MasterS Skrevet 4. mars 2009 Del Skrevet 4. mars 2009 Heisann. Har fått inn noe dritt på min netbook som jeg ikke får vekk. Har både kjørt spybot, adaware og avast antivirus, men dritten kommer fortsatt opp igjen. Håper noen har tips til hva jeg kan gjøre for å fjerne dette, og vær så snill og ikke kom med reinstallering av os. Specs: Eee 1000H XP Lenke til kommentar
del_diablo Skrevet 4. mars 2009 Del Skrevet 4. mars 2009 (endret) Dra in Ccleaner. trykk: "Windows tasten + R", skriv: "taskmgr" Finn ut hva den i system trayet er for noe og skriv ned det(den skal også gi informasjon hvor dan kjører fra. Plug ut netverkskablen. dra i gang en chkdsk /r(skriv dette i Win+R greia) og boot in i "safe mode" etterpå(prøv å ødelegge F8 tasten når Win starter med å trykke så rask som mulige burde bringe deg til menyen). dra i gang en regedit og søk på "Run"(like bokstaver). Slett alt som du ikke vil starte opp. manuelt sleppt "tmp" mappa rett under C:\(eller hvor du har den) finn den andre temp mappa og slett manuelt. Dra i gang en full rensk med Ccleaner, kjør den over registeret også(gjenta minst 2 ganger hver), husk og merke av det meste Dra i gang AV, gjerne ekstern skanning fra en annen PC som kjører annet AV. søk etter win32.dll(husker ikke helt), noen andre kan sikkert forklare dette punkte mer Slett den traya som lager tray iconet og drep alle filer rundt den. Det burde renske den pent. Endret 4. mars 2009 av del_diablo Lenke til kommentar
Tosha0007 Skrevet 4. mars 2009 Del Skrevet 4. mars 2009 Dette er diverre ein relativt vanleg infeksjon, men det er ganske grei å bli kvitt. Me har ein veiledning på forumet, her, som er veldig fin til å bli kvitt malware. Køyr den, og post loggane her i din eigen tråd. Lenke til kommentar
mhsalangli Skrevet 4. mars 2009 Del Skrevet 4. mars 2009 prøve malwarebytes sin spionrenser Lenke til kommentar
Tosha0007 Skrevet 4. mars 2009 Del Skrevet 4. mars 2009 (endret) mhsalangli: Hadde du sett på veiledninga ser du at Malwarebytes' Anti-Malware inngår i ei grundig fjerning som til no etter mitt syn har hatt særs god effekt på infiserte pc'ar. edit: Det er og viktig at me får sjå loggar slik at me kan forsikre oss om at alt er borte Endret 4. mars 2009 av tosha0007 Lenke til kommentar
MasterS Skrevet 4. mars 2009 Forfatter Del Skrevet 4. mars 2009 Prøvde spyware doctor sammen med NVT malware removal tool og dritten forsvant. Må vel snart betale for spyware doctor.... Lenke til kommentar
Bruker-158599 Skrevet 4. mars 2009 Del Skrevet 4. mars 2009 Følg veiledningne i signaturen min. Deretter poster du logger Så kan noen komme å se i loggene å fjeren antivirus-pro2009 Lenke til kommentar
raWrz Skrevet 4. mars 2009 Del Skrevet 4. mars 2009 (endret) 1. hvis du vil sjekke om det finnes rester så kjører du veiledningen som er linket øverst i signaturen min edit: -smash- var før meg 2. du kan lese en test av norbat om antivirus programmer (gratis versoner) her: https://www.diskusjon.no/index.php?showtopic=1075335 "Må vel snart betale for spyware doctor" du må ingen ting Endret 4. mars 2009 av Submit Lenke til kommentar
MasterS Skrevet 5. mars 2009 Forfatter Del Skrevet 5. mars 2009 Ikke alle bruker warez hele tiden. Lenke til kommentar
Bruker-158599 Skrevet 5. mars 2009 Del Skrevet 5. mars 2009 Ikke alle bruker warez hele tiden. ? Lenke til kommentar
raWrz Skrevet 5. mars 2009 Del Skrevet 5. mars 2009 Ikke alle bruker warez hele tiden. ? mente egentlig at det finnes bedre programmer enn betalte.. mente ikke at du kunne piratnedlaste det Lenke til kommentar
Bruker-158599 Skrevet 5. mars 2009 Del Skrevet 5. mars 2009 (endret) .... Endret 15. mai 2010 av -Smash- Lenke til kommentar
Gjest Skrevet 5. mars 2009 Del Skrevet 5. mars 2009 Gjør som de andre sier, kjør gjennom veiledningen her: https://www.diskusjon.no/index.php?showtopic=691246 Lenke til kommentar
MasterS Skrevet 8. mars 2009 Forfatter Del Skrevet 8. mars 2009 Heisann. Trodde mesteparten var borte med spydoctor, men dog nei. Har kjørt etter malen som ligger på forumet her. Kanskje dere finner ut noe mer enn hva jeg ser her. Malwarebytes' Anti-Malware 1.34 Malwarebytes' Anti-Malware 1.34 Databaseversjon: 1827 Windows 5.1.2600 Service Pack 3 08.03.2009 21:13:26 mbam-log-2009-03-08 (21-13-26).txt Skanntype: Rask Skann Objekter skannet: 65121 Tid tilbakelagt: 3 minute(s), 19 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 6 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 15 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\WINDOWS\system32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\senekabhbripdp.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\senekagakasvso.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\senekanpfjxvbd.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\senekanspppyin.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\senekarnqhcgku.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\senekaulnsmusc.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\senekavpyapmhf.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\senekavrekxwbd.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\senekawjdbxvyt.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\senekayaimmtdk.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\senekaeptuxmbv.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\senekamexuvxub.sys (Trojan.Agent) -> Quarantined and deleted successfully. ComboFix ComboFix 09-03-06.02 - Administrator 2009-03-08 21:32:25.1 - NTFSx86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.2039.1679 [GMT 1:00] Kjører fra: c:\documents and settings\Jim Hansen\Skrivebord\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090307-0] *On-access scanning enabled* (Updated) ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr1.dat c:\windows\IE4 Error Log.txt c:\windows\system32\1000.exe c:\windows\system32\303363.exe c:\windows\system32\BcMoonpo.ini c:\windows\system32\BcMoonpo.ini2 c:\windows\system32\mrbuja.dll c:\windows\system32\nlveuybn.dll c:\windows\system32\pepdjl.dll c:\windows\system32\test.ttt c:\windows\system32\yjsliucl.dll ----- BITS: Mulige infiserte sider ----- hxxp://www.wzporn.com . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_seneka ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-02-08 til 2009-03-08 ))))))))))))))))))))))))))))))))) . 2009-03-08 21:25 . 2009-03-08 21:25 <DIR> d-------- c:\documents and settings\Administrator\Programdata\Malwarebytes 2009-03-08 21:08 . 2009-03-08 21:08 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware 2009-03-08 21:08 . 2009-03-08 21:08 <DIR> d-------- c:\documents and settings\Jim Hansen\Programdata\Malwarebytes 2009-03-08 21:08 . 2009-03-08 21:08 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2009-03-08 21:08 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-08 21:08 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-04 21:20 . 2009-03-04 21:39 <DIR> d-------- c:\programfiler\NVT Malware Remover Tool 2009-03-04 21:10 . 2009-03-08 20:40 <DIR> d-a------ c:\documents and settings\All Users\Programdata\TEMP 2009-03-04 21:08 . 2009-03-04 21:11 <DIR> d-------- c:\documents and settings\Jim Hansen\Programdata\GetRightToGo 2009-03-03 21:33 . 2008-07-14 10:43 <DIR> dr------- c:\documents and settings\Administrator\Start-meny 2009-03-03 21:33 . 2008-07-14 10:43 <DIR> d--h----- c:\documents and settings\Administrator\Skrivere 2009-03-03 21:33 . 2008-07-14 11:32 <DIR> d-------- c:\documents and settings\Administrator\Skrivebord 2009-03-03 21:33 . 2009-03-08 21:29 <DIR> dr-h----- c:\documents and settings\Administrator\Siste 2009-03-03 21:33 . 2008-07-14 10:21 <DIR> d-------- c:\documents and settings\Administrator\Programdata\StarOffice8 2009-03-03 21:33 . 2008-07-14 09:16 <DIR> d-------- c:\documents and settings\Administrator\Programdata\InstallShield 2009-03-03 21:33 . 2009-03-08 21:25 <DIR> dr-h----- c:\documents and settings\Administrator\Programdata 2009-03-03 21:33 . 2008-07-14 11:34 <DIR> dr------- c:\documents and settings\Administrator\Mine dokumenter 2009-03-03 21:33 . 2008-07-14 08:48 <DIR> d--h----- c:\documents and settings\Administrator\Maler 2009-03-03 21:33 . 2008-07-14 10:43 <DIR> d--h----- c:\documents and settings\Administrator\Lokale innstillinger 2009-03-03 21:33 . 2008-07-14 08:56 <DIR> dr------- c:\documents and settings\Administrator\Favoritter 2009-03-03 21:33 . 2008-07-14 09:19 <DIR> d-------- c:\documents and settings\Administrator\Bluetooth Software 2009-03-03 21:33 . 2008-07-14 10:43 <DIR> d--h----- c:\documents and settings\Administrator\AndrMask 2009-03-03 21:33 . 2009-03-03 21:33 <DIR> d-------- c:\documents and settings\Administrator 2009-03-01 11:31 . 2009-03-01 18:07 210 --a------ c:\windows\wininit.ini 2009-03-01 10:15 . 2009-03-04 22:08 <DIR> d-------- c:\programfiler\Spybot - Search & Destroy 2009-03-01 10:15 . 2009-03-04 22:08 <DIR> d-------- c:\documents and settings\All Users\Programdata\Spybot - Search & Destroy 2009-03-01 10:06 . 2009-03-04 22:07 <DIR> d-------- c:\programfiler\Lavasoft 2009-03-01 10:06 . 2009-03-04 22:07 <DIR> d-------- c:\documents and settings\All Users\Programdata\Lavasoft 2009-02-28 14:17 . 2009-02-28 22:46 <DIR> d-------- c:\documents and settings\All Users\Programdata\TrackMania 2009-02-28 14:12 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll 2009-02-28 14:09 . 2009-02-28 14:12 <DIR> d-------- c:\programfiler\TmNationsForever 2009-02-27 10:03 . 2009-02-27 10:03 <DIR> d-------- c:\programfiler\Notepad++ 2009-02-27 10:03 . 2009-02-27 10:05 <DIR> d-------- c:\documents and settings\Jim Hansen\Programdata\Notepad++ 2009-02-22 18:40 . 2009-02-22 18:40 <DIR> d-------- c:\programfiler\uTorrent 2009-02-22 18:40 . 2009-03-08 21:02 <DIR> d-------- c:\documents and settings\Jim Hansen\Programdata\uTorrent 2009-02-18 21:48 . 2009-02-18 21:48 <DIR> d-------- c:\programfiler\FileZilla FTP Client 2009-02-18 21:48 . 2009-02-18 21:53 <DIR> d-------- c:\documents and settings\Jim Hansen\Programdata\FileZilla 2009-02-18 19:08 . 2009-02-18 19:10 <DIR> d-------- c:\documents and settings\Jim Hansen\dwhelper 2009-02-18 16:15 . 2009-02-18 16:15 <DIR> d-------- c:\documents and settings\Jim Hansen\Programdata\Apple Computer 2009-02-18 07:59 . 2009-02-18 07:59 <DIR> d-------- c:\programfiler\Salling Software AB 2009-02-08 23:01 . 2009-02-08 23:01 <DIR> d-------- c:\programfiler\MSXML 4.0 2009-02-08 21:26 . 2009-02-08 21:26 <DIR> d-------- c:\documents and settings\Jim Hansen\Programdata\dvdcss . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-08 19:19 --------- d-----w c:\documents and settings\Jim Hansen\Programdata\Skype 2009-03-08 11:03 --------- d-----w c:\documents and settings\Jim Hansen\Programdata\StarOffice8 2009-03-07 16:04 --------- d-----w c:\documents and settings\Jim Hansen\Programdata\skypePM 2009-02-24 19:02 --------- d-----w c:\documents and settings\All Users\Programdata\PC Suite 2009-02-07 14:00 --------- d-----w c:\documents and settings\Jim Hansen\Programdata\Nokia 2009-02-07 13:56 --------- d-----w c:\documents and settings\All Users\Programdata\Nokia 2009-02-07 13:55 --------- d-----w c:\programfiler\Nokia 2009-02-07 13:55 --------- d-----w c:\programfiler\Fellesfiler\Nokia 2009-02-07 13:54 --------- d-----w c:\documents and settings\All Users\Programdata\Installations 2009-02-07 13:51 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-02-07 13:51 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2009-02-07 13:51 --------- d-----w c:\documents and settings\Jim Hansen\Programdata\PC Suite 2009-02-07 13:48 --------- d-----w c:\programfiler\Fellesfiler\PCSuite 2009-02-07 13:48 --------- d-----w c:\programfiler\DIFX 2009-02-07 13:47 --------- d-----w c:\programfiler\PC Connectivity Solution 2009-01-27 20:06 --------- d-----w c:\documents and settings\Jim Hansen\Programdata\LG Electronics 2009-01-27 06:26 --------- d--h--w c:\programfiler\InstallShield Installation Information 2009-01-27 06:26 --------- d-----w c:\programfiler\LG Electronics 2009-01-27 06:25 --------- d-----w c:\programfiler\LG PC Suite 2 2009-01-25 18:16 --------- d-----w c:\programfiler\DC++ 2009-01-15 16:23 --------- d-----w c:\programfiler\QuickTime 2009-01-15 16:22 --------- d-----w c:\programfiler\Fellesfiler\Apple 2009-01-15 16:22 --------- d-----w c:\programfiler\Apple Software Update 2009-01-15 16:22 --------- d-----w c:\documents and settings\All Users\Programdata\Apple Computer 2009-01-15 16:22 --------- d-----w c:\documents and settings\All Users\Programdata\Apple 2008-11-12 21:10 32 ----a-w c:\documents and settings\All Users\Programdata\ezsid.dat 2008-05-07 08:34 15,523,560 ----a-w c:\programfiler\U1 Setup.exe . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360] "PC Suite Tray"="c:\programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072] "AsusTray"="c:\programfiler\EeePC\ACPI\AsTray.exe" [2008-06-03 98304] "AsusACPIServer"="c:\programfiler\EeePC\ACPI\AsAcpiSvr.exe" [2008-06-03 479232] "AsusEPCMonitor"="c:\programfiler\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "RTHDCPL"="RTHDCPL.EXE" [2008-06-13 c:\windows\RTHDCPL.exe] "SoundMan"="SOUNDMAN.EXE" [2006-07-21 c:\windows\SoundMan.exe] "AlcWzrd"="ALCWZRD.EXE" [2006-05-04 c:\windows\alcwzrd.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ BTTray.lnk - c:\programfiler\WIDCOMM\Bluetooth Software\BTTray.exe [2008-04-14 596584] SuperHybridEngine.lnk - c:\programfiler\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2008-07-14 303104] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=pepdjl.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Windows Search.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-10-15 01:04 39792 c:\programfiler\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-08-08 13:11 490952 c:\programfiler\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 10:34 5724184 c:\programfiler\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] --a------ 2008-12-03 12:47 1205760 c:\programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-09-06 15:09 413696 c:\programfiler\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Salling Media Sync] --a------ 2008-11-21 12:21 343696 c:\programfiler\Salling Software AB\Salling Media Sync\Salling Media Sync.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-06-10 04:27 144784 c:\programfiler\Java\jre1.6.0_07\bin\jusched.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "c:\\Programfiler\\DC++\\DCPlusPlus.exe"= "c:\\Programfiler\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "c:\\Programfiler\\Fellesfiler\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "c:\\Programfiler\\TmNationsForever\\TmForever.exe"= "c:\\Programfiler\\Skype\\Phone\\Skype.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-12 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-12 20560] R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [2008-07-14 11264] R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2008-06-26 36864] R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2008-07-14 625024] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S0 ngyakkbe;ngyakkbe;c:\windows\system32\drivers\utxnn.sys --> c:\windows\system32\drivers\utxnn.sys [?] S3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [2008-06-26 25088] . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-03-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\programfiler\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [] 2009-01-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-03-08 c:\windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job - c:\programfiler\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20] . - - - - TOMME PEKERE FJERNET - - - - Notify-jkkLDUOF - (no file) MSConfigStartUp-SpybotSD TeaTimer - c:\programfiler\Spybot - Search & Destroy\TeaTimer.exe . ------- Tilleggsskanning ------- . uStart Page = hxxp://eeepc.asus.com/global uInternet Connection Wizard,ShellNext = hxxp://eeepc.asus.com/global IE: &Windows Live Search - c:\programfiler\Windows Live Toolbar\msntb.dll/search.htm IE: Send til &Bluetooth-enhet... - c:\programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send til Bluetooth - c:\programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm FF - ProfilePath - c:\documents and settings\Jim Hansen\Programdata\Mozilla\Firefox\Profiles\rppqvgj9.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1361345&SearchSource=3&q= FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1361345&SearchSource=2&q= FF - component: c:\documents and settings\Jim Hansen\Programdata\Mozilla\Firefox\Profiles\rppqvgj9.default\extensions\{a33fa729-d155-4b23-842b-2c665ecabdb6}\components\FFAlert.dll FF - component: c:\documents and settings\Jim Hansen\Programdata\Mozilla\Firefox\Profiles\rppqvgj9.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll FF - component: c:\programfiler\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll FF - plugin: c:\programfiler\Mozilla Firefox\plugins\np-mswmp.dll ---- FIREFOX POLICIES ---- c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-08 21:36:21 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\programfiler\Alwil Software\Avast4\aswUpdSv.exe c:\programfiler\Alwil Software\Avast4\ashServ.exe c:\windows\system32\igfxsrvc.exe c:\windows\system32\igfxext.exe c:\programfiler\Fellesfiler\InterVideo\RegMgr\iviRegMgr.exe c:\windows\system32\searchindexer.exe c:\programfiler\Alwil Software\Avast4\ashMaiSv.exe c:\programfiler\Alwil Software\Avast4\ashWebSv.exe c:\programfiler\PC Connectivity Solution\ServiceLayer.exe c:\programfiler\PC Connectivity Solution\Transports\NclUSBSrv.exe c:\programfiler\PC Connectivity Solution\Transports\NclRSSrv.exe . ************************************************************************** . Tidspunkt ferdig: 2009-03-08 21:40:07 - maskinen ble startet på nytt [Jim Hansen] ComboFix-quarantined-files.txt 2009-03-08 20:40:03 Pre-Run: 31 950 180 352 byte ledig Post-Run: 31,897,837,568 byte ledig 229 --- E O F --- 2009-02-24 22:31:51 Lenke til kommentar
snippsat Skrevet 8. mars 2009 Del Skrevet 8. mars 2009 Kopiere fet tekst under bildet->åpne notisblokk og lim inn. Lagre på skrivebordet som CFScript.txt Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt File:: c:\windows\system32\drivers\utxnn.sys Driver:: ngyakkbe Registry:: HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=- Lenke til kommentar
MasterS Skrevet 8. mars 2009 Forfatter Del Skrevet 8. mars 2009 Loggen: ComboFix 09-03-06.02 - Jim Hansen 2009-03-08 23:18:14.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.2039.1435 [GMT 1:00] Kjører fra: c:\documents and settings\Jim Hansen\Skrivebord\malware removal\ComboFix.exe Command switches brukt :: c:\documents and settings\Jim Hansen\Skrivebord\malware removal\CFScript.txt AV: avast! antivirus 4.8.1335 [VPS 090307-0] *On-access scanning disabled* (Updated) * Opprettet nytt gjenopprettingspunkt ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! FILE :: c:\windows\system32\drivers\utxnn.sys . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_ngyakkbe ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-02-08 til 2009-03-08 ))))))))))))))))))))))))))))))))) . 2009-03-08 21:25 . 2009-03-08 21:25 <DIR> d-------- c:\documents and settings\Administrator\Programdata\Malwarebytes 2009-03-08 21:08 . 2009-03-08 21:08 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware 2009-03-08 21:08 . 2009-03-08 21:08 <DIR> d-------- c:\documents and settings\Jim Hansen\Programdata\Malwarebytes 2009-03-08 21:08 . 2009-03-08 21:08 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2009-03-08 21:08 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-08 21:08 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-04 21:20 . 2009-03-04 21:39 <DIR> d-------- c:\programfiler\NVT Malware Remover Tool 2009-03-04 21:10 . 2009-03-08 20:40 <DIR> d-a------ c:\documents and settings\All Users\Programdata\TEMP 2009-03-04 21:08 . 2009-03-04 21:11 <DIR> d-------- c:\documents and settings\Jim Hansen\Programdata\GetRightToGo 2009-03-03 21:33 . 2008-07-14 10:43 <DIR> dr------- c:\documents and settings\Administrator\Start-meny 2009-03-03 21:33 . 2008-07-14 10:43 <DIR> d--h----- c:\documents and settings\Administrator\Skrivere 2009-03-03 21:33 . 2008-07-14 11:32 <DIR> d-------- c:\documents and settings\Administrator\Skrivebord 2009-03-03 21:33 . 2009-03-08 21:29 <DIR> dr-h----- c:\documents and settings\Administrator\Siste 2009-03-03 21:33 . 2008-07-14 10:21 <DIR> d-------- c:\documents and settings\Administrator\Programdata\StarOffice8 2009-03-03 21:33 . 2008-07-14 09:16 <DIR> d-------- c:\documents and settings\Administrator\Programdata\InstallShield 2009-03-03 21:33 . 2009-03-08 21:25 <DIR> dr-h----- c:\documents and settings\Administrator\Programdata 2009-03-03 21:33 . 2008-07-14 11:34 <DIR> dr------- c:\documents and settings\Administrator\Mine dokumenter 2009-03-03 21:33 . 2008-07-14 08:48 <DIR> d--h----- c:\documents and settings\Administrator\Maler 2009-03-03 21:33 . 2009-03-08 23:19 <DIR> d--h----- c:\documents and settings\Administrator\Lokale innstillinger 2009-03-03 21:33 . 2008-07-14 08:56 <DIR> dr------- c:\documents and settings\Administrator\Favoritter 2009-03-03 21:33 . 2008-07-14 09:19 <DIR> d-------- c:\documents and settings\Administrator\Bluetooth Software 2009-03-03 21:33 . 2008-07-14 10:43 <DIR> d--h----- c:\documents and settings\Administrator\AndrMask 2009-03-03 21:33 . 2009-03-03 21:33 <DIR> d-------- c:\documents and settings\Administrator 2009-03-01 11:31 . 2009-03-01 18:07 210 --a------ c:\windows\wininit.ini 2009-03-01 10:15 . 2009-03-04 22:08 <DIR> d-------- c:\programfiler\Spybot - Search & Destroy 2009-03-01 10:15 . 2009-03-04 22:08 <DIR> d-------- c:\documents and settings\All Users\Programdata\Spybot - Search & Destroy 2009-03-01 10:06 . 2009-03-04 22:07 <DIR> d-------- c:\programfiler\Lavasoft 2009-03-01 10:06 . 2009-03-04 22:07 <DIR> d-------- c:\documents and settings\All Users\Programdata\Lavasoft 2009-02-28 14:17 . 2009-02-28 22:46 <DIR> d-------- c:\documents and settings\All Users\Programdata\TrackMania 2009-02-28 14:12 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll 2009-02-28 14:09 . 2009-02-28 14:12 <DIR> d-------- c:\programfiler\TmNationsForever 2009-02-27 10:03 . 2009-02-27 10:03 <DIR> d-------- c:\programfiler\Notepad++ 2009-02-27 10:03 . 2009-02-27 10:05 <DIR> d-------- c:\documents and settings\Jim Hansen\Programdata\Notepad++ 2009-02-22 18:40 . 2009-02-22 18:40 <DIR> d-------- c:\programfiler\uTorrent 2009-02-22 18:40 . 2009-03-08 21:02 <DIR> d-------- c:\documents and settings\Jim Hansen\Programdata\uTorrent 2009-02-18 21:48 . 2009-02-18 21:48 <DIR> d-------- c:\programfiler\FileZilla FTP Client 2009-02-18 21:48 . 2009-02-18 21:53 <DIR> d-------- c:\documents and settings\Jim Hansen\Programdata\FileZilla 2009-02-18 19:08 . 2009-02-18 19:10 <DIR> d-------- c:\documents and settings\Jim Hansen\dwhelper 2009-02-18 16:15 . 2009-02-18 16:15 <DIR> d-------- c:\documents and settings\Jim Hansen\Programdata\Apple Computer 2009-02-18 07:59 . 2009-02-18 07:59 <DIR> d-------- c:\programfiler\Salling Software AB 2009-02-08 23:01 . 2009-02-08 23:01 <DIR> d-------- c:\programfiler\MSXML 4.0 2009-02-08 21:26 . 2009-02-08 21:26 <DIR> d-------- c:\documents and settings\Jim Hansen\Programdata\dvdcss . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-08 22:01 --------- d-----w c:\documents and settings\Jim Hansen\Programdata\StarOffice8 2009-03-08 19:19 --------- d-----w c:\documents and settings\Jim Hansen\Programdata\Skype 2009-03-07 16:04 --------- d-----w c:\documents and settings\Jim Hansen\Programdata\skypePM 2009-02-24 19:02 --------- d-----w c:\documents and settings\All Users\Programdata\PC Suite 2009-02-07 14:00 --------- d-----w c:\documents and settings\Jim Hansen\Programdata\Nokia 2009-02-07 13:56 --------- d-----w c:\documents and settings\All Users\Programdata\Nokia 2009-02-07 13:55 --------- d-----w c:\programfiler\Nokia 2009-02-07 13:55 --------- d-----w c:\programfiler\Fellesfiler\Nokia 2009-02-07 13:54 --------- d-----w c:\documents and settings\All Users\Programdata\Installations 2009-02-07 13:51 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-02-07 13:51 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2009-02-07 13:51 --------- d-----w c:\documents and settings\Jim Hansen\Programdata\PC Suite 2009-02-07 13:48 --------- d-----w c:\programfiler\Fellesfiler\PCSuite 2009-02-07 13:48 --------- d-----w c:\programfiler\DIFX 2009-02-07 13:47 --------- d-----w c:\programfiler\PC Connectivity Solution 2009-01-27 20:06 --------- d-----w c:\documents and settings\Jim Hansen\Programdata\LG Electronics 2009-01-27 06:26 --------- d--h--w c:\programfiler\InstallShield Installation Information 2009-01-27 06:26 --------- d-----w c:\programfiler\LG Electronics 2009-01-27 06:25 --------- d-----w c:\programfiler\LG PC Suite 2 2009-01-25 18:16 --------- d-----w c:\programfiler\DC++ 2009-01-15 16:23 --------- d-----w c:\programfiler\QuickTime 2009-01-15 16:22 --------- d-----w c:\programfiler\Fellesfiler\Apple 2009-01-15 16:22 --------- d-----w c:\programfiler\Apple Software Update 2009-01-15 16:22 --------- d-----w c:\documents and settings\All Users\Programdata\Apple Computer 2009-01-15 16:22 --------- d-----w c:\documents and settings\All Users\Programdata\Apple 2008-11-12 21:10 32 ----a-w c:\documents and settings\All Users\Programdata\ezsid.dat 2008-05-07 08:34 15,523,560 ----a-w c:\programfiler\U1 Setup.exe . ((((((((((((((((((((((((((((( SnapShot@2009-03-08_21.38.24,75 ))))))))))))))))))))))))))))))))))))))))) . - 2009-03-08 20:29:18 62,344 ----a-w c:\windows\system32\perfc009.dat + 2009-03-08 20:40:22 62,678 ----a-w c:\windows\system32\perfc009.dat - 2009-03-08 20:29:18 79,172 ----a-w c:\windows\system32\perfc014.dat + 2009-03-08 20:40:22 79,560 ----a-w c:\windows\system32\perfc014.dat - 2009-03-08 20:29:18 401,064 ----a-w c:\windows\system32\perfh009.dat + 2009-03-08 20:40:22 401,398 ----a-w c:\windows\system32\perfh009.dat - 2009-03-08 20:29:18 425,714 ----a-w c:\windows\system32\perfh014.dat + 2009-03-08 20:40:22 426,260 ----a-w c:\windows\system32\perfh014.dat + 2009-03-08 22:21:00 16,384 ----atw c:\windows\temp\Perflib_Perfdata_5cc.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360] "PC Suite Tray"="c:\programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072] "AsusTray"="c:\programfiler\EeePC\ACPI\AsTray.exe" [2008-06-03 98304] "AsusACPIServer"="c:\programfiler\EeePC\ACPI\AsAcpiSvr.exe" [2008-06-03 479232] "AsusEPCMonitor"="c:\programfiler\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "RTHDCPL"="RTHDCPL.EXE" [2008-06-13 c:\windows\RTHDCPL.exe] "SoundMan"="SOUNDMAN.EXE" [2006-07-21 c:\windows\SoundMan.exe] "AlcWzrd"="ALCWZRD.EXE" [2006-05-04 c:\windows\alcwzrd.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ BTTray.lnk - c:\programfiler\WIDCOMM\Bluetooth Software\BTTray.exe [2008-04-14 596584] SuperHybridEngine.lnk - c:\programfiler\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2008-07-14 303104] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=pepdjl.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Windows Search.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-10-15 01:04 39792 c:\programfiler\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-08-08 13:11 490952 c:\programfiler\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 10:34 5724184 c:\programfiler\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] --a------ 2008-12-03 12:47 1205760 c:\programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-09-06 15:09 413696 c:\programfiler\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Salling Media Sync] --a------ 2008-11-21 12:21 343696 c:\programfiler\Salling Software AB\Salling Media Sync\Salling Media Sync.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-06-10 04:27 144784 c:\programfiler\Java\jre1.6.0_07\bin\jusched.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "c:\\Programfiler\\DC++\\DCPlusPlus.exe"= "c:\\Programfiler\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "c:\\Programfiler\\Fellesfiler\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "c:\\Programfiler\\TmNationsForever\\TmForever.exe"= "c:\\Programfiler\\Skype\\Phone\\Skype.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-12 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-12 20560] R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [2008-07-14 11264] R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2008-06-26 36864] R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2008-07-14 625024] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [2008-06-26 25088] . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-03-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\programfiler\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [] 2009-01-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-03-08 c:\windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job - c:\programfiler\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://eeepc.asus.com/global uInternet Connection Wizard,ShellNext = hxxp://eeepc.asus.com/global IE: &Windows Live Search - c:\programfiler\Windows Live Toolbar\msntb.dll/search.htm IE: Send til &Bluetooth-enhet... - c:\programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send til Bluetooth - c:\programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm FF - ProfilePath - c:\documents and settings\Jim Hansen\Programdata\Mozilla\Firefox\Profiles\rppqvgj9.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1361345&SearchSource=3&q= FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1361345&SearchSource=2&q= FF - component: c:\documents and settings\Jim Hansen\Programdata\Mozilla\Firefox\Profiles\rppqvgj9.default\extensions\{a33fa729-d155-4b23-842b-2c665ecabdb6}\components\FFAlert.dll FF - component: c:\documents and settings\Jim Hansen\Programdata\Mozilla\Firefox\Profiles\rppqvgj9.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll FF - component: c:\programfiler\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll FF - plugin: c:\programfiler\Mozilla Firefox\plugins\np-mswmp.dll ---- FIREFOX POLICIES ---- c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-08 23:22:27 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\programfiler\Alwil Software\Avast4\aswUpdSv.exe c:\programfiler\Alwil Software\Avast4\ashServ.exe c:\windows\system32\igfxsrvc.exe c:\windows\system32\igfxext.exe c:\programfiler\Fellesfiler\InterVideo\RegMgr\iviRegMgr.exe c:\windows\system32\searchindexer.exe c:\programfiler\Alwil Software\Avast4\ashMaiSv.exe c:\programfiler\Alwil Software\Avast4\ashWebSv.exe c:\programfiler\PC Connectivity Solution\ServiceLayer.exe c:\programfiler\PC Connectivity Solution\Transports\NclUSBSrv.exe c:\programfiler\PC Connectivity Solution\Transports\NclRSSrv.exe . ************************************************************************** . Tidspunkt ferdig: 2009-03-08 23:25:50 - maskinen ble startet på nytt [Jim Hansen] ComboFix-quarantined-files.txt 2009-03-08 22:25:46 ComboFix2.txt 2009-03-08 20:40:10 Pre-Run: 31,884,267,520 byte ledig Post-Run: 31,874,695,168 byte ledig 228 --- E O F --- 2009-02-24 22:31:51 Lenke til kommentar
snippsat Skrevet 8. mars 2009 Del Skrevet 8. mars 2009 Lag et nytt CFScript.txt fet tekst,virket ikke glemte denne i begynnelsen [ Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=- Lenke til kommentar
MasterS Skrevet 9. mars 2009 Forfatter Del Skrevet 9. mars 2009 ComboFix 09-03-06.02 - Jim Hansen 2009-03-09 18:06:07.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.2039.1566 [GMT 1:00] Kjører fra: c:\documents and settings\Jim Hansen\Skrivebord\malware removal\ComboFix.exe Command switches brukt :: c:\documents and settings\Jim Hansen\Skrivebord\malware removal\CFScript.txt AV: avast! antivirus 4.8.1335 [VPS 090308-0] *On-access scanning disabled* (Updated) * Opprettet nytt gjenopprettingspunkt ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! FILE :: c:\windows\system32\drivers\utxnn.sys . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-02-09 til 2009-03-09 ))))))))))))))))))))))))))))))))) . 2009-03-08 21:25 . 2009-03-08 21:25 <DIR> d-------- c:\documents and settings\Administrator\Programdata\Malwarebytes 2009-03-08 21:08 . 2009-03-08 21:08 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware 2009-03-08 21:08 . 2009-03-08 21:08 <DIR> d-------- c:\documents and settings\Jim Hansen\Programdata\Malwarebytes 2009-03-08 21:08 . 2009-03-08 21:08 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2009-03-08 21:08 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-08 21:08 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-04 21:20 . 2009-03-04 21:39 <DIR> d-------- c:\programfiler\NVT Malware Remover Tool 2009-03-04 21:10 . 2009-03-08 20:40 <DIR> d-a------ c:\documents and settings\All Users\Programdata\TEMP 2009-03-04 21:08 . 2009-03-04 21:11 <DIR> d-------- c:\documents and settings\Jim Hansen\Programdata\GetRightToGo 2009-03-03 21:33 . 2008-07-14 10:43 <DIR> dr------- c:\documents and settings\Administrator\Start-meny 2009-03-03 21:33 . 2008-07-14 10:43 <DIR> d--h----- c:\documents and settings\Administrator\Skrivere 2009-03-03 21:33 . 2008-07-14 11:32 <DIR> d-------- c:\documents and settings\Administrator\Skrivebord 2009-03-03 21:33 . 2009-03-08 21:29 <DIR> dr-h----- c:\documents and settings\Administrator\Siste 2009-03-03 21:33 . 2008-07-14 10:21 <DIR> d-------- c:\documents and settings\Administrator\Programdata\StarOffice8 2009-03-03 21:33 . 2008-07-14 09:16 <DIR> d-------- c:\documents and settings\Administrator\Programdata\InstallShield 2009-03-03 21:33 . 2009-03-08 21:25 <DIR> dr-h----- c:\documents and settings\Administrator\Programdata 2009-03-03 21:33 . 2008-07-14 11:34 <DIR> dr------- c:\documents and settings\Administrator\Mine dokumenter 2009-03-03 21:33 . 2008-07-14 08:48 <DIR> d--h----- c:\documents and settings\Administrator\Maler 2009-03-03 21:33 . 2009-03-09 18:07 <DIR> d--h----- c:\documents and settings\Administrator\Lokale innstillinger 2009-03-03 21:33 . 2008-07-14 08:56 <DIR> dr------- c:\documents and settings\Administrator\Favoritter 2009-03-03 21:33 . 2008-07-14 09:19 <DIR> d-------- c:\documents and settings\Administrator\Bluetooth Software 2009-03-03 21:33 . 2008-07-14 10:43 <DIR> d--h----- c:\documents and settings\Administrator\AndrMask 2009-03-03 21:33 . 2009-03-03 21:33 <DIR> d-------- c:\documents and settings\Administrator 2009-03-01 11:31 . 2009-03-01 18:07 210 --a------ c:\windows\wininit.ini 2009-03-01 10:15 . 2009-03-04 22:08 <DIR> d-------- c:\programfiler\Spybot - Search & Destroy 2009-03-01 10:15 . 2009-03-04 22:08 <DIR> d-------- c:\documents and settings\All Users\Programdata\Spybot - Search & Destroy 2009-03-01 10:06 . 2009-03-04 22:07 <DIR> d-------- c:\programfiler\Lavasoft 2009-03-01 10:06 . 2009-03-04 22:07 <DIR> d-------- c:\documents and settings\All Users\Programdata\Lavasoft 2009-02-28 14:17 . 2009-02-28 22:46 <DIR> d-------- c:\documents and settings\All Users\Programdata\TrackMania 2009-02-28 14:12 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll 2009-02-28 14:09 . 2009-02-28 14:12 <DIR> d-------- c:\programfiler\TmNationsForever 2009-02-27 10:03 . 2009-02-27 10:03 <DIR> d-------- c:\programfiler\Notepad++ 2009-02-27 10:03 . 2009-02-27 10:05 <DIR> d-------- c:\documents and settings\Jim Hansen\Programdata\Notepad++ 2009-02-22 18:40 . 2009-02-22 18:40 <DIR> d-------- c:\programfiler\uTorrent 2009-02-22 18:40 . 2009-03-08 21:02 <DIR> d-------- c:\documents and settings\Jim Hansen\Programdata\uTorrent 2009-02-18 21:48 . 2009-02-18 21:48 <DIR> d-------- c:\programfiler\FileZilla FTP Client 2009-02-18 21:48 . 2009-02-18 21:53 <DIR> d-------- c:\documents and settings\Jim Hansen\Programdata\FileZilla 2009-02-18 19:08 . 2009-02-18 19:10 <DIR> d-------- c:\documents and settings\Jim Hansen\dwhelper 2009-02-18 16:15 . 2009-02-18 16:15 <DIR> d-------- c:\documents and settings\Jim Hansen\Programdata\Apple Computer 2009-02-18 07:59 . 2009-02-18 07:59 <DIR> d-------- c:\programfiler\Salling Software AB . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-08 22:01 --------- d-----w c:\documents and settings\Jim Hansen\Programdata\StarOffice8 2009-03-08 19:19 --------- d-----w c:\documents and settings\Jim Hansen\Programdata\Skype 2009-03-07 16:04 --------- d-----w c:\documents and settings\Jim Hansen\Programdata\skypePM 2009-02-24 19:02 --------- d-----w c:\documents and settings\All Users\Programdata\PC Suite 2009-02-08 22:01 --------- d-----w c:\programfiler\MSXML 4.0 2009-02-08 20:26 --------- d-----w c:\documents and settings\Jim Hansen\Programdata\dvdcss 2009-02-07 14:00 --------- d-----w c:\documents and settings\Jim Hansen\Programdata\Nokia 2009-02-07 13:56 --------- d-----w c:\documents and settings\All Users\Programdata\Nokia 2009-02-07 13:55 --------- d-----w c:\programfiler\Nokia 2009-02-07 13:55 --------- d-----w c:\programfiler\Fellesfiler\Nokia 2009-02-07 13:54 --------- d-----w c:\documents and settings\All Users\Programdata\Installations 2009-02-07 13:51 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-02-07 13:51 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2009-02-07 13:51 --------- d-----w c:\documents and settings\Jim Hansen\Programdata\PC Suite 2009-02-07 13:48 --------- d-----w c:\programfiler\Fellesfiler\PCSuite 2009-02-07 13:48 --------- d-----w c:\programfiler\DIFX 2009-02-07 13:47 --------- d-----w c:\programfiler\PC Connectivity Solution 2009-01-27 20:06 --------- d-----w c:\documents and settings\Jim Hansen\Programdata\LG Electronics 2009-01-27 06:26 --------- d--h--w c:\programfiler\InstallShield Installation Information 2009-01-27 06:26 --------- d-----w c:\programfiler\LG Electronics 2009-01-27 06:25 --------- d-----w c:\programfiler\LG PC Suite 2 2009-01-25 18:16 --------- d-----w c:\programfiler\DC++ 2009-01-15 16:23 --------- d-----w c:\programfiler\QuickTime 2009-01-15 16:22 --------- d-----w c:\programfiler\Fellesfiler\Apple 2009-01-15 16:22 --------- d-----w c:\programfiler\Apple Software Update 2009-01-15 16:22 --------- d-----w c:\documents and settings\All Users\Programdata\Apple Computer 2009-01-15 16:22 --------- d-----w c:\documents and settings\All Users\Programdata\Apple 2008-12-28 09:35 409,600 ----a-w c:\windows\system32\wrap_oal.dll 2008-12-28 09:35 114,688 ----a-w c:\windows\system32\OpenAL32.dll 2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll 2008-11-12 21:10 32 ----a-w c:\documents and settings\All Users\Programdata\ezsid.dat 2008-05-07 08:34 15,523,560 ----a-w c:\programfiler\U1 Setup.exe . ((((((((((((((((((((((((((((( SnapShot@2009-03-08_21.38.24,75 ))))))))))))))))))))))))))))))))))))))))) . + 2008-09-17 14:29:12 20,040 ----a-w c:\windows\system32\config\systemprofile\Programdata\Microsoft\IdentityCRL\Production\ppcrlconfig.dll - 2009-03-08 20:29:18 62,344 ----a-w c:\windows\system32\perfc009.dat + 2009-03-09 15:14:28 62,678 ----a-w c:\windows\system32\perfc009.dat - 2009-03-08 20:29:18 79,172 ----a-w c:\windows\system32\perfc014.dat + 2009-03-09 15:14:28 79,560 ----a-w c:\windows\system32\perfc014.dat - 2009-03-08 20:29:18 401,064 ----a-w c:\windows\system32\perfh009.dat + 2009-03-09 15:14:28 401,398 ----a-w c:\windows\system32\perfh009.dat - 2009-03-08 20:29:18 425,714 ----a-w c:\windows\system32\perfh014.dat + 2009-03-09 15:14:28 426,260 ----a-w c:\windows\system32\perfh014.dat + 2009-03-09 15:09:21 16,384 ----atw c:\windows\temp\Perflib_Perfdata_5d0.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360] "PC Suite Tray"="c:\programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072] "AsusTray"="c:\programfiler\EeePC\ACPI\AsTray.exe" [2008-06-03 98304] "AsusACPIServer"="c:\programfiler\EeePC\ACPI\AsAcpiSvr.exe" [2008-06-03 479232] "AsusEPCMonitor"="c:\programfiler\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "RTHDCPL"="RTHDCPL.EXE" [2008-06-13 c:\windows\RTHDCPL.exe] "SoundMan"="SOUNDMAN.EXE" [2006-07-21 c:\windows\SoundMan.exe] "AlcWzrd"="ALCWZRD.EXE" [2006-05-04 c:\windows\alcwzrd.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ BTTray.lnk - c:\programfiler\WIDCOMM\Bluetooth Software\BTTray.exe [2008-04-14 596584] SuperHybridEngine.lnk - c:\programfiler\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2008-07-14 303104] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Windows Search.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-10-15 01:04 39792 c:\programfiler\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-08-08 13:11 490952 c:\programfiler\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 10:34 5724184 c:\programfiler\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] --a------ 2008-12-03 12:47 1205760 c:\programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-09-06 15:09 413696 c:\programfiler\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Salling Media Sync] --a------ 2008-11-21 12:21 343696 c:\programfiler\Salling Software AB\Salling Media Sync\Salling Media Sync.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-06-10 04:27 144784 c:\programfiler\Java\jre1.6.0_07\bin\jusched.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "c:\\Programfiler\\DC++\\DCPlusPlus.exe"= "c:\\Programfiler\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "c:\\Programfiler\\Fellesfiler\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "c:\\Programfiler\\TmNationsForever\\TmForever.exe"= "c:\\Programfiler\\Skype\\Phone\\Skype.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-12 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-12 20560] R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [2008-07-14 11264] R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2008-06-26 36864] R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2008-07-14 625024] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [2008-06-26 25088] . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-03-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\programfiler\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [] 2009-01-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-03-08 c:\windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job - c:\programfiler\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://eeepc.asus.com/global uInternet Connection Wizard,ShellNext = hxxp://eeepc.asus.com/global IE: &Windows Live Search - c:\programfiler\Windows Live Toolbar\msntb.dll/search.htm IE: Send til &Bluetooth-enhet... - c:\programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send til Bluetooth - c:\programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm FF - ProfilePath - c:\documents and settings\Jim Hansen\Programdata\Mozilla\Firefox\Profiles\rppqvgj9.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1361345&SearchSource=3&q= FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1361345&SearchSource=2&q= FF - component: c:\documents and settings\Jim Hansen\Programdata\Mozilla\Firefox\Profiles\rppqvgj9.default\extensions\{a33fa729-d155-4b23-842b-2c665ecabdb6}\components\FFAlert.dll FF - component: c:\documents and settings\Jim Hansen\Programdata\Mozilla\Firefox\Profiles\rppqvgj9.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll FF - component: c:\programfiler\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll FF - plugin: c:\programfiler\Mozilla Firefox\plugins\np-mswmp.dll ---- FIREFOX POLICIES ---- c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-09 18:08:01 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(716) c:\windows\system32\igfxdev.dll . Tidspunkt ferdig: 2009-03-09 18:10:13 ComboFix-quarantined-files.txt 2009-03-09 17:10:10 ComboFix2.txt 2009-03-08 22:25:51 ComboFix3.txt 2009-03-08 20:40:10 Pre-Run: 31,836,209,152 byte ledig Post-Run: 31,823,159,296 byte ledig 212 --- E O F --- 2009-03-08 22:31:44 Lenke til kommentar
snippsat Skrevet 9. mars 2009 Del Skrevet 9. mars 2009 Ja da ser det bra ut. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Sjekk om software er oppdatert Secunia Surf trygt. Lenke til kommentar
MasterS Skrevet 9. mars 2009 Forfatter Del Skrevet 9. mars 2009 Tusen takk for hjelpen. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå