testuser Skrevet 28. mars 2009 Del Skrevet 28. mars 2009 Det skjer på alle sider, dagbladet.no, pcmnorge.no, nfl.com osv. Jeg har problemet på to pcer, denne og en XP, begge 32 bit. Jeg tror det var msn som smittet denne (vistaen), fordi det poppet opp like etter jeg hadde logget inn første gang. Lenke til kommentar
Potetåker123 Skrevet 29. mars 2009 Del Skrevet 29. mars 2009 (endret) MBAM fil: Malwarebytes' Anti-Malware 1.35 Databaseversjon: 1915 Windows 6.0.6001 Service Pack 1 29.03.2009 17:15:35 mbam-log-2009-03-29 (17-15-35).txt Skanntype: Rask Skann Objekter skannet: 61520 Tid tilbakelagt: 4 minute(s), 32 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 1 Filer infisert: 6 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: C:\Program Files\POL (Keylogger.Ardamax) -> Quarantined and deleted successfully. Filer infisert: C:\Program Files\POL\akv.cfg (Keylogger.Ardamax) -> Quarantined and deleted successfully. C:\Program Files\POL\key.bin (Keylogger.Ardamax) -> Quarantined and deleted successfully. C:\Program Files\POL\POL.001 (Keylogger.Ardamax) -> Quarantined and deleted successfully. C:\Program Files\POL\POL.002 (Keylogger.Ardamax) -> Quarantined and deleted successfully. C:\Program Files\POL\POL.005 (Keylogger.Ardamax) -> Quarantined and deleted successfully. C:\Program Files\POL\POL.009 (Keylogger.Ardamax) -> Quarantined and deleted successfully. HiJackThis fil: [ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:17:16, on 10.03.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\wuauclt.exe C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Windows\system32\WgaTray.exe C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://one.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks= R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{5E92C6E7-141B-430B-8227-55CF0B99841B}: NameServer = 208.67.222.222,208.67.220.220 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Norton 2009 Reset (.norton2009Reset) - Unknown owner - 1\Norton\Norton2009Reset.exe (file missing) O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: F-Secure BlackLight Sensor - Unknown owner - C:\Users\Admin\AppData\Local\Temp\F-Secure\BlackLight\fsblsrv.exe (file missing) O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe -- End of file - 6745 bytes Om du leser: HER! så vil det kanskje hjelpe meg/deg litt. Endret 29. mars 2009 av MatiasMA Lenke til kommentar
norbat Skrevet 29. mars 2009 Forfatter Del Skrevet 29. mars 2009 (endret) MatiasMA: Forsøk og kjør en systemgjenoppretting til en dato før problemet oppsto. Tvilsomt at dette har med malware å gjøre (på tross av at malwarebyte tok en keylogger (som du antakelig har lagt inn selv? ) ) Endret 29. mars 2009 av norbat Lenke til kommentar
Potetåker123 Skrevet 29. mars 2009 Del Skrevet 29. mars 2009 Ja, keyloggeren la jeg inn selv engang for lenge siden, og den har jeg fjernet også. MBAM fant tydeligvis noen rester. Jeg kan prøve systemgjenoppretting igjen, men forrige gang jeg prøvde dette fikk jeg en eller annen error.. Jeg kan ta bilde om dette skjer igjen. Takk, Norbat Bruker Avira Premium Security Suite nå, som så mange har anbefalt. Det funker! Lenke til kommentar
-Spartakus- Skrevet 31. mars 2009 Del Skrevet 31. mars 2009 Ved å konvertere til ntfs, så vil harddisk bli bedre utnyttet. I utgangspunktet er det ingen fare ved å foreta en konvertering, men det anbefales å ta backup av personlige data uansett. Hvordan konvertere: Klikk: start->kjør Skriv: cmd Fra ledetekst skriv følgende: convert c: /fs:ntfs Hei.. har prøvd å konvertere harddisken min.. men når jeg har skrevet det du har skrevet at jeg skal skrive kommer det at jeg skal oppgi gjeldene volumetikett.. hva er det? hvor finner jeg det? Lenke til kommentar
Lucifer24 Skrevet 31. mars 2009 Del Skrevet 31. mars 2009 Skriv dir rett i cmd. Første som kommer er volumet, altså navnet på disken. Står også i windows explorer Lenke til kommentar
Gjest Slettet-yJ8TyiQ9 Skrevet 10. april 2009 Del Skrevet 10. april 2009 (endret) . Endret 2. januar 2011 av Slettet-yJ8TyiQ9 Lenke til kommentar
