Archief - MSN gehackt?

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
S

S1RBOT

Legacy Member
https://www.beyondgaming.be/archive/software.22/msn-gehackt.668690

Zie hier de HiJackThisLog

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28:20, on 31/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Xfire Toolbar - {ab21b82c-08a2-4d30-b7f9-2cd8ed8bc88b} - C:\Program Files\Xfire\tbXfir.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Xfire Toolbar - {ab21b82c-08a2-4d30-b7f9-2cd8ed8bc88b} - C:\Program Files\Xfire\tbXfir.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Xfire Toolbar - {ab21b82c-08a2-4d30-b7f9-2cd8ed8bc88b} - C:\Program Files\Xfire\tbXfir.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Echovoice Gamer Statistics] C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "d:\games\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 8387 bytes
J

Juisterr

Legacy Member
Schakel tijdelijk Windows Defender uit
Want deze kan voor stoorzender spelen bij het fixen met HJT (de fix terug ongedaan maken)
* Open Windows Defender > Klik Tools
* Klik "General Settings" of Options
* Scroll naar "Real Time Protection Options"
* Haal het vinkje weg bij "Turn on Real Time Protection (recommended)" > Klik "Save"
* Sluit Windows Defender
(als de problemen over zijn, logje weer schoon verklaard is, kan je 'm weer aanzetten)

LET OP: Startup/exefile [Steam] steam.exe komt meerdere keren voor bij CC of op onbekende directory

Klik met de rechtermuis op het programma Hijackthis en kies voor "Uitvoeren als Administrator"
Kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.

Download MalwareBytes' Anti-Malware en sla het op je bureaublad op.
Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg dat er na de installatie een vinkje is geplaatst bij:
  • Update MalwareBytes' Anti-Malware
  • Start MalwareBytes' Anti-Malware
Klik daarna op "Voltooien".
Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.
  • Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
  • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
  • Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
  • Druk vervolgens op "Scannen" om de scan te starten.
  • Het scannen kan een tijdje duren, dus wees geduldig.
  • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
  • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
  • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Plaats dit logje samen met een nieuw logje van HijackThis.

Start hijackthis opnieuw en maak een nieuw HijackThis logje, let wel op want
je moet HijackThis als Administrator uitvoeren en dan de nieuwe log posten.
Indien je het niet als administrator uitvoert, wordt de oude log niet overschreven.
S

S1RBOT

Legacy Member
Okay ik heb alles gedaan zoals jij het gezegd hebt, ik hoop dat ik het alleen juist heb gedaan :P

Mbam log:

Malwarebytes' Anti-Malware 1.40
Database versie: 2725
Windows 6.0.6001 Service Pack 1

1/09/2009 18:47:17
mbam-log-2009-09-01 (18-47-17).txt

Scan type: Snelle Scan
Objecten gescand: 33893
Verstreken tijd: 2 minute(s), 34 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)


HiJackThisLog:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:49:15, on 1/09/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Xfire Toolbar - {ab21b82c-08a2-4d30-b7f9-2cd8ed8bc88b} - C:\Program Files\Xfire\tbXfir.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Xfire Toolbar - {ab21b82c-08a2-4d30-b7f9-2cd8ed8bc88b} - C:\Program Files\Xfire\tbXfir.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Xfire Toolbar - {ab21b82c-08a2-4d30-b7f9-2cd8ed8bc88b} - C:\Program Files\Xfire\tbXfir.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Echovoice Gamer Statistics] C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "d:\games\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 7581 bytes

Bedankt alvast voor je hulp ^^
S

S1RBOT

Legacy Member
Nee enkel het feit dat ik niet op mijn MSN of op die van mijn zus kan...
J

Juisterr

Legacy Member
Download Combofix naar je Bureaublad en gebruik het volgens deze handleiding.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
  • Dubbelklik op Combofix.exe om het te starten.
  • Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
  • Klik op OK in het "NirCmd" venstertje.
  • Klik na afloop terug op Ja om het scannen op malware te starten.
  • Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
  • Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.
Post dit logje in je volgende antwoord
S

S1RBOT

Legacy Member
ComboFix 09-09-07.06 - Joeri 08/09/2009 18:16.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.32.1043.18.3198.2329 [GMT 2:00]
Gestart vanuit: c:\users\Joeri\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500

.
(((((((((((((((((((( Bestanden Gemaakt van 2009-08-08 to 2009-09-08 ))))))))))))))))))))))))))))))
.

2009-09-08 16:19 . 2009-09-08 16:19 -------- d-----w- c:\users\Joeri\AppData\Local\temp
2009-09-08 16:19 . 2009-09-08 16:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-03 15:23 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-03 15:23 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-03 15:22 . 2009-09-03 15:32 -------- d-----w- c:\program files\Graphmatica
2009-09-02 14:15 . 2009-09-02 14:27 -------- d-----w- c:\users\Joeri\AppData\Roaming\TeamViewer
2009-09-02 14:15 . 2009-09-02 14:15 -------- d-----w- c:\program files\TeamViewer
2009-09-02 14:14 . 2009-09-02 14:14 -------- d-----w- c:\users\Joeri\temp
2009-09-02 10:56 . 2009-09-02 10:56 -------- d-----w- c:\users\Joeri\AppData\Local\Apple Computer
2009-09-01 16:43 . 2009-09-01 16:43 -------- d-----w- c:\users\Joeri\AppData\Roaming\Malwarebytes
2009-09-01 16:43 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-01 16:43 . 2009-09-01 16:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-01 16:43 . 2009-09-01 16:43 -------- d-----w- c:\programdata\Malwarebytes
2009-09-01 16:43 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-01 16:03 . 2009-09-01 16:03 -------- d-----w- c:\users\Joeri\AppData\Local\Apple
2009-08-30 19:02 . 2009-08-30 19:02 -------- d-----w- c:\program files\Trend Micro
2009-08-27 21:06 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-18 07:26 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-18 07:26 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-18 07:26 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-18 07:26 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-18 07:26 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-18 07:26 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-18 07:26 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-18 07:26 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-13 19:53 . 2009-08-13 19:53 41872 ----a-w- c:\windows\system32\xfcodec.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-08 16:10 . 2009-06-05 17:27 -------- d-----w- c:\users\Joeri\AppData\Roaming\DNA
2009-09-08 16:00 . 2009-05-21 07:55 -------- d-----w- c:\users\Joeri\AppData\Roaming\Xfire
2009-09-08 15:26 . 2009-05-21 09:13 139584 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-09-08 15:26 . 2009-05-21 09:13 189104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-09-08 15:25 . 2006-11-02 16:11 667114 ----a-w- c:\windows\system32\perfh013.dat
2009-09-08 15:25 . 2006-11-02 16:11 126648 ----a-w- c:\windows\system32\perfc013.dat
2009-09-08 15:20 . 2009-05-21 07:15 -------- d-----w- c:\program files\SpeedFan
2009-09-08 15:20 . 2009-06-05 17:27 -------- d-----w- c:\program files\DNA
2009-09-07 16:12 . 2009-06-05 17:27 -------- d-----w- c:\users\Joeri\AppData\Roaming\BitTorrent
2009-09-05 18:04 . 2009-06-02 16:54 -------- d-----w- c:\users\Joeri\AppData\Roaming\mIRC
2009-09-05 18:03 . 2009-06-02 16:54 -------- d-----w- c:\program files\mIRC
2009-09-05 09:48 . 2009-05-27 18:25 -------- d-----w- c:\program files\Common Files\Steam
2009-09-02 15:38 . 2009-05-21 07:33 -------- d-----w- c:\users\Joeri\AppData\Roaming\LimeWire
2009-09-02 12:52 . 2009-07-04 11:24 -------- d-----w- c:\programdata\TrackMania
2009-09-02 10:50 . 2009-05-21 07:55 -------- d-----w- c:\programdata\Xfire
2009-08-30 19:06 . 2009-05-21 09:13 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-08-30 19:06 . 2009-05-21 09:13 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2009-08-29 08:21 . 2009-05-21 07:32 -------- d-----w- c:\program files\Java
2009-08-20 12:49 . 2009-05-27 14:00 -------- d-----w- c:\users\Joeri\AppData\Roaming\Ventrilo
2009-08-18 19:18 . 2009-05-21 08:24 -------- d-----w- c:\programdata\Microsoft Help
2009-08-18 19:17 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-18 18:10 . 2009-05-21 07:55 -------- d-----w- c:\program files\Xfire
2009-08-18 11:45 . 2009-05-30 11:23 -------- d-----w- c:\users\Joeri\AppData\Roaming\teamspeak2
2009-08-06 15:02 . 2009-08-06 15:02 -------- d-----w- c:\users\Joeri\AppData\Roaming\Apple Computer
2009-08-06 15:02 . 2009-08-06 15:01 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-06 15:02 . 2009-08-06 15:01 -------- d-----w- c:\program files\iTunes
2009-08-06 15:02 . 2009-08-06 15:02 -------- d-----w- c:\program files\iPod
2009-08-06 15:02 . 2009-08-06 14:57 -------- d-----w- c:\program files\Common Files\Apple
2009-08-06 15:01 . 2009-08-06 15:00 -------- d-----w- c:\programdata\Apple Computer
2009-08-06 15:01 . 2009-08-06 15:01 -------- d-----w- c:\program files\Bonjour
2009-08-06 15:00 . 2009-08-06 15:00 -------- d-----w- c:\program files\QuickTime
2009-08-06 14:59 . 2009-08-06 14:59 -------- d-----w- c:\program files\Apple Software Update
2009-08-06 14:57 . 2009-08-06 14:57 -------- d-----w- c:\programdata\Apple
2009-08-06 14:34 . 2009-08-06 14:34 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-08-05 13:35 . 2009-05-21 09:13 139152 ----a-w- c:\users\Joeri\AppData\Roaming\PnkBstrK.sys
2009-08-05 13:35 . 2009-05-21 09:13 139152 ----a-w- c:\users\Joeri\AppData\Roaming\PnkBstrK.sys
2009-08-05 10:16 . 2009-08-05 10:16 -------- d-----w- c:\program files\Conduit
2009-08-05 09:50 . 2009-08-05 09:50 -------- d-----w- c:\programdata\id Software
2009-08-01 07:44 . 2009-06-12 19:37 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-31 08:34 . 2009-05-21 07:02 -------- d-----w- c:\programdata\Creative
2009-07-31 08:28 . 2009-05-21 06:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-31 08:27 . 2009-07-31 08:26 -------- d--h--w- c:\program files\Creative Installation Information
2009-07-31 08:26 . 2009-05-21 06:58 -------- d-----w- c:\program files\Creative
2009-07-31 08:26 . 2009-07-31 08:26 -------- d-----w- c:\program files\Common Files\Creative
2009-07-31 07:40 . 2009-07-31 07:40 -------- d-----w- c:\program files\Common Files\Creative Labs Shared
2009-07-31 07:40 . 2009-05-21 07:01 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-07-31 07:40 . 2009-05-21 07:01 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-07-25 03:23 . 2009-05-21 07:32 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-22 18:12 . 2009-07-22 18:12 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-07-21 21:52 . 2009-07-29 09:26 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 09:26 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 09:26 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 09:26 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 10:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-07-17 10:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-07-17 10:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-07-17 10:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-17 10:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-07-17 10:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-07-17 09:26 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-07-17 09:25 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-07-16 09:06 . 2009-05-21 08:25 -------- d-----w- c:\users\Joeri\AppData\Roaming\Mumble
2009-07-09 12:07 . 2009-07-09 12:07 10134 ----a-r- c:\users\Joeri\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-07-09 10:16 . 2009-07-09 10:16 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-07-09 10:16 . 2009-07-09 10:16 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-07-08 12:58 . 2009-07-08 12:58 10134 ----a-r- c:\users\Joeri\AppData\Roaming\Microsoft\Installer\{7113847B-EC8E-C244-66B0-C8C98A855525}\ARPPRODUCTICON.exe
2009-07-08 12:56 . 2009-05-20 21:29 1356 ----a-w- c:\users\Joeri\AppData\Local\d3d9caps.dat
2009-07-05 17:10 . 2009-05-20 21:30 100640 ----a-w- c:\users\Joeri\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-01 11:45 . 2009-07-01 11:08 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-06-15 15:24 . 2009-07-15 09:04 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-15 09:04 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-15 09:04 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-15 09:04 289792 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ab21b82c-08a2-4d30-b7f9-2cd8ed8bc88b}"= "c:\program files\Xfire\tbXfir.dll" [2009-07-15 2224152]

[HKEY_CLASSES_ROOT\clsid\{ab21b82c-08a2-4d30-b7f9-2cd8ed8bc88b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ab21b82c-08a2-4d30-b7f9-2cd8ed8bc88b}]
2009-07-15 08:09 2224152 ----a-w- c:\program files\Xfire\tbXfir.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ab21b82c-08a2-4d30-b7f9-2cd8ed8bc88b}"= "c:\program files\Xfire\tbXfir.dll" [2009-07-15 2224152]

[HKEY_CLASSES_ROOT\clsid\{ab21b82c-08a2-4d30-b7f9-2cd8ed8bc88b}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{AB21B82C-08A2-4D30-B7F9-2CD8ED8BC88B}"= "c:\program files\Xfire\tbXfir.dll" [2009-07-15 2224152]

[HKEY_CLASSES_ROOT\clsid\{ab21b82c-08a2-4d30-b7f9-2cd8ed8bc88b}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Steam"="d:\games\steam\steam.exe" [2009-06-11 1217784]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-06-05 321344]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-05-04 354312]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-05-04 1572872]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-05-04 2817544]
"Echovoice Gamer Statistics"="c:\program files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe" [2006-11-28 53248]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-20 98304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\System32\Ctxfihlp.exe [2009-06-03 25600]

c:\users\Joeri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2009-8-13 3109264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2714184207-1294266456-4259650516-1000]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{9B9F5EFD-D603-472E-802E-04CCF39EC070}d:\\games\\cod4\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:d:\games\cod4\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"UDP Query User{A2652DAD-6BA6-4CC4-9CE5-27CC827FE3D5}d:\\games\\cod4\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:d:\games\cod4\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"{2543E203-964A-4FC6-98E0-625C5DD7C8E2}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{66B10A0C-34F5-4D8B-8A2C-2FE6C4435E22}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F2D11E04-A80A-45D8-812A-2C608222FF3A}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{11AF2DE6-7BE8-4011-857D-071F9D3F836D}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C23B8E07-9D32-4E5E-88ED-33ADECC52DB2}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{255ED58E-9EED-4341-BFCB-D0126EC700E3}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{3C786CEF-95DE-44C3-A656-7BAA28EA142D}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{72FB3E7E-AA7A-4575-957D-2C6344C30B39}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{D89BE998-150D-444A-9B7F-2B2C40F67CEF}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{F91B8BA6-A473-4C41-8D97-ED11145EBA6D}d:\\games\\cod5\\activision\\call of duty - world at war\\codwawmp.exe"= UDP:d:\games\cod5\activision\call of duty - world at war\codwawmp.exe:Call of Duty(R): World at War Multiplayer
"UDP Query User{E44A4410-7BB2-4C5A-A14B-540701F72140}d:\\games\\cod5\\activision\\call of duty - world at war\\codwawmp.exe"= TCP:d:\games\cod5\activision\call of duty - world at war\codwawmp.exe:Call of Duty(R): World at War Multiplayer
"TCP Query User{4A3C0F83-6E44-4EC1-8727-685A90409BE7}d:\\games\\cod2\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:d:\games\cod2\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{EA6FEF24-9422-40F1-9C90-2CB1D97E402B}d:\\games\\cod2\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:d:\games\cod2\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{200D0F44-BC4A-4376-A5BC-6A93751CDEA0}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{6A9632E9-BC12-487E-96B9-FA02CD80DB22}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{81933588-9888-4F46-B326-2B920982BCDB}"= UDP:d:\games\CoD4\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{65C67FAD-382E-4396-AAFA-08D17F195BEF}"= TCP:d:\games\CoD4\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{9B838102-E5D4-4E69-9FCF-65264E666877}d:\\games\\steam\\steamapps\\saberke\\counter-strike source\\hl2.exe"= UDP:d:\games\steam\steamapps\saberke\counter-strike source\hl2.exe:hl2
"UDP Query User{6FD4C657-F04A-4870-98B3-33A64A5C14F6}d:\\games\\steam\\steamapps\\saberke\\counter-strike source\\hl2.exe"= TCP:d:\games\steam\steamapps\saberke\counter-strike source\hl2.exe:hl2
"{DF61592D-E16A-4EBF-9B2B-7237D26BE235}"= UDP:d:\games\Binaries\UT3.exe:Unreal Tournament 3
"{5D3D5718-3881-44AA-9E2E-226BA1D9732B}"= TCP:d:\games\Binaries\UT3.exe:Unreal Tournament 3
"TCP Query User{51A1F7E0-09F5-4800-954E-35B73D78BF9B}d:\\games\\steam\\steamapps\\s1r_j4nssen\\half-life 2 deathmatch\\hl2.exe"= UDP:d:\games\steam\steamapps\s1r_j4nssen\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{E949DFE0-9A42-4F3F-9357-4277178A049B}d:\\games\\steam\\steamapps\\s1r_j4nssen\\half-life 2 deathmatch\\hl2.exe"= TCP:d:\games\steam\steamapps\s1r_j4nssen\half-life 2 deathmatch\hl2.exe:hl2
"TCP Query User{3B009324-44F5-4398-91B5-6FDF41332FE2}d:\\games\\steam\\steamapps\\s1r_j4nssen\\team fortress 2\\hl2.exe"= UDP:d:\games\steam\steamapps\s1r_j4nssen\team fortress 2\hl2.exe:hl2
"UDP Query User{06F19ECB-29A7-47E4-B7AB-EDD2EAC2E9EA}d:\\games\\steam\\steamapps\\s1r_j4nssen\\team fortress 2\\hl2.exe"= TCP:d:\games\steam\steamapps\s1r_j4nssen\team fortress 2\hl2.exe:hl2
"TCP Query User{347AF2E7-2A70-45C0-8E25-4B98550BBA68}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{4B4418EC-4EAA-4BB1-9CDE-72BE278FF3A4}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"{F28AE26C-5186-4B72-83B0-F9527078CFB4}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{3F557E9D-9FF8-4D4E-B557-B34700C568D9}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"TCP Query User{347491A8-2D3D-40AF-A02D-303CA82381C6}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{8C4387B7-57F4-4734-8801-B407EA16CA0E}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"TCP Query User{CCB5D34D-B8BE-443C-9DC1-69E687874F3B}c:\\users\\joeri\\program files\\dna\\btdna.exe"= UDP:c:\users\joeri\program files\dna\btdna.exe:btdna.exe
"UDP Query User{3B1D0C7E-3766-4893-9437-B688E780E165}c:\\users\\joeri\\program files\\dna\\btdna.exe"= TCP:c:\users\joeri\program files\dna\btdna.exe:btdna.exe
"{45D9887D-603B-4071-952D-2D83878FB673}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{C46662F8-B079-44C4-AFC5-12AACAFE96C8}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{5B07A49C-4532-4AF3-8479-D5494547C0C9}c:\\program files\\dna\\btdna.exe"= UDP:c:\program files\dna\btdna.exe:DNA
"UDP Query User{B415C7A3-D346-42FF-A7DB-CA51F9514843}c:\\program files\\dna\\btdna.exe"= TCP:c:\program files\dna\btdna.exe:DNA
"{0E22B030-D248-48F4-9303-016657ED8725}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{F021C43A-3EE8-48A4-BC15-FB7F884EBF89}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"TCP Query User{A5A61AA1-5C5A-49E4-8C70-79F08CC1F7B8}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{2F7996AC-D444-48D0-805D-590FB52687B2}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"{7C5D68D4-608F-43A5-A99A-9ABD1B633AE0}"= UDP:d:\games\Prototype\prototypef.exe:Prototype(TM)
"{9A2D0898-1CE0-4CF7-BE27-241E3C2A96DF}"= TCP:d:\games\Prototype\prototypef.exe:Prototype(TM)
"TCP Query User{CF3FC9B0-1420-4A71-9744-9B8939EB81C9}d:\\games\\unreal tournament 3\\binaries\\ut3.exe"= UDP:d:\games\unreal tournament 3\binaries\ut3.exe:UT3
"UDP Query User{66B79A27-9DE1-468C-A576-27432ABF0CF8}d:\\games\\unreal tournament 3\\binaries\\ut3.exe"= TCP:d:\games\unreal tournament 3\binaries\ut3.exe:UT3
"{DEE60AA8-D31A-4A97-AD03-8BEEF8BDDC30}"= UDP:d:\games\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{0F5A2CA8-4826-4735-92D0-1CDEA6487FAE}"= TCP:d:\games\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{AC3BC6CA-145A-4193-B345-3784BF5DBD33}"= UDP:d:\games\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{3DE3E946-9706-4A5E-9BE3-48C6EE1AD698}"= TCP:d:\games\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{028AE385-D22C-4A6E-8C16-60CCA483BA56}"= UDP:d:\games\Far Cry 2\bin\FC2Editor.exe:Editor
"{91BAB595-B9CA-4769-AB6B-CE51FC1A8526}"= TCP:d:\games\Far Cry 2\bin\FC2Editor.exe:Editor
"{A4037105-212F-400D-B3DA-CE9F888D6106}"= UDP:d:\games\steam\steamapps\common\trackmania nations forever\TmForever.exe:TrackMania Nations Forever
"{54D275A7-F957-44F4-944F-5901614C9E8B}"= TCP:d:\games\steam\steamapps\common\trackmania nations forever\TmForever.exe:TrackMania Nations Forever
"{CDBBB40F-87C7-4A8B-B899-F29BD65AA159}"= UDP:d:\games\steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe:TrackMania Nations Forever
"{F6332B6A-0CB6-4C9F-9704-789487725FB7}"= TCP:d:\games\steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe:TrackMania Nations Forever
"TCP Query User{EEE00287-2D0B-43EE-9198-142DFEA9D8FB}d:\\games\\steam\\steamapps\\gielie111\\counter-strike source\\hl2.exe"= UDP:d:\games\steam\steamapps\gielie111\counter-strike source\hl2.exe:hl2
"UDP Query User{15002C7B-0EBE-4A39-B7D7-169BC2BF87D0}d:\\games\\steam\\steamapps\\gielie111\\counter-strike source\\hl2.exe"= TCP:d:\games\steam\steamapps\gielie111\counter-strike source\hl2.exe:hl2
"{F2E0A8BB-46EA-4DB1-9B00-F992737052F5}"= UDP:d:\games\steam\steamapps\common\call of duty 2\CoD2SP_s.exe:Call of Duty 2
"{94B29F9D-6539-4912-B33C-0759F86BA8BF}"= TCP:d:\games\steam\steamapps\common\call of duty 2\CoD2SP_s.exe:Call of Duty 2
"{FDA2FE33-1860-4429-AAE6-240A7DA739EF}"= UDP:d:\games\steam\steamapps\common\call of duty 2\CoD2MP_s.exe:Call of Duty 2
"{5F5AEF48-28BA-41F8-A56C-D6AAE4AAB1CA}"= TCP:d:\games\steam\steamapps\common\call of duty 2\CoD2MP_s.exe:Call of Duty 2
"{3C7A2593-C524-4E48-896F-BE754D60EB47}"= UDP:d:\games\CoD5\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{DBD4502F-535F-4730-93BA-69C24C01E122}"= TCP:d:\games\CoD5\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{C4A57D19-076A-495A-9837-9ECB2E9D012A}"= UDP:d:\games\CoD5\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{0EA39136-3E96-4C79-8223-3C659D5315D6}"= TCP:d:\games\CoD5\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"TCP Query User{F34D1386-D483-487C-9D25-AEEDDA02DE84}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{5FD5BA95-F68B-471A-A6AF-B0B8A94F1407}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{70157B01-4AAF-40C5-9DB7-9D3503BD88AA}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{7821E2A4-1A5C-47BC-809C-999E644DD96C}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{4A91A32A-4A34-4B0B-86E9-DAEEAEEA58B6}c:\\users\\joeri\\appdata\\local\\temp\\rar$ex00.740\\wolf2mp.exe"= UDP:c:\users\joeri\appdata\local\temp\rar$ex00.740\wolf2mp.exe:wolf2mp.exe
"UDP Query User{3CECF591-87E5-4CEA-B35D-101CDFFC2755}c:\\users\\joeri\\appdata\\local\\temp\\rar$ex00.740\\wolf2mp.exe"= TCP:c:\users\joeri\appdata\local\temp\rar$ex00.740\wolf2mp.exe:wolf2mp.exe
"TCP Query User{2953AF57-72FB-40DE-94E8-B6BB5EE9445C}c:\\users\\joeri\\desktop\\wolf2mplite.exe"= UDP:c:\users\joeri\desktop\wolf2mplite.exe:wolf2mplite.exe
"UDP Query User{9FC74C0A-B4A1-4230-AECD-E8744A5A4F73}c:\\users\\joeri\\desktop\\wolf2mplite.exe"= TCP:c:\users\joeri\desktop\wolf2mplite.exe:wolf2mplite.exe
"TCP Query User{3E08614B-4AB4-45D7-8E93-EA76DF13C303}c:\\users\\joeri\\desktop\\wolf2mp.exe"= UDP:c:\users\joeri\desktop\wolf2mp.exe:wolf2mp.exe
"UDP Query User{B0AF59DA-5C2E-4902-BDC0-5A09FA35C158}c:\\users\\joeri\\desktop\\wolf2mp.exe"= TCP:c:\users\joeri\desktop\wolf2mp.exe:wolf2mp.exe
"TCP Query User{15310703-92AA-4C13-B1C5-4DA90DF6A825}d:\\games\\wolfenstein 2 mp beta\\wolf2mp.exe"= UDP:d:\games\wolfenstein 2 mp beta\wolf2mp.exe:Wolfenstein MP
"UDP Query User{1CB964A7-0689-42B1-B8A3-AFE9408AFB03}d:\\games\\wolfenstein 2 mp beta\\wolf2mp.exe"= TCP:d:\games\wolfenstein 2 mp beta\wolf2mp.exe:Wolfenstein MP
"TCP Query User{BC6DC1B4-78FD-465C-B33A-FA42806217F2}d:\\games\\wolfenstein 2 mp beta\\wolf2mplite.exe"= UDP:d:\games\wolfenstein 2 mp beta\wolf2mplite.exe:Wolfenstein MP
"UDP Query User{DBC3E425-4A70-499B-9DE1-8F9A6A18AB31}d:\\games\\wolfenstein 2 mp beta\\wolf2mplite.exe"= TCP:d:\games\wolfenstein 2 mp beta\wolf2mplite.exe:Wolfenstein MP
"TCP Query User{01AC09EB-B219-4D6F-A3AE-B68EC1BA4319}d:\\games\\steam\\steamapps\\terminator851\\day of defeat source\\hl2.exe"= UDP:d:\games\steam\steamapps\terminator851\day of defeat source\hl2.exe:hl2
"UDP Query User{3A1EF15B-85F3-42B6-92D9-3E2F7679A2FF}d:\\games\\steam\\steamapps\\terminator851\\day of defeat source\\hl2.exe"= TCP:d:\games\steam\steamapps\terminator851\day of defeat source\hl2.exe:hl2
"TCP Query User{71D4E2E0-1416-41FE-8C9B-4ED203C468EE}d:\\games\\steam\\steamapps\\saberke\\zombie panic! source\\hl2.exe"= UDP:d:\games\steam\steamapps\saberke\zombie panic! source\hl2.exe:hl2
"UDP Query User{3C0643C4-F449-464F-BC06-812F9406EEFB}d:\\games\\steam\\steamapps\\saberke\\zombie panic! source\\hl2.exe"= TCP:d:\games\steam\steamapps\saberke\zombie panic! source\hl2.exe:hl2
"{4C2EE01B-1013-4DB0-9F2B-19FA8C4D571C}"= UDP:d:\games\steam\steamapps\common\america's army 3\Binaries\AA3Game.exe:America's Army 3
"{E2EB1F29-6BB1-494A-BF98-D30CF71FA7C9}"= TCP:d:\games\steam\steamapps\common\america's army 3\Binaries\AA3Game.exe:America's Army 3
"{9F2CD706-22DD-429B-BF34-ED719239B9FA}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{EDB46E30-928E-4A5A-9E24-DF68F98D5544}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{FE9A21DF-E828-47CF-BEBF-D71243F251BF}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{D14A7C6E-6D0F-47EE-B600-AF8E6214B82E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{D61F3AF5-C93A-4205-81AB-EF9CCC610273}d:\\games\\cod4\\iw3mp.exe"= UDP:d:\games\cod4\iw3mp.exe:iw3mp
"UDP Query User{5F5885B6-10DC-477E-9038-C2F7AE9F3D3F}d:\\games\\cod4\\iw3mp.exe"= TCP:d:\games\cod4\iw3mp.exe:iw3mp
"{419D76EF-E359-4351-9927-99092B7A3AEA}"= UDP:c:\program files\TeamViewer\Version4\TeamViewer.exe:Teamviewer Remote Control Application
"{C1388701-916B-4964-B648-C73EE014661F}"= TCP:c:\program files\TeamViewer\Version4\TeamViewer.exe:Teamviewer Remote Control Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [16/05/2009 5:23 176128]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [24/08/2009 16:51 185640]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\System32\drivers\AtiHdmi.sys [24/04/2009 7:43 95544]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.sys [4/06/2009 2:46 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.sys [4/06/2009 2:46 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.sys [4/06/2009 2:46 72728]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [31/07/2009 10:23 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [31/07/2009 9:40 79360]
S3 CT20XUT;CT20XUT;c:\windows\System32\drivers\CT20XUT.sys [4/06/2009 2:46 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\System32\drivers\CTEXFIFX.sys [4/06/2009 2:46 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\System32\drivers\CTHWIUT.sys [4/06/2009 2:46 72728]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Inhoud van de 'Gedeelde Taken' map

2009-08-01 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

2009-09-08 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
.
- - - - ORPHANS VERWIJDERD - - - -

HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe


.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-09-08 18:19
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-2714184207-1294266456-4259650516-1000\Software\SecuROM\License information*]
"datasecu"=hex:96,42,be,99,1a,5d,0f,9e,3e,fe,84,39,d2,1e,39,d9,64,36,b8,d4,47,
1e,dd,64,19,89,55,f3,a4,2f,e6,b6,11,ac,56,6c,2e,c0,66,09,50,8b,8b,f7,d4,02,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
Voltooingstijd: 2009-09-08 18:20
ComboFix-quarantined-files.txt 2009-09-08 16:20

Pre-Run: 239.905.673.216 bytes beschikbaar
Post-Run: 240.105.807.872 bytes beschikbaar

308 --- E O F --- 2009-09-07 14:25
J

Juisterr

Legacy Member
Mocht je nog last hebben kan je beter msn uninstallen en opnieuw installeren.
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan