Iexplore.exe virus weer!

davejess00 · #1 De 10 okt 2008, 19:08

Hoi ik denk dat ik ook de iexplore-virus en hebben geprobeerd een groot aantal verschillende programma's af te raken van het, maar geen werk! Ik heb gezien dat uw site helpt veel ppl dus misschien ik ook? Hier is mijn kapen deze log:

Logbestand van Trend Micro HijackThis v2.0.2
Scan opgeslagen in 1:01:32 uur, op 11.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Draaiende processen:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ ZoneLabs \ vsmon.exe
C: \ WINDOWS \ explorer.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ WINDOWS \ system32 \ acs.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ windows \ system \ hpsysdrv.exe
C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe
C: \ WINDOWS \ ALCXMNTR.EXE
C: \ Program Files \ TP-LINK \ TWCU \ TWCU.exe
C: \ HP \ KBD \ KBD.EXE
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Zone Labs \ ZoneAlarm \ zlclient.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ Nikon \ PictureProject \ NkbMonitor.exe
C: \ Program Files \ Internet Explorer \ IEXPLORE.EXE
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WLLoginProxy.exe
C: \ Program Files \ Internet Explorer \ IEXPLORE.EXE
C: \ WINDOWS \ system32 \ Taskmgr.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.limewire.com/inclient/?st...ows + XP & OSV = 5,1
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = *. lokale
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - (3CA2F312-6F6E-4B53-A66E-4E65E497C8C0) - C: \ Program Files \ AVG \ AVG8 \ avgssie.dll (file missing)
O2 - BHO: Malicious Scripts Scanner - (55EA1964-F5E4-4D6A-B9B2-125B37655FCB) - C: \ Documents and Settings \ All Users \ Application Data \ Prevx \ pxbho.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O2 - BHO: (geen naam) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (geen file)
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ Program Files \ Google \ googletoolbar1.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - (F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA) - C: \ Program Files \ ZoneAlarmSB \ bar \ 1.bin \ SPYBLOCK.DLL
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ Program Files \ Google \ googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - (F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA) - C: \ Program Files \ ZoneAlarmSB \ bar \ 1.bin \ SPYBLOCK.DLL
O4 - HKLM \ .. \ Run: [IMJPMIG8.1] "C: \ WINDOWS \ IME \ imjp8_1 \ IMJPMIG.EXE" / Verwen / RemAdvDef / Migration32
O4 - HKLM \ .. \ Run: [MSPY2002] C: \ WINDOWS \ system32 \ IME \ PINTLGNT \ ImScInst.exe / SYNC
O4 - HKLM \ .. \ Run: [PHIME2002ASync] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / SYNC
O4 - HKLM \ .. \ Run: [PHIME2002A] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / IMEName
O4 - HKLM \ .. \ Run: [hpsysdrv] c: \ windows \ system \ hpsysdrv.exe
O4 - HKLM \ .. \ Run: [ATIPTA] C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe
O4 - HKLM \ .. \ Run: [Recguard] C: \ WINDOWS \ SMINST \ RECGUARD.EXE
O4 - HKLM \ .. \ Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM \ .. \ Run: [TWCU] "C: \ Program Files \ TP-LINK \ TWCU \ TWCU.exe"-nogui
O4 - HKLM \ .. \ Run: [KBD] C: \ HP \ KBD \ KBD.EXE
O4 - HKLM \ .. \ Run: [EPSON Stylus CX3700 Series] C: \ WINDOWS \ System32 \ spool \ drivers \ w32x86 \ 3 \ E_FATIA CP.EXE / F "C: \ WINDOWS \ TEMP \ E_SC4.tmp" / EF "HKLM"
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP
O4 - HKLM \ .. \ Run: [Flag Bezit Live Grim] C: \ Documents and Settings \ All Users \ Application Data \ Software regel vlag bezit \ Eerste obj.exe
O4 - HKLM \ .. \ Run: [PrevxOne] "C: \ Program Files \ Prevx2 \ PXConsole.exe"
O4 - HKLM \ .. \ Run: [ZoneAlarm Client] "C: \ Program Files \ Zone Labs \ ZoneAlarm \ zlclient.exe"
O4 - HKCU \ .. \ Run: [MODE REAL] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ SOAPLI ~ 1 \ ATOM DASH.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C: \ Program Files \ Nikon \ PictureProject \ NkbMonitor.exe
O8 - Extra context menu item: & Clean Traces - C: \ Program Files \ DAP \ Privacy Package \ dapcleanerie.htm
O8 - Extra context menu item: & Download met & DAP - C: \ Program Files \ DAP \ dapextie.htm
O8 - Extra context menu item: & Google Search - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download & allemaal met DAP - C: \ Program Files \ DAP \ dapextie2.htm
O8 - Extra context menu item: E & xporteren naar Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MICROS ~ 3 \ Office12 \ EXCEL.EXE/3000
O8 - Extra context menu item: Gelijkwaardige pagina's - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Vertalen naar het Engels - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (geen naam) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra button: Onderzoek - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MICROS ~ 3 \ Office12 \ REFIEBAR.DLL
O9 - Extra button: (geen naam) - (B205A35E-1FC4-4CE3-818B-899DBBB3388C) - C: \ Program Files \ Common Files \ Microsoft Shared \ Encarta Search Bar \ ENCSBAR.DLL
O9 - Extra button: Connection Help - (E2D4D26B-0180-43a4-B05F-462D6D54C789) - C: \ WINDOWS \ PCHealth \ HelpCtr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ IEButton \ support.htm
O9 - Extra 'Tools' MENUITEM: Connection Help - (E2D4D26B-0180-43a4-B05F-462D6D54C789) - C: \ WINDOWS \ PCHealth \ HelpCtr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ IEButton \ support.htm
O9 - Extra button: (geen naam) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (0CCA191D-13A6-4E29-B746-314DEE697D83) (Facebook Photo Uploader 5) -- http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: (4F1E5B1A-2A80-42CA-8532-2D05CB959537) (MSN Photo Upload Tool) -- http://gfx2.hotmail.com/mail/w3/pr01...s/MSNPUpld.cab
O16 - DPF: (96EEC7FF-106A-47F3-90D6-B4BB754AA40E) (POLI online betalen) -- https: / / autxn.paywithpoli.com / ewcust...iPayOnline.cab
O23 - Service: TP-LINK Configuration Service (ACS) - Onbekende eigenaar - C: \ WINDOWS \ system32 \ acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: Bonjour Service - Apple Inc - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: PREVXAgent - Prevx - C: \ Program Files \ Prevx2 \ PXAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C: \ WINDOWS \ system32 \ ZoneLabs \ vsmon.exe
--
End of file - 10831 bytes

**evilfantasy** · #2 De 10 okt 2008, 23:12

Downloaden Lop S & O door Eric_71 en sla het op uw bureaublad.
Lop-S & D zal alleen worden uitgevoerd op Windows XP en Windows Vista

Schakel uw antivirus-en antimalware-programma's, zodat ze niet interfereren met de werking van Lop S & D.
Om te zien hoe het uitschakelen van beveiligingsprogramma's bezoek deze tutorial:
Hoe tijdelijk uitschakelen uw anti-virus, firewall en anti-malware programma's

Dubbelklik op Lop S & D.exe
Kies de taal door het typen van de corresponderende letter en druk op Enter
Klik op OK op de informatieve venster
Type 1Te kiezen Optie 1 (Search) en druk vervolgens op Enter
Wacht tot het einde van de scan
Een verslag zal worden gegenereerd, post de inhoud van het in je volgende antwoord.

Een kopie van het rapport is te vinden op deze locatie:% systemdrive% \ lopR.txt, in de meeste gevallen C: \lopR.txt

davejess00 · #3 11 okt 2008, 00:15

Hier is de resultaten van het hangoorkonijn S & D zoeken:

-------------------- \ \ Lop S & D 4.2.4-5 XP / Vista
Microsoft Windows XP Home Edition (v5.1.2600) Service Pack 3
X86-gebaseerde PC (Uniprocessor Gratis: AMD Sempron (tm) Processor 3200 +)
BIOS: Phoenix - Award BIOS v6.00PG
GEBRUIKER: Compaq_Owner (Administrator)
BOOT: Normaal opstarten
Antivirus: AVG 7.5.524 7.5.524 (nog niet geactiveerd)
Firewall: ZoneAlarm Firewall 7.0.483.000 (nog niet geactiveerd)
C: \ (lokale schijf) - NTFS - Totaal: 68 Go Gratis: 10 Go
D: \ (lokale schijf) - FAT32 - Totaal: 5 Ga Gratis: 1 Ga
E: \ (cd of dvd)
F: \ (cd of dvd)
G: \ (USB)
H: \ (USB)
I: \ (USB)
J: \ (USB)
"C: \ Lop SD" (MAJ: 02.10.2008 | 23:42)
Optie: [1] (za 11.10.2008 | 18:11)

-------------------- \ \ Aanbiedings mappen in TOEPASSINGEN ~ 1
[11.10.2008 | 04:05] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Adobe
[03.10.2007 | 01:28] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Apple
[12.09.2005 | 09:27] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Apple Computer
[28/08/2007 | 04:28] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Autodesk
[03.09.2008 | 10:46] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Avg7
[10.06.2008 | 12:37] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Avg8
[02.07.2006 | 01:52] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> DVD Shrink
[15/07/2006 | 12:35] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> EnterNHelp
[27/03/2007 | 10:25] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Google
[18/08/2008 | 07:44] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ TOEPASSINGEN ~ 1 \ Grisoft <DIR>
[23/10/2007 | 12:15] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Installaties
[12.09.2005 | 09:21] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> InstallShield
[11.10.2008 | 12:29] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> MailFrontier
[18/08/2008 | 04:05] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Microsoft
[10.09.2008 | 07:07] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Microsoft Help
[10.09.2007 | 04:25] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Nero
[11.10.2008 | 03:51] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> NOS
[21/05/2008 | 12:55] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> PC Drivers Headquarters
[12.09.2005 | 09:27] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> QuickTime
[24/11/2007 | 02:56] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Real
[12.09.2005 | 09:04] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> SBSI
[02-02-2008 | 05:17] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Seagate
[09.10.2008 | 11:53] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ TOEPASSINGEN ~ 1 \ Software <DIR> regel vlag bezit
[01.11.2006 | 01:13] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Sophos
[14/09/2008 | 02:08] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Spybot - Search & Destroy
[19/05/2008 | 07:41] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Symantec
[11.10.2008 | 06:00] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> TEMP
[15/02/2006 | 01:11] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> UDL
[15/07/2006 | 12:35] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Ultima_T15
[08.04.2006 | 02:27] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Windows Genuine Advantage
[22/06/2008 | 11:01] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> WLInstaller
[17/03/2008 | 09:32] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Adobe
[11.10.2008 | 03:55] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> AdobeUM
[13/09/2007 | 05:26] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Ahead
[13/06/2008 | 07:29] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Apple Computer
[02.10.2007 | 12:55] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> ArcSoft
[18/06/2006 | 11:34] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Atari
[21/05/2007 | 07:47] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Autodesk
[11.10.2008 | 11:11] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> AVG7
[19/05/2008 | 02:40] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> AVGTOOLBAR
[08.10.2008 | 01:29] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> BitTorrent
[21/05/2007 | 12:09] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Command & Conquer 3 Tiberium Wars
[01.09.2006 | 08:52] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Datalayer
[28/05/2007 | 02:25] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> dvdcss
[13/08/2007 | 03:00] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> EPSON
[03.05.2007 | 02:12] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Google
[07.09.2006 | 02:08] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Help
[26/06/2008 | 12:16] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> HPQ
[16/12/2004 | 04:22] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ Identities <DIR>
[19/02/2006 | 05:44] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> InterVideo
[23/04/2008 | 11:49] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Iwin
[03.05.2008 | 03:20] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Joost
[28/01/2006 | 03:15] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Leadertech
[13/09/2008 | 08:45] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> LimeWire
[14/02/2006 | 05:22] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Macromedia
[24/11/2007 | 03:04] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Media Player Classic
[19/05/2008 | 06:44] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Microsoft
[09.04.2008 | 06:13] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Mozilla
[15/07/2006 | 12:31] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Nikon
[01.09.2006 | 08:52] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Nokia
[01.09.2006 | 08:54] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Nokia Multimedia Player
[01.09.2006 | 08:41] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> PC Suite
[19/05/2008 | 07:32] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Real
[12.09.2005 | 09:30] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> SampleView
[21/05/2007 | 12:07] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> SecuROM
[09.10.2008 | 11:54] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Zeep ligt liefde
[28/01/2006 | 03:16] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Sonic
[23/04/2008 | 11:45] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> SpinTop
[14/09/2008 | 06:04] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> SPORE
[15/04/2008 | 05:04] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Spybot - Search & Destroy
[14/02/2006 | 05:49] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> zondag
[12.09.2005 | 09:41] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Symantec
[16/04/2008 | 06:42] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> U3
[26/05/2008 | 11:14] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> uTorrent
[27/05/2006 | 09:46] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> vlc
[20/05/2008 | 10:26] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> WinBatch
[12.09.2005 | 09:27] C: \ DOCUME ~ 1 \ Defaul ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Apple Computer
[16/12/2004 | 04:22] C: \ DOCUME ~ 1 \ Defaul ~ 1 \ TOEPASSINGEN ~ 1 \ Identities <DIR>
[12.09.2005 | 09:51] C: \ DOCUME ~ 1 \ Defaul ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Microsoft
[12.09.2005 | 09:21] C: \ DOCUME ~ 1 \ Defaul ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Real
[12.09.2005 | 09:30] C: \ DOCUME ~ 1 \ Defaul ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> SampleView
[12.09.2005 | 09:41] C: \ DOCUME ~ 1 \ Defaul ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Symantec
[18/08/2008 | 07:44] C: \ DOCUME ~ 1 \ LOCALS ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> AVG7
[18/08/2008 | 07:44] C: \ DOCUME ~ 1 \ LOCALS ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Microsoft
[18/08/2008 | 07:44] C: \ DOCUME ~ 1 \ netwerk ~ 1 \ TOEPASSINGEN ~ 1 \ <DIR> Microsoft