norbat Skrevet 10. april 2009 Forfatter Del Skrevet 10. april 2009 opti1: Loggen ser grei ut. Du kan godt fixe følgende linjer: O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O20 - AppInit_DLLs: Var det bare en sjekk eller har mistanke om noe? Hvis, kjør gjennom veiledningen i 1.post og lag deg en ny tråd der du legge loggene. Lenke til kommentar
Rizzla Skrevet 10. april 2009 Del Skrevet 10. april 2009 Trenger hjelp for å friskmelde pc https://www.diskusjon.no/index.php?showtopic=1096815 Lenke til kommentar
Gjest Slettet-yJ8TyiQ9 Skrevet 10. april 2009 Del Skrevet 10. april 2009 opti1:Loggen ser grei ut. Du kan godt fixe følgende linjer: O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O20 - AppInit_DLLs: Var det bare en sjekk eller har mistanke om noe? Hvis, kjør gjennom veiledningen i 1.post og lag deg en ny tråd der du legge loggene. Var bare en sjekk for sikkerhetens skyld Lenke til kommentar
Gjest Slettet-yJ8TyiQ9 Skrevet 12. april 2009 Del Skrevet 12. april 2009 Sorry for dobbelpost Dette er loggen til pcen til mamma, vil du se igjennom denne også norbat? Igjen har jeg ikke mistanke om noe, men det skader ikke å sjekke. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:02:30, on 12.04.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Avira\AntiVir Desktop\sched.exe C:\Programfiler\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Java\jre6\bin\jqs.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Programfiler\Java\jre6\bin\jusched.exe C:\Programfiler\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Programfiler\HPQ\SHARED\HPQWMI.exe C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\Documents and Settings\Mette Kristine\Skrivebord\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [synTPStart] C:\Programfiler\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programfiler\Avira\AntiVir Desktop\avgnt.exe" /min /nosplash O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NB_NO&c=Q305&bd=pavilion&pf=laptop O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programfiler\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programfiler\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programfiler\HPQ\SHARED\HPQWMI.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe -- End of file - 5376 bytes Lenke til kommentar
norbat Skrevet 12. april 2009 Forfatter Del Skrevet 12. april 2009 opti1: Ser grei ut Lenke til kommentar
Hagr Skrevet 14. april 2009 Del Skrevet 14. april 2009 Har fulgt guiden og her er min combofix-log. ComboFix 09-04-14.09 - Administrator 14.04.2009 19:23.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.272 [GMT 2:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) . ((((((((((((((((((((((((( Files Created from 2009-03-14 to 2009-04-14 ))))))))))))))))))))))))))))))) . 2009-04-14 17:01 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-14 17:01 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-13 18:09 . 2009-04-13 18:09 -------- d-----w c:\windows\Adobe® Flash® Player Plugin . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-14 17:14 . 2008-09-12 12:14 -------- d-----w c:\documents and settings\Administrator\Application Data\uTorrent 2009-04-14 17:08 . 2008-09-10 14:19 -------- d-----w c:\documents and settings\Administrator\Application Data\foobar2000 2009-04-14 17:01 . 2009-04-14 17:01 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-04-14 13:19 . 2009-04-14 13:19 -------- d-----w c:\program files\HD Tune 2009-04-13 18:09 . 2009-04-13 18:09 -------- d-----w c:\program files\Adobe® Flash® Player Plugin 2009-04-13 16:29 . 2008-09-25 11:22 -------- d-----w c:\program files\Java 2009-03-19 02:05 . 2008-09-19 05:27 -------- d-----w c:\program files\Microsoft SQL Server 2009-03-09 03:19 . 2009-01-04 17:18 410984 ----a-w c:\windows\system32\deploytk.dll 2009-02-09 11:13 . 2007-02-18 21:39 1846784 ----a-w c:\windows\system32\win32k.sys 2009-02-04 18:15 . 2008-07-30 19:50 10520 ----a-w c:\windows\system32\avgrsstx.dll 2008-10-27 06:19 . 2008-07-30 19:36 17280 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2008-07-30 18:49 . 2008-07-30 18:49 64200 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-04 1601304] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088] "M-Audio Revo 5.1Taskbar Icon"="c:\windows\System32\Revo51Task.exe" [2008-03-18 229376] "Revo51TaskbarApp"="c:\windows\system32\Revo51Task.exe" [2008-03-18 229376] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920] "D-Link AirPlus G DWL-G510"="c:\program files\D-Link\AirPlus G DWL-G510\AirGCFG.exe" [2007-10-24 1552384] "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-02 1630208] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-03 16876032] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-9-17 67128] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-25 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 01:42 72208 ----a-w c:\program files\common files\logitech\bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-02-04 18:15 10520 ----a-w c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "msacm.divxa32"= divxa32.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk] path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare] 2006-07-26 12:48 3305472 ----a-w c:\program files\BearShare\BearShare.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2007-01-19 16:54 5674352 ----a-w c:\program files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] 2006-09-09 09:16 196608 ----a-w c:\program files\PowerISO\PWRISOVM.EXE [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\Google\\Google SketchUp 6\\SketchUp.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\BearShare\\BearShare.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= R3 SetupNTGLM7X;SetupNTGLM7X; [x] R3 TVService;TVService;c:\program files\Team MediaPortal\MediaPortal TV Server\TVService.exe [2008-07-17 184320] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-02-04 325128] S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-02-04 107272] S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-04 903960] S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-04 298264] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2008-05-02 38176] S3 REVO51;REVO51;c:\windows\system32\DRIVERS\revo51.sys [2008-03-18 137344] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.bearshare.com/no/ Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-14 19:24 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1482476501-920026266-839522115-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:9d,3c,34,f2,00,4e,b2,01,38,08,aa,87,e3,43,2b,a1,ef,9d,81,52,35,07,cb, 86,3f,15,a3,8c,f2,f5,b1,f2,10,68,27,35,61,0a,1f,07,da,01,4f,9a,47,f5,c1,4f,\ "??"=hex:fb,31,c3,dc,cf,2d,a1,0d,24,b9,9d,7a,fb,21,e2,75 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(824) c:\program files\common files\logitech\bluetooth\LBTWlgn.dll c:\program files\common files\logitech\bluetooth\LBTServ.dll - - - - - - - > 'explorer.exe'(2796) c:\program files\RocketDock\RocketDock.dll c:\program files\Logitech\SetPoint\lgscroll.dll . Completion time: ~,10time:~,-3 ComboFix-quarantined-files.txt 2009-04-14 17:25 ComboFix2.txt 2009-04-14 17:13 Pre-Run: 66 223 919 104 bytes free Post-Run: 66 209 513 472 bytes free 132 --- E O F --- 2009-03-22 02:01 referanse: https://www.diskusjon.no/index.php?showtopi...;#entry13525751 Er det noen som kan lese noe fornuftig utifra dette? Harald Lenke til kommentar
norbat Skrevet 14. april 2009 Forfatter Del Skrevet 14. april 2009 Hagr: Loggen ser grei ut. Lenke til kommentar
