Gå til innhold

[LØST] problemer med trojaner

sapara

Av sapara
i IKT-drift og sikkerhet

Anbefalte innlegg

sapara

sapara

Skrevet
Skrevet (endret)

HijackThis

 

Klikk for å se/fjerne innholdet nedenfor
<Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:37:59, on 02.04.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Norman\Npm\bin\ELOGSVC.EXE

C:\Norman\Npm\Bin\Zanda.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\Norman\Npm\bin\NJEEVES.EXE

C:\Norman\Nvc\BIN\NVCSCHED.EXE

C:\Norman\Nvc\bin\nvcoas.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\sm56hlpr.exe

C:\Norman\Npm\bin\ZLH.EXE

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\CameraAssistant.exe

C:\Norman\Nvc\BIN\NIP.EXE

C:\WINDOWS\system32\ElkCtrl.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Norman\Nvc\bin\cclaw.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\Telenor\Online Start\Telenor.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\explorer.exe

C:\Program Files\WinAce\WinAce.exe

C:\DOCUME~1\ANDREA~1\LOCALS~1\Temp\~AceTemp\HiJackThis\HijackThis.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program Files\Telenor\Online Start\IEFixItNowPlugin.dll

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe

O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect

O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [Telenor Online Start] "C:\Program Files\Telenor\Online Start\Telenor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {09954582-CAC3-4E05-A09C-4955BBD3187F} (Privat-X Client) - http://www.px24.com/ax/px_client_en.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bl103fd.blu103.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://jackpotcity.microgaming.com/jackpotcity/FlashAX.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE

 

--

End of file - 8938 bytes

>

 

 

combofix

 

Klikk for å se/fjerne innholdet nedenfor
<ComboFix 08-04-02.1 - 2008-04-02 23:09:29.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1188 [GMT 2:00]

Running from: C:\Documents and Settings\mitt navn\Desktop\ComboFix.exe

* Created a new restore point

* Resident AV is active

 

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-03-02 to 2008-04-02 )))))))))))))))))))))))))))))))

.

 

2008-04-02 22:23 . 2008-04-02 22:23 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-04-02 22:23 . 2008-04-02 22:23 <DIR> d-------- C:\Documents and Settings\MittvNavn\Application Data\SUPERAntiSpyware.com

2008-04-02 22:23 . 2008-04-02 22:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-04-02 22:03 . 2007-12-07 04:21 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2008-04-02 22:03 . 2007-07-01 05:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-04-02 22:03 . 2007-07-01 05:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-04-02 22:03 . 2007-12-07 04:21 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-04-02 22:03 . 2007-12-07 04:21 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-04-02 22:03 . 2007-12-07 04:21 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2008-04-02 22:03 . 2007-12-07 04:21 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2008-04-02 22:03 . 2007-12-07 04:21 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-04-02 22:03 . 2007-12-06 13:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-04-02 21:33 . 2008-04-02 21:33 <DIR> d-------- C:\Program Files\CCleaner

2008-04-02 07:56 . 2008-04-02 07:56 <DIR> d-------- C:\Program Files\Lavasoft

2008-04-02 07:56 . 2008-04-02 22:23 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-04-02 07:56 . 2008-04-02 07:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-04-02 00:39 . 2008-04-02 01:04 <DIR> d-------- C:\WINDOWS\system32\375013

2008-04-02 00:39 . 2008-04-02 00:55 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2008-03-16 04:01 . 2008-03-16 04:01 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2

2008-03-16 01:04 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-03-16 01:04 . 2007-07-30 20:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-03-16 01:04 . 2007-07-30 20:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-03-15 23:19 . 2008-03-15 23:20 <DIR> d-------- C:\Program Files\Windows Live

2008-03-15 23:19 . 2008-03-15 23:19 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-03-15 23:19 . 2008-03-15 23:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-03-04 01:01 . 2008-03-19 13:36 <DIR> d-------- C:\Program Files\NCH Software

2008-03-04 01:01 . 2008-03-04 01:01 <DIR> d-------- C:\Documents and Settings\Mitt Navn\Application Data\NCH Software

2008-03-04 01:01 . 2008-03-19 13:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Software

2008-03-03 02:23 . 2008-03-03 02:23 74 --a------ C:\WINDOWS\wininit.ini

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-02 21:06 --------- d-----w C:\Documents and Settings\Mitt Navn\Application Data\LimeWire

2008-04-02 20:01 --------- d-----w C:\Documents and Settings\Mitt Navn\Application Data\SiteAdvisor

2008-03-31 15:34 3,260 ----a-w C:\Documents and Settings\Mitt Navn\Application Data\wklnhst.dat

2008-03-28 02:14 --------- d-----w C:\Documents and Settings\Mitt Navn\Application Data\Azureus

2008-03-25 04:07 --------- d-----w C:\Program Files\DivX

2008-03-09 17:54 --------- d-----w C:\Program Files\Azureus

2008-02-25 16:18 --------- d-----w C:\Program Files\Telenor

2008-02-25 16:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Telenor

2008-02-23 12:52 532,558 ----a-w C:\WINDOWS\system32\odGinaLibrary.dll

2008-02-23 12:52 139,330 ----a-w C:\WINDOWS\system32\odyGina.dll

2008-02-23 12:52 106,496 ----a-w C:\WINDOWS\system32\odyEvent.dll

2008-02-23 12:44 --------- d-----w C:\Program Files\Creative

2008-02-23 12:43 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-02-23 12:43 --------- d-----w C:\Program Files\TomTom HOME

2008-02-23 12:43 --------- d-----w C:\Documents and Settings\Mitt Navn\Application Data\Creative

2008-02-23 12:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative

2008-02-23 12:40 --------- d-----w C:\Program Files\Nokia

2008-02-23 12:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations

2008-02-23 12:35 --------- d-----w C:\Program Files\Java

2008-02-21 02:05 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2008-02-21 02:05 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll

2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2008-02-21 02:03 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2008-02-21 02:03 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

2008-02-14 01:33 --------- d--h--w C:\Program Files\Creative Installation Information

2008-02-11 13:56 19,512 ----a-w C:\WINDOWS\system32\drivers\nvcw32mf.sys

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]

"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [ ]

"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 11:37 2321600]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]

"ATICCC"="c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-25 16:25 737369]

"RTHDCPL"="RTHDCPL.EXE" [2006-02-27 18:28 16005120 C:\WINDOWS\RTHDCPL.EXE]

"SMSERIAL"="sm56hlpr.exe" [2005-09-16 15:01 557056 C:\WINDOWS\sm56hlpr.exe]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-08-09 14:40 183352]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]

"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 16:32 225280]

"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2006-01-05 08:58 489472]

"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2006-01-05 09:15 73728]

"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22 262144]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-02-09 22:55 157696]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 07:28 36352]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]

"Telenor Online Start"="C:\Program Files\Telenor\Online Start\Telenor.exe" [2006-11-30 15:51 178312]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]

 

C:\Documents and Settings\Mitt Navn\Start Menu\Programs\Startup\

LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2006-07-24 16:54:43 159744]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Azureus\\Azureus.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=

"C:\\Program Files\\Telenor\\Online Start\\Telenor.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"12798:TCP"= 12798:TCP:BitComet 12798 TCP

"12798:UDP"= 12798:UDP:BitComet 12798 UDP

 

R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55]

R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 16:37]

R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 15:56]

R3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2007-12-12 12:45]

R3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 13:23]

S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 15:25]

S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 15:25]

S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 15:25]

S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 15:25]

S3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2005-05-18 14:52]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b60d7856-da74-11dc-8242-001060d168c3}]

\Shell\AutoRun\command - F:\Launch.exe

 

*Newly Created Service* - CATCHME

.

Contents of the 'Scheduled Tasks' folder

"2008-04-02 08:32:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-02 23:12:50

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LogitechCameraAssistant"="C:\\Program Files\\Logitech\\Video\\CameraAssistant.exe"

.

Completion time: 2008-04-02 23:13:33

ComboFix-quarantined-files.txt 2008-04-02 21:13:23

Pre-Run: 39,221,288,960 bytes free

Post-Run: 39,206,158,336 bytes free

.

2008-03-16 02:01:16 --- E O F ---

>

 

SUPERAntiSpyware

 

Klikk for å se/fjerne innholdet nedenfor
<SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 04/02/2008 at 11:00 PM

 

Application Version : 4.0.1154

 

Core Rules Database Version : 3429

Trace Rules Database Version: 1421

 

Scan type : Complete Scan

Total Scan Time : 00:34:37

 

Memory items scanned : 665

Memory threats detected : 1

Registry items scanned : 5834

Registry threats detected : 120

File items scanned : 30170

File threats detected : 14

 

Trojan.FakeAlert-Gen/Variant

C:\WINDOWS\SYSTEM32\DCGGAIN.DLL

C:\WINDOWS\SYSTEM32\DCGGAIN.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{9c87cb31-93d0-4f3e-a360-4a91ff77aeb7}

HKCR\CLSID\{9C87CB31-93D0-4F3E-A360-4A91FF77AEB7}

HKCR\CLSID\{9c87cb31-93d0-4f3e-a360-4a91ff77aeb7}\InProcServer32

HKCR\CLSID\{9c87cb31-93d0-4f3e-a360-4a91ff77aeb7}\InProcServer32#ThreadingModel

 

Unclassified.Unknown Origin

HKLM\Software\Classes\CLSID\{74F7DB6B-86E9-4B91-9D9F-B0D954D7AA5B}

HKCR\CLSID\{74F7DB6B-86E9-4B91-9D9F-B0D954D7AA5B}

HKCR\CLSID\{74F7DB6B-86E9-4B91-9D9F-B0D954D7AA5B}

HKCR\CLSID\{74F7DB6B-86E9-4B91-9D9F-B0D954D7AA5B}\InprocServer32

HKCR\CLSID\{74F7DB6B-86E9-4B91-9D9F-B0D954D7AA5B}\InprocServer32#ThreadingModel

HKCR\CLSID\{74F7DB6B-86E9-4B91-9D9F-B0D954D7AA5B}\ProgID

HKCR\CLSID\{74F7DB6B-86E9-4B91-9D9F-B0D954D7AA5B}\Programmable

HKCR\CLSID\{74F7DB6B-86E9-4B91-9D9F-B0D954D7AA5B}\TypeLib

HKCR\CLSID\{74F7DB6B-86E9-4B91-9D9F-B0D954D7AA5B}\VersionIndependentProgID

C:\WINDOWS\SYSTEM32\375013\375013.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74F7DB6B-86E9-4B91-9D9F-B0D954D7AA5B}

 

Trojan.Media-Codec/V4

HKLM\Software\Classes\CLSID\{7C109800-A5D5-438F-9640-18D17E168B88}

HKCR\CLSID\{7C109800-A5D5-438F-9640-18D17E168B88}

HKCR\CLSID\{7C109800-A5D5-438F-9640-18D17E168B88}#xxx

HKCR\CLSID\{7C109800-A5D5-438F-9640-18D17E168B88}\InprocServer32

HKCR\CLSID\{7C109800-A5D5-438F-9640-18D17E168B88}\InprocServer32#ThreadingModel

C:\PROGRAM FILES\NETPROJECT\SBMDL.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C109800-A5D5-438F-9640-18D17E168B88}

 

Trojan.Media-Codec/V5

HKLM\Software\Classes\CLSID\{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40}

HKCR\CLSID\{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40}

HKCR\CLSID\{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40}

HKCR\CLSID\{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40}\Implemented Categories

HKCR\CLSID\{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40}\Implemented Categories\{00021493-0000-0000-C000-000000000046}

HKCR\CLSID\{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40}\InprocServer32

HKCR\CLSID\{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40}\InprocServer32#ThreadingModel

C:\PROGRAM FILES\NETPROJECT\WAMDL.DLL

C:\Program Files\NetProject\ot.ico

C:\Program Files\NetProject\scu.exe

C:\Program Files\NetProject\ts.ico

C:\Program Files\NetProject\waun.exe

C:\Program Files\NetProject

HKU\S-1-5-21-2395529766-772083506-2556556617-1005\Software\NetProject

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service#UninstallString

 

Trojan.Smitfraud Variant/IE Anti-Spyware

HKLM\Software\Microsoft\Internet Explorer\Extensions\{9034A523-D068-4BE8-A284-9DF278BE776E}

 

Trojan.Security Toolbar

C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url

C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url

 

Trojan.DNSChanger-Codec

HKCR\CLSID\E404.e404mgr

HKCR\CLSID\E404.e404mgr#UserId

 

Rogue.VirusHeat

HKCR\TypeLib\{83B0CADC-EA64-4AC6-822A-3ECE95F44DA6}

HKCR\TypeLib\{83B0CADC-EA64-4AC6-822A-3ECE95F44DA6}\1.0

HKCR\TypeLib\{83B0CADC-EA64-4AC6-822A-3ECE95F44DA6}\1.0

HKCR\TypeLib\{83B0CADC-EA64-4AC6-822A-3ECE95F44DA6}\1.0\win32

HKCR\TypeLib\{83B0CADC-EA64-4AC6-822A-3ECE95F44DA6}\1.0\FLAGS

HKCR\TypeLib\{83B0CADC-EA64-4AC6-822A-3ECE95F44DA6}\1.0\HELPDIR

HKCR\Interface\{14E6D991-DB22-4661-981D-20C168D6847B}

HKCR\Interface\{14E6D991-DB22-4661-981D-20C168D6847B}\ProxyStubClsid

HKCR\Interface\{14E6D991-DB22-4661-981D-20C168D6847B}\ProxyStubClsid32

HKCR\Interface\{14E6D991-DB22-4661-981D-20C168D6847B}\TypeLib

HKCR\Interface\{14E6D991-DB22-4661-981D-20C168D6847B}\TypeLib#Version

HKCR\Interface\{2242513C-F5E9-41B3-BC89-4D9DAF487450}

HKCR\Interface\{2242513C-F5E9-41B3-BC89-4D9DAF487450}\ProxyStubClsid

HKCR\Interface\{2242513C-F5E9-41B3-BC89-4D9DAF487450}\ProxyStubClsid32

HKCR\Interface\{2242513C-F5E9-41B3-BC89-4D9DAF487450}\TypeLib

HKCR\Interface\{2242513C-F5E9-41B3-BC89-4D9DAF487450}\TypeLib#Version

HKCR\Interface\{3B489B37-FC1B-45C8-B1CE-78D9AEF5B336}

HKCR\Interface\{3B489B37-FC1B-45C8-B1CE-78D9AEF5B336}\ProxyStubClsid

HKCR\Interface\{3B489B37-FC1B-45C8-B1CE-78D9AEF5B336}\ProxyStubClsid32

HKCR\Interface\{3B489B37-FC1B-45C8-B1CE-78D9AEF5B336}\TypeLib

HKCR\Interface\{3B489B37-FC1B-45C8-B1CE-78D9AEF5B336}\TypeLib#Version

HKCR\Interface\{3D6A6E24-FDFF-418E-A93D-9FBDCBA377AF}

HKCR\Interface\{3D6A6E24-FDFF-418E-A93D-9FBDCBA377AF}\ProxyStubClsid

HKCR\Interface\{3D6A6E24-FDFF-418E-A93D-9FBDCBA377AF}\ProxyStubClsid32

HKCR\Interface\{3D6A6E24-FDFF-418E-A93D-9FBDCBA377AF}\TypeLib

HKCR\Interface\{3D6A6E24-FDFF-418E-A93D-9FBDCBA377AF}\TypeLib#Version

HKCR\Interface\{3E318E44-0C35-4292-AF91-18DD17795636}

HKCR\Interface\{3E318E44-0C35-4292-AF91-18DD17795636}\ProxyStubClsid

HKCR\Interface\{3E318E44-0C35-4292-AF91-18DD17795636}\ProxyStubClsid32

HKCR\Interface\{3E318E44-0C35-4292-AF91-18DD17795636}\TypeLib

HKCR\Interface\{3E318E44-0C35-4292-AF91-18DD17795636}\TypeLib#Version

HKCR\Interface\{495349A3-3A35-465F-88DF-6CCFC1348246}

HKCR\Interface\{495349A3-3A35-465F-88DF-6CCFC1348246}\ProxyStubClsid

HKCR\Interface\{495349A3-3A35-465F-88DF-6CCFC1348246}\ProxyStubClsid32

HKCR\Interface\{495349A3-3A35-465F-88DF-6CCFC1348246}\TypeLib

HKCR\Interface\{495349A3-3A35-465F-88DF-6CCFC1348246}\TypeLib#Version

HKCR\Interface\{575E8879-D6CF-4992-A7FE-651DA9277BCB}

HKCR\Interface\{575E8879-D6CF-4992-A7FE-651DA9277BCB}\ProxyStubClsid

HKCR\Interface\{575E8879-D6CF-4992-A7FE-651DA9277BCB}\ProxyStubClsid32

HKCR\Interface\{575E8879-D6CF-4992-A7FE-651DA9277BCB}\TypeLib

HKCR\Interface\{575E8879-D6CF-4992-A7FE-651DA9277BCB}\TypeLib#Version

HKCR\Interface\{76A15001-FF88-47EE-9E34-9F68E34246AF}

HKCR\Interface\{76A15001-FF88-47EE-9E34-9F68E34246AF}\ProxyStubClsid

HKCR\Interface\{76A15001-FF88-47EE-9E34-9F68E34246AF}\ProxyStubClsid32

HKCR\Interface\{76A15001-FF88-47EE-9E34-9F68E34246AF}\TypeLib

HKCR\Interface\{76A15001-FF88-47EE-9E34-9F68E34246AF}\TypeLib#Version

HKCR\Interface\{819A1C55-735F-4696-8727-3772EC87AD26}

HKCR\Interface\{819A1C55-735F-4696-8727-3772EC87AD26}\ProxyStubClsid

HKCR\Interface\{819A1C55-735F-4696-8727-3772EC87AD26}\ProxyStubClsid32

HKCR\Interface\{819A1C55-735F-4696-8727-3772EC87AD26}\TypeLib

HKCR\Interface\{819A1C55-735F-4696-8727-3772EC87AD26}\TypeLib#Version

HKCR\Interface\{8DC7E656-FFBC-4BA2-AF81-1C6C4FE04407}

HKCR\Interface\{8DC7E656-FFBC-4BA2-AF81-1C6C4FE04407}\ProxyStubClsid

HKCR\Interface\{8DC7E656-FFBC-4BA2-AF81-1C6C4FE04407}\ProxyStubClsid32

HKCR\Interface\{8DC7E656-FFBC-4BA2-AF81-1C6C4FE04407}\TypeLib

HKCR\Interface\{8DC7E656-FFBC-4BA2-AF81-1C6C4FE04407}\TypeLib#Version

HKCR\Interface\{A86BED71-2B56-4778-9C48-829A3D01C687}

HKCR\Interface\{A86BED71-2B56-4778-9C48-829A3D01C687}\ProxyStubClsid

HKCR\Interface\{A86BED71-2B56-4778-9C48-829A3D01C687}\ProxyStubClsid32

HKCR\Interface\{A86BED71-2B56-4778-9C48-829A3D01C687}\TypeLib

HKCR\Interface\{A86BED71-2B56-4778-9C48-829A3D01C687}\TypeLib#Version

HKCR\Interface\{AE119E11-CF86-43CB-91AA-1ACF2BBF9EC6}

HKCR\Interface\{AE119E11-CF86-43CB-91AA-1ACF2BBF9EC6}\ProxyStubClsid

HKCR\Interface\{AE119E11-CF86-43CB-91AA-1ACF2BBF9EC6}\ProxyStubClsid32

HKCR\Interface\{AE119E11-CF86-43CB-91AA-1ACF2BBF9EC6}\TypeLib

HKCR\Interface\{AE119E11-CF86-43CB-91AA-1ACF2BBF9EC6}\TypeLib#Version

HKCR\Interface\{B5A1CE7F-011D-4475-98DB-076AAF3B1D18}

HKCR\Interface\{B5A1CE7F-011D-4475-98DB-076AAF3B1D18}\ProxyStubClsid

HKCR\Interface\{B5A1CE7F-011D-4475-98DB-076AAF3B1D18}\ProxyStubClsid32

HKCR\Interface\{B5A1CE7F-011D-4475-98DB-076AAF3B1D18}\TypeLib

HKCR\Interface\{B5A1CE7F-011D-4475-98DB-076AAF3B1D18}\TypeLib#Version

HKCR\Interface\{B667F141-171C-4AC6-BD2B-8E0C646FB920}

HKCR\Interface\{B667F141-171C-4AC6-BD2B-8E0C646FB920}\ProxyStubClsid

HKCR\Interface\{B667F141-171C-4AC6-BD2B-8E0C646FB920}\ProxyStubClsid32

HKCR\Interface\{B667F141-171C-4AC6-BD2B-8E0C646FB920}\TypeLib

HKCR\Interface\{B667F141-171C-4AC6-BD2B-8E0C646FB920}\TypeLib#Version

HKCR\Interface\{DA4F8351-05EF-4956-B9AB-1093B732436F}

HKCR\Interface\{DA4F8351-05EF-4956-B9AB-1093B732436F}\ProxyStubClsid

HKCR\Interface\{DA4F8351-05EF-4956-B9AB-1093B732436F}\ProxyStubClsid32

HKCR\Interface\{DA4F8351-05EF-4956-B9AB-1093B732436F}\TypeLib

HKCR\Interface\{DA4F8351-05EF-4956-B9AB-1093B732436F}\TypeLib#Version

HKCR\Interface\{E1E4E46D-53B8-45DC-ABF0-3E7ADEF79012}

HKCR\Interface\{E1E4E46D-53B8-45DC-ABF0-3E7ADEF79012}\ProxyStubClsid

HKCR\Interface\{E1E4E46D-53B8-45DC-ABF0-3E7ADEF79012}\ProxyStubClsid32

HKCR\Interface\{E1E4E46D-53B8-45DC-ABF0-3E7ADEF79012}\TypeLib

HKCR\Interface\{E1E4E46D-53B8-45DC-ABF0-3E7ADEF79012}\TypeLib#Version

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E7C1694-DE59-4DE1-8C90-8A8044D5F41E}\RP335\A0045233.EXE

 

Rogue.NetProject-Installer

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E7C1694-DE59-4DE1-8C90-8A8044D5F41E}\RP335\A0045245.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E7C1694-DE59-4DE1-8C90-8A8044D5F41E}\RP337\A0045801.EXE

>

Endret av sapara
Lenke til kommentar

Videoannonse

Videoannonse
Annonse
norbat

norbat

Skrevet
Skrevet

Start HJT, velg "Do a system scan only", sett merke framfor følgendel linjer og klikk Fix checked:

O16 - DPF: {09954582-CAC3-4E05-A09C-4955BBD3187F} (Privat-X Client) - http://www.px24.com/ax/px_client_en.cab

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://jackpotcity.microgaming.com/jackpotcity/FlashAX.cab

 

Ut over dette ser det ut som om SAS fjernet alt av infiserte filer. Loggene ser fine ut :thumbup:

 

Hvordan kjører PC-en?

Lenke til kommentar
sapara

sapara

Skrevet
  • Forfatter
Skrevet
Start HJT, velg "Do a system scan only", sett merke framfor følgendel linjer og klikk Fix checked:

O16 - DPF: {09954582-CAC3-4E05-A09C-4955BBD3187F} (Privat-X Client) - http://www.px24.com/ax/px_client_en.cab

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://jackpotcity.microgaming.com/jackpotcity/FlashAX.cab

 

Ut over dette ser det ut som om SAS fjernet alt av infiserte filer. Loggene ser fine ut :thumbup:

 

Hvordan kjører PC-en?

 

 

Ser ut som den fungerer fint nå:o)

 

Tusen takk for hjelpen.

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste

  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...