Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Er gebeuren rare dingen.

M@rc
22 antwoorden
  • Ik heb bij mijn buurman een probleem. Op zijn pc geeft hij virusmeldingen. Bij deze heb ik een hijacklog gemaakt:

    Logfile of HijackThis v1.99.1
    Scan saved at 16:51:36, on 21-11-05
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\BCMWLTRY.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\INCREDIMAIL\BIN\IMAPP.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
    O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
    O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
    O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
    O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O18 - Filter: text/html - {D7E99F00-DA93-11D9-A711-0030BDF212C4} - C:\WINDOWS\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\V0.34.DAT

    Ziet er iemand rare dingen?????????????

    Alvast bedankt voor de genomen moeite.

    Steefie.
  • Sluit alle open vensters, run HijackThis nog een keer en plaats een vinkje bij de volgende items:

    [b:25a53c958e]O18 - Filter: text/html - {D7E99F00-DA93-11D9-A711-0030BDF212C4} - C:\WINDOWS\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\V0.34.DAT[/b:25a53c958e]

    Klik daarna op "Fix checked" en sluit HijackThis af.


    Herstart en maak een nieuwe log. Post deze.
  • Het heeft even geduurt, maar hier is de nieuwe log.

    Logfile of HijackThis v1.99.1
    Scan saved at 20:30:53, on 21-11-05
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
    O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
    O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
    O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
    O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
  • Logje ziet er weer goed uit.
    Probleem opgelost?
  • We zullen er verder naar kijken en als het nodig is melden we ons weer.
  • Meldt dan even welke bestanden geïnfecteerd zijn.
  • Grrrrr, nu heb ik ook 2 trojans.

    -Trojan horse IRC/BackDoor.SdBot.MYX

    Deze 2 keer op verschillende plaatsen.
    -C:\oo.exe
    -C:\System Volume Information\_restore{D1BDC09E-8E5E-461C-BBBA-33CEC3EB4DA4}\RP251\A0268985.exe

    kan iemand mij hier mee helpen, ajb?

    Ik gebruik AVG Free Edition en die geeft bij het opstarten deze virussen in beeld.

    Groetjes Stefan.
  • C:\System Volume Information\_restore{D1BDC09E-8E5E-461C-BBBA-33CEC3EB4DA4}\RP251\A0268985.exe

    deze kan je kwijt raken door je systeem herstel even uit te zetten – herstarten en weer aan zetten

    je bent dan wel je herstel punten kwijt, maar ook deze melding
  • Oke, ik denk dat deze melding weg is. Maar bij het opstarten krijg ik de 1e weer als virusmelding. En in mijn Shareaza files komen tientallen Winrar sexbestanden???????????????????????????

    :evil:
  • Maak een hijackthislog en post deze.
  • Sorry voor de vertraging, zat een paar dagen in het buitenland voor mijn werk.

    Logfile of HijackThis v1.99.1
    Scan saved at 16:07:48, on 28-11-2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    D:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\System32\00THotkey.exe
    C:\WINDOWS\LTSMMSG.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
    C:\WINDOWS\system32\TFNF5.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\WINDOWS\system32\bcmwltry.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\USBToolbox\Res.EXE
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\BSTime\BSTime.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\NetPumper\NetPumperIEProxy.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\MsMovies\MsMovies.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\NCLAUNCH.EXe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Administrator\Bureaublad\Ongebruikte bureaubladpictogrammen\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.home.nl/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O3 - Toolbar: ANWB Toolbar - {EBB03E3E-020A-418D-B322-761B730CA860} - C:\Program Files\ANWBToolbar\ANWBToolbar.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
    O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
    O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
    O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
    O4 - HKLM\..\Run: [RemoveCpl] RemoveCpl.exe
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USBToolbox\Res.EXE
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [BSTime] C:\Program Files\BSTime\BSTime.exe
    O4 - HKLM\..\Run: [NetPumper] "C:\Program Files\NetPumper\NetPumperIEProxy.exe"
    O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [MsMovies] C:\Program Files\MsMovies\MsMovies.exe /auto
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &Google-Suche - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Verweisseiten - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Ähnliche Seiten - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin
    pjpi142.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin
    pjpi142.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: ANWB - {C180B365-AAB4-49c3-8E52-C37832A8C758} - C:\Program Files\ANWBToolbar\ANWBToolbar.dll
    O9 - Extra 'Tools' menuitem: ANWB-toolbar - {C180B365-AAB4-49c3-8E52-C37832A8C758} - C:\Program Files\ANWBToolbar\ANWBToolbar.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://V5.Windowsupdate.microsoft.com en https
    O15 - Trusted Zone: http://Download.Windowsupdate.com
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccess/ie/Bridge-c106.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124876938421
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124876922750
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

  • Start de computer op in veilige modus. Hoe je dit doet kan je hier lezen.


    Sluit alle open vensters, run HijackThis nog een keer en plaats een vinkje bij de volgende items:

    [b:d1b1245ad9]O4 - HKLM\..\Run: [MsMovies] C:\Program Files\MsMovies\MsMovies.exe /auto
    O15 - Trusted Zone: http://V5.Windowsupdate.microsoft.com en https
    O15 - Trusted Zone: http://Download.Windowsupdate.com
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccess/ie/Bridge-c106.cab[/b:d1b1245ad9]

    Klik daarna op "Fix checked" en sluit HijackThis af.

    Herstart de computer.

    Start HijackThis opnieuw, maak een nieuwe log en post deze.

    Controleer eens of je de system32-map kan zien?

    Ga naar start - uitvoeren en tik in: cmd
    Opent er dan een dosbos?
    Tik bij uitvoeren eens in: regedit
    Opent de registereditor dan?
    Controleer of windows taakbeheer berwerkt.

    Laat me dit alles even weten.
  • Hier de nieuwe log. Ik ga nu kijken wat je verder vroeg.

    Logfile of HijackThis v1.99.1
    Scan saved at 16:31:45, on 28-11-2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    D:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\WINDOWS\System32\00THotkey.exe
    C:\WINDOWS\LTSMMSG.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\TFNF5.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\WINDOWS\system32\bcmwltry.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\USBToolbox\Res.EXE
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\BSTime\BSTime.exe
    C:\Program Files\NetPumper\NetPumperIEProxy.exe
    C:\Program Files\dvd43\dvd43_tray.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\NCLAUNCH.EXe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Administrator\Bureaublad\Ongebruikte bureaubladpictogrammen\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.home.nl/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O3 - Toolbar: ANWB Toolbar - {EBB03E3E-020A-418D-B322-761B730CA860} - C:\Program Files\ANWBToolbar\ANWBToolbar.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
    O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
    O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
    O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
    O4 - HKLM\..\Run: [RemoveCpl] RemoveCpl.exe
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USBToolbox\Res.EXE
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [BSTime] C:\Program Files\BSTime\BSTime.exe
    O4 - HKLM\..\Run: [NetPumper] "C:\Program Files\NetPumper\NetPumperIEProxy.exe"
    O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &Google-Suche - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Verweisseiten - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Ähnliche Seiten - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin
    pjpi142.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin
    pjpi142.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: ANWB - {C180B365-AAB4-49c3-8E52-C37832A8C758} - C:\Program Files\ANWBToolbar\ANWBToolbar.dll
    O9 - Extra 'Tools' menuitem: ANWB-toolbar - {C180B365-AAB4-49c3-8E52-C37832A8C758} - C:\Program Files\ANWBToolbar\ANWBToolbar.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124876938421
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124876922750
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

  • Nee Marc.

    Ik heb geen system 32 map.
    Als ik cmd intoets krijg ik wel een dos-scherm, maar daar staat verder niks in.
    En bij regedit flitst er een zwart scherm heel kort op en is dan weer weg.

    Wat bedoel je met of windows taakbeheer bewerkt?
  • Windows taakbeheer opent als je op CTRL+ALT+DELETE drukt.

    Download Pocket KillBox.
    Unzip het programma naar je bureaublad.
    Klik op killbox.exe.
    Zorg dat standaard file kill geselecteerd is:
    In het veld “Full path of file to delete" Kopieer en plak je het volgende:
    [code:1:a5a88b9510]
    c:\windows\system32\cmd.com
    [/code:1:a5a88b9510]
    Klik op de knop met de rode cirkel en het witte kruis.
    Als je een melding krijgt dat het bestand succesvol verwijderd is, ga je verder met onderstaande.

