Spywarefri Forum | Bank Texeasy Detection Tool har fundet en fejl og afsluttes

Bank Texeasy Detection Tool har fundet en fejl og afsluttes

[ Ignorer ] planet
27.02.2012 00:27:03 Antal indlæg: 49	Bank Texeasy Detection Tool har fundet en fejl og afsluttes. vi beklager fejlen. Informer Microsoft om fejlen. Fejl meddelelsen Temp\b511_appcompat.txt. men iflg. nettet er det ikke appcompat.txt der er fejlen, men hvad er det så, hvorfor kan jeg ikke skanne min maskine for denne Bank Texeasy? jeg har kørt en fuld scan med Bulguard,Superantispyware, Eset online Scanner og til sidst combofix. Men jeg kan stadig ikke køre Bank Texeasy, hverken på den stationære eller på den bærbare. Er der nogen der har haft samme problem? eller en der har de vise sten? DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Connie Nielson at 19:58:05 on 2012-02-26 Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.1470.746 [GMT 1:00] . AV: BullGuard Antivirus Enabled/Updated {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913} FW: BullGuard Firewall Enabled . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\System32\SvcHost.exe -k BullGuard_Main svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe svchost.exe C:\Programmer\SUPERAntiSpyware\SASCORE.EXE svchost.exe C:\Programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Programmer\Bonjour\mDNSResponder.exe C:\Programmer\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe svchost.exe C:\WINDOWS\System32\SvcHost.exe -k BullGuard C:\Programmer\BullGuard Ltd\BullGuard\BullGuardUpdate.exe C:\Programmer\Java\jre6\bin\jqs.exe C:\Programmer\Macrium\Reflect\ReflectService.exe C:\Programmer\Secunia\PSI\PSIA.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE C:\Programmer\BullGuard Ltd\BullGuard\BullGuard.exe C:\Programmer\Ask.com\Updater\Updater.exe C:\Programmer\BullGuard Ltd\BullGuard\BullGuardScanner.exe C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Programmer\iTunes\iTunesHelper.exe C:\Programmer\Fælles filer\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmer\Secunia\PSI\psi_tray.exe C:\Programmer\SetWeb\SetWeb.exe C:\Programmer\Windows Desktop Search\WindowsSearch.exe C:\Documents and Settings\Connie Nielson\Application Data\Dropbox\bin\Dropbox.exe C:\Programmer\iPod\bin\iPodService.exe C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programmer\Internet Explorer\iexplore.exe C:\Programmer\Internet Explorer\iexplore.exe C:\WINDOWS\system32\SearchProtocolHost.exe . ============== Pseudo HJT Report =============== . uSearch Bar = hxxp://www.google.com/ie uStart Page = hxxp://www.google.dk/ uInternet Settings,ProxyOverride = .local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\programmer\ask.com\GenericAskToolbar.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programmer\fælles filer\adobe\acrobat\activex\AcroIEHelper.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programmer\fælles filer\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\programmer\java\jre6\bin\ssv.dll BHO: Hjælp til tilmelding til Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programmer\fælles filer\microsoft shared\windows live\WindowsLiveLogin.dll BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\programmer\wot\WOT.dll BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\programmer\ask.com\GenericAskToolbar.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmer\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmer\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: BGAntiphishingBHO Class: {fc872b94-35e3-4b94-b028-184a2a1c7cce} - c:\programmer\bullguard ltd\bullguard\antiphishing\ie\BGAntiphishingIEBHO.dll TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\programmer\wot\WOT.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\programmer\ask.com\GenericAskToolbar.dll TB: {B4B3001E-0F56-4E51-8250-BDE11547EC55} - No File TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [SUPERAntiSpyware] c:\programmer\superantispyware\SUPERAntiSpyware.exe mRun: [BullGuard] “c:\programmer\bullguard ltd\bullguard\BullGuard.exe” -boot mRun: [<NO NAME>] mRun: [ApnUpdater] “c:\programmer\ask.com\updater\Updater.exe” mRun: [APSDaemon] “c:\programmer\fælles filer\apple\apple application support\APSDaemon.exe” mRun: [QuickTime Task] “c:\programmer\quicktime\qttask.exe” -atboottime mRun: [Adobe Reader Speed Launcher] “c:\programmer\adobe\reader 9.0\reader\Reader_sl.exe” mRun: [Adobe ARM] “c:\programmer\fælles filer\adobe\arm\1.0\AdobeARM.exe” mRun: [AppleSyncNotifier] c:\programmer\fælles filer\apple\mobile device support\AppleSyncNotifier.exe mRun: [iTunesHelper] “c:\programmer\itunes\iTunesHelper.exe” mRun: [SunJavaUpdateSched] “c:\programmer\fælles filer\java\java update\jusched.exe” dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\connie~1\menuen~1\progra~1\start\dropbox.lnk - c:\documents and settings\connie nielson\application data\dropbox\bin\Dropbox.exe StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\secunia psi tray.lnk - c:\programmer\secunia\psi\psi_tray.exe StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\setweb.lnk - c:\programmer\setweb\SetWeb.exe StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\window~1.lnk - c:\programmer\windows desktop search\WindowsSearch.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmer\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\programmer\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - c:\programmer\bullguard ltd\bullguard\antiphishing\ie\BGAntiphishingIE.dll IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\programmer\winhttrack\WinHTTrackIEBar.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL Trusted Zone: danid.dk Trusted Zone: danskebank.dk Trusted Zone: sikker-adgang.dk\login Trusted Zone: skat.dk\www Trusted Zone: sydbank.dk Trusted Zone: tdc.dk\kundeservice Trusted Zone: danid.dk DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab DPF: {07E8D22D-C723-485C-BE6F-003241549305} - hxxp://extcom.esoft.dk/extern/3d/eplan.cab DPF: {11818680-FCF6-11D0-9808-0800092A4865} - hxxp://www.kps.dk/Codebase/FormCtl.cab DPF: {1469FF24-47F6-11D2-8805-006008C537E3} - hxxp://www.kps.dk/codebase/ffmail.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {25C29129-E95F-4564-BFE3-000000006400} - hxxp://www.123hjemmeside.dk/builder/pages/KvikVideo-6-4-0-0.CAB DPF: {4445EA6A-9008-40D5-9160-035FDE5214C4} - hxxp://www.123hjemmeside.dk/builder/pages/Mpu-dk-1-0-0-8.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6796.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - hxxp://vestertoften.spaces.live.com/PhotoUpload/MsnPUpld.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {92EB6641-286A-11D2-A68E-00A0C996A6DD} - hxxp://www.kps.dk/codebase/jfsignature.cab DPF: {93B08541-9F6B-4697-9F9A-7058F1E33785} - hxxp://193.239.96.110/inquiero/mod/setup/ntractivex1182.cab DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CDDCFBB3-4D93-11D2-B1A9-00A0C9B742BE} - hxxp://www.kps.dk/codebase/scriptobject.cab DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/digitalsignatur-csp.exe DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {EF2FB80F-0975-408E-A871-B00CC863478A} - hxxp://www.kps.dk/codebase/fontinstaller.cab TCP: DhcpNameServer = 212.10.10.5 212.10.10.4 TCP: Interfaces\{93923B7C-BC68-4D68-857D-B907AE1907E3} : DhcpNameServer = 212.10.10.5 212.10.10.4 Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\programmer\wot\WOT.dll Notify: !SASWinLogon - c:\programmer\superantispyware\SASWINLO.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\programmer\windows desktop search\MSNLNamespaceMgr.