Trojaans paard agent_r.XJ

Sunnie · 1 februari 2011

AVG vindt nog steeds het trojaans paard agent_r.XJ op de volgende locaties:C:\Windows\explorer.exe (2556):\memory_00010000, C:\Windows\explorer.exe (2556), C:\Program Files\Internet Explorer\iexplore.exe (5096):\memory_00010000 & C:\Program Files\Internet Explorer\iexplore.exe (5096). Bij de memorybestanden staat erbij dat het object niet toegankelijk is.

kweezie wabbit · 1 februari 2011

Voer dit eens uit en laat AVG dan nogmaals scannen.

Download CCleaner. (Als je het nog niet hebt)

Installeer het en start CCleaner op.

Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Bevestigen met JA of OK

Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”.

Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft.

Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar kunnen besmette herstelpunten tussen zitten die je zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Configuratiescherm -> Systeem en Onderhoud -> Systeem -> tabblad "Systeembeveiliging" -> vinkje weghalen bij de schijf waarvan je de herstelpunten wil verwijderen -> klikken op "toepassen".

Dan krijg je de schermmelding “Weet u zeker dat u systeemherstel wil uitschakelen”. Klik hier op “Systeemherstel uitschakelen”. Dan zijn alle herstelpunten verwijderd op de aangeduide schijf.

Zet daarna opnieuw een vinkje bij de harde schijf. Maak meteen ook een nieuw herstelpunt, zodat je niet hoeft te wachten op een automatisch herstelpunt van het systeem.

Sunnie · 1 februari 2011

Ik heb het bovenstaande uitgevoerd. Ik heb CCleaner uitgevoerd tot er geen bestanden meer gevonden werden. Hierna heb ik AVG laten scannen. Hij vond op dezelfde locaties weer het virus en er zijn 2 besmette locaties bijgekomen: C:\Windows\System32\wuauclt.exe (4656) & C:\Windows\System32\wuauclt.exe:\memory_00010000 :S

kweezie wabbit · 2 februari 2011

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:
Klik hier
Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.
Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.
ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.
**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.
Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

Klik op Ja om verder te gaan met het scannen naar malware.

Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Indien je problemen hebt bij het uitvoeren van ComboFix, gelieve dit te melden.

Sunnie · 2 februari 2011

ComboFix 11-01-31.02 - Saskia 02-02-2011 9:46.1.2 - x86

Gestart vanuit: c:\users\Saskia\Desktop\ComboFix.exe

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Windows Searchqu Toolbar

c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt

c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\overlay.xul

c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\install.rdf

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\.#searchqutb.js.1.3

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\data\search\engines.xml

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\data\search\search.xsl

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\about.xml

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxpanelwin.xul

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxprefwin.xul

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxwin.xul

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\emailnotifierproviders.xml

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\neterror.xhtml

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\wmpstreamer.html

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\modules\datastore.jsm

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\preferences.xml

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\toolbar.htm

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\toolbar.xul

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-mdl.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-tl.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-tr.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-dragresize.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close-down.PNG

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close-over.PNG

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize-down.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize-over.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize-down.PNG

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize-over.PNG

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize.PNG

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-next-off.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-next.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-previous-off.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-previous.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\navico-home.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\panel.html

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\powered-mystart.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\tb_icon.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\widget.xml

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-mdl.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-tl.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-tr.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-dragresize.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close-down.PNG

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close-over.PNG

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize-down.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize-over.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize-down.PNG

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize-over.PNG

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize.PNG

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-next-off.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-next.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-previous-off.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-previous.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\navico-home.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\panel.html

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\powered-mystart.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\tb_icon.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\widget.xml

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-mdl.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-tl.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-tr.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-dragresize.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close-down.PNG

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close-over.PNG

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize-down.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize-over.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize-down.PNG

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize-over.PNG

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize.PNG

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-next-off.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-next.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-previous-off.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-previous.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\navico-home.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\panel.html

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\powered-mystart.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\tb_icon.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\widget.xml

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217.zip

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-mdl.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-tl.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-tr.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-dragresize.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close-down.PNG

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close-over.PNG

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize-down.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize-over.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize-down.PNG

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize-over.PNG

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize.PNG

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-next-off.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-next.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-previous-off.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-previous.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\navico-home.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\panel.html

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\powered-mystart.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\tb_icon.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.xml

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\bluelite.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\bluesky.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-search-over.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-search.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-settings-over.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-settings.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-widgets-over.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-widgets.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn_settings.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-back-ff.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-back.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-left.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-right.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-splitter.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-back.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-left.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-right.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-splitter.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-back-ff.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-back.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-left.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-right.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-splitter.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\ca.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\dictionary.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\divider.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\downloadcom.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\email.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\email_on.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\games.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred0.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred0_5.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\grey.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\headsup.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\ico-shield.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\images.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\add.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\aol.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-dn.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-right.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-up.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-end.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-mdl.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-start.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-end.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-mdl.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-start.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\blank.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnback-down-vista.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnback-vista.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnleft-down-vista.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnleft-vista.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnright-down-vista.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnright-vista.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\button-splitter-down-vista.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\button-splitter-vista.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\checkmark.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\chevron.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\collapse.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\comcast.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\dtx.css

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\edit-back-hot.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\edit-back.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\expand.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\found.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\gmail.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_blue.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_cyan.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_lime.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_magenta.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_yellow.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\hotmail.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\imap.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\loadingMid.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\lock.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\mailcom.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menu_bg-basic.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menu_separator_bar.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitem-splitter.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemback-down-vista.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemback-vista.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemleft-vista.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemright-down-vista.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemright-vista.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\move.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\movetarget.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupAbout.css

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupGames.css

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\footer.htm

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gamecategory.xsl

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gameList.xsl

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gametype.xsl

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-drag.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-next.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-previous.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-download.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-play.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-tags.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-Add.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-download.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-Info.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-play.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-shop.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupGames.html

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupWidgets.html

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\pop.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\css\manager.css

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\css\slider.css

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-radio.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\music-note.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\slider.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\slideron.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\track.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\managerpanel.html

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\volumeslider.html

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\remove.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rename.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\resize-box.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rss.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rsschannelback.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\RSSLogo.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rsstabdivider.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\scroll-left.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\scroll-right.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\search-go.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\search.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\text-ellipsis.xml

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\throbber.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\toolbarsplitter.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\transparent_1px.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_02.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_03.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_04.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_06.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_07.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_08.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_09.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_10.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_11.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_12.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_13.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_14.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_15.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_16.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_18.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_19.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_20.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_21.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\close-hot.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\close-normal.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\loadingMid.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\proxy.html

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\template.html

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\template.xml

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\templateFF.html

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\throbber.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\weather.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\yahoo.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lichen.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo-about.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\maps.bmp

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\menuseparatorback.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\modify-save.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\modify.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\modifyhot.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\music.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\news.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-main.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-search.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-weather.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-widgets.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\orange.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\pixsy.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\relatedlinks.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-collapse.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-delete.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-expand.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-feed.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder-remove.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder-rename.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-found.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-reload.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-subscribe.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rssback.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rsstopback.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\search-over.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\search.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-left.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-right.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchqutb.css

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\settings.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\shopping.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\siteinfo.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-bluelite.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-bluesky.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-grey.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-lichen.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-orange.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-yellow.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\technorati.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\throbber.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\toolbarsplitter.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\video.bmp

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\weather.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\web.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_allocine.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_bliptv.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_calcal.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_calculator.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_gservices.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_sudoku.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_todo.jpg

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_todo.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_trio.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_uconverter.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widgets-square-16px.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widgets.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\wikipedia.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\yahoosearch.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\yellow.gif

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\youtube.png

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\zoom.png

c:\program files\Windows Searchqu Toolbar\ToolBar\manifest.xml

c:\users\Saskia\AppData\Roaming\.#

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-01-02 to 2011-02-02 ))))))))))))))))))))))))))))))

.

2011-02-02 09:07 . 2011-02-02 09:08 -------- d-----w- c:\users\Saskia\AppData\Local\temp

2011-02-02 09:07 . 2011-02-02 09:07 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-02-01 14:10 . 2011-02-01 14:10 -------- d-----w- c:\program files\CCleaner

2011-01-31 18:37 . 2011-01-31 18:37 -------- d-----w- C:\$AVG

2011-01-28 15:04 . 2011-01-28 15:04 -------- d-----w- c:\users\Saskia\AppData\Roaming\Malwarebytes

2011-01-28 15:04 . 2011-01-28 15:04 -------- d-----w- c:\programdata\Malwarebytes

2011-01-28 15:04 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-01-28 15:04 . 2011-01-28 15:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-01-28 15:04 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-01-28 14:59 . 2011-01-28 14:59 388096 ----a-r- c:\users\Saskia\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-01-28 14:59 . 2011-01-28 14:59 -------- d-----w- c:\program files\Trend Micro

2011-01-28 14:52 . 2011-01-28 14:52 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-01-28 14:52 . 2011-01-28 14:52 -------- d-----w- c:\program files\Hitman Pro 3.5

2011-01-28 14:52 . 2011-01-28 14:52 -------- d-----w- c:\programdata\Hitman Pro

2011-01-28 13:31 . 2011-01-28 16:21 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-01-28 13:31 . 2011-01-28 15:39 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-01-24 17:26 . 2011-01-24 17:26 -------- d-----w- c:\users\Saskia\AppData\Local\Threat Expert

2011-01-24 17:26 . 2011-01-24 17:26 -------- d-----w- c:\program files\HyvesToolbar

2011-01-24 17:18 . 2011-01-28 15:28 -------- d--h--w- c:\windows\msdownld.tmp

2011-01-24 10:30 . 2011-01-24 10:30 -------- d-----w- c:\users\Saskia\AppData\Roaming\SurfSecret Privacy Suite

2011-01-24 10:30 . 2011-01-24 10:34 -------- d-----w- c:\users\Saskia\AppData\Local\panda2_0dn

2011-01-24 10:29 . 2011-01-24 10:29 -------- d-----w- c:\programdata\Panda Security

2011-01-24 10:07 . 2011-01-24 10:07 -------- d-----w- c:\programdata\Fun4IM

2011-01-24 10:07 . 2011-01-24 10:07 -------- d-----w- c:\program files\Fun4IM

2011-01-15 17:02 . 2011-01-28 14:01 -------- d-----w- c:\programdata\Avira

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-02 17:26 . 2008-01-21 02:23 17976 ----a-w- c:\windows\system32\drivers\wmilib.sys

2011-02-02 17:24 . 2008-01-21 02:24 21504 ----a-w- c:\windows\system32\vga64k.dll

2011-02-02 17:24 . 2008-01-21 02:24 11776 ----a-w- c:\windows\system32\framebuf.dll

2011-02-02 17:24 . 2006-11-02 08:43 42496 ----a-w- c:\windows\system32\pstorec.dll

2011-02-02 17:23 . 2009-09-22 19:41 50664 ----a-w- c:\windows\system32\PSHED.DLL

2011-02-02 17:23 . 2006-11-02 07:10 4048 ----a-w- c:\windows\system32\TIMER.DRV

2011-02-02 17:17 . 2008-01-21 02:24 24120 ----a-w- c:\windows\system32\BOOTVID.DLL

2011-02-02 17:17 . 2009-09-22 19:41 17384 ----a-w- c:\windows\system32\kdcom.dll

2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr

2010-11-10 04:33 . 2010-11-30 09:19 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A2831668-C9DC-4282-8DA4-3F1A9CF80467}\mpengine.dll

2010-06-25 22:09 . 2010-02-09 08:40 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-05-14 21:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-20 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-18 61440]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-11 6957600]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-11 1833504]

"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344]

"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600]

"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-04-03 698912]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-09-22 1243088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders credssp.dll, mxqdabyb.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk

backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup

backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]

2010-12-20 17:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-09-20 11:39 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys [x]

--- Andere Services/Drivers In Geheugen ---

*Deregistered* - Avgldx86

*Deregistered* - PCTSDInjDriver32

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HsfXAudioService REG_MULTI_SZ HsfXAudioService

bthsvcs REG_MULTI_SZ BthServ

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Inhoud van de 'Gedeelde Taken' map

2011-02-02 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-20 12:46]

.

------- Bijkomende Scan -------

.

uStart Page = https://www.ziggo.nl/

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=2&o=vp32&d=0909&m=aspire_7535

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Saskia\AppData\Roaming\Mozilla\Firefox\Profiles\ruo8ko3z.default\

FF - prefs.js: browser.search.defaulturl - hxxp://fruttisearch.com/search.php?q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxps://www.ziggo.nl/

FF - prefs.js: keyword.URL - hxxp://fruttisearch.com/search.php?q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

FF - Ext: Messenger Plus Live Netherlands Toolbar: {d2ab2732-a124-4fb2-8da5-4a6a9e379331} - %profile%\extensions\{d2ab2732-a124-4fb2-8da5-4a6a9e379331}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

- - - - ORPHANS VERWIJDERD - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-02-02 10:07

Windows 6.0.6002 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover

Windows 6.0.6002 Disk: ST925031 rev.0001 -> Harddisk0\DR0 ->

device: opened successfully

user: MBR read successfully

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys acpi.sys hal.dll >>UNKNOWN [0x87795446]<<

c:\windows\system32\drivers\PCTCore.sys PC Tools Kernel Driver Suite

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8779b504]; MOV EAX, [0x8779b580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x82A48962] -> \Device\Harddisk0\DR0[0x87200820]

3 CLASSPNP[0x8A9A18B3] -> ntkrnlpa!IofCallDriver[0x82A48962] -> [0x870FD1B0]

5 PCTCore[0x830CA88F] -> ntkrnlpa!IofCallDriver[0x82A48962] -> [0x869664F0]

7 acpi[0x807666BC] -> ntkrnlpa!IofCallDriver[0x82A48962] -> [0x860D7798]

\Driver\ahcix86s[0x87783CF0] -> IRP_MJ_CREATE -> 0x87795446

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV SI, 0x7be; MOV CL, 0x4; CMP [sI], CH; JL 0x2d; JNZ 0x3b; }

detected disk devices:

\Device\00000066 -> \??\SCSI#Disk&Ven_ST925031&Prod_5AS__________#4&20664e7f&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

\Driver\atapi -> 0x85f611f8

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

Voltooingstijd: 2011-02-02 10:17:18

ComboFix-quarantined-files.txt 2011-02-02 09:17

Pre-Run: 179.632.611.328 bytes beschikbaar

Post-Run: 179.034.603.520 bytes beschikbaar

- - End Of File - - 7E22FDD43E616F678B397333F3D829DD

kweezie wabbit · 2 februari 2011

Ik heb mijn collega gevraagd om dit logje na te zien want van combofix heb ik (nog) niet veel verstand.

Even wachten dus op zijn reactie.

Ondertussen kan je AVG nog eens laten scannen en melden wat er nu nog uit de bus komt.

kape · 2 februari 2011

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\msdownld.tmp

Folder::

c:\programdata\Fun4IM

c:\programdata\Hitman Pro

c:\program files\Fun4IM

c:\windows\system32\drivers\hitmanpro35.sys

Driver::

hitmanpro35.sys

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Download TDSSKiller.zip en plaats het op je bureaublad.

Pak de bestanden uit.

Open een kladblokbestand.

Kopieer onderstaande code in dit kladblokbestand.

Code

@ECHO OFF

TDSSKiller.exe -l report.txt -v

DEL %0

Ga naar Bestand - Opslaan als.

Bij "Opslaan in" kies je: de map waarin TDSSKiller.exe staat.

Bij "Bestandsnaam" zet je: start.bat

Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).

Klik op de knop Opslaan.

Dubbelklik op start.bat

Dit zal de TDSSKiller.exe starten en een logfile (report.txt) maken in dezelfde map.

Wanneer TDSSKiller.exe klaar is post je de inhoud van report.txt.

Herstart daarna je computer.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis en de inhoud van repeort.txt.

Sunnie · 2 februari 2011

Ik krijg mijn virusscanner niet meer geopend; C:\Program Files\AVG\AVG10|avgui.exe. De toepassing kan niet worden gestart omdat de configuratie naast elkaar onjuist is. Raadpleeg het gebeurtenislogboek Toepassing voor meer informatie.

Van Combofix heb ik een logje. [ATTACH]8866[/ATTACH]

Bij TDDSKiller krijg ik een foutmelding, nadat ik op het logboek bestandje heb geklikt.

Combofix.txt

kape · 2 februari 2011

Download GMER Rootkit detector

Bewaar het op een veilige plaats en pak het uit naar je bureaublad

Verbreek je internetverbinding en sluit ALLE programma's
Er is een kleine kans dat tijdens het runnen van deze applicatie de computer uitvalt, dus zorg dat je al je werk hebt opgeslagen
Dubbelklik gmer.exe en selecteer de “rootkit tab” > klik “scan”
Als je een waarschuwing krijgt over "rootkitactiviteiten" en als er wordt gevraagd om toestemming voor de scan geef OK
Klik rootkit tab en klik scan
als het scannen klaar is klik je copy
Open notepad en copy/paste de tekst
Herstel je internetverbinding en post de tekst in je volgende antwoord.

Plaats de uitslag van GMER aub.

Sunnie · 3 februari 2011

GMER 1.0.15.15530 - GMER - Rootkit Detector and Remover

Rootkit scan 2011-02-02 22:16:11

Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000032 ST925031 rev.0001

Running: fb7eg0p8.exe; Driver: C:\Users\Saskia\AppData\Local\Temp\fglyyfog.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x830C4CDC]

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x830C4ECE]

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x830C4982]

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x830C50D6]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 209 82AE496C 8 Bytes [DC, 4C, 0C, 83, CE, 4E, 0C, ...] {FMUL QWORD [ESP+ECX-0x7d]; INTO ; DEC ESI; OR AL, 0x83}

.text ntkrnlpa.exe!KeSetEvent + 621 82AE4D84 4 Bytes [82, 49, 0C, 83] {OR BYTE [ECX+0xc], -0x7d}

.text ntkrnlpa.exe!KeSetEvent + 6E5 82AE4E48 4 Bytes [D6, 50, 0C, 83] {SALC ; PUSH EAX; OR AL, 0x83}

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[900] ntdll.dll!NtProtectVirtualMemory 773E4D34 5 Bytes JMP 0018000A

.text C:\Windows\system32\svchost.exe[900] ntdll.dll!NtWriteVirtualMemory 773E5674 5 Bytes JMP 0019000A

.text C:\Windows\system32\svchost.exe[900] ntdll.dll!KiUserExceptionDispatcher 773E5DC8 5 Bytes JMP 0017000A

.text C:\Windows\system32\svchost.exe[900] ole32.dll!CoCreateInstance 76DE9F3E 5 Bytes JMP 00A4000A

.text C:\Windows\Explorer.EXE[1176] ntdll.dll!NtProtectVirtualMemory 773E4D34 5 Bytes JMP 01D1000A

.text C:\Windows\Explorer.EXE[1176] ntdll.dll!NtWriteVirtualMemory 773E5674 5 Bytes JMP 01D2000A

.text C:\Windows\Explorer.EXE[1176] ntdll.dll!KiUserExceptionDispatcher 773E5DC8 5 Bytes JMP 01D0000A

.text C:\Windows\Explorer.EXE[1176] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 762BB37C 4 Bytes [20, 28, 00, 10] {AND [EAX], CH; ADD [EAX], DL}

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1176] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [10002A00] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)

IAT C:\Windows\Explorer.EXE[1176] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001E00] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)

IAT C:\Windows\Explorer.EXE[1176] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002D50] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)

IAT C:\Windows\Explorer.EXE[1176] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\ahcix86s -> DriverStartIo \Device\00000066 869AC292

Device \Driver\ahcix86s -> DriverStartIo \Device\00000067 869AC292

Device \Driver\ahcix86s -> DriverStartIo \Device\RaidPort0 869AC292

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Bestandssysteemfilterbeheer/Microsoft Corporation)

Device \Device\00000065 -> \??\SCSI#Disk&Ven_ST925031&Prod_5AS__________#4&20664e7f&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd5079a2

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xFC 0x3B 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0E 0x28 0xC2 0x6B ...

Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd5079a2 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xFC 0x3B 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0E 0x28 0xC2 0x6B ...

---- EOF - GMER 1.0.15 ----

Inloggen

Trojaans paard agent_r.XJ

Aanbevolen berichten

Link naar reactie

Delen op andere sites

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

Geplaatste afbeeldingen

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Welkom op PC Helpforum

Leden statistieken

OVER ONS

SITEMAP

Belangrijke informatie