GrandMa Skrevet 28. februar 2013 Del Skrevet 28. februar 2013 (endret) Hei. Har fått noe Malware ved navn snap.do. Den redircter startsiden min til siden search.snap.do. Til å begynne med ga den meg popups, toolbars, programmer jeg ikke ville ha og faens oldemor, men det aller meste har jeg fått bukt med. Får ikke fjernet denne ved hjelp av tradisjonelle metoder så da prøver jeg meg her med Combofix-logg: ComboFix 13-02-26.01 - NO007561 28.02.2013 16:54:36.1.4 - x64 Microsoft Windows 7 Enterprise 6.1.7601.1.1252.47.1033.18.8078.5686 [GMT 1:00] Kjører fra: c:\users\NO007561\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SNR5OZNZ\ComboFix.exe AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Host Intrusion Prevention Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Opprettet nytt gjenopprettingspunkt * Anti-virus er aktiv . . . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\INSTALL.LOG c:\program files (x86)\Nuance\PDF Professional 7\InboxMonitor.exe c:\users\NO007561\AppData\Local\assembly\tmp . . ((((((((((((((((((((((((((( Filer Opprettet Fra 2013-01-28 til 2013-02-28 ))))))))))))))))))))))))))))))))) . . 2013-02-28 15:57 . 2013-02-28 15:57 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-28 15:57 . 2013-02-28 15:57 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-02-28 15:54 . 2013-02-28 15:54 -------- d-----w- C:\Quarantine 2013-02-27 13:30 . 2013-02-27 13:31 -------- d-----w- c:\program files (x86)\GTSUpdate 2013-02-27 13:18 . 2013-02-27 13:18 -------- d-----w- c:\users\NO007561\AppData\Roaming\Malwarebytes 2013-02-27 13:18 . 2013-02-27 13:18 -------- d-----w- c:\programdata\Malwarebytes 2013-02-27 13:18 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-02-27 13:18 . 2013-02-27 13:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-02-26 22:26 . 2013-02-28 13:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2013-02-26 22:26 . 2013-02-26 22:26 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2013-02-26 17:27 . 2012-12-10 09:04 81920 ----a-w- c:\windows\eSellerateControl350.dll 2013-02-26 17:27 . 2012-12-10 09:04 356352 ----a-w- c:\windows\eSellerateEngine.dll 2013-02-26 17:27 . 2009-07-23 16:32 274432 ----a-w- c:\windows\SysWow64\ssleay32.dll 2013-02-26 17:27 . 2009-07-23 16:32 1122304 ----a-w- c:\windows\SysWow64\libeay32.dll 2013-02-26 17:26 . 2013-02-26 17:26 -------- d-----w- c:\users\NO007561\AppData\Local\Programs 2013-02-26 17:15 . 2013-02-26 17:15 -------- d-----w- c:\program files\CCleaner 2013-02-26 12:02 . 2013-02-26 12:02 -------- d-----w- c:\programdata\Ask 2013-02-26 12:02 . 2013-02-26 12:02 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-02-26 12:02 . 2013-02-26 12:02 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-02-26 12:02 . 2013-02-26 12:02 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-02-25 15:40 . 2013-02-25 15:40 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2013-02-25 15:39 . 2013-02-25 15:39 995328 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-25 15:27 . 2013-02-25 15:27 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services 2013-02-25 12:57 . 2013-02-25 12:57 -------- d-----w- c:\programdata\Citrix 2013-02-25 12:57 . 2013-02-25 13:00 -------- d-----w- c:\users\NO007561\AppData\Roaming\ICAClient 2013-02-25 12:57 . 2013-02-25 12:57 -------- d-----w- c:\users\NO007561\AppData\Local\Citrix 2013-02-25 12:57 . 2013-02-25 12:57 -------- d-----w- c:\program files (x86)\Citrix 2013-02-06 13:04 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll 2013-02-06 13:04 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-02-06 12:56 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll 2013-02-06 12:56 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll 2013-02-06 12:56 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll 2013-02-06 12:56 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2013-02-06 12:50 . 2012-11-30 05:43 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2013-02-06 10:24 . 2002-07-26 16:02 153088 ----a-w- c:\programdata\UNWISE.EXE . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-26 12:02 . 2012-03-28 18:45 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-02-06 12:56 . 2012-11-12 12:52 67599240 ----a-w- c:\windows\system32\MRT.exe 2013-01-10 08:09 . 2013-01-10 08:09 98304 ----a-r- c:\users\NO007561\AppData\Roaming\Microsoft\Installer\{8CC024C2-386F-4852-9DAB-39A403F0FA8D}\Icon8CC024C2.exe 2002-07-26 16:02 . 2012-11-12 19:36 153088 ----a-w- c:\program files (x86)\UNWISE.EXE . . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IBM Lotus Notes Preloader"="c:\program files (x86)\IBM\Lotus\Notes\nntspreld.exe" [2011-11-02 13312] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288] "PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-05-16 5941344] "SEP Lotus Activator"="c:\program files (x86)\IBM\Lotus\Notes\SeMLotusNotesActivator.exe" [2011-04-12 319488] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776] "McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2011-06-08 333120] "ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-01-12 215360] "PDFHook"="c:\program files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe" [2010-07-25 609056] "PDF7 Registry Controller"="c:\program files (x86)\Nuance\PDF Professional 7\RegistryController.exe" [2010-07-25 121120] "AgentUiRunKey"="c:\program files (x86)\Iron Mountain\Connected BackupPC\Agent.exe" [2011-06-26 239104] "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-03-10 300400] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "dontdisplaylockeduserid"= 1 (0x1) "HideFastUserSwitching"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoOnlinePrintsWizard"= 1 (0x1) "NoPublishingWizard"= 1 (0x1) "UseDefaultTile"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "DisablePersonalDirChange"= 1 (0x1) "ForceRunOnStartMenu"= 1 (0x1) "ClearRecentProgForNewUserInStartMenu"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoOnlinePrintsWizard"= 1 (0x1) "NoPublishingWizard"= 1 (0x1) "DisallowCpl"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-484763869-1958367476-839522115-27481\Scripts\Logon\0\0] "Script"=\\no-osldfs001.no.ema.ad.pwcinternal.com\NetProg$\LogonScripts\GTSUpdate5InstVer.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeDlpAgentService] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2010-12-03 116072] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-05-16 320576] R3 FireNfcp;McAfee Inc. FireNfcp;c:\windows\system32\drivers\FireNfcp.sys [2011-10-06 48840] R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2010-12-20 195280] R3 LV_Tracker;LV_Tracker;c:\windows\system32\DRIVERS\LV_Tracker64.sys [2011-06-26 54824] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-11-12 97960] R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2012-05-16 1662560] R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2012-05-16 1665120] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 88960] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 29696] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208] R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-28 1255736] R4 hdlpnetf;hdlpnetf;c:\windows\system32\drivers\hdlpnetf.sys [2012-04-01 43848] R4 MSSQL$AURA;SQL Server (AURA);c:\program files\Microsoft SQL Server\MSSQL10_50.AURA\MSSQL\Binn\sqlservr.exe [2011-06-18 62111072] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744] R4 SQLAgent$AURA;SQL Server Agent (AURA);c:\program files\Microsoft SQL Server\MSSQL10_50.AURA\MSSQL\Binn\SQLAGENT.EXE [2011-06-18 431456] S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [2012-05-16 29512] S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys [2012-04-19 19224] S0 MfeEpePc;MfeEpePc; [x] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-01-04 289152] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-03-07 28992] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-10-05 87600] S1 hdlpflt;hdlpflt;c:\windows\system32\DRIVERS\hdlpflt.sys [2012-04-01 128840] S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-11-28 74904] S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2012-03-07 249152] S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2010-12-03 31592] S1 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys [2011-06-18 313696] S2 AgentService;AgentService;c:\program files (x86)\Iron Mountain\Connected BackupPC\AgentService.exe [2011-06-26 7625120] S2 Cryptzone_LM_Service;Cryptzone SEP Local Machine Service;c:\program files (x86)\SEP Client\x64\Modules\CZ_SEP_Machine_Service.exe [2011-04-12 3845120] S2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\McAfee\Host Intrusion Prevention\FireSvc.exe [2010-12-20 640312] S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-03-10 40808] S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736] S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-03-10 59240] S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992] S2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files (x86)\IBM\Lotus\Notes\nsd.exe [2011-11-04 3411968] S2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\McAfee\Endpoint Encryption Agent\MfeEpeHost.exe [2011-03-24 1626112] S2 McAfeeDLPAgentService;McAfee DLP Endpoint Service;c:\program files\McAfee\DLP\Agent\fcags.exe [2012-04-01 9397824] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-11-23 203104] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-01-04 162192] S2 PDFProFiltSrv;PDFProFiltSrv;c:\program files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe [2010-07-25 134944] S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [2010-12-15 98816] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-03-07 382272] S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256] S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696] S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe servicemode [x] S3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\Drivers\wwuss64.sys [2010-03-03 26664] S3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwussf64.sys [2010-03-03 30248] S3 hdlpctrl;hdlpctrl;c:\windows\system32\drivers\hdlpctrl.sys [2012-04-01 37704] S3 hdlpdbk;hdlpdbk;c:\windows\system32\drivers\hdlpdbk.sys [2012-04-01 27976] S3 hdlpevnt;hdlpevnt;c:\windows\system32\drivers\hdlpevnt.sys [2012-04-01 24904] S3 l36wgps; Mobile Broadband GPS Port;c:\windows\system32\DRIVERS\l36wgps64.sys [2010-12-01 101416] S3 Mbm3CBus;F5521gw Mobile Broadband Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys [2010-10-31 411208] S3 Mbm3DevMt; Mobile Broadband Device Management Driver (WDM);c:\windows\system32\DRIVERS\Mbm3DevMt.sys [2010-10-31 419912] S3 Mbm3mdfl; Mobile Broadband Modem Port Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys [2010-10-31 19528] S3 Mbm3Mdm; Mobile Broadband Modem Port Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys [2010-10-31 472648] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-11-28 472624] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248] S3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\DRIVERS\WwanUsbMp64.sys [2010-12-28 276008] . . --- Andre tjenester/drivere lastet i minnet --- . *NewlyCreated* - MPSDRV *NewlyCreated* - WS2IFSL *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components] 2009-07-14 01:14 141824 ----a-w- c:\windows\System32\wscript.exe . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\IBM_LotusNotes_8.5.2] 2011-10-19 14:35 2398 ----a-w- c:\windows\Software\Applications\Packaged\LotusNotes852\LotusNotes8.5.2\PwC_PinLotusNotesToTaskBar.vbs . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) . 2013-02-28 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-12 19:10] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2011-10-20 33344] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-14 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-14 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-14 416024] "LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-03-10 41320] "SEP Monitor"="c:\program files (x86)\SEP Client\x64\Modules\CZ_SEP_Monitor.exe" [2011-04-12 243200] "McAfee Host Intrusion Prevention Tray"="c:\program files\McAfee\Host Intrusion Prevention\FireTray.exe" [2010-12-20 255640] "Stemple og send bilag til 24SevenOffice"="c:\program files\24SevenOfficePrinter\zvprtsrv.exe" [2010-11-15 3732992] "MfeEpePcMonitor"="c:\program files\McAfee\Endpoint Encryption for PC v6\EpePcMonitor.exe" [2011-03-24 237568] "GTSUpdate"="c:\program files (x86)\GTSUpdate\GTSUpdate.exe" [2012-09-24 4772864] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Tilleggsskanning ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = https://pwc-spark.co...ups/pwc-norway/ mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Page = about:blank mWindow Title = Eirik uSearchAssistant = hxxp://feed.snap.do/?publisher=DownloadXYB&dpid=DownloadXYB&co=TJ&userid=7ca20cdb-6da4-4e66-9434-5e6e52f69bf7&searchtype=ds&q={searchTerms} IE: Append the content of the link to existing PDF file - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Append the content of the selected links to existing PDF file - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML IE: Append to existing PDF file - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Create PDF file - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: Create PDF file from the content of the link - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: Create PDF files from the selected links - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Open with Nuance PDF Converter 7.0 - c:\program files (x86)\Nuance\PDF Professional 7\cnvres_eng.dll /100 IE: Open with PDF Professional 7 - c:\program files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 10.0.0.1 TCP: Interfaces\{A55FBFE2-0C8B-497D-8C6C-FE6E4B4C1A1A}: NameServer = 212.169.123.67 212.45.188.254 DPF: {83F11695-463B-4C7F-88F9-7277ADDCA00B} - hxxps://app.24sevenoffice.com/media/activex/invoice/KPPrinter.cab . - - - - TOMME PEKERE FJERNET - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-PdfProInboxMonitor - c:\program files (x86)\Nuance\PDF Professional 7\InboxMonitor.exe Wow6432Node-HKLM-Run-InboxMonitor - c:\program files (x86)\Nuance\PDF Professional 7\InboxMonitor.exe Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- LÅSTE REGISTERNØKLER --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}] @Denied: (A) (Everyone) "Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0] "Key"="ActionsPane" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\McAfee\Common Framework\FrameworkService.exe c:\program files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe c:\program files (x86)\McAfee\VirusScan Enterprise\mfeann.exe c:\program files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe c:\program files (x86)\McAfee\Common Framework\naPrdMgr.exe c:\progra~1\Lenovo\Zoom\TPSCREX.EXE c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE c:\program files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe c:\windows\SysWOW64\rundll32.exe c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe c:\program files (x86)\McAfee\Common Framework\McTray.exe c:\progra~2\ThinkPad\UTILIT~1\SCHTASK.exe . ************************************************************************** . Tidspunkt ferdig: 2013-02-28 17:01:39 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2013-02-28 16:01 . Pre-Run: 101 336 887 296 bytes free Post-Run: 100 997 066 752 bytes free . - - End Of File - - EA13E1945C25D2261E0D84F13A46DE18 Malwarebytes finner ingenting. Jeg finner adressen som redirecter meg under "Browser Pages" i Spybot, men kan ikke gjøre noe som virker her. Trykker jeg "Change" til noe annet har det ingen effekt. Ellers kan jeg ikke finne den noe sted. Adressen som redirecter meg til search.snap.do er feed.snap.do osv osv. Kan dere hjelpe meg? Dette er en jobbPC så er egentlig ganske upraktisk å måtte formatere. Har sittet sikkert 1,5 timer med fjernhjelp fra IT-Support på jobb uten at de finner ut av det. Hvis jeg ikke får det til blir disken satt opp på nytt. Si i fra hvis dere trenger noe mer info for det kommer jeg gladelig med, Endret 28. februar 2013 av GrandMa Lenke til kommentar
nebrewfoz Skrevet 28. februar 2013 Del Skrevet 28. februar 2013 Hva med å prøve å boote maskinen fra en "anti virus rescue CD/USB-stick" ? Sophos: http://www.sophos.com/en-us/support/knowledgebase/52011.aspx AVG: http://www.avg.com/eu-en/download.prd-arl Lenke til kommentar
GrandMa Skrevet 28. februar 2013 Forfatter Del Skrevet 28. februar 2013 Hva medfører det? Blir ting slettet da? NB: Jeg skulle gjerne sluppet å bruke IE, men blir nødt til det i sammenheng med jobb. Lenke til kommentar
nebrewfoz Skrevet 28. februar 2013 Del Skrevet 28. februar 2013 Det medfører at Windows-OS'et ikke er involvert i scanningen av filer, men forøvrig er det som å kjøre MalwareBytes e.l. Finner programmet noe, så kan du velge hva som skal gjøres. Jeg brukte AVG-programmet for noen uker siden. Den anti-virusdatabasen som fulgte med var fra november 2012, og den fant ingenting. Hvis jeg kjørte programmet med PC'en tilkoblet nettverket, så hadde jeg muligheten til å oppdatere databasen, og ved neste scanning fant det en trojaner. Når den var slettet, så startet Windows som før, og en kjøring av Spybot luket ut de siste spor av svineriet. Lenke til kommentar
nebrewfoz Skrevet 28. februar 2013 Del Skrevet 28. februar 2013 Fordelen med å kjøre anti-virusprogrammet utenfor Windows, er at mange typer malware nærmest klarer å kamuflere seg i et kjørende Windows-system. Hvis Windows ikke er aktivt, så kan malware være letter å få øye på i filstrukturen (eller i registeret). Lenke til kommentar
GrandMa Skrevet 28. februar 2013 Forfatter Del Skrevet 28. februar 2013 Hvordan gjør jeg dette? Er ikke noen racer på slikt. Lenke til kommentar
Dr.Geek Skrevet 28. februar 2013 Del Skrevet 28. februar 2013 .Kan dere hjelpe meg? Dette er en jobbPC så er egentlig ganske upraktisk å måtte formatere. Har sittet sikkert 1,5 timer med fjernhjelp fra IT-Support på jobb uten at de finner ut av det. Hvis jeg ikke får det til blir disken satt opp på nytt. Si i fra hvis dere trenger noe mer info for det kommer jeg gladelig med, Hai, jeg mistenker at du har en ZeroAccess Rootkit Infeksjon: c:\users\NO007561\AppData\Local\assembly\tmp For å kunne hjelpe deg trenger jeg log fra følgende scan: 1. http://www.bleepingcomputer.com/download/aswmbr/ (Download på ditt desktop, høyreklick: Kjør som Administrator) Post log 2. Logger fra alle scan som blir beskrevet her: http://malwaretips.com/blogs/remove-zeroaccess-rootkit/ 3. OTL log (otl.txt) http://www.bleepingcomputer.com/download/otl/ Lenke til kommentar
GrandMa Skrevet 28. februar 2013 Forfatter Del Skrevet 28. februar 2013 1: aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2013-02-28 20:51:54 ----------------------------- 20:51:54.542 OS Version: Windows x64 6.1.7601 Service Pack 1 20:51:54.542 Number of processors: 4 586 0x2A07 20:51:54.543 ComputerName: NO007561-T420S UserName: NO007561 20:51:54.693 Initialize success 20:52:00.105 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 20:52:00.106 Disk 0 Vendor: INTEL_SS 4PC1 Size: 152627MB BusType: 3 20:52:00.209 Disk 0 MBR read successfully 20:52:00.211 Disk 0 MBR scan 20:52:00.212 Disk 0 unknown MBR code 20:52:00.213 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS 152625 MB offset 2048 20:52:00.216 Disk 0 scanning C:\Windows\system32\drivers 20:52:00.218 Service scanning 20:52:09.218 Modules scanning 20:52:09.223 Disk 0 trace - called modules: 20:52:09.227 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 20:52:09.230 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a032060] 20:52:09.233 3 CLASSPNP.SYS[fffff88001c5a43f] -> nt!IofCallDriver -> [0xfffffa800775f1a0] 20:52:09.237 5 ACPI.sys[fffff88000ee57a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8007761050] 20:52:09.565 Scan finished successfully 20:52:32.268 Disk 0 MBR has been saved successfully to "C:\Users\NO007561\Desktop\MBR.dat" 20:52:32.275 The log file has been saved successfully to "C:\Users\NO007561\Desktop\aswMBRlog.txt" 2: Kaspersky TDSSKiller ga meg ingen logg, men fant ingenting heller. RogueKiller ga meg heller ingen logg, men den fant 3 ting som jeg slettet. Hadde ingen effekt. HitmanPro: HitmanPro 3.7.2.189 www.hitmanpro.com Computer name . . . . : NO007561-T420S Windows . . . . . . . : 6.1.1.7601.X64/4 User name . . . . . . : PWC-NO\NO007561 UAC . . . . . . . . . : Disabled License . . . . . . . : Free Scan date . . . . . . : 2013-02-28 21:04:17 Scan mode . . . . . . : Normal Scan duration . . . . : 1m 13s Disk access mode . . : Direct disk access (FsdLow) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 6 Objects scanned . . . : 1 588 776 Files scanned . . . . : 17 691 Remnants scanned . . : 192 165 files / 1 378 920 keys Cookies _____________________________________________________________________ C:\Users\NO007561\AppData\Roaming\Microsoft\Windows\Cookies\1JABT796.txt C:\Users\NO007561\AppData\Roaming\Microsoft\Windows\Cookies\BMUJFDS6.txt C:\Users\NO007561\AppData\Roaming\Microsoft\Windows\Cookies\IYE7R028.txt C:\Users\NO007561\AppData\Roaming\Microsoft\Windows\Cookies\RGF5Z1UE.txt C:\Users\NO007561\AppData\Roaming\Microsoft\Windows\Cookies\XKYW2M9Q.txt C:\Users\NO007561\AppData\Roaming\Microsoft\Windows\Cookies\ZR8HO4GG.txt Malwarebytes holder fortsatt på. Poster den når den er ferdig Lenke til kommentar
GrandMa Skrevet 28. februar 2013 Forfatter Del Skrevet 28. februar 2013 Malwarebytes Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2012.12.14.11 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 NO007561 :: NO007561-T420S [administrator] 28.02.2013 21:02:28 mbam-log-2013-02-28 (21-02-28).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 370327 Time elapsed: 22 minute(s), 24 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Lenke til kommentar
GrandMa Skrevet 28. februar 2013 Forfatter Del Skrevet 28. februar 2013 Her er den. Slette eller modifisere? Tror ikke det kommer til å virke, men verdt et forsøk? Pleier å være fint å legge til fila ESET Online Scanner fant ingenting Lenke til kommentar
Dr.Geek Skrevet 28. februar 2013 Del Skrevet 28. februar 2013 Det mangler OTL.txt. Lenke til kommentar
GrandMa Skrevet 28. februar 2013 Forfatter Del Skrevet 28. februar 2013 Emsisoft Emsisoft Emergency Kit - Version 3.0 Last update: 28.02.2013 21:38:38 Scan settings: Scan type: Deep Scan Objects: Rootkits, Memory, Traces, C:\ Detect Riskware: Off Scan archives: On ADS Scan: On File extension filter: Off Advanced caching: On Direct disk access: Off Scan start: 28.02.2013 21:39:16 Value: HKEY_CLASSES_ROOT\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} -> HelpText detected: Trace.Registry.SEO Toolbar (A) Value: HKEY_CLASSES_ROOT\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} -> MenuText detected: Trace.Registry.SEO Toolbar (A) Scanned 449539 Found 2 Scan end: 28.02.2013 21:56:58 Scan time: 0:17:42 Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå