Vraag & Antwoord

Beveiliging & privacy

Help! Computer besmet met UnSpyPC wie weet raad??

13 antwoorden
  • Hallo allemaal, Sinds gisteravond heb ik een probleem waar ik niet uit kom. Ik ben besmet met UnSpyPC (er verschijnen allemaal afbeeldingen op bureaublad). Heb geprobeerd Hitman Pro te draaien, maar mijn computer begint halverwege op te starten. Ik heb wel geprobeerd met Hijackthis de overduidelijk regels te verwijderen, maar dit is waarschijnlijk niet afdoende. Ik heb er te weinig verstand van en durf eigenlijk niet meer regels te verwijderen. Wie oh wie kan mij helpen?? Bedankt!!! Hieronder mijn log van Hijack this: Logfile of HijackThis v1.99.1 Scan saved at 8:03:23, on 9-12-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Sophos\AutoUpdate\ALMon.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe c:\Program Files\Sophos\AutoUpdate\ALsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\DOCUME~1\JANOUW~1\LOCALS~1\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: (no name) - {4E80BB06-8A28-EFAB-A124-941DD00E1F17} - Shaitan1678.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\system32\fdojz.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\system32\fdojz.dll O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [anvshell] anvshell.exe O4 - HKLM\..\Run: [LiveNote] livenote.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NsCplTray] WTFCTF.exe O4 - HKLM\..\Run: [cmon14] nmdllw.exe O4 - HKLM\..\Run: [xsetup] StatusCheck.exe O4 - HKLM\..\Run: [browsebar] backorif.exe O4 - HKLM\..\Run: [hgqhp.exe] C:\WINDOWS\system32\hgqhp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [utsgmon] defect08.exe O4 - HKCU\..\Run: [NSYSCPLSTR] ___.exe O4 - HKCU\..\Run: [Kargo] WhatsNewBot.exe O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe" O4 - HKCU\..\Run: [prgsys0984] NopeZ.exe O4 - HKCU\..\Run: [EXE32EXE] hyandex.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Program Files\UnSpyPC\UnSpyPC.exe (HKCU) O9 - Extra 'Tools' menuitem: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Program Files\UnSpyPC\UnSpyPC.exe (HKCU) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129659285857 O17 - HKLM\System\CCS\Services\Tcpip\..\{07E67BC4-31D7-4B26-A942-875BB575ECF0}: NameServer = 85.255.114.18,85.255.112.64 O17 - HKLM\System\CCS\Services\Tcpip\..\{550A2414-450A-4E16-97FF-5662B6BE68CD}: NameServer = 85.255.114.18,85.255.112.64 O17 - HKLM\System\CS1\Services\Tcpip\..\{07E67BC4-31D7-4B26-A942-875BB575ECF0}: NameServer = 85.255.114.18,85.255.112.64 O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe O23 - Service: Sophos Anti-Virus (SAVService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe O23 - Service: Sophos AutoUpdate Service - Sophos plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe Groetjes van Jan :cry:
  • Download en installeer [url=http://www.ccleaner.com/]CCleaner[/url]. Gebruik het programma nog niet. Je hebt HijackThis gestart vanuit de zip in je Temp-map. Unzip HijackThis, en plaats HijackThis.exe in een eigen map (vb.: c:\hijackthis). Start HijackThis uit deze map. De reden hiervoor is dat HijackThis backups maakt van de sleutels die je verwijdert, en misschien kunnen we deze backups wel eens een keer nodig hebben. In je Temp-map gaan deze backups heel makkelijk verloren. Zorg ervoor dat alle verborgen bestanden en mappen weergegeven worden.[url=http://users.telenet.be/marcvn/spyware/1117602.htm]Hoe verborgen bestanden en mappen weergeven.[/url]. Start de computer op in veilige modus. Hoe je dit doet kan je [url=http://users.telenet.be/marcvn/spyware/1378056.htm]hier[/url] lezen. Sluit alle open vensters, run HijackThis nog een keer en plaats een vinkje bij de volgende items: [b:66d552d322]R3 - URLSearchHook: (no name) - {4E80BB06-8A28-EFAB-A124-941DD00E1F17} - Shaitan1678.dll (file missing) O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\system32\fdojz.dll O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\system32\fdojz.dll O4 - HKLM\..\Run: [NsCplTray] WTFCTF.exe O4 - HKLM\..\Run: [cmon14] nmdllw.exe O4 - HKLM\..\Run: [xsetup] StatusCheck.exe O4 - HKLM\..\Run: [browsebar] backorif.exe O4 - HKLM\..\Run: [hgqhp.exe] C:\WINDOWS\system32\hgqhp.exe O4 - HKCU\..\Run: [utsgmon] defect08.exe O4 - HKCU\..\Run: [NSYSCPLSTR] ___.exe O4 - HKCU\..\Run: [Kargo] WhatsNewBot.exe O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe" O4 - HKCU\..\Run: [prgsys0984] NopeZ.exe O4 - HKCU\..\Run: [EXE32EXE] hyandex.exe O9 - Extra button: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Program Files\UnSpyPC\UnSpyPC.exe (HKCU) O9 - Extra 'Tools' menuitem: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Program Files\UnSpyPC\UnSpyPC.exe (HKCU)[/b:66d552d322] Klik daarna op "Fix checked" en sluit HijackThis af. Zoek via Windows verkenner naar volgende bestanden of mappen, en verwijder deze indien ze nog aanwezig zijn: C:\Program Files\UnSpyPC Start Ccleaner en klik op de knop "Opschonen". Herstart de computer in normale modus. Start HijackThis opnieuw, maak een nieuwe log en post deze. Download [url=http://www.silentrunners.org/Silent%20Runners.zip]Silent Runners[/url] Unzip het naar een eigen map. Start SilentRunners.vbs Wanneer je antivirusprogramma een melding geeft, sta je toe om dit script uit te voeren. Er wordt een logje geplaatst in de map van waar je Silentrunners gestart hebt. Post de inhoud van dit logje.
  • Allereerst heel erg bedankt voor je hulp tot zover! Ik heb al je instructies uitgevoerd. Het lijkt echter nog niet opgelost (maar dat hoort er zeker bij) Hier is mijn nieuwe Hijack this log: Logfile of HijackThis v1.99.1 Scan saved at 18:11:54, on 9-12-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\idemlog.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Sophos\AutoUpdate\ALMon.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe c:\Program Files\Sophos\AutoUpdate\ALsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [anvshell] anvshell.exe O4 - HKLM\..\Run: [LiveNote] livenote.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [dmgtb.exe] C:\WINDOWS\system32\dmgtb.exe O4 - HKLM\..\Run: [hgqhp.exe] C:\WINDOWS\system32\hgqhp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [desktop] C:\WINDOWS\system32\idemlog.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129659285857 O17 - HKLM\System\CCS\Services\Tcpip\..\{07E67BC4-31D7-4B26-A942-875BB575ECF0}: NameServer = 85.255.114.18,85.255.112.64 O17 - HKLM\System\CCS\Services\Tcpip\..\{550A2414-450A-4E16-97FF-5662B6BE68CD}: NameServer = 85.255.114.18,85.255.112.64 O17 - HKLM\System\CS1\Services\Tcpip\..\{07E67BC4-31D7-4B26-A942-875BB575ECF0}: NameServer = 85.255.114.18,85.255.112.64 O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe O23 - Service: Sophos Anti-Virus (SAVService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe O23 - Service: Sophos AutoUpdate Service - Sophos plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe En hier de log van Silent Runners: "Silent Runners.vbs", revision 41, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS] "desktop" = "C:\WINDOWS\system32\idemlog.exe" [empty string] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "WINDVDPatch" = "CTHELPER.EXE" ["Creative Technology Ltd"] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "anvshell" = "anvshell.exe" ["AsusTeK Computer Inc."] "LiveNote" = "livenote.exe" [null data] "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" ["Sun Microsystems, Inc."] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" [MS] "dmgtb.exe" = "C:\WINDOWS\system32\dmgtb.exe" [null data] "hgqhp.exe" = "C:\WINDOWS\system32\hgqhp.exe" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Configuratiescherm-uitbreiding Beeldscherm-panning" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal-pictogramuitbreiding" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Bureaubladverkenner" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D}" = "Sophos Anti-Virus Shell Extension" -> {CLSID}\InProcServer32\(Default) = "c:\Program Files\Sophos\Sophos Anti-Virus\savshellext.dll" ["Sophos plc"] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ INFECTION WARNING! "System" = "csext.exe" [file not found] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ SavShellExt\(Default) = "{A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D}" -> {CLSID}\InProcServer32\(Default) = "c:\Program Files\Sophos\Sophos Anti-Virus\savshellext.dll" ["Sophos plc"] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ SavShellExt\(Default) = "{A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D}" -> {CLSID}\InProcServer32\(Default) = "c:\Program Files\Sophos\Sophos Anti-Virus\savshellext.dll" ["Sophos plc"] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ SavShellExt\(Default) = "{A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D}" -> {CLSID}\InProcServer32\(Default) = "c:\Program Files\Sophos\Sophos Anti-Virus\savshellext.dll" ["Sophos plc"] Group Policies [Description]: ----------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ HIJACK WARNING! "NoBandCustomize"=dword:00000001 [disables toolbar status changes in Internet Explorer|View|Toolbars] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\WINDOWS\web\wallpaper\Ierland.bmp" Startup items in "Jan Ouwerkerk" & "All Users" startup folders: --------------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten "Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] "AutoUpdate Monitor" -> shortcut to: "C:\Program Files\Sophos\AutoUpdate\ALMon.exe" ["Sophos plc"] "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll" ["Sun Microsystems, Inc."] {2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\ {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Onderzoek" {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS] NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "] NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] Sophos Anti-Virus, SAVService, ""c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe"" ["Sophos plc"] Sophos Anti-Virus status reporter, SAVAdminService, ""c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe"" ["Sophos plc"] Sophos AutoUpdate Service, Sophos AutoUpdate Service, ""c:\Program Files\Sophos\AutoUpdate\ALsvc.exe"" ["Sophos plc"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 35 seconds, including 18 seconds for message boxes) Ik hoop dat je hier wat mee kunt!! Groetjes, Jan :roll:
  • Oh ja, De regel O4 - HKLM\..\Run: [hgqhp.exe] C:\WINDOWS\system32\hgqhp.exe Kwam niet naar voren in veilige modus! Nu zie ik dat hij er gewoon weer vrolijk bij staat.... Misschien kan dit bijdragen tot de oplossing! Nogmaals groetjes en bedankt alvast!
  • Ik vreesde het al een beetje dat alles niet opgelost zou zijn, maar ik moest even zekerheid hebben over deze infectie. Hopelijk doet het tooltje zijn werk. Print deze instructies uit, want tijdens deze fix ben je genoodzaakt de computer te herstarten. Download FixWareout van één van deze locaties: http://downloads.subratam.org/Fixwareout.exe http://swandog46.geekstogo.com/Fixwareout.exe Plaatst het op de bureaublad en start het. Klik op "Next", daarna op "Install". Zorg dat "Run Fixit" aangevinkt is en klik dan op "Finish". Volg de aanwijzingen op het scherm. Als je gevraagd wordt om de computer opnieuw te starten doe je dit. Het zal wat langer duren voor de computer opnieuw volledig opgestart is. Dit is normaal. Wanneer de computer opnieuw start, volg je de aanwijzingen op het scherm. Als hijackthis opent klik je op "Scan" en daarna vink je de volgende sleutels aan om te fixen: [b:fe12adb100]O4 - HKLM\..\Run: [dmgtb.exe] C:\WINDOWS\system32\dmgtb.exe O4 - HKLM\..\Run: [hgqhp.exe] C:\WINDOWS\system32\hgqhp.exe O4 - HKCU\..\Run: [desktop] C:\WINDOWS\system32\idemlog.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{07E67BC4-31D7-4B26-A942-875BB575ECF0}: NameServer = 85.255.114.18,85.255.112.64 O17 - HKLM\System\CCS\Services\Tcpip\..\{550A2414-450A-4E16-97FF-5662B6BE68CD}: NameServer = 85.255.114.18,85.255.112.64 O17 - HKLM\System\CS1\Services\Tcpip\..\{07E67BC4-31D7-4B26-A942-875BB575ECF0}: NameServer = 85.255.114.18,85.255.112.64[/b:fe12adb100] Klik daarna op "Fix Checked". Sluit Hijackthis en klik op de knop "Proceed". Ga naar het Configuratiescherm en klik op "Netwerkverbindingen". Rechtsklik op je standaard verbinding en kies "Eigenschappen". Klik op het tabblad "Algemeen" en dubbelklik op "Internet-Protocol (TCP/IP)". Selecteer "Automatisch een DNS-serveradres laten toewijzen". Herstart de computer opnieuw. Zoek het bestand c\fixwareout\report.txt en post de inhoud van dit bestandje. Maak een nieuwe hijackthislog en post deze.
  • Fantastisch!! Bedank voor je hulp! Ik hoop niet dat ik te vroeg juich, maar het ziet er goed uit geloof ik. Zoals je gevraagd had hier nog even mijn nieuwe log: Logfile of HijackThis v1.99.1 Scan saved at 19:46:24, on 9-12-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Sophos\AutoUpdate\ALMon.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe c:\Program Files\Sophos\AutoUpdate\ALsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [anvshell] anvshell.exe O4 - HKLM\..\Run: [LiveNote] livenote.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129659285857 O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe O23 - Service: Sophos Anti-Virus (SAVService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe O23 - Service: Sophos AutoUpdate Service - Sophos plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe En het rapport van fixwareout: Fixwareout ver 1.003 Last edited 12/5/2005 Post this report in the forums please Reg Entries that were deleted PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. »»»»» Search by size and names... C:\WINDOWS\SYSTEM32\CSAQI.EXE C:\WINDOWS\SYSTEM32\CSBGV.EXE »»»»» Misc files »»»»» Checking for older varients covered by the Rem3 tool Ziet dit er goed uit? Nogmaals hartelijk dank hoor!! Groetjes, Jan :D :D :D :D :D :D :P :P
  • Download [url=http://www.bleepingcomputer.com/files/reglook.php]reglook.zip[/url]. Unzip het in een eigen map. Dubbelkik op runme.bat. Er wordt een logje gemaakt dat reglook.log noemt. Post de inhoud van dit logje.
  • Hoi ben ik weer, Hier het bestandje. A reg_look by IMM ---------------------------------------- Handle OK. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows (key has 0 subkeys and 7 value entries - last modified 15:41(UTC) 18/10/2005) [AppInit_DLLs] = "" (REG_SZ) ---------------------------------------- Handle OK. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon (key has 4 subkeys and 31 value entries - last modified 18:44(UTC) 09/12/2005) [Userinit] = "userinit.exe" (REG_SZ) ---------------------------------------- Handle OK. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\boot (key has 0 subkeys and 5 value entries - last modified 15:41(UTC) 18/10/2005) [Shell] = "SYS:Microsoft\Windows NT\CurrentVersion\Winlogon" (REG_SZ) ---------------------------------------- Ben ik nu schoon?
  • Sluit alle open vensters, run HijackThis nog een keer en plaats een vinkje bij de volgende items: [b:cb54e49034]F2 - REG:system.ini: UserInit=userinit.exe[/b:cb54e49034] Klik daarna op "Fix checked" en sluit HijackThis af. Start CCleaner en klik op de knop "opschonen". Deze bestanden kan je nog verwijderen indien ze aanwezig zijn: C:\WINDOWS\SYSTEM32\CSAQI.EXE C:\WINDOWS\SYSTEM32\CSBGV.EXE Doe deze online-scan: http://www.pandasoftware.com/activescan/com/activescan_principal.htm Na het scannen krijg je de mogelijkheid om het logje op te slaan. Doe dit. Post de inhoud van dat logje.
  • Hoi, heb weer alles uitgevoerd en inderdaad, er is nog wat gevonden!! Hier had ik dus zelf nooit achtergekomen. Hier het logje van de pandascan: Incident Status Location Virus:Trj/Downloader.FFZ Disinfected C:\RECYCLER\S-1-5-21-796845957-484763869-1343024091-1004\Dc1.exe Virus:Trj/Downloader.FFZ Disinfected C:\RECYCLER\S-1-5-21-796845957-484763869-1343024091-1004\Dc2.exe Thanks again!! :D :D :D
  • Maak je prullenbak leeg en het probleem zou opgelost moeten zijn.. Maak nog even een nieuwe Hijackthislog.
  • Alles lijkt oke hier. Nogmaals heel erg bedankt!! Groetjes, Jan :D :D :D
  • Graag gedaan Jan. Best dat je nog even alle bestaande systeemherstelpunten wist: Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in. [url=http://users.pandora.be/marcvn/spyware/1852808.htm]Systeemherstel uitschakelen[/url]. Nog wat tips: Bezoek regelmatig de [url=http://www.windowsupdate.com]Windows Update Site[/url]. Alleen zo ben je zeker dat je de nieuwste patches voor je besturingssysteem geïnstalleerd hebt. Als er nieuwe updates beschikbaar zijn, dan dowload en installeer je alle essentiële updates en service packs. Reboot je computer en controleer opnieuw. Herhaal deze procedure tot dat er geen essentiële updates meer zijn. Installeer ook [url=http://www.javacoolsoftware.com/spywareblaster.html]SpywareBlaster[/url] en [url=http://www.javacoolsoftware.com/spywareguard.html]Spywareguard[/url]. Gebruik je de laatste versie van Spybot Search & Destroy, en je maakt gebruik van de realtime protectie TeaTimer, dan moet je Spywareguard niet installeren. Meer info over hoe je een nieuwe infectie kan voorkomen vind [url=http://users.pandora.be/marcvn/spyware/1564073.htm]hier[/url]. Happy surfing again. :wink:

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.