Mededeling

Collapse
No announcement yet.

Survey 2013 laten verwijderen

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Survey 2013 laten verwijderen

    Beste

    Ik weet dat hierover al een onderwerp is gestart, maar in het andere onderwerp staat een werkwijze die enkel te volgen valt voor dat type pc, dus leek het me goed om hierover een nieuw onderwerp te starten waar mijn pc in voorkomt.

    Ik heb dus ook last van die Survey 2013. Ik heb reeds ccleaner gedraait, malwarebytes maar kan die Survey 2013 niet vinden.

    Kunt u me vertellen hoe deze malware op mijn laptop komt? Kunt u me ook telkens vertellen hoe jullie stap voor stap aan deze werkwijze komen, zodat jullie deze malware van mijn pc krijgen? Ik zou dit namelijk graag weten, want ik volg nu een opleiding als pc-technieker en alle informatie die ik krijg zou heel nuttig zijn voor mij

    Hoe jullie bv de logjes lezen, hoe jullie bij jullie denkwijze de juiste programma's gebruiken, hoe jullie de verschillende opties elimineren, ...


    Mvg,

    Bart Demeulenaere

  • #2
    Hallo,

    Ik stel voor dat je deze instructies volgt en de logjes hier post: http://www.nucia.eu/forum/threads/12...ericht-plaatst!

    Comment


    • #3
      Hoe jullie bv de logjes lezen, hoe jullie bij jullie denkwijze de juiste programma's gebruiken, hoe jullie de verschillende opties elimineren, ...
      Eerst analyseren en dan de juiste tools inzetten om de problemen op te lossen.
      Wordt het daarmee niet opgelost dan worden zelf scripts gemaakt.

      Comment


      • #4
        logje van defogger_disable:
        defogger_disable by jpshortstuff (23.02.10.1)
        Log created at 22:13 on 16/09/2013 (Bart)

        Checking for autostart values...
        HKCU\~\Run values retrieved.
        HKLM\~\Run values retrieved.

        Checking for services/drivers...


        -=E.O.F=-

        Malwarebyte logbestandje:

        Malwarebytes Anti-Malware 1.75.0.1300
        www.malwarebytes.org

        Databaseversie: v2013.09.16.08

        Windows 7 Service Pack 1 x64 NTFS
        Internet Explorer 10.0.9200.16686
        Bart :: BART-PC [administrator]

        16/09/2013 22:15:59
        mbam-log-2013-09-16 (22-15-59).txt

        Scan type: Snelle scan
        Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
        Uitgeschakelde scan opties: P2P
        Objecten gescand: 235029
        Verstreken tijd: 5 minuut/minuten, 34 seconde(n)

        Geheugenprocessen gedetecteerd: 0
        (Geen kwaadaardige objecten gedetecteerd)

        Geheugenmodulen gedetecteerd: 0
        (Geen kwaadaardige objecten gedetecteerd)

        Registersleutels gedetecteerd: 0
        (Geen kwaadaardige objecten gedetecteerd)

        Registerwaarden gedetecteerd: 0
        (Geen kwaadaardige objecten gedetecteerd)

        Registerdata gedetecteerd: 0
        (Geen kwaadaardige objecten gedetecteerd)

        Mappen gedetecteerd: 0
        (Geen kwaadaardige objecten gedetecteerd)

        Bestanden gedetecteerd: 0
        (Geen kwaadaardige objecten gedetecteerd)

        (einde)


        DDS.txt log-bestandje:

        DDS (Ver_2012-11-20.01) - NTFS_AMD64
        Internet Explorer: 10.0.9200.16686
        Run by Bart at 22:23:31 on 2013-09-16
        Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.8087.5652 [GMT 2:00]
        .
        SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
        .
        ============== Running Processes ===============
        .
        C:\Windows\system32\lsm.exe
        C:\Windows\system32\svchost.exe -k DcomLaunch
        C:\Windows\system32\svchost.exe -k RPCSS
        C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
        C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
        C:\Windows\system32\svchost.exe -k LocalService
        C:\Windows\system32\svchost.exe -k netsvcs
        C:\Windows\system32\svchost.exe -k NetworkService
        C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
        C:\Windows\system32\WLANExt.exe
        C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
        C:\Windows\System32\spoolsv.exe
        C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
        C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
        C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
        C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
        C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
        C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
        C:\Windows\system32\svchost.exe -k bthsvcs
        C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
        C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
        C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
        C:\Program Files\Intel\WiFi\bin\EvtEng.exe
        C:\Program Files\Intel\iCLS Client\HeciServer.exe
        C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
        C:\Users\Bart\Desktop\Geïnfecteerd\Malwarebytes' Anti-Malware\mbamscheduler.exe
        C:\Users\Bart\Desktop\Geïnfecteerd\Malwarebytes' Anti-Malware\mbamservice.exe
        C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
        c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
        C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
        C:\Program Files\CyberLink\Shared files\RichVideo64.exe
        C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
        C:\Windows\system32\svchost.exe -k imgsvc
        C:\Windows\SysWOW64\vmnat.exe
        C:\Windows\System32\svchost.exe -k secsvcs
        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
        C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
        C:\Windows\system32\taskhost.exe
        C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
        C:\Users\Bart\Desktop\Geïnfecteerd\Malwarebytes' Anti-Malware\mbamgui.exe
        C:\Windows\system32\EscSvc64.exe
        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
        C:\Program Files\vmware-authd.exe
        C:\Program Files (x86)\PHotkey\PHotkey.exe
        C:\Program Files (x86)\PHotkey\GPMTray.exe
        C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
        C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
        C:\Windows\SysWOW64\vmnetdhcp.exe
        C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
        C:\Windows\system32\Dwm.exe
        C:\Windows\Explorer.EXE
        C:\Windows\system32\wbem\unsecapp.exe
        C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
        C:\Windows\system32\wbem\wmiprvse.exe
        C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        C:\Windows\System32\WUDFHost.exe
        C:\Windows\system32\wbem\WmiApSrv.exe
        C:\Windows\System32\rundll32.exe
        C:\Program Files (x86)\PHotkey\ATouch64.exe
        C:\Program Files (x86)\PHotkey\PVDesktop.exe
        C:\Program Files (x86)\PHotkey\PVDAgent.exe
        C:\Program Files (x86)\PHotkey\POSD.exe
        C:\Windows\System32\hkcmd.exe
        C:\Windows\System32\igfxpers.exe
        C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
        C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
        C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        C:\Program Files (x86)\PHotkey\HCSynApi.exe
        C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
        C:\Windows\system32\msiexec.exe
        C:\Windows\system32\SearchIndexer.exe
        C:\Windows\system32\taskeng.exe
        C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
        C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
        C:\Windows\System32\rundll32.exe
        C:\Program Files\Windows Media Player\wmpnetwk.exe
        C:\Windows\WindowsMobile\wmdc.exe
        C:\Windows\system32\svchost.exe -k WindowsMobile
        C:\Windows\Pixart\Pac7302\Monitor.exe
        C:\Program Files\Windows Sidebar\sidebar.exe
        C:\Users\Bart\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
        C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
        C:\Windows\System32\svchost.exe -k LocalServicePeerNet
        C:\Users\Bart\AppData\Roaming\Dropbox\bin\Dropbox.exe
        C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
        C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
        C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
        C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
        C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
        C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
        C:\Program Files (x86)\Olympus\ib\olycamdetect.exe
        C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
        C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
        C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
        C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
        C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
        C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_174_ActiveX.exe
        C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        C:\Windows\System32\MsSpellCheckingFacility.exe
        C:\Windows\notepad.exe
        C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        C:\Windows\system32\SearchProtocolHost.exe
        C:\Windows\system32\SearchFilterHost.exe
        C:\Users\Bart\Desktop\Geïnfecteerd\dds.com
        C:\Windows\system32\wbem\wmiprvse.exe
        C:\Windows\System32\cscript.exe
        .
        ============== Pseudo HJT Report ===============
        .
        uStart Page = hxxp://www.google.be/
        BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
        BHO: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
        BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll
        BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
        BHO: Aanmeldhulp voor Microsoft-account: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
        BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
        BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
        TB: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
        EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
        EB: E-Web Print: {A60C1DC7-64B3-4AD9-8E67-035D11B8B2B0} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
        uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
        uRun: [Spotify Web Helper] "C:\Users\Bart\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
        uRun: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
        mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
        mRun: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
        mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
        mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
        mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
        mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
        mRun: [Olympus ib] "C:\Program Files (x86)\Olympus\ib\olycamdetect.exe" /Startup
        mRun: [MDS_Menu] "C:\Program Files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Olympus\ib" UpdateWithCreateOnce "Software\OLYMPUS\ib\1.0"
        StartupFolder: C:\Users\Bart\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Bart\AppData\Roaming\Dropbox\bin\Dropbox.exe
        uPolicies-Explorer: NoDrives = dword:0
        mPolicies-Explorer: NoDrives = dword:0
        mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
        mPolicies-System: ConsentPromptBehaviorUser = dword:3
        mPolicies-System: EnableUIADesktopToggle = dword:0
        IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
        IE: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-72747-17534-1/4
        IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
        IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
        IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
        IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
        IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
        IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
        LSP: %windir%\system32\vsocklib.dll
        Trusted Zone: belfius.be
        Trusted Zone: dexia.be
        DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
        DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} - hxxps://ccff02.minfin.fgov.be/CCFF_Authentication/views/login/signature/capicom.cab
        DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
        DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
        TCP: NameServer = 195.130.130.5 195.130.131.5
        TCP: Interfaces\{4B46B66F-8E2A-45C3-A55C-3444AF55136F} : DHCPNameServer = 192.168.0.1
        TCP: Interfaces\{CB2F0A73-FF8E-4567-A25A-EA56F828F1F8} : DHCPNameServer = 195.130.130.5 195.130.131.5
        TCP: Interfaces\{CB2F0A73-FF8E-4567-A25A-EA56F828F1F8}\14E64627F696461405 : DHCPNameServer = 192.168.43.1
        Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
        Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
        Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
        Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
        SSODL: WebCheck - <orphaned>
        SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
        mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
        x64-BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll
        x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
        x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
        x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
        x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
        x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
        x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
        x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
        x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
        x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
        x64-Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
        x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
        x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
        x64-Run: [PAC7302_Monitor] C:\Windows\Pixart\PAC7302\Monitor.exe
        x64-IE: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-72747-17534-1/4
        x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
        x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
        x64-DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
        x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
        x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
        x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
        x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
        x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
        x64-Notify: igfxcui - igfxdev.dll
        x64-SSODL: WebCheck - <orphaned>
        .
        ============= SERVICES / DRIVERS ===============
        .
        R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-4-11 16152]
        R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2013-9-14 73296]
        R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
        R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-1-9 659968]
        R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-2-22 1014096]
        R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-2-22 1104208]
        R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-1-18 135952]
        R2 CyberLink PowerDVD 10 MS Monitor Service;CyberLink PowerDVD 10 MS Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [2011-4-14 70952]
        R2 CyberLink PowerDVD 10 MS Service;CyberLink PowerDVD 10 MS Service;C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [2011-4-14 312616]
        R2 EpsonCustomerResearchParticipation;EpsonCustomerResearchParticipation;C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [2013-6-19 653888]
        R2 EpsonScanSvc;Epson Scanner Service;C:\Windows\System32\escsvc64.exe [2013-5-8 135824]
        R2 GFNEXSrv;GFNEX Service;C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [2012-4-11 156672]
        R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-4-11 13592]
        R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
        R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-4-11 162648]
        R2 MBAMScheduler;MBAMScheduler;C:\Users\Bart\Desktop\Geïnfecteerd\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-2 418376]
        R2 MBAMService;MBAMService;C:\Users\Bart\Desktop\Geïnfecteerd\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-31 701512]
        R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-9-28 25824]
        R2 PEGAGFN;PEGAGFN;C:\Program Files (x86)\PHotkey\PEGAGFN.sys [2012-4-11 14344]
        R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2012-4-11 386344]
        R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]
        R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-4-11 362840]
        R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2013-8-26 904248]
        R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-3-29 2669840]
        R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2012-1-9 195584]
        R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2012-4-11 31216]
        R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-4-11 331264]
        R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-4-11 356120]
        R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-4-11 788760]
        R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2012-2-29 25496]
        R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-31 25928]
        R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2012-4-11 250984]
        R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-4-11 565352]
        S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
        S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
        S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
        S3 ACSSCR;ACR38 Smart Card Reader;C:\Windows\System32\drivers\a38usb.sys [2012-10-3 45056]
        S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2012-1-9 195584]
        S3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2012-2-22 1304912]
        S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-11-30 94720]
        S3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-11-30 747008]
        S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2012-9-30 14448]
        S3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2012-2-14 60928]
        S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2012-2-29 34232]
        S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-3-29 273168]
        S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192su.sys [2011-7-18 694888]
        S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-5-28 155824]
        S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
        S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
        S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-5-28 1255736]
        S3 wsvd;wsvd;C:\Windows\System32\drivers\wsvd.sys [2010-9-23 129008]
        .
        =============== Created Last 30 ================
        .
        2013-09-16 06:11:55 388096 ----a-r- C:\Users\Bart\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
        2013-09-16 06:11:55 -------- d-----w- C:\Program Files (x86)\Trend Micro
        2013-09-14 10:30:33 -------- d-----w- C:\Users\Bart\AppData\Local\VMware
        2013-09-14 10:30:11 73296 ----a-w- C:\Windows\System32\drivers\vsock.sys
        2013-09-14 10:30:11 67664 ----a-w- C:\Windows\System32\vsocklib.dll
        2013-09-14 10:30:11 63568 ----a-w- C:\Windows\SysWow64\vsocklib.dll
        2013-09-14 10:30:09 64080 ----a-w- C:\Windows\System32\drivers\vmx86.sys
        2013-09-14 10:30:09 32848 ----a-w- C:\Windows\System32\drivers\VMkbd.sys
        2013-09-13 15:32:56 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2BF8A134-E1EF-414B-B47F-B7EA4B177E05}\mpengine.dll
        2013-09-12 16:11:33 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
        2013-09-07 13:16:55 -------- d-----w- C:\Users\Bart\AppData\Local\Microsoft Games
        2013-08-27 10:43:10 338000 ----a-w- C:\Program Files\vnetstats.exe
        2013-08-27 10:43:08 776272 ----a-w- C:\Program Files\vnetlib.dll
        2013-08-27 10:43:06 71248 ----a-w- C:\Program Files\sigc-2.0.dll
        2013-08-27 10:43:02 83536 ----a-w- C:\Program Files\vmware-shell-ext-thunker.exe
        2013-08-27 10:43:00 113744 ----a-w- C:\Program Files\vmeventmsg.dll
        2013-08-27 10:41:58 37309 ----a-w- C:\Program Files\vm-support.vbs
        2013-08-27 10:41:58 34896 ----a-w- C:\Program Files\vmUpdateLauncher.exe
        2013-08-27 10:41:58 32848 ----a-w- C:\Program Files\vmkbd.sys
        2013-08-27 10:41:58 140880 ----a-w- C:\Program Files\libcds.dll
        2013-08-27 10:10:30 432264 ----a-w- C:\Program Files\amqp.dll
        2013-08-27 10:10:30 220752 ----a-w- C:\Program Files\vmcf.dll
        2013-08-27 09:50:10 86096 ----a-w- C:\Program Files\vmware-authd.exe
        2013-08-27 09:50:10 11344 ----a-w- C:\Program Files\vmauthd.dll
        2013-08-27 09:48:58 18512 ----a-w- C:\Program Files\vprintproxy.exe
        2013-08-27 09:48:54 808272 ----a-w- C:\Program Files\TPClnt.dll
        2013-08-27 09:48:54 182096 ----a-w- C:\Program Files\TPClnRDP.dll
        2013-08-27 09:48:54 177488 ----a-w- C:\Program Files\TPViewdeu.dll
        2013-08-27 09:48:54 169296 ----a-w- C:\Program Files\TPViewjpn.dll
        2013-08-27 09:48:54 1230160 ----a-w- C:\Program Files\TPView.dll
        2013-08-27 09:48:54 116048 ----a-w- C:\Program Files\TPClnVM.dll
        2013-08-27 09:48:54 116048 ----a-w- C:\Program Files\TPClntdeu.dll
        2013-08-27 09:48:54 111952 ----a-w- C:\Program Files\TPClntloc.dll
        2013-08-27 09:48:54 107856 ----a-w- C:\Program Files\TPClntjpn.dll
        2013-08-27 09:42:44 559696 ----a-w- C:\Program Files\vmPerfmon.dll
        2013-08-27 08:59:24 222800 ----a-w- C:\Program Files\ssleay32.dll
        2013-08-27 08:59:24 1027664 ----a-w- C:\Program Files\libeay32.dll
        .
        ==================== Find3M ====================
        .
        2013-09-13 17:57:08 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
        2013-09-13 17:57:08 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
        2013-08-26 21:33:30 53816 ----a-w- C:\Windows\System32\drivers\hcmon.sys
        2013-08-15 16:25:12 85584 ----a-w- C:\Windows\System32\drivers\vmci.sys
        2013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll
        2013-08-10 05:20:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll
        2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll
        2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll
        2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
        2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
        2013-08-10 03:58:06 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
        2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
        2013-08-10 03:17:38 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
        2013-08-10 03:07:50 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
        2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
        2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
        2013-08-08 01:20:43 3155456 ----a-w- C:\Windows\System32\win32k.sys
        2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
        2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll
        2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
        2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll
        2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
        2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
        2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
        2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
        2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
        2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
        2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
        2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
        2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
        2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
        2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
        2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
        2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
        2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
        2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
        2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
        2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
        2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
        2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
        2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
        2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
        2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
        2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
        2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
        2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
        2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
        2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
        2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
        2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
        2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
        2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
        2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
        2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
        2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
        .
        ============= FINISH: 22:23:54,22 ===============


        gmer logje:

        GMER 2.1.19163 - http://www.gmer.net
        Rootkit scan 2013-09-16 22:45:28
        Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0011 465,76GB
        Running: v33ijl2u.exe; Driver: C:\Users\Bart\AppData\Local\Temp\pwldqpow.sys


        ---- User code sections - GMER 2.1 ----

        .text C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077661465 2 bytes [66, 77]
        .text C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000776614bb 2 bytes [66, 77]
        .text ... * 2
        .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077661465 2 bytes [66, 77]
        .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000776614bb 2 bytes [66, 77]
        .text ... * 2
        .text C:\Windows\SysWOW64\vmnat.exe[2548] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 26 0000000072ab13c6 2 bytes [AB, 72]
        .text C:\Windows\SysWOW64\vmnat.exe[2548] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 74 0000000072ab13f6 2 bytes [AB, 72]
        .text C:\Windows\SysWOW64\vmnat.exe[2548] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 257 0000000072ab14ad 2 bytes [AB, 72]
        .text C:\Windows\SysWOW64\vmnat.exe[2548] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 303 0000000072ab14db 2 bytes [AB, 72]
        .text ... * 2
        .text C:\Windows\SysWOW64\vmnat.exe[2548] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 79 0000000072ab1577 2 bytes [AB, 72]
        .text C:\Windows\SysWOW64\vmnat.exe[2548] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 175 0000000072ab15d7 2 bytes [AB, 72]
        .text C:\Windows\SysWOW64\vmnat.exe[2548] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 620 0000000072ab1794 2 bytes [AB, 72]
        .text C:\Windows\SysWOW64\vmnat.exe[2548] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 921 0000000072ab18c1 2 bytes [AB, 72]
        .text C:\Program Files\vmware-authd.exe[3376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077661465 2 bytes [66, 77]
        .text C:\Program Files\vmware-authd.exe[3376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000776614bb 2 bytes [66, 77]
        .text ... * 2
        .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5908] C:\Windows\syswow64\USER32.dll!GetMenu + 412 00000000759d51dd 7 bytes JMP 0000000110053ac0
        .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5908] C:\Windows\syswow64\USER32.dll!PeekMessageA + 407 00000000759d610b 7 bytes JMP 0000000110053c10
        .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5908] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW + 131 00000000759dc6c1 7 bytes JMP 0000000110053bf0
        .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5908] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA + 199 0000000075a1fc98 7 bytes JMP 0000000110053c60
        .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5908] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW + 52 0000000075a1fcd1 7 bytes JMP 0000000110053d30
        .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5908] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 31 0000000075a1fcf5 7 bytes JMP 0000000110053ce0
        .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077661465 2 bytes [66, 77]
        .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000776614bb 2 bytes [66, 77]
        .text ... * 2
        .text C:\Users\Bart\AppData\Roaming\Dropbox\bin\Dropbox.exe[5316] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000077661465 2 bytes [66, 77]
        .text C:\Users\Bart\AppData\Roaming\Dropbox\bin\Dropbox.exe[5316] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000776614bb 2 bytes [66, 77]
        .text ... * 2
        .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[5276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077661465 2 bytes [66, 77]
        .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[5276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000776614bb 2 bytes [66, 77]
        .text ... * 2
        .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[1960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077661465 2 bytes [66, 77]
        .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[1960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000776614bb 2 bytes [66, 77]
        .text ... * 2
        .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[6176] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000757e8769 5 bytes JMP 00000001632553fc
        .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[6176] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000077286143 4 bytes JMP 0000000163d1f68e
        .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[6176] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000075bb3e59 5 bytes JMP 00000001632810b7
        .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[6176] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000075bb3eae 5 bytes JMP 000000016328b0be
        .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[6176] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000075bb4731 5 bytes JMP 00000001632bb5dc
        .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[6176] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000075bb5dee 5 bytes JMP 00000001632bc50f
        ? C:\Windows\system32\mssprxy.dll [6176] entry point in ".rdata" section 0000000073d971e6
        .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[6176] C:\Program Files (x86)\Common Files\SYSTEM\MSMAPI\1043\[email protected] + 112 0000000073b81b80 4 bytes [06, CF, 65, 2D]
        .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[6176] C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\OGL.DLL!GdipDeleteGraphics + 571 00000000627f0b54 4 bytes [2F, 46, E5, 2E]
        .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[6176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077661465 2 bytes [66, 77]
        .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[6176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000776614bb 2 bytes [66, 77]
        .text ... * 2
        .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077661465 2 bytes [66, 77]
        .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000776614bb 2 bytes [66, 77]
        .text ... * 2
        .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077661465 2 bytes [66, 77]
        .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000776614bb 2 bytes [66, 77]
        .text ... * 2
        .text C:\Windows\SysWOW64\NOTEPAD.EXE[1036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077661465 2 bytes [66, 77]
        .text C:\Windows\SysWOW64\NOTEPAD.EXE[1036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000776614bb 2 bytes [66, 77]
        .text ... * 2
        ? C:\Windows\system32\mssprxy.dll [1036] entry point in ".rdata" section 0000000073d971e6

        ---- Threads - GMER 2.1 ----

        Thread C:\Windows\System32\svchost.exe [2728:2524] 000007fef7ae9688
        Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5424:3948] 000007fefc002a7c
        Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5424:5144] 000007feeaead618
        Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5424:1880] 000007fef51e5124

        ---- Registry - GMER 2.1 ----

        Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\685d4302afa7
        Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\685d43034057
        Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{CB2F0A73-FF8E-4567-A25A-EA56F828F1F8}@LeaseObtainedTime 1379362541
        Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{CB2F0A73-FF8E-4567-A25A-EA56F828F1F8}@T1 1379364123
        Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{CB2F0A73-FF8E-4567-A25A-EA56F828F1F8}@T2 1379365473
        Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{CB2F0A73-FF8E-4567-A25A-EA56F828F1F8}@LeaseTerminatesTime 1379366141
        Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\685d4302afa7 (not active ControlSet)
        Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\685d43034057 (not active ControlSet)

        ---- Disk sectors - GMER 2.1 ----

        Disk \Device\Harddisk0\DR0 unknown MBR code

        ---- EOF - GMER 2.1 ----

        Hierbij heb ik dus alle logjes gezet

        Comment


        • #5
          Voer een scan uit met ADWCleaner: http://users.telenet.be/marcvn/spyware/adwcleaner.html
          Kies de optie verwijderen.
          Post de log die je krijgt en geef een update van het probleem.

          Comment


          • #6
            # AdwCleaner v3.004 - Report created 17/09/2013 at 22:03:53
            # Updated 15/09/2013 by Xplode
            # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
            # Username : Bart - BART-PC
            # Running from : C:\Users\Bart\Desktop\Geïnfecteerd\adwcleaner.exe
            # Option : Clean

            ***** [ Services ] *****


            ***** [ Files / Folders ] *****

            Folder Deleted : C:\ProgramData\Babylon
            Folder Deleted : C:\ProgramData\Partner
            Folder Deleted : C:\ProgramData\Premium
            Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\wxDfast
            Folder Deleted : C:\Program Files (x86)\TornTV.com
            Folder Deleted : C:\Program Files (x86)\Yontoo
            Folder Deleted : C:\Windows\SysWOW64\WNLT
            Folder Deleted : C:\Program Files\Web Assistant
            Folder Deleted : C:\Windows\System32\ARFC
            Folder Deleted : C:\Users\Bart\AppData\LocalLow\wxDfast
            Folder Deleted : C:\Users\Bart\AppData\Roaming\DriverCure
            Folder Deleted : C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
            Folder Deleted : C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
            Folder Deleted : C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbpkiefagocgkmemidfngdkamloieekf
            File Deleted : C:\Windows\System32\dmwu.exe
            File Deleted : C:\Windows\System32\ImhxxpComm.dll
            File Deleted : C:\Users\Bart\Desktop\TornTV.lnk
            File Deleted : C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\searchplugins\GadgetBox.xml
            File Deleted : C:\Program Files (x86)\Mozilla Firefox\user.js

            ***** [ Shortcuts ] *****


            ***** [ Registry ] *****

            Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
            Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
            Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}]
            Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}]
            Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
            Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
            Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
            Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
            Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
            Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
            Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
            Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
            Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
            Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
            Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
            Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
            Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
            Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
            Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
            Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
            Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
            Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
            Key Deleted : HKCU\Software\596da8ab76fbf41
            Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
            Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
            Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
            Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
            Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
            Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
            Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
            Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
            Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
            Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
            Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
            Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
            Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
            Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
            Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
            Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
            Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
            Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
            Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
            Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
            Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
            Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
            Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
            Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
            Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
            Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
            Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
            Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
            Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
            Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
            Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
            Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
            Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
            Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
            Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
            Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
            Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
            Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
            Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
            Key Deleted : HKCU\Software\APN PIP
            Key Deleted : HKCU\Software\IM
            Key Deleted : HKCU\Software\ImInstaller
            Key Deleted : HKCU\Software\SProtector
            Key Deleted : HKCU\Software\WNLT
            Key Deleted : HKLM\Software\Babylon
            Key Deleted : HKLM\Software\DataMngr
            Key Deleted : HKLM\Software\Iminent
            Key Deleted : HKLM\Software\PIP
            Key Deleted : HKLM\Software\SProtector
            Key Deleted : HKLM\Software\Web Assistant
            Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
            Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
            Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SProtector
            Key Deleted : [x64] HKLM\SOFTWARE\ParetoLogic
            Key Deleted : [x64] HKLM\SOFTWARE\Web Assistant
            Key Deleted : [x64] HKLM\SOFTWARE\WNLT
            Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
            Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
            Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT

            ***** [ Browsers ] *****

            -\\ Internet Explorer v10.0.9200.16686


            -\\ Mozilla Firefox v

            [ File : C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]

            Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.gboxapp.com/");
            Line Deleted : user_pref("browser.search.order.1", "GadgetBox");
            Line Deleted : user_pref("browser.search.defaultenginename", "GadgetBox");
            Line Deleted : user_pref("browser.search.selectedEngine", "GadgetBox");
            Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.gboxapp.com/?q=");
            Line Deleted : user_pref("browser.search.order.1,S", "GadgetBox");
            Line Deleted : user_pref("browser.search.defaultenginename,S", "GadgetBox");
            Line Deleted : user_pref("browser.search.selectedEngine,S", "GadgetBox");
            Line Deleted : user_pref("keyword.URL", "hxxp://search.gboxapp.com/?q=");

            -\\ Google Chrome v29.0.1547.66

            [ File : C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\preferences ]

            Deleted : homepage
            Deleted : urls_to_restore_on_startup
            Deleted : keyword
            Deleted : search_url
            Deleted : suggest_url

            *************************

            AdwCleaner[R0].txt - [10073 octets] - [17/09/2013 21:41:59]
            AdwCleaner[R1].txt - [10134 octets] - [17/09/2013 21:46:48]
            AdwCleaner[S0].txt - [9634 octets] - [17/09/2013 22:03:53]

            ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9694 octets] ##########

            Het probleem lijkt verholpen te zijn.

            Maar als jullie al die logjes analyseren die ik eerst postte, zoals gmer, hoe kunnen jullie dan het juiste programma'tje voorstellen die juist deze malware kan verwijderen? En waarom kan dit programma'tje deze malware verwijderen en niet bv gmer?
            Bij het analyseren van mijn vorige logjes: hoe doen jullie dat, hoe kunnen jullie mij het juiste programma'te (aanbevelen)? Zien jullie daar al bestanden, extensies in staan die malware bevatten?

            thxs

            een pc-technieker in opleiding

            Comment


            • #7
              Mooi dat het opgelost is.


              Voer de instructies uit die hier gegeven worden: De computer is malware-vrij, wat nu te doen?

              Meer info over hoe je een nieuwe infectie kan voorkomen vind je hier.
              Lees ook dit artikel even door: Niets voor niets.

              De status van deze thread zet ik op opgelost.
              Indien er niet meer gereageerd wordt, zal binnen een 3-tal dagen deze thread automatisch verplaatst worden naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk. Dit om het forum netjes en overzichtelijk te houden.
              Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.

              Happy surfing again.

              Hoe we dit doen?
              Analyseren, zoeken naar sporen van malware. Weten waar je op moet letten en de goede van de kwaadaardige dingen leren onderscheiden. Dat leer je door het veel te doen en je erin te verdiepen. Goede kennis van windows is een must.

              Gmer is een rootkitscanner, adwcleaner is een totaal andere tool. (zie de link die ik eerder gaf van adwcleaner.)

              Comment

              Sorry, you are not authorized to view this page
              Working...
              X