Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

.jordan bestand ?

Abraham54
41 antwoorden
  • Ik zag in Windows verkenner de map .jordan staan onder mijn gebruikersnaam.
    Nooit eerder gezien; malware?
    Avast heeft niets gevonden; hieronder HijackThis log en MBAM log.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:06:54, on 1-10-2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Unable to get Internet Explorer version!
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\AutoSizer\AutoSizer.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe" -s
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [AutoSizer] "C:\Program Files (x86)\AutoSizer\AutoSizer.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat… - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat… - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Verzenden naar Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: Verzenden naar &Bluetooth-apparaat… - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32
    etlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32
    vvsvc.exe (file missing)
    O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
    O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    End of file - 7146 bytes

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Databaseversie: 7839

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    1-10-2011 9:01:48
    mbam-log-2011-10-01 (09-01-48).txt

    Scantype: Snelle scan
    Objecten gescand: 174812
    Verstreken tijd: 1 minuut/minuten, 34 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

  • Hallo Jos, heb jij ook al in die map gekeken ne ben jij de enigste gebruiker?

    Doe ook dit: een Uninstall-lijst posten:
    [list:d96c9ea161][*:d96c9ea161] start HijackThis,
    [*:d96c9ea161] klik op de knop Open the Misc Tools section,
    [*:d96c9ea161] klik op de knop Open Uninstall Manager,
    [*:d96c9ea161] Klik op de knop Save.[/list:u:d96c9ea161]
  • In de map staat het bestand: permlist_A67A…….enz.
    Ja, ik ben enige gebruiker op deze laptop.

    Hierbij het log:

    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.1.1) - Nederlands
    AM-DeadLink 4.4
    Auslogics Disk Defrag
    AuthenTec Fingerprint Sensor Minimum Install
    AutoSizer
    avast! Free Antivirus
    BUFFALO BWC-130H01 USB PC Camera
    EMET
    FileHippo.com Update Checker
    HiJackThis
    Java(TM) 7
    LifeView DTV
    Malwarebytes' Anti-Malware versie 1.51.2.1300
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox 7.0.1 (x86 nl)
    OpenOffice.org 3.3
    PC Tools Firewall Plus 7.0
    Picasa 3
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Secunia PSI (2.0.0.3003)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2478663)
    Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)
    Smart Driver Updater v2.0
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
  • Hoi Jos, Google kent dat bestand niet.

    We gaan het volgende doen:

    [b:c44abe6c10]Welk programma[/b:c44abe6c10]: ComboFix
    [b:c44abe6c10]Waarvoor/waarom[/b:c44abe6c10]: Zeer specialistische scanner om Windows diepgaand te onderzoeken
    en zo mogelijk op te schonen.
    [b:c44abe6c10]Moeilijkheidsgraad[/b:c44abe6c10]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:c44abe6c10]Downloadlokatie[/b:c44abe6c10]: Dit programma absoluut naar het bureaublad downloaden!
    [b:c44abe6c10]Download ComboFix via één van deze locaties[/b:c44abe6c10]:
    [list:c44abe6c10][*:c44abe6c10][b:c44abe6c10]Bleepingcomputer[/b:c44abe6c10]
    [*:c44abe6c10][b:c44abe6c10]ForoSpyware[/b:c44abe6c10]
    [*:c44abe6c10][b:c44abe6c10]Geekstogo[/b:c44abe6c10][/list:u:c44abe6c10]
    [b:c44abe6c10]Hier[/b:c44abe6c10] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
    [b:c44abe6c10]Hier[/b:c44abe6c10] en [b:c44abe6c10]hier[/b:c44abe6c10] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

    [b:c44abe6c10]Voor alle duidelijkheid nogmaals[/b:c44abe6c10]: ComboFix dient vanaf het bureaublad gestart te worden.

    [b:c44abe6c10]Opmerkingen[/b:c44abe6c10]:
    [list:c44abe6c10][*:c44abe6c10] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
    [*:c44abe6c10]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten.
    [*:c44abe6c10]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:c44abe6c10]
    [b:c44abe6c10]ComboFix is opgestart[/b:c44abe6c10]:
    [list:c44abe6c10][*:c44abe6c10]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:c44abe6c10]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
    [*:c44abe6c10]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:c44abe6c10]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
    [*:c44abe6c10]Post de inhoud van dit logbestand in je volgende bericht.
    [*:c44abe6c10]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:c44abe6c10]
    [b:c44abe6c10]Belangrijke opmerking[/b:c44abe6c10]:
    [list:c44abe6c10][*:c44abe6c10][b:c44abe6c10]
  • Combofix gestart volgens bovenstaande beschrijving; er komt een melding dat Command Standard Stream Splitter niet goed werkt en wordt afgesloten.
    Na afsluiten lijkt het programma door te gaan met zijn werk.
    De melding komt enkele keren terug maar na klikken op programma afsluiten gaat Combofix verder met zijn werk.
    Hieronder het log:

    ComboFix 11-10-02.01 - Gebruiker 02-10-2011 15:05:40.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3070.1704 [GMT 2:00]
    Gestart vanuit: c:\users\Gebruiker\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    FW: PC Tools Firewall Plus *Disabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Nieuw herstelpunt werd aangemaakt
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\google\common\google updater\googleupdaterservice.exe
    c:\windows\WindowsXP-KB822603-x86.exe
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-09-02 to 2011-10-02 ))))))))))))))))))))))))))))))
    .
    .
    2011-10-02 13:12 . 2011-10-02 13:12 ——– d—–w- c:\users\Gebruiker\AppData\Local\temp
    2011-10-02 13:12 . 2011-10-02 13:12 ——– d—–w- c:\users\Default\AppData\Local\temp
    2011-10-01 06:38 . 2011-10-01 06:38 69000 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9721F9CA-12FB-4D0E-A541-44E9FAEAD58D}\offreg.dll
    2011-10-01 06:38 . 2011-09-13 00:26 9049936 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9721F9CA-12FB-4D0E-A541-44E9FAEAD58D}\mpengine.dll
    2011-09-24 04:45 . 2011-09-24 04:45 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\aignes
    2011-09-24 04:44 . 2011-09-24 04:44 ——– d—–w- c:\program files (x86)\AM-DeadLink
    2011-09-24 01:49 . 2011-09-24 01:50 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\PCToolsFirewallPlus
    2011-09-24 01:48 . 2010-03-29 09:06 233488 —-a-w- c:\windows\system32\drivers\PCTCore64.sys
    2011-09-24 01:48 . 2011-03-24 10:39 140800 —-a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
    2011-09-24 01:48 . 2011-01-17 07:09 334976 —-a-w- c:\windows\system32\drivers\pctgntdi64.sys
    2011-09-24 01:46 . 2011-09-24 01:48 ——– d—–w- c:\program files (x86)\Common Files\PC Tools
    2011-09-24 01:46 . 2011-01-12 08:35 119688 —-a-w- c:\windows\system32\drivers\pctNdis-PacketFilter64.sys
    2011-09-24 01:46 . 2010-07-08 06:49 79000 —-a-w- c:\windows\system32\drivers\pctNdis64.sys
    2011-09-24 01:46 . 2010-02-05 06:26 42968 —-a-w- c:\windows\system32\drivers\pctNdis-DNS64.sys
    2011-09-24 01:46 . 2011-01-17 06:11 179976 —-a-w- c:\windows\system32\drivers\pctplfw64.sys
    2011-09-24 01:46 . 2011-09-24 01:50 ——– d—–w- c:\program files (x86)\PC Tools Firewall Plus
    2011-09-23 18:34 . 2011-09-23 18:34 ——– d—–w- c:\program files\CCleaner
    2011-09-23 11:34 . 2011-09-23 11:34 ——– d—–w- c:\users\Gebruiker\.jordan
    2011-09-23 11:18 . 2011-09-23 11:18 ——– d—–w- c:\windows\Sun
    2011-09-23 03:53 . 2011-09-23 03:53 404640 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-09-19 10:10 . 2011-09-19 10:10 ——– d—–w- c:\program files (x86)\Common Files\Java
    2011-09-19 10:09 . 2011-09-19 10:09 ——– d—–w- c:\program files (x86)\Java
    2011-09-18 07:45 . 2011-09-18 07:45 ——– d—–w- c:\windows\SysWow64\BestPractices
    2011-09-18 07:45 . 2011-09-18 07:45 ——– d—–w- c:\windows\system32\BestPractices
    2011-09-18 07:45 . 2011-09-18 07:45 ——– d—–w- C:\inetpub
    2011-09-17 07:06 . 2011-09-17 07:06 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\WinBatch
    2011-09-17 06:53 . 2009-06-09 11:28 64000 ——w- c:\windows\SysWow64\agrsmdel.exe
    2011-09-17 06:53 . 2009-03-27 16:12 14848 ——w- c:\windows\SysWow64\agrsco64.dll
    2011-09-17 06:53 . 2011-09-17 06:53 ——– d—–w- c:\windows\Options
    2011-09-17 06:51 . 2011-06-27 17:19 92264 —-a-w- c:\windows\system32\RCoInst64.dll
    2011-09-17 06:49 . 2011-09-17 06:49 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\Intel
    2011-09-17 06:47 . 2011-09-17 06:47 ——– d—–w- c:\program files\Common Files\Intel
    2011-09-17 06:47 . 2011-09-17 06:48 ——– d—–w- c:\program files (x86)\Cisco
    2011-09-17 06:47 . 2011-09-17 06:47 ——– d—–w- c:\programdata\Intel
    2011-09-17 06:47 . 2011-09-17 06:47 ——– d—–w- c:\program files\Intel
    2011-09-17 06:43 . 2011-09-17 06:51 ——– d—–w- c:\program files (x86)\Realtek
    2011-09-17 06:43 . 2011-06-10 04:34 107552 —-a-w- c:\windows\system32\RTNUninst64.dll
    2011-09-17 06:41 . 2011-09-17 06:41 ——– d—–w- c:\users\Gebruiker\AppData\Local\Broadcom
    2011-09-17 06:41 . 2011-09-17 06:41 ——– d—–w- c:\program files\Broadcom
    2011-09-17 06:41 . 2011-08-04 17:19 620072 —-a-w- c:\windows\system32\drivers\btwampfl.sys
    2011-09-17 06:39 . 2011-08-04 17:19 89640 —-a-w- c:\windows\system32\drivers\btwdpan.sys
    2011-09-17 06:39 . 2011-08-04 17:19 39976 —-a-w- c:\windows\system32\drivers\btwl2cap.sys
    2011-09-17 06:39 . 2011-08-04 17:19 21544 —-a-w- c:\windows\system32\drivers\btwrchid.sys
    2011-09-17 06:39 . 2011-08-04 17:19 178728 —-a-w- c:\windows\system32\drivers\btwavdt.sys
    2011-09-17 06:39 . 2011-08-04 17:19 167976 —-a-w- c:\windows\system32\drivers\btwaudio.sys
    2011-09-17 06:38 . 2011-09-17 06:38 ——– d—–w- c:\program files\WIDCOMM
    2011-09-17 06:28 . 2011-09-17 06:28 ——– d—–w- c:\program files (x86)\Intel
    2011-09-17 06:28 . 2011-04-15 14:00 53248 —-a-w- c:\windows\SysWow64\CSVer.dll
    2011-09-17 06:27 . 2011-09-17 06:27 ——– d—–w- C:\Intel
    2011-09-17 06:25 . 2011-09-17 06:25 ——– d—–w- c:\program files\Apoint2K
    2011-09-17 05:48 . 2011-09-17 05:48 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\Smart PC Solutions
    2011-09-17 05:48 . 2011-09-17 05:48 ——– d—–w- c:\program files (x86)\Smart PC Solutions
    2011-09-17 05:22 . 2011-09-19 10:09 544656 —-a-w- c:\windows\SysWow64\deployJava1.dll
    2011-09-16 05:20 . 2011-09-16 05:20 ——– d—–w- c:\programdata\McAfee
    2011-09-16 04:36 . 2011-09-16 04:36 ——– d—–w- c:\users\Gebruiker\AppData\Local\Mozilla
    2011-09-11 06:47 . 2011-09-11 06:47 ——– d—–w- c:\users\Gebruiker\AppData\Local\Apps
    2011-09-04 10:03 . 2011-09-04 10:03 ——– d—–w- c:\program files (x86)\EMET
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-09-18 09:23 . 2011-07-17 13:21 525544 —-a-w- c:\windows\system32\deployJava1.dll
    2011-09-06 20:45 . 2011-06-25 12:24 41184 —-a-w- c:\windows\avastSS.scr
    2011-09-06 20:45 . 2011-06-25 12:24 199304 —-a-w- c:\windows\SysWow64\aswBoot.exe
    2011-09-06 20:45 . 2011-06-25 12:25 254400 —-a-w- c:\windows\system32\aswBoot.exe
    2011-09-06 20:38 . 2011-06-25 12:25 601944 —-a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-09-06 20:38 . 2011-06-25 12:25 301912 —-a-w- c:\windows\system32\drivers\aswSP.sys
    2011-09-06 20:36 . 2011-06-25 12:25 58200 —-a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-09-06 20:36 . 2011-06-25 12:25 42328 —-a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-09-06 20:36 . 2011-06-25 12:25 65368 —-a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-09-06 20:36 . 2011-06-25 12:25 24408 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-08-31 15:00 . 2011-07-01 18:17 25416 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-07-22 05:42 . 2011-08-14 06:47 2303488 —-a-w- c:\windows\system32\jscript9.dll
    2011-07-22 05:36 . 2011-08-14 06:46 1389056 —-a-w- c:\windows\system32\wininet.dll
    2011-07-22 05:32 . 2011-08-14 06:47 2382848 —-a-w- c:\windows\system32\mshtml.tlb
    2011-07-22 02:54 . 2011-08-14 06:47 1797632 —-a-w- c:\windows\SysWow64\jscript9.dll
    2011-07-22 02:48 . 2011-08-14 06:46 1126912 —-a-w- c:\windows\SysWow64\wininet.dll
    2011-07-22 02:44 . 2011-08-14 06:47 2382848 —-a-w- c:\windows\SysWow64\mshtml.tlb
    2011-07-16 05:41 . 2011-08-14 06:46 362496 —-a-w- c:\windows\system32\wow64win.dll
    2011-07-16 05:41 . 2011-08-14 06:46 243200 —-a-w- c:\windows\system32\wow64.dll
    2011-07-16 05:41 . 2011-08-14 06:46 13312 —-a-w- c:\windows\system32\wow64cpu.dll
    2011-07-16 05:39 . 2011-08-14 06:46 16384 —-a-w- c:\windows\system32
    tvdm64.dll
    2011-07-16 05:37 . 2011-08-14 06:46 421888 —-a-w- c:\windows\system32\KernelBase.dll
    2011-07-16 05:21 . 2011-08-14 06:45 6144 —ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 4608 —ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 4096 —ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 4096 —ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3584 —ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3072 —ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3072 —ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3072 —ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 4608 —ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 4096 —ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 4096 —ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3584 —ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3584 —ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3584 —ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3584 —ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3584 —ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3072 —ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3072 —ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3072 —ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 5120 —ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3584 —ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3072 —ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3072 —ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3072 —ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3072 —ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3072 —ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3072 —ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3072 —ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2011-07-16 04:29 . 2011-08-14 06:46 14336 —-a-w- c:\windows\SysWow64
    tvdm64.dll
    2011-07-16 04:26 . 2011-08-14 06:46 44032 —-a-w- c:\windows\apppatch\acwow64.dll
    2011-07-16 04:25 . 2011-08-14 06:46 25600 —-a-w- c:\windows\SysWow64\setup16.exe
    2011-07-16 04:24 . 2011-08-14 06:45 5120 —-a-w- c:\windows\SysWow64\wow32.dll
    2011-07-16 04:24 . 2011-08-14 06:45 272384 —-a-w- c:\windows\SysWow64\KernelBase.dll
    2011-07-16 04:15 . 2011-08-14 06:45 4096 —ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 4096 —ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3072 —ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 5120 —ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 4608 —ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 4096 —ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 4096 —ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 4096 —ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3584 —ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3584 —ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3584 —ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3584 —ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3584 —ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3584 —ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3072 —ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3072 —ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3072 —ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3072 —ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3072 —ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3072 —ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3072 —ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3072 —ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3072 —ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3072 —ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
    2011-07-16 02:21 . 2011-08-14 06:45 7680 —-a-w- c:\windows\SysWow64\instnm.exe
    2011-07-16 02:21 . 2011-08-14 06:45 2048 —-a-w- c:\windows\SysWow64\user.exe
    2011-07-16 02:17 . 2011-08-14 06:45 6144 —ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2011-07-16 02:17 . 2011-08-14 06:45 4608 —ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 02:17 . 2011-08-14 06:45 3584 —ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 02:17 . 2011-08-14 06:45 3072 —ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2011-07-09 05:26 . 2011-08-24 22:42 2048 —-a-w- c:\windows\system32\tzres.dll
    2011-07-09 04:29 . 2011-08-24 22:42 2048 —-a-w- c:\windows\SysWow64\tzres.dll
    2011-07-09 02:46 . 2011-08-14 06:46 288768 —-a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-07-08 04:06 . 2011-07-08 04:06 882496 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "AutoSizer"="c:\program files (x86)\AutoSizer\AutoSizer.exe" [2011-07-02 131072]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
    "00PCTFW"="c:\program files (x86)\PC Tools Firewall Plus\FirewallGUI.exe" [2011-04-07 2672600]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\DRIVERS\pctNdis64.sys [x]
    R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
    R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-04-19 399416]
    S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [x]
    S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [x]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
    S3 netw5v64;Intel(R) Wireless WiFi Link adapter stuurprogramma onder Windows Vista 64 Bit;c:\windows\system32\DRIVERS
    etw5v64.sys [x]
    S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter64.sys [x]
    S3 pctNdisMP;PC Tools Driver;c:\windows\system32\DRIVERS\pctNdis64.sys [x]
    S3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw64.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    .
    .
    — Andere Services/Drivers In Geheugen —
    .
    *Deregistered* - pctESPInject
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    .
    .
    ——— x86-64 ———–
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-09-06 20:45 134384 —-a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ——- Bijkomende Scan ——-
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/ig?hl=nl&t=0
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Afbeelding verzenden naar &Bluetooth-apparaat… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Pagina verzenden naar &Bluetooth-apparaat… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 194.109.104.104 194.109.6.66
    DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
    FF - ProfilePath - c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\c37ppq9a.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?source=gama&hl=nl
    .
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Voltooingstijd: 2011-10-02 15:15:02
    ComboFix-quarantined-files.txt 2011-10-02 13:15
    .
    Pre-Run: 65.034.518.528 bytes beschikbaar
    Post-Run: 64.776.372.224 bytes beschikbaar
    .
    - - End Of File - - 5800D01A9DCFB42F342A837485925456


  • Hoi - heb jij eerder McAfee als antivirussoftware in jouw Windows gehad?
  • Zou best kunnen; misschien meegeïnstalleerd met een ander programma.
    Staat echter nu niet meer in Programma's en onderdelen.
  • Oké, dan gaan we nu ComboFix via een script gebruiken:

    open een nieuw kladblok bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:55bb6f1ecd]Kladblok[/b:55bb6f1ecd]".


    Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster


    [b:55bb6f1ecd]
  • ComboFix 11-10-02.01 - Gebruiker 02-10-2011 21:10:53.2.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3070.1681 [GMT 2:00]
    Gestart vanuit: c:\users\Gebruiker\Desktop\ComboFix.exe
    gebruikte Opdracht switches :: c:\users\Gebruiker\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    FW: PC Tools Firewall Plus *Disabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\McAfee
    c:\users\Gebruiker\.jordan
    c:\users\Gebruiker\.jordan\permList_A67A156A2084232F3659EBCCD460C1D0
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-09-02 to 2011-10-02 ))))))))))))))))))))))))))))))
    .
    .
    2011-10-01 06:38 . 2011-10-02 19:18 69000 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9721F9CA-12FB-4D0E-A541-44E9FAEAD58D}\offreg.dll
    2011-10-01 06:38 . 2011-09-13 00:26 9049936 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9721F9CA-12FB-4D0E-A541-44E9FAEAD58D}\mpengine.dll
    2011-09-24 04:45 . 2011-09-24 04:45 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\aignes
    2011-09-24 04:44 . 2011-09-24 04:44 ——– d—–w- c:\program files (x86)\AM-DeadLink
    2011-09-24 01:49 . 2011-09-24 01:50 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\PCToolsFirewallPlus
    2011-09-24 01:48 . 2010-03-29 09:06 233488 —-a-w- c:\windows\system32\drivers\PCTCore64.sys
    2011-09-24 01:48 . 2011-03-24 10:39 140800 —-a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
    2011-09-24 01:48 . 2011-01-17 07:09 334976 —-a-w- c:\windows\system32\drivers\pctgntdi64.sys
    2011-09-24 01:46 . 2011-09-24 01:48 ——– d—–w- c:\program files (x86)\Common Files\PC Tools
    2011-09-24 01:46 . 2011-01-12 08:35 119688 —-a-w- c:\windows\system32\drivers\pctNdis-PacketFilter64.sys
    2011-09-24 01:46 . 2010-07-08 06:49 79000 —-a-w- c:\windows\system32\drivers\pctNdis64.sys
    2011-09-24 01:46 . 2010-02-05 06:26 42968 —-a-w- c:\windows\system32\drivers\pctNdis-DNS64.sys
    2011-09-24 01:46 . 2011-01-17 06:11 179976 —-a-w- c:\windows\system32\drivers\pctplfw64.sys
    2011-09-24 01:46 . 2011-09-24 01:50 ——– d—–w- c:\program files (x86)\PC Tools Firewall Plus
    2011-09-23 18:34 . 2011-09-23 18:34 ——– d—–w- c:\program files\CCleaner
    2011-09-23 11:18 . 2011-09-23 11:18 ——– d—–w- c:\windows\Sun
    2011-09-23 03:53 . 2011-09-23 03:53 404640 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-09-19 10:10 . 2011-09-19 10:10 ——– d—–w- c:\program files (x86)\Common Files\Java
    2011-09-19 10:09 . 2011-09-19 10:09 ——– d—–w- c:\program files (x86)\Java
    2011-09-18 07:45 . 2011-09-18 07:45 ——– d—–w- c:\windows\SysWow64\BestPractices
    2011-09-18 07:45 . 2011-09-18 07:45 ——– d—–w- c:\windows\system32\BestPractices
    2011-09-18 07:45 . 2011-09-18 07:45 ——– d—–w- C:\inetpub
    2011-09-17 07:06 . 2011-09-17 07:06 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\WinBatch
    2011-09-17 06:53 . 2009-06-09 11:28 64000 ——w- c:\windows\SysWow64\agrsmdel.exe
    2011-09-17 06:53 . 2009-03-27 16:12 14848 ——w- c:\windows\SysWow64\agrsco64.dll
    2011-09-17 06:53 . 2011-09-17 06:53 ——– d—–w- c:\windows\Options
    2011-09-17 06:51 . 2011-06-27 17:19 92264 —-a-w- c:\windows\system32\RCoInst64.dll
    2011-09-17 06:49 . 2011-09-17 06:49 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\Intel
    2011-09-17 06:47 . 2011-09-17 06:47 ——– d—–w- c:\program files\Common Files\Intel
    2011-09-17 06:47 . 2011-09-17 06:48 ——– d—–w- c:\program files (x86)\Cisco
    2011-09-17 06:47 . 2011-09-17 06:47 ——– d—–w- c:\programdata\Intel
    2011-09-17 06:47 . 2011-09-17 06:47 ——– d—–w- c:\program files\Intel
    2011-09-17 06:43 . 2011-09-17 06:51 ——– d—–w- c:\program files (x86)\Realtek
    2011-09-17 06:43 . 2011-06-10 04:34 107552 —-a-w- c:\windows\system32\RTNUninst64.dll
    2011-09-17 06:41 . 2011-09-17 06:41 ——– d—–w- c:\users\Gebruiker\AppData\Local\Broadcom
    2011-09-17 06:41 . 2011-09-17 06:41 ——– d—–w- c:\program files\Broadcom
    2011-09-17 06:41 . 2011-08-04 17:19 620072 —-a-w- c:\windows\system32\drivers\btwampfl.sys
    2011-09-17 06:39 . 2011-08-04 17:19 89640 —-a-w- c:\windows\system32\drivers\btwdpan.sys
    2011-09-17 06:39 . 2011-08-04 17:19 39976 —-a-w- c:\windows\system32\drivers\btwl2cap.sys
    2011-09-17 06:39 . 2011-08-04 17:19 21544 —-a-w- c:\windows\system32\drivers\btwrchid.sys
    2011-09-17 06:39 . 2011-08-04 17:19 178728 —-a-w- c:\windows\system32\drivers\btwavdt.sys
    2011-09-17 06:39 . 2011-08-04 17:19 167976 —-a-w- c:\windows\system32\drivers\btwaudio.sys
    2011-09-17 06:38 . 2011-09-17 06:38 ——– d—–w- c:\program files\WIDCOMM
    2011-09-17 06:28 . 2011-09-17 06:28 ——– d—–w- c:\program files (x86)\Intel
    2011-09-17 06:28 . 2011-04-15 14:00 53248 —-a-w- c:\windows\SysWow64\CSVer.dll
    2011-09-17 06:27 . 2011-09-17 06:27 ——– d—–w- C:\Intel
    2011-09-17 06:25 . 2011-09-17 06:25 ——– d—–w- c:\program files\Apoint2K
    2011-09-17 05:48 . 2011-09-17 05:48 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\Smart PC Solutions
    2011-09-17 05:48 . 2011-09-17 05:48 ——– d—–w- c:\program files (x86)\Smart PC Solutions
    2011-09-17 05:22 . 2011-09-19 10:09 544656 —-a-w- c:\windows\SysWow64\deployJava1.dll
    2011-09-16 04:36 . 2011-09-16 04:36 ——– d—–w- c:\users\Gebruiker\AppData\Local\Mozilla
    2011-09-11 06:47 . 2011-09-11 06:47 ——– d—–w- c:\users\Gebruiker\AppData\Local\Apps
    2011-09-04 10:03 . 2011-09-04 10:03 ——– d—–w- c:\program files (x86)\EMET
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-09-18 09:23 . 2011-07-17 13:21 525544 —-a-w- c:\windows\system32\deployJava1.dll
    2011-09-06 20:45 . 2011-06-25 12:24 41184 —-a-w- c:\windows\avastSS.scr
    2011-09-06 20:45 . 2011-06-25 12:24 199304 —-a-w- c:\windows\SysWow64\aswBoot.exe
    2011-09-06 20:45 . 2011-06-25 12:25 254400 —-a-w- c:\windows\system32\aswBoot.exe
    2011-09-06 20:38 . 2011-06-25 12:25 601944 —-a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-09-06 20:38 . 2011-06-25 12:25 301912 —-a-w- c:\windows\system32\drivers\aswSP.sys
    2011-09-06 20:36 . 2011-06-25 12:25 58200 —-a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-09-06 20:36 . 2011-06-25 12:25 42328 —-a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-09-06 20:36 . 2011-06-25 12:25 65368 —-a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-09-06 20:36 . 2011-06-25 12:25 24408 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-08-31 15:00 . 2011-07-01 18:17 25416 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-07-22 05:42 . 2011-08-14 06:47 2303488 —-a-w- c:\windows\system32\jscript9.dll
    2011-07-22 05:36 . 2011-08-14 06:46 1389056 —-a-w- c:\windows\system32\wininet.dll
    2011-07-22 05:32 . 2011-08-14 06:47 2382848 —-a-w- c:\windows\system32\mshtml.tlb
    2011-07-22 02:54 . 2011-08-14 06:47 1797632 —-a-w- c:\windows\SysWow64\jscript9.dll
    2011-07-22 02:48 . 2011-08-14 06:46 1126912 —-a-w- c:\windows\SysWow64\wininet.dll
    2011-07-22 02:44 . 2011-08-14 06:47 2382848 —-a-w- c:\windows\SysWow64\mshtml.tlb
    2011-07-16 05:41 . 2011-08-14 06:46 362496 —-a-w- c:\windows\system32\wow64win.dll
    2011-07-16 05:41 . 2011-08-14 06:46 243200 —-a-w- c:\windows\system32\wow64.dll
    2011-07-16 05:41 . 2011-08-14 06:46 13312 —-a-w- c:\windows\system32\wow64cpu.dll
    2011-07-16 05:39 . 2011-08-14 06:46 16384 —-a-w- c:\windows\system32
    tvdm64.dll
    2011-07-16 05:37 . 2011-08-14 06:46 421888 —-a-w- c:\windows\system32\KernelBase.dll
    2011-07-16 05:21 . 2011-08-14 06:45 6144 —ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 4608 —ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 4096 —ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 4096 —ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3584 —ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3072 —ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3072 —ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3072 —ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 4608 —ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 4096 —ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 4096 —ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3584 —ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3584 —ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3584 —ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3584 —ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3584 —ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3072 —ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3072 —ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3072 —ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 5120 —ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3584 —ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3072 —ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3072 —ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3072 —ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3072 —ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3072 —ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3072 —ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3072 —ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2011-07-16 04:29 . 2011-08-14 06:46 14336 —-a-w- c:\windows\SysWow64
    tvdm64.dll
    2011-07-16 04:26 . 2011-08-14 06:46 44032 —-a-w- c:\windows\apppatch\acwow64.dll
    2011-07-16 04:25 . 2011-08-14 06:46 25600 —-a-w- c:\windows\SysWow64\setup16.exe
    2011-07-16 04:24 . 2011-08-14 06:45 5120 —-a-w- c:\windows\SysWow64\wow32.dll
    2011-07-16 04:24 . 2011-08-14 06:45 272384 —-a-w- c:\windows\SysWow64\KernelBase.dll
    2011-07-16 04:15 . 2011-08-14 06:45 4096 —ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 4096 —ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3072 —ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 5120 —ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 4608 —ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 4096 —ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 4096 —ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 4096 —ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3584 —ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3584 —ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3584 —ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3584 —ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3584 —ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3584 —ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3072 —ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3072 —ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3072 —ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3072 —ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3072 —ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3072 —ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3072 —ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3072 —ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3072 —ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3072 —ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
    2011-07-16 02:21 . 2011-08-14 06:45 7680 —-a-w- c:\windows\SysWow64\instnm.exe
    2011-07-16 02:21 . 2011-08-14 06:45 2048 —-a-w- c:\windows\SysWow64\user.exe
    2011-07-16 02:17 . 2011-08-14 06:45 6144 —ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2011-07-16 02:17 . 2011-08-14 06:45 4608 —ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 02:17 . 2011-08-14 06:45 3584 —ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 02:17 . 2011-08-14 06:45 3072 —ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2011-07-09 05:26 . 2011-08-24 22:42 2048 —-a-w- c:\windows\system32\tzres.dll
    2011-07-09 04:29 . 2011-08-24 22:42 2048 —-a-w- c:\windows\SysWow64\tzres.dll
    2011-07-09 02:46 . 2011-08-14 06:46 288768 —-a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-07-08 04:06 . 2011-07-08 04:06 882496 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-10-02_13.12.36 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-07-14 04:54 . 2011-10-02 12:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2011-10-02 19:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2011-10-02 19:18 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-10-02 12:55 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-10-02 12:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2011-10-02 19:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 05:10 . 2011-10-02 19:20 25540 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    - 2011-06-24 07:38 . 2011-09-30 05:36 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-06-24 07:38 . 2011-10-02 13:33 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-09-23 18:27 . 2011-10-02 13:33 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-09-23 18:27 . 2011-09-30 05:36 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2011-10-02 13:33 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2011-09-30 05:36 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-06-24 09:33 . 2011-09-30 05:32 6814 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3085547568-1381025367-4261561674-1000_UserData.bin
    + 2011-06-24 09:33 . 2011-10-02 19:20 6814 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3085547568-1381025367-4261561674-1000_UserData.bin
    - 2011-09-24 02:43 . 2011-09-30 05:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-09-24 02:43 . 2011-10-02 19:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-09-24 02:43 . 2011-09-30 05:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-09-24 02:43 . 2011-10-02 19:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-06-25 00:12 . 2011-10-02 18:14 220446 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2009-07-14 02:36 . 2011-10-02 13:36 958804 c:\windows\system32\perfh009.dat
    + 2009-07-14 09:16 . 2011-10-02 13:36 499644 c:\windows\system32\perfc013.dat
    + 2009-07-14 02:36 . 2011-10-02 13:36 414856 c:\windows\system32\perfc009.dat
    + 2009-07-14 05:12 . 2011-10-02 13:33 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2009-07-14 05:12 . 2011-09-30 05:36 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2009-07-14 09:16 . 2011-10-02 13:36 1822276 c:\windows\system32\perfh013.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "AutoSizer"="c:\program files (x86)\AutoSizer\AutoSizer.exe" [2011-07-02 131072]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
    "00PCTFW"="c:\program files (x86)\PC Tools Firewall Plus\FirewallGUI.exe" [2011-04-07 2672600]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\DRIVERS\pctNdis64.sys [x]
    R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
    R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-04-19 399416]
    S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [x]
    S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [x]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
    S3 netw5v64;Intel(R) Wireless WiFi Link adapter stuurprogramma onder Windows Vista 64 Bit;c:\windows\system32\DRIVERS
    etw5v64.sys [x]
    S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter64.sys [x]
    S3 pctNdisMP;PC Tools Driver;c:\windows\system32\DRIVERS\pctNdis64.sys [x]
    S3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw64.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    .
    .
    — Andere Services/Drivers In Geheugen —
    .
    *Deregistered* - pctESPInject
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    .
    .
    ——— x86-64 ———–
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-09-06 20:45 134384 —-a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    ——- Bijkomende Scan ——-
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/ig?hl=nl&t=0
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Afbeelding verzenden naar &Bluetooth-apparaat… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Pagina verzenden naar &Bluetooth-apparaat… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 194.109.104.104 194.109.6.66
    DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
    FF - ProfilePath - c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\c37ppq9a.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?source=gama&hl=nl
    .
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\PC Tools Firewall Plus\FWService.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2011-10-02 21:22:42 - machine werd herstart
    ComboFix-quarantined-files.txt 2011-10-02 19:22
    ComboFix2.txt 2011-10-02 13:15
    .
    Pre-Run: 65.615.474.688 bytes beschikbaar
    Post-Run: 65.375.358.976 bytes beschikbaar
    .
    - - End Of File - - FD45C613C246F061CF7410D82B0E7F2E


  • ComboFix moeten we nog een keer gebruiken:

    open wederom een nieuw kladblok bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:d99cc0adbf]Kladblok[/b:d99cc0adbf]".


    Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster


    [b:d99cc0adbf]
  • ComboFix 11-10-02.01 - Gebruiker 02-10-2011 21:50:20.3.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3070.1841 [GMT 2:00]
    Gestart vanuit: c:\users\Gebruiker\Desktop\ComboFix.exe
    gebruikte Opdracht switches :: c:\users\Gebruiker\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    FW: PC Tools Firewall Plus *Disabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-09-02 to 2011-10-02 ))))))))))))))))))))))))))))))
    .
    .
    2011-10-02 19:56 . 2011-10-02 19:57 ——– d—–w- c:\users\Gebruiker\AppData\Local\temp
    2011-10-02 19:56 . 2011-10-02 19:56 ——– d—–w- c:\users\Default\AppData\Local\temp
    2011-10-01 06:38 . 2011-09-13 00:26 9049936 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9721F9CA-12FB-4D0E-A541-44E9FAEAD58D}\mpengine.dll
    2011-09-24 04:45 . 2011-09-24 04:45 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\aignes
    2011-09-24 04:44 . 2011-09-24 04:44 ——– d—–w- c:\program files (x86)\AM-DeadLink
    2011-09-24 01:49 . 2011-09-24 01:50 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\PCToolsFirewallPlus
    2011-09-24 01:48 . 2010-03-29 09:06 233488 —-a-w- c:\windows\system32\drivers\PCTCore64.sys
    2011-09-24 01:48 . 2011-03-24 10:39 140800 —-a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
    2011-09-24 01:48 . 2011-01-17 07:09 334976 —-a-w- c:\windows\system32\drivers\pctgntdi64.sys
    2011-09-24 01:46 . 2011-09-24 01:48 ——– d—–w- c:\program files (x86)\Common Files\PC Tools
    2011-09-24 01:46 . 2011-01-12 08:35 119688 —-a-w- c:\windows\system32\drivers\pctNdis-PacketFilter64.sys
    2011-09-24 01:46 . 2010-07-08 06:49 79000 —-a-w- c:\windows\system32\drivers\pctNdis64.sys
    2011-09-24 01:46 . 2010-02-05 06:26 42968 —-a-w- c:\windows\system32\drivers\pctNdis-DNS64.sys
    2011-09-24 01:46 . 2011-01-17 06:11 179976 —-a-w- c:\windows\system32\drivers\pctplfw64.sys
    2011-09-24 01:46 . 2011-09-24 01:50 ——– d—–w- c:\program files (x86)\PC Tools Firewall Plus
    2011-09-23 18:34 . 2011-09-23 18:34 ——– d—–w- c:\program files\CCleaner
    2011-09-23 11:18 . 2011-09-23 11:18 ——– d—–w- c:\windows\Sun
    2011-09-23 03:53 . 2011-09-23 03:53 404640 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-09-19 10:10 . 2011-09-19 10:10 ——– d—–w- c:\program files (x86)\Common Files\Java
    2011-09-19 10:09 . 2011-09-19 10:09 ——– d—–w- c:\program files (x86)\Java
    2011-09-18 07:45 . 2011-09-18 07:45 ——– d—–w- c:\windows\SysWow64\BestPractices
    2011-09-18 07:45 . 2011-09-18 07:45 ——– d—–w- c:\windows\system32\BestPractices
    2011-09-18 07:45 . 2011-09-18 07:45 ——– d—–w- C:\inetpub
    2011-09-17 07:06 . 2011-09-17 07:06 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\WinBatch
    2011-09-17 06:53 . 2009-06-09 11:28 64000 ——w- c:\windows\SysWow64\agrsmdel.exe
    2011-09-17 06:53 . 2009-03-27 16:12 14848 ——w- c:\windows\SysWow64\agrsco64.dll
    2011-09-17 06:53 . 2011-09-17 06:53 ——– d—–w- c:\windows\Options
    2011-09-17 06:51 . 2011-06-27 17:19 92264 —-a-w- c:\windows\system32\RCoInst64.dll
    2011-09-17 06:49 . 2011-09-17 06:49 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\Intel
    2011-09-17 06:47 . 2011-09-17 06:47 ——– d—–w- c:\program files\Common Files\Intel
    2011-09-17 06:47 . 2011-09-17 06:48 ——– d—–w- c:\program files (x86)\Cisco
    2011-09-17 06:47 . 2011-09-17 06:47 ——– d—–w- c:\programdata\Intel
    2011-09-17 06:47 . 2011-09-17 06:47 ——– d—–w- c:\program files\Intel
    2011-09-17 06:43 . 2011-09-17 06:51 ——– d—–w- c:\program files (x86)\Realtek
    2011-09-17 06:43 . 2011-06-10 04:34 107552 —-a-w- c:\windows\system32\RTNUninst64.dll
    2011-09-17 06:41 . 2011-09-17 06:41 ——– d—–w- c:\users\Gebruiker\AppData\Local\Broadcom
    2011-09-17 06:41 . 2011-09-17 06:41 ——– d—–w- c:\program files\Broadcom
    2011-09-17 06:41 . 2011-08-04 17:19 620072 —-a-w- c:\windows\system32\drivers\btwampfl.sys
    2011-09-17 06:39 . 2011-08-04 17:19 89640 —-a-w- c:\windows\system32\drivers\btwdpan.sys
    2011-09-17 06:39 . 2011-08-04 17:19 39976 —-a-w- c:\windows\system32\drivers\btwl2cap.sys
    2011-09-17 06:39 . 2011-08-04 17:19 21544 —-a-w- c:\windows\system32\drivers\btwrchid.sys
    2011-09-17 06:39 . 2011-08-04 17:19 178728 —-a-w- c:\windows\system32\drivers\btwavdt.sys
    2011-09-17 06:39 . 2011-08-04 17:19 167976 —-a-w- c:\windows\system32\drivers\btwaudio.sys
    2011-09-17 06:38 . 2011-09-17 06:38 ——– d—–w- c:\program files\WIDCOMM
    2011-09-17 06:28 . 2011-09-17 06:28 ——– d—–w- c:\program files (x86)\Intel
    2011-09-17 06:28 . 2011-04-15 14:00 53248 —-a-w- c:\windows\SysWow64\CSVer.dll
    2011-09-17 06:27 . 2011-09-17 06:27 ——– d—–w- C:\Intel
    2011-09-17 06:25 . 2011-09-17 06:25 ——– d—–w- c:\program files\Apoint2K
    2011-09-17 05:48 . 2011-09-17 05:48 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\Smart PC Solutions
    2011-09-17 05:48 . 2011-09-17 05:48 ——– d—–w- c:\program files (x86)\Smart PC Solutions
    2011-09-17 05:22 . 2011-09-19 10:09 544656 —-a-w- c:\windows\SysWow64\deployJava1.dll
    2011-09-16 04:36 . 2011-09-16 04:36 ——– d—–w- c:\users\Gebruiker\AppData\Local\Mozilla
    2011-09-11 06:47 . 2011-09-11 06:47 ——– d—–w- c:\users\Gebruiker\AppData\Local\Apps
    2011-09-04 10:03 . 2011-09-04 10:03 ——– d—–w- c:\program files (x86)\EMET
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-09-18 09:23 . 2011-07-17 13:21 525544 —-a-w- c:\windows\system32\deployJava1.dll
    2011-09-06 20:45 . 2011-06-25 12:24 41184 —-a-w- c:\windows\avastSS.scr
    2011-09-06 20:45 . 2011-06-25 12:24 199304 —-a-w- c:\windows\SysWow64\aswBoot.exe
    2011-09-06 20:45 . 2011-06-25 12:25 254400 —-a-w- c:\windows\system32\aswBoot.exe
    2011-09-06 20:38 . 2011-06-25 12:25 601944 —-a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-09-06 20:38 . 2011-06-25 12:25 301912 —-a-w- c:\windows\system32\drivers\aswSP.sys
    2011-09-06 20:36 . 2011-06-25 12:25 58200 —-a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-09-06 20:36 . 2011-06-25 12:25 42328 —-a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-09-06 20:36 . 2011-06-25 12:25 65368 —-a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-09-06 20:36 . 2011-06-25 12:25 24408 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-08-31 15:00 . 2011-07-01 18:17 25416 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-07-22 05:42 . 2011-08-14 06:47 2303488 —-a-w- c:\windows\system32\jscript9.dll
    2011-07-22 05:36 . 2011-08-14 06:46 1389056 —-a-w- c:\windows\system32\wininet.dll
    2011-07-22 05:32 . 2011-08-14 06:47 2382848 —-a-w- c:\windows\system32\mshtml.tlb
    2011-07-22 02:54 . 2011-08-14 06:47 1797632 —-a-w- c:\windows\SysWow64\jscript9.dll
    2011-07-22 02:48 . 2011-08-14 06:46 1126912 —-a-w- c:\windows\SysWow64\wininet.dll
    2011-07-22 02:44 . 2011-08-14 06:47 2382848 —-a-w- c:\windows\SysWow64\mshtml.tlb
    2011-07-16 05:41 . 2011-08-14 06:46 362496 —-a-w- c:\windows\system32\wow64win.dll
    2011-07-16 05:41 . 2011-08-14 06:46 243200 —-a-w- c:\windows\system32\wow64.dll
    2011-07-16 05:41 . 2011-08-14 06:46 13312 —-a-w- c:\windows\system32\wow64cpu.dll
    2011-07-16 05:39 . 2011-08-14 06:46 16384 —-a-w- c:\windows\system32
    tvdm64.dll
    2011-07-16 05:37 . 2011-08-14 06:46 421888 —-a-w- c:\windows\system32\KernelBase.dll
    2011-07-16 05:21 . 2011-08-14 06:45 6144 —ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 4608 —ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 4096 —ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 4096 —ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3584 —ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3072 —ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3072 —ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3072 —ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 4608 —ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 4096 —ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 4096 —ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3584 —ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3584 —ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3584 —ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3584 —ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3584 —ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3072 —ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3072 —ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3072 —ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 5120 —ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3584 —ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3072 —ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3072 —ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3072 —ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3072 —ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3072 —ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3072 —ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-14 06:45 3072 —ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2011-07-16 04:29 . 2011-08-14 06:46 14336 —-a-w- c:\windows\SysWow64
    tvdm64.dll
    2011-07-16 04:26 . 2011-08-14 06:46 44032 —-a-w- c:\windows\apppatch\acwow64.dll
    2011-07-16 04:25 . 2011-08-14 06:46 25600 —-a-w- c:\windows\SysWow64\setup16.exe
    2011-07-16 04:24 . 2011-08-14 06:45 5120 —-a-w- c:\windows\SysWow64\wow32.dll
    2011-07-16 04:24 . 2011-08-14 06:45 272384 —-a-w- c:\windows\SysWow64\KernelBase.dll
    2011-07-16 04:15 . 2011-08-14 06:45 4096 —ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 4096 —ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3072 —ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 5120 —ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 4608 —ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 4096 —ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 4096 —ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 4096 —ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3584 —ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3584 —ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3584 —ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3584 —ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3584 —ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3584 —ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3072 —ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3072 —ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3072 —ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3072 —ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3072 —ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3072 —ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3072 —ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3072 —ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3072 —ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-14 06:45 3072 —ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
    2011-07-16 02:21 . 2011-08-14 06:45 7680 —-a-w- c:\windows\SysWow64\instnm.exe
    2011-07-16 02:21 . 2011-08-14 06:45 2048 —-a-w- c:\windows\SysWow64\user.exe
    2011-07-16 02:17 . 2011-08-14 06:45 6144 —ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2011-07-16 02:17 . 2011-08-14 06:45 4608 —ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 02:17 . 2011-08-14 06:45 3584 —ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 02:17 . 2011-08-14 06:45 3072 —ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2011-07-09 05:26 . 2011-08-24 22:42 2048 —-a-w- c:\windows\system32\tzres.dll
    2011-07-09 04:29 . 2011-08-24 22:42 2048 —-a-w- c:\windows\SysWow64\tzres.dll
    2011-07-09 02:46 . 2011-08-14 06:46 288768 —-a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-07-08 04:06 . 2011-07-08 04:06 882496 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-10-02_13.12.36 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-07-14 04:54 . 2011-10-02 12:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2011-10-02 19:57 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2011-10-02 12:55 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2011-10-02 19:57 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-10-02 12:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2011-10-02 19:57 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-06-24 11:42 . 2011-10-02 19:59 26592 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2011-10-02 19:59 25548 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-06-24 07:38 . 2011-10-02 19:23 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-06-24 07:38 . 2011-09-30 05:36 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-09-23 18:27 . 2011-10-02 19:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-09-23 18:27 . 2011-09-30 05:36 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-09-30 05:36 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2011-10-02 19:23 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-06-24 09:33 . 2011-10-02 19:59 6830 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3085547568-1381025367-4261561674-1000_UserData.bin
    + 2011-10-02 19:57 . 2011-10-02 19:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-09-24 02:43 . 2011-09-30 05:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-09-24 02:43 . 2011-09-30 05:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-10-02 19:57 . 2011-10-02 19:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-06-25 00:12 . 2011-10-02 18:14 220446 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2009-07-14 02:36 . 2011-10-02 13:36 958804 c:\windows\system32\perfh009.dat
    + 2009-07-14 09:16 . 2011-10-02 13:36 499644 c:\windows\system32\perfc013.dat
    + 2009-07-14 02:36 . 2011-10-02 13:36 414856 c:\windows\system32\perfc009.dat
    + 2009-07-14 05:12 . 2011-10-02 19:23 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2009-07-14 05:12 . 2011-09-30 05:36 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2009-07-14 05:01 . 2011-09-24 02:42 276452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2011-10-02 19:56 276452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 09:16 . 2011-10-02 13:36 1822276 c:\windows\system32\perfh013.dat
    - 2011-06-25 16:27 . 2011-09-24 02:42 18000048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3085547568-1381025367-4261561674-1000-12288.dat
    + 2011-06-25 16:27 . 2011-10-02 19:56 18000048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3085547568-1381025367-4261561674-1000-12288.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "AutoSizer"="c:\program files (x86)\AutoSizer\AutoSizer.exe" [2011-07-02 131072]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
    "00PCTFW"="c:\program files (x86)\PC Tools Firewall Plus\FirewallGUI.exe" [2011-04-07 2672600]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\DRIVERS\pctNdis64.sys [x]
    R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
    R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-04-19 399416]
    S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [x]
    S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [x]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
    S3 netw5v64;Intel(R) Wireless WiFi Link adapter stuurprogramma onder Windows Vista 64 Bit;c:\windows\system32\DRIVERS
    etw5v64.sys [x]
    S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter64.sys [x]
    S3 pctNdisMP;PC Tools Driver;c:\windows\system32\DRIVERS\pctNdis64.sys [x]
    S3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw64.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    .
    .
    — Andere Services/Drivers In Geheugen —
    .
    *Deregistered* - pctESPInject
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    .
    .
    ——— x86-64 ———–
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-09-06 20:45 134384 —-a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    ——- Bijkomende Scan ——-
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/ig?hl=nl&t=0
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Afbeelding verzenden naar &Bluetooth-apparaat… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Pagina verzenden naar &Bluetooth-apparaat… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 194.109.104.104 194.109.6.66
    DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
    FF - ProfilePath - c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\c37ppq9a.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?source=gama&hl=nl
    .
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\PC Tools Firewall Plus\FWService.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2011-10-02 22:01:36 - machine werd herstart
    ComboFix-quarantined-files.txt 2011-10-02 20:01
    ComboFix2.txt 2011-10-02 19:22
    ComboFix3.txt 2011-10-02 13:15
    .
    Pre-Run: 65.376.428.032 bytes beschikbaar
    Post-Run: 65.360.924.672 bytes beschikbaar
    .
    - - End Of File - - D00AABE0FFE85DB564FDC9AE3CEADFF6


  • Vertel eens, hoe draait jouw Windows inmiddels?
  • Windows draait weer prima :D
  • Dan gaan we opruimen!

    ComboFix mag nu verwijderd worden:
    [list:072149d498][*:072149d498] ga daarvoor naar Start - Uitvoeren
    [*:072149d498] kopieer en plak hierin het volgende: [b:072149d498]Combofix /Uninstall[/b:072149d498]
    [*:072149d498] klik daarna op [b:072149d498]OK[/b:072149d498].
    [*:072149d498] indien het goed is, krijg je vervolgens een melding, dat Combofix verwijderd werd.[/list:u:072149d498]

    Voorbeeld:

    [img:072149d498]http://www.emphyrio.be/images/SMUninstall_combofix.png[/img:072149d498]

    Uitvoeren kan ook gestart worden door de toetsen "Windowstoets + R" gelijktijdig in te drukken.

    [i:072149d498]Dit zal Combofix verwijderen inclusief gerelateerde mappen en bestanden,
    herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies,
    gaat verborgen bestanden en systeembestanden terug verbergen
    en reset je Systeemherstel opnieuw.[/i:072149d498]


    [b:072149d498]Welk programma[/b:072149d498]: TFC.
    [b:072149d498]Waarvoor/waarom[/b:072149d498]:grondige reiniging van Windows.
    [b:072149d498]Moeilijkheidsgraad[/b:072149d498]: geen.

    [b:072149d498]Download:

    [b:072149d498]TFC opstarten[/b:072149d498]:
    Windows 2000 en Windows XP: start TFC.exe middels dubbelklik op de snelkoppeling.
    Windows Vista en Windows 7: start TFC.exe middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.
    [list:072149d498][*:072149d498] Niet schrikken - het tool sluit alle lopende programma's - ergo: verzeker je dus ervan, dat je werk al is opgeslagen!
    [*:072149d498] Vervolgens klik je op de knop [b:072149d498]Start[/b:072149d498] om de scan te starten. Deze scan kan kort of langer duren, wees geduldig en laat TFC zijn taak doen en wacht to TFC klaaar is.
    [*:072149d498] Indien TFC klaar is, dan komt de melding dat de computer opnieuw opgestart wordt.
    [*:072149d498] Gebeurt het afsluiten niet automatisch, start dan zelf de computer opnieuw op.
    [*:072149d498] Noot: TFC vertoont geen log![/list:u:072149d498]


    Doe ook nog een test, om te kijken hoe goed de huidige veiligheidssituatie in Windows is.

    Download naar je bureaublad [b:072149d498].
    [list:072149d498][*:072149d498] Klik/dubbelklik op [b:072149d498]SecurityCheck.exe[/b:072149d498] en let op de instrukties in het zwarte venster.
    [*:072149d498] Een Kladblok document genaamd [b:072149d498]checkup.txt[/b:072149d498] dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad.
    [*:072149d498] Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.[/list:u:072149d498]
    Post de inhoud van [b:072149d498]checkup.txt [/b:072149d498]in je volgende post.
  • Bovenstaande uitgevoerd; hierbij het log van de Security Check:

    Results of screen317's Security Check version 0.99.19
    Windows 7
  • Vertel eens, waarom je de UAC - gebruikeraccountbeheer gedeaktiveerd?

    Hiermee heb je een belangrijke verdedigingslinie uitgeschakeld en is de veiligheid in jouw Windows 7 min of meer gelijk aan die in Windows XP.
  • Ik dacht dat er veel meldingen zouden komen als UAC ingeschakeld is (was bij WinVista wel het geval).
    Ik heb UAC nu op standaard gezet, is dit oké?
    Wederom dank voor de oplossing van het probleem en adviezen!!! :D
  • Zelfs als de UAC in de hoogste stand staat (is het beste) is het nog steeds niet met Vista vergelijkbaar.

    En anderzijds: indien je weet dat het de totale veiligheid bevordert, wat is dan het probleem een keertje een melding voor akkoord/niet akkoord weg te klikken?
  • Het is niet echt een probleem maar alleen een beetje lastig.
    Jammer dat de UAC niet zelflerend is zodat bekende programma's "doorgelaten" worden.
    Als ik nu Auslogics Disk Defrag start krijg ik telkens weer de zelfde melding.
    De PC Tools Firewall Plus onthoud de programma"s die vertrouwd zijn zodat je niet iedere keer dezelfde melding krijgt.
  • Vreemd dat de UAC zich dan meldt.

    Download en installeer de nieuwste versie!

    Of probeer de gratis defragmenteerder van O&O: O&O Defrag Free Edition als 32-bit- dan wel 64-bit editie - Downloadlink

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.