Mededeling

Collapse
No announcement yet.

Lucky leap en pup. optional Conduits a

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Lucky leap en pup. optional Conduits a

    Beste mensen,
    1. Eergisteren heb ik een nieuwe virusscanner op mijn pc gezet: BitDefender Internet Security
    Het installeren ging zeer moeizaam.
    2. Na installatie een volledige scan uitgevoerd. Tijdens de scan werden er geen updates uitgevoerd (las ik achteraf). De scan gaf 3 uur aan, terwijl dit veel en veel langer duurde. (het lange scannen ben ik gewend van Emisoft Emergency Kit) Na 90% het scannen uitgezet. Bedtijd.
    3. Gisteren bevroor de pc direct na opstarten. BitDefender opnieuw geinstalleerd (laten herstellen).
    4. Vandaag bevroor de pc weer, telkens na opstarten. CC cleaner er met veel moeite afgehaald (leek conflict).
    5. Vanavond korte scan uitgevoerd. Bit Defender geeft oké aan, maar pc en Mozilla starten zeer, zeer traag op.
    6. Toevallig (!) gekeken naar add-ons. Daar zag ik "Lucky Leap" staan. Deze verwijderd met RevoUninstaller (inclusief register).
    7. Daarna MAM snel laten scannen. Deze vond 114 Pup Optional.Conduits A en Search Protect A.
    Deze ook verwijderd. Reboot. PC start bijna niet meer op en Mozilla en Chrome openen zeer, zeer traag.
    Wat moet ik nu nog doen?
    Graag uw hulp
    P.s. Veel informatie, maar misschien geeft dit meer inzicht. Waarom gaf/geeft BD alles als oké aan?

  • #2
    Hoi Helen de Vink,

    Voor we beginnen , wil ik even vriendelijk op de volgende richtlijnen wijzen:
    .
    • Log enkel in als beheerder met alle rechten.
    • Post je probleem niet in verscheidene fora. het komt je probleem niet ten goede en het is niet netjes tegenover de helpers.
    • Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
    • Volg aandachtig de instructies die door mij worden gegeven.
    • Volg enkel het door mij gegeven advies op
    • Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
    • Als je iets niet weet of verstaat, vraag het dan even aub.
    • Installeer of deinstalleer géén software of hardware terwijl we met je probleem bezig zijn.
    • Ga ondertussen niet wat "anders" proberen, dat maakt het alleen maar moeilijker voor ons
    • Zet je emoticons (Smileys) uit als je logs plaatst aub .
    • De logs niet als bijlage, noch tussen codetags zetten aub.

    .
    Opmerking: Vista of Windows 7 ? >> Alle tools steeds uitvoeren als admin.
    De instructies die worden gegeven, zijn enkel geldig voor jouw PC.

    Stap 1:

    Malware scannen en verwijderen....


    Download MalwareBytes' Anti-Malware naar je bureaublad vanuit één van de volgende links: Dubbelklik op mbam-setup.exe om het programma te installeren.

    Op het einde van de setup procedure, krijg je een scherm waar je op "Voltooien" moet klikken.
    Indien je MBAM niet wenst te evalueren, vink je de eerste optie uit en klik je dan pas op "Voltooien"

    Zorg dat er na de installatie een vinkje is geplaatst bij:
    • Update MalwareBytes' Anti-Malware
    • Start MalwareBytes' Anti-Malware
    • Klik daarna op "Voltooien". Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.



    Zodra het programma gestart is, ga je naar het tabblad "Instellingen".
    • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
    • Ga naar het tabblad "Updates" en Update MBAM.
    • Ga daarna naar het tabblad "Scanner", kies hier voor "VOLLEDIGE Scan".
    • Druk vervolgens op "Scannen" om de scan te starten.
    • Het scannen kan een tijdje duren, dus wees geduldig.
    • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
    • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
      Indien het veel items zijn, kan je in het venster rechtsklikken en "alle items selecteren" kiezen.
    • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

    Indien MBAM vraagt om een herstart, doe dit dan ook.
    Wanneer je de restart hebt gedaan, maak je een nieuwe snelle scan met MBAM.
    In dat geval post je dus de twee logs.

    De log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.


    Bij problemen!!!

    ___________________________________________________________

    Stap 2:

    Controle op slechte toolbars...

    Download AdwCleaner by Xplode naar je Bureaublad.
    • Sluit alle openstaande vensters
    • Start AdwCleaner
    • Klik op Scan
    • Klik op Clean
    • KLIK HIER voor een vergroting! 

    Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
    Je PC word opnieuw opgestart en er een opent logfile (C:\ AdwCleaner[xx].txt post de inhoud hier op het Forum.

    Enkel de log na de "clean" optie heb ik nodig.

    Vergeet niet om je "smileys" uit te schakelen.

    Als je Startpagina ook gehijackt was,stel dan de zoekmachine opnieuw in,deze word standaard door AdwCleaner terug gezet naar Google.com

    ___________________________________________________________

    Stap 3:

    Download DDS.com, DDS.scr of DDS.pif van één van deze locaties en plaats het op je bureaublad:


    DDS is een diagnosetool en maakt gebruik van scripts.
    Is het uitvoeren van scripts uitgeschakeld, dan schakel je dit weer in zodat er geen problemen optreden bij gebruik van DDS.


    Dubbelklik op DDS om de tool te starten. (afhankelijk van de download die je gekozen hebt kan dit het bestand DDS.com, DDS.scr of DDS.pif zijn)
    Wanneer het klaar is openen er twee logfiles: DDS.txt en Attach.txt
    Beide logfiles sla je op je bureaublad.

    Post de inhoud van DDS.txt.

    De inhoud Attach.txt moet je niet posten en Attach.txt moet je niet als bijlage toevoegen aan je post, tenzij ik er om vraag.

    ___________________________________________________________

    Stap 4:

    Controle op updates...

    Download Security Check op je bureaublad via hier of hier

    Start Security Check
    Volg de Instructies in het scherm
    Aan het eind verschijnt een log ( checkup.txt )
    Plaats de inhoud ervan in je volgende antwoord.

    In je volgende posting, had ik graag de volgende logs gezien, gemaakt in de opgestelde volgorde:
    .
    • MBAM
    • AdwCleaner
    • DDS
    • checkup.txt

    .
    Deze logs NIET als bijlage of tussen codetags posten aub.
    (Desnoods in meerdere postingen.)

    Emphyrio
    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

    Comment


    • #3
      Hallo Emphyrio,
      Hier de desbetreffende logs

      1a. MAM:

      Malwarebytes Anti-Malware 1.75.0.1300
      www.malwarebytes.org

      Databaseversie: v2013.10.11.03

      Windows XP Service Pack 3 x86 NTFS
      Internet Explorer 8.0.6001.18702
      Helen de Vink :: HELENA [administrator]

      11-10-2013 9:44:35
      MBAM-log-2013-10-11 (13-09-56).txt

      Scan type: Volledige scan (C:\|D:\|E:\|F:\|)
      Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
      Uitgeschakelde scan opties: P2P
      Objecten gescand: 479549
      Verstreken tijd: 3 uur/uren, 8 seconde(n)

      Geheugenprocessen gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Geheugenmodulen gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Registersleutels gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Registerwaarden gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Registerdata gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Mappen gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Bestanden gedetecteerd: 29
      C:\Program Files\Alcohol Soft\Alcohol 120\AxLaUn.exe (Trojan.ExploitDrop.BV) -> Geen actie ondernomen.
      C:\System Volume Information\_restore{9FB3A0EF-6D9A-498F-AD74-D24E1A84BAC7}\RP60\A0072554.dll (PUP.Optional.Browsefox) -> Geen actie ondernomen.
      C:\System Volume Information\_restore{9FB3A0EF-6D9A-498F-AD74-D24E1A84BAC7}\RP61\A0073545.dll (PUP.Optional.Browsefox) -> Geen actie ondernomen.
      C:\System Volume Information\_restore{9FB3A0EF-6D9A-498F-AD74-D24E1A84BAC7}\RP62\A0074490.dll (PUP.Optional.Browsefox) -> Geen actie ondernomen.
      C:\System Volume Information\_restore{9FB3A0EF-6D9A-498F-AD74-D24E1A84BAC7}\RP62\A0074517.dll (PUP.Optional.Browsefox) -> Geen actie ondernomen.
      C:\System Volume Information\_restore{9FB3A0EF-6D9A-498F-AD74-D24E1A84BAC7}\RP62\A0075489.dll (PUP.Optional.Browsefox) -> Geen actie ondernomen.
      C:\System Volume Information\_restore{9FB3A0EF-6D9A-498F-AD74-D24E1A84BAC7}\RP62\A0077260.dll (PUP.Optional.Browsefox) -> Geen actie ondernomen.
      C:\System Volume Information\_restore{9FB3A0EF-6D9A-498F-AD74-D24E1A84BAC7}\RP63\A0077610.dll (PUP.Optional.Browsefox) -> Geen actie ondernomen.
      C:\System Volume Information\_restore{9FB3A0EF-6D9A-498F-AD74-D24E1A84BAC7}\RP63\A0077677.dll (PUP.Optional.Browsefox) -> Geen actie ondernomen.
      C:\System Volume Information\_restore{9FB3A0EF-6D9A-498F-AD74-D24E1A84BAC7}\RP63\A0079523.dll (PUP.Optional.Browsefox) -> Geen actie ondernomen.
      C:\System Volume Information\_restore{9FB3A0EF-6D9A-498F-AD74-D24E1A84BAC7}\RP64\A0079557.dll (PUP.Optional.Browsefox) -> Geen actie ondernomen.
      C:\System Volume Information\_restore{9FB3A0EF-6D9A-498F-AD74-D24E1A84BAC7}\RP64\A0080501.dll (PUP.Optional.Browsefox) -> Geen actie ondernomen.
      C:\System Volume Information\_restore{9FB3A0EF-6D9A-498F-AD74-D24E1A84BAC7}\RP64\A0080545.dll (PUP.Optional.Browsefox) -> Geen actie ondernomen.
      C:\System Volume Information\_restore{9FB3A0EF-6D9A-498F-AD74-D24E1A84BAC7}\RP66\A0081561.dll (PUP.Optional.Browsefox) -> Geen actie ondernomen.
      C:\System Volume Information\_restore{9FB3A0EF-6D9A-498F-AD74-D24E1A84BAC7}\RP66\A0081597.dll (PUP.Optional.Browsefox) -> Geen actie ondernomen.
      C:\System Volume Information\_restore{9FB3A0EF-6D9A-498F-AD74-D24E1A84BAC7}\RP68\A0081751.dll (PUP.Optional.Browsefox) -> Geen actie ondernomen.
      C:\System Volume Information\_restore{9FB3A0EF-6D9A-498F-AD74-D24E1A84BAC7}\RP68\A0081785.dll (PUP.Optional.Browsefox) -> Geen actie ondernomen.
      C:\System Volume Information\_restore{9FB3A0EF-6D9A-498F-AD74-D24E1A84BAC7}\RP68\A0083597.dll (PUP.Optional.Browsefox) -> Geen actie ondernomen.
      C:\System Volume Information\_restore{9FB3A0EF-6D9A-498F-AD74-D24E1A84BAC7}\RP68\A0084510.dll (PUP.Optional.Browsefox) -> Geen actie ondernomen.
      C:\System Volume Information\_restore{9FB3A0EF-6D9A-498F-AD74-D24E1A84BAC7}\RP69\A0087298.dll (PUP.Optional.Browsefox) -> Geen actie ondernomen.
      C:\System Volume Information\_restore{9FB3A0EF-6D9A-498F-AD74-D24E1A84BAC7}\RP73\A0090541.dll (PUP.Optional.Conduit.A) -> Geen actie ondernomen.
      C:\System Volume Information\_restore{9FB3A0EF-6D9A-498F-AD74-D24E1A84BAC7}\RP73\A0091562.dll (PUP.Optional.Conduit.A) -> Geen actie ondernomen.
      C:\System Volume Information\_restore{9FB3A0EF-6D9A-498F-AD74-D24E1A84BAC7}\RP74\A0095690.dll (PUP.Optional.Conduit.A) -> Geen actie ondernomen.
      C:\System Volume Information\_restore{9FB3A0EF-6D9A-498F-AD74-D24E1A84BAC7}\RP78\A0106656.exe (PUP.Optional.LuckyLeap.A) -> Geen actie ondernomen.
      C:\System Volume Information\_restore{9FB3A0EF-6D9A-498F-AD74-D24E1A84BAC7}\RP78\A0106660.exe (PUP.Optional.LuckyLeap.A) -> Geen actie ondernomen.
      C:\System Volume Information\_restore{9FB3A0EF-6D9A-498F-AD74-D24E1A84BAC7}\RP78\A0106661.dll (PUP.Optional.Browsefox) -> Geen actie ondernomen.
      C:\System Volume Information\_restore{9FB3A0EF-6D9A-498F-AD74-D24E1A84BAC7}\RP78\A0106662.dll (PUP.Optional.LuckyLeap.A) -> Geen actie ondernomen.
      C:\System Volume Information\_restore{9FB3A0EF-6D9A-498F-AD74-D24E1A84BAC7}\RP78\A0106664.exe (PUP.Optional.LuckyLeap.A) -> Geen actie ondernomen.
      D:\Gedownloade programma's\CD Brander\cdbxp_setup_4.5.2.4214.exe (PUP.Optional.OpenCandy) -> Geen actie ondernomen.

      (einde)

      1b. MAM snelle scan:

      Malwarebytes Anti-Malware 1.75.0.1300
      www.malwarebytes.org

      Databaseversie: v2013.10.11.03

      Windows XP Service Pack 3 x86 NTFS
      Internet Explorer 8.0.6001.18702
      Helen de Vink :: HELENA [administrator]

      11-10-2013 13:35:03
      mbam-log-2013-10-11 (13-35-03).txt

      Scan type: Snelle scan
      Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
      Uitgeschakelde scan opties: P2P
      Objecten gescand: 288977
      Verstreken tijd: 17 minuut/minuten, 36 seconde(n)

      Geheugenprocessen gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Geheugenmodulen gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Registersleutels gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Registerwaarden gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Registerdata gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Mappen gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Bestanden gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      (einde)

      2. AdwCleaner

      # AdwCleaner v3.007 - Report created 11/10/2013 at 14:08:12
      # Updated 09/10/2013 by Xplode
      # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
      # Username : Helen de Vink - HELENA
      # Running from : C:\Documents and Settings\Helen de Vink\Bureaublad\AdwCleaner.exe
      # Option : Clean

      ***** [ Services ] *****


      ***** [ Files / Folders ] *****

      Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
      Folder Deleted : C:\Program Files\Conduit
      Folder Deleted : C:\Program Files\Searchprotect
      Folder Deleted : C:\Program Files\Common Files\Software Update Utility
      Folder Deleted : C:\Documents and Settings\Helen de Vink\Local Settings\Application Data\Conduit
      Folder Deleted : C:\Documents and Settings\Helen de Vink\Application Data\dvdvideosoftiehelpers
      Folder Deleted : C:\Documents and Settings\Helen de Vink\Application Data\Search Settings
      Folder Deleted : C:\Documents and Settings\Helen de Vink\Application Data\Searchprotect
      Folder Deleted : C:\Documents and Settings\Helen de Vink\Application Data\Uniblue\SpeedUpMyPC
      Folder Deleted : C:\Documents and Settings\Helen de Vink\Application Data\Mozilla\Firefox\Profiles\ga1i0cho.default\WinampToolbarData
      Folder Deleted : C:\Documents and Settings\Helen de Vink\Application Data\Mozilla\Firefox\Profiles\rphdu8ra.Helena\Conduit
      Folder Deleted : C:\Documents and Settings\Helen de Vink\Application Data\Mozilla\Firefox\Profiles\rphdu8ra.Helena\jetpack
      Folder Deleted : C:\Documents and Settings\Helen de Vink\Application Data\Mozilla\Firefox\Profiles\rphdu8ra.Helena\WinampToolbarData
      Folder Deleted : C:\Documents and Settings\Helen de Vink\Application Data\Mozilla\Firefox\Profiles\rphdu8ra.Helena\CT2269050
      Folder Deleted : C:\Documents and Settings\Helen de Vink\Application Data\Mozilla\Firefox\Profiles\ga1i0cho.default\Extensions\{0B38152B-1B20-484D-A11F-5E04A9B0661F}
      Folder Deleted : C:\Documents and Settings\Helen de Vink\Application Data\Mozilla\Firefox\Profiles\ga1i0cho.default\Extensions\{75623D5D-4683-402A-B610-AC4BAB767C86}
      Folder Deleted : C:\Documents and Settings\Helen de Vink\Application Data\Mozilla\Firefox\Profiles\ga1i0cho.default\Extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
      Folder Deleted : C:\Documents and Settings\Helen de Vink\Application Data\Mozilla\Firefox\Profiles\ga1i0cho.default\Extensions\[email protected]
      Folder Deleted : C:\Documents and Settings\Helen de Vink\Application Data\Mozilla\Firefox\Profiles\ga1i0cho.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
      Folder Deleted : C:\Documents and Settings\Helen de Vink\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj
      File Deleted : C:\END
      File Deleted : C:\WINDOWS\system32\conduitEngine.tmp
      File Deleted : C:\Documents and Settings\Administrator.HELENA.001\Application Data\Mozilla\Firefox\Profiles\cn6qfua3.default\.autoreg
      File Deleted : C:\Documents and Settings\Helen de Vink\Application Data\Mozilla\Firefox\Profiles\ga1i0cho.default\searchplugins\yahoo-zugo.xml
      File Deleted : C:\Documents and Settings\Helen de Vink\Application Data\Mozilla\Firefox\Profiles\ga1i0cho.default\user.js
      File Deleted : C:\Documents and Settings\Helen de Vink\Application Data\Mozilla\Firefox\Profiles\rphdu8ra.Helena\user.js

      ***** [ Shortcuts ] *****


      ***** [ Registry ] *****

      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
      Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
      Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
      Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
      Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
      Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
      Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
      Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
      Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
      Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
      Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
      Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
      Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2865317
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
      Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
      Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
      Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
      Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
      Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
      Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
      Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
      Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
      Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
      Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
      Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
      Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
      Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
      Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
      Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
      Key Deleted : HKCU\Software\APN PIP
      Key Deleted : HKCU\Software\Conduit
      Key Deleted : HKCU\Software\Headlight
      Key Deleted : HKCU\Software\SearchProtect
      Key Deleted : HKCU\Software\smartbar
      Key Deleted : HKCU\Software\Softonic
      Key Deleted : HKCU\Software\YahooPartnerToolbar
      Key Deleted : HKCU\Software\Zugo
      Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
      Key Deleted : HKLM\Software\Conduit
      Key Deleted : HKLM\Software\PIP
      Key Deleted : HKLM\Software\SearchProtect
      Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
      Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
      Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
      Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility

      ***** [ Browsers ] *****

      -\\ Internet Explorer v8.0.6001.18702


      -\\ Mozilla Firefox v24.0 (nl)

      [ File : C:\Documents and Settings\Helen de Vink\Application Data\Mozilla\Firefox\Profiles\ga1i0cho.default\prefs.js ]


      [ File : C:\Documents and Settings\Helen de Vink\Application Data\Mozilla\Firefox\Profiles\rphdu8ra.Helena\prefs.js ]

      Line Deleted : user_pref("CT2865317.FF19Solved", "true");
      Line Deleted : user_pref("CT2865317.UserID", "UN19819142491546817");
      Line Deleted : user_pref("CT2865317.installDate", "26/6/2013 18:18:38");
      Line Deleted : user_pref("CT2865317.installSessionId", "-1");
      Line Deleted : user_pref("CT2865317.installSp", "true");
      Line Deleted : user_pref("CT2865317.installerVersion", "1.4.2.3");
      Line Deleted : user_pref("CT2865317.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2F92.254.54.166%2Fhoorspelen%2F\",\"EB_MAIN_FRAME_TITLE\":\"%0A %20%20%20%20%20%20Welkom%20op%20de%20hoorspelen-site%20
      Line Deleted : user_pref("CT2865317.searchRevert", "FALSE");
      Line Deleted : user_pref("CT2865317.searchUserMode", "2");
      Line Deleted : user_pref("CT2865317.versionFromInstaller", "10.16.2.9");
      Line Deleted : user_pref("CT2865317_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1367335280802,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
      Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2865317&SearchSource=13");
      Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "uTorrentBar_NL Customized Web Search");
      Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2865317&SearchSource=2&q=");
      Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "");
      Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2865317&SearchSource=2&q=");
      Line Deleted : user_pref("smartbar.machineId", "BNOVVLMFH35NNYVX1LLP2TG8ZGCMF5VCENPMY5GZQK+G3PAQS+SDR1JCF3T+FFZJBNDI/+6I4WQ8IYASZU5CXG");
      Line Deleted : user_pref("socialfixer.100000575175928/cached_content/donate_pagelet", "{\"expires_on\":1341742054318,\"content\":\"<div style=\\\"background-color:#ffffcc;border:1px solid #cccc99;padding:5px;-moz-bo

      [ File : C:\Documents and Settings\Administrator.HELENA.001\Application Data\Mozilla\Firefox\Profiles\cn6qfua3.default\prefs.js ]


      -\\ Google Chrome v30.0.1599.69

      [ File : C:\Documents and Settings\Helen de Vink\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


      *************************

      AdwCleaner[R0].txt - [9813 octets] - [11/10/2013 14:02:43]
      AdwCleaner[S0].txt - [9958 octets] - [11/10/2013 14:08:12]

      ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10018 octets] ##########

      3. DDS txt

      DDS (Ver_2012-11-20.01) - NTFS_x86
      Internet Explorer: 8.0.6001.18702
      Run by Helen de Vink at 14:35:46 on 2013-10-11
      Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1023.433 [GMT 2:00]
      .
      AV: Bitdefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
      FW: Bitdefender Firewall *Enabled*
      .
      ============== Running Processes ================
      .
      C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\eHome\ehRecvr.exe
      C:\WINDOWS\eHome\ehSched.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\PANDORA.TV\PanService\KMPService.exe
      C:\Program Files\Secunia\PSI\PSIA.exe
      C:\Program Files\PANDORA.TV\PanService\KMPProcess.exe
      C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
      C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
      C:\WINDOWS\ehome\mcrdsvc.exe
      C:\Program Files\Canon\CAL\CALMAIN.exe
      C:\WINDOWS\system32\dllhost.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\ehome\ehtray.exe
      C:\WINDOWS\eHome\ehmsas.exe
      C:\WINDOWS\system32\Prismsta.exe
      C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Microsoft ActiveSync\wcescomm.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
      C:\PROGRA~1\MI3AA1~1\rapimgr.exe
      C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
      C:\Program Files\Secunia\PSI\psi_tray.exe
      C:\Program Files\SpywareGuard\sgmain.exe
      C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
      C:\Program Files\SpywareGuard\sgbhp.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\WINDOWS\system32\NOTEPAD.EXE
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\WINDOWS\system32\svchost.exe -k DcomLaunch
      C:\WINDOWS\system32\svchost.exe -k rpcss
      C:\WINDOWS\System32\svchost.exe -k netsvcs
      C:\WINDOWS\system32\svchost.exe -k NetworkService
      C:\WINDOWS\system32\svchost.exe -k LocalService
      C:\WINDOWS\system32\svchost.exe -k LocalService
      C:\WINDOWS\system32\svchost.exe -k LocalService
      C:\WINDOWS\system32\svchost.exe -k imgsvc
      C:\WINDOWS\System32\svchost.exe -k HTTPFilter
      .
      ============== Pseudo HJT Report ===============
      .
      uStart Page = hxxp://google.nl/
      uDefault_Search_URL = hxxp://www.google.com/ie
      uSearchAssistant = hxxp://www.google.com/ie
      uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
      BHO: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - c:\program files\bitdefender\bitdefender\pmbxie.dll
      BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4A368E80-174F-4872-96B5-0B27DDD11DB2} - c:\program files\spywareguard\dlprotect.dll
      BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
      uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
      uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
      uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe" -automount
      uRun: [Bitdefender Wallet Agent] "c:\program files\bitdefender\bitdefender\pmbxag.exe"
      uRun: [Bitdefender Wallet] "c:\program files\bitdefender\bitdefender\pwdmanui.exe" --hidden --nowizard
      uRun: [Bitdefender Agent Wallet-toepassing] "c:\program files\bitdefender\bitdefender\bdapppassmgr.exe"
      mRun: [ehTray] c:\windows\ehome\ehtray.exe
      mRun: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
      mRun: [Prism_Utility] Prismsta.exe
      mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
      mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
      mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
      mRun: [PRISMSTA.EXE] PRISMSTA.EXE START
      mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
      mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
      mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
      mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
      mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
      mRun: [Bdagent] "c:\program files\bitdefender\bitdefender\bdagent.exe"
      dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
      dRun: [Bitdefender Wallet Agent] "c:\program files\bitdefender\bitdefender\pmbxag.exe"
      dRun: [Bitdefender Wallet] "c:\program files\bitdefender\bitdefender\pwdmanui.exe" --hidden --nowizard
      dRun: [Bitdefender Agent de l'application Wallet] "c:\program files\bitdefender\bitdefender\bdapppassmgr.exe"
      dRun: [Bitdefender Agent Wallet-toepassing] "c:\program files\bitdefender\bitdefender\bdapppassmgr.exe"
      StartupFolder: c:\docume~1\helend~1\menust~1\progra~1\opstar~1\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
      StartupFolder: c:\docume~1\helend~1\menust~1\progra~1\opstar~1\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
      StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe
      StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
      uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
      uPolicies-Explorer: NoDriveAutoRun = dword:67108863
      uPolicies-Explorer: NoDrives = dword:0
      mPolicies-Explorer: NoDriveAutoRun = dword:67108863
      mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
      mPolicies-Explorer: NoDrives = dword:0
      mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
      mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
      mPolicies-Explorer: NoDriveAutoRun = dword:67108863
      IE: &Block This Image (ABP) - <no file>
      IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
      IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
      IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
      IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
      IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
      IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
      .
      INFO: HKCU has more than 50 listed domains.
      If you wish to scan all of them, select the 'Force scan all domains' option.
      .
      .
      INFO: HKLM has more than 50 listed domains.
      If you wish to scan all of them, select the 'Force scan all domains' option.
      .
      DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
      DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1347124945993
      DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
      DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
      DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
      TCP: NameServer = 212.54.40.25 212.54.35.25
      TCP: Interfaces\{73C1EC97-B67B-435C-BB95-BC4699E68863} : DHCPNameServer = 212.54.40.25 212.54.35.25
      SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
      SEH: SpywareGuard.Handler - {81559C35-8464-49F7-BB0E-07A383BEF910} - c:\program files\spywareguard\spywareguard.dll
      mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.69\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
      .
      ================= FIREFOX ===================
      .
      FF - ProfilePath - c:\documents and settings\helen de vink\application data\mozilla\firefox\profiles\rphdu8ra.helena\
      FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
      FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
      FF - plugin: c:\program files\adobe\reader 11.0\reader\browser\nppdf32(2).dll
      FF - plugin: c:\program files\bitdefender\bitdefender\npcomm.dll
      FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
      FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
      FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
      FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
      FF - plugin: c:\program files\nos\bin\np_gp.dll
      FF - plugin: c:\windows\system32\adobe\director\np32dsw_1204144.dll
      FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_165.dll
      FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_170.dll
      FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
      FF - ExtSQL: 2013-08-27 15:58; [email protected]; c:\program files\bitdefender\bitdefender\ffpwdman
      .
      ============= SERVICES / DRIVERS ===============
      .
      R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2013-10-8 640560]
      R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [2013-10-10 165744]
      R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2013-9-10 97008]
      R1 RapportCerberus_56758;RapportCerberus_56758;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_56758.sys [2013-9-5 330960]
      R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2013-9-10 148688]
      R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2013-9-10 222416]
      R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-17 99328]
      R2 PanService;PandoraService;c:\program files\pandora.tv\panservice\KMPService.exe [2013-9-18 1922600]
      R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2013-9-10 1435928]
      R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2013-7-3 1228504]
      R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]
      R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\bitdefender\bitdefender\updatesrv.exe [2013-10-10 54424]
      R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2013-10-8 242504]
      R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2013-10-8 490144]
      R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf.sys [2013-10-10 116560]
      R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2008-12-9 1287296]
      R3 PSI;PSI;c:\windows\system32\drivers\psi_mf_x86.sys [2013-7-3 16024]
      S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
      S2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2013-7-3 660184]
      S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2013-10-8 66832]
      S3 cleanhlp;cleanhlp;c:\eek\run\cleanhlp32.sys [2013-7-13 50200]
      S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?]
      S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-9-2 14336]
      S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
      S4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\bitdefender\bitdefender\bdparentalservice.exe [2013-10-10 68344]
      .
      =============== Created Last 30 ================
      .
      2013-10-11 12:02:24 -------- d-----w- C:\AdwCleaner
      2013-10-10 20:31:59 2455936 ----a-w- c:\program files\common files\system\msmapi\1043\MSNCON32.dll
      2013-10-10 20:31:59 2455936 ----a-w- c:\program files\common files\system\mapi\1043\MSNCON32.dll
      2013-10-10 20:31:55 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
      2013-10-10 20:30:47 -------- d-----w- c:\program files\Windows Live SkyDrive
      2013-10-10 20:29:03 -------- d-----w- c:\program files\common files\Windows Live
      2013-10-10 16:09:16 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
      2013-10-10 15:49:44 -------- d-----w- c:\program files\CCleaner
      2013-10-10 13:27:32 -------- d--h--r- c:\documents and settings\helen de vink\Onlangs geopend
      2013-10-10 10:27:56 454610 ----a-w- c:\documents and settings\all users\application data\1381399976.bdinstall.bin
      2013-10-10 10:18:52 -------- d-----w- c:\documents and settings\helen de vink\application data\Bitdefender
      2013-10-10 10:15:01 360376 ----a-w- c:\windows\system32\drivers\trufos.sys
      2013-10-10 10:14:59 165744 ----a-w- c:\windows\system32\drivers\gzflt.sys
      2013-10-10 09:59:12 12148 ----a-w- c:\documents and settings\all users\application data\1381399112.4100.bin
      2013-10-10 09:58:48 2043 ----a-w- c:\documents and settings\all users\application data\1381399112.4236.bin
      2013-10-10 09:58:46 1230 ----a-w- c:\documents and settings\all users\application data\1381399112.2912.bin
      2013-10-10 09:58:32 98710 ----a-w- c:\documents and settings\all users\application data\1381399112.720.bin
      2013-10-08 17:14:38 72704 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
      2013-10-08 16:51:15 645756 ----a-w- c:\documents and settings\all users\application data\1381249561.bdinstall.bin
      2013-10-08 16:42:25 116560 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
      2013-10-08 16:42:23 66832 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
      2013-10-08 16:41:47 490144 ----a-w- c:\windows\system32\drivers\avckf.sys
      2013-10-08 16:41:46 242504 ----a-w- c:\windows\system32\drivers\avchv.sys
      2013-10-08 16:41:45 640560 ----a-w- c:\windows\system32\drivers\avc3.sys
      2013-10-08 15:13:20 259432 ----a-w- c:\documents and settings\all users\application data\1381244902.bdinstall.bin
      2013-10-08 14:18:39 423338 ----a-w- c:\documents and settings\all users\application data\1381241571.bdinstall.bin
      2013-10-08 14:05:26 59003 ----a-w- c:\documents and settings\all users\application data\1381241113.bdinstall.bin
      2013-10-08 14:04:59 59004 ----a-w- c:\documents and settings\all users\application data\1381241077.bdinstall.bin
      2013-10-08 14:04:33 115367 ----a-w- c:\documents and settings\all users\application data\1381240957.bdinstall.bin
      2013-10-08 14:04:23 58739 ----a-w- c:\documents and settings\all users\application data\1381241039.bdinstall.bin
      2013-10-08 12:55:49 189 ----a-w- c:\documents and settings\all users\application data\1381236938.7644.bin
      2013-10-08 12:55:48 462 ----a-w- c:\documents and settings\all users\application data\1381236938.5688.bin
      2013-10-08 12:55:38 91833 ----a-w- c:\documents and settings\all users\application data\1381236938.7156.bin
      2013-10-08 12:05:12 790833 ----a-w- c:\documents and settings\all users\application data\1381231939.bdinstall.bin
      2013-10-08 12:00:16 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
      2013-10-08 11:59:39 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
      2013-10-08 11:58:30 -------- d-----w- c:\documents and settings\all users\application data\BDLogging
      2013-10-08 11:57:19 511328 ----a-w- c:\windows\capicom.dll
      2013-10-08 11:47:33 -------- d-----w- c:\documents and settings\helen de vink\application data\QuickScan
      2013-10-08 11:33:55 -------- d-----w- c:\documents and settings\all users\application data\Bitdefender
      2013-10-08 11:33:02 -------- d-----w- c:\program files\Bitdefender
      2013-10-08 11:28:44 -------- d-----w- c:\program files\common files\Bitdefender
      2013-10-08 11:09:04 -------- d-----w- C:\SSTMP
      2013-10-08 10:50:40 -------- d-----w- c:\program files\common files\SWF Studio
      2013-09-26 18:00:39 208760 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
      .
      ==================== Find3M ====================
      .
      2013-10-10 14:38:48 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
      2013-10-10 14:38:48 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
      2013-09-23 18:25:15 920064 ----a-w- c:\windows\system32\wininet.dll
      2013-09-23 18:25:12 43520 ----a-w- c:\windows\system32\licmgr10.dll
      2013-09-23 18:25:12 1469440 ------w- c:\windows\system32\inetcpl.cpl
      2013-09-23 18:25:08 18944 ----a-w- c:\windows\system32\corpol.dll
      2013-09-23 18:07:19 385024 ----a-w- c:\windows\system32\html.iec
      2013-09-12 18:00:00 112640 ----a-w- c:\windows\system32\ff_vfw.dll
      2013-09-10 21:18:28 97008 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
      2013-08-30 11:09:51 87608 ----a-w- c:\documents and settings\helen de vink\application data\inst.exe
      2013-08-30 11:09:51 47360 ----a-w- c:\documents and settings\helen de vink\application data\pcouffin.sys
      2013-08-29 07:01:31 1878784 ----a-w- c:\windows\system32\win32k.sys
      2013-08-22 17:09:56 217176 ----a-w- c:\windows\system32\unrar.dll
      2013-08-09 01:56:37 391168 ----a-w- c:\windows\system32\themeui.dll
      2013-08-09 00:55:08 144128 ----a-w- c:\windows\system32\drivers\usbport.sys
      2013-08-09 00:55:07 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
      2013-08-09 00:55:06 5376 ----a-w- c:\windows\system32\drivers\usbd.sys
      2013-08-05 13:30:18 1289216 ----a-w- c:\windows\system32\ole32.dll
      2013-08-02 23:48:38 1543680 ------w- c:\windows\system32\wmvdecod.dll
      2013-07-18 23:18:04 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
      2013-07-17 00:58:17 123008 ------w- c:\windows\system32\drivers\usbvideo.sys
      2013-07-17 00:58:06 46848 ------w- c:\windows\system32\drivers\irbus.sys
      2013-07-14 16:23:44 4188160 ----a-w- c:\program files\GUT97.tmp
      2010-06-02 03:22:02 89944 ----a-w- c:\program files\DSETUP.dll
      2010-06-02 03:22:02 537432 ----a-w- c:\program files\DXSETUP.exe
      2010-06-02 03:22:02 1801048 ----a-w- c:\program files\dsetup32.dll
      2010-02-18 03:58:46 30952 ----a-w- c:\program files\mpsyschk.exe
      .
      ============= FINISH: 14:37:41,70 ===============

      4. Security Check


      Results of screen317's Security Check version 0.99.74
      Windows XP Service Pack 3 x86
      Internet Explorer 8
      ``````````````Antivirus/Firewall Check:``````````````
      Bitdefender Antivirus
      Antivirus up to date!
      `````````Anti-malware/Other Utilities Check:`````````
      SpywareBlaster 5.0
      SpywareGuard v2.2
      Secunia PSI (3.0.0.7011)
      CCleaner
      Eusing Free Registry Cleaner
      Adobe Flash Player 11.9.900.117
      Adobe Reader XI
      Mozilla Firefox (24.0)
      Google Chrome 29.0.1547.76
      Google Chrome 30.0.1599.69
      ````````Process Check: objlist.exe by Laurent````````
      Bitdefender Bitdefender vsserv.exe
      Bitdefender Bitdefender updatesrv.exe
      Bitdefender Bitdefender bdagent.exe
      Bitdefender Bitdefender pmbxag.exe
      Bitdefender Bitdefender bdapppassmgr.exe
      `````````````````System Health check`````````````````
      Total Fragmentation on Drive C::
      ````````````````````End of Log``````````````````````



      N.B. Bij Securitycheck kreeg ik de opmerking dat er vele bestanden worden gemist

      Dank voor de moeite
      Helen

      Comment


      • #4
        Alcohol Soft mag je verwijderen van je PC.
        Deze is besmet.

        PC herstarten hierna.


        Download of Update Ccleaner

        Start CCleaner op.
        • Run Ccleaner en klik in de linkse kolom op Opties
        • Selecteer het tabblad Geavanceerd
        • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
        • Haal het vinkje weg voor Verwijder alleen bestanden in de Prullenbak die ouder zijn dan 24 uur
        • Selecteer het tabblad Instellingen
        • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
        • Klik in de linkse kolom op Cleaner.
        • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
        • Klik vervolgens in de linkse kolom op Register
        • Klik op Scan naar problemen.
        • Als er fouten gevonden worden klik je op Herstel geselecteerde problemen
        • Hier kan de vraag verschijnen of je je register wil backuppen.Antwoord met Ja en OK



        Download Combofix naar je bureaublad.

        Extra nota... Zorg ervoor dat je Security software uitschakeld is tijdens het gebruik van Combofix.
        Dit omdat deze scanners bepaalde componenten die Combofix gebruikt, onterecht zien als geïnfecteerd en Combofix zullen blokkeren.


        Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.


        Sluit ALLE vensters, ook je browser en laat Combofix rustig zijn werk doen.
        Open dus geen andere applicaties totdat Combofix de log heeft gepresenteert.

        Als Combofix vraagt om een update, dan staat je dit toe.

        Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
        Deze kan je vinden als C:\combofix.txt.

        Post het Combofixlogje samen met een nieuw DDS logje in je volgende antwoord.

        * OPMERKING: Indien je één van de onderstaande meldingen krijgt na het gebruik van ComboFix, herstart dan de computer.
        • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
        • Illegal operation attempted on a registry key that has been marked for deletion.
        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

        Comment


        • #5
          Hallo E.,
          1. Alcohol soft verwijderd. Pc herstart

          2. CC Cleaner: opdrachten uitgevoerd.

          3. Combofix maatregelingen:
          a. Toen ik het virusshield van BitDefender uitzette, merkte ik op dat bij "toegang scannen" de beveiliging niet op "normaal" of standaard stond, maar op "aangepast". De beveiliging stond super laag (op het oog zelfs uit), maar de beveiligingwidget gaf wel groen licht.
          Bij installeren had ik
          BD op standaard gezet en gecontroleerd.
          b. Ook had ik gisteren 2 x een snelle scan uitgevoerd. Echter, er wordt aangegeven dat er NOOIT een scan is gedaan
          c. Nadat ik via het systeemicoon BD had uitgezet (rood licht) veranderde tijdens het scannen van Combofix het rode shield plotsklaps in groen! Ik heb maar geen actie ondernomen. Na de scan bleek bij opening van het icoon dat BD wel degelijk uit stond. Hier zag ik wel het rode licht.
          d. Het lijkt erop dat BD nog steeds niet doet wat hij moet doen.

          4. Na het scannen van Combifix bevroo rde pc. Iconen en taakbalk verdwenen. Een logtxt kwam niet in beelden deze was na reboot ook niet te vinden.
          Opnieuw Combofix gestart en laten scannen. Dit ging goed. Nu wel het logje.

          5. de logjes hieronder.
          Groetjes
          Helen

          ComboFix 13-10-09.01 - Helen de Vink 11-10-2013 21:17:17.8.1 - x86
          Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1023.445 [GMT 2:00]
          Gestart vanuit: c:\documents and settings\Helen de Vink\Bureaublad\ComboFix.exe
          AV: Bitdefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
          FW: Bitdefender Firewall *Enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
          .
          .
          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          ---- Voorgaande Run -------
          .
          c:\documents and settings\All Users\Application Data\1381236938.5688.bin
          c:\documents and settings\All Users\Application Data\1381236938.7156.bin
          c:\documents and settings\All Users\Application Data\1381236938.7644.bin
          c:\documents and settings\All Users\Application Data\1381240957.bdinstall.bin
          c:\documents and settings\All Users\Application Data\1381241039.bdinstall.bin
          c:\documents and settings\All Users\Application Data\1381241077.bdinstall.bin
          c:\documents and settings\All Users\Application Data\1381241113.bdinstall.bin
          c:\documents and settings\All Users\Application Data\1381241571.bdinstall.bin
          c:\documents and settings\All Users\Application Data\1381244902.bdinstall.bin
          c:\documents and settings\All Users\Application Data\1381249561.bdinstall.bin
          c:\documents and settings\All Users\Application Data\1381399112.2912.bin
          c:\documents and settings\All Users\Application Data\1381399112.4100.bin
          c:\documents and settings\All Users\Application Data\1381399112.4236.bin
          c:\documents and settings\All Users\Application Data\1381399112.720.bin
          c:\documents and settings\All Users\Application Data\1381399976.bdinstall.bin
          c:\documents and settings\All Users\Application Data\TEMP
          c:\documents and settings\Helen de Vink\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences
          c:\documents and settings\Helen de Vink\Mijn documenten\ZDP05267.TMP
          c:\documents and settings\Helen de Vink\Mijn documenten\ZDP08301.TMP
          c:\documents and settings\Helen de Vink\Mijn documenten\ZDP12523.TMP
          c:\documents and settings\Helen de Vink\Mijn documenten\ZDP27889.TMP
          c:\windows\ST6UNST.000
          c:\windows\system32\drivers\etc\hosts.ics
          c:\windows\wininit.ini
          .
          .
          (((((((((((((((((((( Bestanden Gemaakt van 2013-09-11 to 2013-10-11 ))))))))))))))))))))))))))))))
          .
          .
          2013-10-11 17:01 . 2013-10-11 17:01 -------- d--h--r- c:\documents and settings\Helen de Vink\Onlangs geopend
          2013-10-11 12:02 . 2013-10-11 12:08 -------- d-----w- C:\AdwCleaner
          2013-10-10 20:31 . 2009-03-05 19:20 2455936 ----a-w- c:\program files\Common Files\System\MSMAPI\1043\MSNCON32.dll
          2013-10-10 20:31 . 2009-03-05 19:20 2455936 ----a-w- c:\program files\Common Files\System\MAPI\1043\MSNCON32.dll
          2013-10-10 20:31 . 2013-10-10 20:31 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
          2013-10-10 20:30 . 2013-10-10 20:30 -------- d-----w- c:\program files\Windows Live SkyDrive
          2013-10-10 20:29 . 2013-10-10 20:29 -------- d-----w- c:\program files\Common Files\Windows Live
          2013-10-10 16:09 . 2013-10-10 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
          2013-10-10 15:49 . 2013-10-10 15:49 -------- d-----w- c:\program files\CCleaner
          2013-10-10 10:18 . 2013-10-10 10:18 -------- d-----w- c:\documents and settings\Helen de Vink\Application Data\Bitdefender
          2013-10-10 10:15 . 2013-10-10 10:49 360376 ----a-w- c:\windows\system32\drivers\trufos.sys
          2013-10-10 10:14 . 2013-10-10 10:50 165744 ----a-w- c:\windows\system32\drivers\gzflt.sys
          2013-10-08 17:14 . 2013-10-08 17:14 72704 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
          2013-10-08 16:42 . 2013-02-22 17:46 116560 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
          2013-10-08 16:42 . 2013-07-23 14:50 66832 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
          2013-10-08 16:41 . 2013-07-19 16:06 490144 ----a-w- c:\windows\system32\drivers\avckf.sys
          2013-10-08 16:41 . 2012-11-02 12:17 242504 ----a-w- c:\windows\system32\drivers\avchv.sys
          2013-10-08 16:41 . 2013-07-19 16:03 640560 ----a-w- c:\windows\system32\drivers\avc3.sys
          2013-10-08 12:58 . 2013-10-08 12:58 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\QuickScan
          2013-10-08 12:05 . 2013-10-08 12:05 790833 ----a-w- c:\documents and settings\All Users\Application Data\1381231939.bdinstall.bin
          2013-10-08 12:02 . 2013-10-08 12:02 -------- d-----w- c:\documents and settings\LocalService\Application Data\QuickScan
          2013-10-08 12:00 . 2008-11-07 16:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
          2013-10-08 11:59 . 2009-07-14 21:27 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
          2013-10-08 11:58 . 2013-10-08 11:58 -------- d-----w- c:\documents and settings\All Users\Application Data\BDLogging
          2013-10-08 11:57 . 2007-04-11 09:11 511328 ----a-w- c:\windows\capicom.dll
          2013-10-08 11:47 . 2013-10-08 11:47 -------- d-----w- c:\documents and settings\Helen de Vink\Application Data\QuickScan
          2013-10-08 11:33 . 2013-10-10 10:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Bitdefender
          2013-10-08 11:33 . 2013-10-08 16:26 -------- d-----w- c:\program files\Bitdefender
          2013-10-08 11:28 . 2013-10-10 10:15 -------- d-----w- c:\program files\Common Files\Bitdefender
          2013-10-08 11:09 . 2013-10-08 11:24 -------- d-----w- C:\SSTMP
          2013-10-08 10:50 . 2013-10-08 10:50 -------- d-----w- c:\program files\Common Files\SWF Studio
          2013-09-26 18:00 . 2013-09-26 18:00 208760 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
          .
          .
          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2013-10-10 14:38 . 2012-03-30 15:07 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
          2013-10-10 14:38 . 2012-03-19 10:56 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
          2013-09-23 18:25 . 2004-09-02 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
          2013-09-23 18:25 . 2004-09-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
          2013-09-23 18:25 . 2004-09-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
          2013-09-23 18:25 . 2004-09-02 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
          2013-09-23 18:07 . 2004-09-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
          2013-09-12 18:00 . 2013-08-17 14:48 112640 ----a-w- c:\windows\system32\ff_vfw.dll
          2013-09-10 21:18 . 2013-09-10 21:18 97008 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
          2013-08-30 11:09 . 2009-01-25 12:21 87608 ----a-w- c:\documents and settings\Helen de Vink\Application Data\inst.exe
          2013-08-30 11:09 . 2009-01-25 12:21 47360 ----a-w- c:\documents and settings\Helen de Vink\Application Data\pcouffin.sys
          2013-08-29 07:01 . 2004-09-02 12:00 1878784 ----a-w- c:\windows\system32\win32k.sys
          2013-08-22 17:09 . 2002-10-15 22:54 217176 ----a-w- c:\windows\system32\unrar.dll
          2013-08-09 01:56 . 2004-09-02 12:00 391168 ----a-w- c:\windows\system32\themeui.dll
          2013-08-09 00:55 . 2004-09-02 12:00 144128 ----a-w- c:\windows\system32\drivers\usbport.sys
          2013-08-09 00:55 . 2008-12-09 16:20 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
          2013-08-09 00:55 . 2004-09-02 12:00 5376 ----a-w- c:\windows\system32\drivers\usbd.sys
          2013-08-05 13:30 . 2004-09-02 12:00 1289216 ----a-w- c:\windows\system32\ole32.dll
          2013-08-02 23:48 . 2006-10-18 20:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
          2013-07-18 23:18 . 2013-07-18 23:18 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
          2013-07-17 00:58 . 2008-04-13 18:46 123008 ------w- c:\windows\system32\drivers\usbvideo.sys
          2013-07-17 00:58 . 2008-04-13 18:45 46848 ------w- c:\windows\system32\drivers\irbus.sys
          2013-07-14 16:23 . 2013-07-14 16:21 4188160 ----a-w- c:\program files\GUT97.tmp
          2010-06-02 03:22 . 2010-06-02 03:22 89944 ----a-w- c:\program files\DSETUP.dll
          2010-06-02 03:22 . 2010-06-02 03:22 537432 ----a-w- c:\program files\DXSETUP.exe
          2010-06-02 03:22 . 2010-06-02 03:22 1801048 ----a-w- c:\program files\dsetup32.dll
          2010-02-18 03:58 . 2010-02-18 03:58 30952 ----a-w- c:\program files\mpsyschk.exe
          .
          .
          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
          REGEDIT4
          .
          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
          "Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2013-10-08 481344]
          "Bitdefender Wallet"="c:\program files\Bitdefender\Bitdefender\pwdmanui.exe" [2013-10-10 903656]
          "Bitdefender Agent Wallet-toepassing"="c:\program files\Bitdefender\Bitdefender\bdapppassmgr.exe" [2013-10-08 621448]
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "PRISMSTA.EXE"="PRISMSTA.EXE START" [X]
          "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512]
          "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 61952]
          "Prism_Utility"="Prismsta.exe" [2004-01-14 215552]
          "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
          "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
          "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
          "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-10-01 152392]
          "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
          "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
          "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
          "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
          "Bdagent"="c:\program files\Bitdefender\Bitdefender\bdagent.exe" [2013-10-10 1837848]
          .
          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
          "Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2013-10-08 481344]
          "Bitdefender Wallet"="c:\program files\Bitdefender\Bitdefender\pwdmanui.exe" [2013-10-10 903656]
          "Bitdefender Agent de l'application Wallet"="c:\program files\Bitdefender\Bitdefender\bdapppassmgr.exe" [2013-10-08 621448]
          "Bitdefender Agent Wallet-toepassing"="c:\program files\Bitdefender\Bitdefender\bdapppassmgr.exe" [2013-10-08 621448]
          .
          c:\documents and settings\Helen de Vink\Menu Start\Programma's\Opstarten\
          SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
          Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]
          .
          c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
          hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
          Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2013-7-3 563416]
          .
          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
          @="Driver"
          .
          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4D3964D404AE426D77D6B8D187E90605E9BFCC97._service_run]
          2013-10-03 06:03 844752 ----a-w- c:\program files\Google\Chrome\Application\chrome.exe
          .
          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
          c:\program files\DivX\DivX Media Server\DivXMediaServer.exe [BU]
          .
          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
          c:\program files\DivX\DivX Update\DivXUpdate.exe [BU]
          .
          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
          2010-04-03 17:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
          .
          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
          "EnableFirewall"= 0 (0x0)
          .
          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
          "%windir%\\system32\\sessmgr.exe"=
          "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
          "d:\\Gedownloade programma's\\uTorrent\\utorrent.exe"=
          "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
          "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
          "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
          "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
          "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
          "c:\\Program Files\\Messenger\\msmsgs.exe"=
          "c:\\Documents and Settings\\Helen de Vink\\Application Data\\uTorrent\\uTorrent.exe"=
          "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
          "c:\\Program Files\\iTunes\\iTunes.exe"=
          "c:\\Program Files\\PANDORA.TV\\PanService\\KMPProcess.exe"=
          .
          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
          "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
          .
          R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [8-10-2013 18:41 640560]
          R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [10-10-2013 12:14 165744]
          R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [10-9-2013 23:18 97008]
          R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
          R1 RapportCerberus_56758;RapportCerberus_56758;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys [5-9-2013 12:08 330960]
          R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [10-9-2013 23:18 148688]
          R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [10-9-2013 23:18 222416]
          R2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\KMPService.exe [18-9-2013 12:45 1922600]
          R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [10-9-2013 23:18 1435928]
          R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [3-7-2013 10:32 1228504]
          R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender\updatesrv.exe [10-10-2013 12:18 54424]
          R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [8-10-2013 18:41 242504]
          R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys [10-10-2013 12:18 116560]
          R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [9-12-2008 16:21 1287296]
          R3 PSI;PSI;c:\windows\system32\drivers\psi_mf_x86.sys [3-7-2013 10:32 16024]
          S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [3-7-2013 10:32 660184]
          S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [8-10-2013 18:41 490144]
          S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [8-10-2013 18:42 66832]
          S3 cleanhlp;cleanhlp;c:\eek\Run\cleanhlp32.sys [13-7-2013 17:38 50200]
          S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?]
          S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [2-9-2004 14:00 14336]
          S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [25-1-2009 14:21 47360]
          S4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender\bdparentalservice.exe [10-10-2013 12:18 68344]
          .
          --- Andere Services/Drivers In Geheugen ---
          .
          *NewlyCreated* - WS2IFSL
          .
          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
          getPlusHelper REG_MULTI_SZ getPlusHelper
          nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
          .
          [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
          2013-10-05 13:03 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe
          .
          Inhoud van de 'Gedeelde Taken' map
          .
          2013-09-09 c:\windows\Tasks\AppleSoftwareUpdate.job
          - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
          .
          2013-10-11 c:\windows\Tasks\Google Software Updater.job
          - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-10 20:06]
          .
          2013-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
          - c:\program files\Google\Update\GoogleUpdate.exe [2013-07-14 16:58]
          .
          2013-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
          - c:\program files\Google\Update\GoogleUpdate.exe [2013-07-14 16:58]
          .
          2013-10-10 c:\windows\Tasks\User_Feed_Synchronization-{7DF23361-E1F0-4789-A428-E5ED9F8ABD1E}.job
          - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
          .
          .
          ------- Bijkomende Scan -------
          .
          uStart Page = hxxp://google.nl/
          uDefault_Search_URL = hxxp://www.google.com/ie
          uInternet Settings,ProxyOverride = *.local
          uSearchAssistant = hxxp://www.google.com/ie
          uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
          IE: &Block This Image (ABP)
          IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
          FF - ProfilePath - c:\documents and settings\Helen de Vink\Application Data\Mozilla\Firefox\Profiles\rphdu8ra.Helena\
          FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
          FF - ExtSQL: 2013-08-27 15:58; [email protected]; c:\program files\Bitdefender\Bitdefender\ffpwdman
          .
          .
          **************************************************************************
          .
          catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2013-10-11 21:38
          Windows 5.1.2600 Service Pack 3 NTFS
          .
          scannen van verborgen processen ...
          .
          scannen van verborgen autostart items ...
          .
          scannen van verborgen bestanden ...
          .
          Scan succesvol afgerond
          verborgen bestanden: 0
          .
          **************************************************************************
          .
          --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
          .
          [HKEY_USERS\S-1-5-21-796845957-1547161642-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
          @Allowed: (Read) (RestrictedCode)
          @Allowed: (Read) (RestrictedCode)
          .
          [HKEY_USERS\S-1-5-21-796845957-1547161642-682003330-1003\Software\SecuROM\License information*]
          "datasecu"=hex:a0,c3,b7,34,95,36,97,b1,8d,c8,70,74,bc,ad,6f,f5,53,99,01,5a,1d,
          e2,1e,b2,0b,27,d4,38,98,2c,85,5a,28,cb,43,1a,3f,30,22,cb,14,62,cf,04,d9,d4,\
          "rkeysecu"=hex:c0,55,8a,41,8b,0c,59,34,ce,33,5b,0b,eb,2e,af,7c
          .
          [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
          @Denied: (A 2) (Everyone)
          @="FlashBroker"
          "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe ,-101"
          .
          [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
          "Enabled"=dword:00000001
          .
          [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
          @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
          .
          [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
          @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
          .
          [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
          @Denied: (A 2) (Everyone)
          @="FlashBroker"
          "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_64_ActiveX.exe,-101"
          .
          [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
          "Enabled"=dword:00000001
          .
          [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
          @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_64_ActiveX.exe"
          .
          [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
          @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
          .
          [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
          @Denied: (A 2) (Everyone)
          @="IFlashBroker6"
          .
          [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
          @="{00020424-0000-0000-C000-000000000046}"
          .
          [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
          @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
          "Version"="1.0"
          .
          [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
          @Denied: (A 2) (Everyone)
          @="IFlashBroker5"
          .
          [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
          @="{00020424-0000-0000-C000-000000000046}"
          .
          [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
          @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
          "Version"="1.0"
          .
          [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Componen ts\€–}|ÿÿÿÿÀ•}|ù•9~*]
          "3140111900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
          .
          --------------------- DLLs Geladen Onder Lopende Processen ---------------------
          .
          - - - - - - - > 'explorer.exe'(4284)
          c:\program files\Bitdefender\Bitdefender\bdsecurepass.dll
          c:\windows\system32\webcheck.dll
          c:\windows\system32\WPDShServiceObj.dll
          c:\windows\system32\PortableDeviceTypes.dll
          c:\windows\system32\PortableDeviceApi.dll
          .
          Voltooingstijd: 2013-10-11 21:47:23
          ComboFix-quarantined-files.txt 2013-10-11 19:47
          .
          Pre-Run: 24.716.685.312 bytes beschikbaar
          Post-Run: 24.686.751.744 bytes beschikbaar
          .
          - - End Of File - - 70547186E8897D35A9A8AA0325444745
          3051207086651214E435112E51817DC5


          DDS (Ver_2012-11-20.01) - NTFS_x86
          Internet Explorer: 8.0.6001.18702
          Run by Helen de Vink at 21:55:40 on 2013-10-11
          Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1023.494 [GMT 2:00]
          .
          AV: Bitdefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
          FW: Bitdefender Firewall *Enabled*
          .
          ============== Running Processes ================
          .
          C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
          C:\WINDOWS\system32\nvsvc32.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
          C:\Program Files\Bonjour\mDNSResponder.exe
          C:\WINDOWS\eHome\ehRecvr.exe
          C:\WINDOWS\eHome\ehSched.exe
          C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
          C:\Program Files\PANDORA.TV\PanService\KMPService.exe
          C:\Program Files\Secunia\PSI\PSIA.exe
          C:\Program Files\PANDORA.TV\PanService\KMPProcess.exe
          C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
          C:\WINDOWS\ehome\mcrdsvc.exe
          C:\Program Files\Canon\CAL\CALMAIN.exe
          C:\WINDOWS\system32\dllhost.exe
          C:\WINDOWS\System32\alg.exe
          C:\WINDOWS\ehome\ehtray.exe
          C:\WINDOWS\system32\Prismsta.exe
          C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
          C:\WINDOWS\eHome\ehmsas.exe
          C:\Program Files\iTunes\iTunesHelper.exe
          C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
          C:\Program Files\Microsoft ActiveSync\wcescomm.exe
          C:\Program Files\iPod\bin\iPodService.exe
          C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
          C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe
          C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
          C:\Program Files\Secunia\PSI\psi_tray.exe
          C:\Program Files\SpywareGuard\sgmain.exe
          C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
          C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
          C:\Program Files\SpywareGuard\sgbhp.exe
          C:\WINDOWS\system32\HPZipm12.exe
          C:\WINDOWS\explorer.exe
          C:\WINDOWS\system32\notepad.exe
          C:\WINDOWS\system32\wbem\wmiprvse.exe
          C:\WINDOWS\system32\svchost.exe -k DcomLaunch
          C:\WINDOWS\system32\svchost.exe -k rpcss
          C:\WINDOWS\System32\svchost.exe -k netsvcs
          C:\WINDOWS\system32\svchost.exe -k NetworkService
          C:\WINDOWS\system32\svchost.exe -k LocalService
          C:\WINDOWS\system32\svchost.exe -k LocalService
          C:\WINDOWS\system32\svchost.exe -k LocalService
          C:\WINDOWS\system32\svchost.exe -k imgsvc
          C:\WINDOWS\System32\svchost.exe -k HTTPFilter
          .
          ============== Pseudo HJT Report ===============
          .
          uStart Page = hxxp://google.nl/
          uDefault_Search_URL = hxxp://www.google.com/ie
          uSearchAssistant = hxxp://www.google.com/ie
          uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
          BHO: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - c:\program files\bitdefender\bitdefender\pmbxie.dll
          BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4A368E80-174F-4872-96B5-0B27DDD11DB2} - c:\program files\spywareguard\dlprotect.dll
          BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
          uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
          uRun: [Bitdefender Wallet Agent] "c:\program files\bitdefender\bitdefender\pmbxag.exe"
          uRun: [Bitdefender Wallet] "c:\program files\bitdefender\bitdefender\pwdmanui.exe" --hidden --nowizard
          uRun: [Bitdefender Agent Wallet-toepassing] "c:\program files\bitdefender\bitdefender\bdapppassmgr.exe"
          mRun: [ehTray] c:\windows\ehome\ehtray.exe
          mRun: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
          mRun: [Prism_Utility] Prismsta.exe
          mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
          mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
          mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
          mRun: [PRISMSTA.EXE] PRISMSTA.EXE START
          mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
          mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
          mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
          mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
          mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
          mRun: [Bdagent] "c:\program files\bitdefender\bitdefender\bdagent.exe"
          dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
          dRun: [Bitdefender Wallet Agent] "c:\program files\bitdefender\bitdefender\pmbxag.exe"
          dRun: [Bitdefender Wallet] "c:\program files\bitdefender\bitdefender\pwdmanui.exe" --hidden --nowizard
          dRun: [Bitdefender Agent de l'application Wallet] "c:\program files\bitdefender\bitdefender\bdapppassmgr.exe"
          dRun: [Bitdefender Agent Wallet-toepassing] "c:\program files\bitdefender\bitdefender\bdapppassmgr.exe"
          StartupFolder: c:\docume~1\helend~1\menust~1\progra~1\opstar~1\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
          StartupFolder: c:\docume~1\helend~1\menust~1\progra~1\opstar~1\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
          StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe
          StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
          uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
          uPolicies-Explorer: NoDriveAutoRun = dword:67108863
          uPolicies-Explorer: NoDrives = dword:0
          mPolicies-Explorer: NoDriveAutoRun = dword:67108863
          mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
          mPolicies-Explorer: NoDrives = dword:0
          mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
          mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
          mPolicies-Explorer: NoDriveAutoRun = dword:67108863
          IE: &Block This Image (ABP) - <no file>
          IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
          IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
          IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
          IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
          IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
          IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
          .
          INFO: HKCU has more than 50 listed domains.
          If you wish to scan all of them, select the 'Force scan all domains' option.
          .
          .
          INFO: HKLM has more than 50 listed domains.
          If you wish to scan all of them, select the 'Force scan all domains' option.
          .
          DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
          DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1347124945993
          DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
          DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
          DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
          TCP: NameServer = 212.54.40.25 212.54.35.25
          TCP: Interfaces\{73C1EC97-B67B-435C-BB95-BC4699E68863} : DHCPNameServer = 212.54.40.25 212.54.35.25
          SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
          SEH: SpywareGuard.Handler - {81559C35-8464-49F7-BB0E-07A383BEF910} - c:\program files\spywareguard\spywareguard.dll
          mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.69\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
          .
          ================= FIREFOX ===================
          .
          FF - ProfilePath - c:\documents and settings\helen de vink\application data\mozilla\firefox\profiles\rphdu8ra.helena\
          FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
          FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
          FF - plugin: c:\program files\adobe\reader 11.0\reader\browser\nppdf32(2).dll
          FF - plugin: c:\program files\bitdefender\bitdefender\npcomm.dll
          FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
          FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
          FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
          FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
          FF - plugin: c:\program files\nos\bin\np_gp.dll
          FF - plugin: c:\windows\system32\adobe\director\np32dsw_1204144.dll
          FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_165.dll
          FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_170.dll
          FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
          FF - ExtSQL: 2013-08-27 15:58; [email protected]; c:\program files\bitdefender\bitdefender\ffpwdman
          .
          ============= SERVICES / DRIVERS ===============
          .
          R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2013-10-8 640560]
          R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [2013-10-10 165744]
          R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2013-9-10 97008]
          R1 RapportCerberus_56758;RapportCerberus_56758;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_56758.sys [2013-9-5 330960]
          R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2013-9-10 148688]
          R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2013-9-10 222416]
          R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-17 99328]
          R2 PanService;PandoraService;c:\program files\pandora.tv\panservice\KMPService.exe [2013-9-18 1922600]
          R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2013-9-10 1435928]
          R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2013-7-3 1228504]
          R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\bitdefender\bitdefender\updatesrv.exe [2013-10-10 54424]
          R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2013-10-8 242504]
          R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2013-10-8 490144]
          R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf.sys [2013-10-10 116560]
          R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2008-12-9 1287296]
          R3 PSI;PSI;c:\windows\system32\drivers\psi_mf_x86.sys [2013-7-3 16024]
          S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
          S2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2013-7-3 660184]
          S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2013-10-8 66832]
          S3 cleanhlp;cleanhlp;c:\eek\run\cleanhlp32.sys [2013-7-13 50200]
          S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?]
          S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-9-2 14336]
          S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
          S4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\bitdefender\bitdefender\bdparentalservice.exe [2013-10-10 68344]
          .
          =============== Created Last 30 ================
          .
          2013-10-11 17:48:57 98816 ----a-w- c:\windows\sed.exe
          2013-10-11 17:48:57 256000 ----a-w- c:\windows\PEV.exe
          2013-10-11 17:48:57 208896 ----a-w- c:\windows\MBR.exe
          2013-10-11 17:01:23 -------- d--h--r- c:\documents and settings\helen de vink\Onlangs geopend
          2013-10-11 12:02:24 -------- d-----w- C:\AdwCleaner
          2013-10-10 20:31:59 2455936 ----a-w- c:\program files\common files\system\msmapi\1043\MSNCON32.dll
          2013-10-10 20:31:59 2455936 ----a-w- c:\program files\common files\system\mapi\1043\MSNCON32.dll
          2013-10-10 20:31:55 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
          2013-10-10 20:30:47 -------- d-----w- c:\program files\Windows Live SkyDrive
          2013-10-10 20:29:03 -------- d-----w- c:\program files\common files\Windows Live
          2013-10-10 16:09:16 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
          2013-10-10 15:49:44 -------- d-----w- c:\program files\CCleaner
          2013-10-10 10:18:52 -------- d-----w- c:\documents and settings\helen de vink\application data\Bitdefender
          2013-10-10 10:15:01 360376 ----a-w- c:\windows\system32\drivers\trufos.sys
          2013-10-10 10:14:59 165744 ----a-w- c:\windows\system32\drivers\gzflt.sys
          2013-10-08 17:14:38 72704 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
          2013-10-08 16:42:25 116560 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
          2013-10-08 16:42:23 66832 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
          2013-10-08 16:41:47 490144 ----a-w- c:\windows\system32\drivers\avckf.sys
          2013-10-08 16:41:46 242504 ----a-w- c:\windows\system32\drivers\avchv.sys
          2013-10-08 16:41:45 640560 ----a-w- c:\windows\system32\drivers\avc3.sys
          2013-10-08 12:05:12 790833 ----a-w- c:\documents and settings\all users\application data\1381231939.bdinstall.bin
          2013-10-08 12:00:16 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
          2013-10-08 11:59:39 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
          2013-10-08 11:58:30 -------- d-----w- c:\documents and settings\all users\application data\BDLogging
          2013-10-08 11:57:19 511328 ----a-w- c:\windows\capicom.dll
          2013-10-08 11:47:33 -------- d-----w- c:\documents and settings\helen de vink\application data\QuickScan
          2013-10-08 11:33:55 -------- d-----w- c:\documents and settings\all users\application data\Bitdefender
          2013-10-08 11:33:02 -------- d-----w- c:\program files\Bitdefender
          2013-10-08 11:28:44 -------- d-----w- c:\program files\common files\Bitdefender
          2013-10-08 11:09:04 -------- d-----w- C:\SSTMP
          2013-10-08 10:50:40 -------- d-----w- c:\program files\common files\SWF Studio
          2013-09-26 18:00:39 208760 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
          .
          ==================== Find3M ====================
          .
          2013-10-10 14:38:48 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
          2013-10-10 14:38:48 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
          2013-09-23 18:25:15 920064 ----a-w- c:\windows\system32\wininet.dll
          2013-09-23 18:25:12 43520 ----a-w- c:\windows\system32\licmgr10.dll
          2013-09-23 18:25:12 1469440 ------w- c:\windows\system32\inetcpl.cpl
          2013-09-23 18:25:08 18944 ----a-w- c:\windows\system32\corpol.dll
          2013-09-23 18:07:19 385024 ----a-w- c:\windows\system32\html.iec
          2013-09-12 18:00:00 112640 ----a-w- c:\windows\system32\ff_vfw.dll
          2013-09-10 21:18:28 97008 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
          2013-08-30 11:09:51 87608 ----a-w- c:\documents and settings\helen de vink\application data\inst.exe
          2013-08-30 11:09:51 47360 ----a-w- c:\documents and settings\helen de vink\application data\pcouffin.sys
          2013-08-29 07:01:31 1878784 ----a-w- c:\windows\system32\win32k.sys
          2013-08-22 17:09:56 217176 ----a-w- c:\windows\system32\unrar.dll
          2013-08-09 01:56:37 391168 ----a-w- c:\windows\system32\themeui.dll
          2013-08-09 00:55:08 144128 ----a-w- c:\windows\system32\drivers\usbport.sys
          2013-08-09 00:55:07 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
          2013-08-09 00:55:06 5376 ----a-w- c:\windows\system32\drivers\usbd.sys
          2013-08-05 13:30:18 1289216 ----a-w- c:\windows\system32\ole32.dll
          2013-08-02 23:48:38 1543680 ------w- c:\windows\system32\wmvdecod.dll
          2013-07-18 23:18:04 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
          2013-07-17 00:58:17 123008 ------w- c:\windows\system32\drivers\usbvideo.sys
          2013-07-17 00:58:06 46848 ------w- c:\windows\system32\drivers\irbus.sys
          2013-07-14 16:23:44 4188160 ----a-w- c:\program files\GUT97.tmp
          2010-06-02 03:22:02 89944 ----a-w- c:\program files\DSETUP.dll
          2010-06-02 03:22:02 537432 ----a-w- c:\program files\DXSETUP.exe
          2010-06-02 03:22:02 1801048 ----a-w- c:\program files\dsetup32.dll
          2010-02-18 03:58:46 30952 ----a-w- c:\program files\mpsyschk.exe
          .
          ============= FINISH: 21:56:56,04 ===============

          Comment


          • #6
            Schakel je beveiligingssoftware uit.

            Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.

            Open een kladblokbestand.
            Kopieer het onderstaande en plak dit in het kladblokbestand.
            Sla het kladblokbestand op als CFScript.txt
            Code:
            KillAll::
            ClearJavaCache::
            DDS::
            IE: &Block This Image (ABP) - <no file>
            File::
            c:\windows\system32\drivers\sptd.sys
            Driver::
            sptd
            Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe



            ComboFix zal opnieuw starten.
            Als Combofix vraagt om een update, dan staat je dit toe.

            Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile. Post de inhoud van de logfile.
            Maak een nieuwe DDS log en post deze ook.

            * OPMERKING: Indien je één van de onderstaande meldingen krijgt na het gebruik van ComboFix, herstart dan de computer.
            • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
            • Illegal operation attempted on a registry key that has been marked for deletion.



            Hoe gaat het nu ?
            Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
            E Dev * McAfee verwijderen. * Ccleaner * E-Peek

            Comment


            • #7
              Antwoord op: "Hoe gaat het nu?

              1. Bit Defender doet na Combofix geen updates meer. Ook niet handmatig
              Bij uitschakelen van Firewall en Antivirus geeft ie na verloop van tijd groen licht, terwijl ie echt uitgeschakeld is.
              Dus valse bescherming
              Moet ik als alles oké is na removal tool BD herinstalleren?
              2. Combofix doet er bijna een uur over. Internetverbinding uitgeschakeld
              3. Windows update gedaan Net.Framework Servicepack 3.5. gedaan Taalpakket 3.0 installeerde niet
              4. Mozilla start vandaag bijna niet op of bevriest. Gisteren ging het na eerste start (dat altijd lang duurt) wel sneller.

              Bedankt voor de snelle (nachtelijke) respons

              ComboFix 13-10-09.01 - Helen de Vink 12-10-2013 11:45:55.9.1 - x86
              Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1023.572 [GMT 2:00]
              Gestart vanuit: c:\documents and settings\Helen de Vink\Bureaublad\ComboFix.exe
              AV: Bitdefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
              FW: Bitdefender Firewall *Enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
              .
              .
              (((((((((((((((((((( Bestanden Gemaakt van 2013-09-12 to 2013-10-12 ))))))))))))))))))))))))))))))
              .
              .
              2013-10-11 17:01 . 2013-10-12 09:05 -------- d--h--r- c:\documents and settings\Helen de Vink\Onlangs geopend
              2013-10-11 12:02 . 2013-10-11 12:08 -------- d-----w- C:\AdwCleaner
              2013-10-10 20:31 . 2009-03-05 19:20 2455936 ----a-w- c:\program files\Common Files\System\MSMAPI\1043\MSNCON32.dll
              2013-10-10 20:31 . 2009-03-05 19:20 2455936 ----a-w- c:\program files\Common Files\System\MAPI\1043\MSNCON32.dll
              2013-10-10 20:31 . 2013-10-10 20:31 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
              2013-10-10 20:30 . 2013-10-10 20:30 -------- d-----w- c:\program files\Windows Live SkyDrive
              2013-10-10 20:29 . 2013-10-10 20:29 -------- d-----w- c:\program files\Common Files\Windows Live
              2013-10-10 16:09 . 2013-10-10 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
              2013-10-10 15:49 . 2013-10-10 15:49 -------- d-----w- c:\program files\CCleaner
              2013-10-10 10:18 . 2013-10-10 10:18 -------- d-----w- c:\documents and settings\Helen de Vink\Application Data\Bitdefender
              2013-10-10 10:15 . 2013-10-10 10:49 360376 ----a-w- c:\windows\system32\drivers\trufos.sys
              2013-10-10 10:14 . 2013-10-10 10:50 165744 ----a-w- c:\windows\system32\drivers\gzflt.sys
              2013-10-08 17:14 . 2013-10-08 17:14 72704 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
              2013-10-08 16:42 . 2013-02-22 17:46 116560 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
              2013-10-08 16:42 . 2013-07-23 14:50 66832 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
              2013-10-08 16:41 . 2013-07-19 16:06 490144 ----a-w- c:\windows\system32\drivers\avckf.sys
              2013-10-08 16:41 . 2012-11-02 12:17 242504 ----a-w- c:\windows\system32\drivers\avchv.sys
              2013-10-08 16:41 . 2013-07-19 16:03 640560 ----a-w- c:\windows\system32\drivers\avc3.sys
              2013-10-08 12:58 . 2013-10-08 12:58 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\QuickScan
              2013-10-08 12:05 . 2013-10-08 12:05 790833 ----a-w- c:\documents and settings\All Users\Application Data\1381231939.bdinstall.bin
              2013-10-08 12:02 . 2013-10-08 12:02 -------- d-----w- c:\documents and settings\LocalService\Application Data\QuickScan
              2013-10-08 12:00 . 2008-11-07 16:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
              2013-10-08 11:59 . 2009-07-14 21:27 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
              2013-10-08 11:58 . 2013-10-08 11:58 -------- d-----w- c:\documents and settings\All Users\Application Data\BDLogging
              2013-10-08 11:57 . 2007-04-11 09:11 511328 ----a-w- c:\windows\capicom.dll
              2013-10-08 11:47 . 2013-10-08 11:47 -------- d-----w- c:\documents and settings\Helen de Vink\Application Data\QuickScan
              2013-10-08 11:33 . 2013-10-10 10:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Bitdefender
              2013-10-08 11:33 . 2013-10-08 16:26 -------- d-----w- c:\program files\Bitdefender
              2013-10-08 11:28 . 2013-10-10 10:15 -------- d-----w- c:\program files\Common Files\Bitdefender
              2013-10-08 11:09 . 2013-10-08 11:24 -------- d-----w- C:\SSTMP
              2013-10-08 10:50 . 2013-10-08 10:50 -------- d-----w- c:\program files\Common Files\SWF Studio
              2013-09-26 18:00 . 2013-09-26 18:00 208760 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
              .
              .
              .
              ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              2013-10-10 14:38 . 2012-03-30 15:07 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
              2013-10-10 14:38 . 2012-03-19 10:56 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
              2013-09-23 18:25 . 2004-09-02 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
              2013-09-23 18:25 . 2004-09-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
              2013-09-23 18:25 . 2004-09-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
              2013-09-23 18:25 . 2004-09-02 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
              2013-09-23 18:07 . 2004-09-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
              2013-09-12 18:00 . 2013-08-17 14:48 112640 ----a-w- c:\windows\system32\ff_vfw.dll
              2013-09-10 21:18 . 2013-09-10 21:18 97008 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
              2013-08-30 11:09 . 2009-01-25 12:21 87608 ----a-w- c:\documents and settings\Helen de Vink\Application Data\inst.exe
              2013-08-30 11:09 . 2009-01-25 12:21 47360 ----a-w- c:\documents and settings\Helen de Vink\Application Data\pcouffin.sys
              2013-08-29 07:01 . 2004-09-02 12:00 1878784 ----a-w- c:\windows\system32\win32k.sys
              2013-08-22 17:09 . 2002-10-15 22:54 217176 ----a-w- c:\windows\system32\unrar.dll
              2013-08-09 01:56 . 2004-09-02 12:00 391168 ----a-w- c:\windows\system32\themeui.dll
              2013-08-09 00:55 . 2004-09-02 12:00 144128 ----a-w- c:\windows\system32\drivers\usbport.sys
              2013-08-09 00:55 . 2008-12-09 16:20 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
              2013-08-09 00:55 . 2004-09-02 12:00 5376 ----a-w- c:\windows\system32\drivers\usbd.sys
              2013-08-05 13:30 . 2004-09-02 12:00 1289216 ----a-w- c:\windows\system32\ole32.dll
              2013-08-02 23:48 . 2006-10-18 20:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
              2013-07-18 23:18 . 2013-07-18 23:18 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
              2013-07-17 00:58 . 2008-04-13 18:46 123008 ------w- c:\windows\system32\drivers\usbvideo.sys
              2013-07-17 00:58 . 2008-04-13 18:45 46848 ------w- c:\windows\system32\drivers\irbus.sys
              2013-07-14 16:23 . 2013-07-14 16:21 4188160 ----a-w- c:\program files\GUT97.tmp
              2010-06-02 03:22 . 2010-06-02 03:22 89944 ----a-w- c:\program files\DSETUP.dll
              2010-06-02 03:22 . 2010-06-02 03:22 537432 ----a-w- c:\program files\DXSETUP.exe
              2010-06-02 03:22 . 2010-06-02 03:22 1801048 ----a-w- c:\program files\dsetup32.dll
              2010-02-18 03:58 . 2010-02-18 03:58 30952 ----a-w- c:\program files\mpsyschk.exe
              .
              .
              ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
              REGEDIT4
              .
              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
              "Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2013-10-08 481344]
              "Bitdefender Wallet"="c:\program files\Bitdefender\Bitdefender\pwdmanui.exe" [2013-10-10 903656]
              "Bitdefender Agent Wallet-toepassing"="c:\program files\Bitdefender\Bitdefender\bdapppassmgr.exe" [2013-10-08 621448]
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "PRISMSTA.EXE"="PRISMSTA.EXE START" [X]
              "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512]
              "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 61952]
              "Prism_Utility"="Prismsta.exe" [2004-01-14 215552]
              "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
              "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
              "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
              "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-10-01 152392]
              "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
              "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
              "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
              "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
              "Bdagent"="c:\program files\Bitdefender\Bitdefender\bdagent.exe" [2013-10-10 1837848]
              .
              [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
              "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
              "Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2013-10-08 481344]
              "Bitdefender Wallet"="c:\program files\Bitdefender\Bitdefender\pwdmanui.exe" [2013-10-10 903656]
              "Bitdefender Agent de l'application Wallet"="c:\program files\Bitdefender\Bitdefender\bdapppassmgr.exe" [2013-10-08 621448]
              "Bitdefender Agent Wallet-toepassing"="c:\program files\Bitdefender\Bitdefender\bdapppassmgr.exe" [2013-10-08 621448]
              .
              c:\documents and settings\Helen de Vink\Menu Start\Programma's\Opstarten\
              SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
              Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]
              .
              c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
              hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
              Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2013-7-3 563416]
              .
              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
              @="Driver"
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4D3964D404AE426D77D6B8D187E90605E9BFCC97._service_run]
              2013-10-03 06:03 844752 ----a-w- c:\program files\Google\Chrome\Application\chrome.exe
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
              c:\program files\DivX\DivX Media Server\DivXMediaServer.exe [BU]
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
              c:\program files\DivX\DivX Update\DivXUpdate.exe [BU]
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
              2010-04-03 17:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
              .
              [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
              "EnableFirewall"= 0 (0x0)
              .
              [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
              "%windir%\\system32\\sessmgr.exe"=
              "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
              "d:\\Gedownloade programma's\\uTorrent\\utorrent.exe"=
              "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
              "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
              "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
              "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
              "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
              "c:\\Program Files\\Messenger\\msmsgs.exe"=
              "c:\\Documents and Settings\\Helen de Vink\\Application Data\\uTorrent\\uTorrent.exe"=
              "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
              "c:\\Program Files\\iTunes\\iTunes.exe"=
              "c:\\Program Files\\PANDORA.TV\\PanService\\KMPProcess.exe"=
              .
              [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
              "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
              .
              R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [8-10-2013 18:41 640560]
              R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [10-10-2013 12:14 165744]
              R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [10-9-2013 23:18 97008]
              R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
              R1 RapportCerberus_56758;RapportCerberus_56758;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys [5-9-2013 12:08 330960]
              R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [10-9-2013 23:18 148688]
              R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [10-9-2013 23:18 222416]
              R2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\KMPService.exe [18-9-2013 12:45 1922600]
              R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [10-9-2013 23:18 1435928]
              R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [3-7-2013 10:32 1228504]
              R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender\updatesrv.exe [10-10-2013 12:18 54424]
              R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [8-10-2013 18:41 242504]
              R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys [10-10-2013 12:18 116560]
              R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [9-12-2008 16:21 1287296]
              R3 PSI;PSI;c:\windows\system32\drivers\psi_mf_x86.sys [3-7-2013 10:32 16024]
              S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [3-7-2013 10:32 660184]
              S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [8-10-2013 18:41 490144]
              S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [8-10-2013 18:42 66832]
              S3 cleanhlp;cleanhlp;c:\eek\Run\cleanhlp32.sys [13-7-2013 17:38 50200]
              S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?]
              S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [2-9-2004 14:00 14336]
              S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [25-1-2009 14:21 47360]
              S4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender\bdparentalservice.exe [10-10-2013 12:18 68344]
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
              getPlusHelper REG_MULTI_SZ getPlusHelper
              nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
              2013-10-05 13:03 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe
              .
              Inhoud van de 'Gedeelde Taken' map
              .
              2013-09-09 c:\windows\Tasks\AppleSoftwareUpdate.job
              - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
              .
              2013-10-11 c:\windows\Tasks\Google Software Updater.job
              - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-10 20:06]
              .
              2013-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
              - c:\program files\Google\Update\GoogleUpdate.exe [2013-07-14 16:58]
              .
              2013-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
              - c:\program files\Google\Update\GoogleUpdate.exe [2013-07-14 16:58]
              .
              2013-10-12 c:\windows\Tasks\User_Feed_Synchronization-{7DF23361-E1F0-4789-A428-E5ED9F8ABD1E}.job
              - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
              .
              .
              ------- Bijkomende Scan -------
              .
              uStart Page = hxxp://google.nl/
              uDefault_Search_URL = hxxp://www.google.com/ie
              uInternet Settings,ProxyOverride = *.local
              uSearchAssistant = hxxp://www.google.com/ie
              uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
              IE: &Block This Image (ABP)
              IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
              FF - ProfilePath - c:\documents and settings\Helen de Vink\Application Data\Mozilla\Firefox\Profiles\rphdu8ra.Helena\
              FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
              FF - ExtSQL: 2013-08-27 15:58; [email protected]; c:\program files\Bitdefender\Bitdefender\ffpwdman
              .
              .
              **************************************************************************
              .
              catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
              Rootkit scan 2013-10-12 12:16
              Windows 5.1.2600 Service Pack 3 NTFS
              .
              scannen van verborgen processen ...
              .
              scannen van verborgen autostart items ...
              .
              scannen van verborgen bestanden ...
              .
              Scan succesvol afgerond
              verborgen bestanden: 0
              .
              **************************************************************************
              .
              --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
              .
              [HKEY_USERS\S-1-5-21-796845957-1547161642-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
              @Allowed: (Read) (RestrictedCode)
              @Allowed: (Read) (RestrictedCode)
              .
              [HKEY_USERS\S-1-5-21-796845957-1547161642-682003330-1003\Software\SecuROM\License information*]
              "datasecu"=hex:a0,c3,b7,34,95,36,97,b1,8d,c8,70,74,bc,ad,6f,f5,53,99,01,5a,1d,
              e2,1e,b2,0b,27,d4,38,98,2c,85,5a,28,cb,43,1a,3f,30,22,cb,14,62,cf,04,d9,d4,\
              "rkeysecu"=hex:c0,55,8a,41,8b,0c,59,34,ce,33,5b,0b,eb,2e,af,7c
              .
              [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
              @Denied: (A 2) (Everyone)
              @="FlashBroker"
              "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe ,-101"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
              "Enabled"=dword:00000001
              .
              [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
              @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
              @Denied: (A 2) (Everyone)
              @="FlashBroker"
              "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_64_ActiveX.exe,-101"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
              "Enabled"=dword:00000001
              .
              [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
              @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_64_ActiveX.exe"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
              @Denied: (A 2) (Everyone)
              @="IFlashBroker6"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
              @="{00020424-0000-0000-C000-000000000046}"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
              "Version"="1.0"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
              @Denied: (A 2) (Everyone)
              @="IFlashBroker5"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
              @="{00020424-0000-0000-C000-000000000046}"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
              "Version"="1.0"
              .
              [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Componen ts\€–}|ÿÿÿÿÀ•}|ù•9~*]
              "3140111900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
              .
              --------------------- DLLs Geladen Onder Lopende Processen ---------------------
              .
              - - - - - - - > 'explorer.exe'(2944)
              c:\program files\Bitdefender\Bitdefender\bdsecurepass.dll
              c:\windows\system32\webcheck.dll
              c:\windows\system32\WPDShServiceObj.dll
              c:\windows\system32\PortableDeviceTypes.dll
              c:\windows\system32\PortableDeviceApi.dll
              .
              Voltooingstijd: 2013-10-12 12:26:09
              ComboFix-quarantined-files.txt 2013-10-12 10:26
              ComboFix2.txt 2013-10-11 19:47
              .
              Pre-Run: 24.644.403.200 bytes beschikbaar
              Post-Run: 24.626.585.600 bytes beschikbaar
              .
              - - End Of File - - AD03B2318C18BFD90461F8DDC08BBE05
              3051207086651214E435112E51817DC5

              DDS (Ver_2012-11-20.01) - NTFS_x86
              Internet Explorer: 8.0.6001.18702
              Run by Helen de Vink at 12:43:06 on 2013-10-12
              Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1023.256 [GMT 2:00]
              .
              AV: Bitdefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
              FW: Bitdefender Firewall *Enabled*
              .
              ============== Running Processes ================
              .
              C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
              C:\WINDOWS\system32\nvsvc32.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
              C:\Program Files\Bonjour\mDNSResponder.exe
              C:\WINDOWS\eHome\ehRecvr.exe
              C:\WINDOWS\eHome\ehSched.exe
              C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
              C:\Program Files\PANDORA.TV\PanService\KMPService.exe
              C:\Program Files\Secunia\PSI\PSIA.exe
              C:\Program Files\PANDORA.TV\PanService\KMPProcess.exe
              C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
              C:\WINDOWS\ehome\mcrdsvc.exe
              C:\Program Files\Canon\CAL\CALMAIN.exe
              C:\WINDOWS\system32\dllhost.exe
              C:\WINDOWS\System32\alg.exe
              C:\WINDOWS\ehome\ehtray.exe
              C:\WINDOWS\system32\Prismsta.exe
              C:\WINDOWS\eHome\ehmsas.exe
              C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
              C:\Program Files\iTunes\iTunesHelper.exe
              C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
              C:\Program Files\Microsoft ActiveSync\wcescomm.exe
              C:\Program Files\iPod\bin\iPodService.exe
              C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
              C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe
              C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
              C:\Program Files\Secunia\PSI\psi_tray.exe
              C:\Program Files\SpywareGuard\sgmain.exe
              C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
              C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
              C:\Program Files\SpywareGuard\sgbhp.exe
              C:\WINDOWS\system32\HPZipm12.exe
              C:\WINDOWS\system32\DllHost.exe
              C:\WINDOWS\explorer.exe
              C:\WINDOWS\system32\notepad.exe
              C:\Program Files\Bitdefender\Bitdefender\seccenter.exe
              C:\Program Files\Mozilla Firefox\firefox.exe
              C:\WINDOWS\system32\wbem\wmiprvse.exe
              C:\WINDOWS\system32\svchost.exe -k DcomLaunch
              C:\WINDOWS\system32\svchost.exe -k rpcss
              C:\WINDOWS\System32\svchost.exe -k netsvcs
              C:\WINDOWS\system32\svchost.exe -k NetworkService
              C:\WINDOWS\system32\svchost.exe -k LocalService
              C:\WINDOWS\system32\svchost.exe -k LocalService
              C:\WINDOWS\system32\svchost.exe -k LocalService
              C:\WINDOWS\system32\svchost.exe -k imgsvc
              C:\WINDOWS\System32\svchost.exe -k HTTPFilter
              .
              ============== Pseudo HJT Report ===============
              .
              uStart Page = hxxp://google.nl/
              uDefault_Search_URL = hxxp://www.google.com/ie
              uSearchAssistant = hxxp://www.google.com/ie
              uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
              BHO: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - c:\program files\bitdefender\bitdefender\pmbxie.dll
              BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4A368E80-174F-4872-96B5-0B27DDD11DB2} - c:\program files\spywareguard\dlprotect.dll
              BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
              uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
              uRun: [Bitdefender Wallet Agent] "c:\program files\bitdefender\bitdefender\pmbxag.exe"
              uRun: [Bitdefender Wallet] "c:\program files\bitdefender\bitdefender\pwdmanui.exe" --hidden --nowizard
              uRun: [Bitdefender Agent Wallet-toepassing] "c:\program files\bitdefender\bitdefender\bdapppassmgr.exe"
              mRun: [ehTray] c:\windows\ehome\ehtray.exe
              mRun: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
              mRun: [Prism_Utility] Prismsta.exe
              mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
              mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
              mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
              mRun: [PRISMSTA.EXE] PRISMSTA.EXE START
              mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
              mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
              mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
              mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
              mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
              mRun: [Bdagent] "c:\program files\bitdefender\bitdefender\bdagent.exe"
              dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
              dRun: [Bitdefender Wallet Agent] "c:\program files\bitdefender\bitdefender\pmbxag.exe"
              dRun: [Bitdefender Wallet] "c:\program files\bitdefender\bitdefender\pwdmanui.exe" --hidden --nowizard
              dRun: [Bitdefender Agent de l'application Wallet] "c:\program files\bitdefender\bitdefender\bdapppassmgr.exe"
              dRun: [Bitdefender Agent Wallet-toepassing] "c:\program files\bitdefender\bitdefender\bdapppassmgr.exe"
              StartupFolder: c:\docume~1\helend~1\menust~1\progra~1\opstar~1\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
              StartupFolder: c:\docume~1\helend~1\menust~1\progra~1\opstar~1\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
              StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe
              StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
              uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
              uPolicies-Explorer: NoDriveAutoRun = dword:67108863
              uPolicies-Explorer: NoDrives = dword:0
              mPolicies-Explorer: NoDriveAutoRun = dword:67108863
              mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
              mPolicies-Explorer: NoDrives = dword:0
              mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
              mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
              mPolicies-Explorer: NoDriveAutoRun = dword:67108863
              IE: &Block This Image (ABP) - <no file>
              IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
              IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
              IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
              IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
              IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
              IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
              .
              INFO: HKCU has more than 50 listed domains.
              If you wish to scan all of them, select the 'Force scan all domains' option.
              .
              .
              INFO: HKLM has more than 50 listed domains.
              If you wish to scan all of them, select the 'Force scan all domains' option.
              .
              DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
              DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1347124945993
              DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
              DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
              DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
              TCP: NameServer = 212.54.40.25 212.54.35.25
              TCP: Interfaces\{73C1EC97-B67B-435C-BB95-BC4699E68863} : DHCPNameServer = 212.54.40.25 212.54.35.25
              SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
              SEH: SpywareGuard.Handler - {81559C35-8464-49F7-BB0E-07A383BEF910} - c:\program files\spywareguard\spywareguard.dll
              mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.69\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
              .
              ================= FIREFOX ===================
              .
              FF - ProfilePath - c:\documents and settings\helen de vink\application data\mozilla\firefox\profiles\rphdu8ra.helena\
              FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
              FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
              FF - plugin: c:\program files\adobe\reader 11.0\reader\browser\nppdf32(2).dll
              FF - plugin: c:\program files\bitdefender\bitdefender\npcomm.dll
              FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
              FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
              FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
              FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
              FF - plugin: c:\program files\nos\bin\np_gp.dll
              FF - plugin: c:\windows\system32\adobe\director\np32dsw_1204144.dll
              FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_165.dll
              FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_170.dll
              FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
              FF - ExtSQL: 2013-08-27 15:58; [email protected]; c:\program files\bitdefender\bitdefender\ffpwdman
              .
              ============= SERVICES / DRIVERS ===============
              .
              R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2013-10-8 640560]
              R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [2013-10-10 165744]
              R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2013-9-10 97008]
              R1 RapportCerberus_56758;RapportCerberus_56758;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_56758.sys [2013-9-5 330960]
              R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2013-9-10 148688]
              R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2013-9-10 222416]
              R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-17 99328]
              R2 PanService;PandoraService;c:\program files\pandora.tv\panservice\KMPService.exe [2013-9-18 1922600]
              R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2013-9-10 1435928]
              R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2013-7-3 1228504]
              R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\bitdefender\bitdefender\updatesrv.exe [2013-10-10 54424]
              R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2013-10-8 242504]
              R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2013-10-8 490144]
              R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf.sys [2013-10-10 116560]
              R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2008-12-9 1287296]
              R3 PSI;PSI;c:\windows\system32\drivers\psi_mf_x86.sys [2013-7-3 16024]
              S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
              S2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2013-7-3 660184]
              S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2013-10-8 66832]
              S3 cleanhlp;cleanhlp;c:\eek\run\cleanhlp32.sys [2013-7-13 50200]
              S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?]
              S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-9-2 14336]
              S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
              S4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\bitdefender\bitdefender\bdparentalservice.exe [2013-10-10 68344]
              .
              =============== Created Last 30 ================
              .
              2013-10-12 09:07:05 -------- d-----w- C:\ComboFix
              2013-10-11 17:48:57 98816 ----a-w- c:\windows\sed.exe
              2013-10-11 17:48:57 256000 ----a-w- c:\windows\PEV.exe
              2013-10-11 17:48:57 208896 ----a-w- c:\windows\MBR.exe
              2013-10-11 17:01:23 -------- d--h--r- c:\documents and settings\helen de vink\Onlangs geopend
              2013-10-11 12:02:24 -------- d-----w- C:\AdwCleaner
              2013-10-10 20:31:59 2455936 ----a-w- c:\program files\common files\system\msmapi\1043\MSNCON32.dll
              2013-10-10 20:31:59 2455936 ----a-w- c:\program files\common files\system\mapi\1043\MSNCON32.dll
              2013-10-10 20:31:55 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
              2013-10-10 20:30:47 -------- d-----w- c:\program files\Windows Live SkyDrive
              2013-10-10 20:29:03 -------- d-----w- c:\program files\common files\Windows Live
              2013-10-10 16:09:16 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
              2013-10-10 15:49:44 -------- d-----w- c:\program files\CCleaner
              2013-10-10 10:18:52 -------- d-----w- c:\documents and settings\helen de vink\application data\Bitdefender
              2013-10-10 10:15:01 360376 ----a-w- c:\windows\system32\drivers\trufos.sys
              2013-10-10 10:14:59 165744 ----a-w- c:\windows\system32\drivers\gzflt.sys
              2013-10-08 17:14:38 72704 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
              2013-10-08 16:42:25 116560 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
              2013-10-08 16:42:23 66832 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
              2013-10-08 16:41:47 490144 ----a-w- c:\windows\system32\drivers\avckf.sys
              2013-10-08 16:41:46 242504 ----a-w- c:\windows\system32\drivers\avchv.sys
              2013-10-08 16:41:45 640560 ----a-w- c:\windows\system32\drivers\avc3.sys
              2013-10-08 12:05:12 790833 ----a-w- c:\documents and settings\all users\application data\1381231939.bdinstall.bin
              2013-10-08 12:00:16 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
              2013-10-08 11:59:39 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
              2013-10-08 11:58:30 -------- d-----w- c:\documents and settings\all users\application data\BDLogging
              2013-10-08 11:57:19 511328 ----a-w- c:\windows\capicom.dll
              2013-10-08 11:47:33 -------- d-----w- c:\documents and settings\helen de vink\application data\QuickScan
              2013-10-08 11:33:55 -------- d-----w- c:\documents and settings\all users\application data\Bitdefender
              2013-10-08 11:33:02 -------- d-----w- c:\program files\Bitdefender
              2013-10-08 11:28:44 -------- d-----w- c:\program files\common files\Bitdefender
              2013-10-08 11:09:04 -------- d-----w- C:\SSTMP
              2013-10-08 10:50:40 -------- d-----w- c:\program files\common files\SWF Studio
              2013-09-26 18:00:39 208760 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
              .
              ==================== Find3M ====================
              .
              2013-10-10 14:38:48 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
              2013-10-10 14:38:48 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
              2013-09-23 18:25:15 920064 ----a-w- c:\windows\system32\wininet.dll
              2013-09-23 18:25:12 43520 ----a-w- c:\windows\system32\licmgr10.dll
              2013-09-23 18:25:12 1469440 ------w- c:\windows\system32\inetcpl.cpl
              2013-09-23 18:25:08 18944 ----a-w- c:\windows\system32\corpol.dll
              2013-09-23 18:07:19 385024 ----a-w- c:\windows\system32\html.iec
              2013-09-12 18:00:00 112640 ----a-w- c:\windows\system32\ff_vfw.dll
              2013-09-10 21:18:28 97008 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
              2013-08-30 11:09:51 87608 ----a-w- c:\documents and settings\helen de vink\application data\inst.exe
              2013-08-30 11:09:51 47360 ----a-w- c:\documents and settings\helen de vink\application data\pcouffin.sys
              2013-08-29 07:01:31 1878784 ----a-w- c:\windows\system32\win32k.sys
              2013-08-22 17:09:56 217176 ----a-w- c:\windows\system32\unrar.dll
              2013-08-09 01:56:37 391168 ----a-w- c:\windows\system32\themeui.dll
              2013-08-09 00:55:08 144128 ----a-w- c:\windows\system32\drivers\usbport.sys
              2013-08-09 00:55:07 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
              2013-08-09 00:55:06 5376 ----a-w- c:\windows\system32\drivers\usbd.sys
              2013-08-05 13:30:18 1289216 ----a-w- c:\windows\system32\ole32.dll
              2013-08-02 23:48:38 1543680 ------w- c:\windows\system32\wmvdecod.dll
              2013-07-18 23:18:04 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
              2013-07-17 00:58:17 123008 ------w- c:\windows\system32\drivers\usbvideo.sys
              2013-07-17 00:58:06 46848 ------w- c:\windows\system32\drivers\irbus.sys
              2013-07-14 16:23:44 4188160 ----a-w- c:\program files\GUT97.tmp
              2010-06-02 03:22:02 89944 ----a-w- c:\program files\DSETUP.dll
              2010-06-02 03:22:02 537432 ----a-w- c:\program files\DXSETUP.exe
              2010-06-02 03:22:02 1801048 ----a-w- c:\program files\dsetup32.dll
              2010-02-18 03:58:46 30952 ----a-w- c:\program files\mpsyschk.exe
              .
              ============= FINISH: 12:44:32,54 ===============

              Comment


              • #8
                We gaan eerst Combofix verwijderen van je pc....

                Ga naar start > uitvoeren en kopieer en plak volgende command in het veld:

                ComboFix /Uninstall

                Zorg ervoor dat er dus een spatie is tussen Combofix en /
                Daarna klik je op Enter.


                Klik op de afbeelding om te vergroten....


                Dit zal Combofix verwijderen+gerelateerde mappen en bestanden,
                herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies,
                gaat verborgen bestanden en systeembestanden terug verbergen
                en reset je Systeemherstel opnieuw.



                Start CCleaner op.
                • Run Ccleaner en klik in de linkse kolom op Opties
                • Selecteer het tabblad Geavanceerd
                • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
                • Haal het vinkje weg voor Verwijder alleen bestanden in de Prullenbak die ouder zijn dan 24 uur
                • Selecteer het tabblad Instellingen
                • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
                • Klik in de linkse kolom op Cleaner.
                • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
                • Klik vervolgens in de linkse kolom op Register
                • Klik op Scan naar problemen.
                • Als er fouten gevonden worden klik je op Herstel geselecteerde problemen
                • Hier kan de vraag verschijnen of je je register wil backuppen.Antwoord met Ja en OK



                We gaan eveneens je opstarters aanpakken:


                Download StartUpLite naar het bureaublad.
                Open het programma StartUpLite en klik vervolgens op "Continue"
                Herstart nu de computer.

                Hoe is het nu?
                Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                Comment


                • #9
                  Dag E.,

                  Opdrachten uitgevoerd

                  1. Opstarten pc duurde 6/7 minuten na verwijderen Combofix
                  2. Opstarten Mozilla duurde 9 minuten, laden site bijv Nucia nog eens 6 minuten. In totaal dus [15 minuten.
                  Hierbij moet ik wel vermelden dat BitDefender als een gek probeerde updates te installeren, hetgeen niet lukte. Dat vertraagde de boel behoorlijk. Ook andee programma's starten langzaam op
                  3. De pc opnieuw opgestart na StartUpLite. Duurde weer 6/7 minuten. Vroeger ca. 3 minuten
                  4. Bit DEfender was rustig en probeerde niet de updates te downloaden en te installeren.
                  5. Mozilla startte nu in 2 minuten op. Het laden van Nucia duurde 1 minuut
                  Na 5 minuten probeerde BD alsnog de updates te installeren, hetgeen weer niet lukte.
                  Hierdoor werd alles weer erg traag
                  6. Het opnieuw opstarten van Mozilla gaat de tweede keer heel snel, mits BD niet probeert de updates te installeren

                  Met een trage opstart van pc kan ik wel leven
                  Het lijkt erop dat BD de boosdoener is wat betreft het bevriezen van de pc of het traag opstarten van programma's .
                  Is hij door het virus niet goed geïnstalleerd of is het programma te zwaar voor mijn oude pc (december 2006 aangekocht)
                  De meldingen werken ook niet. Zo geeft hij standaard aan dat laatste update "vandaag" is en dat er "nooit" gescand is. Precies dus als direct na installatie. Wel geeft hij aan hoeveel updates er nog gedaan moeten worden.
                  Heb jij nog suggesties? Opnieuw installeren?
                  Dank voor alle moeite
                  Helen

                  Comment


                  • #10
                    Wel...eerlijk gezegd....ik zou BD verwijderen en een ander actieve AV tool installeren.
                    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                    Comment


                    • #11
                      Beste E.,
                      Allereerst hartelijk bedankt voor je hulp.
                      1. Ik heb met pijn in het hart BD verwijderd. De updates installeerden vandaag wel weer automatisch, maar de pc bevroor bij het opstarten van welk programma dan ook.
                      2. De verlopen versie van Norton via CDRom erop gezet en daarna geüpdatet via internet. (dat bleek het goedkoopst.)
                      Wel weer wat problemen met de automatische updates, maar uiteindelijk loopt alles nu als een zonnetje.
                      3. Opstarten van de pc duurt nog geen 2 minuten. Na 3 minuten is alles geladen.
                      Mozilla start redelijk snel op (een halve minuut) en programma's openen meteen.
                      Ik ben erg blij,
                      4. Morgen doe ik een volledige scan en als dit geen problemen oplevert (bijv. bevriezen van pc tijdens scan) zet ik dit item als opgelost.

                      Nogmaals hartelijk dank. Kleine donatie is onderweg.
                      Groetjes
                      Helen

                      Comment


                      • #12
                        1) Je mag alle losse bestanden en tools die we hebben gebruikt verwijderen.

                        2) Om herbesmetting te vermijden, kan je deze tips eens nalezen:

                        Het voorkomen van spyware-infecties en browserhijacking en Hoe voorkom ik een nieuwe infectie?

                        3) Om je PC een snelle onderhoudbeurt te geven, kan je deze tips eens lezen: Handleiding voor een schone PC

                        4) Allerlei tips en hints kan je hier raadplegen.


                        Ik zet het topic op opgelost.

                        Indien er niet meer gereageerd wordt, zal binnen een 3-tal dagen deze thread automatisch verplaatst worden
                        naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk
                        Dit is gedaan om het forum netjes en overzichtelijk te houden.

                        Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.



                        Hebben we je goed geholpen? Overweeg eens een (vrijblijvende) donatie aan Nucia

                        Emphyrio
                        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                        Comment

                        Sorry, you are not authorized to view this page
                        Working...
                        X