Volledige versie bekijken : Internet problemen + opstartfout
Beste,
Ik zal beginnen met de opstartfout. Als ik dus Windows opstart krijg ik meteen dit op min scherm :
RUNDLL
er is een fout opgetreden tijdens het laden van C:\WINDOWS\system32\{36do45-9c8d-3b7b-a0yd-357la9b16485}.dll
Kan opgegeven module niet vinden.
Nu het internetprobleem.. Ik geraak wel op de meeste site's, maar verschrikkelijk traag. En ik kan dan ook op niets doorklikken, als ik bv bij google iets intyp en op zoeken klik, dan laad hij eventjes en stopt dan. Ik kan dus niets meer opzoeken, enz...
Ook krijg ik veel pop-ups.
Als ik typ in internet ( zoals nu ), dan werkt mijn toetsenbord ook niet zo goed.
Ik heb al veel virusscanners gedaan, waaronder Norton ( die altijd aanstaat ) en Housecall, verschillende spywarescanners geïnstalleerd en gebruikt. Alles wat ik kon doen heb ik dus gedaan. Maar de problemen blijven zich voortdoen.
Ik heb nu de raad gekregen van iemand op blauwzwartforum.be om hier mijn Hijacklog te plaatsen.
Dit is mijn log :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:37:05, on 10/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ANYCOM\Blue USB-200-250\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skynet.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton-werkbalk weergeven - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{36d04519-9c8d-3b7b-a04d-357ea9b16485}.dll" DllInit
O4 - HKLM\..\Run: [BM13012117] Rundll32.exe "C:\WINDOWS\system32\qidlawhw.dll",s
O4 - HKLM\..\Run: [1032128b] rundll32.exe "C:\WINDOWS\system32\vipsgekx.dll",b
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/games/hamsterball/en/raptisoftgameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156163353062
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156165767687
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 14616 bytes
Alvast bedankt!
Met vriendelijke groeten,
Daff
Hallo Daff,
Ik ga even voor je kijken.
Recep :D
Al iets gevonden Recep ? :D
Hallo,
Volg deze instructies (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden) om ComboFix te downloaden.
Voer de instructies op die pagina uit, inclusief het installeren van de XP Recovery Console.
Indien je ComboFix al eerder hebt gebruikt, gelieve die versie te verwijderen en ComboFix opnieuw te downloaden via de bovenstaande link. ComboFix wordt namelijk bijna dagelijks geupdate.
Als je tijdens of na het downloaden van ComboFix of tijdens het gebruik van ComboFix een melding krijgt van je antivirus-of een andere scanner, schakel dan deze scanner uit en download ComboFix opnieuw. Sommige scanners zien bepaalde componenten die ComboFix gebruikt als verdacht en gaan deze blokkeren of verwijderen.
Dubbelklik op ComboFix.exe om ComboFix te openen.
Volg de instructies en aanvaard de disclaimer door op "Ja" te klikken.
Klik tijdens het draaien van ComboFix NIET in het venster, dit kan je systeem doet vastlopen.Wanneer ComboFix klaar is en eventueel na herstart zal er een log (ComboFix.txt) openen.
Post deze samen met een nieuw logje van HijackThis in je volgende reactie.
Succes,
Recep :D
Wel euhm, het probleem is dat ik nu ook niet op die site geraak.. :D
Kan je anders de downloadlink hier plaatsen ?
Grtz.
http://subs.geekstogo.com/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
Er komt een foutmelding op..
You cannot rename Combofix as Combofix[1]
?
Sorry voor de last. :shy:
Je moet het wel opslaan als doen he :) En dan op je Bureaublad.
Combofixlog :
ComboFix 08-07-11.1 - Davigno Desouter 2008-07-12 12:52:52.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.490 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Davigno Desouter\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BM13012117.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\awtursTm.dll
C:\WINDOWS\system32\bmndykqe.dll
C:\WINDOWS\system32\bpyjvaey.dll
C:\WINDOWS\system32\ctlfribw.dll
C:\WINDOWS\system32\dfjkmxqd.dll
C:\WINDOWS\system32\dibqqn.dll
C:\WINDOWS\system32\egkcekui.dll
C:\WINDOWS\system32\gymlvkvp.dll
C:\WINDOWS\system32\HjQBHkkj.ini
C:\WINDOWS\system32\HjQBHkkj.ini2
C:\WINDOWS\system32\hqdlxhpo.dll
C:\WINDOWS\system32\iorjtfga.ini
C:\WINDOWS\system32\jakwvdvn.dll
C:\WINDOWS\system32\jkkHBQjH.dll
C:\WINDOWS\system32\lrvassho.ini
C:\WINDOWS\system32\lrvassho.ini2
C:\WINDOWS\system32\lrvassho.tmp
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\myllyvoe.dll
C:\WINDOWS\system32\oeminfo.ini
C:\WINDOWS\system32\ogmlwchj.ini
C:\WINDOWS\system32\poaukpsl.ini
C:\WINDOWS\system32\qrbkmhvy.dll
C:\WINDOWS\system32\rcagbrss.dll
C:\WINDOWS\system32\rkfaheyn.ini
C:\WINDOWS\system32\smlcxesp.ini
C:\WINDOWS\system32\sqchhrlm.ini
C:\WINDOWS\system32\sqvvfufk.dll
C:\WINDOWS\system32\twEeMUvw.ini
C:\WINDOWS\system32\twEeMUvw.ini2
C:\WINDOWS\system32\vtUmJDUL.dll
C:\WINDOWS\system32\wlfdgikk.ini
C:\WINDOWS\system32\xkegspiv.ini
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-06-12 to 2008-07-12 ))))))))))))))))))))))))))))))
.
2008-07-12 12:53 . 2008-07-12 12:53 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS
2008-07-11 18:28 . 2008-07-11 18:28 81,168 --a------ C:\WINDOWS\system32\psexclms.dll
2008-07-11 18:26 . 2008-07-11 18:26 105,248 --a------ C:\WINDOWS\system32\nqesus.dll
2008-07-11 18:26 . 2008-07-11 18:26 105,248 --a------ C:\WINDOWS\system32\npdtffof.dll
2008-07-11 18:25 . 2008-07-11 18:25 90,928 --a------ C:\WINDOWS\system32\npuhojep.dll
2008-07-10 18:28 . 2008-07-10 18:28 105,232 --a------ C:\WINDOWS\system32\xkrmoj.dll
2008-07-10 18:28 . 2008-07-10 18:28 105,232 --a------ C:\WINDOWS\system32\dpuudbqy.dll
2008-07-10 18:24 . 2008-07-10 18:24 90,912 --a------ C:\WINDOWS\system32\qidlawhw.dll
2008-07-09 14:30 . 2008-07-09 14:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-09 14:24 . 2008-07-09 14:24 105,152 --a------ C:\WINDOWS\system32\xollhbjj.dll
2008-07-09 14:24 . 2008-07-09 14:24 105,152 --a------ C:\WINDOWS\system32\mcqmfj.dll
2008-07-09 14:22 . 2008-07-09 14:22 90,816 --a------ C:\WINDOWS\system32\qkfuvxuw.dll
2008-06-27 19:51 . 2008-06-27 19:52 <DIR> d-------- C:\Documents and Settings\Davigno Desouter\.housecall6.6
2008-06-27 16:17 . 2008-06-27 16:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-27 16:13 . 2008-07-11 20:50 <DIR> dr-h----- C:\Documents and Settings\Davigno Desouter\Onlangs geopend
2008-06-27 15:41 . 2008-06-28 19:44 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-27 15:41 . 2008-06-27 19:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-25 19:48 . 2008-07-12 13:02 110,415 --a------ C:\WINDOWS\BM13012117.xml
2008-06-19 14:56 . 2008-06-19 14:56 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-06-14 17:47 . 2008-06-14 17:47 <DIR> d-------- C:\Documents and Settings\Davigno Desouter\OngameNetwork
2008-06-13 14:45 . 2008-06-13 14:45 579,464 --a------ C:\WINDOWS\system32\SymNeti.dll
2008-06-13 14:45 . 2008-06-13 14:45 207,240 --a------ C:\WINDOWS\system32\SymRedir.dll
2008-06-13 14:14 . 2008-06-13 14:14 31,280 --a------ C:\WINDOWS\system32\drivers\SymIM.sys
2008-06-13 14:14 . 2008-06-13 14:14 13,093 --a------ C:\WINDOWS\system32\drivers\SymRedir.cat
2008-06-13 14:14 . 2008-06-13 14:14 1,611 --a------ C:\WINDOWS\system32\drivers\SymRedir.inf
2008-06-13 14:13 . 2008-06-13 14:13 184,240 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2008-06-13 14:13 . 2008-06-13 14:13 96,432 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2008-06-13 14:13 . 2008-06-13 14:13 41,008 --a------ C:\WINDOWS\system32\drivers\symndisv.sys
2008-06-13 14:13 . 2008-06-13 14:13 38,576 --a------ C:\WINDOWS\system32\drivers\symids.sys
2008-06-13 14:13 . 2008-06-13 14:13 37,424 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2008-06-13 14:13 . 2008-06-13 14:13 22,320 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2008-06-13 14:13 . 2008-06-13 14:13 13,616 --a------ C:\WINDOWS\system32\drivers\symdns.sys
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-07-12 11:02 --------- d-----w C:\Program Files\Steam
2008-07-12 10:59 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-11 16:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-10 11:40 --------- d-----w C:\Program Files\LimeWire
2008-07-10 11:40 --------- d-----w C:\Program Files\Incomplete
2008-06-26 10:26 --------- d-----w C:\Program Files\Google
2008-06-26 08:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
2008-06-19 14:40 --------- d-----w C:\Program Files\PartyGaming
2008-06-19 12:03 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-06-19 12:03 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-19 12:03 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-06-19 12:03 --------- d-----w C:\Program Files\Symantec
2008-06-12 10:30 --------- d-----w C:\Documents and Settings\Davigno Desouter\Application Data\AdobeUM
2008-06-06 16:54 --------- d-----w C:\Program Files\Belgacom
2008-05-28 16:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-05-26 17:08 --------- d-----w C:\Program Files\TmNationsForever
2007-03-29 16:37 736 ---ha-w C:\Program Files\hpothb07.dat
2007-03-29 16:37 2,526 ---ha-w C:\Documents and Settings\Davigno Desouter\Application Data\hpothb07.dat
2007-03-29 16:37 1,251 ---ha-w C:\Program Files\hpothb07.tif
2007-03-15 16:15 454,494 ----a-w C:\Program Files\install.log
2007-03-15 16:12 45,056 ----a-w C:\Program Files\unpack.exe
2007-03-15 16:12 19,597,824 ----a-w C:\Program Files\6_pnd.msi
2007-03-15 16:12 164 ----a-w C:\Program Files\launch.ini
2007-03-15 16:12 1,558,465 ----a-w C:\Program Files\lcpcknd_prv_setup.exe
2006-12-18 17:24 176 ----a-w C:\Documents and Settings\Davigno Desouter\Application Data\wklnhst.dat
2007-04-29 15:13 56 --sh--r C:\WINDOWS\system32\491DEB9A1C.sys
2006-07-14 11:48 8 --sh--r C:\WINDOWS\system32\DE3A20725E.sys
2007-04-29 15:13 9,188 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7cf48537-1ee2-4670-8caf-1affd4778d1f}]
2008-07-11 18:26 105248 --a------ C:\WINDOWS\system32\nqesus.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe" [2007-02-27 19:25 67128]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 14:41 1271032]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 23:53 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-10-07 16:28 20480]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE" [2002-09-20 15:16 90112]
"Belgacom"="C:\Program Files\Belgacom\bin\sprtcmd.exe" [2006-06-22 10:34 192512]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 22:09 157592]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-15 00:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 14:11 267048]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-25 06:53 714608]
"1032128b"="C:\WINDOWS\system32\psexclms.dll" [2008-07-11 18:28 81168]
"BM13012117"="C:\WINDOWS\system32\npuhojep.dll" [2008-07-11 18:25 90928]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 16:22 577536 C:\WINDOWS\soundman.exe]
"VTTimer"="VTTimer.exe" [2005-03-08 03:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-11-01 04:15 163840 C:\WINDOWS\system32\VTTrayp.exe]
"PD0630 STISvc"="P0630Pin.dll" [2005-06-05 19:01 36864 C:\WINDOWS\system32\P0630Pin.dll]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\WINDOWS\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.mxmc"= MimicICM.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\NetMeeting\\Conf.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Steam\\SteamApps\\dafff123\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\dafff123\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\dafff123\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepK E.sys [2006-05-25 01:53]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-14 11:02]
R3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys [2005-06-06 03:44]
S3 Boonty Games;Boonty Games;C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe [2007-02-14 06:57]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mo n.sys [2008-03-06 22:32]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{a7f4c777-21c5-11dd-a1d4-001617a4911f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL HOWEST/start.htm
*Newly Created Service* - COMHOST
.
Inhoud van de 'Gedeelde Taken' map
"2008-07-12 10:53:16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-27 15:15:01 C:\WINDOWS\Tasks\Easy Onderhoud.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-06-05 21:04:03 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1203976704.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2008-06-16 18:00:14 C:\WINDOWS\Tasks\Norton Internet Security Online - Volledige systeemscan uitvoeren - Davigno Desouter.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
- - - - ORPHANS REMOVED - - - -
BHO-{E4F64065-1B6A-494D-90BC-63B4FBFF1225} - C:\WINDOWS\system32\wvUMeEwt.dll
HKCU-Run-BitTorrent - C:\Program Files\BitTorrent\bittorrent.exe
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-12 13:02:28
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
.
************************************************** ************************
.
Voltooingstijd: 2008-07-12 13:10:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-12 11:09:45
Pre-Run: 108,608,454,656 bytes beschikbaar
Post-Run: 109,660,700,672 bytes beschikbaar
230 --- E O F --- 2008-06-11 12:22:09
Hijackthislog :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:23:53, on 12/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skynet.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: {f1d8774d-ffa1-fac8-0764-2ee173584fc7} - {7cf48537-1ee2-4670-8caf-1affd4778d1f} - C:\WINDOWS\system32\nqesus.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton-werkbalk weergeven - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [1032128b] rundll32.exe "C:\WINDOWS\system32\psexclms.dll",b
O4 - HKLM\..\Run: [BM13012117] Rundll32.exe "C:\WINDOWS\system32\npuhojep.dll",s
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/games/hamsterball/en/raptisoftgameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156163353062
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156165767687
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 14221 bytes
Bedankt.
Het opstartprobleem is al verholpen. :good:
Maar ik geraak nog steeds niet op alle sites + toetsenbord blijft raar doen in internet. :wall:
Hallo,
Open een nieuw kladblok bestand.
Kopieer en plak daarin de onderstaande tekst die zich in het codeblok bevindt.
Ga naar 'Bestand' -> 'Opslaan als..' en sla het vervolgens op je bureaublad op als CFScript.txt.
File::
C:\WINDOWS\system32\nqesus.dll
C:\WINDOWS\system32\npdtffof.dll
C:\WINDOWS\system32\npuhojep.dll
C:\WINDOWS\system32\xkrmoj.dll
C:\WINDOWS\system32\dpuudbqy.dll
C:\WINDOWS\system32\qidlawhw.dll
C:\WINDOWS\system32\xollhbjj.dll
C:\WINDOWS\system32\mcqmfj.dll
C:\WINDOWS\system32\qkfuvxuw.dll
C:\WINDOWS\system32\491DEB9A1C.sys
C:\WINDOWS\system32\DE3A20725E.sys
C:\WINDOWS\system32\nqesus.dll
C:\WINDOWS\system32\psexclms.dll
C:\WINDOWS\system32\wvUMeEwt.dll
Driver::
Boonty Games
Folder::
C:\Program Files\Common Files\BOONTY Shared
C:\Program Files\PartyGaming
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7cf48537-1ee2-4670-8caf-1affd4778d1f}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"1032128b"=-
"BM13012117"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping]
"{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}"=-
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld:
http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif
Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.
Post na herstart de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw logje van HijackThis.Succes,
Recep :D
Combofix :
ComboFix 08-07-11.1 - Davigno Desouter 2008-07-13 10:33:00.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.532 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Davigno Desouter\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Davigno Desouter\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
FILE ::
C:\WINDOWS\system32\491DEB9A1C.sys
C:\WINDOWS\system32\DE3A20725E.sys
C:\WINDOWS\system32\dpuudbqy.dll
C:\WINDOWS\system32\mcqmfj.dll
C:\WINDOWS\system32\npdtffof.dll
C:\WINDOWS\system32\npuhojep.dll
C:\WINDOWS\system32\nqesus.dll
C:\WINDOWS\system32\psexclms.dll
C:\WINDOWS\system32\qidlawhw.dll
C:\WINDOWS\system32\qkfuvxuw.dll
C:\WINDOWS\system32\wvUMeEwt.dll
C:\WINDOWS\system32\xkrmoj.dll
C:\WINDOWS\system32\xollhbjj.dll
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Common Files\BOONTY Shared
C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
C:\Program Files\PartyGaming
C:\Program Files\PartyGaming\announce.txt
C:\Program Files\PartyGaming\PartyCasino\format.ini
C:\Program Files\PartyGaming\PartyCasino\GRA.ini
C:\Program Files\PartyGaming\PartyCasino\language\allLangVers ion.txt
C:\Program Files\PartyGaming\PartyCasino\language\en_US\artic les\138320.atc
C:\Program Files\PartyGaming\PartyCasino\language\en_US\artic les\138322.atc
C:\Program Files\PartyGaming\PartyCasino\language\en_US\artic les\141246.atc
C:\Program Files\PartyGaming\PartyCasino\language\en_US\artic les\141248.atc
C:\Program Files\PartyGaming\PartyCasino\language\en_US\artic les\69733.atc
C:\Program Files\PartyGaming\PartyCasino\language\en_US\artic les\69841.atc
C:\Program Files\PartyGaming\PartyCasino\language\en_US\artic les\69843.atc
C:\Program Files\PartyGaming\PartyCasino\language\en_US\artic les\69927.atc
C:\Program Files\PartyGaming\PartyCasino\language\en_US\artic les\69931.atc
C:\Program Files\PartyGaming\PartyCasino\language\en_US\artic les\69935.atc
C:\Program Files\PartyGaming\PartyCasino\language\en_US\artic les\69959.atc
C:\Program Files\PartyGaming\PartyCasino\language\en_US\artic les\69983.atc
C:\Program Files\PartyGaming\PartyCasino\language\en_US\artic les\69991.atc
C:\Program Files\PartyGaming\PartyCasino\language\en_US\artic les\70021.atc
C:\Program Files\PartyGaming\PartyCasino\language\en_US\artic les\70045.atc
C:\Program Files\PartyGaming\PartyCasino\language\en_US\artic les\70049.atc
C:\Program Files\PartyGaming\PartyCasino\language\en_US\artic les\70071.atc
C:\Program Files\PartyGaming\PartyCasino\language\en_US\artic les\70075.atc
C:\Program Files\PartyGaming\PartyCasino\language\en_US\artic les\70079.atc
C:\Program Files\PartyGaming\PartyCasino\language\en_US\artic les\70085.atc
C:\Program Files\PartyGaming\PartyCasino\language\en_US\artic les\70089.atc
C:\Program Files\PartyGaming\PartyCasino\language\en_US\artic les\70095.atc
C:\Program Files\PartyGaming\PartyCasino\language\en_US\artic les\70141.atc
C:\Program Files\PartyGaming\PartyCasino\language\en_US\artic les\70169.atc
C:\Program Files\PartyGaming\PartyCasino\language\en_US\artic les\70173.atc
C:\Program Files\PartyGaming\PartyCasino\language\en_US\artic les\70179.atc
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\account_but_newacocunt.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\allversion.txt
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\bonus-icon.gif
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\but.bmp
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\but_account.bmp
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\but_skin.gif
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\but_skin_account.gif
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\client_bottom.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\client_bottom_right.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\client_gradient.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\client_top.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\connect_screen_bg.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\down_arrow.gif
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\down_arrow_o.gif
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\addplaymoney_button.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\aud.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\autospincancel_button.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\autospinoptions_background.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\autospinstart_button.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\balance_strip.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\bottombar_logo_net.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\bottombar_net.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\bottombar_net_big.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\bottombar_net_medium.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\buyin_botbg.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\buyin_cancelbutton.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\buyin_cashierbutton.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\buyin_midbg.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\buyin_okbutton.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\buyin_topbg.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\BuyInConfig.ini
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cad.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\6_bigcardback.bmp
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\bj_check.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\bjbar_americanroulette _icon.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\bjbar_baccarat_icon.jp g
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\bjbar_bjbonuspairs_ico n.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\bjbar_bjhighlimit_icon .jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\bjbar_bjsingledeck_ico n.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\bjbar_boardbabe_icon.j pg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\bjbar_cashcruise_icon. jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\bjbar_casinowar_icon.j pg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\bjbar_coolbanana_icon. jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\bjbar_deuceswild_icon. jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\bjbar_europeanroulette _icon.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\bjbar_firedrake_icon.j pg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\bjbar_flamingo_icon.jp g
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\bjbar_fruitparty_icon. jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\bjbar_goannagold_icon. jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\bjbar_goldenoasis_icon .jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\bjbar_graveyardbash_ic on.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\bjbar_hotjokerpoker_ic on.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\bjbar_hotroller_icon.j pg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\bjbar_job_icon.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\bjbar_junglerumble_ico n.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\bjbar_kangacash_icon.j pg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\bjbar_kookakeno_icon.j pg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\bjbar_lir_icon.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\bjbar_logo_cover.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\bjbar_magicman_icon.jp g
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\bjbar_mhvp_icon.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\bjbar_paigow_icon.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\bjbar_pc_icon.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\bjbar_pcp_icon.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\bjbar_piggypayback_ico n.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\bjbar_predator_icon.jp g
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\bjbar_reddog_icon.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\bjbar_safecrackerkeno_ icon.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\bjbar_sfw_icon.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\bjbar_silvercity_icon. jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\bjbar_superjoker_icon. jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\bjbar_supermystic_icon .jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\bjbar_superstar_icon.j pg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\bjbar_sweethawaii_icon .jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\bjbar_tcp_icon.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\bjbar_tod_icon.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\bjbar_vegasclub_icon.j pg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\BlackJack.dll
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\blackjack.wav
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\blackjack\bj_table.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\blackjack\Config.ini
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\blackjack\version.txt
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\chip_pointer_R.gif
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\clear_button.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\deal_button.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\double_button.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\hit_button.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\insurance.wav
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\insure_button.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\number_circle.gif
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\pointer_R.gif
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\push.wav
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\repeatbet_button.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\result_bj.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\result_bust.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\result_insure.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\result_lost.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\result_push.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\result_won.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\split.wav
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\split_button.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\stand_button.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\surrender_button.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\blackjack\version.txt
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\c0_5.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\c1.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\c10.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\c100.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\c100k.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\c10k.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\c1k.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\c2_5k.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\c25.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\c250.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\c25k.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\c5.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\c50.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\c500.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\c500k.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\c50k.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\c5k.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\Card.wav
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\card_deck.bmp
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\CardFlip.wav
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\FRU_6_bigcardback.bmp
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\action_button.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\action_pending_pan el.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\autostand.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\away_button.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\backcard.bmp
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\bj_check.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\blackjack.wav
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\card_pointer.gif
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\check_box.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\chip_pointer.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\clear_button.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\CommonConfig.ini
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\deal_button.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\double_button.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\first_hand.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\FRU_backcard.bmp
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\game_topbar_pff.jp g
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\hit_button.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\iam_back_button.pn g
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\insurance.wav
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\leave_seat_button. png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\looser.rgn
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\looser_popup.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\mhbj_clear_btn.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\mhbj_deal_btn.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\mhbj_double_bets_b tn.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\mhbj_double_btn.pn g
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\mhbj_hit_btn.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\mhbj_repeatbet_btn .png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\mhbj_split_btn.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\mhbj_stand_btn.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\mhbj_surrender_btn .png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\mpbj_deck.bmp
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\MultiHandBJConfig. ini
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\MultiHandBJTrnyCon fig.ini
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\multiplayerbj.dll
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\multiplayerblackja ck\mpbj_table.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\multiplayerblackja ck\mpbj_trny_table.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\multiplayerblackja ck\sp_mpbj_table.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\multiplayerblackja ck\version.txt
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\number_circle.gif
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\player_area.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\push.wav
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\repeatbet_button.p ng
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\result_bj.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\result_bust.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\result_push.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\result_won.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\sittingout_button. png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\skip_button.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\split.wav
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\split_button.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\stand_button.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\surrender_button.p ng
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\take_seat_button.p ng
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\trny_player_area.p ng
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\trny_watcher_area. png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\version.txt
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\watcher_area.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\win_glow.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\winner.rgn
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\winners_closebutto n.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\multiplayerbj\winners_popup.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\number_circle.gif
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\pointer_R.gif
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\qd_cashier_button.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\qd_exit_button.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\qd_gamelogs_button.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\qd_version_button.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\rc0_5.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\rc1.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\rc10.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\rc100.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\rc100k.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\rc10k.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\rc1k.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\rc2_5k.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\rc25.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\rc250.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\rc25k.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\rc5.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\rc50.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\rc500.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\rc500k.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\rc50k.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\rc5k.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\Rr.bmp
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\rules_button.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cardgames\version.txt
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cashier_button.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cashout_midbg.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\cent_strip.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\chf.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\chips.wav
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\czk.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\dkk.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\eur.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\exit_button.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\format.ini
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\game_topbar_pff.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\gamelogs_button.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\gbp.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\hkd.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\huf.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\ils.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\inr.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\jpy.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\krw.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\myr.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\nok.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\nzd.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\php.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\pln.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\popup_but_cancel.gif
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\popup_but_ok.gif
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\popup_buyin_but_all.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\popup_buyin_tab.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\PushBut.wav
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\quickdeposit_button.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\ron.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\rur.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\sek.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\sgd.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\skk.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\status_dlg.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\sys_icons.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\system_but_close.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\system_but_inactive_close.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\system_but_inactive_minimise.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\system_but_minimise.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\table_logo_com.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\table_logo_net.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\thb.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\trny_buyin_botbg.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\try.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\twd.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\usd.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\version.txt
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\version_button.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\win.wav
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\games\zar.png
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\icon_three.gif
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\icon_ticked.gif
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\lhn_account_background.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\lhn_account_divider.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\lhn_ani_refresh.gif
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\lhn_bar_jackpot.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\lhn_bar_jackpot_numbers.gif
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\lhn_bar_jackpot_numbers.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\lhn_bar_jackpot_numbers_small.gif
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\lhn_bar_news.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\lhn_but_cashout.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\lhn_but_deposit.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\lhn_but_deposit_large.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\lhn_but_options.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\lhn_but_redeem.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\lhn_but_refresh.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\lhn_but_reload_play.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\lhn_but_status.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\lhn_details_open.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\lhn_link_arrow.gif
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\lhn_tab_background.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\loading.gif
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\menu_01_myaccount.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\menu_02_cashier.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\menu_03_news.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\menu_04_rules.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\menu_05_tellfriend.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\menu_06_about.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\menu_07_help.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\new-mail-icon.gif
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\no-mail-icon.gif
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\PartyCasino.ico
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\popup_login_bottom.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\popup_login_top.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\popup_register_bottomleft.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\popup_register_top.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\skin.bmp
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\skin_account.bmp
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\spacer.gif
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\system_but_bets.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\system_but_bingo.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\system_but_cashier.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\system_but_connected.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\system_but_gammon.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\system_but_poker.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\system_but_security.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\ticker_bg.jpg
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\up_arrow.gif
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\up_arrow_o.gif
C:\Program Files\PartyGaming\PartyCasino\language\en_US\image s\version.txt
C:\Program Files\PartyGaming\PartyCasino\language\en_US\lang_ pack_en_US.txt
C:\Program Files\PartyGaming\PartyCasino\language\en_US\versi on.txt
C:\Program Files\PartyGaming\PartyCasino\language\version.txt
C:\Program Files\PartyGaming\PartyCasino\lobbyconfig.txt
C:\Program Files\PartyGaming\PartyCasino\PartyCasino.dll
C:\Program Files\PartyGaming\PartyCasino\pc_uninstall.bat
C:\Program Files\PartyGaming\PartyCasino\ProductVersion.txt
C:\Program Files\PartyGaming\PartyCasino\sys.ini
C:\Program Files\PartyGaming\PartyCasino\Temp\art11.htm
C:\Program Files\PartyGaming\PartyCasino\Temp\art11b.htm
C:\Program Files\PartyGaming\PartyCasino\Temp\art12.htm
C:\Program Files\PartyGaming\PartyCasino\Temp\art124.htm
C:\Program Files\PartyGaming\PartyCasino\Temp\art165.htm
C:\Program Files\PartyGaming\PartyCasino\Temp\art18.htm
C:\Program Files\PartyGaming\PartyCasino\Temp\art1a.htm
C:\Program Files\PartyGaming\PartyCasino\Temp\art1c.htm
C:\Program Files\PartyGaming\PartyCasino\Temp\art21.htm
C:\Program Files\PartyGaming\PartyCasino\Temp\art25.htm
C:\Program Files\PartyGaming\PartyCasino\Temp\art29.htm
C:\Program Files\PartyGaming\PartyCasino\Temp\art2d.htm
C:\Program Files\PartyGaming\PartyCasino\Temp\art30.htm
C:\Program Files\PartyGaming\PartyCasino\Temp\art34.htm
C:\Program Files\PartyGaming\PartyCasino\Temp\art51.htm
C:\Program Files\PartyGaming\PartyCasino\Temp\art7b.htm
C:\Program Files\PartyGaming\PartyCasino\Temp\art7d.htm
C:\Program Files\PartyGaming\PartyCasino\Temp\art88.htm
C:\Program Files\PartyGaming\PartyCasino\Temp\art89.htm
C:\Program Files\PartyGaming\PartyCasino\Temp\artb7.htm
C:\Program Files\PartyGaming\PartyCasino\Temp\artbf.htm
C:\Program Files\PartyGaming\PartyCasino\Temp\artc.htm
C:\Program Files\PartyGaming\PartyCasino\Temp\artce.htm
C:\Program Files\PartyGaming\PartyCasino\Temp\artd6.htm
C:\Program Files\PartyGaming\PartyCasino\Temp\pix10.htm
C:\Program Files\PartyGaming\PartyCasino\Temp\pix11.htm
C:\Program Files\PartyGaming\PartyCasino\Temp\pix11a.htm
C:\Program Files\PartyGaming\PartyCasino\Temp\pix123.htm
C:\Program Files\PartyGaming\PartyCasino\Temp\pix164.htm
C:\Program Files\PartyGaming\PartyCasino\Temp\pix17.htm
C:\Program Files\PartyGaming\PartyCasino\Temp\pix19.htm
C:\Program Files\PartyGaming\PartyCasino\Temp\pix1b.htm
C:\Program Files\PartyGaming\PartyCasino\Temp\pix20.htm
C:\Program Files\PartyGaming\PartyCasino\Temp\pix24.htm
C:\Program Files\PartyGaming\PartyCasino\Temp\pix28.htm
C:\Program Files\PartyGaming\PartyCasino\Temp\pix2c.htm
C:\Program Files\PartyGaming\PartyCasino\Temp\pix2f.htm
C:\Program Files\PartyGaming\PartyCasino\Temp\pix33.htm
C:\Program Files\PartyGaming\PartyCasino\Temp\pix52.htm
C:\Program Files\PartyGaming\PartyCasino\Temp\pix7a.htm
C:\Program Files\PartyGaming\PartyCasino\Temp\pix7c.htm
C:\Program Files\PartyGaming\PartyCasino\Temp\pix87.htm
C:\Program Files\PartyGaming\PartyCasino\Temp\pix8a.htm
C:\Program Files\PartyGaming\PartyCasino\Temp\pixb6.htm
C:\Program Files\PartyGaming\PartyCasino\Temp\pixbe.htm
C:\Program Files\PartyGaming\PartyCasino\Temp\pixcc.htm
C:\Program Files\PartyGaming\PartyCasino\Temp\pixd.htm
C:\Program Files\PartyGaming\PartyCasino\Temp\pixd5.htm
C:\Program Files\PartyGaming\PartyCasino\version.txt
C:\Program Files\PartyGaming\PartyPoker\Images\system_but_bin go.jpg
C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articl es\138324.atc
C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articl es\138326.atc
C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articl es\2.html
C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articl es\4.html
C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articl es\69845.atc
C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articl es\69847.atc
C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articl es\69933.atc
C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articl es\69953.atc
C:\Program Files\PartyGaming\PartyPoker\Language\en_US\images \system_but_gammon.jpg
C:\Program Files\PartyGaming\PartyPoker\Notes.txt
C:\Program Files\PartyGaming\PartyPoker\PokerTrainer.exe
C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_afff123 .omf
C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_alerie. omf
C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_am.omf
C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_amela.o mf
C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_arcy.om f
C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_arion.o mf
C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_aron.om f
C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_drien.o mf
C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_eah.omf
C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_enny.om f
C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_erence. omf
C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_haron.o mf
C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_hawn.om f
C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_hristin e.omf
C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_ike.omf
C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_ill.omf
C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_nthony. omf
C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_olleen. omf
C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_ord.omf
C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_raham.o mf
C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_rian.om f
C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_ryce.om f
C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_uane.om f
C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_urt.omf
C:\Program Files\PartyGaming\PartyPoker\pp_Dafff123_c-o-i.txt
C:\Program Files\PartyGaming\PartyPoker\pp_Martinke123_c-o-i.txt
C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe
C:\Program Files\PartyGaming\PartyPoker\usertab.txt
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\491DEB9A1C.sys
C:\WINDOWS\system32\DE3A20725E.sys
C:\WINDOWS\system32\dpuudbqy.dll
C:\WINDOWS\system32\mcqmfj.dll
C:\WINDOWS\system32\npdtffof.dll
C:\WINDOWS\system32\nqesus.dll
C:\WINDOWS\system32\qidlawhw.dll
C:\WINDOWS\system32\qkfuvxuw.dll
C:\WINDOWS\system32\smlcxesp.ini
C:\WINDOWS\system32\xkrmoj.dll
C:\WINDOWS\system32\xollhbjj.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
(((((((((((((((((((( Bestanden Gemaakt van 2008-06-13 to 2008-07-13 ))))))))))))))))))))))))))))))
.
2008-07-09 14:30 . 2008-07-09 14:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-27 19:51 . 2008-06-27 19:52 <DIR> d-------- C:\Documents and Settings\Davigno Desouter\.housecall6.6
2008-06-27 16:17 . 2008-06-27 16:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-27 16:13 . 2008-07-13 10:30 <DIR> dr-h----- C:\Documents and Settings\Davigno Desouter\Onlangs geopend
2008-06-27 15:41 . 2008-06-28 19:44 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-27 15:41 . 2008-06-27 19:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-25 19:48 . 2008-07-12 13:46 110,434 --a------ C:\WINDOWS\BM13012117.xml
2008-06-19 14:56 . 2008-06-19 14:56 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-06-14 17:47 . 2008-06-14 17:47 <DIR> d-------- C:\Documents and Settings\Davigno Desouter\OngameNetwork
2008-06-13 14:45 . 2008-06-13 14:45 579,464 --a------ C:\WINDOWS\system32\SymNeti.dll
2008-06-13 14:45 . 2008-06-13 14:45 207,240 --a------ C:\WINDOWS\system32\SymRedir.dll
2008-06-13 14:14 . 2008-06-13 14:14 31,280 --a------ C:\WINDOWS\system32\drivers\SymIM.sys
2008-06-13 14:14 . 2008-06-13 14:14 13,093 --a------ C:\WINDOWS\system32\drivers\SymRedir.cat
2008-06-13 14:14 . 2008-06-13 14:14 1,611 --a------ C:\WINDOWS\system32\drivers\SymRedir.inf
2008-06-13 14:13 . 2008-06-13 14:13 184,240 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2008-06-13 14:13 . 2008-06-13 14:13 96,432 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2008-06-13 14:13 . 2008-06-13 14:13 41,008 --a------ C:\WINDOWS\system32\drivers\symndisv.sys
2008-06-13 14:13 . 2008-06-13 14:13 38,576 --a------ C:\WINDOWS\system32\drivers\symids.sys
2008-06-13 14:13 . 2008-06-13 14:13 37,424 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2008-06-13 14:13 . 2008-06-13 14:13 22,320 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2008-06-13 14:13 . 2008-06-13 14:13 13,616 --a------ C:\WINDOWS\system32\drivers\symdns.sys
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-07-13 08:41 --------- d-----w C:\Program Files\Steam
2008-07-12 18:28 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-12 18:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-10 11:40 --------- d-----w C:\Program Files\LimeWire
2008-07-10 11:40 --------- d-----w C:\Program Files\Incomplete
2008-06-26 10:26 --------- d-----w C:\Program Files\Google
2008-06-26 08:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
2008-06-19 12:03 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-06-19 12:03 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-19 12:03 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-06-19 12:03 --------- d-----w C:\Program Files\Symantec
2008-06-14 18:00 272,640 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 10:30 --------- d-----w C:\Documents and Settings\Davigno Desouter\Application Data\AdobeUM
2008-06-06 16:54 --------- d-----w C:\Program Files\Belgacom
2008-05-28 16:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-05-26 17:08 --------- d-----w C:\Program Files\TmNationsForever
2007-03-29 16:37 736 ---ha-w C:\Program Files\hpothb07.dat
2007-03-29 16:37 2,526 ---ha-w C:\Documents and Settings\Davigno Desouter\Application Data\hpothb07.dat
2007-03-29 16:37 1,251 ---ha-w C:\Program Files\hpothb07.tif
2007-03-15 16:15 454,494 ----a-w C:\Program Files\install.log
2007-03-15 16:12 45,056 ----a-w C:\Program Files\unpack.exe
2007-03-15 16:12 19,597,824 ----a-w C:\Program Files\6_pnd.msi
2007-03-15 16:12 164 ----a-w C:\Program Files\launch.ini
2007-03-15 16:12 1,558,465 ----a-w C:\Program Files\lcpcknd_prv_setup.exe
2006-12-18 17:24 176 ----a-w C:\Documents and Settings\Davigno Desouter\Application Data\wklnhst.dat
2007-04-29 15:13 9,188 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-07-12_13.09.21.00 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-12 11:01:25 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-13 08:39:01 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-14 15:54:22 272,640 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-06-14 18:00:26 272,640 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
- 2008-06-11 12:20:17 593,920 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-07-12 19:52:12 593,920 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-06-11 12:20:17 12,288 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-07-12 19:52:12 12,288 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-06-11 12:20:18 86,016 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-07-12 19:52:12 86,016 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-06-11 12:20:17 135,168 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-07-12 19:52:12 135,168 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-06-11 12:20:18 11,264 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-07-12 19:52:12 11,264 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-06-11 12:20:18 27,136 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-07-12 19:52:12 27,136 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-06-11 12:20:18 4,096 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-07-12 19:52:12 4,096 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-06-11 12:20:18 794,624 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-07-12 19:52:12 794,624 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-06-11 12:20:17 249,856 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-07-12 19:52:12 249,856 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-06-11 12:20:17 61,440 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-07-12 19:52:12 61,440 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-06-11 12:20:18 23,040 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-07-12 19:52:13 23,040 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-06-11 12:20:17 286,720 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-07-12 19:52:12 286,720 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-06-11 12:20:17 409,600 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-07-12 19:52:12 409,600 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-04-14 15:54:22 272,640 -c----w C:\WINDOWS\system32\dllcache\bthport.sys
+ 2008-06-14 18:00:26 272,640 -c----w C:\WINDOWS\system32\dllcache\bthport.sys
- 2007-08-13 16:39:10 13,312 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe" [2007-02-27 19:25 67128]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 14:41 1271032]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 23:53 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-10-07 16:28 20480]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE" [2002-09-20 15:16 90112]
"Belgacom"="C:\Program Files\Belgacom\bin\sprtcmd.exe" [2006-06-22 10:34 192512]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 22:09 157592]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-15 00:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 14:11 267048]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-25 06:53 714608]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 16:22 577536 C:\WINDOWS\soundman.exe]
"VTTimer"="VTTimer.exe" [2005-03-08 03:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-11-01 04:15 163840 C:\WINDOWS\system32\VTTrayp.exe]
"PD0630 STISvc"="P0630Pin.dll" [2005-06-05 19:01 36864 C:\WINDOWS\system32\P0630Pin.dll]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\WINDOWS\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.mxmc"= MimicICM.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\NetMeeting\\Conf.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Steam\\SteamApps\\dafff123\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\dafff123\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\dafff123\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepK E.sys [2006-05-25 01:53]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-14 11:02]
R3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys [2005-06-06 03:44]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mo n.sys [2008-03-06 22:32]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{a7f4c777-21c5-11dd-a1d4-001617a4911f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL HOWEST/start.htm
*Newly Created Service* - COMHOST
.
Inhoud van de 'Gedeelde Taken' map
"2008-07-12 10:53:16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-27 15:15:01 C:\WINDOWS\Tasks\Easy Onderhoud.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-06-05 21:04:03 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1203976704.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2008-06-16 18:00:14 C:\WINDOWS\Tasks\Norton Internet Security Online - Volledige systeemscan uitvoeren - Davigno Desouter.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-13 10:39:35
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
C:\Documents and Settings\Davigno Desouter\Local Settings\Application Data\Microsoft\Messenger\davigno.desouter@skynet.b e\SharingMetadata\Working\database_8810_321C_1032_ 1224\$db_dirty$ 0 bytes
C:\Documents and Settings\Davigno Desouter\Local Settings\Application Data\Microsoft\Messenger\davigno.desouter@skynet.b e\SharingMetadata\Working\database_8810_321C_1032_ 1224\tmp.edb 131072 bytes
************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\verclsid.exe
.
************************************************** ************************
.
Voltooingstijd: 2008-07-13 10:48:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-13 08:47:48
ComboFix2.txt 2008-07-12 11:10:53
Pre-Run: 109,493,002,240 bytes beschikbaar
Post-Run: 109,535,612,928 bytes beschikbaar
690 --- E O F --- 2008-07-12 19:52:15
Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:51:39, on 13/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skynet.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton-werkbalk weergeven - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/games/hamsterball/en/raptisoftgameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156163353062
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156165767687
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 13764 bytes
Succes. :D
Nog eens bedankt hé. :bow:
Het probleem lijkt opgelost.
Ik ondervind nergens meer hinder van.
Bedankt Recep! :good:
Hallo Daff,
Dat ziet er stukken beter uit :D
1. Je mag Combofix verwijderen. Dit doe je op de volgende manier:
Ga naar Start -- Uitvoeren. Typ vervolgens het volgende (dikgedrukte) in:
Combofix /UGevolgd door 'Enter'.
2. Start HijackThis en kies voor 'Do a system scan only'.
Als de scan compleet is vink dan alleen de onderstaande regels in HijackThis aan:
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)Sluit nu alle vensters behalve HijackThis zelf en klik op 'Fix checked'.
Indien er een vraag komt, antwoord hierop met 'Ja', en sluit hierna HijackThis.
3. Je Java software is verouderd.
Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
Download Java Runtime Environment (JRE) 6u7 (http://javadl.sun.com/webapps/download/AutoDL?BundleId=23111) en bewaar het naar je Bureaublad.
Sluit alle programma's die eventueel open zijn - Zeker je web browser!
Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
Herhaal dit tot alle oudere versies verdwenen zijn.
Na het verwijderen van alle oudere versies, herstart je pc.
Dubbelklik vervolgens op jre-6u7-windows-i586-p-s.exe op je Bureaublad om de nieuwste versie van Java te installeren.Post hierna een nieuw HijackThis logje :)
Succes,
Recep :D
Sorry dat ik nu pas antwoord, maar ik had het de voige 2 dagen druk met mijn vakantiejob.
Nuja, alle stappen gevolgd en hieronder mjn logfile.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:43:29, on 16/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skynet.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton-werkbalk weergeven - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/games/hamsterball/en/raptisoftgameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156163353062
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156165767687
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 13445 bytes
Bedankt!
Daff.
Hallo,
Je log is schoon. Indien je nog problemen ondervindt, graag even melden. Indien dit niet zo is, dan mag je alle gebruikte tools verwijderen.
Om herinfectie via systeemherstel te voorkomen, is het raadzaam de bestaande systeemherstelpunten te verwijderen door systeemherstel tijdelijk uit te schakelen.
- Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
- Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".
- Zet een vinkje voor "Systeemherstel uitschakelen".
- Klik "Toepassen".
- Windows vraagt of je dat zeker weet.
- Klik "Ja".
- Klik "OK".
- Start de pc opnieuw op.
- Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
- Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"
- Klik "Ja".
- Verwijder het vinkje voor "Systeemherstel uitschakelen".
- Klik "Toepassen".
- Klik "OK".
- Start de pc opnieuw op
- Er is nu een nieuw schoon herstel punt aangemaakt.
Om herinfectie te voorkomen kun je deze beveiligingstips (http://www.jawwi.nl/tips/beveiligen.html) doorlezen.
Veel plezier op het net,
Recep :D
Dank je wel Recep! :bow:
Ik heb toch nog een vraagje, :p
Als ik wil typen op msn doet mijn toetsenbord soms raar..
Enig idee hoe dit komt?
Ik heb de batterijen gisteren vervangen dus daaraan ligt het niet. :)
Merci.
Dank je wel Recep! :bow:
Ik heb toch nog een vraagje, :p
Als ik wil typen op msn doet mijn toetsenbord soms raar..
Enig idee hoe dit komt?
Ik heb de batterijen gisteren vervangen dus daaraan ligt het niet. :)
Merci.
Hoi,
Recep is op verlof, dus zal ik hier verder kijken.
Dit is geen malware probleem hoor, je logje is clean. Misschien je vraag in het software of hardware forum stellen.
Hoi,
Recep is op verlof, dus zal ik hier verder kijken.
Dit is geen malware probleem hoor, je logje is clean. Misschien je vraag in het software of hardware forum stellen.
OKé, het probleem is ondertussen verholpen. ;)
Bedankt. :p
Hoi,
Lees alvast deze Preventie pagina (http://users.telenet.be/bluepatchy/miekiemoes/preventie.html) met info en tips hoe dit in de toekomst te voorkomen.
En lees deze pagina (http://users.telenet.be/bluepatchy/miekiemoes/tragecomputer.html) om je computer terug te optimaliseren na het verwijderen van malware.
Extra nota: Zorg ervoor dat je programma's up to date zijn - want oudere versies kunnen Security Leaks bevatten. Om na te gaan welke programma's je moet updaten, voer de Secunia Software Inspector (http://secunia.com/software_inspector/) Scan uit.
Bij deze gaat dit topic ook op slot.
|
|