Vraag & Antwoord

Beveiliging & privacy

AQUB weg ermee aub

45 antwoorden
  • Hallo Rick, [img:288c120209]http://www.smartestcomputing.us.com/public/style_emoticons/default/smiley_says_hello.gif[/img:288c120209]van harte welkom op dit geweldige forum. [color=#FF0000:288c120209][b:288c120209]Stap •1•[/b:288c120209][/color:288c120209] [b:288c120209]Welk programma[/b:288c120209]: [color=#008000:288c120209][b:288c120209]AdwCleaner[/b:288c120209][/color:288c120209] [b:288c120209]Waarvoor/waarom[/b:288c120209]: Scanner om Windows op te schonen en te ontdoen van malafide toolbars. [b:288c120209]Moeilijkheidsgraad[/b:288c120209]: Geen. [b:288c120209]Downloadlokatie[/b:288c120209]: Dit programma absoluut naar het bureaublad downloaden dan wel daar naar toe verplaatsen! [b:288c120209]Download[/b:288c120209]: [url=http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/2-adwcleaner]AdwCleaner by Xplode[/url]. [b:288c120209]Opmerkingen[/b:288c120209]: [list:288c120209][*:288c120209][color=#FF0000:288c120209][b:288c120209] Alle openstaande programma's en webpagina's dienen afgesloten te zijn[/b:288c120209][/color:288c120209]. [*:288c120209]Dat na opstarten van [color=#008000:288c120209][b:288c120209]AdwCleaner[/b:288c120209][/color:288c120209] de snelkoppelingen verdwijnen van bureaublad, is normaal.[/list:u:288c120209] [b:288c120209][color=#008000:288c120209]AdwCleaner[/color:288c120209] opstarten[/b:288c120209]: [list:288c120209][*:288c120209][b:288c120209][color=#0000FF:288c120209]Windows 2000[/color:288c120209][/b:288c120209] en [color=#0000FF:288c120209][b:288c120209]Windows XP[/b:288c120209][/color:288c120209]: dubbelklik op adwcleaner.exe. [*:288c120209][color=#0000FF:288c120209][b:288c120209]Windows Vista[/b:288c120209][/color:288c120209], [color=#0000FF:288c120209][b:288c120209]Windows 7[/b:288c120209][/color:288c120209] en [color=#0000FF:288c120209][b:288c120209]Windows 8[/b:288c120209][/color:288c120209]: via rechtsklik op adwcleaner.exe en kies voor "Als Administrator uitvoeren".[/list:u:288c120209] [b:288c120209][color=#008000:288c120209]AdwCleaner[/color:288c120209] is opgestart[/b:288c120209]: [list:288c120209][*:288c120209]Klik op de knop [color=#0000FF:288c120209][b:288c120209]Verwijderen[/b:288c120209][/color:288c120209] [*:288c120209]Klik bij [color=#0000FF:288c120209][b:288c120209]AdwCleaner – Afsluiting van de programma's[/b:288c120209][/color:288c120209] op [b:288c120209]OK[/b:288c120209] [*:288c120209]Klik bij [color=#0000FF:288c120209][b:288c120209]AdwCleaner – Herstarten noodzakelijk[/b:288c120209][/color:288c120209] op [b:288c120209]OK[/b:288c120209][/list:u:288c120209] [b:288c120209][color=#008000:288c120209]AdwCleaner[/color:288c120209] logbestand[/b:288c120209]: [list:288c120209][*:288c120209]Nadat de PC opnieuw is opgestart, opent een logfile. [*:288c120209]Post vervolgens de inhoud van dit log in je volgende bericht.[/list:u:288c120209] [color=#FF0000:288c120209][b:288c120209]Stap •2•[/b:288c120209][/color:288c120209] [b:288c120209]Welk programma[/b:288c120209]: [color=#008000:288c120209][b:288c120209]sUbs dds[/b:288c120209][/color:288c120209] [b:288c120209]Waarvoor/waarom[/b:288c120209]: DDS is een diagnosetool en maakt gebruik van scripts. [b:288c120209]Moeilijkheidsgraad[/b:288c120209]: Lees eerst goed wat te doen. [b:288c120209]Downloadlokatie[/b:288c120209]: Dit programma absoluut naar het bureaublad downloaden of anders eerst daar naar toe verplaatsen! [b:288c120209]Download DDS[/b:288c120209] van [b:288c120209]sUBS[/b:288c120209] van één van deze locaties en plaats het op je [b:288c120209]bureaublad[/b:288c120209]: [b:288c120209][url=http://download.bleepingcomputer.com/sUBs/dds.com]DDS - Bleeping Computer download[/url]. [url=http://download.bleepingcomputer.com/sUBs/dds.scr]DDS - Bleeping Computer download[/url]. [url=http://www.infospyware.net/sUBs/dds]DDS - Infospyware[/url].[/b:288c120209] [img:288c120209]http://img.photobucket.com/albums/v666/sUBs/dds_scr.gif[/img:288c120209] [b:288c120209]sUBs dds. gebruiken[/b:288c120209]: [list:288c120209][*:288c120209][b:288c120209][color=#0000FF:288c120209]Sluit vervolgens eerst alle nog openstaande programmavensters![/color:288c120209][/b:288c120209] [*:288c120209] [b:288c120209][color=#008000:288c120209]Antivirusprogramma en actieve malwarescanners dienen gedeaktiveerd zijn![/color:288c120209][/b:288c120209] [list:288c120209][*:288c120209][url=http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32608][b:288c120209][color=#0000FF:288c120209]Hier[/color:288c120209][/b:288c120209][/url] of [url=http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32607][color=#0000FF:288c120209][b:288c120209]hier[/b:288c120209][/color:288c120209][/url] kan je lezen hoe je dat doet.[/list:u:288c120209] [list:288c120209][*:288c120209][b:288c120209][color=#0000FF:288c120209]Windows 2000[/color:288c120209][/b:288c120209] en [color=#0000FF:288c120209][b:288c120209]Windows XP[/b:288c120209][/color:288c120209]: start sUBs dds. middels dubbelklik op de snelkoppeling. [*:288c120209][color=#0000FF:288c120209][b:288c120209]Windows Vista[/b:288c120209][/color:288c120209], [color=#0000FF:288c120209][b:288c120209]Windows 7[/b:288c120209][/color:288c120209] en [color=#0000FF:288c120209][b:288c120209]Windows 8[/b:288c120209][/color:288c120209]: start sUBs dds. rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.[/list:u:288c120209][/list:u:288c120209] [b:288c120209]Na de scan[/b:288c120209] [list:288c120209][*:288c120209] [b:288c120209][color=#FF0000:288c120209]Heraktiveer nu de actieve beveiligingssoftware[/color:288c120209][/b:288c120209] [*:288c120209]Er worden twee tekstdocumnenten geopend - DDS.txt en Attach.txt - let even op het volgende! [*:288c120209]Kopieer en plak de gehele inhoud van de [b:288c120209]DDS-logfile[/b:288c120209] in jouw volgende bericht. [*:288c120209]De inhoud van [b:288c120209]Attach.txt[/b:288c120209] post je wanneer ik daarom vraag.[/list:u:288c120209]
  • Beste Abraham, Allereerst bij voorbaat hartelijke dank voor het meekijken. Ik begrijp uit andere postings dat er recent steeds vaker een beroep op je expertise gedaan wordt. Dan mijn aqub probleem: Ik het de runs tweemaal uitgevoerd, hieronder de logs van de tweede run. Vooraf nog een opmerking, ik kreeg ADWcleaner in eerste instantie niet gedownload wegens onvoldoende rechten voor de map Downloads (nog nooit eerder deze foutmelding). Ook kreeg ik een melding van mijn AVG dat ADW een trojan zou zijn. De reden voor de tweede run is dat ik het eerste logbestand van ADW niet had opgeslagen, in ieder geval niet kon terug vinden. Ik hoop dat dat de procedure niet nadelig heeft beïnvloed. Hier volgen de logs van ADW (alleen tweede run) en DDS (eerste en tweede run) : # AdwCleaner v2.100 - Verslag gemaakt op 16/12/2012 om 19:56:59 # Geactualiseerd op 09/12/2012 door Xplode # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits) # Gebruiker : RHO - RHO-EDGE # Opstarten Modus : Normale modus # Gelanceerd vanaf : C:\Users\RHO\Desktop\adwcleaner.exe # Optie [Verwijderen] a ***** [Diensten] ***** ***** [Files / Mappen] ***** Map Verwijdert : C:\Users\RHO\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej Map Verwijdert : C:\Users\RHO\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb Verwijdert bij het opstarten : C:\Program Files (x86)\Common Files\AVG Secure Search ***** [Register] ***** ***** [Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Het register bevat geen enkele ongeoorloofde invoer. -\\ Mozilla Firefox v14.0.1 (nl) Profielnaam : default File : C:\Users\RHO\AppData\Roaming\Mozilla\Firefox\Profiles\nloj0936.default\prefs.js [OK] De file bevat geen enkele ongeoorloofde invoer. -\\ Google Chrome v23.0.1271.97 File : C:\Users\RHO\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] De file bevat geen enkele ongeoorloofde invoer. -\\ Opera v12.11.1661.0 File : C:\Users\RHO\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] De file bevat geen enkele ongeoorloofde invoer. ************************* AdwCleaner[S1].txt - [35546 octets] - [16/12/2012 18:06:06] AdwCleaner[S2].txt - [1493 octets] - [16/12/2012 19:56:59] ########## EOF - C:\AdwCleaner[S2].txt - [1553 octets] ########## EERSTE RUN DDS DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_31 Run by RHO at 20:03:50 on 2012-12-16 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3893.2230 [GMT 1:00] . AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\ibmpmsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AVG\AVG2012\avgfws.exe C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WUDFHost.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\TpShocks.exe C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Users\RHO\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files (x86)\Winamp\winampa.exe C:\Windows\system32\rundll32.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe C:\Windows\system32\igfxext.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskhost.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe C:\Windows\system32\sppsvc.exe C:\Program Files (x86)\Lenovo\System Update\SUService.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com uSearch Page = hxxp://www.google.com uDefault_Page_URL = hxxp://lenovo.msn.com uSearchAssistant = hxxp://www.google.com mWinlogon: Userinit = userinit.exe BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: GretechBHO Class: {F0181C6E-9218-4792-9F3C-E8DF52B2F1AC} - C:\Program Files (x86)\GRETECH\GomPicker\GomPickerBHO.dll uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [Spotify] "C:\Users\RHO\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart uRun: [Spotify Web Helper] "C:\Users\RHO\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime StartupFolder: C:\Users\RHO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Faceb662.url StartupFolder: C:\Users\RHO\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: NameServer = 192.168.1.254 195.241.77.55 195.241.77.58 TCP: Interfaces\{18C7308F-1FC5-4B56-8136-08B668366B1E} : DHCPNameServer = 192.168.1.254 195.241.77.55 195.241.77.58 TCP: Interfaces\{18C7308F-1FC5-4B56-8136-08B668366B1E}\8445340205F627471626C6560284F6473707F647 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{18C7308F-1FC5-4B56-8136-08B668366B1E}\E4F46514 : DHCPNameServer = 192.168.0.1 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs= SSODL: WebCheck - <orphaned> LSA: Notification Packages = scecli ACGina x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [TpShocks] TpShocks.exe x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe x64-Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\RHO\AppData\Roaming\Mozilla\Firefox\Profiles\nloj0936.default\ FF - prefs.js: browser.startup.homepage - www.google.nl FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll FF - ExtSQL: 2012-10-16 21:41; en-GB@dictionaries.addons.mozilla.org; C:\Users\RHO\AppData\Roaming\Mozilla\Firefox\Profiles\nloj0936.default\extensions\en-GB@dictionaries.addons.mozilla.org FF - ExtSQL: !HIDDEN! 2012-05-02 19:22; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\FirefoxExtension . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944] R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2011-3-29 23664] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-7-26 291680] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352] R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-18 30568] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-12-4 279616] R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2011-9-22 15472] R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-6-13 2321560] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2011-9-4 41320] R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2011-12-9 101736] R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-9-4 65896] R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2011-12-9 133992] R2 MSSQL$RADIONOMY536765;SQL Server (RADIONOMY536765);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408] R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2010-10-19 5250048] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.sys [2012-2-15 11576] R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-1-23 92592] R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2011-12-9 145256] R2 TPHKSVC;Weergave op scherm;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2011-12-9 142696] R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-9-4 2320920] R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-9 711112] R3 5U877;USB Video Device;C:\Windows\System32\drivers\5U877.sys [2011-9-4 161664] R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2011-12-23 124496] R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776] R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-9-4 56344] R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-9-4 158976] R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-1-7 317440] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-9-4 246376] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192Ce.sys [2011-2-23 1142376] R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] S1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2011-5-23 48992] S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2011-9-4 54824] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-9-4 35104] S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2011-12-14 16776] S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2011-12-14 9096] S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2011-9-4 1662528] S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2011-9-22 165440] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736] S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-24 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184] . =============== Created Last 30 ================ . 2012-12-13 06:33:06 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-12-13 06:33:05 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-12-13 06:33:02 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-12-13 06:33:02 304640 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll 2012-12-13 06:33:02 182816 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll 2012-12-13 06:33:02 149552 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll 2012-12-13 06:33:01 194048 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll 2012-12-12 13:05:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-12-12 13:04:52 478208 ----a-w- C:\Windows\System32\dpnet.dll 2012-12-12 13:04:51 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll 2012-12-03 19:58:58 -------- d-----w- C:\Program Files\iPod 2012-12-03 19:58:56 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-12-03 19:58:56 -------- d-----w- C:\Program Files\iTunes 2012-12-03 19:58:56 -------- d-----w- C:\Program Files (x86)\iTunes 2012-12-01 23:14:55 -------- d-----w- C:\ProgramData\VirtualizedApplications 2012-11-28 05:46:26 -------- d-----w- C:\Users\RHO\AppData\Local\ElevatedDiagnostics 2012-11-25 07:04:53 -------- d-----w- C:\Users\RHO\AppData\Roaming\Image-Line 2012-11-24 17:13:36 -------- d-----w- C:\Users\RHO\AppData\Roaming\Samsung 2012-11-24 17:13:32 -------- d-----w- C:\Program Files (x86)\Common Files\Common Desktop Agent 2012-11-24 17:13:31 -------- d-----w- C:\Program Files\Common Files\Common Desktop Agent 2012-11-24 17:06:36 1554336 ------w- C:\Windows\TotalUninstaller.exe 2012-11-24 17:06:03 1724416 ------w- C:\Windows\gdiplus.dll 2012-11-24 17:06:03 -------- d-----w- C:\Program Files (x86)\Samsung 2012-11-24 16:18:47 -------- d-----w- C:\ProgramData\Samsung 2012-11-24 16:18:47 -------- d-----w- C:\Program Files (x86)\SamsungPrinterLiveUpdateInstaller 2012-11-24 16:18:47 -------- d-----w- C:\Program Files (x86)\SamsungPrinterLiveUpdate 2012-11-24 16:18:37 37376 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\sst6cpc.dll 2012-11-18 14:10:45 -------- d-----w- C:\Users\RHO\AppData\Roaming\.minecraft 2012-11-18 06:13:00 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys 2012-11-18 06:13:00 2560 ----a-w- C:\Windows\System32\drivers\nl-NL\wdf01000.sys.mui 2012-11-18 06:12:59 9728 ----a-w- C:\Windows\System32\Wdfres.dll 2012-11-18 06:12:59 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys 2012-11-18 05:55:01 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys 2012-11-18 05:55:01 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys 2012-11-18 05:54:57 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll 2012-11-18 05:54:56 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll 2012-11-18 05:54:55 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll 2012-11-18 05:54:54 744448 ----a-w- C:\Windows\System32\WUDFx.dll 2012-11-18 05:54:54 229888 ----a-w- C:\Windows\System32\WUDFHost.exe . ==================== Find3M ==================== . 2012-12-12 13:29:44 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-12 13:29:44 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-11-10 12:50:26 0 ----a-w- C:\Windows\SysWow64\shoF3F8.tmp 2012-11-09 07:39:27 30568 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys 2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-11-05 21:35:16 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-11-05 20:41:32 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-11-05 20:32:16 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-11-05 20:32:09 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-10-25 02:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2012-10-25 02:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts 2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll 2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll 2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll 2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll 2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll 2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll 2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll 2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll 2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll 2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll 2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll 2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll 2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys 2012-09-26 09:44:36 226424 ----a-w- C:\Windows\System32\SBuySupplies.exe 2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll 2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll . ============= FINISH: 20:05:13,24 =============== TWEEDE RUN DDS DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_31 Run by RHO at 20:03:50 on 2012-12-16 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3893.2230 [GMT 1:00] . AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\ibmpmsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AVG\AVG2012\avgfws.exe C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WUDFHost.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\TpShocks.exe C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Users\RHO\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files (x86)\Winamp\winampa.exe C:\Windows\system32\rundll32.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe C:\Windows\system32\igfxext.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskhost.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe C:\Windows\system32\sppsvc.exe C:\Program Files (x86)\Lenovo\System Update\SUService.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com uSearch Page = hxxp://www.google.com uDefault_Page_URL = hxxp://lenovo.msn.com uSearchAssistant = hxxp://www.google.com mWinlogon: Userinit = userinit.exe BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: GretechBHO Class: {F0181C6E-9218-4792-9F3C-E8DF52B2F1AC} - C:\Program Files (x86)\GRETECH\GomPicker\GomPickerBHO.dll uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [Spotify] "C:\Users\RHO\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart uRun: [Spotify Web Helper] "C:\Users\RHO\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime StartupFolder: C:\Users\RHO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Faceb662.url StartupFolder: C:\Users\RHO\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: NameServer = 192.168.1.254 195.241.77.55 195.241.77.58 TCP: Interfaces\{18C7308F-1FC5-4B56-8136-08B668366B1E} : DHCPNameServer = 192.168.1.254 195.241.77.55 195.241.77.58 TCP: Interfaces\{18C7308F-1FC5-4B56-8136-08B668366B1E}\8445340205F627471626C6560284F6473707F647 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{18C7308F-1FC5-4B56-8136-08B668366B1E}\E4F46514 : DHCPNameServer = 192.168.0.1 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs= SSODL: WebCheck - <orphaned> LSA: Notification Packages = scecli ACGina x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [TpShocks] TpShocks.exe x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe x64-Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\RHO\AppData\Roaming\Mozilla\Firefox\Profiles\nloj0936.default\ FF - prefs.js: browser.startup.homepage - www.google.nl FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll FF - ExtSQL: 2012-10-16 21:41; en-GB@dictionaries.addons.mozilla.org; C:\Users\RHO\AppData\Roaming\Mozilla\Firefox\Profiles\nloj0936.default\extensions\en-GB@dictionaries.addons.mozilla.org FF - ExtSQL: !HIDDEN! 2012-05-02 19:22; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\FirefoxExtension . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944] R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2011-3-29 23664] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-7-26 291680] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352] R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-18 30568] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-12-4 279616] R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2011-9-22 15472] R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-6-13 2321560] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2011-9-4 41320] R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2011-12-9 101736] R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-9-4 65896] R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2011-12-9 133992] R2 MSSQL$RADIONOMY536765;SQL Server (RADIONOMY536765);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408] R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2010-10-19 5250048] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.sys [2012-2-15 11576] R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-1-23 92592] R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2011-12-9 145256] R2 TPHKSVC;Weergave op scherm;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2011-12-9 142696] R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-9-4 2320920] R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-9 711112] R3 5U877;USB Video Device;C:\Windows\System32\drivers\5U877.sys [2011-9-4 161664] R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2011-12-23 124496] R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776] R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-9-4 56344] R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-9-4 158976] R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-1-7 317440] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-9-4 246376] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192Ce.sys [2011-2-23 1142376] R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] S1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2011-5-23 48992] S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2011-9-4 54824] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-9-4 35104] S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2011-12-14 16776] S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2011-12-14 9096] S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2011-9-4 1662528] S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2011-9-22 165440] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736] S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-24 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184] . =============== Created Last 30 ================ . 2012-12-13 06:33:06 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-12-13 06:33:05 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-12-13 06:33:02 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-12-13 06:33:02 304640 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll 2012-12-13 06:33:02 182816 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll 2012-12-13 06:33:02 149552 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll 2012-12-13 06:33:01 194048 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll 2012-12-12 13:05:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-12-12 13:04:52 478208 ----a-w- C:\Windows\System32\dpnet.dll 2012-12-12 13:04:51 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll 2012-12-03 19:58:58 -------- d-----w- C:\Program Files\iPod 2012-12-03 19:58:56 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-12-03 19:58:56 -------- d-----w- C:\Program Files\iTunes 2012-12-03 19:58:56 -------- d-----w- C:\Program Files (x86)\iTunes 2012-12-01 23:14:55 -------- d-----w- C:\ProgramData\VirtualizedApplications 2012-11-28 05:46:26 -------- d-----w- C:\Users\RHO\AppData\Local\ElevatedDiagnostics 2012-11-25 07:04:53 -------- d-----w- C:\Users\RHO\AppData\Roaming\Image-Line 2012-11-24 17:13:36 -------- d-----w- C:\Users\RHO\AppData\Roaming\Samsung 2012-11-24 17:13:32 -------- d-----w- C:\Program Files (x86)\Common Files\Common Desktop Agent 2012-11-24 17:13:31 -------- d-----w- C:\Program Files\Common Files\Common Desktop Agent 2012-11-24 17:06:36 1554336 ------w- C:\Windows\TotalUninstaller.exe 2012-11-24 17:06:03 1724416 ------w- C:\Windows\gdiplus.dll 2012-11-24 17:06:03 -------- d-----w- C:\Program Files (x86)\Samsung 2012-11-24 16:18:47 -------- d-----w- C:\ProgramData\Samsung 2012-11-24 16:18:47 -------- d-----w- C:\Program Files (x86)\SamsungPrinterLiveUpdateInstaller 2012-11-24 16:18:47 -------- d-----w- C:\Program Files (x86)\SamsungPrinterLiveUpdate 2012-11-24 16:18:37 37376 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\sst6cpc.dll 2012-11-18 14:10:45 -------- d-----w- C:\Users\RHO\AppData\Roaming\.minecraft 2012-11-18 06:13:00 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys 2012-11-18 06:13:00 2560 ----a-w- C:\Windows\System32\drivers\nl-NL\wdf01000.sys.mui 2012-11-18 06:12:59 9728 ----a-w- C:\Windows\System32\Wdfres.dll 2012-11-18 06:12:59 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys 2012-11-18 05:55:01 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys 2012-11-18 05:55:01 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys 2012-11-18 05:54:57 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll 2012-11-18 05:54:56 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll 2012-11-18 05:54:55 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll 2012-11-18 05:54:54 744448 ----a-w- C:\Windows\System32\WUDFx.dll 2012-11-18 05:54:54 229888 ----a-w- C:\Windows\System32\WUDFHost.exe . ==================== Find3M ==================== . 2012-12-12 13:29:44 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-12 13:29:44 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-11-10 12:50:26 0 ----a-w- C:\Windows\SysWow64\shoF3F8.tmp 2012-11-09 07:39:27 30568 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys 2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-11-05 21:35:16 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-11-05 20:41:32 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-11-05 20:32:16 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-11-05 20:32:09 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-10-25 02:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2012-10-25 02:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts 2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll 2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll 2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll 2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll 2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll 2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll 2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll 2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll 2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll 2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll 2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll 2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll 2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys 2012-09-26 09:44:36 226424 ----a-w- C:\Windows\System32\SBuySupplies.exe 2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll 2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll . ============= FINISH: 20:05:13,24 =============== [b:6ce08a2a43][/b:6ce08a2a43]
  • DDS had je maar één keer hoeven posten! Verwijder dat vieze Bearshare, dat heeft ook een spyware tool in jouw Windows gezet! Daarna doe je het volgende: download de [url=http://thisisudax.org/downloads/JRT.exe][b:4feb3e2e8c][color=blue:4feb3e2e8c]Junkware Removal Tool by Thisisu[/color:4feb3e2e8c][/b:4feb3e2e8c][/url] naar je bureaublad[list:4feb3e2e8c][*:4feb3e2e8c]Het is aanbevolen om beveiligingssoftware tijdelijk uit te schakelen, deze kan namelijk conflicteren met JRT.exe [*:4feb3e2e8c]Windows XP: Start de tool doormiddel van dubbelklik. [*:4feb3e2e8c]Windows Vista/7/8: Rechtsklik JRT.exe en kies voor "Uitvoeren als administrator". [*:4feb3e2e8c]De tool zal daarna je systeem scannen. [*:4feb3e2e8c]De scan kan afhankelijk van je systeemspecificaties soms vrij lang duren, wacht geduldig af. [*:4feb3e2e8c]Als de scan voltooid is zal een logje (JRT.txt) op je bureaublad opgeslagen worden en automatisch openen. [*:4feb3e2e8c]Post de inhoud van deze log in je volgende bericht.[/list:u:4feb3e2e8c]
  • Beste Abraham, Excuus, zoals uitgelegd meende ik er goed aan te doen het DDS log tweemaal te posten. Bearshare (met dank aan mijn zoon...) had ik al verwijderd in een eerder stadium, ik kan het via Programma's verwijderen ook niet vinden. Blijkbaar zijn er nog delen aanwezig... Dan nu het log van JRT: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.1.7 (12.16.2012:1) OS: Windows 7 Home Premium x64 Ran by RHO on ma 17-12-2012 at 19:58:20,87 Blog: http://thisisudax.blogspot.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchurl\\Default Successfully repaired: [Registry Value] hkey_users\S-1-5-21-792419496-1420738670-1577378654-1001\software\microsoft\internet explorer\searchurl\\Default Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchurl\\Default ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_local_machine\software\classes\browserconnection.loader Successfully deleted: [Registry Key] hkey_local_machine\software\classes\browserconnection.loader.1 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dnsbho.bho Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dnsbho.bho.1 ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\RHO\appdata\locallow\datamngr" ~~~ FireFox Failed to delete: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}" Failed to delete: [Folder] C:\Users\RHO\AppData\Roaming\mozilla\firefox\profiles\nloj0936.default\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433} Successfully deleted the following from C:\Users\RHO\AppData\Roaming\mozilla\firefox\profiles\nloj0936.default\prefs.js user_pref("extensions.FastestTube_wombat.CachedHttpRequest.http://dyn.lite.adlesse.com/easylist/easylist.txt", "[Adblock Plus 1.1]\n! Checksum: qkwyr95ywXi6yirRVUXJkw\n! EasyL user_pref("extensions.FastestTube_wombat.CachedHttpRequest.http://dyn.lite.adlesse.com/easylist/easylist_new.txt", "%5BAdblock%20Plus%201.1%5D%0A%21%20Checksum%3A%20QFr0jJuiSV user_pref("extensions.FastestTube_wombat.script_loader.data", "%5B%7B%22type%22%3A%22background%22%2C%22code%22%3A%22var%20trueMD5Object%3D%7Bhexcase%3A0%2Cb64pad%3A%5C%22%5C% user_pref("extensions.helperbar.SmartbarDisabled", false); user_pref("extensions.helperbar.SmartbarStateMinimaized", false); ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on ma 17-12-2012 at 20:13:47,11 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • Goed gedaan - we gaan uitgebreid kijken: [b:7441c0691e]Welk programma[/b:7441c0691e]: [color=#008000:7441c0691e][b:7441c0691e]OTL.exe[/b:7441c0691e][/color:7441c0691e] [b:7441c0691e]Waarvoor/waarom[/b:7441c0691e]: multifunktioneel tool - analyse en fix [b:7441c0691e]Moeilijkheidsgraad[/b:7441c0691e]: geen. [b:7441c0691e]Download[/b:7441c0691e]: [url=http://oldtimer.geekstogo.com/OTL.exe][b:7441c0691e][color=red:7441c0691e]OTL.exe[/color:7441c0691e][/b:7441c0691e][/url] en plaats het bestand op het bureaublad. [b:7441c0691e]Sluit voordat [color=#008000:7441c0691e]OTL.exe[/color:7441c0691e] gaat scannen, eerst alle andere openstaande vensters![/b:7441c0691e] [b:7441c0691e][color=#008000:7441c0691e]OTL.exe[/color:7441c0691e] gebruiken[/b:7441c0691e]: [list:7441c0691e][*:7441c0691e] [b:7441c0691e][color=#0000FF:7441c0691e]Sluit nu eerst alle nog openstaande programmavensters![/color:7441c0691e][/b:7441c0691e] [list:7441c0691e][*:7441c0691e][b:7441c0691e][color=#0000FF:7441c0691e]Windows 2000[/color:7441c0691e][/b:7441c0691e] en [color=#0000FF:7441c0691e][b:7441c0691e]Windows XP[/b:7441c0691e][/color:7441c0691e]: dubbelklik op [color=#008000:7441c0691e][b:7441c0691e]OTL.exe[/b:7441c0691e][/color:7441c0691e]. [*:7441c0691e][color=#0000FF:7441c0691e][b:7441c0691e]Windows Vista[/b:7441c0691e][/color:7441c0691e], [color=#0000FF:7441c0691e][b:7441c0691e]Windows 7[/b:7441c0691e][/color:7441c0691e] en [color=#0000FF:7441c0691e][b:7441c0691e]Windows 8[/b:7441c0691e][/color:7441c0691e]: via rechtsklik op [color=#008000:7441c0691e][b:7441c0691e]OTL.exe[/b:7441c0691e][/color:7441c0691e] en kies voor "Als Administrator uitvoeren".[/list:u:7441c0691e][/list:u:7441c0691e] [list:7441c0691e][*:7441c0691e]Zet een vinkje bij [color=#0000FF:7441c0691e][b:7441c0691e]Scan All Users[/b:7441c0691e][/color:7441c0691e], [color=#0000FF:7441c0691e][b:7441c0691e]LOP Check[/b:7441c0691e][/color:7441c0691e] en bij [color=#0000FF:7441c0691e][b:7441c0691e]PURITY Check[/b:7441c0691e][/color:7441c0691e]. [*:7441c0691e]Kopieer en plak ondervermelde (vetgedrukte, blauwe tekst) in het kader onder [img:7441c0691e]http://www.imgdumper.nl/uploads5/4f9111a6d2e57/4f9111a6d2a6c-OTL-2.png[/img:7441c0691e] [b:7441c0691e][color=#0000FF:7441c0691e]netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start themeui.dll beep.sys userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT[/color:7441c0691e][/b:7441c0691e] [*:7441c0691e]Klik vervolgens op de knop [img:7441c0691e]http://www.imgdumper.nl/uploads6/50cd93c69c626/50cd93c69be5b-OTL_-_Run_Scan_knop.jpg[/img:7441c0691e]. [*:7441c0691e]Verander verder geen andere instellingen in OTL, alleen tenzij ik hiervoor specifiek instructies geef. [*:7441c0691e]De scan zal niet heel erg lang duren. [list:7441c0691e][*:7441c0691e]Er zullen twee Kladblok-vensters geopend worden wanneer de scan klaar is: [b:7441c0691e]OTL.Txt[/b:7441c0691e] en [b:7441c0691e]Extras.txt[/b:7441c0691e]. [*:7441c0691e]Kopieer vervolgens de inhoud van zowel OTL.txt alsmede Extras.txt en plak die gegevens in je volgende bericht.[/list:u:7441c0691e] [*:7441c0691e][color=#008000:7441c0691e][b:7441c0691e]Notabene:[/b:7441c0691e][/color:7441c0691e] indien het log niet in één bericht past, spreidt het dan over twee of meer berichten.[/list:u:7441c0691e]
  • helaas, OTL loopt vast gedurende de scan. Op het moment dat OTL de Firefox settings controleert, loopt het programma vast en reageert niet meer. Alle programmas zijn gesloten. gr. Rick
  • Heb je dan FF wel of niet open staan?
  • niet open, gechecked met windows taakbeheer, daarin staat alleen OTL vermeld. Nadat ik de laptop opnieuw heb opgestart heb ik nog een derde poging ondernomen (ik miste een aantal pictogrammen in de taakbalk). Ook nu loopt OTL vast bij het checken van de Firefox settings. gr. Rick
  • Vreemd! [b:5825317e7b]Welk programma[/b:5825317e7b]: [color=#008000:5825317e7b][b:5825317e7b]ComboFix[/b:5825317e7b][/color:5825317e7b] [b:5825317e7b]Waarvoor/waarom[/b:5825317e7b]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en op te schonen. [b:5825317e7b]Moeilijkheidsgraad[/b:5825317e7b]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed. [b:5825317e7b]Downloadlokatie[/b:5825317e7b]: Dit programma absoluut naar het bureaublad downloaden! [b:5825317e7b]Download ComboFix via één van deze locaties[/b:5825317e7b]: [list:5825317e7b][*:5825317e7b][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:5825317e7b]Bleepingcomputer[/b:5825317e7b][/url] [*:5825317e7b][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:5825317e7b]ForoSpyware[/b:5825317e7b][/url] [*:5825317e7b][url=http://subs.geekstogo.com/ComboFix.exe][b:5825317e7b]Geekstogo[/b:5825317e7b][/url][/list:u:5825317e7b] [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:5825317e7b][color=#0000FF:5825317e7b]Hier[/color:5825317e7b][/b:5825317e7b][/url] zie je hoe je ComboFix moet gebruiken. Antivirusprogramma en actieve malwarescanners dienen al voor je ComboFix start gedeaktiveert zijn! [url=http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32608][b:5825317e7b][color=#0000FF:5825317e7b]Hier[/color:5825317e7b][/b:5825317e7b][/url] en [url=http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32607][b:5825317e7b][color=#0000FF:5825317e7b]hier[/color:5825317e7b][/b:5825317e7b][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [b:5825317e7b]Opmerkingen[/b:5825317e7b]: [list:5825317e7b][*:5825317e7b] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist). [*:5825317e7b]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:5825317e7b] [b:5825317e7b]ComboFix opstarten[/b:5825317e7b]: [list:5825317e7b][*:5825317e7b][b:5825317e7b][color=#0000FF:5825317e7b]Windows 2000[/color:5825317e7b][/b:5825317e7b] en [color=#0000FF:5825317e7b][b:5825317e7b]Windows XP[/b:5825317e7b][/color:5825317e7b]: dubbelklik op ComboFix.exe. [*:5825317e7b][color=#0000FF:5825317e7b][b:5825317e7b]Windows Vista[/b:5825317e7b][/color:5825317e7b] en [color=#0000FF:5825317e7b][b:5825317e7b]Windows 7[/b:5825317e7b][/color:5825317e7b]: via rechtsklik op ComboFix.exe en kies voor "Als Administrator uitvoeren".[/list:u:5825317e7b] [b:5825317e7b]ComboFix is opgestart[/b:5825317e7b]: [list:5825317e7b][*:5825317e7b]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:5825317e7b]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen! [*:5825317e7b]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:5825317e7b]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken. [*:5825317e7b]Post de inhoud van dit logbestand in je volgende bericht. [*:5825317e7b]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:5825317e7b] [b:5825317e7b]Belangrijke opmerking[/b:5825317e7b]: [list:5825317e7b][*:5825317e7b][b:5825317e7b][color=#0000FF:5825317e7b]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:5825317e7b][/b:5825317e7b] [*:5825317e7b][b:5825317e7b][color=#FF0000:5825317e7b]Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.[/color:5825317e7b][/b:5825317e7b] [*:5825317e7b][b:5825317e7b][color=#008000:5825317e7b]Start dan de computer opnieuw op.[/color:5825317e7b][/b:5825317e7b][/list:u:5825317e7b]
  • Helaas, ook combofix lijkt vast te lopen. Is nu ruim 20 minuten bezig en meldt vier delen voltooid te hebben. Cursor in het blauwe veld blijft knipperen. Het enige dat ik heb gedaan is af en toe de muis bewogen omdat de het scherm in spaarstand gaat. Ik typ dit overigens op een tablet. Gr. Rick
  • Helaas, ook combofix lijkt vast te lopen. Is nu ruim 20 minuten bezig en meldt vier delen voltooid te hebben. Cursor in het blauwe veld blijft knipperen. Het enige dat ik heb gedaan is af en toe de muis bewogen omdat de het scherm in spaarstand gaat. Ik typ dit overigens op een tablet. Gr. Rick
  • Vreemd, DDS is het kleinere zusje van Combofix. We proberen wat anders! [b:ae8b703c64][url=http://www.eset.com/home/products/online-scanner/]Doe de ESET online scan (Klik).[/url][/b:ae8b703c64] [list:ae8b703c64] [*:ae8b703c64]Klik op de knop [b:ae8b703c64]ESET Online Scanner[/b:ae8b703c64] [*:ae8b703c64]Zet een vinkje bij [b:ae8b703c64]YES, I accept the Terms of Use[/b:ae8b703c64] [*:ae8b703c64]Klik op [b:ae8b703c64]Start[/b:ae8b703c64] [*:ae8b703c64]Sta het ActiveX control toe om te installeren. [*:ae8b703c64]Zet een vinkje bij de volgende opties: [list:ae8b703c64][*:ae8b703c64][b:ae8b703c64]Remove found threats[/b:ae8b703c64] [*:ae8b703c64][b:ae8b703c64]Scan archives[/b:ae8b703c64][/list:u:ae8b703c64] [*:ae8b703c64]Klik vervolgens op [b:ae8b703c64][color=#0000FF:ae8b703c64]"Advanced Settings"[/color:ae8b703c64][/b:ae8b703c64] [list:ae8b703c64][*:ae8b703c64][b:ae8b703c64]Scan for potentially unwanted applications[/b:ae8b703c64] [*:ae8b703c64][b:ae8b703c64]Scan for potentially unsafe applications[/b:ae8b703c64] [*:ae8b703c64][b:ae8b703c64]Enable Anti-Stealth technology [/b:ae8b703c64][/list:u:ae8b703c64] [*:ae8b703c64]Klik op [b:ae8b703c64]Start[/b:ae8b703c64] [*:ae8b703c64]De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld. [*:ae8b703c64]is de scan klaar, daarna mag jij het venster sluiten omdat de scan klaar is. [*:ae8b703c64]Ga vervolgens naar C:\Program Files\ESET\ESET Online Scanner en klik daar op log.txt [*:ae8b703c64]Selekteer, kopieer en plak dan de inhoud van dit log in je volgende bericht.[/list:u:ae8b703c64] [color=#0000FF:ae8b703c64][b:ae8b703c64]N.B.: deaktiveer tijdelijk je eigen antivirus tijdens de scan, dan is de onlinescan sneller![/b:ae8b703c64][/color:ae8b703c64]
  • Het log van eset, hij heel wat gevonden... gr. Rick ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6844 # api_version=3.0.2 # EOSSerial=b46ab050d2358d42838dedc47fa42110 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-12-19 03:20:29 # local_time=2012-12-19 04:20:29 (+0100, West-Europa (standaardtijd)) # country="Netherlands" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1034 16777213 100 78 48000 43021213 0 0 # compatibility_mode=5893 16776573 100 94 26471 107517079 0 0 # scanned=195833 # found=15 # cleaned=15 # scan_time=23426 C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\BrowserConnection.dll Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 8D1998ECB8813A214E9E6B593A8B428D47189035 C C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\datamngr.dll Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) BB9945B0689753F9FF4EE70950A606BAC9AA9576 C C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) AFEF68E4B374F438A5DFADCF748FB6975C974537 C C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\DnsBHO.dll Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) EB2BF273CD0BC67D5A57067494E6D23B078504B3 C C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\IEBHO.dll Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) EF6BCB5F7420B7E95EC66939E3AF37EB5C282B7E C C:\Users\RHO\AppData\Local\Temp\Av-test.txt Eicar test file (cleaned by deleting - quarantined) C02423884B82F50565A8AA2BE8F974E821760F18 C C:\Users\RHO\AppData\Local\Temp\blabbers-ff-le.xpi Win32/BrowserCompanion.G application (deleted - quarantined) 4853FD446FF9A0DE114BAD8A247365CD45A7B3F6 C C:\Users\RHO\AppData\Local\Temp\coupish-babylon.exe multiple threats (cleaned by deleting - quarantined) 2F86FEC4E983EB8CA3C2DB771CD5EEC99ED01BE3 C C:\Users\RHO\AppData\Local\Temp\07179CF9-BAB0-7891-AF67-719413880DC9\Latest\MyBabylonTB.exe Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 40969E053E001937C71D74EA719F78BF9A5FEF2A C C:\Users\RHO\AppData\Local\Temp\170118CE-BAB0-7891-9564-9736340E4706\Latest\MyBabylonTB.exe Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 40969E053E001937C71D74EA719F78BF9A5FEF2A C C:\Users\RHO\AppData\Local\Temp\nsd49A1.tmp\OCSetupHlp.dll Win32/OpenCandy application (cleaned by deleting - quarantined) 9A80E0C2DDA638EBBF4A87D62A8A418C5786D27B C C:\Users\RHO\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\21195cc4-13350da7 Java/Exploit.CVE-2012-0507.BN trojan (deleted - quarantined) B64F916EC0E3F3D3B9B0800894362880006EB641 C C:\Users\RHO\Downloads\flstudio_10.0.9c(1).exe Win32/OpenCandy application (cleaned by deleting - quarantined) 4DF1C13941156BF8B0A3F2F81C99D124B3DB848C C C:\Users\RHO\Downloads\flstudio_10.0.9c.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 4DF1C13941156BF8B0A3F2F81C99D124B3DB848C C C:\Users\RHO\Downloads\installer_traktor_dj_studio.exe multiple threats (cleaned by deleting - quarantined) 168CA7BCF9E37885A501E244F477FD7343280826 C
  • Download nu een verse versie van [b:c7f33451a3]Junkware Removal Tool by Thisisu[/b:c7f33451a3] en laat dat tool jouw Windows nogmaals scannen.
  • En hier weer het log van JRT. gr. Rick ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.1.8 (12.17.2012:1) OS: Windows 7 Home Premium x64 Ran by RHO on wo 19-12-2012 at 13:40:13,21 Blog: http://thisisudax.blogspot.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Failed to delete: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}" Successfully deleted the following from C:\Users\RHO\AppData\Roaming\mozilla\firefox\profiles\nloj0936.default\prefs.js user_pref("extensions.FastestTube_wombat.CachedHttpRequest.http://dyn.lite.adlesse.com/easylist/easylist.txt", "[Adblock Plus 1.1]\n! Checksum: qkwyr95ywXi6yirRVUXJkw\n! EasyL user_pref("extensions.FastestTube_wombat.CachedHttpRequest.http://dyn.lite.adlesse.com/easylist/easylist_new.txt", "%5BAdblock%20Plus%201.1%5D%0A%21%20Checksum%3A%20QFr0jJuiSV user_pref("extensions.FastestTube_wombat.script_loader.data", "%5B%7B%22type%22%3A%22background%22%2C%22code%22%3A%22var%20trueMD5Object%3D%7Bhexcase%3A0%2Cb64pad%3A%5C%22%5C% ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on wo 19-12-2012 at 13:53:55,15 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • Laat mij weten hoe het nu gaat.
  • Hoi Abraham, Ik verwacht dat ik van de AQUB af ben, deze kwam niet structureel naar voren bij het opstarten van een browser maar wel steeds vaker, vooralsnog heb ik hem niet gezien. AVG wil nog niet helemaal lekker draaien. Bij het opstarten geeft AVG de melding dat de pc opnieuw opgestart moet worden om het updateproces te voltooien. Herstarten zorgt er niet voor dat het updateproces voltooid wordt, de melding blijft bestaan. In het overzicht van AVG geeft hij ook de melding bij het Firewall icoontje dat de pc opnieuw moet worden opgestart. Groet Rick
  • Windows firewall staat aan zie ik nu, mogelijk dat AVG hiermee conflicteert?
  • Wat JRT niet kan verwijderen in Firefox is de [b:b07c455990]jZip.Toolbar[/b:b07c455990] Start Firefox en open dan de Add-ons en klik op Extincties. Staat die toolbar daar vermeld, kies dan voor verwijderen ervan. Herstart Firefox en controleer dan of die toolbar er niet meer staat. Let wel: het betreft een "kwaaddoende" toolbar.
  • l.s. sinds enige tijd geplaagd door de AQUB zoekpagina in Firefox. Ook lukt het me niet om mijn AVG Firewall aan te zetten (ik moet de pc herstarten maar dit biedt geen soelaas), kortom ik vermoed dat er iets drastisch mis is. Graag wil ik mijn pc onderzoeken met de verschillende tools die ik hier voorbij zie komen. Wil er iemand met mij meekijken? bij voorbaat dank, gr. Rick

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.