RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit”
“APSDaemon”=“C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe”
“NeroFilterCheck”=“C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe”
“TkBellExe”=“C:\program files\real\realplayer\update\realsched.exe -osboot”
“LogMeIn GUI”=“C:\Program Files\LogMeIn\x86\LogMeInSystray.exe”
“Communicator”=“C:\Program Files\Microsoft Lync\communicator.exe /fromrunkey”
“Ptipbmf”=“rundll32.exe ptipbmf.dll,SetWriteCacheMode”
“PtiuPbmd”=“Rundll32.exe ptipbm.dll,SetWriteBack”
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe -atboottime”
“iTunesHelper”=“C:\Program Files\iTunes\iTunesHelper.exe”
“F-Secure Hoster (45123)”=“C:\Program Files\Internetbeveiliging\fshoster32.exe -app -hosterid:1”
“F-Secure Manager”=“C:\Program Files\Internetbeveiliging\apps\ComputerSecurity\Common\FSM32.EXE /splash”
“SunJavaUpdateSched”=“C:\Program Files\Common Files\Java\Java Update\jusched.exe”
“H/PC Connection Agent”=“C:\Program Files\Microsoft ActiveSync\wcescomm.exe”
“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe /background”
“MyTomTomSA.exe”=“C:\Program Files\MyTomTom 3\MyTomTomSA.exe”
“OfficeSyncProcess”=“C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE”
==== Startup Registry Disabled ======================
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“”
“hkey”=“HKLM”
“command”=“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“AirVideoServer”
“hkey”=“HKCU”
“command”=“C:\\Program Files\\AirVideoServer\\AirVideoServer.exe”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“ipoint”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files\\Microsoft IntelliPoint\\ipoint.exe\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“itype”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files\\Microsoft IntelliType Pro\\itype.exe\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“NBKeyScan”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files\\Nero\\Nero8\\Nero BackItUp\\NBKeyScan.exe\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Skype”
“hkey”=“HKCU”
“command”=“\”C:\\Program Files\\Skype\\Phone\\Skype.exe\“ /nosplash /minimized”
“backup”=“C:\\WINDOWS\\pss\\Bluetooth Manager.lnkCommon Startup”
“command”=“C:\\PROGRA~1\\Toshiba\\BLUETO~1\\TOSBTM~1.EXE ”
“item”=“Bluetooth Manager”
“item”=“OneNote 2010 Schermopname en Snel starten”
“path”=“C:\\Documents and Settings\\Geert\\Menu Start\\Programma's\\Opstarten\\OneNote 2010 Schermopname en Snel starten.lnk”
“backup”=“C:\\WINDOWS\\pss\\OneNote 2010 Schermopname en Snel starten.lnkStartup”
“command”=“C:\\PROGRA~1\\MICROS~2\\Office14\\ONENOTEM.EXE”
“LightScribeControlPanel”=“C:\\Program Files\\Common Files\\LightScribe\\LightScribeControlPanel.exe -hidden”
“MSMSGS”=“\”C:\\Program Files\\Messenger\\msmsgs.exe\“ /background”
“msnmsgr”=“\”C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\“ /background”
“updateMgr”=“\”C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\“ AcRdB7_0_9 -reboot 1”
“AlcoholAutomount”=“\”C:\\Program Files\\Alcohol Soft\\Alcohol 120\\axcmd.exe\“ /automount”
“AdobeUpdateManager”=“\”C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\“ AcRdB7_0_9 -reboot 1”
“TkBellExe”=“\”C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\“ -osboot”
==== Startup Folders ======================
2013-05-26 09:11:53 1024 —-a-w- C:\Documents and Settings\Geert\Menu Start\Programma's\Opstarten\Dropbox.lnk
==== Task Scheduler Jobs ======================
C:\WINDOWS\tasks\Adobe Flash Player Updater.job –a–c— C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\AppleSoftwareUpdate.job –a–c— C:\Program Files\AppleC:oftware Update\SoftwareUpdate.exe
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job –a–c— C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job –a–c— C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IType_exe.job –a–c— C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1644491937-2146943873-725345543-1003.job –a—— C:\Program Files\Real\RealUpgrade\realupgrade.exe
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1644491937-2146943873-725345543-1003.job –a—— C:\Program Files\Real\RealUpgrade\realupgrade.exe
C:\WINDOWS\tasks\ReclaimerResumeInstallLogin_Geert.job –a—— C:\Documents and Settings\Geert\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe
C:\WINDOWS\tasks\ReclaimerResumeInstall_Geert.job –a—— C:\Documents and Settings\Geert\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe
==== Firefox Extensions ======================
ProfilePath: C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\c3kwohmx.default
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
ProfilePath: C:\Documents and Settings\Jelle\Application Data\Mozilla\Firefox\Profiles\k854hlti.default
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
- Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
- Undetermined - %ProfilePath%\extensions\staged-xpis
- Undetermined - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- Google Toolbar for Firefox - %ProfilePath%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
ProfilePath: C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\imehe7nk.default
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
- Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
- Undetermined - %ProfilePath%\extensions\staged-xpis
- Undetermined - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\c3kwohmx.default
ABCB4A6EAB701C629378255ABCB308E5 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U25
D7324EB1EDCB8990F8522DE0311359E9 - C:\WINDOWS\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.17
101700E93EB905992B518256CB441829 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll - Google Update
E806468C0A0CE66199E312B57750621C - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4
1C22407B9C44A71C5A311358A1384F41 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4
A0C0DFFE27C01E0C2EDA3BEB56C54986 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4
BAF947D9341451E36BE26D24DF256237 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4
07583A7028A33F67254AF5CC45B8121F - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4
3D76B5C0E02ECC19C1F5756E8FD97F72 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll - Shockwave Flash
FD4316113294B549D92FA44983488887 - C:\Program Files\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll - Microsoft Lync 2010 Meeting Join Plug-in
F045DF7AF127DC4BCC53421850114E15 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll - Silverlight Plug-In
78006383FEDBCDC290B8BD178903D6AB - C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll - Shockwave for Director / Shockwave for Director
270EE43CC00609B9937AAF94E1E970D4 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector
C548328E9DE5EB73350EF292D7140662 - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa
7550FC1ADE982582D5920BEA6430E3D4 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
90492E00EE4C916123BEC5D267894E8C - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll - RealJukebox NS Plugin
10737B44923217BC0E67D26A9FC1F0AA - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll - RealNetworks™ Chrome Background Extension Plug-In (32-bit)
2645990C521342DCD08963D2DF6CD0D2 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll - RealPlayer™ HTML5VideoShim Plug-In (32-bit)
4D96A92905BE968000B6470996E670A7 - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll - RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)
1291BEEBB50451C80BF7719612196508 - C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll - RealPlayer Download Plugin
AF98ECFCA95399CB7402C34E5E2967B6 - C:\Program Files\ABN AMRO e.dentifier2\Mozilla\npBECON.dll - ABN AMRO e.dentifier2 Plug-in
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
901DF887DBDF87FA3C659239F68F3228 - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
F89E6BBD6A080D8C714DFB6F30678288 - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
0F9DEA5814D22F83FED5F427E263DED0 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
06CDB1C3C77D372B6AF18DF1C131E5B5 - C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll - LogMeIn, Inc. Remote Access Components 1.0.0.356
8EF356DA145F60C3F11DF7EF03B97449 - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll - Adobe Acrobat
E806468C0A0CE66199E312B57750621C - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4
1C22407B9C44A71C5A311358A1384F41 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4
A0C0DFFE27C01E0C2EDA3BEB56C54986 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4
BAF947D9341451E36BE26D24DF256237 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4
07583A7028A33F67254AF5CC45B8121F - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4
8EF356DA145F60C3F11DF7EF03B97449 - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll - Adobe Acrobat
1291BEEBB50451C80BF7719612196508 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll - RealPlayer Download Plugin
90492E00EE4C916123BEC5D267894E8C - c:\program files\real\realplayer\Netscape6\nprjplug.dll - RealJukebox NS Plugin
4D96A92905BE968000B6470996E670A7 - c:\program files\real\realplayer\Netscape6\nppl3260.dll - RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)
3EA079023D32054BFD73D08E77C72609 - C:\WINDOWS\system32\npptools.dll - Besturingssysteem Microsoft® Windows®
7D28153B7D586330678AD522B71D89CB - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrlui.dll - Microsoft® Silverlight
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
jfmjfhklogoienhpfnppmbcbjfjnkonk - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
RealPlayer HTML5Video Downloader Extension - Geert - Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk
==== Set IE to Default ======================
Old Values:
“Start Page”=“http://www.nu.nl/”
New Values:
“Start Page”=“http://www.nu.nl/”
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
“DefaultScope”=“{E7A3ACAB-EB88-429E-B749-0096DCC2FF09}”
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ieframe.dll,-12512 Url=“http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC”
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”
{E7A3ACAB-EB88-429E-B749-0096DCC2FF09} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_nl”
==== Reset IE Proxy ======================
Value(s) before fix:
“ProxyServer”=“146.191.228.22:8080”
“ProxyOverride”=“local;*.local”
“ProxyEnable”=dword:00000000
Value(s) after fix:
“ProxyEnable”=dword:00000000
==== HijackThis Entries ======================
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Lync add-on BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: “C:\Program Files\Microsoft Office\Office14\BCSSync.exe” /DelayServices
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: nwiz.exe /install
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKLM\..\Run: C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: “C:\program files\real\realplayer\update\realsched.exe” -osboot
O4 - HKLM\..\Run: “C:\Program Files\LogMeIn\x86\LogMeInSystray.exe”
O4 - HKLM\..\Run: “C:\Program Files\Microsoft Lync\communicator.exe” /fromrunkey
O4 - HKLM\..\Run: rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM\..\Run: “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM\..\Run: “C:\Program Files\Internetbeveiliging\fshoster32.exe” -app -hosterid:1
O4 - HKLM\..\Run: “C:\Program Files\Internetbeveiliging\apps\ComputerSecurity\Common\FSM32.EXE” /splash
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKCU\..\Run: “C:\Program Files\Microsoft ActiveSync\wcescomm.exe”
O4 - HKCU\..\Run: “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU\..\Run: “C:\Program Files\MyTomTom 3\MyTomTomSA.exe”
O4 - HKCU\..\Run: “C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE”
O4 - HKUS\S-1-5-18\..\Run: “C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe” -t (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: “C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe” -t (User ‘Default user’)
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Geert\Application Data\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll
O9 - Extra ‘Tools’ menuitem: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra ‘Tools’ menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com//activex/ractrl.cab?lmi=1007
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - Invalid registry found
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - Unknown owner - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\\MAGIX\\Common\\Database\\bin\\fbserver.exe (file missing)
O23 - Service: FreemakeVideoCapture - Unknown owner - C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe (file missing)
O23 - Service: F-Secure Dll Hoster (fshoster) - F-Secure Corporation - C:\Program Files\Internetbeveiliging\fshoster32.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Internetbeveiliging\apps\ComputerSecurity\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Internetbeveiliging\apps\CCF_Reputation\fsorsp.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
==== Empty IE Cache ======================
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Jelle\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Tessa\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Geert\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Documents and Settings\Jelle\Local Settings\Application Data\Mozilla\Firefox\Profiles\k854hlti.default\Cache emptied successfully
C:\Documents and Settings\Tessa\Local Settings\Application Data\Mozilla\Firefox\Profiles\imehe7nk.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Documents and Settings\Geert\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\Geert\LOCALS~1\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\RECYCLER successfully emptied
==== Deleting Files / Folders ======================
“C:\Documents and Settings\Geert\Local Settings\Temporary Internet Files\Content.IE5\index.dat” not deleted
“C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat” not found
==== EOF on zo 11-08-2013 at 15:45:50,45 ======================
Zoek.exe Version 4.0.0.4 Updated 10-August-2013
Tool run by Geert on zo 11-08-2013 at 16:33:59,57.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Geert\Bureaublad\zoek.exe
==== Older Logs ======================
C:\zoek-results10-08-2013-0932.log 38947 bytes
C:\zoek-results11-08-2013-1545.log 32599 bytes
==== Suspicious Entries Found ======================
“3389:TCP”=“3389:TCP:*:Enabled:@xpsp2res.dll,-22009”
“1900:UDP”=“1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007”
“2869:TCP”=“2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008”
“26675:TCP”=“26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service”
“1723:TCP”=“1723:TCP:*:Enabled:@xpsp2res.dll,-22015”
“1701:UDP”=“1701:UDP:*:Enabled:@xpsp2res.dll,-22016”
“500:UDP”=“500:UDP:*:Enabled:@xpsp2res.dll,-22017”
“139:TCP”=“139:TCP:*:Enabled:@xpsp2res.dll,-22004”
“445:TCP”=“445:TCP:*:Enabled:@xpsp2res.dll,-22005”
“137:UDP”=“137:UDP:*:Enabled:@xpsp2res.dll,-22001”
“138:UDP”=“138:UDP:*:Enabled:@xpsp2res.dll,-22002”
“3389:TCP”=“3389:TCP:*:Enabled:@xpsp2res.dll,-22009”
“139:TCP”=“139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004”
“445:TCP”=“445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005”
“137:UDP”=“137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001”
“138:UDP”=“138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002”
“1900:UDP”=“1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007”
“2869:TCP”=“2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008”
“26675:TCP”=“26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service”
“1723:TCP”=“1723:TCP:*:Enabled:@xpsp2res.dll,-22015”
“1701:UDP”=“1701:UDP:*:Enabled:@xpsp2res.dll,-22016”
“500:UDP”=“500:UDP:*:Enabled:@xpsp2res.dll,-22017”
“1033:TCP”=“1033:TCP:*:Enabled:Akamai NetSession Interface”
“5000:UDP”=“5000:UDP:*:Enabled:Akamai NetSession Interface”
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SASKUTIL deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SASKUTIL deleted successfully
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
“AppInit_DLLs”=-
==== Deleting Files \ Folders ======================
“C:\WINDOWS\system32\drivers\a6xc2ite.sys” not found
“C:\WINDOWS\system32\drivers\aoxhe9sy.sys” not found
“C:\Program Files\SUPERAntiSpyware” not found
==== EOF on zo 11-08-2013 at 16:35:08,71 ======================
Hallo,
De volgende scanner kan wel even duren neem er de tijd voor:
Ga naar de site van de
Klik op de knop ESET Online Scanner
Zet een vinkje bij YES, I accept the Terms of Use
Klik op Start
Sta het ActiveX control toe om te installeren.
Klik op “Advanced settings”
Zet een vinkje bij de volgende opties:
Remove found threats
Scan archives
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology
Klik op Start
De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld.
Je mag het venster sluiten wanneer de scan klaar is.
Gebruik Kladblok om het logje te openen. Dit logje vind je op de locatie C:\Program Files\EsetOnlineScanner\log.txt
Kopieer en plak de inhoud van dit logje in je volgende bericht.
Gr.Ben
Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.
)