Vraag & Antwoord

Beveiliging & privacy

Win32/Cryptor

13 antwoorden
  • Beste lezer, ik heb sinds gisteren het Cryptor-virus op mijn laptop en wil er graag vanaf. Ik heb eerdere posts over dit virus gelezen, maar aangezien ik niet echt heel veel verstand heb van computers en nog minder van virussen, heb ik niet echt een idee wat ik hier moet posten. AVG geeft me de melding (bij het opstarten van Firefox): threat detected! File name: C:\\Windows\System32\gaopdxpexplvptyipmephihoxctyreecykjppq.dll threat name: Virus identified Win32/Cryptor Detected on open. Als ik het bestand wil verwijderen krijg ik eerst pop-ups of ik dat wel zeker weet, want het kan een crash veroorzaken, maar ook al klik ik op ja, wordt het bestand niet verwijderd. Wat wel gebeurt is dat mn pc vastloopt, maar is dan ook alles. Ik hoop dat iemand me kan helpen, want ik heb geen flauw idee wat ik hiermee aan moet. Zoals ik zei, weet ik ook niet wat ik hier moet posten, dus dat hoor ik graag. Alvast enorm bedankt, Marloes
  • Als je even googled naar win32/cryptor zie je allerlei oplossingen. :o
  • Download [b:9c722940f5][url=http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis]HiJackThis[/url][/b:9c722940f5] Dubbelklik op HJTInstall.exe Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst. Klik op "Do a systemscan and save a logfile". en hang dit logje aan je volgende bericht. NB. Ben je een gebruiker van Windows Vista dan moet je eerst rechtsklikken op HijackThis.exe en dan kiezen voor "Run as Administrator".
  • Allereerst super bedankt voor je antwoord! Hier is het logje: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:44:51, on 20-3-2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\DellTPad\Apoint.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\WLTRAY.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door Dell R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://ips.poi.de/ips-opdata/layout/fnac/objects/jordan.cab O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.nl/s/v/39.22/uploader2.cab O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5F4D44CE-3BB9-4CAB-A741-F88AF595B976}: NameServer = 85.255.112.8,85.255.112.156 O17 - HKLM\System\CCS\Services\Tcpip\..\{9DF016CB-3B72-40D2-9F2D-EEF897070E2F}: NameServer = 85.255.112.8,85.255.112.156 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.8,85.255.112.156 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.8,85.255.112.156 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 11115 bytes
  • Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator" of "Uitvoeren als administrator". Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd: [b:d8397ac5a4]R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O17 - HKLM\System\CCS\Services\Tcpip\..\{5F4D44CE-3BB9-4CAB-A741-F88AF595B976}: NameServer = 85.255.112.8,85.255.112.156 O17 - HKLM\System\CCS\Services\Tcpip\..\{9DF016CB-3B72-40D2-9F2D-EEF897070E2F}: NameServer = 85.255.112.8,85.255.112.156 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.8,85.255.112.156 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.8,85.255.112.156 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL[/b:d8397ac5a4] Klik op 'Fix checked' om de items te verwijderen. Open kladblok en plak volgende vetgedrukte tekst in een leeg venster: [b:d8397ac5a4]REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"="avgrsstx.dll" [/b:d8397ac5a4] Sla dit op, op je Bureaublad als regfix.reg, met als type "alle bestanden" Dubbelklik op regfix.reg en sta het toevoegen aan het register toe. Download [b:d8397ac5a4][url=http://www.besttechie.net/tools/mbam-setup.exe]MBAM (Malwarebytes' Anti-Malware).[/url][/b:d8397ac5a4] Dubbelklik op mbam-setup.exe om het programma te installeren. Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien". Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden. Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan. Het scannen kan een tijdje duren, dus wees geduldig. Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien. Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde. Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder) De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM. Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart. Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.
  • Hmm.. ik heb alles gedaan tot aan 'Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien". ' Dan probeer ik MBAM te starten, maar er gebeurt niks. Windows vraagt of ik wil doorgaan met het starten van de applicatie (of iets in die trant) en ik klik keurig op 'ja', maar er gebeurt niks.. Suggesties over wat ik verkeerd heb gedaan of wat er anders kan/moet?
  • Geef het bestand MBAM.exe van Malwarebytes eens een andere naam bvb. scan.exe en probeer dan eens of het nu wel opstart ?
  • Hmm.. nee, werkt ook niet. Ik heb het .exe bestand de naam scan.exe gegeven, dat lukt, maar het zorgt er niet voor dat het programma nu wel opgestart wordt.. Ik krijg de melding: "Malwarebytes' Anti-Malware werkt niet meer Er is een probleem opgetreden waardoor het programma niet goed meer werkt. Het programma wordt gesloten en u krijgt een melding als een oplossing beschikbaar is." En dan moet ik klikken op 'programma afsluiten' Andere toepassingen van MBAM, zoals de guide, werken trouwens ook niet. Tekstbestanden daarentegen doen het wel gewoon. Zijn er andere dingen die ik nog kan proberen?
  • Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:51fcd421dc][color=blue:51fcd421dc]Combofix[/color:51fcd421dc][/b:51fcd421dc][/url] naar je Bureaublad. OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:51fcd421dc]download Combofix opnieuw[/b:51fcd421dc]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![list:51fcd421dc] Dubbelklik op [b:51fcd421dc]Combofix.exe[/b:51fcd421dc] om het te starten. Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate. Volg de instructies, aanvaard de disclaimer door op [b:51fcd421dc]Ja[/b:51fcd421dc] te klikken. Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op [b:51fcd421dc]JA[/b:51fcd421dc] te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA). Klik op [b:51fcd421dc]OK[/b:51fcd421dc] en [b:51fcd421dc]Ja[/b:51fcd421dc] om automatisch de Recovery Console te laten installeren. Klik na afloop terug op [b:51fcd421dc]Ja[/b:51fcd421dc] om het scannen op malware te starten. Tijdens het runnen van de fix, [b:51fcd421dc]NIET[/b:51fcd421dc] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:51fcd421dc] Wanneer de fix voltooid is en na herstart, zal de log [b:51fcd421dc]Combofix.txt[/b:51fcd421dc] openen. Post dit logje in je volgende antwoord.
  • ComboFix 09-03-19.02 - Marloes 2009-03-22 11:19:20.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.1013.314 [GMT 1:00] Gestart vanuit: c:\users\Marloes\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf c:\program files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll c:\program files\ShoppingReport c:\programdata\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 c:\programdata\ZangoSA c:\programdata\ZangoSA\ZangoSA.dat c:\programdata\ZangoSA\ZangoSA_kyf.dat c:\programdata\ZangoSA\ZangoSAAbout.mht c:\programdata\ZangoSA\ZangoSAau.dat c:\programdata\ZangoSA\ZangoSAEula.mht c:\recycler\S-7-7-80-100004771-100009543-100006648-2484.com c:\users\Marloes\AppData\Roaming\WeatherDPA c:\users\Marloes\AppData\Roaming\WeatherDPA\Weather\WeatherStartup.xml c:\users\Marloes\AppData\Roaming\Zango c:\users\Marloes\FAVORI~1\Online Security Test.url c:\users\Marloes\Favorites\Online Security Test.url c:\windows\system32\drivers\gaopdxbxrrqmoqvrwdtndtyqhijmtpqrwbftxf.sys c:\windows\system32\gaopdxpexplvptyipmephihoxctyreecykjppq.dll c:\windows\system32\lsprst7.dll c:\windows\system32\prsgrc.dll D:\Autorun.inf d:\recycler\S-7-7-80-100004771-100009543-100006648-2484.com . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_gaopdxserv.sys (((((((((((((((((((( Bestanden Gemaakt van 2009-02-22 to 2009-03-22 )))))))))))))))))))))))))))))) . 2009-03-21 00:52 . 2009-03-21 00:52 <DIR> d-------- c:\users\All Users\Malwarebytes 2009-03-21 00:52 . 2009-03-21 00:52 <DIR> d-------- c:\programdata\Malwarebytes 2009-03-21 00:52 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2009-03-21 00:52 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2009-03-21 00:51 . 2009-03-22 00:53 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-20 12:43 . 2009-03-20 12:43 <DIR> d-------- c:\users\Gast 2009-03-20 12:43 . 2009-03-20 12:43 <DIR> d-------- c:\program files\Trend Micro 2009-03-17 16:54 . 2009-03-17 16:54 <DIR> d-------- c:\windows\Downloaded Installations 2009-03-16 20:56 . 2009-03-18 14:00 <DIR> d-------- c:\users\Marloes\AppData\Roaming\uTorrent 2009-03-16 20:56 . 2009-03-16 20:56 <DIR> d-------- c:\program files\uTorrent 2009-03-16 20:37 . 2009-03-16 20:37 <DIR> d-------- c:\program files\SPSSInc 2009-03-11 00:03 . 2009-02-09 04:10 2,033,152 --a------ c:\windows\System32\win32k.sys 2009-03-11 00:02 . 2008-12-16 04:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL 2009-03-11 00:02 . 2008-11-27 05:43 268,288 --a------ c:\windows\System32\schannel.dll 2009-03-11 00:02 . 2008-12-16 06:31 7,680 --a------ c:\windows\System32\spwmp.dll 2009-03-11 00:02 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\msdxm.ocx 2009-03-11 00:02 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\dxmasf.dll 2009-03-09 14:44 . 2009-03-21 00:45 <DIR> d-------- c:\users\Marloes\Tracing 2009-03-09 14:25 . 2009-03-09 14:25 <DIR> d-------- c:\program files\Windows Live SkyDrive 2009-03-09 14:25 . 2009-03-09 14:25 <DIR> d-------- c:\program files\Microsoft 2009-03-09 14:20 . 2009-03-09 14:20 <DIR> d-------- c:\program files\Common Files\Windows Live . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-19 23:07 --------- d-----w c:\users\Marloes\AppData\Roaming\Skype 2009-03-19 23:01 --------- d-----w c:\users\Marloes\AppData\Roaming\skypePM 2009-03-17 16:42 --------- d-----w c:\program files\Common Files\SPSS 2009-03-14 15:48 --------- d-----w c:\program files\Windows Mail 2009-03-14 01:05 --------- d-----w c:\programdata\Microsoft Help 2009-03-09 13:24 --------- d-----w c:\program files\Windows Live 2009-02-26 11:01 --------- d-----w c:\program files\Microsoft Silverlight 2009-02-20 11:50 --------- d-----w c:\program files\Safari 2009-02-13 12:56 --------- d-----w c:\program files\Java 2009-02-04 18:47 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-04 18:47 --------- d-----w c:\program files\Avanquest update 2009-02-04 12:43 --------- d-----w c:\programdata\avg8 2009-02-04 12:42 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-01-24 16:08 56 ---ha-w c:\users\All Users\ezsidmv.dat 2009-01-24 16:08 56 ---ha-w c:\programdata\ezsidmv.dat 2009-01-24 15:19 --------- d-----w c:\programdata\Skype 2009-01-24 15:19 --------- d-----w c:\program files\Skype 2009-01-24 15:19 --------- d-----w c:\program files\Common Files\Skype 2009-01-24 10:37 --------- d-----w c:\users\Marloes\AppData\Roaming\Van Dale 2009-01-24 10:35 --------- d-----w c:\program files\Van Dale 2009-01-22 15:07 9 ----a-w c:\users\Marloes\AppData\Roaming\mdb.bin 2008-10-28 14:26 174 --sha-w c:\program files\desktop.ini 2008-03-26 16:53 310 ----a-w c:\users\Marloes\AppData\Roaming\wklnhst.dat 2008-03-10 14:16 59,163,944 ----a-w c:\users\Marloes\iTunesSetup.exe 2008-12-15 19:38 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll 2008-07-14 20:42 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-07-14 20:42 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-07-14 20:42 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-08 393216] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-15 137752] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-15 154136] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-15 133656] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-13 148888] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-12 3444736] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-15 29744] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-04 1601304] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] c:\users\Marloes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-09-07 1180952] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{1124E437-7522-43D4-B470-A525A51BE4AD}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect "{E654DDF3-5A8C-4BD1-BD84-F59B42278E57}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program "{04C70ABC-FDB5-4E21-9BE6-FAF9F9C70CF5}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine "{6E2E838A-880C-4DF0-A4E2-0EB028A279A6}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server "{48387A30-4BD5-4DD0-8559-4A4373FB5CC3}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{09821BB7-EE90-4714-9C28-10E6B2AC27C8}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{7F986E89-225D-4EA6-AA6E-12ECA0993252}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{49E1204C-A833-430E-AE9E-08F7F849C737}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{396D8A8C-58DB-4837-9D5C-2D567AE218DF}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{BFF52246-91CC-4400-AF0F-73629C35E27D}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{CD282B5F-51C8-46B3-8E5E-9509D7E7C92F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{6279B854-FB66-4173-A1AD-E24BDF6223AD}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{EDF243F3-8F32-4C64-ACC4-0BA83D67F742}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "{B35FAB0C-FFAA-4C35-91E3-DFAA98E74399}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{CE2E0055-CA27-4786-9742-967CF7070746}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{EA37FB20-4258-455B-A2EB-E6FEAA9BBCAD}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{D643713D-43EE-4EA9-9A9F-9EDCA020888D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{A003EB5A-E6EE-427D-9D61-BD8E84ABC7A4}"= c:\program files\Skype\Phone\Skype.exe:Skype "{EB63B3B9-428F-4ED8-8958-7CBFD8054D68}"= Disabled:UDP:c:\program files\SPSSInc\Statistics17\statistics.com:Statistics17:com "{6C27AF12-E3B6-4724-BCA2-354FF9A56B00}"= Disabled:UDP:c:\program files\SPSSInc\Statistics17\statistics.exe:Statistics17:exe "{2CD95910-277B-4CB4-AD4C-4E463BCF5853}"= Disabled:UDP:c:\program files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe:SPSS Basic Script Editor "{602B1990-0285-41DD-A5D4-2719C1D1FEF2}"= Disabled:TCP:c:\program files\SPSSInc\Statistics17\statistics.com:Statistics17:com "{A285A661-B130-4F0C-879F-AE95C2C52969}"= Disabled:TCP:c:\program files\SPSSInc\Statistics17\statistics.exe:Statistics17:exe "{89B10C46-A658-4A7D-A0A5-4AD49BCB7B29}"= Disabled:TCP:c:\program files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe:SPSS Basic Script Editor "{26577260-7B7E-492D-A2E6-2D35CD57AA52}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{B7631719-45BC-428C-A772-E23DDBB33249}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "TCP Query User{3C0424A5-D0B4-4C74-8F8F-D9FA95EB5378}c:\\users\\marloes\\desktop\\utorrent.exe"= UDP:c:\users\marloes\desktop\utorrent.exe:utorrent.exe "UDP Query User{3C2C9308-731A-4DC6-A12A-351155B46699}c:\\users\\marloes\\desktop\\utorrent.exe"= TCP:c:\users\marloes\desktop\utorrent.exe:utorrent.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-06-28 325128] R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [2008-03-03 73728] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-06-28 298264] R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [2008-03-04 111104] S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-03-03 29744] S3 vmcam325av;Vimicro USB2.0 PC Camera(VC0323);c:\windows\System32\drivers\vmcam323av.sys [2009-01-19 232960] S3 vvftav323;vvftav323;c:\windows\System32\drivers\vvftav323.sys [2009-01-19 475136] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ce73b87-728a-11dd-9bf9-001d0941f9a4}] \shell\AutoRun\command - G:\InstallTomTomHOME.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74c01422-eeb5-11dc-a414-001d0941f9a4}] \shell\AutoRun\command - G:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad2a120e-4529-11dd-a14f-001d0941f9a4}] \shell\AutoRun\command - G:\setupSNK.exe . . ------- Bijkomende Scan ------- . uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://ips.poi.de/ips-opdata/layout/fnac/objects/jordan.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game03.zylom.com/activex/zylomgamesplayer.cab FF - ProfilePath - c:\users\Marloes\AppData\Roaming\Mozilla\Firefox\Profiles\vo3ctwe2.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157 FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-22 11:26:32 Windows 6.0.6001 Service Pack 1 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: ************************************************************************** . Voltooingstijd: 2009-03-22 11:30:23 ComboFix-quarantined-files.txt 2009-03-22 10:30:19 Pre-Run: 54,276,186,112 bytes beschikbaar Post-Run: 55,092,240,384 bytes beschikbaar 224 --- E O F --- 2009-03-17 09:02:34
  • Open een kladblokbestand. Kopieer en plak daarin de onderstaande vetgedrukte tekst. [b:0c33207532]Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74c01422-eeb5-11dc-a414-001d0941f9a4}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad2a120e-4529-11dd-a14f-001d0941f9a4}][/b:0c33207532] Sla dit bestand op je bureaublad op als CFScript.txt. Sleep CFScript.txt in ComboFix.exe Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt. Post na herstart de inhoud van de Combofix.txt in je volgende bericht. En laat dan AVG weer eens scannen om te zien of die nog iets te vertellen heeft ?
  • ComboFix 09-03-19.02 - Marloes 2009-03-22 12:49:20.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.1013.286 [GMT 1:00] Gestart vanuit: c:\users\Marloes\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Marloes\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\gaopdxbxrrqmoqvrwdtndtyqhijmtpqrwbftxf.sys c:\windows\system32\drivers\gaopdxnvjrlxdmssenpvrenqoxstnhivuwxqth.sys c:\windows\system32\gaopdxcounter c:\windows\system32\gaopdxibhvngcncowrqxcmyqmqponwgwpqybki.dll c:\windows\system32\gaopdxpexplvptyipmephihoxctyreecykjppq.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_gaopdxserv.sys (((((((((((((((((((( Bestanden Gemaakt van 2009-02-22 to 2009-03-22 )))))))))))))))))))))))))))))) . 2009-03-21 00:52 . 2009-03-21 00:52 <DIR> d-------- c:\users\All Users\Malwarebytes 2009-03-21 00:52 . 2009-03-21 00:52 <DIR> d-------- c:\programdata\Malwarebytes 2009-03-21 00:52 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2009-03-21 00:52 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2009-03-21 00:51 . 2009-03-22 00:53 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-20 12:43 . 2009-03-20 12:43 <DIR> d-------- c:\users\Gast 2009-03-20 12:43 . 2009-03-20 12:43 <DIR> d-------- c:\program files\Trend Micro 2009-03-17 16:54 . 2009-03-17 16:54 <DIR> d-------- c:\windows\Downloaded Installations 2009-03-16 20:56 . 2009-03-18 14:00 <DIR> d-------- c:\users\Marloes\AppData\Roaming\uTorrent 2009-03-16 20:56 . 2009-03-16 20:56 <DIR> d-------- c:\program files\uTorrent 2009-03-16 20:37 . 2009-03-16 20:37 <DIR> d-------- c:\program files\SPSSInc 2009-03-11 00:03 . 2009-02-09 04:10 2,033,152 --a------ c:\windows\System32\win32k.sys 2009-03-11 00:02 . 2008-12-16 04:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL 2009-03-11 00:02 . 2008-11-27 05:43 268,288 --a------ c:\windows\System32\schannel.dll 2009-03-11 00:02 . 2008-12-16 06:31 7,680 --a------ c:\windows\System32\spwmp.dll 2009-03-11 00:02 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\msdxm.ocx 2009-03-11 00:02 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\dxmasf.dll 2009-03-09 14:44 . 2009-03-22 11:38 <DIR> d-------- c:\users\Marloes\Tracing 2009-03-09 14:25 . 2009-03-09 14:25 <DIR> d-------- c:\program files\Windows Live SkyDrive 2009-03-09 14:25 . 2009-03-09 14:25 <DIR> d-------- c:\program files\Microsoft 2009-03-09 14:20 . 2009-03-09 14:20 <DIR> d-------- c:\program files\Common Files\Windows Live . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-19 23:07 --------- d-----w c:\users\Marloes\AppData\Roaming\Skype 2009-03-19 23:01 --------- d-----w c:\users\Marloes\AppData\Roaming\skypePM 2009-03-17 16:42 --------- d-----w c:\program files\Common Files\SPSS 2009-03-14 15:48 --------- d-----w c:\program files\Windows Mail 2009-03-14 01:05 --------- d-----w c:\programdata\Microsoft Help 2009-03-09 13:24 --------- d-----w c:\program files\Windows Live 2009-02-26 11:01 --------- d-----w c:\program files\Microsoft Silverlight 2009-02-20 11:50 --------- d-----w c:\program files\Safari 2009-02-13 12:56 410,984 ----a-w c:\windows\System32\deploytk.dll 2009-02-13 12:56 --------- d-----w c:\program files\Java 2009-02-06 17:52 49,504 ----a-w c:\windows\System32\sirenacm.dll 2009-02-04 18:47 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-04 18:47 --------- d-----w c:\program files\Avanquest update 2009-02-04 12:43 --------- d-----w c:\programdata\avg8 2009-02-04 12:42 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-02-04 12:42 10,520 ----a-w c:\windows\System32\avgrsstx.dll 2009-01-24 16:08 56 ---ha-w c:\users\All Users\ezsidmv.dat 2009-01-24 16:08 56 ---ha-w c:\programdata\ezsidmv.dat 2009-01-24 15:19 --------- d-----w c:\programdata\Skype 2009-01-24 15:19 --------- d-----w c:\program files\Skype 2009-01-24 15:19 --------- d-----w c:\program files\Common Files\Skype 2009-01-24 10:37 --------- d-----w c:\users\Marloes\AppData\Roaming\Van Dale 2009-01-24 10:35 --------- d-----w c:\program files\Van Dale 2009-01-22 15:07 9 ----a-w c:\users\Marloes\AppData\Roaming\mdb.bin 2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll 2009-01-05 22:33 3,751,995 ----a-w c:\windows\System32\GPhotos.scr 2008-10-28 14:26 174 --sha-w c:\program files\desktop.ini 2008-03-26 16:53 310 ----a-w c:\users\Marloes\AppData\Roaming\wklnhst.dat 2008-03-10 14:16 59,163,944 ----a-w c:\users\Marloes\iTunesSetup.exe 2008-12-15 19:38 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll 2008-07-14 20:42 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-07-14 20:42 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-07-14 20:42 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((( SnapShot@2009-03-22_11.28.09.38 ))))))))))))))))))))))))))))))))))))))))) . - 2009-03-22 10:16:34 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-03-22 11:46:01 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-03-22 10:16:34 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2009-03-22 11:46:01 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2009-03-22 10:26:15 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat + 2009-03-22 11:47:46 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat + 2009-03-22 11:47:46 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2009-03-22 10:26:09 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat + 2009-03-22 11:47:46 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat + 2009-03-22 11:47:46 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2009-03-22 10:16:52 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-03-22 11:46:11 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-03-22 10:16:52 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-03-22 11:46:11 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-03-22 10:16:52 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-03-22 11:46:11 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-03-22 10:20:05 9,920 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-97250841-1750991534-2131463468-1000_UserData.bin + 2009-03-22 11:48:57 10,110 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-97250841-1750991534-2131463468-1000_UserData.bin - 2009-03-22 10:20:03 75,000 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2009-03-22 11:48:57 75,032 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-08 393216] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-15 137752] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-15 154136] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-15 133656] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-13 148888] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-12 3444736] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-15 29744] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-04 1601304] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "*WerKernelReporting"="c:\windows\SYSTEM32\WerFault.exe" [2008-01-19 217088] c:\users\Marloes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-09-07 1180952] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{1124E437-7522-43D4-B470-A525A51BE4AD}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect "{E654DDF3-5A8C-4BD1-BD84-F59B42278E57}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program "{04C70ABC-FDB5-4E21-9BE6-FAF9F9C70CF5}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine "{6E2E838A-880C-4DF0-A4E2-0EB028A279A6}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server "{48387A30-4BD5-4DD0-8559-4A4373FB5CC3}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{09821BB7-EE90-4714-9C28-10E6B2AC27C8}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{7F986E89-225D-4EA6-AA6E-12ECA0993252}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{49E1204C-A833-430E-AE9E-08F7F849C737}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{396D8A8C-58DB-4837-9D5C-2D567AE218DF}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{BFF52246-91CC-4400-AF0F-73629C35E27D}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{CD282B5F-51C8-46B3-8E5E-9509D7E7C92F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{6279B854-FB66-4173-A1AD-E24BDF6223AD}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{EDF243F3-8F32-4C64-ACC4-0BA83D67F742}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "{B35FAB0C-FFAA-4C35-91E3-DFAA98E74399}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{CE2E0055-CA27-4786-9742-967CF7070746}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{EA37FB20-4258-455B-A2EB-E6FEAA9BBCAD}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{D643713D-43EE-4EA9-9A9F-9EDCA020888D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{A003EB5A-E6EE-427D-9D61-BD8E84ABC7A4}"= c:\program files\Skype\Phone\Skype.exe:Skype "{EB63B3B9-428F-4ED8-8958-7CBFD8054D68}"= Disabled:UDP:c:\program files\SPSSInc\Statistics17\statistics.com:Statistics17:com "{6C27AF12-E3B6-4724-BCA2-354FF9A56B00}"= Disabled:UDP:c:\program files\SPSSInc\Statistics17\statistics.exe:Statistics17:exe "{2CD95910-277B-4CB4-AD4C-4E463BCF5853}"= Disabled:UDP:c:\program files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe:SPSS Basic Script Editor "{602B1990-0285-41DD-A5D4-2719C1D1FEF2}"= Disabled:TCP:c:\program files\SPSSInc\Statistics17\statistics.com:Statistics17:com "{A285A661-B130-4F0C-879F-AE95C2C52969}"= Disabled:TCP:c:\program files\SPSSInc\Statistics17\statistics.exe:Statistics17:exe "{89B10C46-A658-4A7D-A0A5-4AD49BCB7B29}"= Disabled:TCP:c:\program files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe:SPSS Basic Script Editor "{26577260-7B7E-492D-A2E6-2D35CD57AA52}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{B7631719-45BC-428C-A772-E23DDBB33249}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "TCP Query User{3C0424A5-D0B4-4C74-8F8F-D9FA95EB5378}c:\\users\\marloes\\desktop\\utorrent.exe"= UDP:c:\users\marloes\desktop\utorrent.exe:utorrent.exe "UDP Query User{3C2C9308-731A-4DC6-A12A-351155B46699}c:\\users\\marloes\\desktop\\utorrent.exe"= TCP:c:\users\marloes\desktop\utorrent.exe:utorrent.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-06-28 325128] R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [2008-03-03 73728] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-06-28 298264] R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [2008-03-04 111104] S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-03-03 29744] S3 vmcam325av;Vimicro USB2.0 PC Camera(VC0323);c:\windows\System32\drivers\vmcam323av.sys [2009-01-19 232960] S3 vvftav323;vvftav323;c:\windows\System32\drivers\vvftav323.sys [2009-01-19 475136] --- Andere Services/Drivers In Geheugen --- *Deregistered* - sptd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ce73b87-728a-11dd-9bf9-001d0941f9a4}] \shell\AutoRun\command - G:\InstallTomTomHOME.exe . . ------- Bijkomende Scan ------- . uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://ips.poi.de/ips-opdata/layout/fnac/objects/jordan.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game03.zylom.com/activex/zylomgamesplayer.cab FF - ProfilePath - c:\users\Marloes\AppData\Roaming\Mozilla\Firefox\Profiles\vo3ctwe2.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157 FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-22 12:54:29 Windows 6.0.6001 Service Pack 1 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2009-03-22 13:00:04 ComboFix-quarantined-files.txt 2009-03-22 12:00:00 ComboFix2.txt 2009-03-22 10:30:26 Pre-Run: 57,741,574,144 bytes beschikbaar Post-Run: 57,414,803,456 bytes beschikbaar 237 --- E O F --- 2009-03-17 09:02:34 Ik ben net een scan met AVG begonnen, maar dat gaat nog wel even duren :) Ik krijg iig geen meldingen meer als in Firefox opstart, dus dat is een goed teken! Echt enorm bedankt! Had dit nooit alleen gekund, en aangezien ik voor mn studie een halfjaar in het buitenland zit, is het ook niet zo makkelijk om hulp in te roepen. Maar gelukkig is er internet en een forum als dit! Dankjewel!
  • Problemen van de baan, dan is het tijd voor de “grote schoonmaak” : verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten. Verwijder Combofix: Start -> Uitvoeren en typ: [b:cb70dfe87c]combofix /u[/b:cb70dfe87c] Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt. Download [b:cb70dfe87c][url=http://www.majorgeeks.com/download4191.html]CCleaner.[/url][/b:cb70dfe87c] Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Opschonen'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af. Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen. That's it !

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.