zoomzoom Skrevet 16. april 2009 Del Skrevet 16. april 2009 ComboFix 09-04-15.08 - eier 15.04.2009 14:59.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.47.1044.18.958.363 [GMT 2:00] Kjører fra: c:\users\eier\Desktop\ComboFix.exe AV: F-Secure Client Security 7.12 *On-access scanning disabled* (Updated) FW: F-Secure Client Security 7.12 *disabled* * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-03-15 til 2009-04-15 ))))))))))))))))))))))))))))))))) . 2009-04-09 09:01 . 2009-04-09 09:01 680 ----a-w c:\users\eier\AppData\Local\d3d9caps.dat 2009-03-23 09:53 . 2008-05-27 05:17 1671680 ----a-w c:\windows\system32\chsbrkr.dll 2009-03-23 09:53 . 2008-05-27 05:17 6103040 ----a-w c:\windows\system32\chtbrkr.dll 2009-03-23 09:53 . 2008-05-27 05:18 184832 ----a-w c:\windows\system32\SearchProtocolHost.exe 2009-03-23 09:53 . 2008-05-27 05:18 439808 ----a-w c:\windows\system32\SearchIndexer.exe 2009-03-23 09:53 . 2008-05-27 05:21 1418240 ----a-w c:\windows\system32\mssrch.dll 2009-03-23 09:53 . 2008-05-27 05:21 1582592 ----a-w c:\windows\system32\tquery.dll 2009-03-23 09:53 . 2008-05-27 05:18 670208 ----a-w c:\windows\system32\mssvp.dll 2009-03-23 09:53 . 2008-05-27 05:18 203776 ----a-w c:\windows\system32\mssphtb.dll 2009-03-23 09:53 . 2008-05-27 05:18 350208 ----a-w c:\windows\system32\mssph.dll 2009-03-22 12:36 . 2009-03-22 12:36 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2009-03-21 23:12 . 2009-03-21 23:12 -------- d-----w C:\PerfLogs 2009-03-19 17:11 . 2008-01-19 07:36 634880 ----a-w c:\windows\system32\localspl.dll 2009-03-19 17:10 . 2008-01-19 07:36 107008 ----a-w c:\windows\system32\rdpwsx.dll 2009-03-19 17:09 . 2008-01-19 07:36 274944 ----a-w c:\windows\system32\srrstr.dll 2009-03-19 17:08 . 2008-01-19 07:41 35384 ----a-w c:\windows\system32\drivers\kbdclass.sys 2009-03-19 17:07 . 2008-01-19 07:36 777216 ----a-w c:\windows\system32\slcc.dll 2009-03-19 17:06 . 2008-01-19 07:36 77824 ----a-w c:\windows\system32\odbccr32.dll 2009-03-19 17:05 . 2008-01-05 11:34 15181 ----a-w c:\windows\system32\gatherWirelessInfo.vbs 2009-03-19 17:05 . 2008-01-05 11:22 144909 ----a-w c:\windows\system32\fsmgmt.msc 2009-03-19 17:05 . 2008-01-05 11:39 150 ----a-w c:\windows\system32\RacUREx.xml 2009-03-19 17:05 . 2008-01-05 11:31 3 ----a-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf 2009-03-19 17:05 . 2008-01-05 11:31 145455 ----a-w c:\windows\system32\perfmon.msc 2009-03-19 17:05 . 2008-01-19 07:33 599552 ----a-w c:\windows\system32\vsp1cln.exe 2009-03-19 17:04 . 2008-01-19 07:36 357888 ----a-w c:\windows\system32\wbemcomn.dll 2009-03-19 17:03 . 2008-01-19 07:36 129536 ----a-w c:\windows\system32\sqmapi.dll 2009-03-19 17:03 . 2008-01-19 07:36 139264 ----a-w c:\windows\system32\SmiInstaller.dll 2009-03-19 17:03 . 2008-01-19 07:36 704512 ----a-w c:\windows\system32\SmiEngine.dll 2009-03-19 17:03 . 2008-01-19 07:36 218624 ----a-w c:\windows\system32\wdscore.dll 2009-03-19 17:03 . 2008-01-19 07:33 130560 ----a-w c:\windows\system32\PkgMgr.exe 2009-03-19 17:01 . 2008-01-19 07:34 246784 ----a-w c:\windows\system32\drvstore.dll 2009-03-19 17:01 . 2008-01-19 07:35 35328 ----a-w c:\windows\system32\mspatcha.dll 2009-03-19 17:01 . 2008-01-19 07:34 305152 ----a-w c:\windows\system32\msdelta.dll 2009-03-19 17:01 . 2008-01-19 07:34 258560 ----a-w c:\windows\system32\dpx.dll 2009-03-18 07:49 . 2009-03-18 07:49 269312 ----a-w c:\windows\system32\es.dll 2009-03-17 08:34 . 2009-03-18 17:33 -------- d-----w c:\users\eier\AppData\Local\Adobe 2009-03-16 19:14 . 2009-03-16 19:14 61440 ----a-w c:\windows\system32\winipsec.dll 2009-03-16 19:14 . 2009-03-16 19:14 28672 ----a-w c:\windows\system32\FwRemoteSvr.dll 2009-03-16 19:14 . 2009-03-16 19:14 361984 ----a-w c:\windows\system32\IPSECSVC.DLL 2009-03-16 19:14 . 2009-03-16 19:14 272896 ----a-w c:\windows\system32\polstore.dll 2009-03-16 19:13 . 2009-03-16 19:13 1820 ----a-w c:\windows\system32\rasctrnm.h 2009-03-16 19:11 . 2009-03-16 19:11 94720 ----a-w c:\windows\system32\PortableDeviceClassExtension.dll 2009-03-16 19:11 . 2009-03-16 19:11 241152 ----a-w c:\windows\system32\PortableDeviceApi.dll 2009-03-16 19:11 . 2009-03-16 19:11 160768 ----a-w c:\windows\system32\PortableDeviceTypes.dll 2009-03-16 19:04 . 2009-03-16 19:04 827392 ----a-w c:\windows\system32\wininet.dll 2009-03-16 19:03 . 2009-03-16 19:03 1383424 ----a-w c:\windows\system32\mshtml.tlb 2009-03-16 18:55 . 2009-03-16 18:55 296960 ----a-w c:\windows\system32\gdi32.dll 2009-03-16 18:52 . 2009-03-16 18:52 212480 ----a-w c:\windows\system32\drivers\mrxsmb10.sys 2009-03-16 18:50 . 2009-03-16 18:50 28672 ----a-w c:\windows\system32\Apphlpdm.dll 2009-03-16 18:50 . 2009-03-16 18:50 4240384 ----a-w c:\windows\system32\GameUXLegacyGDFs.dll 2009-03-16 18:50 . 2009-03-16 18:50 1695744 ----a-w c:\windows\system32\gameux.dll 2009-03-16 18:49 . 2009-03-16 18:49 303616 ----a-w c:\windows\system32\wmpeffects.dll 2009-03-16 18:47 . 2009-03-16 18:47 2048 ----a-w c:\windows\system32\msxml3r.dll 2009-03-16 18:47 . 2009-03-16 18:47 1191936 ----a-w c:\windows\system32\msxml3.dll 2009-03-16 18:38 . 2009-03-16 18:38 2048 ----a-w c:\windows\system32\tzres.dll 2009-03-16 18:36 . 2009-03-16 18:36 428544 ----a-w c:\windows\system32\EncDec.dll 2009-03-16 18:36 . 2009-03-16 18:36 177664 ----a-w c:\windows\system32\mpg2splt.ax 2009-03-16 18:36 . 2009-03-16 18:36 80896 ----a-w c:\windows\system32\MSNP.ax 2009-03-16 18:36 . 2009-03-16 18:36 69632 ----a-w c:\windows\system32\Mpeg2Data.ax 2009-03-16 18:36 . 2009-03-16 18:36 57856 ----a-w c:\windows\system32\MSDvbNP.ax 2009-03-16 18:36 . 2009-03-16 18:36 293376 ----a-w c:\windows\system32\psisdecd.dll 2009-03-16 18:36 . 2009-03-16 18:36 217088 ----a-w c:\windows\system32\psisrndr.ax 2009-03-16 18:34 . 2009-03-16 18:34 8147456 ----a-w c:\windows\system32\wmploc.DLL 2009-03-16 18:34 . 2009-03-16 18:34 7680 ----a-w c:\windows\system32\spwmp.dll 2009-03-16 18:34 . 2009-03-16 18:34 4096 ----a-w c:\windows\system32\msdxm.ocx 2009-03-16 18:34 . 2009-03-16 18:34 4096 ----a-w c:\windows\system32\dxmasf.dll 2009-03-16 18:28 . 2009-03-16 18:28 2927104 ----a-w c:\windows\explorer.exe 2009-03-16 18:22 . 2009-03-16 18:22 1793536 ----a-w c:\windows\system32\NlsLexicons0045.dll 2009-03-16 18:22 . 2009-03-16 18:22 1808896 ----a-w c:\windows\system32\NlsLexicons0046.dll 2009-03-16 18:22 . 2009-03-16 18:22 1558016 ----a-w c:\windows\system32\NlsLexicons0049.dll 2009-03-16 18:22 . 2009-03-16 18:22 1411072 ----a-w c:\windows\system32\NlsLexicons0047.dll 2009-03-16 18:22 . 2009-03-16 18:22 1236992 ----a-w c:\windows\system32\NlsLexicons0020.dll 2009-03-16 18:22 . 2009-03-16 18:22 2136064 ----a-w c:\windows\system32\NlsLexicons0021.dll 2009-03-16 18:22 . 2009-03-16 18:22 1782272 ----a-w c:\windows\system32\NlsLexicons0039.dll 2009-03-16 18:17 . 2009-03-16 18:17 6656 ----a-w c:\windows\system32\kbd106n.dll 2009-03-16 18:17 . 2009-03-16 18:17 927288 ----a-w c:\windows\system32\winresume.exe 2009-03-16 18:17 . 2009-03-16 18:17 988216 ----a-w c:\windows\system32\winload.exe 2009-03-16 18:17 . 2009-03-16 18:17 40960 ----a-w c:\windows\system32\srclient.dll 2009-03-16 18:17 . 2009-03-16 18:17 378368 ----a-w c:\windows\system32\srcore.dll 2009-03-16 18:17 . 2009-03-16 18:17 318464 ----a-w c:\windows\system32\rstrui.exe 2009-03-16 18:17 . 2009-03-16 18:17 14848 ----a-w c:\windows\system32\srdelayed.exe 2009-03-16 18:17 . 2009-03-16 18:17 46592 ----a-w c:\windows\system32\setbcdlocale.dll 2009-03-16 18:17 . 2009-03-16 18:17 19000 ----a-w c:\windows\system32\kd1394.dll 2009-03-16 18:17 . 2009-03-16 18:17 615992 ----a-w c:\windows\system32\ci.dll 2009-03-16 18:12 . 2009-03-16 18:12 425472 ----a-w c:\windows\system32\PhotoMetadataHandler.dll 2009-03-16 18:12 . 2009-03-16 18:12 712704 ----a-w c:\windows\system32\WindowsCodecs.dll 2009-03-16 18:12 . 2009-03-16 18:12 347136 ----a-w c:\windows\system32\WindowsCodecsExt.dll 2009-03-16 18:07 . 2009-03-16 18:07 37888 ----a-w c:\windows\system32\printcom.dll 2009-03-16 18:07 . 2009-03-16 18:07 443392 ----a-w c:\windows\system32\win32spl.dll 2009-03-16 18:06 . 2009-03-16 18:06 14848 ----a-w c:\windows\system32\wshrm.dll 2009-03-16 18:06 . 2009-03-16 18:06 113664 ----a-w c:\windows\system32\drivers\rmcast.sys 2009-03-16 18:04 . 2009-03-16 18:04 288768 ----a-w c:\windows\system32\drivers\srv.sys 2009-03-16 18:02 . 2009-03-16 18:02 268288 ----a-w c:\windows\system32\schannel.dll 2009-03-16 17:49 . 2009-03-16 17:49 622080 ----a-w c:\windows\system32\icardagt.exe 2009-03-16 17:49 . 2009-03-16 17:49 11264 ----a-w c:\windows\system32\icardres.dll 2009-03-16 17:49 . 2009-03-16 17:49 97800 ----a-w c:\windows\system32\infocardapi.dll 2009-03-16 17:49 . 2009-03-16 17:49 37384 ----a-w c:\windows\system32\infocardcpl.cpl 2009-03-16 17:49 . 2009-03-16 17:49 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2009-03-16 17:49 . 2009-03-16 17:49 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll 2009-03-16 17:49 . 2009-03-16 17:49 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll 2009-03-16 17:49 . 2009-03-16 17:49 326160 ----a-w c:\windows\system32\PresentationHost.exe 2009-03-16 17:39 . 2009-03-16 17:41 32768 ----a-w c:\windows\ocsetup_cbs_install_NetFx3.perf 2009-03-16 17:39 . 2009-03-16 17:41 16384 ----a-w c:\windows\ocsetup_cbs_install_NetFx3.dpx 2009-03-16 17:39 . 2009-03-16 17:41 17416192 ----a-w c:\windows\ocsetup_install_NetFx3.etl 2009-03-16 17:36 . 2009-03-16 17:36 96760 ----a-w c:\windows\system32\dfshim.dll 2009-03-16 17:36 . 2009-03-16 17:36 41984 ----a-w c:\windows\system32\netfxperf.dll 2009-03-16 17:36 . 2009-03-16 17:36 282112 ----a-w c:\windows\system32\mscoree.dll 2009-03-16 17:36 . 2009-03-16 17:36 83968 ----a-w c:\windows\system32\mscories.dll 2009-03-16 17:36 . 2009-03-16 17:36 158720 ----a-w c:\windows\system32\mscorier.dll 2009-03-16 17:28 . 2009-03-16 17:28 2868736 ----a-w c:\windows\system32\mf.dll 2009-03-16 17:28 . 2009-03-16 17:28 98816 ----a-w c:\windows\system32\mfps.dll 2009-03-16 17:28 . 2009-03-16 17:28 53248 ----a-w c:\windows\system32\rrinstaller.exe 2009-03-16 17:28 . 2009-03-16 17:28 24576 ----a-w c:\windows\system32\mfpmp.exe 2009-03-16 17:28 . 2009-03-16 17:28 2048 ----a-w c:\windows\system32\mferror.dll 2009-03-16 17:28 . 2009-03-16 17:28 996352 ----a-w c:\windows\system32\WMNetMgr.dll 2009-03-16 17:28 . 2009-03-16 17:28 94720 ----a-w c:\windows\system32\logagent.exe 2009-03-16 17:27 . 2009-03-16 17:27 84480 ----a-w c:\windows\system32\INETRES.dll 2009-03-16 17:27 . 2009-03-16 17:27 738304 ----a-w c:\windows\system32\inetcomm.dll 2009-03-16 17:27 . 2009-03-16 17:27 1645568 ----a-w c:\windows\system32\connect.dll 2009-03-16 17:27 . 2009-03-16 17:27 1314816 ----a-w c:\windows\system32\quartz.dll 2009-03-16 17:27 . 2009-03-16 17:27 2033152 ----a-w c:\windows\system32\win32k.sys 2009-03-16 17:26 . 2009-03-16 17:26 3601464 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-03-16 17:26 . 2009-03-16 17:26 3549240 ----a-w c:\windows\system32\ntoskrnl.exe 2009-03-16 17:26 . 2009-03-16 17:26 2048 ----a-w c:\windows\system32\msxml6r.dll 2009-03-16 17:26 . 2009-03-16 17:26 1334272 ----a-w c:\windows\system32\msxml6.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-15 12:57 . 2006-01-01 17:23 32768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2009-04-15 12:57 . 2006-01-01 17:23 16384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat 2009-04-15 12:57 . 2006-01-01 17:23 16384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2009-04-15 11:57 . 2009-04-15 11:57 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat 2009-04-15 11:57 . 2009-04-15 11:57 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat 2009-04-08 12:06 . 2006-11-21 05:16 459462 ----a-w c:\windows\System32\perfh014.dat 2009-04-08 12:06 . 2006-11-21 05:16 79722 ----a-w c:\windows\System32\perfc014.dat 2009-03-26 18:50 . 2006-01-01 01:25 -------- d-----w c:\program files\Common Files\Adobe 2009-03-21 23:27 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini 2009-03-21 23:24 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstrng.dat 2009-03-21 23:24 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat 2009-03-21 23:24 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat 2009-03-21 23:17 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Calendar 2009-03-21 23:17 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Sidebar 2009-03-21 23:17 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail 2009-03-21 23:17 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Photo Gallery 2009-03-21 23:17 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Journal 2009-03-21 23:17 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Collaboration 2009-03-21 23:17 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Defender 2009-03-21 23:12 . 2006-11-02 10:25 665600 ----a-w c:\windows\Inf\drvindex.dat 2009-03-21 16:58 . 2006-11-02 10:32 101888 ----a-w c:\windows\System32\ifxcardm.dll 2009-03-21 16:58 . 2006-11-02 10:32 82432 ----a-w c:\windows\System32\axaltocm.dll 2009-03-16 18:50 . 2009-03-16 18:50 2560 ----a-w c:\windows\AppPatch\AcRes.dll 2009-03-16 18:50 . 2009-03-16 18:50 2154496 ----a-w c:\windows\AppPatch\AcGenral.dll 2009-03-16 18:50 . 2009-03-16 18:50 460288 ----a-w c:\windows\AppPatch\AcSpecfc.dll 2009-03-16 18:50 . 2009-03-16 18:50 541696 ----a-w c:\windows\AppPatch\AcLayers.dll 2009-03-16 18:50 . 2009-03-16 18:50 52736 ----a-w c:\windows\AppPatch\iebrshim.dll 2009-03-16 18:50 . 2009-03-16 18:50 173056 ----a-w c:\windows\AppPatch\AcXtrnal.dll 2009-03-16 18:22 . 2009-03-16 18:21 5499904 ----a-w c:\windows\System32\NlsLexicons0022.dll 2009-03-16 17:26 . 2009-03-16 17:26 -------- d-----w c:\program files\MSXML 4.0 2009-03-16 16:57 . 2009-03-16 16:55 -------- d-----w c:\program files\F-Secure 2009-03-16 16:42 . 2006-01-01 01:48 -------- d-----w c:\program files\Java 2009-03-16 16:29 . 2006-01-01 01:00 -------- d-----w c:\programdata\Symantec 2009-03-16 16:29 . 2006-01-01 00:59 -------- d-----w c:\program files\Common Files\Symantec Shared 2006-01-01 17:38 . 2006-01-01 17:38 83432 ----a-w c:\users\eier\AppData\Local\GDIPFONTCACHEV1.DAT . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-03-28 176128] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-03-06 180224] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-16 136600] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2008-06-19 182936] "F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2008-06-19 895584] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-02-26 90191] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-26 7770112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-26 81920] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-07 44128] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{8FAD0BB9-6B92-46A0-B9F0-C9036904AED9}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{93526802-E298-44C0-84F7-E30AA7369D80}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play "{BF221A29-0772-4E69-AE7F-CCE7FF5B5D1B}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2008-06-19 39776] R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2008-06-19 25184] S1 F-Secure HIPS;F-Secure HIPS;c:\program files\F-Secure\HIPS\fshs.sys [2008-06-19 70752] S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2008-06-19 34720] S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2008-06-19 68736] S1 fsvista;F-Secure Vista Support Driver;c:\program files\F-Secure\Anti-Virus\minifilter\fsvista.sys [2008-06-19 12896] S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2008-06-19 72288] S3 P0630VID;Creative WebCam Live!;c:\windows\system32\DRIVERS\P0630Vid.sys [2004-07-30 91830] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.google.no/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NB_NO&c=73&bd=PRESARIO&pf=laptop LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-15 15:03 Windows 6.0.6001 Service Pack 1 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . Tidspunkt ferdig: 2009-04-15 15:05 ComboFix-quarantined-files.txt 2009-04-15 13:05 Pre-Run: 75 511 218 176 byte ledig Post-Run: 75 593 625 600 byte ledig 246 --- E O F --- 2009-04-14 09:03 Kunne noen sett gjennom denne? Min kjære lillesøster har en rekke dumme venner som trykker på linker, og nå flyter maskinen over av meldinger. Vi vet dog ikke om vi har blitt smittet enda, selv om jeg har truet med å brenne vekk fingeravtrykkene på alle fingerne hennes om hun trykket på dem Lenke til kommentar
Fin Skjorte Skrevet 16. april 2009 Del Skrevet 16. april 2009 @zoomzoom: Gjør som førsteposten i denne tråden sier og opprett egen tråd, som fremhevet! Når du har gjennomført veiledningen under, oppretter du din egen tråd der du legger loggene. Det gjør du ved å velge 'Nytt Emne'-knappen. Det er viktig at du oppretter egen tråd da support ikke foretas i denne tråden. Lenke til kommentar
zoomzoom Skrevet 16. april 2009 Del Skrevet 16. april 2009 Jeg skulle ta en sånn liten spansk en, siden jeg så at andre hadde lagt ut loggen sin her jeg, ama. Men da skal jeg ræke meg til å lage en egen tråd. Lenke til kommentar
Vooon Skrevet 17. april 2009 Del Skrevet 17. april 2009 Malwarebytes' Anti-Malware 1.36 Databaseversjon: 1992 Windows 5.1.2600 Service Pack 2 17.04.2009 14:41:51 mbam-log-2009-04-17 (14-41-51).txt Skanntype: Rask Skann Objekter skannet: 63389 Tid tilbakelagt: 3 minute(s), 17 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:58:33, on 17.04.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Programfiler\Java\jre6\bin\jqs.exe C:\Programfiler\Google\Update\GoogleUpdate.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\AGRSMMSG.exe C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\Launch Manager\LaunchAp.exe C:\Programfiler\Launch Manager\HotkeyApp.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Programfiler\Launch Manager\OSD.exe C:\Programfiler\Launch Manager\Wbutton.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\D-Tools\daemon.exe C:\Programfiler\Creative\Mouse Optical\mouse_2k.exe C:\windows\hffext\hffsrv.exe C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe C:\Programfiler\TGTSoft\StyleXP\StyleXP.exe C:\Programfiler\Rainlendar2\Rainlendar2.exe C:\Programfiler\Wallpaper Cycle\Change Wallpaper.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\Programfiler\Winamp\winamp.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\wscntfy.exe C:\Programfiler\Mozilla Firefox\firefox.exe E:\DC\HJ\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programfiler\Free Download Manager\iefdmcks.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LaunchAp] C:\Programfiler\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [HotkeyApp] C:\Programfiler\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [CtrlVol] C:\Programfiler\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [LMgrOSD] C:\Programfiler\Launch Manager\OSD.exe O4 - HKLM\..\Run: [Wbutton] "C:\Programfiler\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [CreativeMouse ] C:\Programfiler\Creative\Mouse Optical\mouse_2k.exe O4 - HKLM\..\Run: [HFFSRV] c:\windows\hffext\hffsrv.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [Creative Detector] C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [sTYLEXP] C:\Programfiler\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [Rainlendar2] C:\Programfiler\Rainlendar2\Rainlendar2.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Change Wallpaper.lnk = C:\Programfiler\Wallpaper Cycle\Change Wallpaper.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1178178447161 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Google Update Service (gupdate1c98c42cd584610) (gupdate1c98c42cd584610) - Google Inc. - C:\Programfiler\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe O23 - Service: StyleXPService - Unknown owner - C:\Programfiler\TGTSoft\StyleXP\StyleXPService.exe -- End of file - 6132 bytes Noen som har mulighet til å ta en titt på dette? Jeg sliter med ganske heavy lagging nå og da, spesielt når laptopen loader ikonene på skrivebordet, eller i en mappe, den ser også ut til å lagge en del når jeg forsøker å kjøre .exe-filer og windows-advarsel boksene kommer opp. Jeg har tidligere kjørt processxp for å se om det er noe som suger minne eller cpu, så ikke noe unormalt. Lenke til kommentar
norbat Skrevet 17. april 2009 Forfatter Del Skrevet 17. april 2009 Vooon: Opprett en egen tråd der du legger loggene (klikk Nytt Emne-knappen). Denne tråden benyttes ikke til support Lenke til kommentar
Gjest Slettet-yJ8TyiQ9 Skrevet 2. mai 2009 Del Skrevet 2. mai 2009 XPert Antivirus er også et falskt antivirus program. Fant den på pcen til onkelen min, men fikk fjernet den. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå