Boem
-
Items
22 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door Boem
-
-
Hallo,
Mijn D schijf zit bijna vol. Nu ben ik aan het zoeken geweest en ben er al wel achter dat er een windowsimage backup wordt gemaakt. Er staat een heel groot VHD bestand op. Kan ik dit zomaar verwijderen of wis ik daarmee al mijn foto's en images? Ik weet echt niet of dit al ergens staat op dit forum, maar ik heb het nergens kunnen vinden. Eigenlijk kan ik het helemaal nergens vinden op internet. Wel allemaal vragen die erop lijken, maar dan net even wat anders zijn. Ik hoop dat jullie me de oplossing kunnen geven. (nb ik heb wel tune up utilities erop staan)
Met vriendelijke groet,
Boem
-
Oke, heel erg bedankt.
-
Bij "unhide.exe" kreeg ik inderdaad een melding dat alles weer zichtbaar was. Er stond nog wel bij dat als nog niet alles zichtbaar was, ik de virusscanner uit moest zetten en opnieuw het programma draaien.
Bij MBAM stond dat er geen bedreigingen waren (zie log)
En Hijack log voeg ik hieronder ook toe.
Dat timeslot bestand was van het programma timeslot. Die was niet meer zichtbaar bij opstarten dus die heb ik wel weer zichtbaar gemaakt.
Is dan nu alles goed?
MBAM log:
Malwarebytes Anti-Malware 1.62.0.1300
Databaseversie: v2012.07.03.05
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Daphne :: PCPRIVE [administrator]
13-7-2012 15:18:48
mbam-log-2012-07-13 (15-18-48).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 281178
Verstreken tijd: 8 minuut/minuten, 27 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
HIJACK log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:51:01, on 13-7-2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\malware\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\hijack this\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [b2C_AGENT] C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\malware\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Daphne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Magnify] Magnify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Magnify] Magnify.exe (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v911/Navigram.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.opentopia.com/support/activex/AxisCamControl.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AG Core Services (AGCoreService) - AG Interactive - C:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updateservice (gupdate1c9ff3c93ad5260) (gupdate1c9ff3c93ad5260) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\malware\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
--
End of file - 9709 bytes
-
Hallo,
Gister een raar virus opgelopen. De pc leek leeg. Alle mappen zijn als verborgen bestanden weergegeven. Ook is de programmalijst bij start leeg. Systeemherstel doet het niet. Nou krijg ik de mappen wel weer zichtbaar, maar ik wil wel zeker weten dat het virus eraf is. Al wel met Eset-NOD gescanned en met spybot.
Voor de zekerheid alvast hijacklogje gemaakt.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:45:28, on 13-7-2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\malware\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\tmt\ct0.exe
C:\Documents and Settings\All Users\Application Data\tmt\ct31.exe
C:\Documents and Settings\All Users\Application Data\tmt\ct861.exe
C:\Program Files\Timeslot\tmt.exe
C:\Program Files\123webhost\FTP en uploaden\WsftpCOMHelper.exe
C:\Program Files\hijack this\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: LinkAirBrowserHelper HistoryTriggerBHO - {21A88CB9-84D2-4020-A2D1-B25A21034884} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [aaservice] "C:\Program Files/Timeslot/servicets.exe"
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [b2C_AGENT] C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Daphne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Magnify] Magnify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Magnify] Magnify.exe (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v911/Navigram.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.opentopia.com/support/activex/AxisCamControl.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AG Core Services (AGCoreService) - AG Interactive - C:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updateservice (gupdate1c9ff3c93ad5260) (gupdate1c9ff3c93ad5260) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\malware\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
--
End of file - 10027 bytes
Wat kan ik doen?
Groetjes Boem
-
Nee eigenlijk is alles weer goed. Heel erg bedankt voor je hulp.
Helemaal super.Groetjes Boem
-
ja hij is een stuk sneller. Moet ik dat met die sleutel nog doen? Of is alles nu in orde?
Groetjes Boem
-
Pc in de vaatwasser gestopt en kijk eens:
Cpu met 20 graden gedaald. Moederbord en harde schijf ook een stuk cooler.
http://speccy.piriform.com/results/HSlOLXv06e1lwVHoW80S4uq
---------- Post toegevoegd om 11:19 ---------- Vorige post was om 11:13 ----------
Kan de sleutel niet vinden. Ik kom tot UserData, maar LocalSystem staat daar niet in. S-1-5-18 en nog zo´n nummer.
Blader naar de sleutel HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem
-
En hier het logje van combofix
Is het trouwens normaal dat de cpu 60 graden is?
ComboFix 12-03-17.01 - Daphne 22-03-2012 9:37.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1015.473 [GMT 1:00]
Gestart vanuit: c:\program files\ComboFix\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-02-22 to 2012-03-22 ))))))))))))))))))))))))))))))
.
.
2012-03-22 08:21 . 2012-03-22 08:29 -------- d-----w- c:\program files\speccy
2012-03-21 08:00 . 2012-03-21 15:53 -------- d--h--r- c:\documents and settings\Daphne\Onlangs geopend
2012-03-21 06:22 . 2012-03-21 06:24 1409 ----a-w- c:\windows\QTFont.for
2012-03-18 13:27 . 2012-03-18 13:27 -------- d-----w- c:\program files\ComboFix
2012-03-18 12:49 . 2012-03-18 12:49 -------- d-----w- c:\documents and settings\Administrator
2012-03-17 10:58 . 2012-03-17 13:24 -------- d-----w- c:\documents and settings\Camilè\Local Settings\Application Data\Freecorder
2012-03-16 21:56 . 2012-03-16 21:56 -------- d-----w- c:\documents and settings\Daphne\Local Settings\Application Data\LG Electronics
2012-03-16 18:59 . 2012-03-16 19:04 -------- d-----w- c:\documents and settings\Daphne\Local Settings\Application Data\Freecorder
2012-03-16 18:59 . 2012-03-16 18:59 -------- d-----w- c:\program files\Freecorder
2012-03-16 18:59 . 2012-03-16 18:59 -------- d-----w- c:\documents and settings\Daphne\Local Settings\Application Data\FLVService
2012-03-16 18:26 . 2012-03-16 18:26 -------- d-----w- c:\documents and settings\Daphne\Application Data\AVS4YOU
2012-03-16 18:22 . 2011-09-16 15:05 11137024 ----a-w- c:\windows\system32\libmfxsw32.dll
2012-03-16 18:22 . 2012-03-16 18:24 -------- d-----w- c:\program files\Common Files\AVSMedia
2012-03-16 18:22 . 2011-08-22 15:33 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2012-03-16 18:22 . 2012-03-16 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2012-03-16 18:22 . 2012-03-16 18:24 -------- d-----w- c:\program files\AVS4YOU
2012-03-16 18:18 . 2012-03-16 18:21 -------- d-----w- c:\program files\avs video converter
2012-03-16 09:25 . 2012-03-21 16:13 -------- d-----w- c:\program files\hijack this
2012-03-16 08:47 . 2012-03-16 08:47 -------- d-----w- c:\documents and settings\Daphne\Application Data\Malwarebytes
2012-03-16 08:46 . 2012-03-16 08:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-03-16 08:46 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-16 08:45 . 2012-03-16 08:46 -------- d-----w- c:\program files\malware
2012-03-15 22:21 . 2012-03-15 22:21 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-03-15 22:11 . 2012-03-15 22:11 -------- d-----w- c:\program files\HitmanPro
2012-03-15 22:10 . 2012-03-15 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-03-15 22:10 . 2012-03-15 22:10 -------- d-----w- c:\program files\hitman pro
2012-03-15 16:31 . 2012-03-15 16:31 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2012-03-15 16:31 . 2012-03-15 16:31 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2012-03-15 16:29 . 2012-03-21 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-03-15 16:29 . 2012-03-15 16:36 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-03-15 10:13 . 2012-03-15 16:09 -------- d-----w- c:\program files\Image Grabber II
2012-03-15 10:01 . 2012-03-15 10:01 -------- d-----w- c:\program files\image grabber 2
2012-03-13 20:31 . 2012-03-13 20:31 -------- d-----w- C:\ifx
2012-03-13 20:27 . 2012-03-14 11:26 -------- d-----w- C:\LG_USB
2012-03-13 20:25 . 2011-05-10 12:37 655872 ----a-w- c:\windows\system32\msvcr90.dll
2012-03-13 20:25 . 2011-05-10 12:37 568832 ----a-w- c:\windows\system32\msvcp90.dll
2012-03-13 20:25 . 2011-05-10 12:37 224768 ----a-w- c:\windows\system32\msvcm90.dll
2012-03-13 20:25 . 2005-10-04 00:39 44544 ----a-w- c:\windows\system32\msxml4a.dll
2012-03-13 20:25 . 2006-05-04 07:33 53248 ----a-w- c:\windows\system32\CommonDL.dll
2012-03-13 20:25 . 2012-03-14 11:24 -------- d-----w- c:\documents and settings\All Users\Application Data\LGMOBILEAX
2012-03-13 19:56 . 2004-04-18 22:42 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2012-03-13 19:56 . 2004-04-18 22:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2012-03-13 19:56 . 2004-04-18 22:39 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2012-03-13 19:56 . 2004-04-18 22:39 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2012-03-13 19:56 . 2004-04-18 22:39 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2012-03-13 19:56 . 2012-03-13 19:56 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2012-03-13 19:56 . 2012-03-13 19:56 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-29 11:07 . 2011-06-03 08:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:57 . 2004-08-04 12:00 1860224 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:07 . 2012-02-15 13:21 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2008-01-07 14:14 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-03 20:59 . 2011-06-03 20:58 9344296 ----a-w- c:\program files\albelli7_NL.exe
2011-06-02 22:27 . 2011-06-02 22:25 91864240 ----a-w- c:\program files\Nokia_Ovi_Suite_webinstaller_ALL.exe
2010-05-13 15:41 . 2010-05-13 15:41 4614113 ----a-w- c:\program files\SetupImgBurn_2.5.1.0.exe
2010-01-26 09:11 . 2010-11-14 15:45 444283 -c--a-w- c:\program files\Common Files\WinPcapNmap.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 16264192]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-04-23 188416]
"aaservice"="C:\Program Files/Timeslot/servicets.exe" [2007-09-06 397312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-10 77824]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Magnify"="Magnify.exe" [2008-04-14 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-29 19:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-22 14:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-07-27 02:10 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-03-18 01:40 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-01-13 13:53 460872 ----a-w- c:\program files\malware\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSU_agent]
2011-10-19 13:53 190768 ----a-w- c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-02-10 20:49 77824 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-11-30 08:47 296056 ----a-w- c:\program files\Real\realplayer\Update\realsched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"Persistence"=c:\windows\system32\igfxpers.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"Alcmtr"=ALCMTR.EXE
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" -osboot
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth Pro\\googleearth.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"35126:TCP"= 35126:TCP:utorrent2
"47979:TCP"= 47979:TCP:Utorrent 3
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11-9-2009 6:23 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [11-9-2009 6:26 96408]
R2 AGCoreService;AG Core Services;c:\program files\AGI\core\4.2.0.10754\AGCoreService.exe [20-3-2011 19:42 20480]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [18-7-2009 23:03 75272]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11-9-2009 6:24 735960]
R2 MBAMService;MBAMService;c:\program files\malware\Malwarebytes' Anti-Malware\mbamservice.exe [16-3-2012 9:46 652360]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [27-1-2010 3:09 50704]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24-6-2010 15:41 92008]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [31-5-2011 17:01 1052480]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29-9-2009 8:11 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29-9-2009 8:11 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29-9-2009 8:11 12928]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [16-3-2012 9:46 20464]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25-2-2010 10:18 10064]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [18-7-2009 23:03 96520]
S2 gupdate1c9ff3c93ad5260;Google Updateservice (gupdate1c9ff3c93ad5260);c:\program files\Google\Update\GoogleUpdate.exe [7-7-2009 20:53 133104]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7-7-2009 20:53 133104]
S3 MemStPCI;Sony PCI Memory Stick-controller (PCI);c:\windows\system32\drivers\MemStPCI.SYS [2-10-2010 23:37 26112]
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - CPUZ135
*Deregistered* - cpuz135
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhoud van de 'Gedeelde Taken' map
.
2012-03-16 c:\windows\Tasks\Automatisch onderhoud.job
- c:\program files\TuneUp Utilities 2010\OneClickStarter.exe [2011-05-31 16:05]
.
2012-03-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-07 13:51]
.
2012-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-07 19:52]
.
2012-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-07 19:52]
.
2012-03-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1957994488-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14]
.
2012-03-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1957994488-839522115-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14]
.
2012-03-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1957994488-839522115-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14]
.
2012-03-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1957994488-839522115-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14]
.
2012-03-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1957994488-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14]
.
2012-03-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1957994488-839522115-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14]
.
2012-03-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1957994488-839522115-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14]
.
2012-03-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1957994488-839522115-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14]
.
.
------- Bijkomende Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.startpagina.nl/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-03-22 09:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(2376)
c:\program files\Timeslot\dwlgina2.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2012-03-22 09:49:13
ComboFix-quarantined-files.txt 2012-03-22 08:49
ComboFix2.txt 2012-03-20 15:32
ComboFix3.txt 2012-03-20 15:18
ComboFix4.txt 2012-03-18 13:50
.
Pre-Run: 31.162.527.744 bytes beschikbaar
Post-Run: 31.166.611.456 bytes beschikbaar
.
- - End Of File - - F545F7D074935EE6A400E07DB3872DA1
-
-
eset had wel wat gevonden. Kan log er niet van laten zien. Had er een jpeg bestand van gemakt, maar die kan je hier niet plaatsen.
Hieronder een nieuwe hijack log.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:14:34, on 21-3-2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\malware\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\All Users\Application Data\tmt\ct0.exe
C:\Documents and Settings\All Users\Application Data\tmt\ct31.exe
C:\Program Files\Timeslot\tmt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\123webhost\FTP en uploaden\WsftpCOMHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\hijack this\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl - alles op een rijtje! (ook op mobiel)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: LinkAirBrowserHelper HistoryTriggerBHO - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Documents and Settings\Daphne\Mijn documenten\lg pc suite de echte\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [skyTel] SkyTel.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [aaservice] "C:\Program Files/Timeslot/servicets.exe"
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Magnify] Magnify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Magnify] Magnify.exe (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v911/Navigram.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.opentopia.com/support/activex/AxisCamControl.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AG Core Services (AGCoreService) - AG Interactive - C:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updateservice (gupdate1c9ff3c93ad5260) (gupdate1c9ff3c93ad5260) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\malware\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
--
End of file - 9070 bytes
-
ok, dat heb ik gedaan. Maar ik krijg nog steeds iedere keer een melding als ik naar een pagina ga. Waar komt die melding vandaan?
BEVEILIGINGSWAARSCHUWING
U gaat pagina´s via een beveiligde verbinding weergeven.
De informatie die u met deze website uitwisselt, kan door niemand anders op internet worden bekeken.
Als ik dan weer naar een andere pagina ga, dan geeft ie hetzelfde aan alleen dan is het een onbeveiligde verbinding.
Verder is pc ontzettend traag geworden.
-
De computer is nu supertraag geworden. Hij geeft ook vaak een melding dat je gegeens via een onbeveiligde website bekeken gaan worden. Ben nu bezig met eset te scannen. Heeft tot nu toe al 3 infiltraties gevonden. Ben benieuwd wat er uitkomt. Ik zal het wel laten weten.
-
Ok Dat heb ik gedaan.
Groetjes boem
ComboFix 12-03-17.01 - Daphne 20-03-2012 16:21:42.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1015.416 [GMT 1:00]
Gestart vanuit: c:\program files\ComboFix\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Daphne\Bureaublad\CFScript.txt
AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
FILE ::
"c:\documents and settings\Daphne\Application Data\Microsoft\Installer\{F8E3A0F8-53A4-4FD8-9986-C90A3EA7C3B6}\ARPPRODUCTICON.exe"
"c:\documents and settings\Daphne\Application Data\Microsoft\Installer\{F8E3A0F8-53A4-4FD8-9986-C90A3EA7C3B6}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe"
"c:\documents and settings\Daphne\Application Data\Microsoft\Installer\{F8E3A0F8-53A4-4FD8-9986-C90A3EA7C3B6}\NewShortcut46_74B9CE5DF1F4447F982DCA29A461B529.exe"
"c:\documents and settings\Daphne\Application Data\Microsoft\Installer\{F8E3A0F8-53A4-4FD8-9986-C90A3EA7C3B6}\NewShortcut47_74B9CE5DF1F4447F982DCA29A461B529.exe"
"c:\documents and settings\Daphne\Application Data\Microsoft\Installer\{F8E3A0F8-53A4-4FD8-9986-C90A3EA7C3B6}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe"
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Daphne\Application Data\Microsoft\Installer\{F8E3A0F8-53A4-4FD8-9986-C90A3EA7C3B6}\ARPPRODUCTICON.exe
c:\documents and settings\Daphne\Application Data\Microsoft\Installer\{F8E3A0F8-53A4-4FD8-9986-C90A3EA7C3B6}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe
c:\documents and settings\Daphne\Application Data\Microsoft\Installer\{F8E3A0F8-53A4-4FD8-9986-C90A3EA7C3B6}\NewShortcut46_74B9CE5DF1F4447F982DCA29A461B529.exe
c:\documents and settings\Daphne\Application Data\Microsoft\Installer\{F8E3A0F8-53A4-4FD8-9986-C90A3EA7C3B6}\NewShortcut47_74B9CE5DF1F4447F982DCA29A461B529.exe
c:\documents and settings\Daphne\Application Data\Microsoft\Installer\{F8E3A0F8-53A4-4FD8-9986-C90A3EA7C3B6}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe
c:\documents and settings\Daphne\Application Data\OpenCandy
c:\documents and settings\Daphne\Application Data\OpenCandy\D75AB720CE72439F84AE38181906A025\2656.ico
c:\documents and settings\Daphne\Application Data\OpenCandy\D75AB720CE72439F84AE38181906A025\EBB77268-338F-4C6A-8590-AD88FED26F4A
c:\documents and settings\Daphne\Application Data\OpenCandy\D75AB720CE72439F84AE38181906A025\LinkuryInstaller.msi
c:\documents and settings\Daphne\Application Data\OpenCandy\D75AB720CE72439F84AE38181906A025\LinkuryInstaller_p1v12.exe
c:\documents and settings\Daphne\Application Data\OpenCandy\D75AB720CE72439F84AE38181906A025\OCBrowserHelper_1.0.3.85.dll
c:\documents and settings\Daphne\Local Settings\Application Data\Linkury
c:\documents and settings\Daphne\Local Settings\Application Data\Linkury\Application\SmartbarInternetExplorerBHO.dll
c:\documents and settings\Daphne\Local Settings\Application Data\Linkury\Application\SmartbarInternetExplorerExtension.dll
c:\documents and settings\Daphne\Local Settings\Application Data\Linkury\Linkury.exe_StrongName_vuedtbpoockmp1sq45awfxuouevabx0i\1.2.0.0\user.config
c:\documents and settings\Daphne\Local Settings\Application Data\Smartbar
c:\documents and settings\Daphne\Local Settings\Application Data\Smartbar\Linkury.exe_StrongName_vuedtbpoockmp1sq45awfxuouevabx0i\1.2.0.0\user.config
c:\windows\iun6002.exe
c:\windows\system32\roboot.exe
c:\windows\system32\Thumbs.db
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-02-20 to 2012-03-20 ))))))))))))))))))))))))))))))
.
.
2012-03-19 11:39 . 2012-03-20 14:57 -------- d--h--r- c:\documents and settings\Daphne\Onlangs geopend
2012-03-18 13:27 . 2012-03-18 13:27 -------- d-----w- c:\program files\ComboFix
2012-03-18 12:49 . 2012-03-18 12:49 -------- d-----w- c:\documents and settings\Administrator
2012-03-17 13:24 . 2012-03-18 11:30 -------- d-----w- c:\documents and settings\Camilè\Application Data\PriceGong
2012-03-17 10:58 . 2012-03-17 10:58 -------- d-----w- c:\documents and settings\Camilè\Local Settings\Application Data\Conduit
2012-03-17 10:58 . 2012-03-17 13:24 -------- d-----w- c:\documents and settings\Camilè\Local Settings\Application Data\Freecorder
2012-03-16 21:56 . 2012-03-16 21:56 -------- d-----w- c:\documents and settings\Daphne\Local Settings\Application Data\LG Electronics
2012-03-16 18:59 . 2012-03-16 19:04 -------- d-----w- c:\documents and settings\Daphne\Local Settings\Application Data\Freecorder
2012-03-16 18:59 . 2012-03-16 18:59 -------- d-----w- c:\program files\Freecorder
2012-03-16 18:59 . 2012-03-16 18:59 -------- d-----w- c:\documents and settings\Daphne\Local Settings\Application Data\FLVService
2012-03-16 18:26 . 2012-03-16 18:26 -------- d-----w- c:\documents and settings\Daphne\Application Data\AVS4YOU
2012-03-16 18:22 . 2011-09-16 15:05 11137024 ----a-w- c:\windows\system32\libmfxsw32.dll
2012-03-16 18:22 . 2012-03-16 18:24 -------- d-----w- c:\program files\Common Files\AVSMedia
2012-03-16 18:22 . 2011-08-22 15:33 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2012-03-16 18:22 . 2012-03-16 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2012-03-16 18:22 . 2012-03-16 18:24 -------- d-----w- c:\program files\AVS4YOU
2012-03-16 18:18 . 2012-03-16 18:21 -------- d-----w- c:\program files\avs video converter
2012-03-16 09:25 . 2012-03-18 13:00 -------- d-----w- c:\program files\hijack this
2012-03-16 08:47 . 2012-03-16 08:47 -------- d-----w- c:\documents and settings\Daphne\Application Data\Malwarebytes
2012-03-16 08:46 . 2012-03-16 08:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-03-16 08:46 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-16 08:45 . 2012-03-16 08:46 -------- d-----w- c:\program files\malware
2012-03-15 22:21 . 2012-03-15 22:21 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-03-15 22:11 . 2012-03-15 22:11 -------- d-----w- c:\program files\HitmanPro
2012-03-15 22:10 . 2012-03-15 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-03-15 22:10 . 2012-03-15 22:10 -------- d-----w- c:\program files\hitman pro
2012-03-15 16:31 . 2012-03-15 16:31 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2012-03-15 16:31 . 2012-03-15 16:31 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2012-03-15 16:29 . 2012-03-19 11:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-03-15 16:29 . 2012-03-15 16:36 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-03-15 10:13 . 2012-03-15 16:09 -------- d-----w- c:\program files\Image Grabber II
2012-03-15 10:01 . 2012-03-15 10:01 -------- d-----w- c:\program files\image grabber 2
2012-03-13 20:31 . 2012-03-13 20:31 -------- d-----w- C:\ifx
2012-03-13 20:27 . 2012-03-14 11:26 -------- d-----w- C:\LG_USB
2012-03-13 20:25 . 2011-05-10 12:37 655872 ----a-w- c:\windows\system32\msvcr90.dll
2012-03-13 20:25 . 2011-05-10 12:37 568832 ----a-w- c:\windows\system32\msvcp90.dll
2012-03-13 20:25 . 2011-05-10 12:37 224768 ----a-w- c:\windows\system32\msvcm90.dll
2012-03-13 20:25 . 2005-10-04 00:39 44544 ----a-w- c:\windows\system32\msxml4a.dll
2012-03-13 20:25 . 2006-05-04 07:33 53248 ----a-w- c:\windows\system32\CommonDL.dll
2012-03-13 20:25 . 2012-03-14 11:24 -------- d-----w- c:\documents and settings\All Users\Application Data\LGMOBILEAX
2012-03-13 19:56 . 2004-04-18 22:42 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2012-03-13 19:56 . 2004-04-18 22:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2012-03-13 19:56 . 2004-04-18 22:39 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2012-03-13 19:56 . 2004-04-18 22:39 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2012-03-13 19:56 . 2004-04-18 22:39 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2012-03-13 19:56 . 2012-03-13 19:56 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2012-03-13 19:56 . 2012-03-13 19:56 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-29 11:07 . 2011-06-03 08:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:57 . 2004-08-04 12:00 1860224 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:07 . 2012-02-15 13:21 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2008-01-07 14:14 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-03 20:59 . 2011-06-03 20:58 9344296 ----a-w- c:\program files\albelli7_NL.exe
2011-06-02 22:27 . 2011-06-02 22:25 91864240 ----a-w- c:\program files\Nokia_Ovi_Suite_webinstaller_ALL.exe
2010-05-13 15:41 . 2010-05-13 15:41 4614113 ----a-w- c:\program files\SetupImgBurn_2.5.1.0.exe
2010-01-26 09:11 . 2010-11-14 15:45 444283 -c--a-w- c:\program files\Common Files\WinPcapNmap.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-18_13.48.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-20 08:44 . 2012-03-20 08:44 16384 c:\windows\Temp\Perflib_Perfdata_308.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 16264192]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-04-23 188416]
"aaservice"="C:\Program Files/Timeslot/servicets.exe" [2007-09-06 397312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-10 77824]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Magnify"="Magnify.exe" [2008-04-14 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-29 19:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-22 14:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-07-27 02:10 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-03-18 01:40 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-01-13 13:53 460872 ----a-w- c:\program files\malware\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSU_agent]
2011-10-19 13:53 190768 ----a-w- c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-02-10 20:49 77824 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-11-30 08:47 296056 ----a-w- c:\program files\Real\realplayer\Update\realsched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"Persistence"=c:\windows\system32\igfxpers.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"Alcmtr"=ALCMTR.EXE
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" -osboot
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth Pro\\googleearth.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"35126:TCP"= 35126:TCP:utorrent2
"47979:TCP"= 47979:TCP:Utorrent 3
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11-9-2009 6:23 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [11-9-2009 6:26 96408]
R2 AGCoreService;AG Core Services;c:\program files\AGI\core\4.2.0.10754\AGCoreService.exe [20-3-2011 19:42 20480]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [18-7-2009 23:03 75272]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11-9-2009 6:24 735960]
R2 MBAMService;MBAMService;c:\program files\malware\Malwarebytes' Anti-Malware\mbamservice.exe [16-3-2012 9:46 652360]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [27-1-2010 3:09 50704]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24-6-2010 15:41 92008]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [31-5-2011 17:01 1052480]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29-9-2009 8:11 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29-9-2009 8:11 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29-9-2009 8:11 12928]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [16-3-2012 9:46 20464]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25-2-2010 10:18 10064]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [18-7-2009 23:03 96520]
S2 gupdate1c9ff3c93ad5260;Google Updateservice (gupdate1c9ff3c93ad5260);c:\program files\Google\Update\GoogleUpdate.exe [7-7-2009 20:53 133104]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7-7-2009 20:53 133104]
S3 MemStPCI;Sony PCI Memory Stick-controller (PCI);c:\windows\system32\drivers\MemStPCI.SYS [2-10-2010 23:37 26112]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhoud van de 'Gedeelde Taken' map
.
2012-03-16 c:\windows\Tasks\Automatisch onderhoud.job
- c:\program files\TuneUp Utilities 2010\OneClickStarter.exe [2011-05-31 16:05]
.
2012-03-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-07 13:51]
.
2012-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-07 19:52]
.
2012-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-07 19:52]
.
2012-03-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1957994488-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14]
.
2012-03-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1957994488-839522115-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14]
.
2012-03-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1957994488-839522115-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14]
.
2012-03-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1957994488-839522115-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14]
.
2012-03-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1957994488-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14]
.
2012-03-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1957994488-839522115-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14]
.
2012-03-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1957994488-839522115-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14]
.
2012-03-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1957994488-839522115-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14]
.
.
------- Bijkomende Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.startpagina.nl/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS VERWIJDERD - - - -
.
AddRemove-AndreaMosaic - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-03-20 16:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Voltooingstijd: 2012-03-20 16:32:10
ComboFix-quarantined-files.txt 2012-03-20 15:32
ComboFix2.txt 2012-03-20 15:18
ComboFix3.txt 2012-03-18 13:50
.
Pre-Run: 31.401.390.080 bytes beschikbaar
Post-Run: 31.366.176.768 bytes beschikbaar
.
- - End Of File - - B24A98D044EF7B0CD9E55BE1A28228B6
-
Dat was een programma om youtube filmpjes om te zetten naar mp3, maar het werkt niet dus die heb ik eraf gehaald. Ik heb de map nu verwijderd. Of blijft er dan nog van alles achter op mijn pc?
-
Hallo Kweezie,
Hier is het logje van ComboFix. Is het goed?
Groetjes Boem
ComboFix 12-03-17.01 - Daphne 18-03-2012 14:37:18.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1015.538 [GMT 1:00]
Gestart vanuit: c:\program files\ComboFix\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\tmt\ct480.exe
c:\documents and settings\All Users\Application Data\tmt\ct861.exe
c:\documents and settings\All Users\Application Data\tmt\ct983.exe
c:\documents and settings\Daphne\Application Data\Local
c:\documents and settings\Daphne\Application Data\Local\Temp\DDM\Settings\0.ddi
c:\documents and settings\Daphne\Application Data\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_en.divx.ddr
c:\documents and settings\Daphne\Application Data\Local\Temp\DDM\Settings\settings.ddi
c:\documents and settings\Daphne\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en.divx
c:\documents and settings\Daphne\Onlangs geopend\Thumbs.db
c:\documents and settings\Daphne\WINDOWS
c:\program files\Windows Searchqu Toolbar
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\as_guid.dat
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\engines.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\search.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\about.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\external.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\imeshcode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\vmncode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\datastore.jsm
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\neterror.xhtml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\partner.coupons.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\preferences.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\radiobeta.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\template.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.htm
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmncode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmnrsswin.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\tb_icon.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget_version
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\babylon_logo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluelite.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluesky.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn_settings.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ca.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dictionary.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\divider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\downloadcom.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dtxlogo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ebay.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email_on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\facebook.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\games.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphredna.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\grey.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ico-shield.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_radio_png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_seperator_png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_twitter.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_youtube.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\images.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\imesh.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\add.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\aol.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\blank.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\checkmark.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\chevron.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\collapse.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\comcast.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\dtx.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\expand.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\found.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\gmail.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\hotmail.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\ico-check.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\imap.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lock.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\mailcom.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\modify.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\move.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\movetarget.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\pop.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta.ico
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\reload.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\remove.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rename.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rss.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search-go.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\throbber.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\Thumbs.db
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\yahoo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lichen.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-about.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-separator.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\mail.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\maps.bmp
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify-save.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modifyhot.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\music.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\news.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-main.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-widgets.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\Thumbs.db
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\orange.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\pixsy.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\protect-id.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta.ico
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\relatedlinks.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-collapse.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-delete.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-expand.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-feed.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-found.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-reload.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-subscribe.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rssback.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rsstopback.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_over_png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\Thumbs.db
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\settings.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\shopping.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\siteinfo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluelite.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluesky.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-lichen.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-orange.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-yellow.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\technorati.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\throbber.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\Thumbs.db
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\translate.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\video.bmp
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\weather.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\web.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\wikipedia.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yahoosearch.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yellow.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\youtube.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\zoom.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\components\windowmediator.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\manifest.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\uninstall.exe
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\uninstallTB.exe
c:\windows\system32\cnm127.tmp
c:\windows\system32\SET46.tmp
c:\windows\system32\SET52.tmp
.
----- File Replicators -----
.
c:\documents and settings\All Users\Application Data\tmt\ct0.exe
c:\documents and settings\All Users\Application Data\tmt\ct112.exe
c:\documents and settings\All Users\Application Data\tmt\ct113.exe
c:\documents and settings\All Users\Application Data\tmt\ct116.exe
c:\documents and settings\All Users\Application Data\tmt\ct117.exe
c:\documents and settings\All Users\Application Data\tmt\ct126.exe
c:\documents and settings\All Users\Application Data\tmt\ct129.exe
c:\documents and settings\All Users\Application Data\tmt\ct133.exe
c:\documents and settings\All Users\Application Data\tmt\ct134.exe
c:\documents and settings\All Users\Application Data\tmt\ct135.exe
c:\documents and settings\All Users\Application Data\tmt\ct140.exe
c:\documents and settings\All Users\Application Data\tmt\ct143.exe
c:\documents and settings\All Users\Application Data\tmt\ct146.exe
c:\documents and settings\All Users\Application Data\tmt\ct147.exe
c:\documents and settings\All Users\Application Data\tmt\ct148.exe
c:\documents and settings\All Users\Application Data\tmt\ct151.exe
c:\documents and settings\All Users\Application Data\tmt\ct153.exe
c:\documents and settings\All Users\Application Data\tmt\ct155.exe
c:\documents and settings\All Users\Application Data\tmt\ct160.exe
c:\documents and settings\All Users\Application Data\tmt\ct161.exe
c:\documents and settings\All Users\Application Data\tmt\ct162.exe
c:\documents and settings\All Users\Application Data\tmt\ct164.exe
c:\documents and settings\All Users\Application Data\tmt\ct169.exe
c:\documents and settings\All Users\Application Data\tmt\ct17.exe
c:\documents and settings\All Users\Application Data\tmt\ct171.exe
c:\documents and settings\All Users\Application Data\tmt\ct173.exe
c:\documents and settings\All Users\Application Data\tmt\ct175.exe
c:\documents and settings\All Users\Application Data\tmt\ct183.exe
c:\documents and settings\All Users\Application Data\tmt\ct186.exe
c:\documents and settings\All Users\Application Data\tmt\ct189.exe
c:\documents and settings\All Users\Application Data\tmt\ct191.exe
c:\documents and settings\All Users\Application Data\tmt\ct192.exe
c:\documents and settings\All Users\Application Data\tmt\ct198.exe
c:\documents and settings\All Users\Application Data\tmt\ct2.exe
c:\documents and settings\All Users\Application Data\tmt\ct200.exe
c:\documents and settings\All Users\Application Data\tmt\ct201.exe
c:\documents and settings\All Users\Application Data\tmt\ct202.exe
c:\documents and settings\All Users\Application Data\tmt\ct209.exe
c:\documents and settings\All Users\Application Data\tmt\ct210.exe
c:\documents and settings\All Users\Application Data\tmt\ct212.exe
c:\documents and settings\All Users\Application Data\tmt\ct215.exe
c:\documents and settings\All Users\Application Data\tmt\ct218.exe
c:\documents and settings\All Users\Application Data\tmt\ct219.exe
c:\documents and settings\All Users\Application Data\tmt\ct222.exe
c:\documents and settings\All Users\Application Data\tmt\ct226.exe
c:\documents and settings\All Users\Application Data\tmt\ct230.exe
c:\documents and settings\All Users\Application Data\tmt\ct234.exe
c:\documents and settings\All Users\Application Data\tmt\ct235.exe
c:\documents and settings\All Users\Application Data\tmt\ct238.exe
c:\documents and settings\All Users\Application Data\tmt\ct239.exe
c:\documents and settings\All Users\Application Data\tmt\ct240.exe
c:\documents and settings\All Users\Application Data\tmt\ct245.exe
c:\documents and settings\All Users\Application Data\tmt\ct246.exe
c:\documents and settings\All Users\Application Data\tmt\ct248.exe
c:\documents and settings\All Users\Application Data\tmt\ct250.exe
c:\documents and settings\All Users\Application Data\tmt\ct252.exe
c:\documents and settings\All Users\Application Data\tmt\ct253.exe
c:\documents and settings\All Users\Application Data\tmt\ct257.exe
c:\documents and settings\All Users\Application Data\tmt\ct259.exe
c:\documents and settings\All Users\Application Data\tmt\ct269.exe
c:\documents and settings\All Users\Application Data\tmt\ct270.exe
c:\documents and settings\All Users\Application Data\tmt\ct272.exe
c:\documents and settings\All Users\Application Data\tmt\ct276.exe
c:\documents and settings\All Users\Application Data\tmt\ct277.exe
c:\documents and settings\All Users\Application Data\tmt\ct281.exe
c:\documents and settings\All Users\Application Data\tmt\ct283.exe
c:\documents and settings\All Users\Application Data\tmt\ct285.exe
c:\documents and settings\All Users\Application Data\tmt\ct286.exe
c:\documents and settings\All Users\Application Data\tmt\ct288.exe
c:\documents and settings\All Users\Application Data\tmt\ct289.exe
c:\documents and settings\All Users\Application Data\tmt\ct291.exe
c:\documents and settings\All Users\Application Data\tmt\ct292.exe
c:\documents and settings\All Users\Application Data\tmt\ct294.exe
c:\documents and settings\All Users\Application Data\tmt\ct295.exe
c:\documents and settings\All Users\Application Data\tmt\ct296.exe
c:\documents and settings\All Users\Application Data\tmt\ct298.exe
c:\documents and settings\All Users\Application Data\tmt\ct3.exe
c:\documents and settings\All Users\Application Data\tmt\ct30.exe
c:\documents and settings\All Users\Application Data\tmt\ct300.exe
c:\documents and settings\All Users\Application Data\tmt\ct302.exe
c:\documents and settings\All Users\Application Data\tmt\ct307.exe
c:\documents and settings\All Users\Application Data\tmt\ct31.exe
c:\documents and settings\All Users\Application Data\tmt\ct310.exe
c:\documents and settings\All Users\Application Data\tmt\ct313.exe
c:\documents and settings\All Users\Application Data\tmt\ct315.exe
c:\documents and settings\All Users\Application Data\tmt\ct316.exe
c:\documents and settings\All Users\Application Data\tmt\ct318.exe .. failed to delete
c:\documents and settings\All Users\Application Data\tmt\ct321.exe
c:\documents and settings\All Users\Application Data\tmt\ct322.exe
c:\documents and settings\All Users\Application Data\tmt\ct341.exe
c:\documents and settings\All Users\Application Data\tmt\ct344.exe
c:\documents and settings\All Users\Application Data\tmt\ct349.exe
c:\documents and settings\All Users\Application Data\tmt\ct351.exe
c:\documents and settings\All Users\Application Data\tmt\ct353.exe
c:\documents and settings\All Users\Application Data\tmt\ct356.exe
c:\documents and settings\All Users\Application Data\tmt\ct361.exe
c:\documents and settings\All Users\Application Data\tmt\ct362.exe
c:\documents and settings\All Users\Application Data\tmt\ct363.exe
c:\documents and settings\All Users\Application Data\tmt\ct365.exe
c:\documents and settings\All Users\Application Data\tmt\ct372.exe
c:\documents and settings\All Users\Application Data\tmt\ct375.exe
c:\documents and settings\All Users\Application Data\tmt\ct376.exe
c:\documents and settings\All Users\Application Data\tmt\ct379.exe
c:\documents and settings\All Users\Application Data\tmt\ct382.exe
c:\documents and settings\All Users\Application Data\tmt\ct383.exe
c:\documents and settings\All Users\Application Data\tmt\ct387.exe
c:\documents and settings\All Users\Application Data\tmt\ct389.exe
c:\documents and settings\All Users\Application Data\tmt\ct392.exe
c:\documents and settings\All Users\Application Data\tmt\ct395.exe
c:\documents and settings\All Users\Application Data\tmt\ct4.exe
c:\documents and settings\All Users\Application Data\tmt\ct40.exe
c:\documents and settings\All Users\Application Data\tmt\ct401.exe
c:\documents and settings\All Users\Application Data\tmt\ct409.exe
c:\documents and settings\All Users\Application Data\tmt\ct41.exe
c:\documents and settings\All Users\Application Data\tmt\ct414.exe
c:\documents and settings\All Users\Application Data\tmt\ct415.exe
c:\documents and settings\All Users\Application Data\tmt\ct420.exe
c:\documents and settings\All Users\Application Data\tmt\ct424.exe
c:\documents and settings\All Users\Application Data\tmt\ct425.exe
c:\documents and settings\All Users\Application Data\tmt\ct427.exe
c:\documents and settings\All Users\Application Data\tmt\ct43.exe
c:\documents and settings\All Users\Application Data\tmt\ct432.exe
c:\documents and settings\All Users\Application Data\tmt\ct434.exe
c:\documents and settings\All Users\Application Data\tmt\ct435.exe
c:\documents and settings\All Users\Application Data\tmt\ct441.exe
c:\documents and settings\All Users\Application Data\tmt\ct444.exe
c:\documents and settings\All Users\Application Data\tmt\ct446.exe
c:\documents and settings\All Users\Application Data\tmt\ct45.exe
c:\documents and settings\All Users\Application Data\tmt\ct450.exe
c:\documents and settings\All Users\Application Data\tmt\ct451.exe
c:\documents and settings\All Users\Application Data\tmt\ct454.exe
c:\documents and settings\All Users\Application Data\tmt\ct457.exe
c:\documents and settings\All Users\Application Data\tmt\ct463.exe
c:\documents and settings\All Users\Application Data\tmt\ct467.exe
c:\documents and settings\All Users\Application Data\tmt\ct470.exe
c:\documents and settings\All Users\Application Data\tmt\ct477.exe
c:\documents and settings\All Users\Application Data\tmt\ct480.exe
c:\documents and settings\All Users\Application Data\tmt\ct483.exe
c:\documents and settings\All Users\Application Data\tmt\ct485.exe
c:\documents and settings\All Users\Application Data\tmt\ct488.exe
c:\documents and settings\All Users\Application Data\tmt\ct490.exe
c:\documents and settings\All Users\Application Data\tmt\ct492.exe
c:\documents and settings\All Users\Application Data\tmt\ct493.exe
c:\documents and settings\All Users\Application Data\tmt\ct498.exe
c:\documents and settings\All Users\Application Data\tmt\ct5.exe
c:\documents and settings\All Users\Application Data\tmt\ct50.exe
c:\documents and settings\All Users\Application Data\tmt\ct500.exe
c:\documents and settings\All Users\Application Data\tmt\ct509.exe
c:\documents and settings\All Users\Application Data\tmt\ct514.exe
c:\documents and settings\All Users\Application Data\tmt\ct517.exe
c:\documents and settings\All Users\Application Data\tmt\ct524.exe
c:\documents and settings\All Users\Application Data\tmt\ct528.exe
c:\documents and settings\All Users\Application Data\tmt\ct53.exe
c:\documents and settings\All Users\Application Data\tmt\ct533.exe
c:\documents and settings\All Users\Application Data\tmt\ct538.exe
c:\documents and settings\All Users\Application Data\tmt\ct541.exe
c:\documents and settings\All Users\Application Data\tmt\ct544.exe
c:\documents and settings\All Users\Application Data\tmt\ct545.exe
c:\documents and settings\All Users\Application Data\tmt\ct548.exe
c:\documents and settings\All Users\Application Data\tmt\ct553.exe
c:\documents and settings\All Users\Application Data\tmt\ct556.exe
c:\documents and settings\All Users\Application Data\tmt\ct559.exe
c:\documents and settings\All Users\Application Data\tmt\ct561.exe
c:\documents and settings\All Users\Application Data\tmt\ct565.exe
c:\documents and settings\All Users\Application Data\tmt\ct568.exe
c:\documents and settings\All Users\Application Data\tmt\ct58.exe
c:\documents and settings\All Users\Application Data\tmt\ct583.exe
c:\documents and settings\All Users\Application Data\tmt\ct584.exe
c:\documents and settings\All Users\Application Data\tmt\ct585.exe
c:\documents and settings\All Users\Application Data\tmt\ct589.exe
c:\documents and settings\All Users\Application Data\tmt\ct59.exe
c:\documents and settings\All Users\Application Data\tmt\ct590.exe
c:\documents and settings\All Users\Application Data\tmt\ct597.exe
c:\documents and settings\All Users\Application Data\tmt\ct599.exe
c:\documents and settings\All Users\Application Data\tmt\ct601.exe
c:\documents and settings\All Users\Application Data\tmt\ct612.exe
c:\documents and settings\All Users\Application Data\tmt\ct615.exe
c:\documents and settings\All Users\Application Data\tmt\ct619.exe
c:\documents and settings\All Users\Application Data\tmt\ct621.exe
c:\documents and settings\All Users\Application Data\tmt\ct639.exe
c:\documents and settings\All Users\Application Data\tmt\ct643.exe
c:\documents and settings\All Users\Application Data\tmt\ct644.exe
c:\documents and settings\All Users\Application Data\tmt\ct646.exe
c:\documents and settings\All Users\Application Data\tmt\ct648.exe
c:\documents and settings\All Users\Application Data\tmt\ct653.exe
c:\documents and settings\All Users\Application Data\tmt\ct656.exe
c:\documents and settings\All Users\Application Data\tmt\ct657.exe
c:\documents and settings\All Users\Application Data\tmt\ct659.exe
c:\documents and settings\All Users\Application Data\tmt\ct661.exe
c:\documents and settings\All Users\Application Data\tmt\ct663.exe
c:\documents and settings\All Users\Application Data\tmt\ct664.exe
c:\documents and settings\All Users\Application Data\tmt\ct667.exe
c:\documents and settings\All Users\Application Data\tmt\ct671.exe
c:\documents and settings\All Users\Application Data\tmt\ct672.exe
c:\documents and settings\All Users\Application Data\tmt\ct673.exe
c:\documents and settings\All Users\Application Data\tmt\ct676.exe
c:\documents and settings\All Users\Application Data\tmt\ct678.exe
c:\documents and settings\All Users\Application Data\tmt\ct679.exe
c:\documents and settings\All Users\Application Data\tmt\ct685.exe
c:\documents and settings\All Users\Application Data\tmt\ct690.exe
c:\documents and settings\All Users\Application Data\tmt\ct692.exe
c:\documents and settings\All Users\Application Data\tmt\ct700.exe
c:\documents and settings\All Users\Application Data\tmt\ct705.exe
c:\documents and settings\All Users\Application Data\tmt\ct708.exe
c:\documents and settings\All Users\Application Data\tmt\ct71.exe
c:\documents and settings\All Users\Application Data\tmt\ct711.exe
c:\documents and settings\All Users\Application Data\tmt\ct713.exe
c:\documents and settings\All Users\Application Data\tmt\ct714.exe
c:\documents and settings\All Users\Application Data\tmt\ct715.exe
c:\documents and settings\All Users\Application Data\tmt\ct719.exe
c:\documents and settings\All Users\Application Data\tmt\ct72.exe
c:\documents and settings\All Users\Application Data\tmt\ct721.exe
c:\documents and settings\All Users\Application Data\tmt\ct722.exe
c:\documents and settings\All Users\Application Data\tmt\ct724.exe
c:\documents and settings\All Users\Application Data\tmt\ct725.exe
c:\documents and settings\All Users\Application Data\tmt\ct73.exe
c:\documents and settings\All Users\Application Data\tmt\ct730.exe
c:\documents and settings\All Users\Application Data\tmt\ct732.exe
c:\documents and settings\All Users\Application Data\tmt\ct733.exe
c:\documents and settings\All Users\Application Data\tmt\ct744.exe
c:\documents and settings\All Users\Application Data\tmt\ct745.exe
c:\documents and settings\All Users\Application Data\tmt\ct749.exe
c:\documents and settings\All Users\Application Data\tmt\ct750.exe
c:\documents and settings\All Users\Application Data\tmt\ct752.exe
c:\documents and settings\All Users\Application Data\tmt\ct753.exe
c:\documents and settings\All Users\Application Data\tmt\ct754.exe
c:\documents and settings\All Users\Application Data\tmt\ct755.exe
c:\documents and settings\All Users\Application Data\tmt\ct758.exe
c:\documents and settings\All Users\Application Data\tmt\ct759.exe
c:\documents and settings\All Users\Application Data\tmt\ct76.exe
c:\documents and settings\All Users\Application Data\tmt\ct760.exe
c:\documents and settings\All Users\Application Data\tmt\ct761.exe
c:\documents and settings\All Users\Application Data\tmt\ct763.exe
c:\documents and settings\All Users\Application Data\tmt\ct764.exe
c:\documents and settings\All Users\Application Data\tmt\ct765.exe
c:\documents and settings\All Users\Application Data\tmt\ct768.exe
c:\documents and settings\All Users\Application Data\tmt\ct770.exe
c:\documents and settings\All Users\Application Data\tmt\ct771.exe
c:\documents and settings\All Users\Application Data\tmt\ct775.exe
c:\documents and settings\All Users\Application Data\tmt\ct776.exe
c:\documents and settings\All Users\Application Data\tmt\ct777.exe
c:\documents and settings\All Users\Application Data\tmt\ct778.exe
c:\documents and settings\All Users\Application Data\tmt\ct779.exe
c:\documents and settings\All Users\Application Data\tmt\ct783.exe
c:\documents and settings\All Users\Application Data\tmt\ct786.exe
c:\documents and settings\All Users\Application Data\tmt\ct787.exe
c:\documents and settings\All Users\Application Data\tmt\ct788.exe
c:\documents and settings\All Users\Application Data\tmt\ct791.exe
c:\documents and settings\All Users\Application Data\tmt\ct8.exe
c:\documents and settings\All Users\Application Data\tmt\ct80.exe
c:\documents and settings\All Users\Application Data\tmt\ct804.exe
c:\documents and settings\All Users\Application Data\tmt\ct806.exe
c:\documents and settings\All Users\Application Data\tmt\ct807.exe
c:\documents and settings\All Users\Application Data\tmt\ct818.exe
c:\documents and settings\All Users\Application Data\tmt\ct82.exe
c:\documents and settings\All Users\Application Data\tmt\ct821.exe
c:\documents and settings\All Users\Application Data\tmt\ct823.exe
c:\documents and settings\All Users\Application Data\tmt\ct824.exe
c:\documents and settings\All Users\Application Data\tmt\ct832.exe
c:\documents and settings\All Users\Application Data\tmt\ct833.exe
c:\documents and settings\All Users\Application Data\tmt\ct834.exe
c:\documents and settings\All Users\Application Data\tmt\ct838.exe
c:\documents and settings\All Users\Application Data\tmt\ct841.exe
c:\documents and settings\All Users\Application Data\tmt\ct843.exe
c:\documents and settings\All Users\Application Data\tmt\ct853.exe
c:\documents and settings\All Users\Application Data\tmt\ct860.exe
c:\documents and settings\All Users\Application Data\tmt\ct861.exe
c:\documents and settings\All Users\Application Data\tmt\ct865.exe
c:\documents and settings\All Users\Application Data\tmt\ct867.exe
c:\documents and settings\All Users\Application Data\tmt\ct870.exe
c:\documents and settings\All Users\Application Data\tmt\ct876.exe
c:\documents and settings\All Users\Application Data\tmt\ct879.exe
c:\documents and settings\All Users\Application Data\tmt\ct889.exe
c:\documents and settings\All Users\Application Data\tmt\ct890.exe
c:\documents and settings\All Users\Application Data\tmt\ct896.exe
c:\documents and settings\All Users\Application Data\tmt\ct897.exe
c:\documents and settings\All Users\Application Data\tmt\ct898.exe
c:\documents and settings\All Users\Application Data\tmt\ct9.exe
c:\documents and settings\All Users\Application Data\tmt\ct903.exe
c:\documents and settings\All Users\Application Data\tmt\ct906.exe
c:\documents and settings\All Users\Application Data\tmt\ct907.exe
c:\documents and settings\All Users\Application Data\tmt\ct908.exe
c:\documents and settings\All Users\Application Data\tmt\ct909.exe
c:\documents and settings\All Users\Application Data\tmt\ct913.exe
c:\documents and settings\All Users\Application Data\tmt\ct917.exe
c:\documents and settings\All Users\Application Data\tmt\ct925.exe
c:\documents and settings\All Users\Application Data\tmt\ct93.exe
c:\documents and settings\All Users\Application Data\tmt\ct933.exe
c:\documents and settings\All Users\Application Data\tmt\ct934.exe
c:\documents and settings\All Users\Application Data\tmt\ct937.exe
c:\documents and settings\All Users\Application Data\tmt\ct940.exe
c:\documents and settings\All Users\Application Data\tmt\ct942.exe
c:\documents and settings\All Users\Application Data\tmt\ct949.exe
c:\documents and settings\All Users\Application Data\tmt\ct95.exe
c:\documents and settings\All Users\Application Data\tmt\ct958.exe
c:\documents and settings\All Users\Application Data\tmt\ct959.exe
c:\documents and settings\All Users\Application Data\tmt\ct96.exe
c:\documents and settings\All Users\Application Data\tmt\ct960.exe
c:\documents and settings\All Users\Application Data\tmt\ct965.exe
c:\documents and settings\All Users\Application Data\tmt\ct977.exe
c:\documents and settings\All Users\Application Data\tmt\ct978.exe
c:\documents and settings\All Users\Application Data\tmt\ct98.exe
c:\documents and settings\All Users\Application Data\tmt\ct983.exe
c:\documents and settings\All Users\Application Data\tmt\ct986.exe
c:\documents and settings\All Users\Application Data\tmt\ct989.exe
c:\documents and settings\All Users\Application Data\tmt\ct990.exe
c:\documents and settings\All Users\Application Data\tmt\ct994.exe
c:\documents and settings\All Users\Application Data\tmt\ct998.exe
c:\documents and settings\All Users\Application Data\tmt\ct999.exe
c:\documents and settings\All Users\Documenten\TimeSlot\chckts.exe
c:\program files\TimeSlot\chckts.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-02-18 to 2012-03-18 ))))))))))))))))))))))))))))))
.
.
2012-03-18 13:27 . 2012-03-18 13:27 -------- d-----w- c:\program files\ComboFix
2012-03-18 12:49 . 2012-03-18 12:49 -------- d-----w- c:\documents and settings\Administrator
2012-03-17 13:24 . 2012-03-18 11:30 -------- d-----w- c:\documents and settings\Camilè\Application Data\PriceGong
2012-03-17 10:58 . 2012-03-17 10:58 -------- d-----w- c:\documents and settings\Camilè\Local Settings\Application Data\Conduit
2012-03-17 10:58 . 2012-03-17 13:24 -------- d-----w- c:\documents and settings\Camilè\Local Settings\Application Data\Freecorder
2012-03-16 21:56 . 2012-03-16 21:56 -------- d-----w- c:\documents and settings\Daphne\Local Settings\Application Data\LG Electronics
2012-03-16 18:59 . 2012-03-16 19:04 -------- d-----w- c:\documents and settings\Daphne\Local Settings\Application Data\Freecorder
2012-03-16 18:59 . 2012-03-16 18:59 -------- d-----w- c:\program files\Freecorder
2012-03-16 18:59 . 2012-03-16 18:59 -------- d-----w- c:\documents and settings\Daphne\Local Settings\Application Data\FLVService
2012-03-16 18:56 . 2012-03-16 19:07 -------- d-----w- c:\program files\vixy
2012-03-16 18:26 . 2012-03-16 18:26 -------- d-----w- c:\documents and settings\Daphne\Application Data\AVS4YOU
2012-03-16 18:22 . 2011-09-16 15:05 11137024 ----a-w- c:\windows\system32\libmfxsw32.dll
2012-03-16 18:22 . 2012-03-16 18:24 -------- d-----w- c:\program files\Common Files\AVSMedia
2012-03-16 18:22 . 2011-08-22 15:33 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2012-03-16 18:22 . 2012-03-16 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2012-03-16 18:22 . 2012-03-16 18:24 -------- d-----w- c:\program files\AVS4YOU
2012-03-16 18:18 . 2012-03-16 18:21 -------- d-----w- c:\program files\avs video converter
2012-03-16 09:25 . 2012-03-18 13:00 -------- d-----w- c:\program files\hijack this
2012-03-16 08:47 . 2012-03-16 08:47 -------- d-----w- c:\documents and settings\Daphne\Application Data\Malwarebytes
2012-03-16 08:46 . 2012-03-16 08:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-03-16 08:46 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-16 08:45 . 2012-03-16 08:46 -------- d-----w- c:\program files\malware
2012-03-15 22:21 . 2012-03-15 22:21 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-03-15 22:11 . 2012-03-15 22:11 -------- d-----w- c:\program files\HitmanPro
2012-03-15 22:10 . 2012-03-15 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-03-15 22:10 . 2012-03-15 22:10 -------- d-----w- c:\program files\hitman pro
2012-03-15 16:31 . 2012-03-15 16:31 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2012-03-15 16:31 . 2012-03-15 16:31 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2012-03-15 16:29 . 2012-03-15 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-03-15 16:29 . 2012-03-15 16:36 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-03-15 14:09 . 2012-03-18 13:46 -------- d--h--r- c:\documents and settings\Daphne\Onlangs geopend
2012-03-15 10:13 . 2012-03-15 16:09 -------- d-----w- c:\program files\Image Grabber II
2012-03-15 10:10 . 2012-03-15 10:19 -------- d-----w- c:\documents and settings\Daphne\Local Settings\Application Data\Smartbar
2012-03-15 10:01 . 2012-03-15 10:01 -------- d-----w- c:\program files\image grabber 2
2012-03-15 09:52 . 2012-03-15 10:09 -------- d-----w- c:\documents and settings\Daphne\Local Settings\Application Data\Linkury
2012-03-15 09:51 . 2012-03-15 09:51 -------- d-----w- c:\documents and settings\Daphne\Application Data\OpenCandy
2012-03-13 20:31 . 2012-03-13 20:31 -------- d-----w- C:\ifx
2012-03-13 20:27 . 2012-03-14 11:26 -------- d-----w- C:\LG_USB
2012-03-13 20:25 . 2011-05-10 12:37 655872 ----a-w- c:\windows\system32\msvcr90.dll
2012-03-13 20:25 . 2011-05-10 12:37 568832 ----a-w- c:\windows\system32\msvcp90.dll
2012-03-13 20:25 . 2011-05-10 12:37 224768 ----a-w- c:\windows\system32\msvcm90.dll
2012-03-13 20:25 . 2005-10-04 00:39 44544 ----a-w- c:\windows\system32\msxml4a.dll
2012-03-13 20:25 . 2006-05-04 07:33 53248 ----a-w- c:\windows\system32\CommonDL.dll
2012-03-13 20:25 . 2012-03-14 11:24 -------- d-----w- c:\documents and settings\All Users\Application Data\LGMOBILEAX
2012-03-13 19:56 . 2004-04-18 22:42 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2012-03-13 19:56 . 2004-04-18 22:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2012-03-13 19:56 . 2004-04-18 22:39 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2012-03-13 19:56 . 2004-04-18 22:39 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2012-03-13 19:56 . 2004-04-18 22:39 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2012-03-13 19:56 . 2012-03-13 19:56 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2012-03-13 19:56 . 2012-03-13 19:56 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2012-02-17 22:53 . 2012-02-17 22:53 -------- d-----w- c:\documents and settings\Daphne\Application Data\inkscape
2012-02-17 22:46 . 2012-02-17 22:52 -------- d-----w- c:\program files\Inkscape
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-29 11:07 . 2011-06-03 08:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:57 . 2004-08-04 12:00 1860224 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:07 . 2012-02-15 13:21 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2008-01-07 14:14 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-12-20 23:54 . 2011-12-20 23:54 73728 ----a-r- c:\documents and settings\Daphne\Application Data\Microsoft\Installer\{F8E3A0F8-53A4-4FD8-9986-C90A3EA7C3B6}\NewShortcut47_74B9CE5DF1F4447F982DCA29A461B529.exe
2011-12-20 23:54 . 2011-12-20 23:54 73728 ----a-r- c:\documents and settings\Daphne\Application Data\Microsoft\Installer\{F8E3A0F8-53A4-4FD8-9986-C90A3EA7C3B6}\NewShortcut46_74B9CE5DF1F4447F982DCA29A461B529.exe
2011-12-20 23:54 . 2011-12-20 23:54 53248 ----a-r- c:\documents and settings\Daphne\Application Data\Microsoft\Installer\{F8E3A0F8-53A4-4FD8-9986-C90A3EA7C3B6}\ARPPRODUCTICON.exe
2011-12-20 23:54 . 2011-12-20 23:54 49152 ----a-r- c:\documents and settings\Daphne\Application Data\Microsoft\Installer\{F8E3A0F8-53A4-4FD8-9986-C90A3EA7C3B6}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe
2011-12-20 23:54 . 2011-12-20 23:54 49152 ----a-r- c:\documents and settings\Daphne\Application Data\Microsoft\Installer\{F8E3A0F8-53A4-4FD8-9986-C90A3EA7C3B6}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe
2011-06-03 20:59 . 2011-06-03 20:58 9344296 ----a-w- c:\program files\albelli7_NL.exe
2011-06-02 22:27 . 2011-06-02 22:25 91864240 ----a-w- c:\program files\Nokia_Ovi_Suite_webinstaller_ALL.exe
2010-05-13 15:41 . 2010-05-13 15:41 4614113 ----a-w- c:\program files\SetupImgBurn_2.5.1.0.exe
2010-01-26 09:11 . 2010-11-14 15:45 444283 -c--a-w- c:\program files\Common Files\WinPcapNmap.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 16264192]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-04-23 188416]
"aaservice"="C:\Program Files/Timeslot/servicets.exe" [2007-09-06 397312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 63712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Magnify"="Magnify.exe" [2008-04-14 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-29 19:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-22 14:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-07-27 02:10 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-03-18 01:40 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-01-13 13:53 460872 ----a-w- c:\program files\malware\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSU_agent]
2011-10-19 13:53 190768 ----a-w- c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-02-10 20:49 77824 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-11-30 08:47 296056 ----a-w- c:\program files\Real\realplayer\Update\realsched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"Persistence"=c:\windows\system32\igfxpers.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"Alcmtr"=ALCMTR.EXE
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" -osboot
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth Pro\\googleearth.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"35126:TCP"= 35126:TCP:utorrent2
"47979:TCP"= 47979:TCP:Utorrent 3
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11-9-2009 6:23 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [11-9-2009 6:26 96408]
R2 AGCoreService;AG Core Services;c:\program files\AGI\core\4.2.0.10754\AGCoreService.exe [20-3-2011 19:42 20480]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [18-7-2009 23:03 75272]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11-9-2009 6:24 735960]
R2 MBAMService;MBAMService;c:\program files\malware\Malwarebytes' Anti-Malware\mbamservice.exe [16-3-2012 9:46 652360]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [27-1-2010 3:09 50704]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24-6-2010 15:41 92008]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [31-5-2011 17:01 1052480]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29-9-2009 8:11 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29-9-2009 8:11 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29-9-2009 8:11 12928]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [16-3-2012 9:46 20464]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25-2-2010 10:18 10064]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [18-7-2009 23:03 96520]
S2 gupdate1c9ff3c93ad5260;Google Updateservice (gupdate1c9ff3c93ad5260);c:\program files\Google\Update\GoogleUpdate.exe [7-7-2009 20:53 133104]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7-7-2009 20:53 133104]
S3 MemStPCI;Sony PCI Memory Stick-controller (PCI);c:\windows\system32\drivers\MemStPCI.SYS [2-10-2010 23:37 26112]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhoud van de 'Gedeelde Taken' map
.
2012-03-16 c:\windows\Tasks\Automatisch onderhoud.job
- c:\program files\TuneUp Utilities 2010\OneClickStarter.exe [2011-05-31 16:05]
.
2012-03-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-07 13:51]
.
2012-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-07 19:52]
.
2012-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-07 19:52]
.
2012-03-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1957994488-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14]
.
2012-03-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1957994488-839522115-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14]
.
2012-03-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1957994488-839522115-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14]
.
2012-03-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1957994488-839522115-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14]
.
2012-03-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1957994488-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14]
.
2012-03-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1957994488-839522115-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14]
.
2012-03-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1957994488-839522115-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14]
.
2012-03-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1957994488-839522115-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14]
.
.
------- Bijkomende Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.startpagina.nl/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-10 - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-Share-to-Web Namespace Daemon - c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
AddRemove-Searchqu 101 MediaBar - c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\uninstallTB.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-03-18 14:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Voltooingstijd: 2012-03-18 14:50:58
ComboFix-quarantined-files.txt 2012-03-18 13:50
.
Pre-Run: 30.771.916.800 bytes beschikbaar
Post-Run: 31.225.176.064 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - B671303E141F65EF2ACF2C66E86C337B
-
Ok dat heb ik gedaan. De 023 kon ik niet verwijderen want die stond er niet in.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:00:46, on 18-3-2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\malware\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\TimeSlot\tmt.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\All Users\Application Data\tmt\ct0.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Documents and Settings\All Users\Application Data\tmt\ct31.exe
C:\Program Files\hijack this\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl - alles op een rijtje! (ook op mobiel)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: LinkAirBrowserHelper HistoryTriggerBHO - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Documents and Settings\Daphne\Mijn documenten\lg pc suite de echte\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [skyTel] SkyTel.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [tmt] "C:\Program Files\TimeSlot\tmt.exe"
O4 - HKLM\..\Run: [aaservice] "C:\Program Files/Timeslot/servicets.exe"
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Magnify] Magnify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Magnify] Magnify.exe (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v911/Navigram.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.opentopia.com/support/activex/AxisCamControl.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AG Core Services (AGCoreService) - AG Interactive - C:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updateservice (gupdate1c9ff3c93ad5260) (gupdate1c9ff3c93ad5260) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\malware\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
--
End of file - 9196 bytes
Nu heb ik wel ineens chrome erop staan. Kan ik die gewoon wijzigen?
-
Hallo Kweenie,
Zal ik doen. Nog even een opmerking. Jij schreef dat ik onderstaande moest aanvinken:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Babylon Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Babylon Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Babylon Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Babylon Search
R3 - Default URLSearchHook is missing
O2 - BHO: agihelper.AGUtils - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll (file missing)
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI9130~1\Datamngr\ToolBar\searchqudtx.dll
O2 - BHO: SearchCore for Browsers - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\SEARCH~1\SEARCH~1\BROWSE~1.DLL
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI9130~1\Datamngr\ToolBar\searchqudtx.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\SEARCH~1\DATAMN~1.EXE
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: c:\progra~1\search~1\search~1\datamngr.dll c:\progra~1\search~1\search~1\iebho.dll
Nou staat er bij jou bij R1 Babylon achter. Dit staat niet in het "hijack this" scherm. Deze staat onder de naam linkury. Ik dacht dat het misschien handig is te weten voor anderen die er tegenaan lopen en "Babylon" niet zien staan.
Groetjes Boem
-
Hallo Kweezie wabit,
Volgens mij is het gelukt. Ik heb een andere startpagina. pfff.
Log van Malwarebytes is dit:
Malwarebytes Anti-Malware (-evaluatieversie-) 1.60.1.1000
Databaseversie: v2012.03.17.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Daphne :: PCPRIVE [administrator]
Realtime bescherming: Uitgeschakeld
17-3-2012 11:27:47
mbam-log-2012-03-17 (11-27-47).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 241089
Verstreken tijd: 11 minuut/minuten, 35 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
en log van hijack is dit:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:49:45, on 17-3-2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\malware\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\TimeSlot\tmt.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Documents and Settings\All Users\Application Data\tmt\ct0.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Documents and Settings\All Users\Application Data\tmt\ct31.exe
C:\Documents and Settings\All Users\Application Data\tmt\ct861.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\123webhost\FTP en uploaden\WsftpCOMHelper.exe
C:\Program Files\hijack this\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Freecorder - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFree.dll
O2 - BHO: LinkAirBrowserHelper HistoryTriggerBHO - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Documents and Settings\Daphne\Mijn documenten\lg pc suite de echte\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFree.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [skyTel] SkyTel.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [tmt] "C:\Program Files\TimeSlot\tmt.exe"
O4 - HKLM\..\Run: [aaservice] "C:\Program Files/Timeslot/servicets.exe"
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\malware\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Magnify] Magnify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Magnify] Magnify.exe (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v911/Navigram.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.opentopia.com/support/activex/AxisCamControl.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AG Core Services (AGCoreService) - AG Interactive - C:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updateservice (gupdate1c9ff3c93ad5260) (gupdate1c9ff3c93ad5260) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\malware\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
--
End of file - 10294 bytes
Is het zo goed?
Groetjes Boem
-
Asus, ik wacht het af en xXMXHXx nogmaals bedankt voor het meedenken.
-
Hallo xXMXHXx,
Dat heb ik als eerste gedaan. Hij staat er dan niet in als babylon, maar als linkury. Bij de software staat ie niet eens. Hij is meegekomen met een programma dat ik heb gedownload. Dat programma ook al verwijderd.
Maar in ieder geval bedankt voor het meedenken.
Groetjes Boem
-
Hallo,
Ik heb een zoekmachine van Babylon op mijn pc gekregen en krijg hem niet verwijderd. Via google kwam ik op dit forum. Ik heb eea gelezen, en heb alvast hijackthis gedraaid. Hieronder de uitslag. Kunnen jullie me zeggen welke dingen ik kan aanvinken om te laten fixen?
NB ik heb ook al spybot, adaware, eset en hitmanpro laten draaien, maar die krijgen hem niet weg.
Oh ja en ik heb malwarebytes ook al geinstalleerd.
Alavast bedankt.
Groetjes Boem
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:12:35, on 16-3-2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\TimeSlot\tmt.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\PROGRA~1\SEARCH~1\SEARCH~1\DATAMN~1.EXE
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Documents and Settings\All Users\Application Data\tmt\ct0.exe
C:\Documents and Settings\All Users\Application Data\tmt\ct31.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\malware\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\malware\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\hijack this\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Babylon Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Babylon Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Babylon Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Babylon Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: agihelper.AGUtils - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll (file missing)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI9130~1\Datamngr\ToolBar\searchqudtx.dll
O2 - BHO: SearchCore for Browsers - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\SEARCH~1\SEARCH~1\BROWSE~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI9130~1\Datamngr\ToolBar\searchqudtx.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [skyTel] SkyTel.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [tmt] "C:\Program Files\TimeSlot\tmt.exe"
O4 - HKLM\..\Run: [aaservice] "C:\Program Files/Timeslot/servicets.exe"
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\SEARCH~1\DATAMN~1.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [b2C_AGENT] C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\malware\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\malware\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Magnify] Magnify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Magnify] Magnify.exe (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v911/Navigram.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.opentopia.com/support/activex/AxisCamControl.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: c:\progra~1\search~1\search~1\datamngr.dll c:\progra~1\search~1\search~1\iebho.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AG Core Services (AGCoreService) - AG Interactive - C:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updateservice (gupdate1c9ff3c93ad5260) (gupdate1c9ff3c93ad5260) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\malware\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
--
End of file - 11967 bytes
Kan je VHD bestand zomaar verwijderen van D schijf?
in Archief Windows 7
Geplaatst:
Ok heel erg bedankt.