    Open een kladblokbestand.
    Kopieer onderstaande code in dit kladblokbestand.
    Ga naar Bestand - Opslaan als.
    Bij "Opslaan in" kies je: Bureaublad
    Bij "Bestandsnaam" zet je: fix.bat
    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
    Klik op de knop Opslaan.
    [code:1:a5a88b9510]cd %windir%
    attrib /s /d -h -s %windir%\system32
    attrib -s -h -r system32\bszip.dll
    attrib -s -h -r system32
    etstat.com
    attrib -s -h -r system32\ping.com
    attrib -s -h -r system32\regedit.com
    attrib -s -h -r system32\taskkill.com
    attrib -s -h -r system32\tasklist.com
    attrib -s -h -r system32\tracert.com
    del system32\bszip.dll
    del system32
    etstat.com
    del system32\ping.com
    del system32\regedit.com
    del system32\taskkill.com
    del system32\tasklist.com
    del system32\tracert.com
    [/code:1:a5a88b9510]
    Dubbelklik op fix.bat.

    Probeer opnieuw of regedit, cmd en windows taakbeheer werken.
    De system32-map zou weer zichtbaar moeten zijn.

  • Je hebt gelijk, dit werkt weer. En nu?
  • Doe deze online scan nog even: http://www.pandasoftware.com/activescan/com/activescan_principal.htm

    Als de scan klaar is krijg je de mogelijkheid om de resultaten op te slaan als een logje. Post de inhoud van dit logje.
  • Wat was dat een zooitje. Kijk maar:


    Incident Status Location

    Adware:adware/beginto Not desinfected C:\WINDOWS\SYSTEM32\dsktrf.dll
    Adware:adware/exact.bargainbuddyNot desinfected C:\WINDOWS\SYSTEM32\exdl.exe
    Adware:adware/wupd Not desinfected C:\WINDOWS\SYSTEM32\ide21201.vxd
    Adware:adware/ilookup Not desinfected C:\WINDOWS\SYSTEM32\poker112.ico
    Adware:adware/kingporn Not desinfected C:\WINDOWS\SYSTEM32\reg6523.exe
    Adware:adware/clickalchemy Not desinfected C:\WINDOWS\INF\alchem.inf
    Adware:adware/localnrd Not desinfected C:\WINDOWS\INF\localNrd.inf
    Adware:adware/twain-tech Not desinfected C:\WINDOWS\INF\multimpp.inf
    Adware:adware/blazefind Not desinfected C:\WINDOWS\Key2.txt
    Adware:adware/sahagent Not desinfected C:\WINDOWS\unstall.exe
    Spyware:spyware/adclicker Not desinfected C:\WINDOWS\usta32.ini
    Adware:adware/mediatickets Not desinfected Windows Registry
    Adware:Adware/WUpd Not desinfected C:\Documents and Settings\Administrator\Bureaublad\Ongebruikte bureaubladpictogrammen\backups\backup-20050621-171649-705.dll
    Adware:Adware/WUpd Not desinfected C:\Documents and Settings\Administrator\Bureaublad\Ongebruikte bureaubladpictogrammen\backups\backup-20051128-162849-572.dll
    Adware:Adware/Lop Not desinfected C:\Documents and Settings\Administrator\Local Settings\Temp\bis134.exe
    Adware:Adware/Lop Not desinfected C:\Documents and Settings\Administrator\Local Settings\Temp\phjfmves.exe
    Adware:Adware/WUpd Not desinfected C:\Documents and Settings\Administrator\Mijn documenten\backups\backup-20041215-200226-742.inf
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\  Teen Alexis Rides Cowboy And Jizzed For Lunch.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\  Teen Ander Page Rides Cowboy And Swallows Cum.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\  Teen Blonde Gets Cowboy Ride And Face Sprayed.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\  Teen Cuties First Cowboy Ride And Jizz Squirt.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\  Teen Cytherea Rides Cowboy And Takes Jizzshot.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\10mb Nailing A Hypnotized Girl.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\2 Huge Gaping Asshole & Mouthful.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\2 Tight Asshole Gets Jackhammered.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\3 Babe Gets Banged In Her Asshole.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\3 Bigtit Momma Babe Rides Cowboy.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\3 Blond Fucked Deep In Her Asshole.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\3 Cute Horny Country Teen Outdoor.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\3 Ellens Asshole Stretched Out Wide.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\3 Emily Gets Her Asshole Stretched.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\3 Gia Paloma Fingers In Her Asshole.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\3 Girl Wearing Cowboy Boots Fucks.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\3 Hot Teen Fucked While Hypnotized.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\3 Hottie Anal Fucks Her Hot Asshole.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\3 Hottie Gets Her Asshole Stretched.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\3 Hottie Ropes Dong & Rides Cowboy.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\3 Jayna Gets Huge Cock In Asshole.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\3 Jayna Gettin Huge Gaping Asshole.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\3 Kathy Gettin Huge Gaping Asshole.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\3 Lucy Getting Long Cock In Asshole.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\3 Mpg's 5.5mb Sexy Kiwi Stradles Cock Cowboy.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\3 Teen Cutie Rides A Dick In Asshole.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\3 Teen Gettin Her Asshole Fingered.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\3 Teeny Aurora Rides Cock Cowboy.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\3 Virgin Asshole For An Big Maniac.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\3 Wild Teen Fucks Cowboy Outdoors.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\4 Four Cute Lesbians Finger Asshole.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\4 Large Cock Is Inside Lara Asshole.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\4mb Teeny Fallon Rides Cock Cowboy.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\5mb Shyla Stylez Fucking A Cowboy.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\6 Girl Dildos Her Pussy And Asshole.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\6mb Ebony Simone Rides Cock Cowboy.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\6mb Hot Patricia Rides Cock Cowboy.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\6mb Sweetie Dani Rides Cock Cowboy.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\6mb Teen Eva Rides Big Cock Cowboy.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\6mb Teeny Ashley Rides Cock Cowboy.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\6mb Teeny Aurora Rides Cock Cowboy.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\7 Cowboy Fucks Hot Bolnd Outdoors.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\7mb Gets Tight Asshole Opened Up.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\A Hot Young Female Cop Fingering A Guys Tight Asshole T ….zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\A Lucky Guy Getting A Massage And The Masseuse Licks Hi ….zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Amateur Chick Getting Her Tight Assholes Filled With Cu ….zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Amateur Slut Asshole Licking.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Amazing Hardcore Sex By Cowboy.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Anal Latina With Cowboy Man.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Ariana Rides Cowboy And Jizzed.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Asian Chick Taking Cock Deep And Hard In Her Throat And ….zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Asian Showing Her Asshole.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Asian Tight Asshole Licked.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Asshole Collapses Under The Pressure Of His Hearton.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Asshole Filled With Black Pole.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Asshole Lovely Penetrated.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Babe Asshole Stuffed.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Babe Gets All Oiled Up And Getting Asshole Fucked.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Babe Gets Asshole Penetrated For The First Time In Thre ….zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Babe In Black Stockings Gets Her Asshole Stretched.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Babe Like Cowboy In Nylon.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Babe Rides Cock Cowboy And Jizz.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Babe Sucks And Gets Asshole Roughly Penetrated With Blo ….zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Babes Ride Cowboy Like A Horse.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Barcelona.justlodgings.com.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Big Ass Gets A Finger On Her Asshole While Getting Fuck ….zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Big Boobs Teen  Babe Enjoys Playing With  Her ….zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Big Tit Teen Rides Cock Cowboy.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Big Titted Ma Rides Em Cowboy And Slurps Up Juice.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Bigtits Lesbians Fucking In Cowboy Style.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Bigtitty Babe Play With Her Own Asshole Until Get Fucke ….zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Bigtitty Babe Playing With Her Own Asshole Until Get Fu ….zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Bint's Eyes Watering From His Stank, Nasty Asshole.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Black Bull Is Charging At Her Flaming Red Asshole.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Black Ho Enjoys Getting Her Juicy Asshole Pounded.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Black Rips Babe Asshole.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Black Rips Whore Asshole.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Blond Mama Rides Em Cowboy.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Blonde Ass Fucked By Country Man Outdoors.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Blonde Babe With Big Tits Showed Anal Plug In Her Assho ….zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Blonde Country Girl Shags With Her Horny Farm Hand.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Blonde Gets A Big Cock Stuffed Deep In Her Asshole.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Blonde Gets Asshole Drilled.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Blonde Hottie Getting Her Tight Asshole Fucked Hard.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Blonde Is Stripping It All Off And Is Riding Her Cowbo ….zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Blonde Schoolgirl Fucked With Cumshot On Asshole.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Blonde Sucking Cowboy Cock Near Haystack.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Blonde Tastes And Sucks Cock After She Is Fucked In Her ….zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Blonde Tighty Is Getting Her Virgin Asshole Pounded.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Blonde Whore Nicki Hunter Gets Her Tight Asshole Fucked ….zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Bomb Blondie Rides Cock Cowboy.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Briana Banks Pussy Eaten By Cowboy.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Brittney Sky Cowboy Ride On A Truck And Jizzing.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Brunette Geeneyed Chick Blowing Cock And Licking Fat As ….zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Brunette Gets Asshole Penetrated And Blowjob For The Fi ….zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Brunette Gets Asshole Penetrated And Then Sucks Two Coc ….zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Brunette Teen Beauty Plays With Pussy Ans Asshole On So ….zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Brunette Teen Chick Licking Shaved Asshole With The Ket ….zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Busty Asian Teen In Cowboy Hat Doggystyled In Club.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Busty Babe Gets Her Asshole Fucked By A Huge Cock.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Busty Babe Hypnotized And Serve Sex To Hypnotizer.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Busty Big Tits Assfucked Babe Enjoys Getting Her Asshol ….zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Busty Breasts Blonde Nailed In Her Asshole.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Busty Innocent Blonde Gets Fucked In The Country.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Busty Jewel Denile Slammed Up Her Asshole.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Busty Teen Massesuse Rubbing And Toying A Hot Gilrs Ass ….zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Cailey Bounces On Cock Cowboy And Is Cum Blasted.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Cassie Stradles Fat Cock Cowboy.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Cheap Hussie Coralled And Tried Out By Cak Cowboy.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Chick Asshole Fucked.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Chick Asshole Reamed.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Chick Blowing Dirty Asshole.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Cock Cowboy Is Taming This Dark Filly With His Dick.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Cock Stuffs Tight Asshole.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Cop Fucking Partner Asshole.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Coral Stone Has First Time Monster Dick In Asshole.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Country Babe Enjoys Sucking A Cock A Doodle Doo.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Country Bumpkin Is Getting Her Basket Snacked On.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Country Cowgirl Is Wrastling With His White Whale.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Country Cutie Auditions On The Couch With Her Cooch.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Country Cutie Gets Rocked By A Rough Looking Prick.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Country Cutie Helps The Farmboy Relax After Chores.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Country Cutie Is Copping A Squat On Her True Love.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Country Daughter Is Blinded By The Black Farm Hand.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Country Dumbass Is Snacking On His Smoked Coil.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Country Fresh Pussy Is Getting Cock In Her Tight Twat.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Country Gal In Pigtails Gets A Facial Of Nut Juice.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Country Gal Squeezes Her Bountiful Sacks For Camera.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Country Gals Are Getting Dunked With His Big Bone.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Country Gay Fucking.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Country Girl Giving Head.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Country Girl Is Drooling With Cum Strings From Dicks.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Country Girl Is Licking The Bush Of A Fresh Teen Frien ….zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Country Girls Are Showing Their Niblets In The Big Cit ….zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Country Girls Know How To Eat Each Others Twat Out.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Country Group All Studs.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Country Old Woman Vigorously Bangs In Forest.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Country Slut Helping The Farm Hands Take A Load Off.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Country Soft Lady Banged.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Country Tart Is Having Her Way With The Farm Hand.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Country, Fresh Teen Takes Her Clothes Off For Audition.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Couple Fucking In Country.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Cowboy Bones A Blonde Teen.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Cowboy Fucked Blonde Mouth.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Cowboy Fucks Sexy Indian Woman.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Cowboy Gay Amateur Jerking On Couch.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Cowboy Guy And Saloon Whore.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Cowboy Saddles This Filly And Rides Her Really Hard.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Cowboy Squirts Water Pistol Down Her Mining Shaft.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Cowboys Fuck A Whore.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Cowboys Fuck The Whore.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Curvy Cutie Is Warming His Pecker Up For Her Asshole.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Cute Asian Teen Nailed In Tight Asshole.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Cute Blonde Alexa Deepthroating And Gets Asshole Poked ….zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Cute Brunette Chick Lick Cream From The Cock And Asshol ….zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Cute Brunette Whore Licking Unshaved Asshole And Blowin ….zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Cute Teen Asshole Rearmed.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Cute Teen Willingly Gives Up Her Asshole For Fame.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Cute, Country Gal Is Getting Ridin Like A Pack Animal.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Cutiepie Gets Her Fill Of Fudge From His Rancid Asshol ….zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Cytherea Rides Cowboy And Jizz.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Dark Lance Taking A Tour Of Her Narrow Back Country.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Delivery Guy Licking Asshole.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Dirty Dog Really Giving A Beating To Her Dirty Asshole.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Dirty, Daisy Dukes Getting Taken Off By Country Gal.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Doctor Fucks His Hypnotized Client.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Dude Plays Hide The Meat In Chick's Gaping Asshole.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Ebony Eva Gets Asshole Stuffed.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Ebony Ice Stradles Cock Cowboy.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Emma Jade Licks Two Cocks And Asshole Then Swallows Cum ….zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Exotic Girl Hypnotized.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Fallon Summers Rides Cock Cowboy.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Fat Skinhead Guy Lick Cute Brunette Chicks Shaved Pussy ….zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Fine Assed Fillies Are Getting Branded By A Cowboy.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Finest Asshole And Big Pussy.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Former Cowboy Shoots Cum.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Four Lesbian Fingering Asshole.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Foxy Cunt Hole Rides His Bull Like A Country Rodeo.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Free Blonde Mom Deepthroats A Cock In The Country Video ….zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Free Blonde Mom Performing Oral Sex In The Country Vide ….zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Fucking Country Club Slut.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Gauge Rides Cowboy And Jizzled.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Gay Motel Cowboys Anal Toy Riding.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Gay Motel Cowboys Deepthroat Blowjob.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Gay Student Jerking While Asshole Fucking.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Giselle Stradles Big Cock Cowboy.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Giselle Stradles Cock Cowboy Style And Creamy Cumshot.zip[Video.exe]
    Virus:W32/Gaobot.KQS.worm Disinfected C:\My Shared Folder\Gorgeus Blonde Chick Gets Nailed Deep In Her Tight Assh ….zip[Video.exe]
  • Download en installeer CCleaner.
    Start CCleaner en klik op "Opschonen".
    Zorg dat alle verborgen bestanden weergeven worden en verwijder dan deze bestanden:
    C:\WINDOWS\SYSTEM32\dsktrf.dll
    C:\WINDOWS\SYSTEM32\exdl.exe
    C:\WINDOWS\SYSTEM32\ide21201.vxd
    C:\WINDOWS\SYSTEM32\poker112.ico
    C:\WINDOWS\SYSTEM32\reg6523.exe
    C:\WINDOWS\INF\alchem.inf
    C:\WINDOWS\INF\localNrd.inf
    C:\WINDOWS\INF\multimpp.inf
    C:\WINDOWS\Key2.txt
    C:\WINDOWS\unstall.exe
    C:\WINDOWS\usta32.ini

    Scan de computer met een geupdate Ad-Aware SE. Instructies vind je hier.
    Doe dit bij voorkeur in veilige modus.
    Laat alles verwijderen wat gevonden wordt.

    Herstart de computer en maak een nieuwe Hijackthislog. Post deze.
  • Na alle dingen gedaan te hebben zoals jij aangaf, hier de logfile:

    Logfile of HijackThis v1.99.1
    Scan saved at 18:19:49, on 29-11-2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    D:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\00THotkey.exe
    C:\WINDOWS\LTSMMSG.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
    C:\WINDOWS\system32\TFNF5.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\WINDOWS\system32\bcmwltry.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\USBToolbox\Res.EXE
    C:\Program Files\Apoint2K\Apntex.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\BSTime\BSTime.exe
    C:\Program Files\NetPumper\NetPumperIEProxy.exe
    C:\Program Files\dvd43\dvd43_tray.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\NCLAUNCH.EXe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Administrator\Bureaublad\Ongebruikte bureaubladpictogrammen\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.home.nl/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O3 - Toolbar: ANWB Toolbar - {EBB03E3E-020A-418D-B322-761B730CA860} - C:\Program Files\ANWBToolbar\ANWBToolbar.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
    O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
    O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
    O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
    O4 - HKLM\..\Run: [RemoveCpl] RemoveCpl.exe
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USBToolbox\Res.EXE
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [BSTime] C:\Program Files\BSTime\BSTime.exe
    O4 - HKLM\..\Run: [NetPumper] "C:\Program Files\NetPumper\NetPumperIEProxy.exe"
    O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &Google-Suche - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Verweisseiten - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Ähnliche Seiten - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin
    pjpi142.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin
    pjpi142.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: ANWB - {C180B365-AAB4-49c3-8E52-C37832A8C758} - C:\Program Files\ANWBToolbar\ANWBToolbar.dll
    O9 - Extra 'Tools' menuitem: ANWB-toolbar - {C180B365-AAB4-49c3-8E52-C37832A8C758} - C:\Program Files\ANWBToolbar\ANWBToolbar.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124876938421
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124876922750
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.