Sunnie

M'n laptop weigert nog op te starten. Ik laat me windows opnieuw er opzetten. Super bedankt voor jullie hulp!

Ik heb AVG verwijderd met de tool en opnieuw geinstalleerd. Ik krijg echter nog steeds dezelfde melding :S

Ik krijg nog steeds de melding: De toepassing kan niet worden gestart omdat de configuratie naast elkaar onjuist is. Raadpleeg het gebeurtenislogboek Toepassing voor meer informatie. Als ik in het gebeurtenislogboek kijk staat er: Kan activeringscontext voor 'C:\Program Files\AVG\AVG10\avgtray.exe' niet maken. Fout in manifest of beleidsbestand 'C:\Windows\WinSxS\manifests\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_ecff360cfb2594f3.manifest' op regel 0. Ongeldige XML-syntaxis.

GMER 1.0.15.15530 - GMER - Rootkit Detector and Remover Rootkit scan 2011-02-02 22:16:11 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000032 ST925031 rev.0001 Running: fb7eg0p8.exe; Driver: C:\Users\Saskia\AppData\Local\Temp\fglyyfog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x830C4CDC] SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x830C4ECE] SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x830C4982] SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x830C50D6] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 209 82AE496C 8 Bytes [DC, 4C, 0C, 83, CE, 4E, 0C, ...] {FMUL QWORD [ESP+ECX-0x7d]; INTO ; DEC ESI; OR AL, 0x83} .text ntkrnlpa.exe!KeSetEvent + 621 82AE4D84 4 Bytes [82, 49, 0C, 83] {OR BYTE [ECX+0xc], -0x7d} .text ntkrnlpa.exe!KeSetEvent + 6E5 82AE4E48 4 Bytes [D6, 50, 0C, 83] {SALC ; PUSH EAX; OR AL, 0x83} ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\svchost.exe[900] ntdll.dll!NtProtectVirtualMemory 773E4D34 5 Bytes JMP 0018000A .text C:\Windows\system32\svchost.exe[900] ntdll.dll!NtWriteVirtualMemory 773E5674 5 Bytes JMP 0019000A .text C:\Windows\system32\svchost.exe[900] ntdll.dll!KiUserExceptionDispatcher 773E5DC8 5 Bytes JMP 0017000A .text C:\Windows\system32\svchost.exe[900] ole32.dll!CoCreateInstance 76DE9F3E 5 Bytes JMP 00A4000A .text C:\Windows\Explorer.EXE[1176] ntdll.dll!NtProtectVirtualMemory 773E4D34 5 Bytes JMP 01D1000A .text C:\Windows\Explorer.EXE[1176] ntdll.dll!NtWriteVirtualMemory 773E5674 5 Bytes JMP 01D2000A .text C:\Windows\Explorer.EXE[1176] ntdll.dll!KiUserExceptionDispatcher 773E5DC8 5 Bytes JMP 01D0000A .text C:\Windows\Explorer.EXE[1176] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 762BB37C 4 Bytes [20, 28, 00, 10] {AND [EAX], CH; ADD [EAX], DL} ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1176] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [10002A00] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.) IAT C:\Windows\Explorer.EXE[1176] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001E00] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.) IAT C:\Windows\Explorer.EXE[1176] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002D50] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.) IAT C:\Windows\Explorer.EXE[1176] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) Device \Driver\ahcix86s -> DriverStartIo \Device\00000066 869AC292 Device \Driver\ahcix86s -> DriverStartIo \Device\00000067 869AC292 Device \Driver\ahcix86s -> DriverStartIo \Device\RaidPort0 869AC292 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Bestandssysteemfilterbeheer/Microsoft Corporation) Device \Device\00000065 -> \??\SCSI#Disk&Ven_ST925031&Prod_5AS__________#4&20664e7f&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd5079a2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xFC 0x3B 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0E 0x28 0xC2 0x6B ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd5079a2 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xFC 0x3B 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0E 0x28 0xC2 0x6B ... ---- EOF - GMER 1.0.15 ----

Ik krijg mijn virusscanner niet meer geopend; C:\Program Files\AVG\AVG10|avgui.exe. De toepassing kan niet worden gestart omdat de configuratie naast elkaar onjuist is. Raadpleeg het gebeurtenislogboek Toepassing voor meer informatie. Van Combofix heb ik een logje. [ATTACH]8866[/ATTACH] Bij TDDSKiller krijg ik een foutmelding, nadat ik op het logboek bestandje heb geklikt. Combofix.txt

ComboFix 11-01-31.02 - Saskia 02-02-2011 9:46.1.2 - x86 Gestart vanuit: c:\users\Saskia\Desktop\ComboFix.exe . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Windows Searchqu Toolbar c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\overlay.xul c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\install.rdf c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\.#searchqutb.js.1.3 c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\data\search\engines.xml c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\data\search\search.xsl c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\about.xml c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxpanelwin.xul c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxprefwin.xul c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxwin.xul c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\emailnotifierproviders.xml c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\neterror.xhtml c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\wmpstreamer.html c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\modules\datastore.jsm c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\preferences.xml c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\toolbar.htm c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\toolbar.xul c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-mdl.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-tl.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-tr.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-dragresize.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close-down.PNG c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close-over.PNG c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize-down.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize-over.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize-down.PNG c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize-over.PNG c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize.PNG c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-next-off.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-next.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-previous-off.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-previous.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\navico-home.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\panel.html c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\powered-mystart.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\tb_icon.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\widget.xml c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-mdl.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-tl.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-tr.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-dragresize.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close-down.PNG c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close-over.PNG c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize-down.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize-over.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize-down.PNG c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize-over.PNG c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize.PNG c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-next-off.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-next.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-previous-off.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-previous.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\navico-home.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\panel.html c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\powered-mystart.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\tb_icon.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\widget.xml c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-mdl.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-tl.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-tr.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-dragresize.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close-down.PNG c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close-over.PNG c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize-down.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize-over.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize-down.PNG c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize-over.PNG c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize.PNG c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-next-off.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-next.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-previous-off.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-previous.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\navico-home.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\panel.html c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\powered-mystart.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\tb_icon.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\widget.xml c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217.zip c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-mdl.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-tl.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-tr.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-dragresize.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close-down.PNG c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close-over.PNG c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize-down.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize-over.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize-down.PNG c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize-over.PNG c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize.PNG c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-next-off.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-next.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-previous-off.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-previous.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\navico-home.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\panel.html c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\powered-mystart.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\tb_icon.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.xml c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\bluelite.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\bluesky.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-search-over.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-search.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-settings-over.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-settings.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-widgets-over.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-widgets.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn_settings.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-back-ff.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-back.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-left.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-right.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-splitter.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-back.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-left.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-right.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-splitter.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-back-ff.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-back.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-left.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-right.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-splitter.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\ca.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\dictionary.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\divider.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\downloadcom.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\email.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\email_on.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\games.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred0.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred0_5.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\grey.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\headsup.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\ico-shield.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\images.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\add.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\aol.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-dn.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-right.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-up.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-end.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-mdl.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-start.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-end.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-mdl.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-start.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\blank.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnback-down-vista.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnback-vista.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnleft-down-vista.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnleft-vista.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnright-down-vista.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnright-vista.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\button-splitter-down-vista.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\button-splitter-vista.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\checkmark.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\chevron.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\collapse.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\comcast.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\dtx.css c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\edit-back-hot.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\edit-back.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\expand.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\found.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\gmail.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_blue.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_cyan.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_lime.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_magenta.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_yellow.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\hotmail.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\imap.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\loadingMid.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\lock.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\mailcom.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menu_bg-basic.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menu_separator_bar.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitem-splitter.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemback-down-vista.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemback-vista.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemleft-vista.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemright-down-vista.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemright-vista.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\move.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\movetarget.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupAbout.css c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupGames.css c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\footer.htm c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gamecategory.xsl c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gameList.xsl c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gametype.xsl c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-drag.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-next.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-previous.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-download.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-play.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-tags.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-Add.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-download.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-Info.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-play.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-shop.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupGames.html c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupWidgets.html c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\pop.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\css\manager.css c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\css\slider.css c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-radio.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\music-note.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\slider.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\slideron.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\track.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\managerpanel.html c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\volumeslider.html c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\remove.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rename.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\resize-box.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rss.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rsschannelback.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\RSSLogo.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rsstabdivider.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\scroll-left.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\scroll-right.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\search-go.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\search.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\text-ellipsis.xml c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\throbber.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\toolbarsplitter.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\transparent_1px.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_02.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_03.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_04.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_06.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_07.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_08.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_09.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_10.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_11.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_12.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_13.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_14.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_15.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_16.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_18.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_19.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_20.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_21.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\close-hot.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\close-normal.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\loadingMid.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\proxy.html c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\template.html c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\template.xml c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\templateFF.html c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\throbber.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\weather.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\yahoo.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lichen.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo-about.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\maps.bmp c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\menuseparatorback.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\modify-save.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\modify.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\modifyhot.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\music.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\news.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-main.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-search.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-weather.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-widgets.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\orange.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\pixsy.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\relatedlinks.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-collapse.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-delete.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-expand.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-feed.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder-remove.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder-rename.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-found.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-reload.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-subscribe.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rssback.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rsstopback.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\search-over.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\search.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-left.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-right.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchqutb.css c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\settings.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\shopping.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\siteinfo.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-bluelite.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-bluesky.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-grey.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-lichen.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-orange.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-yellow.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\technorati.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\throbber.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\toolbarsplitter.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\video.bmp c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\weather.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\web.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_allocine.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_bliptv.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_calcal.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_calculator.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_gservices.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_sudoku.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_todo.jpg c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_todo.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_trio.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_uconverter.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widgets-square-16px.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widgets.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\wikipedia.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\yahoosearch.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\yellow.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\youtube.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\zoom.png c:\program files\Windows Searchqu Toolbar\ToolBar\manifest.xml c:\users\Saskia\AppData\Roaming\.# . (((((((((((((((((((( Bestanden Gemaakt van 2011-01-02 to 2011-02-02 )))))))))))))))))))))))))))))) . 2011-02-02 09:07 . 2011-02-02 09:08 -------- d-----w- c:\users\Saskia\AppData\Local\temp 2011-02-02 09:07 . 2011-02-02 09:07 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-02-01 14:10 . 2011-02-01 14:10 -------- d-----w- c:\program files\CCleaner 2011-01-31 18:37 . 2011-01-31 18:37 -------- d-----w- C:\$AVG 2011-01-28 15:04 . 2011-01-28 15:04 -------- d-----w- c:\users\Saskia\AppData\Roaming\Malwarebytes 2011-01-28 15:04 . 2011-01-28 15:04 -------- d-----w- c:\programdata\Malwarebytes 2011-01-28 15:04 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-01-28 15:04 . 2011-01-28 15:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-01-28 15:04 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-01-28 14:59 . 2011-01-28 14:59 388096 ----a-r- c:\users\Saskia\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-01-28 14:59 . 2011-01-28 14:59 -------- d-----w- c:\program files\Trend Micro 2011-01-28 14:52 . 2011-01-28 14:52 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-01-28 14:52 . 2011-01-28 14:52 -------- d-----w- c:\program files\Hitman Pro 3.5 2011-01-28 14:52 . 2011-01-28 14:52 -------- d-----w- c:\programdata\Hitman Pro 2011-01-28 13:31 . 2011-01-28 16:21 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2011-01-28 13:31 . 2011-01-28 15:39 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-01-24 17:26 . 2011-01-24 17:26 -------- d-----w- c:\users\Saskia\AppData\Local\Threat Expert 2011-01-24 17:26 . 2011-01-24 17:26 -------- d-----w- c:\program files\HyvesToolbar 2011-01-24 17:18 . 2011-01-28 15:28 -------- d--h--w- c:\windows\msdownld.tmp 2011-01-24 10:30 . 2011-01-24 10:30 -------- d-----w- c:\users\Saskia\AppData\Roaming\SurfSecret Privacy Suite 2011-01-24 10:30 . 2011-01-24 10:34 -------- d-----w- c:\users\Saskia\AppData\Local\panda2_0dn 2011-01-24 10:29 . 2011-01-24 10:29 -------- d-----w- c:\programdata\Panda Security 2011-01-24 10:07 . 2011-01-24 10:07 -------- d-----w- c:\programdata\Fun4IM 2011-01-24 10:07 . 2011-01-24 10:07 -------- d-----w- c:\program files\Fun4IM 2011-01-15 17:02 . 2011-01-28 14:01 -------- d-----w- c:\programdata\Avira . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-02 17:26 . 2008-01-21 02:23 17976 ----a-w- c:\windows\system32\drivers\wmilib.sys 2011-02-02 17:24 . 2008-01-21 02:24 21504 ----a-w- c:\windows\system32\vga64k.dll 2011-02-02 17:24 . 2008-01-21 02:24 11776 ----a-w- c:\windows\system32\framebuf.dll 2011-02-02 17:24 . 2006-11-02 08:43 42496 ----a-w- c:\windows\system32\pstorec.dll 2011-02-02 17:23 . 2009-09-22 19:41 50664 ----a-w- c:\windows\system32\PSHED.DLL 2011-02-02 17:23 . 2006-11-02 07:10 4048 ----a-w- c:\windows\system32\TIMER.DRV 2011-02-02 17:17 . 2008-01-21 02:24 24120 ----a-w- c:\windows\system32\BOOTVID.DLL 2011-02-02 17:17 . 2009-09-22 19:41 17384 ----a-w- c:\windows\system32\kdcom.dll 2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr 2010-11-10 04:33 . 2010-11-30 09:19 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A2831668-C9DC-4282-8DA4-3F1A9CF80467}\mpengine.dll 2010-06-25 22:09 . 2010-02-09 08:40 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-05-14 21:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-20 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-18 61440] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-11 6957600] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-11 1833504] "PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344] "BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-04-03 698912] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-09-22 1243088] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders credssp.dll, mxqdabyb.dll [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)] 2010-12-20 17:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-09-20 11:39 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys [x] --- Andere Services/Drivers In Geheugen --- *Deregistered* - Avgldx86 *Deregistered* - PCTSDInjDriver32 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HsfXAudioService REG_MULTI_SZ HsfXAudioService bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map 2011-02-02 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-20 12:46] . . ------- Bijkomende Scan ------- . uStart Page = https://www.ziggo.nl/ uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=2&o=vp32&d=0909&m=aspire_7535 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Saskia\AppData\Roaming\Mozilla\Firefox\Profiles\ruo8ko3z.default\ FF - prefs.js: browser.search.defaulturl - hxxp://fruttisearch.com/search.php?q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxps://www.ziggo.nl/ FF - prefs.js: keyword.URL - hxxp://fruttisearch.com/search.php?q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} FF - Ext: Messenger Plus Live Netherlands Toolbar: {d2ab2732-a124-4fb2-8da5-4a6a9e379331} - %profile%\extensions\{d2ab2732-a124-4fb2-8da5-4a6a9e379331} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - ORPHANS VERWIJDERD - - - - Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-02-02 10:07 Windows 6.0.6002 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover Windows 6.0.6002 Disk: ST925031 rev.0001 -> Harddisk0\DR0 -> device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys acpi.sys hal.dll >>UNKNOWN [0x87795446]<< c:\windows\system32\drivers\PCTCore.sys PC Tools Kernel Driver Suite _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8779b504]; MOV EAX, [0x8779b580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; } 1 ntkrnlpa!IofCallDriver[0x82A48962] -> \Device\Harddisk0\DR0[0x87200820] 3 CLASSPNP[0x8A9A18B3] -> ntkrnlpa!IofCallDriver[0x82A48962] -> [0x870FD1B0] 5 PCTCore[0x830CA88F] -> ntkrnlpa!IofCallDriver[0x82A48962] -> [0x869664F0] 7 acpi[0x807666BC] -> ntkrnlpa!IofCallDriver[0x82A48962] -> [0x860D7798] \Driver\ahcix86s[0x87783CF0] -> IRP_MJ_CREATE -> 0x87795446 kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV SI, 0x7be; MOV CL, 0x4; CMP [sI], CH; JL 0x2d; JNZ 0x3b; } detected disk devices: \Device\00000066 -> \??\SCSI#Disk&Ven_ST925031&Prod_5AS__________#4&20664e7f&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found detected hooks: \Driver\atapi -> 0x85f611f8 user & kernel MBR OK Warning: possible TDL3 rootkit infection ! ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Voltooingstijd: 2011-02-02 10:17:18 ComboFix-quarantined-files.txt 2011-02-02 09:17 Pre-Run: 179.632.611.328 bytes beschikbaar Post-Run: 179.034.603.520 bytes beschikbaar - - End Of File - - 7E22FDD43E616F678B397333F3D829DD

Ik heb het bovenstaande uitgevoerd. Ik heb CCleaner uitgevoerd tot er geen bestanden meer gevonden werden. Hierna heb ik AVG laten scannen. Hij vond op dezelfde locaties weer het virus en er zijn 2 besmette locaties bijgekomen: C:\Windows\System32\wuauclt.exe (4656) & C:\Windows\System32\wuauclt.exe:\memory_00010000 :S

AVG vindt nog steeds het trojaans paard agent_r.XJ op de volgende locaties:C:\Windows\explorer.exe (2556):\memory_00010000, C:\Windows\explorer.exe (2556), C:\Program Files\Internet Explorer\iexplore.exe (5096):\memory_00010000 & C:\Program Files\Internet Explorer\iexplore.exe (5096). Bij de memorybestanden staat erbij dat het object niet toegankelijk is.

Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes Databaseversie: 5630 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 1-2-2011 10:40:51 mbam-log-2011-02-01 (10-40-51).txt Scantype: Snelle scan Objecten gescand: 142146 Verstreken tijd: 9 minuut/minuten, 52 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:47:07, on 1-2-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Windows\PLFSetI.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\ehome\ehmsas.exe C:\Users\Saskia\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.ziggo.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - Global Startup: Sitecom USB Wireless LAN Utility.lnk = C:\Program Files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: UPS - Unknown owner - C:\Windows\system32\upc.exe (file missing) -- End of file - 8577 bytes

[ATTACH]8825[/ATTACH] Ik hoop dat het zo beter te lezen is. hijackthis.log

Ik heb inderdaad meerdere virusscanners geprobeerd om te kijken of ze het virus eraf konden halen. Helaas.. Ik heb Norton met de tool verwijderd. AVG is mijn actieve scanner ja.

Logfile of Trend Micro HijackThis v2.0.4Scan saved at 12:31:23, on 30-1-2011Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v7.00 (7.00.6002.18005)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Program Files\Spyware Doctor\pctsTray.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Windows\PLFSetI.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exeC:\Program Files\Acer\Acer ePower Management\ePowerTray.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\AVG\AVG10\avgtray.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exeC:\Windows\ehome\ehmsas.exeC:\Windows\system32\wbem\unsecapp.exeC:\Users\Saskia\AppData\Local\Temp\RtkBtMnt.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exeC:\Windows\system32\wuauclt.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exeC:\Program Files\Trend Micro\HiJackThis\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=2&o=vp32&d=0909&m=aspire_7535R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.ziggo.nl/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=2&o=vp32&d=0909&m=aspire_7535R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O1 - Hosts: ::1 localhostO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dllO2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.3.0.5\coIEPlg.dllO2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.3.0.5\IPSBHO.DLLO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dllO2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dllO3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coIEPlg.dllO3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dllO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunO4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exeO4 - HKLM\..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exeO4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -kO4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exeO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exeO4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscriptO4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /backgroundO4 - Global Startup: Bluetooth Manager.lnk = ?O4 - Global Startup: Sitecom USB Wireless LAN Utility.lnk = C:\Program Files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exeO8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLLO18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dllO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dllO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLLO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dllO23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exeO23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exeO23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exeO23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exeO23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exeO23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exeO23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exeO23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exeO23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exeO23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exeO23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exeO23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exeO23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exeO23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exeO23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exeO23 - Service: UPS - Unknown owner - C:\Windows\system32\upc.exe (file missing)--End of file - 9600 bytes

Hallo,Mijn virisscanner (AVG) heeft een viris gedetecteerd. Helaas krijgt hij hem niet verwijderd. Op het forum zag ik een oude discussie staam (http://www.pc-helpforum.be/f163/agent_r-xj-trojaans-paard-zeer-trage-30879/), en ik vroeg mij af of ik dezelfde stappen kan volgen als in die discussie? Ik zit nml met hetzelfde probleem.Groetjes Sunnie