Mededeling

Collapse
No announcement yet.

worm.win32.netsky

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • worm.win32.netsky

    Geachte heer, mevrouw

    Ik heb op mijn pc de melding van een worm.win32.netsky Mijn pc probeert nu zelf internetverbinding te maken. Alleen kan ik met adaware en antivir het virus niet verwijderen. Gelieve mij aan te geven hoe ik het probleem kan oplossen. Bij voorbaat dank.

    Onderstaand heb ik een hijackthislog van mijn pc toegevoegd

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:22:23, on 19-3-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Rabo\Support\RaboSessionMon.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\BrmfBAgS.exe
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\WINDOWS\system32\RaboCommSrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\BRMFRSMG.EXE
    C:\Program Files\AntiVir PersonalEdition Classic\avnotify.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avcenter.exe
    C:\Documents and Settings\Gorter3\Bureaublad\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: etlrlws - {57B01415-27FF-450B-9E3A-5922B4A3A011} - C:\WINDOWS\etlrlws.dll
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05c\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [PnPUI Registrator] C:\Program Files\Common Files\Sitecom Shared\PnP Universal Installer\PnPUIReg.exe -s
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O4 - Startup: Service Manager.lnk = ?
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Rabo Session Monitor.lnk = C:\Program Files\Rabo\Support\RaboSessionMon.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O21 - SSODL: altvxvm - {B36E7CA8-5AE0-43B3-8B23-1C318EB0B482} - C:\WINDOWS\altvxvm.dll
    O21 - SSODL: bokpkov - {8D90490A-9DE8-4FCB-9371-639CE0C69231} - C:\WINDOWS\bokpkov.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
    O23 - Service: Rabo Comm Server (Srv_RaboComm) - Rabobank Nederland - C:\WINDOWS\system32\RaboCommSrv.exe

    --
    End of file - 7440 bytes

  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Start de computer in veilige modus.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.
    Download Deckard's System Scanner naar je Bureaublad.
    • Sluit alle toepassingen en vensters.
    • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
    • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
    • Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

    Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
    - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
    Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
    Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

    Comment


    • #3
      Hallo,

      Ik heb inmiddels alle stappen uitgevoerd Hieronder post ik de logfiles van RVAXO:

      ---RVAXO.exe Updated: 2008-03-19---first run---
      Uninstallers:

      Files found:
      C:\WINDOWS\bokpkov.dll
      C:\WINDOWS\altvxvm.dll
      C:\WINDOWS\fmsxwqs.exe

      Folders Found:

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------
      Not deleted items:

      --------------RVAXO.exe finished----------------

      En hieronder de main.txt:

      Deckard's System Scanner v20071014.68
      Run by Gorter3 on 2008-03-20 10:29:58
      Computer is in Normal Mode.
      --------------------------------------------------------------------------------

      -- System Restore --------------------------------------------------------------

      Successfully created a Deckard's System Scanner Restore Point.


      -- Last 5 Restore Point(s) --
      59: 2008-03-20 09:30:05 UTC - RP337 - Deckard's System Scanner Restore Point
      58: 2008-03-19 11:33:06 UTC - RP336 - Controlepunt van systeem
      57: 2008-03-18 08:25:07 UTC - RP335 - Controlepunt van systeem
      56: 2008-03-17 07:57:19 UTC - RP334 - Controlepunt van systeem
      55: 2008-03-14 11:32:39 UTC - RP333 - Controlepunt van systeem


      -- First Restore Point --
      1: 2007-12-21 10:45:28 UTC - RP279 - Controlepunt van systeem


      Backed up registry hives.
      Performed disk cleanup.



      -- HijackThis (run as Gorter3.exe) ---------------------------------------------

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 10:31:38, on 20-3-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16414)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
      C:\WINDOWS\system32\BrmfBAgS.exe
      C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
      C:\WINDOWS\system32\RaboCommSrv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\BRMFRSMG.EXE
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
      C:\Program Files\Brother\ControlCenter2\brctrcen.exe
      C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
      C:\Program Files\Rabo\Support\RaboSessionMon.exe
      C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SqlMangr.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Documents and Settings\Gorter3\Bureaublad\dss.exe
      C:\DOCUME~1\Gorter3\BUREAU~1\Gorter3.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
      O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
      O3 - Toolbar: etlrlws - {57B01415-27FF-450B-9E3A-5922B4A3A011} - C:\WINDOWS\etlrlws.dll (file missing)
      O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
      O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
      O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
      O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05c\BrStDvPt.exe
      O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [PnPUI Registrator] C:\Program Files\Common Files\Sitecom Shared\PnP Universal Installer\PnPUIReg.exe -s
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
      O4 - Startup: Service Manager.lnk = ?
      O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
      O4 - Global Startup: Rabo Session Monitor.lnk = C:\Program Files\Rabo\Support\RaboSessionMon.exe
      O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
      O23 - Service: Rabo Comm Server (Srv_RaboComm) - Rabobank Nederland - C:\WINDOWS\system32\RaboCommSrv.exe

      --
      End of file - 7503 bytes

      -- File Associations -----------------------------------------------------------

      All associations okay.


      -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

      R0 nlem32nt - c:\windows\system32\drivers\nlem32nt.sys
      R1 SSHDRV63 - c:\windows\system32\drivers\sshdrv63.sys
      R3 GISscd - c:\windows\system32\drivers\gisscd.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>


      -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

      R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - c:\program files\antivir personaledition classic\sched.exe <Not Verified; Avira GmbH; Scheduler>
      R2 Srv_RaboComm (Rabo Comm Server) - "c:\windows\system32\rabocommsrv.exe" <Not Verified; Rabobank Nederland; RaboCommSrv>


      -- Device Manager: Disabled ----------------------------------------------------

      No disabled devices found.


      -- Files created between 2008-02-20 and 2008-03-20 -----------------------------

      2008-03-20 10:28:10 0 d-------- C:\RVAXO
      2008-03-20 10:24:14 747838 --a------ C:\WINDOWS\system32\RVAXO.bat
      2008-03-20 10:24:14 69632 --a------ C:\WINDOWS\system32\remove.exe
      2008-03-20 10:14:27 0 d--h----- C:\Documents and Settings\Administrator\Sjablonen
      2008-03-20 10:14:27 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
      2008-03-20 10:14:27 0 d--h----- C:\Documents and Settings\Administrator\Onlangs geopend
      2008-03-20 10:14:27 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
      2008-03-20 10:14:27 0 d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
      2008-03-20 10:14:27 0 d--h----- C:\Documents and Settings\Administrator\NetHood
      2008-03-20 10:14:27 0 d-------- C:\Documents and Settings\Administrator\Mijn documenten
      2008-03-20 10:14:27 0 dr------- C:\Documents and Settings\Administrator\Menu Start
      2008-03-20 10:14:27 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
      2008-03-20 10:14:27 0 d-------- C:\Documents and Settings\Administrator\Favorieten
      2008-03-20 10:14:27 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
      2008-03-20 10:14:27 0 d-------- C:\Documents and Settings\Administrator\Bureaublad
      2008-03-20 10:14:27 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
      2008-03-20 10:14:27 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
      2008-03-19 10:51:28 0 dr-h----- C:\Documents and Settings\Gorter3\Onlangs geopend
      2008-03-04 15:48:45 108544 --a------ C:\WINDOWS\system32\drivers\SSHDRV63.sys
      2008-03-04 15:48:39 0 d-------- C:\Program Files\Osirius
      2008-03-04 11:47:52 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP


      -- Find3M Report ---------------------------------------------------------------

      2008-03-20 10:06:52 0 d-------- C:\Documents and Settings\Gorter3\Application Data\U3
      2008-03-19 16:03:55 0 d-------- C:\Program Files\DYMO Label
      2008-03-19 10:51:48 0 d-------- C:\Program Files\SpywareBlaster
      2008-03-18 08:25:17 0 d-------- C:\Program Files\Rabotwin
      2008-02-20 15:50:15 690 --a------ C:\Documents and Settings\Gorter3\Application Data\RemoveInconsistentLocks_log.txt
      2008-02-20 15:50:15 0 d-------- C:\Documents and Settings\Gorter3\Application Data\Davilex


      -- Registry Dump ---------------------------------------------------------------

      *Note* empty entries & legit default entries are not shown


      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [14-10-2003 10:22]
      "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [18-03-2005 12:40]
      "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [18-03-2005 12:53]
      "SetDefPrt"="C:\Program Files\Brother\Brmfl05c\BrStDvPt.exe" [26-01-2005 18:02]
      "ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [11-11-2005 18:30]
      "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [11-10-2007 07:58]
      "SkyTel"="SkyTel.EXE" [16-05-2006 11:04 C:\WINDOWS\SkyTel.exe]
      "RTHDCPL"="RTHDCPL.EXE" [28-06-2006 07:54 C:\WINDOWS\RTHDCPL.EXE]
      "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12-01-2006 15:40]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25-09-2007 00:11]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 00:03]
      "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28-01-2008 11:43]
      "PnPUI Registrator"="C:\Program Files\Common Files\Sitecom Shared\PnP Universal Installer\PnPUIReg.exe" [22-11-2004 22:04]

      [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
      "nltide3"=cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

      C:\Documents and Settings\Gorter3\Menu Start\Programma's\Opstarten\
      Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SqlMangr.exe [17-12-2002 17:23:32]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [15-5-2003 1:19:50]
      Rabo Session Monitor.lnk - C:\Program Files\Rabo\Support\RaboSessionMon.exe [5-1-2005 22:42:42]
      Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [17-12-2002 17:23:32]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
      "DisableTaskMgr"=0 (0x0)

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
      @="Service"


      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cebefce-c35c-11dc-976f-00138fe1d50f}]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a3f1490-8f31-11db-95b3-00138fe1d50f}]
      - H:\LaunchU3.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9518171e-a162-11db-95cd-00138fe1d50f}]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9de091d8-3f35-11dc-96b8-00138fe1d50f}]




      -- End of Deckard's System Scanner: finished at 2008-03-20 10:32:03 ------------

      Gelieve mij te informeren omtrent eventuele volgende stappen.

      Comment


      • #4
        Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
        O3 - Toolbar: etlrlws - {57B01415-27FF-450B-9E3A-5922B4A3A011} - C:\WINDOWS\etlrlws.dll (file missing)
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

        Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

        Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
        Dit zal alles van RVAXO doen verwijderen.

        Je Java software is verouderd.
        Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
        Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
        • Download Java Runtime Environment (JRE) 6u5 en bewaar het naar je Bureaublad.
        • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
        • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
        • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
        • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
        • Herhaal dit tot alle oudere versies verdwenen zijn.
        • Na het verwijderen van alle oudere versies, herstart je pc.
        • Dubbelklik vervolgens op jre-6u5-windows-i586-p-s.exe op je Bureaublad om de nieuwste versie van Java te installeren.


        Download ATF cleaner (mirror)(gemaakt door Atribune)

        Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

        Dubbelklik op ATF cleaner om het programma te starten.
        Op het tabblad "Main", plaats je een vinkje bij Select All.
        Klik op de knop Empty Selected.

        Het volgende doen als je ook FireFox als browser hebt:
        Klik op tabblad "Firefox", plaats een vinkje bij Select All.
        Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
        (dit haalt het vinkje weer weg bij "Firefox saved passwords")
        Klik op de knop Empty Selected.

        Het volgende doen als je ook Opera als browser hebt:
        Klik op tabblad "Opera", plaats een vinkje bij Select All.
        Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
        Klik op de knop Empty Selected.
        Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

        Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
        Kijk hier hoe je je systeemherstel moet uitschakelen.
        Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

        Post als laatste nog een nieuw logje van Hijackthis ter controle

        Comment


        • #5
          Ook deze stappen heb ik weer uitgevoerd.

          Hieronder nog een hijackthislog

          Gelieve te controleren of de problemen nu zijn verdwenen

          Bij voorbaat dank

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 13:32:59, on 20-3-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16414)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
          C:\Program Files\Brother\ControlCenter2\brctrcen.exe
          C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
          C:\WINDOWS\RTHDCPL.EXE
          C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
          C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
          C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
          C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
          C:\WINDOWS\system32\BrmfBAgS.exe
          C:\Program Files\Rabo\Support\RaboSessionMon.exe
          C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
          C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SqlMangr.exe
          C:\WINDOWS\system32\RaboCommSrv.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\BRMFRSMG.EXE
          C:\WINDOWS\system32\wscntfy.exe
          C:\Documents and Settings\Gorter3\Bureaublad\HiJackThis.exe
          C:\WINDOWS\system32\wuauclt.exe

          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
          O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
          O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
          O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
          O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
          O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
          O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05c\BrStDvPt.exe
          O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
          O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
          O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
          O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
          O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
          O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
          O4 - HKCU\..\Run: [PnPUI Registrator] C:\Program Files\Common Files\Sitecom Shared\PnP Universal Installer\PnPUIReg.exe -s
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
          O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
          O4 - Startup: Service Manager.lnk = ?
          O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
          O4 - Global Startup: Rabo Session Monitor.lnk = C:\Program Files\Rabo\Support\RaboSessionMon.exe
          O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
          O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
          O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
          O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
          O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
          O23 - Service: Rabo Comm Server (Srv_RaboComm) - Rabobank Nederland - C:\WINDOWS\system32\RaboCommSrv.exe

          --
          End of file - 7094 bytes

          Comment


          • #6
            Oorspronkelijk geplaatst door Pluisje Bekijk Berichten
            Gelieve te controleren of de problemen nu zijn verdwenen
            Dat moet je zelf doen

            Ik kan alleen maar beoordelen of het logje schoon is en dat lijkt me het geval

            Comment


            • #7
              Heel hartelijk dank voor de hulp!!!!!!

              Comment


              • #8
                Graag gedaan hoor

                Comment

                Sorry, you are not authorized to view this page
                Working...
                X