Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

smart antivirus 2009

None
8 antwoorden
  • beste mensen,

    helaas heb ik ook het smart antivirus op mijn computer staan, ik heb alles geprobeert maar ik kan hem niet weg krijgen. Zou een van jullie naar mijn hijackthis file willen kijken wat ik kan hier helaas niet wijs uit worden.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:10:51, on 14-10-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\NDAS\System
    dassvc.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {B2ADB537-AFF6-4D72-BA77-DA012A6FDEA6} - (no file)
    O3 - Toolbar: (no name) - {E01D0ACE-25AC-4353-87EF-6CB2B368E3C7} - (no file)
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - Winlogon Notify: sSmNHyYo - sSmNHyYo.dll (file missing)
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System
    dassvc.exe


    End of file - 3070 bytes

    met vriendelijk groeten,

    jeroen schippers
  • Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

    [b:d5734e44ba]R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: (no name) - {B2ADB537-AFF6-4D72-BA77-DA012A6FDEA6} - (no file)
    O3 - Toolbar: (no name) - {E01D0ACE-25AC-4353-87EF-6CB2B368E3C7} - (no file)
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
    O20 - Winlogon Notify: sSmNHyYo - sSmNHyYo.dll (file missing)[/b:d5734e44ba]

    Klik op 'Fix checked' om de items te verwijderen.

    Download [b:d5734e44ba]MBAM (Malwarebytes' Anti-Malware)[/b:d5734e44ba] hier : http://www.besttechie.net/tools/mbam-setup.exe

    Dubbelklik op mbam-setup.exe om het programma te installeren.

    Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".
    Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.
    Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.
    Het scannen kan een tijdje duren, dus wees geduldig.
    Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
    Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.
    Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)
    De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.

    Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.
    Daarna zal het vragen om de computer opnieuw op te starten… dus sta toe dat MBAM de computer opnieuw opstart.

    Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.
  • Hartstikke bedankt voor uw reactie. dit zijn de uitslagen, maar helaas blijft het virus terug komen.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:39: VIRUS ALERT!, on 15-10-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Documents and Settings\Fam. Schippers\Application Data\Adobe\Player.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\NDAS\System
    dassvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: QXK Olive - {9D16A7EE-E00A-4BFA-A976-308772A47699} - C:\WINDOWS\grfxbanogtl.dll
    O3 - Toolbar: rosqxvmn - {7C554665-B775-4305-BAE6-E310B361F216} - C:\WINDOWS\rosqxvmn.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKCU\..\Run: [Player] C:\Documents and Settings\Fam. Schippers\Application Data\Adobe\Player.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O21 - SSODL: ngwstxfd - {2DA4B0CC-8AB8-4981-9A15-559565FF7474} - C:\WINDOWS
    gwstxfd.dll
    O21 - SSODL: qrbgltos - {86FB5B86-C9B6-467D-8EFD-22DB04248C6D} - C:\WINDOWS\qrbgltos.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System
    dassvc.exe
    O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

    Malwarebytes' Anti-Malware 1.28
    Database versie: 1274
    Windows 5.1.2600 Service Pack 2

    15-10-2008 21:29:22
    mbam-log-2008-10-15 (21-29-22).txt

    Scan type: Snelle Scan
    Objecten gescand: 41783
    Verstreken tijd: 1 minute(s), 23 second(s)

    Geheugenprocessen geïnfecteerd: 2
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 12
    Registerwaarden geïnfecteerd: 4
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 3
    Bestanden geïnfecteerd: 14

    Geheugenprocessen geïnfecteerd:
    C:\Documents and Settings\Fam. Schippers\Local Settings\Temp\sft_ver1.1454.0.exe (Trojan.FakeAlert) -> Unloaded process successfully.
    C:\Documents and Settings\Fam. Schippers\Local Settings\Temp\pwrmgr.exe (Rogue.Installer) -> Unloaded process successfully.

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:
    HKEY_CLASSES_ROOT\TypeLib\{add2e186-bb87-4453-97c5-c3db33f1b28a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{991c0136-81e2-4aa6-9e64-fcd38d02ca2a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7c554665-b775-4305-bae6-e310b361f216} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{1f62619c-16d1-45ef-bae0-9ddf1b4e2a2d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{22eb5fb3-22a5-43b2-b08c-5aea7070e1d8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{fbad69c2-cfec-437a-9c20-99c0fbafea26} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{81dad4db-bfa2-4e0a-a5f0-971f1c1918f6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{c9595659-a3df-4597-bb0a-9a8353b1146c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{d820ee46-f740-4992-965c-596e5ddb7d71} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d16a7ee-e00a-4bfa-a976-308772a47699} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9d16a7ee-e00a-4bfa-a976-308772a47699} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registerwaarden geïnfecteerd:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smart antivirus-2009.exe (Rogue.Installer) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7c554665-b775-4305-bae6-e310b361f216} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\qrbgltos (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
    gwstxfd (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    m.v.g jeroen schippers
  • Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

    [b:ef4db834a9]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    O2 - BHO: QXK Olive - {9D16A7EE-E00A-4BFA-A976-308772A47699} - C:\WINDOWS\grfxbanogtl.dll
    O3 - Toolbar: rosqxvmn - {7C554665-B775-4305-BAE6-E310B361F216} - C:\WINDOWS\rosqxvmn.dll
    O4 - Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O21 - SSODL: ngwstxfd - {2DA4B0CC-8AB8-4981-9A15-559565FF7474} - C:\WINDOWS
    gwstxfd.dll
    O21 - SSODL: qrbgltos - {86FB5B86-C9B6-467D-8EFD-22DB04248C6D} - C:\WINDOWS\qrbgltos.dll
    O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm[/b:ef4db834a9]

    Klik op 'Fix checked' om de items te verwijderen.

    Maak dan een nieuw logje met HJT, laat even weten hoe het staat … en dan kijken we weer verder.
  • wederom bedankt voor uu kw reactie. Ik ben er achter gekomen dat onder >start>alle programma's> de programma's rapid antivius en smart antivirus blijven staan ondanks alle scans die ik heb gedaan. Ik kan deze progs niet terug vinden in het configuratiescherm en hierdoor niet verwijderen.

    dit de nieuwe uitkomst vam hjt

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:12:50, on 17-10-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\xsvmbwnu.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\NDAS\System
    dassvc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKCU\..\Run: [Player] C:\Documents and Settings\Fam. Schippers\Application Data\Adobe\Player.exe
    O4 - HKCU\..\Run: [EnStr] C:\WINDOWS\system32\xsvmbwnu.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - AppInit_DLLs: C:\WINDOWS\system32\karna.dat
    O20 - Winlogon Notify: efcDTLET - efcDTLET.dll (file missing)
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System
    dassvc.exe
    O24 - Desktop Component 0: Privacy Protection - (no file)


    End of file - 2636 bytes

    bvd groeten jeroen
  • Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

    [b:d79221959c]O4 - HKCU\..\Run: [EnStr] C:\WINDOWS\system32\xsvmbwnu.exe
    O20 - AppInit_DLLs: C:\WINDOWS\system32\karna.dat
    O20 - Winlogon Notify: efcDTLET - efcDTLET.dll (file missing)
    O24 - Desktop Component 0: Privacy Protection - (no file)[/b:d79221959c]

    Klik op 'Fix checked' om de items te verwijderen.

    Download [b:d79221959c]Combofix[/b:d79221959c] hier :
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe en zet het op je Bureaublad.

    Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

    Dubbelklik op Combofix.exe en volg de instructies, aanvaard de disclaimer door y te typen. Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.

    Indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
    Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

    Hang het log van Combofix aan je volgende bericht, samen met een nieuw log van HJT.
  • combofix log:
    ComboFix 08-10-16.08 - Fam. Schippers 2008-10-17 18:43:21.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.715 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\Fam. Schippers\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt

    [b:27ecb733dd]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !![/b:27ecb733dd][/color:27ecb733dd]
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\Documents and Settings\Fam. Schippers\Application Data\Adobe\crc.dat
    C:\Documents and Settings\Fam. Schippers\Application Data\Adobe\Player.exe
    C:\Documents and Settings\Fam. Schippers\Application Data\Adobe\Player.exe.bak
    C:\Documents and Settings\Fam. Schippers\Cookies\axer.sys
    C:\Documents and Settings\Fam. Schippers\Cookies\uzecas.dat
    C:\WINDOWS\ShellIcon32.dll
    C:\WINDOWS\system32\dgibsvte.ini
    C:\WINDOWS\system32\UuFMUFii.ini
    C:\WINDOWS\system32\UuFMUFii.ini2

    —– BITS: Mogelijk geïnfecteerde sites —–

    hxxp://78.157.143.163
    hxxp://78.157.143.198
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-09-17 to 2008-10-17 ))))))))))))))))))))))))))))))
    .

    2008-10-17 17:03 . 2008-10-17 17:03 <DIR> d——– C:\Documents and Settings\All Users\Application Data\kpqvgzer
    2008-10-15 21:53 . 2008-10-15 21:53 <DIR> d——– C:\Program Files\TweakNow RegCleaner Std
    2008-10-15 21:46 . 2008-10-15 21:46 <DIR> d——– C:\Documents and Settings\All Users\Application Data\avgrkhgr
    2008-10-15 20:15 . 2008-10-15 20:15 <DIR> d——– C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-15 20:15 . 2008-10-15 20:15 <DIR> d——– C:\Documents and Settings\Fam. Schippers\Application Data\Malwarebytes
    2008-10-15 20:15 . 2008-10-15 20:15 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-15 20:15 . 2008-09-10 00:04 38,528 –a—— C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-10-15 20:15 . 2008-09-10 00:03 17,200 –a—— C:\WINDOWS\system32\drivers\mbam.sys
    2008-10-15 17:18 . 2008-10-15 17:18 <DIR> d——– C:\Documents and Settings\Fam. Schippers\Application Data\[u:27ecb733dd]0[/u:27ecb733dd]000005738
    2008-10-13 23:36 . 2008-10-15 20:31 <DIR> dr-h—– C:\Documents and Settings\Fam. Schippers\Onlangs geopend
    2008-10-13 23:05 . 2008-10-14 20:33 <DIR> d——– C:\Program Files\Hitman Pro 3
    2008-10-13 23:05 . 2008-10-17 18:22 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Hitman Pro 3
    2008-10-13 23:05 . 2008-10-13 23:14 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Hitman Pro
    2008-10-13 22:50 . 2008-10-13 22:50 <DIR> d——– C:\Program Files\Trend Micro
    2008-10-13 21:24 . 2008-10-13 21:24 <DIR> d——– C:\Documents and Settings\All Users\Application Data\xgbsfkbk
    2008-10-13 20:39 . 2008-10-13 20:56 <DIR> d——– C:\WINDOWS\tmp
    2008-10-13 20:31 . 2008-10-13 20:31 <DIR> d——– C:\Program Files\Lavasoft
    2008-10-13 20:31 . 2008-10-13 20:32 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-10-13 20:14 . 2008-10-13 20:14 19,793 –a—— C:\Documents and Settings\Fam. Schippers\Application Data
    eqyty.scr
    2008-10-13 20:14 . 2008-10-13 20:14 19,724 –a—— C:\WINDOWS\system32\olal.dat
    2008-10-13 20:14 . 2008-10-13 20:14 18,857 –a—— C:\WINDOWS\ajulebepi.sys
    2008-10-13 20:14 . 2008-10-13 20:14 18,743 –a—— C:\Program Files\Common Files\moqyk.bin
    2008-10-13 20:14 . 2008-10-13 20:14 16,777 –a—— C:\WINDOWS\giwije.ban
    2008-10-13 20:14 . 2008-10-13 20:14 14,988 –a—— C:\Documents and Settings\Fam. Schippers\Application Data\ylyp.exe
    2008-10-13 20:14 . 2008-10-13 20:14 13,653 –a—— C:\WINDOWS\bosofogivi.com
    2008-10-13 20:14 . 2008-10-13 20:14 12,033 –a—— C:\WINDOWS\vigozo.bin
    2008-10-13 20:14 . 2008-10-13 20:14 11,399 –a—— C:\WINDOWS\aduqebe.sys
    2008-10-13 19:38 . 2008-10-13 19:38 <DIR> d——– C:\Program Files\Common Files\Wise Installation Wizard
    2008-10-13 18:07 . 2008-10-13 18:08 98,304 –a—— C:\WINDOWS\DUMP4391.tmp
    2008-10-13 18:07 . 2008-10-13 18:09 98,304 –a—— C:\WINDOWS\DUMP4277.tmp
    2008-10-13 16:52 . 2008-10-13 17:10 98,304 –a—— C:\WINDOWS\DUMP4390.tmp
    2008-10-13 16:52 . 2008-10-13 17:05 98,304 –a—— C:\WINDOWS\DUMP42c5.tmp
    2008-10-13 16:52 . 2008-10-13 17:03 98,304 –a—— C:\WINDOWS\DUMP4287.tmp
    2008-10-13 16:52 . 2008-10-13 17:06 98,304 –a—— C:\WINDOWS\DUMP4268.tmp
    2008-10-13 16:52 . 2008-10-13 17:02 98,304 –a—— C:\WINDOWS\DUMP40d1.tmp
    2008-10-12 20:28 . 2008-10-12 20:28 <DIR> d——– C:\Documents and Settings\All Users\Application Data\torqlyvo
    2008-10-12 20:23 . 2008-10-12 20:23 <DIR> d——– C:\Documents and Settings\Fam. Schippers\Application Data\5
    2008-10-11 23:05 . 2008-10-11 23:05 <DIR> d——– C:\Documents and Settings\Fam. Schippers\Application Data\ImgBurn
    2008-10-11 22:46 . 2008-10-11 22:46 <DIR> d——– C:\Program Files\ImgBurn
    2008-10-11 21:40 . 2004-03-02 16:37 125,184 ——— C:\WINDOWS\system32\drivers\imagesrv.sys
    2008-10-11 21:40 . 2004-03-02 16:37 5,504 ——— C:\WINDOWS\system32\drivers\imagedrv.sys
    2008-10-11 21:39 . 2008-10-11 21:39 <DIR> d——– C:\Program Files\Common Files\Ahead
    2008-10-11 21:39 . 2008-10-11 21:39 <DIR> d——– C:\Program Files\Ahead
    2008-10-11 21:39 . 2004-07-26 16:16 1,568,768 ——— C:\WINDOWS\system32\ImagX7.dll
    2008-10-11 21:39 . 2004-07-26 16:16 476,320 ——— C:\WINDOWS\system32\ImagXpr7.dll
    2008-10-11 21:39 . 2004-07-26 16:16 471,040 ——— C:\WINDOWS\system32\ImagXRA7.dll
    2008-10-11 21:39 . 2004-07-26 16:16 262,144 ——— C:\WINDOWS\system32\ImagXR7.dll
    2008-10-11 21:39 . 2001-07-09 10:50 155,648 –a—— C:\WINDOWS\system32\NeroCheck.exe
    2008-10-11 21:39 . 2000-06-26 10:45 106,496 –a—— C:\WINDOWS\system32\TwnLib20.dll
    2008-10-11 20:52 . 2008-10-14 22:28 <DIR> d——– C:\Documents and Settings\Fam. Schippers\Application Data\GrabIt
    2008-10-11 20:44 . 2008-10-11 20:44 <DIR> d——– C:\Program Files\QuickPar
    2008-10-11 20:25 . 2008-10-13 21:01 <DIR> d——– C:\Program Files\GrabIt
    2008-10-11 20:16 . 2008-10-11 20:17 <DIR> d——– C:\Program Files\FTDv3.8
    2008-10-08 10:57 . 2008-06-22 19:14 3,584 –a—— C:\WINDOWS\system32\bootdelete.exe
    2008-10-03 09:45 . 2008-10-03 09:45 <DIR> d——– C:\Program Files\CCleaner
    2008-10-02 17:13 . 2008-10-04 22:58 <DIR> d——– C:\Documents and Settings\Fam. Schippers\Application Data\BitTorrent
    2008-10-01 19:58 . 2008-10-13 23:24 <DIR> d——– C:\Program Files\BitTorrent
    2008-09-30 20:53 . 2008-10-02 17:03 <DIR> d——– C:\Documents and Settings\Fam. Schippers\Application Data\FileZilla
    2008-09-17 17:15 . 2008-09-17 17:18 <DIR> d——– C:\Program Files\Virtual Earth 3D
    2008-09-17 14:38 . 2008-09-17 14:38 <DIR> d——– C:\Program Files\SanDisk

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-13 21:24 ——— d—–w C:\Program Files\BitComet
    2008-10-13 19:37 ——— d—–w C:\Program Files\X-OOM Media Center for Wii
    2008-10-13 18:14 12,862 —-a-w C:\Program Files\Common Files\hefik.lib
    2008-10-13 14:51 98,304 —-a-w C:\WINDOWS\DUMP377b.tmp
    2008-10-13 14:50 98,304 —-a-w C:\WINDOWS\DUMP34bc.tmp
    2008-10-13 11:45 98,304 —-a-w C:\WINDOWS\DUMP37c9.tmp
    2008-10-13 11:44 98,304 —-a-w C:\WINDOWS\DUMP37f8.tmp
    2008-10-12 18:29 81,984 —-a-w C:\WINDOWS\system32\bdod.bin
    2008-10-11 23:42 ——— d—–w C:\Documents and Settings\Fam. Schippers\Application Data\Hamachi
    2008-10-01 15:18 ——— d—–w C:\Program Files\Remote Desktop Control 2
    2008-09-17 12:38 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2008-09-14 14:34 ——— d—–w C:\Program Files\UltraVnc
    2008-09-12 11:22 ——— d—–w C:\Documents and Settings\Fam. Schippers\Application Data\ArcSoft
    2008-09-01 19:40 25,280 —-a-w C:\WINDOWS\system32\drivers\hamachi.sys
    2008-09-01 19:40 ——— d—–w C:\Program Files\Hamachi
    2008-07-18 20:10 94,920 —-a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10 53,448 —-a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10 45,768 —-a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10 36,552 —-a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:09 563,912 —-a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09 325,832 —-a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09 205,000 —-a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09 1,811,656 —-a-w C:\WINDOWS\system32\wuaueng.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2007-07-05 C:\WINDOWS\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2007-06-15 C:\WINDOWS\SkyTel.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "NoDispSettingPage"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\BitComet\\BitComet.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "16650:TCP"= 16650:TCP:BitComet 16650 TCP
    "16650:UDP"= 16650:UDP:BitComet 16650 UDP

    R0 lpx;LPX Protocol;C:\WINDOWS\system32\DRIVERS\lpx.sys [2005-08-11 109184]
    R1 lfsfilt;Lean File Sharing;C:\WINDOWS\system32\DRIVERS\lfsfilt.sys [2005-08-11 120704]
    R3 ndasbus;NDAS Bus Driver;C:\WINDOWS\system32\DRIVERS
    dasbus.sys [2005-08-11 39168]
    S3 hitmanpro3;Hitman Pro 3 Support Driver;C:\WINDOWS\system32\drivers\hitmanpro3.sys [ ]
    S3 HitmanProCrusader;HitmanProCrusader;C:\Documents and Settings\Fam. Schippers\Local Settings\Temp\hitmanpro3\hitmanpro3_rub.exe [ ]
    S3 ndasscsi;NDAS SCSI Miniport Driver;C:\WINDOWS\system32\DRIVERS
    dasscsi.sys [2005-08-11 91392]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - D:\setup.exe

    *Newly Created Service* - CATCHME
    *Newly Created Service* - PROCEXP90
    .
    - - - - ORPHANS VERWIJDERD - - - -

    WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
    HKCU-Run-Player - C:\Documents and Settings\Fam. Schippers\Application Data\Adobe\Player.exe
    ShellExecuteHooks-{B2ADB537-AFF6-4D72-BA77-DA012A6FDEA6} - (no file)
    ShellExecuteHooks-{BCE97A72-640B-4DED-923F-8196FC01F76B} - (no file)


    .
    ——- Bijkomende Scan ——-
    .
    R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
    R0 -: HKLM-Main,Start Page = hxxp://www.google.com
    O8 -: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 -: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 -: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 -: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-17 18:44:05
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2008-10-17 18:44:59
    ComboFix-quarantined-files.txt 2008-10-17 16:44:47

    Pre-Run: 156.113.735.680 bytes beschikbaar
    Post-Run: 156,113,113,088 bytes beschikbaar

    179

    hjt logfile:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:52:37, on 17-10-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\NDAS\System
    dassvc.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: HitmanProCrusader - Unknown owner - C:\Documents and Settings\Fam. Schippers\Local Settings\Temp\hitmanpro3\hitmanpro3_rub.exe (file missing)
    O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System
    dassvc.exe
    O24 - Desktop Component 0: Privacy Protection - (no file)


    End of file - 2830 bytes

    bedankt,

    jeroen
  • Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

    [b:6ea73bdaa8]O24 - Desktop Component 0: Privacy Protection - (no file)[/b:6ea73bdaa8]

    Klik op 'Fix checked' om de items te verwijderen.

    Open een kladblokbestand.

    Kopieer en plak daarin de onderstaande vetgedrukte tekst.

    [b:6ea73bdaa8]File::
    C:\Documents and Settings\Fam. Schippers\Application Data
    eqyty.scr
    C:\WINDOWS\system32\olal.dat
    C:\WINDOWS\ajulebepi.sys
    C:\Program Files\Common Files\moqyk.bin
    C:\WINDOWS\giwije.ban
    C:\Documents and Settings\Fam. Schippers\Application Data\ylyp.exe
    C:\WINDOWS\bosofogivi.com
    C:\WINDOWS\vigozo.bin
    C:\WINDOWS\aduqebe.sys
    C:\WINDOWS\DUMP4391.tmp
    C:\WINDOWS\DUMP4277.tmp
    C:\WINDOWS\DUMP4390.tmp
    C:\WINDOWS\DUMP42c5.tmp
    C:\WINDOWS\DUMP4287.tmp
    C:\WINDOWS\DUMP4268.tmp
    C:\WINDOWS\DUMP40d1.tmp
    C:\WINDOWS\DUMP377b.tmp
    C:\WINDOWS\DUMP34bc.tmp
    C:\WINDOWS\DUMP37c9.tmp
    C:\WINDOWS\DUMP37f8.tmp
    C:\WINDOWS\system32\bdod.bin

    Folder::
    C:\Documents and Settings\All Users\Application Data\kpqvgzer
    C:\Documents and Settings\All Users\Application Data\avgrkhgr
    C:\Documents and Settings\Fam. Schippers\Application Data\0000005738
    C:\Documents and Settings\All Users\Application Data\xgbsfkbk
    C:\WINDOWS\tmp
    C:\Documents and Settings\All Users\Application Data\torqlyvo
    C:\Documents and Settings\Fam. Schippers\Application Data\5[/b:6ea73bdaa8]

    Sla dit bestand op je bureaublad op als CFScript.txt.

    Sleep CFScript.txt in ComboFix.exe
    Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.
    Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

    En laat dan meteen eens weten hoe de zaken nu staan ?

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.