Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

[Hijackthis] Herhaaldelijke foutmelding

Abraham54
12 antwoorden
  • Hallo, mijn systeem heeft nu zo'n week last van om de paar tellen foutmeldingen te geven in de vorm van '' Mozilla Firefox has stopped working '' en '' Windows Explorer has stopped working ''. Het gebeurt voornamelijk bij het openen van mappen of items in mappen.

    Heb mijn PC meerdere malen gescand en waar nodig gefixt, maar dit probleem blijft zich voordoen. Veranderen van browser helpt niet.

    Hierbij de HiJackThis:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 6:48:44 PM, on 7/3/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16446)
    Boot mode: Normal

    Running processes:
    C:\Users\ALEX\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Program Files (x86)\uTorrent\uTorrent.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Users\ALEX\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kurs.ru/index0.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    O4 - HKLM\..\Run: [HKLM] C:\Program Files (x86)\Adobe\reader.exe
    O4 - HKCU\..\Run: [HKCU] C:\Program Files (x86)\Adobe\reader.exe
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: Dropbox.lnk = C:\Users\ALEX\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32
    etlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    End of file - 9525 bytes
  • We beginnen met MBAM:

    [b:f460c05f38]Welk programma[/b:f460c05f38]:
  • Bij deze:

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.07.04.03

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    ALEX :: ALEX-PC [administrator]

    7/4/2012 11:59:07 AM
    mbam-log-2012-07-04 (11-59-07).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 206410
    Time elapsed: 2 minute(s), 7 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 2
    HKCR\CLSID\{8BIH02YO-2403-QO67-O280-W0EKGX473E73} (Backdoor.HMCPol.Gen) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{8BIH02YO-2403-QO67-O280-W0EKGX473E73} (Backdoor.HMCPol.Gen) -> Quarantined and deleted successfully.

    Registry Values Detected: 2
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|HKCU (Backdoor.HMCPol.Gen) -> Data: C:\Program Files (x86)\Adobe\reader.exe -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|HKLM (Backdoor.HMCPol.Gen) -> Data: C:\Program Files (x86)\Adobe\reader.exe -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Users\ALEX\AppData\Roaming\9 1\rundll32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Adobe\reader.exe (Backdoor.HMCPol.Gen) -> Quarantined and deleted successfully.

    (end)
  • Je moet ervan uitgaan dat er zo mogelijk identiteitsdiefstal heeft plaatsgevonden!
    Daarbij moet je denken aan inlogwachtwoorden, jouw e-mailaccountgegegevens en meer.
    Heb je ook nog geïnternetbankiert, dan kunnen je bankgegevens ook gecompromitteerd zijn!


    [b:d09599ee0d]Welk programma[/b:d09599ee0d]:
  • Ik kreeg inderdaad de melding dat de registersleutel verwijderd zou worden, heb mijn PC opnieuw opgestart en nu doet ie het (voorzover) weer als voorheen, zonder foutmeldingen. Opgelost dus. Heel erg bedankt!
  • Wil je het log alsnog posten.
    Want de infektie in jouw Windows en de maatregelen die je daarom moet nemen zijn niet mis.
  • In het begin heb ik je geadviseerd om de log te verplaatsen naar Beveiliging & Privacy als je geholpen wilde worden.
    Nu word je geholpen en als je denkt dat het al gebeurd is stop je terwijl de helper Abraham54 je nog vraagt om nog meer te onderzoeken, t.w. Combofix doe dat dan!!! Misschien moet er nog wel meer gedaan worden.
    En stop niet eerder dan dat je dat verteld wordt, veel succes verder.
  • Bij deze: ComboFix 12-07-04.01 - ALEX 07/04/2012 12:36:17.1.4 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4007.2874 [GMT 2:00]
    Running from: c:\users\ALEX\Downloads\ComboFix.exe
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\users\ALEX\AppData\Roaming\9 1
    c:\users\ALEX\AppData\Roaming\9 1\_ctypes.pyd
    c:\users\ALEX\AppData\Roaming\9 1\_hashlib.pyd
    c:\users\ALEX\AppData\Roaming\9 1\_socket.pyd
    c:\users\ALEX\AppData\Roaming\9 1\_ssl.pyd
    c:\users\ALEX\AppData\Roaming\9 1\bat.bat
    c:\users\ALEX\AppData\Roaming\9 1\boost_python-vc90-mt-1_39.dll
    c:\users\ALEX\AppData\Roaming\9 1\bt.lnk
    c:\users\ALEX\AppData\Roaming\9 1\bz2.pyd
    c:\users\ALEX\AppData\Roaming\9 1\j.exe
    c:\users\ALEX\AppData\Roaming\9 1\l3.lnk
    c:\users\ALEX\AppData\Roaming\9 1\library.zip
    c:\users\ALEX\AppData\Roaming\9 1\msvcp90.dll
    c:\users\ALEX\AppData\Roaming\9 1
    umpy.core._dotblas.pyd
    c:\users\ALEX\AppData\Roaming\9 1
    umpy.core._sort.pyd
    c:\users\ALEX\AppData\Roaming\9 1
    umpy.core.multiarray.pyd
    c:\users\ALEX\AppData\Roaming\9 1
    umpy.core.scalarmath.pyd
    c:\users\ALEX\AppData\Roaming\9 1
    umpy.core.umath.pyd
    c:\users\ALEX\AppData\Roaming\9 1
    umpy.fft.fftpack_lite.pyd
    c:\users\ALEX\AppData\Roaming\9 1
    umpy.lib._compiled_base.pyd
    c:\users\ALEX\AppData\Roaming\9 1
    umpy.linalg.lapack_lite.pyd
    c:\users\ALEX\AppData\Roaming\9 1
    umpy.random.mtrand.pyd
    c:\users\ALEX\AppData\Roaming\9 1\phatk.cl
    c:\users\ALEX\AppData\Roaming\9 1\pyopencl._cl.pyd
    c:\users\ALEX\AppData\Roaming\9 1\python26.dll
    c:\users\ALEX\AppData\Roaming\9 1\select.pyd
    c:\users\ALEX\AppData\Roaming\9 1\settings.txt
    c:\users\ALEX\AppData\Roaming\9 1\svchost.exe
    c:\users\ALEX\AppData\Roaming\9 1\svchost2.exe
    c:\users\ALEX\AppData\Roaming\9 1\unicodedata.pyd
    c:\users\ALEX\AppData\Roaming\9 1\w9xpopen.exe
    c:\windows\SysWow64\muzapp.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-04 09:57 . 2012-07-04 09:57 ——– d—–w- c:\users\ALEX\AppData\Roaming\Malwarebytes
    2012-07-04 09:57 . 2012-07-04 09:57 ——– d—–w- c:\programdata\Malwarebytes
    2012-07-04 09:57 . 2012-07-04 09:57 ——– d—–w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-07-04 09:57 . 2012-04-04 13:56 24904 —-a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-03 09:50 . 2012-07-03 09:50 ——– d—–w- c:\program files (x86)\Mozilla Maintenance Service
    2012-07-03 09:50 . 2012-07-03 09:50 770384 —-a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
    2012-07-03 09:50 . 2012-07-03 09:50 421200 —-a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
    2012-07-03 09:50 . 2012-07-03 09:50 157608 —-a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
    2012-07-03 09:50 . 2012-07-03 09:50 113120 —-a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
    2012-07-01 20:08 . 2012-07-01 20:08 ——– d—–w- c:\program files\Microsoft Synchronization Services
    2012-07-01 20:08 . 2012-07-01 20:08 ——– d—–w- c:\windows\PCHEALTH
    2012-07-01 20:08 . 2012-07-01 20:08 ——– d—–w- c:\program files\Microsoft Sync Framework
    2012-07-01 20:08 . 2012-07-01 20:08 ——– d—–w- c:\program files\Microsoft SQL Server Compact Edition
    2012-07-01 20:07 . 2012-07-01 20:07 ——– d—–w- c:\program files (x86)\Microsoft Visual Studio 8
    2012-07-01 20:06 . 2012-07-01 20:06 ——– d—–w- c:\program files\Microsoft Analysis Services
    2012-07-01 20:06 . 2012-07-01 20:06 ——– d—–w- c:\program files (x86)\Microsoft Analysis Services
    2012-07-01 20:05 . 2012-07-01 20:05 ——– d—–r- C:\MSOCache
    2012-06-28 22:24 . 2012-06-28 22:24 ——– d—–w- c:\users\ALEX\AppData\Local\GlobalSCAPE
    2012-06-28 22:24 . 2012-06-28 22:24 ——– d—–w- c:\programdata\GlobalSCAPE
    2012-06-28 22:24 . 2012-06-28 22:24 ——– d—–w- c:\users\ALEX\AppData\Roaming\GlobalSCAPE
    2012-06-28 22:24 . 2012-06-28 22:24 ——– d—–w- c:\program files (x86)\GlobalSCAPE
    2012-06-28 22:19 . 2012-06-28 22:20 ——– d—–w- c:\windows\SysWow64\E177E04D548C4006A465EEB92D3DE021
    2012-06-28 22:19 . 2006-07-25 05:42 606293 —-a-w- c:\windows\SysWow64\wbocx.ocx
    2012-06-28 22:19 . 2006-07-25 05:42 50688 —-a-w- c:\windows\SysWow64\wbhelp2.dll
    2012-06-28 22:19 . 2012-06-28 22:19 ——– d—–w- c:\program files (x86)\Ipswitch
    2012-06-28 22:18 . 2005-11-13 21:22 757760 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
    2012-06-28 22:18 . 2005-11-13 21:22 69715 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
    2012-06-28 22:18 . 2005-11-13 21:21 274432 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
    2012-06-28 22:18 . 2005-11-13 21:20 204800 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
    2012-06-28 22:18 . 2005-11-13 21:19 65024 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
    2012-06-28 22:18 . 2005-11-13 21:19 5632 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
    2012-06-28 22:18 . 2012-06-28 22:18 331908 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
    2012-06-28 22:18 . 2012-06-28 22:18 200836 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
    2012-06-24 18:59 . 2012-06-24 18:59 ——– d—–w- c:\users\ALEX\AppData\Local\Skyrim
    2012-06-24 18:53 . 2012-06-24 18:59 ——– d—–w- c:\program files (x86)\The Elder Scrolls V Skyrim
    2012-06-23 18:38 . 2012-07-01 16:14 ——– d—–w- c:\programdata\Spybot - Search & Destroy
    2012-06-23 18:38 . 2012-07-01 16:14 ——– d—–w- c:\program files (x86)\Spybot - Search & Destroy
    2012-06-23 18:31 . 2012-06-23 18:31 250 —-a-w- C:\user.js
    2012-06-22 22:38 . 2012-06-22 22:38 ——– d—–w- c:\programdata\Arturia
    2012-06-19 23:03 . 2012-06-19 23:03 ——– d—–w- c:\users\ALEX\AppData\Local\Mixed_In_Key_LLC
    2012-06-19 23:03 . 2012-06-19 23:03 ——– d—–w- c:\users\ALEX\AppData\Local\Mixed In Key
    2012-06-18 09:32 . 2012-06-18 09:32 ——– d—–w- c:\program files (x86)\Microsoft Chart Controls
    2012-06-16 02:15 . 2012-06-16 02:16 ——– d—–w- c:\users\ALEX\AppData\Local\SniperV2
    2012-06-16 02:08 . 2012-06-16 02:08 ——– d—–w- c:\program files (x86)\Rebellion
    2012-06-14 13:57 . 2012-06-14 13:57 ——– d—–w- c:\program files (x86)\Common Files\Software Update Utility
    2012-06-08 13:35 . 2012-06-08 13:35 ——– d—–w- c:\program files\CCleaner
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-23 22:02 . 2012-05-23 22:22 90888004 —-a-w- c:\program files (x86)\Samsung Kies.msi
    2012-05-15 21:43 . 2009-07-14 02:36 175616 —-a-w- c:\windows\system32\msclmd.dll
    2012-05-15 21:43 . 2009-07-14 02:36 152576 —-a-w- c:\windows\SysWow64\msclmd.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 —-a-w- c:\users\ALEX\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 —-a-w- c:\users\ALEX\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 —-a-w- c:\users\ALEX\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-07-03 904080]
    .
    c:\users\ALEX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\ALEX\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
    R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-12-08 36328]
    R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2010-11-15 121832]
    R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2010-11-15 364520]
    R3 automap;Automap MIDI Driver Service;c:\windows\system32\DRIVERS\automap.sys [2009-10-16 11264]
    R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-20 276248]
    R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [2010-03-30 26752]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-03 113120]
    R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers
    pf.sys [2010-06-25 35344]
    R3 NvnUsbAudio;Novation USB Audio Driver;c:\windows\system32\DRIVERS
    vnusbaudio.sys [2010-05-26 55296]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
    R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-02-08 84568]
    R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-04-05 60504]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-12-08 157672]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-12-08 16872]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-12-08 177640]
    R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-12-08 146920]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-16 1255736]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-13 279616]
    S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-04-05 253528]
    S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-04-05 94296]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-06-25 76912]
    S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-02-08 84568]
    .
    .
    — Other Services/Drivers In Memory —
    .
    *NewlyCreated* - WS2IFSL
    .
    .
    ——— X64 Entries ———–
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 —-a-w- c:\users\ALEX\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 —-a-w- c:\users\ALEX\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 —-a-w- c:\users\ALEX\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 —-a-w- c:\users\ALEX\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ——- Supplementary Scan ——-
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://kurs.ru/index0.html
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.2.254
    FF - ProfilePath - c:\users\ALEX\AppData\Roaming\Mozilla\Firefox\Profiles\83kx9hpq.default\
    FF - prefs.js: browser.startup.homepage - about:home
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(extensions.BabylonToolbar_i.babTrack, affID=109868&tt=060612_8_
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.id - 4cfdaeef00000000000014dae9ec09e4
    FF - user.js: extensions.BabylonToolbar_i.hardId - 4cfdaeef00000000000014dae9ec09e4
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15514
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:31
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
    "ImagePath"="\??\c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64"
    .
    ——————— LOCKED REGISTRY KEYS ———————
    .
    [HKEY_USERS\S-1-5-21-321171748-2839810000-1812142625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*2* ¸ýh]
    @Class="Shell"
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_USERS\S-1-5-21-321171748-2839810000-1812142625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*2* ¸ýh\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-321171748-2839810000-1812142625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*2*Í»ýh]
    @Class="Shell"
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_USERS\S-1-5-21-321171748-2839810000-1812142625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*2*Í»ýh\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-321171748-2839810000-1812142625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*i*zNAA\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ———————— Other Running Processes ————————
    .
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-04 12:45:36 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-04 10:45
    .
    Pre-Run: 537,784,295,424 bytes free
    Post-Run: 537,435,807,744 bytes free
    .
    - - End Of File - - F96A15209F443C6199AF22539E55EDB0










  • Ga naar http://www.pcwebplus.nl/phpbb/viewtopic.php?f=222&t=5673 alwaar je kan lezen hoe Babylon uit Firefox te krijgen.

    En doe ook het volgende:

    [b:83808df248]Welk programma[/b:83808df248]:
  • Bij deze: Emsisoft Emergency Kit - Version 2.0
    Last update: 7/4/2012 1:24:23 PM

    Scan settings:

    Scan type: Deep Scan
    Objects: Rootkits, Memory, Traces, C:\
    Scan archives: On
    ADS Scan: On

    Scan start: 7/4/2012 1:24:43 PM

    C:\Windows\SysWOW64\WgaTray.exe detected: Riskware.Crack.WgaTray!E2
    C:\Windows\System32\WgaTray.exe detected: Riskware.Crack.WgaTray!E2
    C:\Users\ALEX\Games\Unreal Tournament 2004\UT2004 Keygen (XP only).exe detected: Riskware.Keygen.UT2004!E2
    C:\Users\ALEX\Downloads\CuteFTP Pro v8.3.4 Cracked {projectmyskills}\CuteFTP Pro v8.3.4 Cracked {projectmyskills}.rar -> Get Your Software Here\Patch\patch.exe detected: possible-Thread.Patch.GC!E2
    C:\Qoobox\Quarantine\C\Users\ALEX\AppData\Roaming\9 1\svchost2.exe.vir detected: Trojan-Dropper.Win32.Injector!E2
    C:\Program Files (x86)\Warcraft III Reign of Chaos & The Frozen Throne\support\config.exe detected: Win32.Delf!E2
    C:\Program Files (x86)\Native Instruments\FM8\FM8.exe detected: Backdoor.Win32.Ciadoor!E2
    C:\Program Files (x86)\Native Instruments\Elektrik Piano 1.5\Elektrik Piano 1.5.exe detected: Virus.Win32.Injector!E2
    C:\Program Files (x86)\Native Instruments\B4 II\B4 II.exe detected: Virus.Win32.Injector!E2

    Scanned 782192
    Found 9

    Scan end: 7/4/2012 2:29:46 PM
    Scan time: 1:05:03

    C:\Program Files (x86)\Native Instruments\Elektrik Piano 1.5\Elektrik Piano 1.5.exe Deleted Virus.Win32.Injector!E2
    C:\Program Files (x86)\Native Instruments\B4 II\B4 II.exe Deleted Virus.Win32.Injector!E2
    C:\Program Files (x86)\Native Instruments\FM8\FM8.exe Deleted Backdoor.Win32.Ciadoor!E2
    C:\Program Files (x86)\Warcraft III Reign of Chaos & The Frozen Throne\support\config.exe Deleted Win32.Delf!E2
    C:\Qoobox\Quarantine\C\Users\ALEX\AppData\Roaming\9 1\svchost2.exe.vir Deleted Trojan-Dropper.Win32.Injector!E2
    C:\Users\ALEX\Downloads\CuteFTP Pro v8.3.4 Cracked {projectmyskills}\CuteFTP Pro v8.3.4 Cracked {projectmyskills}.rar -> Get Your Software Here\Patch\patch.exe Deleted possible-Thread.Patch.GC!E2
    C:\Users\ALEX\Games\Unreal Tournament 2004\UT2004 Keygen (XP only).exe Deleted Riskware.Keygen.UT2004!E2
    C:\Windows\SysWOW64\WgaTray.exe Deleted Riskware.Crack.WgaTray!E2

    Deleted 8
  • Wat overigens ook interessant is; bij het opstarten van sommige programma's (bijv. AIM) krijg ik een Print-venster voor mijn neus. Erg vreemd.
  • Ik kijk er dankzij het Emisoft log er niet van op dat er vreemde dingen in jouw Windows gebeuren.
    Feitelijk heb je het allemaal zelf veroorzaakt.
    Zo te zien is jouw Windows ook niet legaal!

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.