Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

AQUB weg ermee aub

None
45 antwoorden
  • l.s.

    sinds enige tijd geplaagd door de AQUB zoekpagina in Firefox. Ook lukt het me niet om mijn AVG Firewall aan te zetten (ik moet de pc herstarten maar dit biedt geen soelaas), kortom ik vermoed dat er iets drastisch mis is.

    Graag wil ik mijn pc onderzoeken met de verschillende tools die ik hier voorbij zie komen. Wil er iemand met mij meekijken?

    bij voorbaat dank,

    gr.
    Rick
  • Hallo Rick,
    [img:288c120209]http://www.smartestcomputing.us.com/public/style_emoticons/default/smiley_says_hello.gif[/img:288c120209]van harte welkom op dit geweldige forum.

  • Beste Abraham,

    Allereerst bij voorbaat hartelijke dank voor het meekijken. Ik begrijp uit andere postings dat er recent steeds vaker een beroep op je expertise gedaan wordt.

    Dan mijn aqub probleem:

    Ik het de runs tweemaal uitgevoerd, hieronder de logs van de tweede run. Vooraf nog een opmerking, ik kreeg ADWcleaner in eerste instantie niet gedownload wegens onvoldoende rechten voor de map Downloads (nog nooit eerder deze foutmelding). Ook kreeg ik een melding van mijn AVG dat ADW een trojan zou zijn.
    De reden voor de tweede run is dat ik het eerste logbestand van ADW niet had opgeslagen, in ieder geval niet kon terug vinden. Ik hoop dat dat de procedure niet nadelig heeft beïnvloed.
    Hier volgen de logs van ADW (alleen tweede run) en DDS (eerste en tweede run) :


    # AdwCleaner v2.100 - Verslag gemaakt op 16/12/2012 om 19:56:59
    # Geactualiseerd op 09/12/2012 door Xplode
    # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Gebruiker : RHO - RHO-EDGE
    # Opstarten Modus : Normale modus
    # Gelanceerd vanaf : C:\Users\RHO\Desktop\adwcleaner.exe
    # Optie [Verwijderen]

    a
    ***** [Diensten] *****


    ***** [Files / Mappen] *****

    Map Verwijdert : C:\Users\RHO\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej
    Map Verwijdert : C:\Users\RHO\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
    Verwijdert bij het opstarten : C:\Program Files (x86)\Common Files\AVG Secure Search

    ***** [Register] *****


    ***** [Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Het register bevat geen enkele ongeoorloofde invoer.

    -\\ Mozilla Firefox v14.0.1 (nl)

    Profielnaam : default
    File : C:\Users\RHO\AppData\Roaming\Mozilla\Firefox\Profiles
    loj0936.default\prefs.js

    [OK] De file bevat geen enkele ongeoorloofde invoer.

    -\\ Google Chrome v23.0.1271.97

    File : C:\Users\RHO\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] De file bevat geen enkele ongeoorloofde invoer.

    -\\ Opera v12.11.1661.0

    File : C:\Users\RHO\AppData\Roaming\Opera\Opera\operaprefs.ini

    [OK] De file bevat geen enkele ongeoorloofde invoer.

    *************************

    AdwCleaner[S1].txt - [35546 octets] - [16/12/2012 18:06:06]
    AdwCleaner[S2].txt - [1493 octets] - [16/12/2012 19:56:59]

    ########## EOF - C:\AdwCleaner[S2].txt - [1553 octets] ##########


    EERSTE RUN DDS


    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_31
    Run by RHO at 20:03:50 on 2012-12-16
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3893.2230 [GMT 1:00]
    .
    AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\ibmpmsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
    C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
    C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
    C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
    C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
    C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
    C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
    C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\TpShocks.exe
    C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    C:\Users\RHO\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files (x86)\Winamp\winampa.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files (x86)\Lenovo\System Update\SUService.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com
    uSearch Page = hxxp://www.google.com
    uDefault_Page_URL = hxxp://lenovo.msn.com
    uSearchAssistant = hxxp://www.google.com
    mWinlogon: Userinit = userinit.exe
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: GretechBHO Class: {F0181C6E-9218-4792-9F3C-E8DF52B2F1AC} - C:\Program Files (x86)\GRETECH\GomPicker\GomPickerBHO.dll
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [Spotify] "C:\Users\RHO\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
    uRun: [Spotify Web Helper] "C:\Users\RHO\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
    mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
    mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
    mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    StartupFolder: C:\Users\RHO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Faceb662.url
    StartupFolder: C:\Users\RHO\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Afbeelding verzenden naar &Bluetooth-apparaat… - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Pagina verzenden naar &Bluetooth-apparaat… - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: NameServer = 192.168.1.254 195.241.77.55 195.241.77.58
    TCP: Interfaces\{18C7308F-1FC5-4B56-8136-08B668366B1E} : DHCPNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
    TCP: Interfaces\{18C7308F-1FC5-4B56-8136-08B668366B1E}\8445340205F627471626C6560284F6473707F647 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{18C7308F-1FC5-4B56-8136-08B668366B1E}\E4F46514 : DHCPNameServer = 192.168.0.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs=
    SSODL: WebCheck - <orphaned>
    LSA: Notification Packages = scecli ACGina
    x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [TpShocks] TpShocks.exe
    x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
    x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
    x64-Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
    x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
    x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\RHO\AppData\Roaming\Mozilla\Firefox\Profiles
    loj0936.default\
    FF - prefs.js: browser.startup.homepage - www.google.nl
    FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins
    pFoxitReaderPlugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123
    pGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2
    pdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2
    pjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0
    pctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins
    pdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins
    pwachk.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
    FF - ExtSQL: 2012-10-16 21:41; en-GB@dictionaries.addons.mozilla.org; C:\Users\RHO\AppData\Roaming\Mozilla\Firefox\Profiles
    loj0936.default\extensions\en-GB@dictionaries.addons.mozilla.org
    FF - ExtSQL: !HIDDEN! 2012-05-02 19:22; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\FirefoxExtension
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
    R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2011-3-29 23664]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-7-26 291680]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-18 30568]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-12-4 279616]
    R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2011-9-22 15472]
    R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-6-13 2321560]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2011-9-4 41320]
    R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2011-12-9 101736]
    R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-9-4 65896]
    R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2011-12-9 133992]
    R2 MSSQL$RADIONOMY536765;SQL Server (RADIONOMY536765);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
    R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2010-10-19 5250048]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.sys [2012-2-15 11576]
    R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-1-23 92592]
    R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2011-12-9 145256]
    R2 TPHKSVC;Weergave op scherm;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2011-12-9 142696]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-9-4 2320920]
    R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-9 711112]
    R3 5U877;USB Video Device;C:\Windows\System32\drivers\5U877.sys [2011-9-4 161664]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2011-12-23 124496]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-9-4 56344]
    R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-9-4 158976]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-1-7 317440]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-9-4 246376]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
    R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192Ce.sys [2011-2-23 1142376]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    S1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2011-5-23 48992]
    S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2011-9-4 54824]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-9-4 35104]
    S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2011-12-14 16776]
    S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2011-12-14 9096]
    S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2011-9-4 1662528]
    S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2011-9-22 165440]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
    S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-24 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
    .
    =============== Created Last 30 ================
    .
    2012-12-13 06:33:06 2382848 —-a-w- C:\Windows\System32\mshtml.tlb
    2012-12-13 06:33:05 2382848 —-a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-12-13 06:33:02 420864 —-a-w- C:\Windows\SysWow64\vbscript.dll
    2012-12-13 06:33:02 304640 —-a-w- C:\Program Files\Internet Explorer\IEShims.dll
    2012-12-13 06:33:02 182816 —-a-w- C:\Program Files\Internet Explorer\sqmapi.dll
    2012-12-13 06:33:02 149552 —-a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
    2012-12-13 06:33:01 194048 —-a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
    2012-12-12 13:05:36 2048 —-a-w- C:\Windows\SysWow64\tzres.dll
    2012-12-12 13:04:52 478208 —-a-w- C:\Windows\System32\dpnet.dll
    2012-12-12 13:04:51 376832 —-a-w- C:\Windows\SysWow64\dpnet.dll
    2012-12-03 19:58:58 ——– d—–w- C:\Program Files\iPod
    2012-12-03 19:58:56 ——– d—–w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-12-03 19:58:56 ——– d—–w- C:\Program Files\iTunes
    2012-12-03 19:58:56 ——– d—–w- C:\Program Files (x86)\iTunes
    2012-12-01 23:14:55 ——– d—–w- C:\ProgramData\VirtualizedApplications
    2012-11-28 05:46:26 ——– d—–w- C:\Users\RHO\AppData\Local\ElevatedDiagnostics
    2012-11-25 07:04:53 ——– d—–w- C:\Users\RHO\AppData\Roaming\Image-Line
    2012-11-24 17:13:36 ——– d—–w- C:\Users\RHO\AppData\Roaming\Samsung
    2012-11-24 17:13:32 ——– d—–w- C:\Program Files (x86)\Common Files\Common Desktop Agent
    2012-11-24 17:13:31 ——– d—–w- C:\Program Files\Common Files\Common Desktop Agent
    2012-11-24 17:06:36 1554336 ——w- C:\Windows\TotalUninstaller.exe
    2012-11-24 17:06:03 1724416 ——w- C:\Windows\gdiplus.dll
    2012-11-24 17:06:03 ——– d—–w- C:\Program Files (x86)\Samsung
    2012-11-24 16:18:47 ——– d—–w- C:\ProgramData\Samsung
    2012-11-24 16:18:47 ——– d—–w- C:\Program Files (x86)\SamsungPrinterLiveUpdateInstaller
    2012-11-24 16:18:47 ——– d—–w- C:\Program Files (x86)\SamsungPrinterLiveUpdate
    2012-11-24 16:18:37 37376 —-a-w- C:\Windows\System32\Spool\prtprocs\x64\sst6cpc.dll
    2012-11-18 14:10:45 ——– d—–w- C:\Users\RHO\AppData\Roaming\.minecraft
    2012-11-18 06:13:00 785512 —-a-w- C:\Windows\System32\drivers\Wdf01000.sys
    2012-11-18 06:13:00 2560 —-a-w- C:\Windows\System32\drivers
    l-NL\wdf01000.sys.mui
    2012-11-18 06:12:59 9728 —-a-w- C:\Windows\System32\Wdfres.dll
    2012-11-18 06:12:59 54376 —-a-w- C:\Windows\System32\drivers\WdfLdr.sys
    2012-11-18 05:55:01 87040 —-a-w- C:\Windows\System32\drivers\WUDFPf.sys
    2012-11-18 05:55:01 198656 —-a-w- C:\Windows\System32\drivers\WUDFRd.sys
    2012-11-18 05:54:57 84992 —-a-w- C:\Windows\System32\WUDFSvc.dll
    2012-11-18 05:54:56 194048 —-a-w- C:\Windows\System32\WUDFPlatform.dll
    2012-11-18 05:54:55 45056 —-a-w- C:\Windows\System32\WUDFCoinstaller.dll
    2012-11-18 05:54:54 744448 —-a-w- C:\Windows\System32\WUDFx.dll
    2012-11-18 05:54:54 229888 —-a-w- C:\Windows\System32\WUDFHost.exe
    .
    ==================== Find3M ====================
    .
    2012-12-12 13:29:44 73656 —-a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-12-12 13:29:44 697272 —-a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-11-22 03:26:40 3149824 —-a-w- C:\Windows\System32\win32k.sys
    2012-11-14 06:11:44 2312704 —-a-w- C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 —-a-w- C:\Windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 —-a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 —-a-w- C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 —-a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-14 02:09:22 1800704 —-a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 —-a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 —-a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 —-a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-11-10 12:50:26 0 —-a-w- C:\Windows\SysWow64\shoF3F8.tmp
    2012-11-09 07:39:27 30568 —-a-w- C:\Windows\System32\drivers\avgtpx64.sys
    2012-11-09 05:45:09 2048 —-a-w- C:\Windows\System32\tzres.dll
    2012-11-05 21:35:16 46080 —-a-w- C:\Windows\System32\atmlib.dll
    2012-11-05 20:41:32 367616 —-a-w- C:\Windows\System32\atmfd.dll
    2012-11-05 20:32:16 295424 —-a-w- C:\Windows\SysWow64\atmfd.dll
    2012-11-05 20:32:09 34304 —-a-w- C:\Windows\SysWow64\atmlib.dll
    2012-10-25 02:12:26 94208 —-a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2012-10-25 02:12:26 69632 —-a-w- C:\Windows\SysWow64\QuickTime.qts
    2012-10-16 08:38:37 135168 —-a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38:34 350208 —-a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39:52 561664 —-a-w- C:\Windows\apppatch\AcLayers.dll
    2012-10-09 18:17:13 55296 —-a-w- C:\Windows\System32\dhcpcsvc6.dll
    2012-10-09 18:17:13 226816 —-a-w- C:\Windows\System32\dhcpcore6.dll
    2012-10-09 17:40:31 44032 —-a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40:31 193536 —-a-w- C:\Windows\SysWow64\dhcpcore6.dll
    2012-10-04 17:46:16 362496 —-a-w- C:\Windows\System32\wow64win.dll
    2012-10-04 17:46:15 243200 —-a-w- C:\Windows\System32\wow64.dll
    2012-10-04 17:46:15 13312 —-a-w- C:\Windows\System32\wow64cpu.dll
    2012-10-04 17:45:55 215040 —-a-w- C:\Windows\System32\winsrv.dll
    2012-10-04 17:43:28 16384 —-a-w- C:\Windows\System32
    tvdm64.dll
    2012-10-04 17:41:16 424960 —-a-w- C:\Windows\System32\KernelBase.dll
    2012-10-04 16:47:41 5120 —-a-w- C:\Windows\SysWow64\wow32.dll
    2012-10-04 16:47:41 274944 —-a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-10-04 15:21:55 338432 —-a-w- C:\Windows\System32\conhost.exe
    2012-10-04 14:46:46 7680 —-a-w- C:\Windows\SysWow64\instnm.exe
    2012-10-04 14:46:46 25600 —-a-w- C:\Windows\SysWow64\setup16.exe
    2012-10-04 14:46:44 14336 —-a-w- C:\Windows\SysWow64
    tvdm64.dll
    2012-10-04 14:46:43 2048 —-a-w- C:\Windows\SysWow64\user.exe
    2012-10-04 14:41:50 6144 —ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-10-04 14:41:50 4608 —ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-04 14:41:50 3584 —ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-04 14:41:50 3072 —ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-10-03 17:56:54 1914248 —-a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-10-03 17:44:21 70656 —-a-w- C:\Windows\System32
    laapi.dll
    2012-10-03 17:44:21 303104 —-a-w- C:\Windows\System32
    lasvc.dll
    2012-10-03 17:44:17 246272 —-a-w- C:\Windows\System32
    etcorehc.dll
    2012-10-03 17:44:17 18944 —-a-w- C:\Windows\System32
    etevent.dll
    2012-10-03 17:44:16 216576 —-a-w- C:\Windows\System32
    csi.dll
    2012-10-03 17:42:16 569344 —-a-w- C:\Windows\System32\iphlpsvc.dll
    2012-10-03 16:42:24 18944 —-a-w- C:\Windows\SysWow64
    etevent.dll
    2012-10-03 16:42:24 175104 —-a-w- C:\Windows\SysWow64
    etcorehc.dll
    2012-10-03 16:42:23 156672 —-a-w- C:\Windows\SysWow64
    csi.dll
    2012-10-03 16:07:26 45568 —-a-w- C:\Windows\System32\drivers\tcpipreg.sys
    2012-09-26 09:44:36 226424 —-a-w- C:\Windows\System32\SBuySupplies.exe
    2012-09-25 22:47:43 78336 —-a-w- C:\Windows\SysWow64\synceng.dll
    2012-09-25 22:46:17 95744 —-a-w- C:\Windows\System32\synceng.dll
    .
    ============= FINISH: 20:05:13,24 ===============


    TWEEDE RUN DDS

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_31
    Run by RHO at 20:03:50 on 2012-12-16
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3893.2230 [GMT 1:00]
    .
    AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\ibmpmsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
    C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
    C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
    C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
    C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
    C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
    C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
    C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\TpShocks.exe
    C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    C:\Users\RHO\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files (x86)\Winamp\winampa.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files (x86)\Lenovo\System Update\SUService.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com
    uSearch Page = hxxp://www.google.com
    uDefault_Page_URL = hxxp://lenovo.msn.com
    uSearchAssistant = hxxp://www.google.com
    mWinlogon: Userinit = userinit.exe
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: GretechBHO Class: {F0181C6E-9218-4792-9F3C-E8DF52B2F1AC} - C:\Program Files (x86)\GRETECH\GomPicker\GomPickerBHO.dll
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [Spotify] "C:\Users\RHO\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
    uRun: [Spotify Web Helper] "C:\Users\RHO\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
    mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
    mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
    mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    StartupFolder: C:\Users\RHO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Faceb662.url
    StartupFolder: C:\Users\RHO\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Afbeelding verzenden naar &Bluetooth-apparaat… - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Pagina verzenden naar &Bluetooth-apparaat… - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: NameServer = 192.168.1.254 195.241.77.55 195.241.77.58
    TCP: Interfaces\{18C7308F-1FC5-4B56-8136-08B668366B1E} : DHCPNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
    TCP: Interfaces\{18C7308F-1FC5-4B56-8136-08B668366B1E}\8445340205F627471626C6560284F6473707F647 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{18C7308F-1FC5-4B56-8136-08B668366B1E}\E4F46514 : DHCPNameServer = 192.168.0.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs=
    SSODL: WebCheck - <orphaned>
    LSA: Notification Packages = scecli ACGina
    x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [TpShocks] TpShocks.exe
    x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
    x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
    x64-Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
    x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
    x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\RHO\AppData\Roaming\Mozilla\Firefox\Profiles
    loj0936.default\
    FF - prefs.js: browser.startup.homepage - www.google.nl
    FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins
    pFoxitReaderPlugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123
    pGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2
    pdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2
    pjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0
    pctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins
    pdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins
    pwachk.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
    FF - ExtSQL: 2012-10-16 21:41; en-GB@dictionaries.addons.mozilla.org; C:\Users\RHO\AppData\Roaming\Mozilla\Firefox\Profiles
    loj0936.default\extensions\en-GB@dictionaries.addons.mozilla.org
    FF - ExtSQL: !HIDDEN! 2012-05-02 19:22; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\FirefoxExtension
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
    R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2011-3-29 23664]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-7-26 291680]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-18 30568]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-12-4 279616]
    R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2011-9-22 15472]
    R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-6-13 2321560]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2011-9-4 41320]
    R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2011-12-9 101736]
    R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-9-4 65896]
    R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2011-12-9 133992]
    R2 MSSQL$RADIONOMY536765;SQL Server (RADIONOMY536765);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
    R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2010-10-19 5250048]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.sys [2012-2-15 11576]
    R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-1-23 92592]
    R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2011-12-9 145256]
    R2 TPHKSVC;Weergave op scherm;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2011-12-9 142696]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-9-4 2320920]
    R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-9 711112]
    R3 5U877;USB Video Device;C:\Windows\System32\drivers\5U877.sys [2011-9-4 161664]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2011-12-23 124496]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-9-4 56344]
    R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-9-4 158976]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-1-7 317440]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-9-4 246376]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
    R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192Ce.sys [2011-2-23 1142376]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    S1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2011-5-23 48992]
    S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2011-9-4 54824]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-9-4 35104]
    S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2011-12-14 16776]
    S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2011-12-14 9096]
    S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2011-9-4 1662528]
    S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2011-9-22 165440]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
    S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-24 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
    .
    =============== Created Last 30 ================
    .
    2012-12-13 06:33:06 2382848 —-a-w- C:\Windows\System32\mshtml.tlb
    2012-12-13 06:33:05 2382848 —-a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-12-13 06:33:02 420864 —-a-w- C:\Windows\SysWow64\vbscript.dll
    2012-12-13 06:33:02 304640 —-a-w- C:\Program Files\Internet Explorer\IEShims.dll
    2012-12-13 06:33:02 182816 —-a-w- C:\Program Files\Internet Explorer\sqmapi.dll
    2012-12-13 06:33:02 149552 —-a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
    2012-12-13 06:33:01 194048 —-a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
    2012-12-12 13:05:36 2048 —-a-w- C:\Windows\SysWow64\tzres.dll
    2012-12-12 13:04:52 478208 —-a-w- C:\Windows\System32\dpnet.dll
    2012-12-12 13:04:51 376832 —-a-w- C:\Windows\SysWow64\dpnet.dll
    2012-12-03 19:58:58 ——– d—–w- C:\Program Files\iPod
    2012-12-03 19:58:56 ——– d—–w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-12-03 19:58:56 ——– d—–w- C:\Program Files\iTunes
    2012-12-03 19:58:56 ——– d—–w- C:\Program Files (x86)\iTunes
    2012-12-01 23:14:55 ——– d—–w- C:\ProgramData\VirtualizedApplications
    2012-11-28 05:46:26 ——– d—–w- C:\Users\RHO\AppData\Local\ElevatedDiagnostics
    2012-11-25 07:04:53 ——– d—–w- C:\Users\RHO\AppData\Roaming\Image-Line
    2012-11-24 17:13:36 ——– d—–w- C:\Users\RHO\AppData\Roaming\Samsung
    2012-11-24 17:13:32 ——– d—–w- C:\Program Files (x86)\Common Files\Common Desktop Agent
    2012-11-24 17:13:31 ——– d—–w- C:\Program Files\Common Files\Common Desktop Agent
    2012-11-24 17:06:36 1554336 ——w- C:\Windows\TotalUninstaller.exe
    2012-11-24 17:06:03 1724416 ——w- C:\Windows\gdiplus.dll
    2012-11-24 17:06:03 ——– d—–w- C:\Program Files (x86)\Samsung
    2012-11-24 16:18:47 ——– d—–w- C:\ProgramData\Samsung
    2012-11-24 16:18:47 ——– d—–w- C:\Program Files (x86)\SamsungPrinterLiveUpdateInstaller
    2012-11-24 16:18:47 ——– d—–w- C:\Program Files (x86)\SamsungPrinterLiveUpdate
    2012-11-24 16:18:37 37376 —-a-w- C:\Windows\System32\Spool\prtprocs\x64\sst6cpc.dll
    2012-11-18 14:10:45 ——– d—–w- C:\Users\RHO\AppData\Roaming\.minecraft
    2012-11-18 06:13:00 785512 —-a-w- C:\Windows\System32\drivers\Wdf01000.sys
    2012-11-18 06:13:00 2560 —-a-w- C:\Windows\System32\drivers
    l-NL\wdf01000.sys.mui
    2012-11-18 06:12:59 9728 —-a-w- C:\Windows\System32\Wdfres.dll
    2012-11-18 06:12:59 54376 —-a-w- C:\Windows\System32\drivers\WdfLdr.sys
    2012-11-18 05:55:01 87040 —-a-w- C:\Windows\System32\drivers\WUDFPf.sys
    2012-11-18 05:55:01 198656 —-a-w- C:\Windows\System32\drivers\WUDFRd.sys
    2012-11-18 05:54:57 84992 —-a-w- C:\Windows\System32\WUDFSvc.dll
    2012-11-18 05:54:56 194048 —-a-w- C:\Windows\System32\WUDFPlatform.dll
    2012-11-18 05:54:55 45056 —-a-w- C:\Windows\System32\WUDFCoinstaller.dll
    2012-11-18 05:54:54 744448 —-a-w- C:\Windows\System32\WUDFx.dll
    2012-11-18 05:54:54 229888 —-a-w- C:\Windows\System32\WUDFHost.exe
    .
    ==================== Find3M ====================
    .
    2012-12-12 13:29:44 73656 —-a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-12-12 13:29:44 697272 —-a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-11-22 03:26:40 3149824 —-a-w- C:\Windows\System32\win32k.sys
    2012-11-14 06:11:44 2312704 —-a-w- C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 —-a-w- C:\Windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 —-a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 —-a-w- C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 —-a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-14 02:09:22 1800704 —-a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 —-a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 —-a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 —-a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-11-10 12:50:26 0 —-a-w- C:\Windows\SysWow64\shoF3F8.tmp
    2012-11-09 07:39:27 30568 —-a-w- C:\Windows\System32\drivers\avgtpx64.sys
    2012-11-09 05:45:09 2048 —-a-w- C:\Windows\System32\tzres.dll
    2012-11-05 21:35:16 46080 —-a-w- C:\Windows\System32\atmlib.dll
    2012-11-05 20:41:32 367616 —-a-w- C:\Windows\System32\atmfd.dll
    2012-11-05 20:32:16 295424 —-a-w- C:\Windows\SysWow64\atmfd.dll
    2012-11-05 20:32:09 34304 —-a-w- C:\Windows\SysWow64\atmlib.dll
    2012-10-25 02:12:26 94208 —-a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2012-10-25 02:12:26 69632 —-a-w- C:\Windows\SysWow64\QuickTime.qts
    2012-10-16 08:38:37 135168 —-a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38:34 350208 —-a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39:52 561664 —-a-w- C:\Windows\apppatch\AcLayers.dll
    2012-10-09 18:17:13 55296 —-a-w- C:\Windows\System32\dhcpcsvc6.dll
    2012-10-09 18:17:13 226816 —-a-w- C:\Windows\System32\dhcpcore6.dll
    2012-10-09 17:40:31 44032 —-a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40:31 193536 —-a-w- C:\Windows\SysWow64\dhcpcore6.dll
    2012-10-04 17:46:16 362496 —-a-w- C:\Windows\System32\wow64win.dll
    2012-10-04 17:46:15 243200 —-a-w- C:\Windows\System32\wow64.dll
    2012-10-04 17:46:15 13312 —-a-w- C:\Windows\System32\wow64cpu.dll
    2012-10-04 17:45:55 215040 —-a-w- C:\Windows\System32\winsrv.dll
    2012-10-04 17:43:28 16384 —-a-w- C:\Windows\System32
    tvdm64.dll
    2012-10-04 17:41:16 424960 —-a-w- C:\Windows\System32\KernelBase.dll
    2012-10-04 16:47:41 5120 —-a-w- C:\Windows\SysWow64\wow32.dll
    2012-10-04 16:47:41 274944 —-a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-10-04 15:21:55 338432 —-a-w- C:\Windows\System32\conhost.exe
    2012-10-04 14:46:46 7680 —-a-w- C:\Windows\SysWow64\instnm.exe
    2012-10-04 14:46:46 25600 —-a-w- C:\Windows\SysWow64\setup16.exe
    2012-10-04 14:46:44 14336 —-a-w- C:\Windows\SysWow64
    tvdm64.dll
    2012-10-04 14:46:43 2048 —-a-w- C:\Windows\SysWow64\user.exe
    2012-10-04 14:41:50 6144 —ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-10-04 14:41:50 4608 —ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-04 14:41:50 3584 —ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-04 14:41:50 3072 —ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-10-03 17:56:54 1914248 —-a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-10-03 17:44:21 70656 —-a-w- C:\Windows\System32
    laapi.dll
    2012-10-03 17:44:21 303104 —-a-w- C:\Windows\System32
    lasvc.dll
    2012-10-03 17:44:17 246272 —-a-w- C:\Windows\System32
    etcorehc.dll
    2012-10-03 17:44:17 18944 —-a-w- C:\Windows\System32
    etevent.dll
    2012-10-03 17:44:16 216576 —-a-w- C:\Windows\System32
    csi.dll
    2012-10-03 17:42:16 569344 —-a-w- C:\Windows\System32\iphlpsvc.dll
    2012-10-03 16:42:24 18944 —-a-w- C:\Windows\SysWow64
    etevent.dll
    2012-10-03 16:42:24 175104 —-a-w- C:\Windows\SysWow64
    etcorehc.dll
    2012-10-03 16:42:23 156672 —-a-w- C:\Windows\SysWow64
    csi.dll
    2012-10-03 16:07:26 45568 —-a-w- C:\Windows\System32\drivers\tcpipreg.sys
    2012-09-26 09:44:36 226424 —-a-w- C:\Windows\System32\SBuySupplies.exe
    2012-09-25 22:47:43 78336 —-a-w- C:\Windows\SysWow64\synceng.dll
    2012-09-25 22:46:17 95744 —-a-w- C:\Windows\System32\synceng.dll
    .
    ============= FINISH: 20:05:13,24 ===============


    [b:6ce08a2a43][/b:6ce08a2a43]








































  • DDS had je maar één keer hoeven posten!

    Verwijder dat vieze Bearshare, dat heeft ook een spyware tool in jouw Windows gezet!

    Daarna doe je het volgende:

    download de [b:4feb3e2e8c] naar je bureaublad[list:4feb3e2e8c][*:4feb3e2e8c]Het is aanbevolen om beveiligingssoftware tijdelijk uit te schakelen, deze kan namelijk conflicteren met JRT.exe
    [*:4feb3e2e8c]Windows XP: Start de tool doormiddel van dubbelklik.
    [*:4feb3e2e8c]Windows Vista/7/8: Rechtsklik JRT.exe en kies voor "Uitvoeren als administrator".
    [*:4feb3e2e8c]De tool zal daarna je systeem scannen.
    [*:4feb3e2e8c]De scan kan afhankelijk van je systeemspecificaties soms vrij lang duren, wacht geduldig af.
    [*:4feb3e2e8c]Als de scan voltooid is zal een logje (JRT.txt) op je bureaublad opgeslagen worden en automatisch openen.
    [*:4feb3e2e8c]Post de inhoud van deze log in je volgende bericht.[/list:u:4feb3e2e8c]
  • Beste Abraham,

    Excuus, zoals uitgelegd meende ik er goed aan te doen het DDS log tweemaal te posten.
    Bearshare (met dank aan mijn zoon…) had ik al verwijderd in een eerder stadium, ik kan het via Programma's verwijderen ook niet vinden. Blijkbaar zijn er nog delen aanwezig…

    Dan nu het log van JRT:


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.1.7 (12.16.2012:1)
    OS: Windows 7 Home Premium x64
    Ran by RHO on ma 17-12-2012 at 19:58:20,87
    Blog: http://thisisudax.blogspot.com
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchurl\\Default
    Successfully repaired: [Registry Value] hkey_users\S-1-5-21-792419496-1420738670-1577378654-1001\software\microsoft\internet explorer\searchurl\\Default
    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchurl\\Default



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\browserconnection.loader
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\browserconnection.loader.1
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dnsbho.bho
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dnsbho.bho.1



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Users\RHO\appdata\locallow\datamngr"



    ~~~ FireFox

    Failed to delete: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}"
    Failed to delete: [Folder] C:\Users\RHO\AppData\Roaming\mozilla\firefox\profiles
    loj0936.default\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}
    Successfully deleted the following from C:\Users\RHO\AppData\Roaming\mozilla\firefox\profiles
    loj0936.default\prefs.js

    user_pref("extensions.FastestTube_wombat.CachedHttpRequest.http://dyn.lite.adlesse.com/easylist/easylist.txt", "[Adblock Plus 1.1]
    ! Checksum: qkwyr95ywXi6yirRVUXJkw
    ! EasyL
    user_pref("extensions.FastestTube_wombat.CachedHttpRequest.http://dyn.lite.adlesse.com/easylist/easylist_new.txt", "%5BAdblock%20Plus%201.1%5D%0A%21%20Checksum%3A%20QFr0jJuiSV
    user_pref("extensions.FastestTube_wombat.script_loader.data", "%5B%7B%22type%22%3A%22background%22%2C%22code%22%3A%22var%20trueMD5Object%3D%7Bhexcase%3A0%2Cb64pad%3A%5C%22%5C%
    user_pref("extensions.helperbar.SmartbarDisabled", false);
    user_pref("extensions.helperbar.SmartbarStateMinimaized", false);



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on ma 17-12-2012 at 20:13:47,11
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



  • Goed gedaan - we gaan uitgebreid kijken:

    [b:7441c0691e]Welk programma[/b:7441c0691e]:
  • helaas, OTL loopt vast gedurende de scan. Op het moment dat OTL de Firefox settings controleert, loopt het programma vast en reageert niet meer.
    Alle programmas zijn gesloten.

    gr.
    Rick
  • Heb je dan FF wel of niet open staan?
  • niet open, gechecked met windows taakbeheer, daarin staat alleen OTL vermeld. Nadat ik de laptop opnieuw heb opgestart heb ik nog een derde poging ondernomen (ik miste een aantal pictogrammen in de taakbalk). Ook nu loopt OTL vast bij het checken van de Firefox settings.

    gr.
    Rick
  • Vreemd!

    [b:5825317e7b]Welk programma[/b:5825317e7b]:
  • Helaas, ook combofix lijkt vast te lopen. Is nu ruim 20 minuten bezig en meldt vier delen voltooid te hebben. Cursor in het blauwe veld blijft knipperen. Het enige dat ik heb gedaan is af en toe de muis bewogen omdat de het scherm in spaarstand gaat. Ik typ dit overigens op een tablet.
    Gr. Rick
  • Helaas, ook combofix lijkt vast te lopen. Is nu ruim 20 minuten bezig en meldt vier delen voltooid te hebben. Cursor in het blauwe veld blijft knipperen. Het enige dat ik heb gedaan is af en toe de muis bewogen omdat de het scherm in spaarstand gaat. Ik typ dit overigens op een tablet.
    Gr. Rick
  • Vreemd, DDS is het kleinere zusje van Combofix.

    We proberen wat anders!
    [b:ae8b703c64]Doe de ESET online scan (Klik).[/b:ae8b703c64]
    [list:ae8b703c64]
    [*:ae8b703c64]Klik op de knop [b:ae8b703c64]ESET Online Scanner[/b:ae8b703c64]
    [*:ae8b703c64]Zet een vinkje bij [b:ae8b703c64]YES, I accept the Terms of Use[/b:ae8b703c64]
    [*:ae8b703c64]Klik op [b:ae8b703c64]Start[/b:ae8b703c64]
    [*:ae8b703c64]Sta het ActiveX control toe om te installeren.
    [*:ae8b703c64]Zet een vinkje bij de volgende opties:
    [list:ae8b703c64][*:ae8b703c64][b:ae8b703c64]Remove found threats[/b:ae8b703c64]
    [*:ae8b703c64][b:ae8b703c64]Scan archives[/b:ae8b703c64][/list:u:ae8b703c64]
    [*:ae8b703c64]Klik vervolgens op [b:ae8b703c64]
  • Het log van eset, hij heel wat gevonden…

    gr.
    Rick



    ESETSmartInstaller@High as downloader log:
    all ok
    ESETSmartInstaller@High as downloader log:
    all ok
    # version=8
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6844
    # api_version=3.0.2
    # EOSSerial=b46ab050d2358d42838dedc47fa42110
    # end=finished
    # remove_checked=true
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2012-12-19 03:20:29
    # local_time=2012-12-19 04:20:29 (+0100, West-Europa (standaardtijd))
    # country="Netherlands"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=1034 16777213 100 78 48000 43021213 0 0
    # compatibility_mode=5893 16776573 100 94 26471 107517079 0 0
    # scanned=195833
    # found=15
    # cleaned=15
    # scan_time=23426
    C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\BrowserConnection.dll Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 8D1998ECB8813A214E9E6B593A8B428D47189035 C
    C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\datamngr.dll Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) BB9945B0689753F9FF4EE70950A606BAC9AA9576 C
    C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) AFEF68E4B374F438A5DFADCF748FB6975C974537 C
    C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\DnsBHO.dll Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) EB2BF273CD0BC67D5A57067494E6D23B078504B3 C
    C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\IEBHO.dll Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) EF6BCB5F7420B7E95EC66939E3AF37EB5C282B7E C
    C:\Users\RHO\AppData\Local\Temp\Av-test.txt Eicar test file (cleaned by deleting - quarantined) C02423884B82F50565A8AA2BE8F974E821760F18 C
    C:\Users\RHO\AppData\Local\Temp\blabbers-ff-le.xpi Win32/BrowserCompanion.G application (deleted - quarantined) 4853FD446FF9A0DE114BAD8A247365CD45A7B3F6 C
    C:\Users\RHO\AppData\Local\Temp\coupish-babylon.exe multiple threats (cleaned by deleting - quarantined) 2F86FEC4E983EB8CA3C2DB771CD5EEC99ED01BE3 C
    C:\Users\RHO\AppData\Local\Temp\07179CF9-BAB0-7891-AF67-719413880DC9\Latest\MyBabylonTB.exe Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 40969E053E001937C71D74EA719F78BF9A5FEF2A C
    C:\Users\RHO\AppData\Local\Temp\170118CE-BAB0-7891-9564-9736340E4706\Latest\MyBabylonTB.exe Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 40969E053E001937C71D74EA719F78BF9A5FEF2A C
    C:\Users\RHO\AppData\Local\Temp
    sd49A1.tmp\OCSetupHlp.dll Win32/OpenCandy application (cleaned by deleting - quarantined) 9A80E0C2DDA638EBBF4A87D62A8A418C5786D27B C
    C:\Users\RHO\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\21195cc4-13350da7 Java/Exploit.CVE-2012-0507.BN trojan (deleted - quarantined) B64F916EC0E3F3D3B9B0800894362880006EB641 C
    C:\Users\RHO\Downloads\flstudio_10.0.9c(1).exe Win32/OpenCandy application (cleaned by deleting - quarantined) 4DF1C13941156BF8B0A3F2F81C99D124B3DB848C C
    C:\Users\RHO\Downloads\flstudio_10.0.9c.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 4DF1C13941156BF8B0A3F2F81C99D124B3DB848C C
    C:\Users\RHO\Downloads\installer_traktor_dj_studio.exe multiple threats (cleaned by deleting - quarantined) 168CA7BCF9E37885A501E244F477FD7343280826 C
  • Download nu een verse versie van [b:c7f33451a3]Junkware Removal Tool by Thisisu[/b:c7f33451a3] en laat dat tool jouw Windows nogmaals scannen.
  • En hier weer het log van JRT.

    gr.
    Rick

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.1.8 (12.17.2012:1)
    OS: Windows 7 Home Premium x64
    Ran by RHO on wo 19-12-2012 at 13:40:13,21
    Blog: http://thisisudax.blogspot.com
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ FireFox

    Failed to delete: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}"
    Successfully deleted the following from C:\Users\RHO\AppData\Roaming\mozilla\firefox\profiles
    loj0936.default\prefs.js

    user_pref("extensions.FastestTube_wombat.CachedHttpRequest.http://dyn.lite.adlesse.com/easylist/easylist.txt", "[Adblock Plus 1.1]
    ! Checksum: qkwyr95ywXi6yirRVUXJkw
    ! EasyL
    user_pref("extensions.FastestTube_wombat.CachedHttpRequest.http://dyn.lite.adlesse.com/easylist/easylist_new.txt", "%5BAdblock%20Plus%201.1%5D%0A%21%20Checksum%3A%20QFr0jJuiSV
    user_pref("extensions.FastestTube_wombat.script_loader.data", "%5B%7B%22type%22%3A%22background%22%2C%22code%22%3A%22var%20trueMD5Object%3D%7Bhexcase%3A0%2Cb64pad%3A%5C%22%5C%



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on wo 19-12-2012 at 13:53:55,15
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


  • Laat mij weten hoe het nu gaat.
  • Hoi Abraham,

    Ik verwacht dat ik van de AQUB af ben, deze kwam niet structureel naar voren bij het opstarten van een browser maar wel steeds vaker, vooralsnog heb ik hem niet gezien.

    AVG wil nog niet helemaal lekker draaien. Bij het opstarten geeft AVG de melding dat de pc opnieuw opgestart moet worden om het updateproces te voltooien. Herstarten zorgt er niet voor dat het updateproces voltooid wordt, de melding blijft bestaan. In het overzicht van AVG geeft hij ook de melding bij het Firewall icoontje dat de pc opnieuw moet worden opgestart.

    Groet
    Rick
  • Windows firewall staat aan zie ik nu, mogelijk dat AVG hiermee conflicteert?
  • Wat JRT niet kan verwijderen in Firefox is de [b:b07c455990]jZip.Toolbar[/b:b07c455990]

    Start Firefox en open dan de Add-ons en klik op Extincties.

    Staat die toolbar daar vermeld, kies dan voor verwijderen ervan.
    Herstart Firefox en controleer dan of die toolbar er niet meer staat.

    Let wel: het betreft een "kwaaddoende" toolbar.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.