-------------------- \ \ Geplande taken in C: \ WINDOWS \ Taken
[11/10/2008 06:00 PM] [- ah -----] C: \ WINDOWS \ taken \ A396018B9185B27B.job
[11/10/2008 06:11 PM] [- een ------] C: \ WINDOWS \ taken \ Symantec NetDetect.job
[11/10/2008 05:00 PM] [- een ------] C: \ WINDOWS \ taken \ RegCure Program Check.job
[28/08/2008 04:00 AM] [- een ------] C: \ WINDOWS \ taken \ RegCure.job
[11/10/2008 04:07 PM] [- ah -----] C: \ WINDOWS \ taken \ SA.DAT
[05/08/2004 05:00 AM] [-RAH -----] C: \ WINDOWS \ taken \ Desktop.ini
(A396018B9185B27B.job) = (c: \ DOCUME ~ 1 \ Compaq ~ 1 \ applic ~ 1 \ soapli ~ 1 \ Axisgreatex tra.exe)
-------------------- \ \ Aanbiedings mappen in C: \ Program Files
[27/07/2008 | 05:02] C: \ Program Files \ <DIR> Activision
[11.10.2008 | 04:05] C: \ Program Files \ Adobe <DIR>
[15/06/2008 | 12:20] C: \ Program Files \ Ahead <DIR>
[20/05/2007 | 11:20] C: \ Program Files \ <DIR> Alcohol Soft
[03.06.2008 | 09:01] C: \ Program Files \ <DIR> Apple Software Update
[15/07/2006 | 12:27] C: \ Program Files \ <DIR> ArcSoft
[12.09.2005 | 09:13] C: \ Program Files \ <DIR> ATI Technologies
[21/05/2007 | 07:36] C: \ Program Files \ <DIR> Autodesk
[27/05/2008 | 04:42] C: \ Program Files \ AVG <DIR>
[20/06/2008 | 04:54] C: \ Program Files \ <DIR> BitTorrent
[11.10.2008 | 04:05] C: \ Program Files \ Common Files <DIR>
[24/11/2004 | 01:06] C: \ Program Files \ <DIR> ComPlus Toepassingen
[21/05/2008 | 12:51] C: \ Program Files \ <DIR> DAP
[08.11.2006 | 02:07] C: \ Program Files \ <DIR> DivX
[30/09/2008 | 09:12] C: \ Program Files \ <DIR> DominateGame
[21/05/2007 | 10:35] C: \ Program Files \ <DIR> Drug Heer 2
[18/08/2008 | 03:56] C: \ Program Files \ <DIR> D-Tools
[08.11.2006 | 12:56] C: \ Program Files \ <DIR> DVD Shrink
[19/05/2008 | 07:12] C: \ Program Files \ <DIR> Easy Internet signup
[14/09/2008 | 06:02] C: \ Program Files \ <DIR> Electronic Arts
[15/02/2006 | 01:11] C: \ Program Files \ <DIR> Epson
[26/05/2008 | 11:15] C: \ Program Files \ <DIR> eToro
[30/09/2008 | 09:12] C: \ Program Files \ <DIR> EV Nova
[13/11/2006 | 09:39] C: \ Program Files \ <DIR> FLVPlayer
[26/06/2008 | 12:13] C: \ Program Files \ <DIR> GameSpy Arcade
[12.09.2005 | 09:37] C: \ Program Files \ <DIR> Google
[27/11/2006 | 10:19] C: \ Program Files \ <DIR> Grafiek
[08.11.2007 | 06:44] C: \ Program Files \ <DIR> Griffin Technology
[18/08/2008 | 07:44] C: \ Program Files \ Grisoft <DIR>
[27/03/2006 | 09:17] C: \ Program Files \ <DIR> GustoSoft
[29/09/2008 | 04:41] C: \ Program Files \ <DIR> Hp
[05.12.2007 | 01:09] C: \ Program Files \ <DIR> Infogrames Interactive
[14/09/2008 | 06:03] C: \ Program Files \ InstallShield Installation Information <DIR>
[17/08/2008 | 09:45] C: \ Program Files \ Internet Explorer <DIR>
[12.09.2005 | 09:23] C: \ Program Files \ <DIR> InterVideo
[03.06.2008 | 09:04] C: \ Program Files \ <DIR> iPod
[14/02/2006 | 05:20] C: \ Program Files \ <DIR> iPrimus
[03.06.2008 | 09:05] C: \ Program Files \ <DIR> iTunes
[30/09/2008 | 08:51] C: \ Program Files \ Java <DIR>
[14/09/2008 | 05:43] C: \ Program Files \ <DIR> John Deere American Farmer Deluxe
[09.04.2008 | 06:13] C: \ Program Files \ <DIR> Joost
[24/11/2007 | 02:56] C: \ Program Files \ <DIR> K-Lite Codec Pack
[20/03/2008 | 05:13] C: \ Program Files \ <DIR> LimeWire
[31/08/2008 | 05:28] C: \ Program Files \ Maxis <DIR>
[18/08/2008 | 02:14] C: \ Program Files \ <DIR> Messenger
[15/05/2007 | 11:48] C: \ Program Files \ Microsoft CAPICOM 2.1.0.2 <DIR>
[12.09.2005 | 09:19] C: \ Program Files \ Microsoft Encarta <DIR>
[16/12/2004 | 04:23] C: \ Program Files \ Microsoft FrontPage <DIR>
[26/06/2008 | 12:17] C: \ Program Files \ Microsoft Games <DIR>
[12.09.2005 | 09:25] C: \ Program Files \ <DIR> Microsoft Money 2005
[29/06/2008 | 10:10] C: \ Program Files \ Microsoft Office <DIR>
[15/02/2006 | 12:29] C: \ Program Files \ Microsoft Visual Studio <DIR>
[03.06.2008 | 03:51] C: \ Program Files \ Microsoft Works <DIR>
[14/02/2008 | 10:22] C: \ Program Files \ Microsoft.NET <DIR>
[14/03/2008 | 09:22] C: \ Program Files \ <DIR> MindArk
[18/08/2008 | 02:11] C: \ Program Files \ <DIR> Movie Maker
[11.10.2008 | 11:09] C: \ Program Files \ <DIR> Mozilla Firefox
[16/12/2004 | 04:23] C: \ Program Files \ <DIR> MSN
[16/12/2004 | 04:23] C: \ Program Files \ <DIR> MSN Gaming Zone
[18/10/2006 | 01:19] C: \ Program Files \ <DIR> MSXML 4.0
[02-02-2008 | 05:16] C: \ Program Files \ <DIR> MSXML 6.0
[10.09.2007 | 04:25] C: \ Program Files \ Nero <DIR>
[18/08/2008 | 02:10] C: \ Program Files \ NetMeeting <DIR>
[15/07/2006 | 12:30] C: \ Program Files \ <DIR> Nikon
[11.10.2008 | 03:51] C: \ Program Files \ <DIR> NOS
[15/02/2006 | 12:42] C: \ Program Files \ <DIR> OfficeUpdate11
[14/09/2008 | 02:59] C: \ Program Files \ <DIR> Online Services
[18/08/2008 | 02:10] C: \ Program Files \ Outlook Express <DIR>
[26/06/2007 | 09:29] C: \ Program Files \ <DIR> PartyGaming
[12.09.2005 | 09:34] C: \ Program Files \ <DIR> PC-Doctor voor DOS
[17/06/2007 | 08:43] C: \ Program Files \ <DIR> PokerRoom.com
[31/05/2007 | 01:55] C: \ Program Files \ <DIR> PokerStars
[03.06.2008 | 09:04] C: \ Program Files \ QuickTime <DIR>
[21/04/2008 | 08:30] C: \ Program Files \ <DIR> RegCure
[02-02-2008 | 05:17] C: \ Program Files \ <DIR> Seagate
[23/04/2008 | 01:20] C: \ Program Files \ <DIR> Sean O'Connor's Windows Games
[24/07/2008 | 06:08] C: \ Program Files \ <DIR> SEGA
[18/08/2008 | 03:56] C: \ Program Files \ <DIR> Sierra Entertainment
[08.02.2007 | 11:24] C: \ Program Files \ <DIR> SLD Codec Pack
[09.10.2008 | 11:53] C: \ Program Files \ <DIR> Zeep ligt liefde
[14/03/2008 | 06:16] C: \ Program Files \ <DIR> Sophos
[15/04/2008 | 09:22] C: \ Program Files \ <DIR> Spybot - Search & Destroy
[24/11/2007 | 02:59] C: \ Program Files \ <DIR> StrongDC + +
[19/05/2008 | 07:41] C: \ Program Files \ <DIR> Symantec
[13/09/2008 | 10:03] C: \ Program Files \ <DIR> TeaTimer (Spybot - Search & Destroy)
[14/02/2006 | 05:39] C: \ Program Files \ <DIR> Telstra
[19/06/2007 | 09:45] C: \ Program Files \ <DIR> TexasCalculatem
[30/05/2008 | 01:43] C: \ Program Files \ <DIR> Theorica DivX ;-) Codecs
[29/02/2008 | 06:25] C: \ Program Files \ <DIR> TP-LINK
[11.10.2008 | 12:33] C: \ Program Files \ <DIR> Trend Micro
[03.04.2008 | 12:17] C: \ Program Files \ <DIR> Trymedia
[24/11/2004 | 01:07] C: \ Program Files \ Uninstall <DIR> Informatie
[27/05/2006 | 08:19] C: \ Program Files \ <DIR> VideoLAN
[10.09.2008 | 01:44] C: \ Program Files \ <DIR> VUGames
[11.10.2008 | 05:57] C: \ Program Files \ <DIR> Warcraft III
[05.06.2008 | 01:07] C: \ Program Files \ <DIR> Weatherzone Tracker
[13/09/2006 | 12:25] C: \ Program Files \ <DIR> WinAVI VideoConverter
[14/03/2008 | 06:35] C: \ Program Files \ <DIR> Windows Live
[10-10-2007 | 11:18] C: \ Program Files \ <DIR> Windows Media Connect 2
[25/08/2008 | 06:37] C: \ Program Files \ <DIR> Windows Media Player
[14/09/2008 | 02:59] C: \ Program Files \ <DIR> Windows NT
[03.10.2007 | 03:00] C: \ Program Files \ <DIR> Windows XP Fun Pack
[24/11/2004 | 01:07] C: \ Program Files \ WindowsUpdate <DIR>
[14/09/2008 | 05:41] C: \ Program Files \ WinRAR <DIR>
[16/12/2004 | 04:24] C: \ Program Files \ <DIR> Xerox
[11.10.2008 | 12:29] C: \ Program Files \ <DIR> Zone Labs
[11.10.2008 | 12:31] C: \ Program Files \ <DIR> ZoneAlarmSB
-------------------- \ \ Aanbiedings mappen in C: \ Program Files \ Common Files
[11.10.2008 | 04:05] C: \ Program Files \ Common Files \ Adobe <DIR>
[11.10.2008 | 04:05] C: \ Program Files \ Common Files \ <DIR> Adobe AIR
[10.09.2007 | 04:28] C: \ Program Files \ Common Files \ Ahead <DIR>
[03.10.2007 | 01:28] C: \ Program Files \ Common Files \ Apple <DIR>
[28/08/2007 | 04:28] C: \ Program Files \ Common Files \ <DIR> Autodesk Shared
[03.06.2008 | 03:50] C: \ Program Files \ Common Files \ <DIR> DESIGNER
[12.09.2005 | 09:27] C: \ Program Files \ Common Files \ InstallShield <DIR>
[12.09.2005 | 09:06] C: \ Program Files \ Common Files \ <DIR> Java
[19/05/2008 | 07:25] C: \ Program Files \ Common Files \ Microsoft Shared <DIR>
[16/12/2004 | 04:23] C: \ Program Files \ Common Files \ <DIR> MSSoap
[15/07/2006 | 12:30] C: \ Program Files \ Common Files \ <DIR> muvee Technologies
[15/07/2006 | 12:31] C: \ Program Files \ Common Files \ <DIR> Nikon
[16/12/2004 | 04:23] C: \ Program Files \ Common Files \ <DIR> ODBC
[19/05/2008 | 07:32] C: \ Program Files \ Common Files \ <DIR> Real
[20/05/2008 | 11:24] C: \ Program Files \ Common Files \ <DIR> Diensten
[16/12/2004 | 04:23] C: \ Program Files \ Common Files \ <DIR> SpeechEngines
[19/05/2008 | 07:41] C: \ Program Files \ Common Files \ <DIR> Symantec Shared
[18/08/2008 | 02:10] C: \ Program Files \ Common Files \ System <DIR>
[11.03.2007 | 11:10] C: \ Program Files \ Common Files \ <DIR> Thraex Software
[14/03/2008 | 06:34] C: \ Program Files \ Common Files \ <DIR> WindowsLiveInstaller
-------------------- \ \ Process
(41 Processen)
IEXPLORE.EXE ~ [PID: 2612]
IEXPLORE.EXE ~ [PID: 2640]
iexplore.exe ~ [PID: 3160]
IEXPLORE.EXE ~ [PID: 2940]
-------------------- \ \ Zoeken met S_Lop
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ LOCALS ~ 1 \ Temp \ bis9A.exe
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ SOAPLI ~ 1
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ SOAPLI ~ 1 \ ATOM DASH.exe
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ SOAPLI ~ 1 \ Axis grote extra.exe
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ SOAPLI ~ 1 \ ilouimpk.ex e
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ SOAPLI ~ 1 \ jvuyskje.ex e
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ SOAPLI ~ 1 \ lfbsabiw.ex e

-------------------- \ \ Zoeken naar Lop Files - Mappen
C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ TOEPASSINGEN ~ 1 \ Software regel vlag bezit
C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ TOEPASSINGEN ~ 1 \ Software regel vlag bezit \ Eerste obj.exe
C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ TOEPASSINGEN ~ 1 \ Software regel vlag bezit \ Skip proc.exe
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ soapli ~ 1
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ soapli ~ 1 \ ATOM DASH.exe
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ soapli ~ 1 \ Axis grote extra.exe
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ soapli ~ 1 \ ilouimpk.ex e
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ soapli ~ 1 \ jvuyskje.ex e
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ soapli ~ 1 \ lfbsabiw.ex e
C: \ Program Files \ soapli ~ 1
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ LOCALS ~ 1 \ Temp \ TorrentSpeeder. zip
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Cookies \ compaq_owner @ adultfri endfinder [1]. Txt
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Cookies \ compaq_owner @ reclame ING [2]. Txt
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Cookies \ compaq_owner @ ero-reclame [1]. Txt
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Cookies \ compaq_owner@adopt.eu roclick [2]. Txt
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Cookies \ compaq_owner @ partypok er [1]. Txt
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Cookies \ compaq_owner @ 888 [2]. Txt
C: \ WINDOWS \ Tasks \ A396018B9185B27B.job

-------------------- \ \ Zoeken binnen de griffie
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Uninstall \ Houd wma ref]
"DisplayName" = "CID Help"
"UninstallString" = "C: \ \ DOCUME ~ 1 \ \ COMPAQ ~ 1 \ \ TOEPASSINGEN ~ 1 \ \ SOAPLI ~ 1 \ \ ATOM DASH.exe-uninstall"
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"MODE REAL" = "C: \ \ DOCUME ~ 1 \ \ COMPAQ ~ 1 \ \ TOEPASSINGEN ~ 1 \ \ SOAPLI ~ 1 \ \ ATOM DASH.exe"
"MODE REAL" = "C: \ \ DOCUME ~ 1 \ \ COMPAQ ~ 1 \ \ TOEPASSINGEN ~ 1 \ \ SOAPLI ~ 1 \ \ ATOM DASH.exe"
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"Flag Bezit Live Grim" = "C: \ \ Documents and Settings \ \ All Users \ \ Application Data \ \ Software regel vlag bezit \ \ Eerste obj.exe"
-------------------- \ \ Gecontroleerd het Hosts bestand
Hosts bestand CLEAN

-------------------- \ \ Zoeken naar verborgen bestanden met CatchMe

CatchMe 0.3.1353 W2K/XP/Vista - rootkit / stealth malware detector, Gmer, http://www.gmer.net
Rootkit scan 2008-10-11 18:12:47
Windows 5.1.2600 Service Pack 3 NTFS
het scannen van verborgen processen ...
het scannen van verborgen bestanden ...
scannen is voltooid
verborgen processen: 0
verborgen bestanden: 0

-------------------- \ \ Zoeken naar andere infecties
-------------------- \ \ Cracks & Keygens ..
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Local Settings \ Temp \ Rar $ EX02.922 \ Crack
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Local Settings \ Temp \ Rar $ EX02.922 \ Crack \ rld-spor.exe
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Local Settings \ Temp \ Rar $ EX02.922 \ Crack \ SporeApp.exe
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Recent \ Spore.GENERIC_KEYGEN-FFF.lnk

[F: 343] [D: 29] -> C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ LOCALS ~ 1 \ Temp
[F: 200] [D: 0] -> C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Cookies
[F: 18.285] [D: 24] -> C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ LOCALS ~ 1 \ TEMPOR ~ 1 \ Content.IE5
1 - "C: \ Lop SD \ LopR_1.txt" - za 11.10.2008 | 18:07 - Optie: [1]
2 - "C: \ Lop SD \ LopR_2.txt" - za 11.10.2008 | 18:14 - Optie: [1]
-------------------- \ \ Scan ten 18:14:22

**evilfantasy** · #4 11 okt 2008, 22:29

NoLop downloaden naar uw bureaublad. NoLop.exe

Sluit alle programma's die je hebt uitgevoerd, omdat een reboot nodig is
Dubbelklik op NoLop.exe om het uit te voeren
Volgende, klik op de knop: Search and Destroy
- Uw computer zal nu worden gescand op geïnfecteerde bestanden
Wanneer de scan is voltooid, als besmet, wordt u gevraagd om opnieuw op te starten
Klik op OK
Klik nu op: REBOOT
Een bericht moet pop uit NoLop. Zo niet, dubbelklik op het programma opnieuw en het zal eindigen.
Post de inhoud van C: \ NoLop.log in het volgende antwoord.

Opmerking: Als u een fout, "Mscomctl.ocx of een van de afhankelijkheden zijn niet correct geregistreerd," Please download Mscomctl.ocx aan uw system32 map vervolgens herhaling van het programma.

Ook het uitvoeren van een niew HijackThis scan en post het log.

davejess00 · #5 11 okt 2008, 22:46

Ok hier zijn de logs:

Nolop

NoLop! Aanmelden bij Skate_Punk_21

Fix loopt uit: C: \ Documents and Settings \ Compaq_Owner \ Desktop
[12.10.2008]
[4:33:52 PM]

--- Infectie Files Found/Removed---
C: \ WINDOWS \ taken \ A396018B9185B27B.job

Begin Removal ...
Rebooten ...
Het verwijderen van Lop de resterende bestanden / mappen ...
Bezig met bewerken van Register ...
** Fix Complete! **

--- Aanbieding AppData submappen ---

C: \ Documents and Settings \ All Users \ Application Data \ Adobe
C: \ Documents and Settings \ All Users \ Application Data \ Apple
C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer
C: \ Documents and Settings \ All Users \ Application Data \ Autodesk
C: \ Documents and Settings \ All Users \ Application Data \ Avg7
C: \ Documents and Settings \ All Users \ Application Data \ Avg8 - lege map
C: \ Documents and Settings \ All Users \ Application Data \ Dvd Shrink
C: \ Documents and Settings \ All Users \ Application Data \ Enternhelp
C: \ Documents and Settings \ All Users \ Application Data \ Google
C: \ Documents and Settings \ All Users \ Application Data \ Grisoft
C: \ Documents and Settings \ All Users \ Application Data \ Installations
C: \ Documents and Settings \ All Users \ Application Data \ InstallShield
C: \ Documents and Settings \ All Users \ Application Data \ Mailfrontier - lege map
C: \ Documents and Settings \ All Users \ Application Data \ Microsoft
C: \ Documents and Settings \ All Users \ Application Data \ Microsoft Help
C: \ Documents and Settings \ All Users \ Application Data \ Nero
C: \ Documents and Settings \ All Users \ Application Data \ nrs.
C: \ Documents and Settings \ All Users \ Application Data \ PC Drivers Headquarters
C: \ Documents and Settings \ All Users \ Application Data \ Quicktime
C: \ Documents and Settings \ All Users \ Application Data \ Real - lege map
C: \ Documents and Settings \ All Users \ Application Data \ SBSI
C: \ Documents and Settings \ All Users \ Application Data \ Seagate
C: \ Documents and Settings \ All Users \ Application Data \ Software artikel Flag Bezit
C: \ Documents and Settings \ All Users \ Application Data \ Sophos
C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy
C: \ Documents and Settings \ All Users \ Application Data \ Symantec
C: \ Documents and Settings \ All Users \ Application Data \ Temp - lege map
C: \ Documents and Settings \ All Users \ Application Data \ UDL
C: \ Documents and Settings \ All Users \ Application Data \ Ultima_t15
C: \ Documents and Settings \ All Users \ Application Data \ Windows Genuine Advantage
C: \ Documents and Settings \ All Users \ Application Data \ Wlinstaller
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Adobe
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Adobeum
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Ahead
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Apple Computer
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Arcsoft
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Atari
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Autodesk
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Avg7
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Avgtoolbar
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Bittorrent
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Command & Conquer 3 Tiberium Wars
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Datalayer
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Dvdcss
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Epson
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Google
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Help - lege map
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Hpq
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Identities
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Intervideo
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Iwin
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Joost
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Leadertech
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Limewire
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Macromedia
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Media Player Classic
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Microsoft
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Mozilla
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Nikon
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Nokia
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Nokia Multimedia Player
C: \ Documents and Settings \ Compaq_owner \ Application Data \ PC Suite
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Real
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Sampleview - lege map
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Securom
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Zeep Lies Love
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Sonic
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Spintop
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Spore
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Spybot - Search & Destroy
C: \ Documents and Settings \ Compaq_owner \ Application Data \ zondag
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Symantec - lege map
C: \ Documents and Settings \ Compaq_owner \ Application Data \ U3
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Utorrent
C: \ Documents and Settings \ Compaq_owner \ Application Data \ vlc
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Winbatch
C: \ Documents and Settings \ Default User \ Application Data \ Apple Computer
C: \ Documents and Settings \ Default User \ Application Data \ Identities
C: \ Documents and Settings \ Default User \ Application Data \ Microsoft
C: \ Documents and Settings \ Default User \ Application Data \ Real
C: \ Documents and Settings \ Default User \ Application Data \ Sampleview - lege map
C: \ Documents and Settings \ Default User \ Application Data \ Symantec - lege map
C: \ Documents and Settings \ LocalService \ Application Data \ Avg7 - lege map
C: \ Documents and Settings \ LocalService \ Application Data \ Microsoft
C: \ Documents and Settings \ NetworkService \ Application Data \ Microsoft

HijackThis:

Logbestand van Trend Micro HijackThis v2.0.2
Scan opgeslagen in 4:44:14 uur, op 12.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Draaiende processen:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ explorer.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ WINDOWS \ system32 \ acs.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ windows \ system \ hpsysdrv.exe
C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe
C: \ WINDOWS \ ALCXMNTR.EXE
C: \ Program Files \ TP-LINK \ TWCU \ TWCU.exe
C: \ HP \ KBD \ KBD.EXE
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Adobe \ Reader 9.0 \ Reader \ Reader_sl.exe
C: \ Program Files \ Internet Explorer \ IEXPLORE.EXE
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ Internet Explorer \ IEXPLORE.EXE
C: \ Program Files \ Nikon \ PictureProject \ NkbMonitor.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page =
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.limewire.com/inclient/?st...ows + XP & OSV = 5,1
O2 - BHO: AcroIEHelperStub - (18DF081C-E8AD-4283-A596-FA578C2EBDC3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - (3CA2F312-6F6E-4B53-A66E-4E65E497C8C0) - C: \ Program Files \ AVG \ AVG8 \ avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O2 - BHO: (geen naam) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (geen file)
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ Program Files \ Google \ googletoolbar1.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - (F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA) - C: \ Program Files \ ZoneAlarmSB \ bar \ 1.bin \ SPYBLOCK.DLL
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ Program Files \ Google \ googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - (F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA) - C: \ Program Files \ ZoneAlarmSB \ bar \ 1.bin \ SPYBLOCK.DLL
O4 - HKLM \ .. \ Run: [IMJPMIG8.1] "C: \ WINDOWS \ IME \ imjp8_1 \ IMJPMIG.EXE" / Verwen / RemAdvDef / Migration32
O4 - HKLM \ .. \ Run: [MSPY2002] C: \ WINDOWS \ system32 \ IME \ PINTLGNT \ ImScInst.exe / SYNC
O4 - HKLM \ .. \ Run: [PHIME2002ASync] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / SYNC
O4 - HKLM \ .. \ Run: [PHIME2002A] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / IMEName
O4 - HKLM \ .. \ Run: [hpsysdrv] c: \ windows \ system \ hpsysdrv.exe
O4 - HKLM \ .. \ Run: [ATIPTA] C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe
O4 - HKLM \ .. \ Run: [Recguard] C: \ WINDOWS \ SMINST \ RECGUARD.EXE
O4 - HKLM \ .. \ Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM \ .. \ Run: [TWCU] "C: \ Program Files \ TP-LINK \ TWCU \ TWCU.exe"-nogui
O4 - HKLM \ .. \ Run: [KBD] C: \ HP \ KBD \ KBD.EXE
O4 - HKLM \ .. \ Run: [EPSON Stylus CX3700 Series] C: \ WINDOWS \ System32 \ spool \ drivers \ w32x86 \ 3 \ E_FATIA CP.EXE / F "C: \ WINDOWS \ TEMP \ E_SC4.tmp" / EF "HKLM"
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP
O4 - HKLM \ .. \ Run: [Flag Bezit Live Grim] C: \ Documents and Settings \ All Users \ Application Data \ Software regel vlag bezit \ Eerste obj.exe
O4 - HKLM \ .. \ Run: [ZoneAlarm Client] "C: \ Program Files \ Zone Labs \ ZoneAlarm \ zlclient.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 9.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKCU \ .. \ Run: [MODE REAL] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ SOAPLI ~ 1 \ ATOM DASH.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [updateMgr] "C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ AdobeUpdateManager.exe" AcRdB7_1_0-reboot 1
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user')
O4 - Global Startup: NkbMonitor.exe.lnk = C: \ Program Files \ Nikon \ PictureProject \ NkbMonitor.exe
O8 - Extra context menu item: & Clean Traces - C: \ Program Files \ DAP \ Privacy Package \ dapcleanerie.htm
O8 - Extra context menu item: & Download met & DAP - C: \ Program Files \ DAP \ dapextie.htm
O8 - Extra context menu item: & Google Search - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download & allemaal met DAP - C: \ Program Files \ DAP \ dapextie2.htm
O8 - Extra context menu item: E & xporteren naar Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MICROS ~ 3 \ Office12 \ EXCEL.EXE/3000
O8 - Extra context menu item: Gelijkwaardige pagina's - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Vertalen naar het Engels - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (geen naam) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra button: Onderzoek - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MICROS ~ 3 \ Office12 \ REFIEBAR.DLL
O9 - Extra button: (geen naam) - (B205A35E-1FC4-4CE3-818B-899DBBB3388C) - C: \ Program Files \ Common Files \ Microsoft Shared \ Encarta Search Bar \ ENCSBAR.DLL
O9 - Extra button: Connection Help - (E2D4D26B-0180-43a4-B05F-462D6D54C789) - C: \ WINDOWS \ PCHealth \ HelpCtr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ IEButton \ support.htm
O9 - Extra 'Tools' MENUITEM: Connection Help - (E2D4D26B-0180-43a4-B05F-462D6D54C789) - C: \ WINDOWS \ PCHealth \ HelpCtr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ IEButton \ support.htm
O9 - Extra button: (geen naam) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (0CCA191D-13A6-4E29-B746-314DEE697D83) (Facebook Photo Uploader 5) -- http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: (4F1E5B1A-2A80-42CA-8532-2D05CB959537) (MSN Photo Upload Tool) -- http://gfx2.hotmail.com/mail/w3/pr01...s/MSNPUpld.cab
O16 - DPF: (96EEC7FF-106A-47F3-90D6-B4BB754AA40E) (POLI online betalen) -- https: / / autxn.paywithpoli.com / ewcust...iPayOnline.cab
O16 - DPF: (CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7) (get_atlcom Class) -- http://wwwimages.adobe.com/www.adobe...bat/nos/gp.cab
O23 - Service: TP-LINK Configuration Service (ACS) - Onbekende eigenaar - C: \ WINDOWS \ system32 \ acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: getPlus (R) Helper - NOS Microsystems Ltd - C: \ Program Files \ NOS \ bin \ getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C: \ WINDOWS \ system32 \ ZoneLabs \ vsmon.exe

--
End of file - 10505 bytes

**evilfantasy** · #6 11 okt 2008, 22:53

Open HijackThis en selecteer Doe een systeemscan alleen.

Plaats een vinkje naast de volgende items: (indien aanwezig)

O4 - HKLM \ .. \ Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM \ .. \ Run: [Flag Bezit Live Grim] C: \ Documents and Settings \ All Users \ Application Data \ Software regel vlag bezit \ Eerste obj.exe
O4 - HKCU \ .. \ Run: [MODE REAL] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ TOEPASSINGEN ~ 1 \ SOAPLI ~ 1 \ ATOM DASH.exe

Belangrijk: Sluit alle vensters behalve HijackThis en klik op Fix gecontroleerd.

Afsluiten HijackThis.

----------

Opmerking: de onderstaande instructies zijn die speciaal voor deze gebruiker. Als u geen gebruiker, DO NOT Volg deze aanwijzingen als ze kunnen schade toebrengen aan de werking van uw systeem

Ga naar Start> Uitvoeren en type notepad.exe klik op OK

Kopieer en plak de onderstaande in Kladblok en sla op als fixme.reg om Uw Desktop

Code:

REGEDIT4 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Run] "AlcxMonitor" =- "Flag Bezit Live Grim" =- [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ Run] "MODE REAL" =-

Zoek fixme.reg op uw bureaublad en dubbelklik erop. Antwoord Ja toen gevraagd om te fuseren met de griffie.

Zorg ervoor dat u mij vertellen of u ontvangt een succes bericht over het toevoegen van het bovenstaande tot het register. Als je niet een succes bericht, het werkte niet.

Verwijder de fixme.reg vanaf het bureaublad.

Herstart de computer

----------

Downloaden CCleaner Slim en sla het op uw bureaublad.
Wanneer het bestand is opgeslagen, gaat u naar uw bureaublad en dubbelklik op ccsetupxxx_slim.exe
Volg de aanwijzingen om het programma te installeren.
Voltooi de installatie vervolgens:

Dubbelklik op het CCleaner snelkoppeling op het bureaublad om het programma te starten.
Klik op de Opties blok aan de linkerkant, kies dan Cookies.
- Onder Cookies verwijderenMarkeer alle cookies die u wilt behouden permanent
- Klik op de pijl naar rechts > om ze te verplaatsen naar de Cookies om Bewaar venster.
Ga naar Opties > Geavanceerd uncontroleren Alleen verwijderen van bestanden in Windows Temp mappen die ouder zijn dan 48 uur
Klik op Cleaner aan de linkerkant dan Run Cleaner inzake het recht op het programma.
Belangrijk: Zorg ervoor dat ALLE browservensters gesloten zijn voordat de selectie Run Cleaner
Let op: Het is niet aan te bevelen dat u gebruik maken van de 'Registry' functie, tenzij u zeer vertrouwd met het register.
Afsluiten CCleaner nadat zij heeft haar proces.

----------

Downloaden Malwarebytes' Anti-Malware (MBAM)

Dubbelklik op mbam-setup.exe en volg de instructies om het programma te installeren.
Aan het eind, moet u een vinkje is geplaatst naast het volgende:
- Update Malwarebytes' Anti-Malware
- Start Malwarebytes' Anti-Malware
Klik vervolgens op Voltooien.
Als een update wordt gevonden, zal het downloaden en installeren van de nieuwste versie.
Zodra het programma is geladen, selecteert u Voeren quick scanKlik vervolgens op Scan.
Wanneer de scan is voltooid, klikt u op OK, Dan Toon resultaten om de resultaten.
Zorg ervoor dat alles wordt gecontroleerd, en klik op Verwijder Geselecteerde.
Wanneer ontsmettingswerkzaamheden voltooid is, een log zal openen in Kladblok en u wordt gevraagd opnieuw op te starten. (Zie extra opmerking)
Het log wordt automatisch bewaard door MBAM en kan bekeken worden door te klikken op de Logs tab in MBAM.
Kopieer en plak de hele rapport in je volgende antwoord.

Extra Opmerking: Indien MBAM ontmoetingen een bestand dat is moeilijk te verwijderen, wordt u aangeboden met 1 of 2 wordt gevraagd, klikt u op OK om beide en laat MBAM gaan met de ontsmetting proces, indien gevraagd om de computer te herstarten, doe dat dan meteen.

davejess00 · #7 11 okt 2008, 23:26

Ik kreeg het succes bericht van de fixme.reg bestand en hier is het MBAM log:

Malwarebytes' Anti-Malware 1.28
Database versie: 1259
Windows 5.1.2600 Service Pack 3

12/10/2008 5:24:27 PM
mbam-log-2008-10-12 (17-24-27). txt

Scan type: Quick Scan
Objecten gescand: 45849
Verstreken tijd: 2 minute (s), 43 seconde (n)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(Geen kwaadaardige items gedetecteerd)

Memory Modules Infected:
(Geen kwaadaardige items gedetecteerd)

Registry Keys Infected:
(Geen kwaadaardige items gedetecteerd)

Registry Values Infected:
(Geen kwaadaardige items gedetecteerd)

Registry Data Items Infected:
(Geen kwaadaardige items gedetecteerd)

Folders Infected:
(Geen kwaadaardige items gedetecteerd)

Geïnfecteerde bestanden:
(Geen kwaadaardige items gedetecteerd)

**evilfantasy** · #8 11 okt 2008, 23:29

Hoe is alles nu?

davejess00 · #9 11 okt 2008, 23:33

Running sneller maar in Taakbeheer in processen iexplore.exe is er nog steeds, en wanneer ik uiteindelijk het terugkomt. Voor ongeveer 5 minuten het gebruikt bijna 99% cpu vervolgens na een wijle het omlaag naar 0, maar mem gebruik blijft rond 100.000 K.

**evilfantasy** · #10 12 okt 2008, 11:41

Download ComboFix door subs uit een van de onderstaande links. Wees er zeker boven op te slaan op de Desktop.

Link # 1
Link # 2

** Opmerking: Het is belangrijk dat het is opgeslagen rechtstreeks op uw bureaublad

Sluit alle open web browsers. (Firefox, Internet Explorer, enz.) voordat u begint ComboFix.

Tijdelijk uitschakelen je antivirus, En eventuele antispyware real-time bescherming voordat het uitvoeren van een scan. Klik op deze link om een lijst van programma's die de veiligheid moeten worden uitgeschakeld en het uitschakelen van hen.

Dubbelklik op combofix.exe en volg de instructies.
Wanneer u klaar bent ComboFix zal een log voor je.
Post de ComboFix log en een nieuwe HijackThis log in je volgende antwoord.

Belangrijk: Niet muisklik ComboFix het venster terwijl het draait. Dat kan leiden tot stilstand.

Vergeet niet om opnieuw inschakelen van uw antivirus-en antispyware-bescherming wanneer ComboFix is voltooid.