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\programmer\superantispyware\SASSEH.DLL . ============= SERVICES / DRIVERS =============== . R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2011-7-1 16024] R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2007-6-20 11264] R1 BdSpy;BdSpy;c:\windows\system32\drivers\BdSpy.sys [2010-3-12 64608] R1 NovaShieldFilterDriver;NovaShieldFilterDriver;c:\windows\system32\drivers\NSKernel.sys [2011-2-6 789448] R1 NovaShieldTDIDriver;NovaShieldTDIDriver;c:\windows\system32\drivers\NSNetmon.sys [2011-2-6 19272] R1 SASDIFSV;SASDIFSV;c:\programmer\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\programmer\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R2 !SASCORE;SAS Core Service;c:\programmer\superantispyware\SASCore.exe [2011-8-12 116608] R2 BsBhvScan;BullGuard behavioural detection service;c:\programmer\bullguard ltd\bullguard\BullGuardBhvScanner.exe [2011-2-6 338776] R2 BsBrowser;BullGuard antiphishing service;c:\windows\system32\SvcHost.exe -k BullGuard_LowPriv [2007-6-19 14336] R2 BsFileScan;BullGuard on-access service;c:\windows\system32\SvcHost.exe -k BullGuard [2007-6-19 14336] R2 BsFire;BullGuard firewall service;c:\windows\system32\SvcHost.exe -k BullGuard [2007-6-19 14336] R2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\system32\SvcHost.exe -k BullGuard [2007-6-19 14336] R2 BsMain;BullGuard main service;c:\windows\system32\SvcHost.exe -k BullGuard_Main [2007-6-19 14336] R2 BsUpdate;BullGuard update service;c:\programmer\bullguard ltd\bullguard\BullGuardUpdate.exe [2012-2-19 330584] R2 ReflectService;Macrium Reflect Image Mounting Service;c:\programmer\macrium\reflect\ReflectService.exe [2011-7-1 220824] R2 Secunia PSI Agent;Secunia PSI Agent;c:\programmer\secunia\psi\psia.exe—start-service—> c:\programmer\secunia\psi\PSIA.exe—start-service [?] R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\Afw.sys [2009-12-4 34280] R3 afwcore;afwcore;c:\windows\system32\drivers\AfwCore.sys [2009-12-4 267624] R3 BsScanner;BullGuard scanning service;c:\programmer\bullguard ltd\bullguard\BullGuardScanner.exe [2010-3-3 288600] R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544] S0 Lbd;Lbd; [x] S1 SABKUTIL;SABKUTIL;\??\c:\programmer\superadblocker.com\super ad blocker\sabkutil.sys—> c:\programmer\superadblocker.com\super ad blocker\SABKUTIL.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 Amps2prt;Trust Ami PS/2 Port Mouse Driver (6);c:\windows\system32\drivers\Amps2prt.sys [2001-10-19 9056] S3 BgRaSvc;BgRaSvc;c:\programmer\bullguard ltd\bullguard\support\BgRaSvc.exe [2010-3-3 125784] S3 cxbu0wdm;CardMan 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [2007-2-28 114304] S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [2009-8-10 89600] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [2011-12-21 42496] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S3 ZD1211BU(ICIDU);ICIDU Wireless USB Adapter Driver(ICIDU);c:\windows\system32\drivers\ZD1211BU.sys [2008-6-28 500736] . =============== Created Last 30 ================ . . ==================== Find3M ==================== . 2012-02-23 11:16:25 414368 ——a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-23 11:15:17 472808 ——a-w- c:\windows\system32\deployJava1.dll 2012-01-24 21:10:18 131408 ——a-w- c:\programmer\uninst.exe 2012-01-24 18:15:00 2716992 ——a-w- c:\programmer\CCleaner.exe 2012-01-21 07:31:19 100184 ——a-w- c:\windows\system32\BgGamingMonitor.dll 2012-01-12 17:20:31 1859968 ——a-w- c:\windows\system32\win32k.sys 2011-12-19 10:52:22 82776 ——a-w- c:\windows\system32\BGLsp.dll 2011-12-17 19:42:05 916992 ——a-w- c:\windows\system32\wininet.dll 2011-12-17 19:42:04 43520 ——a-w- c:\windows\system32\licmgr10.dll 2011-12-17 19:42:04 1469440 ———w- c:\windows\system32\inetcpl.cpl 2011-12-16 12:23:17 385024 ——a-w- c:\windows\system32\html.iec . ============= FINISH: 19:59:20,87 =============== ComboFix 12-02-25.02 - Connie Nielson 26-02-2012 22:25:37.7.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.1470.931 [GMT 1:00] Kører fra: c:\documents and settings\Connie Nielson\Skrivebord\SWF\ComboFix.exe Kommandoer benyttet :: c:\documents and settings\Connie Nielson\Skrivebord\SWF\CFScript.txt AV: BullGuard Antivirus Disabled/Outdated* {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913} FW: BullGuard Firewall Disabled {2AEF4CB6-61B5-4E60-AF22-D95E75B63FA1} . . ((((((((((((((((((((((((((((((((((((((( Andet, der er slettet ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\Connie Nielson\WINDOWS C:\DSC00104.JPG C:\Thumbs.db c:\windows\system32\SET107.tmp c:\windows\system32\SET10C.tmp c:\windows\system32\SET139.tmp c:\windows\system32\SET13B.tmp c:\windows\system32\SET149.tmp . . ((((((((((((((((((((((((((((( Filer skabt fra 2012-01-26 til 2012-02-26 ))))))))))))))))))))))))))))))))))) . . 2012-02-26 21:35 . 2012-02-26 21:35 9310 ——a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS 2012-02-26 21:35 . 2012-02-26 21:35 8646 ——a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS 2012-02-26 21:35 . 2012-02-26 21:35 6429 ——a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS 2012-02-26 21:35 . 2012-02-26 21:35 63115 ——a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS 2012-02-26 21:35 . 2012-02-26 21:35 4599 ——a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS 2012-02-26 21:35 . 2012-02-26 21:35 5927 ——a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS 2012-02-26 21:35 . 2012-02-26 21:35 8613 ——a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS 2012-02-26 21:35 . 2012-02-26 21:35 1651 ——a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS 2012-02-26 21:35 . 2012-02-26 21:35 6910 ——a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS 2012-02-26 21:35 . 2012-02-26 21:35 8288 ——a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS 2012-02-26 21:35 . 2012-02-26 21:35 6208 ——a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS 2012-02-26 21:35 . 2012-02-26 21:35 18541 ——a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS 2012-02-26 21:34 . 2012-02-26 21:34 51852 ——a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS 2012-02-26 21:34 . 2012-02-26 21:34 20719 ——a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS 2012-02-26 21:34 . 2012-02-26 21:34 8782 ——a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS 2012-02-26 21:34 . 2012-02-26 21:34 7271 ——a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS 2012-02-26 21:34 . 2012-02-26 21:34 23327 ——a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS 2012-02-26 18:23 . 2012-02-26 18:23 ———— d——-w- c:\documents and settings\Connie Nielson\Application Data\SUPERAntiSpyware.com 2012-02-26 16:45 . 2010-04-29 14:39 38224 ——a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-02-26 16:45 . 2010-04-29 14:39 20952 ——a-w- c:\windows\system32\drivers\mbam.sys 2012-02-26 16:45 . 2012-02-26 16:45 ———— d——-w- c:\programmer\Malwarebytes’ Anti-Malware 2012-02-26 09:38 . 2012-02-26 09:38 ———— d——-w- C:\Ny mappe 2012-02-23 11:16 . 2012-02-23 11:16 ———— d——-w- c:\programmer\Fælles filer\Java 2012-02-23 11:15 . 2012-02-23 11:15 73728 ——a-w- c:\windows\system32\javacpl.cpl 2012-02-16 07:14 . 2012-01-11 19:07 3072 -c——w- c:\windows\system32\dllcache\iacenc.dll 2012-02-16 07:14 . 2012-01-11 19:07 3072 ———w- c:\windows\system32\iacenc.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-23 11:16 . 2011-05-15 18:57 414368 ——a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-23 11:15 . 2010-10-12 17:28 472808 ——a-w- c:\windows\system32\deployJava1.dll 2012-01-24 21:10 . 2012-01-24 21:10 131408 ——a-w- c:\programmer\uninst.exe 2012-01-24 18:15 . 2012-01-24 18:15 2716992 ——a-w- c:\programmer\CCleaner.exe 2012-01-21 07:31 . 2010-03-18 16:03 100184 ——a-w- c:\windows\system32\BgGamingMonitor.dll 2012-01-12 17:20 . 2007-06-19 15:38 1859968 ——a-w- c:\windows\system32\win32k.sys 2011-12-19 10:52 . 2010-02-17 13:33 82776 ——a-w- c:\windows\system32\BGLsp.dll 2011-12-17 19:42 . 2007-06-19 15:38 916992 ——a-w- c:\windows\system32\wininet.dll 2011-12-17 19:42 . 2007-06-19 15:37 43520 ——a-w- c:\windows\system32\licmgr10.dll 2011-12-17 19:42 . 2007-06-19 15:37 1469440 ———w- c:\windows\system32\inetcpl.cpl 2011-12-16 12:23 . 2007-06-19 15:37 385024 ——a-w- c:\windows\system32\html.iec . . ((((((((((((((((((((((((((((((((((( Start steder i reg.basen )))))))))))))))))))))))))))))))))))))))))))))))) . . Bemærk tomme linier & lovlige standard linier vises ikke REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] “{00000000-6E41-4FD3-8538-502F5495E5FC}”= “c:\programmer\Ask.com\GenericAskToolbar.dll” [2011-08-23 1515688] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2011-08-23 20:20 1515688 ——a-w- c:\programmer\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] “{D4027C7F-154A-4066-A1AD-4243D8127440}”= “c:\programmer\Ask.com\GenericAskToolbar.dll” [2011-08-23 1515688] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] “{D4027C7F-154A-4066-A1AD-4243D8127440}”= “c:\programmer\Ask.com\GenericAskToolbar.dll” [2011-08-23 1515688] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @=”{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}” [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ——a-w- c:\documents and settings\Connie Nielson\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @=”{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}” [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ——a-w- c:\documents and settings\Connie Nielson\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @=”{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}” [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ——a-w- c:\documents and settings\Connie Nielson\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @=”{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}” [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ——a-w- c:\documents and settings\Connie Nielson\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SUPERAntiSpyware”=“c:\programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe” [2012-01-20 4617600] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “BullGuard”=“c:\programmer\BullGuard Ltd\BullGuard\BullGuard.exe” [2011-07-07 1620824] “ApnUpdater”=“c:\programmer\Ask.com\Updater\Updater.exe” [2011-08-23 887976] “APSDaemon”=“c:\programmer\Fælles filer\Apple\Apple Application Support\APSDaemon.exe” [2011-11-01 59240] “QuickTime Task”=“c:\programmer\QuickTime\qttask.exe” [2011-10-24 421888] “Adobe Reader Speed Launcher”=“c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2012-01-03 37296] “Adobe ARM”=“c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe” [2012-01-02 843712] “AppleSyncNotifier”=“c:\programmer\Fælles filer\Apple\Mobile Device Support\AppleSyncNotifier.exe” [2011-11-02 59240] “iTunesHelper”=“c:\programmer\iTunes\iTunesHelper.exe” [2012-01-16 421736] “SunJavaUpdateSched”=“c:\programmer\Fælles filer\Java\Java Update\jusched.exe” [2012-01-18 254696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-14 15360] . c:\documents and settings\Connie Nielson\Menuen Start\Programmer\Start\ Dropbox.lnk - c:\documents and settings\Connie Nielson\Application Data\Dropbox\bin\Dropbox.exe [2012-2-15 24246216] . c:\documents and settings\All Users\Menuen Start\Programmer\Start\ Secunia PSI Tray.lnk - c:\programmer\Secunia\PSI\psi_tray.exe [2011-4-19 291896] SetWeb.lnk - c:\programmer\SetWeb\SetWeb.exe [2007-7-5 843776] Windows Search.lnk - c:\programmer\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] “{56F9679E-7826-4C84-81F3-532071A8BCC5}”= “c:\programmer\Windows Desktop Search\MSNLNamespaceMgr.dll” [2009-05-24 304128] “{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “c:\programmer\SUPERAntiSpyware\SASSEH.DLL” [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ——a-w- c:\programmer\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “AppInit_DLLs”=c:\windows\system32\BgGamingMonitor.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @=”“ . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain] @=“Service” . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner] @=“Service” . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @=“Driver” . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^McAfee Security Scan Plus.lnk] path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\McAfee Security Scan Plus.lnk backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Secunia PSI Tray.lnk] path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\Secunia PSI Tray.lnk backup=c:\windows\pss\Secunia PSI Tray.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Connie Nielson^Menuen Start^Programmer^Start^Dropbox.lnk] path=c:\documents and settings\Connie Nielson\Menuen Start\Programmer\Start\Dropbox.lnk backup=c:\windows\pss\Dropbox.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Connie Nielson^Menuen Start^Programmer^Start^Picture Motion Browser Media Check Tool.lnk] path=c:\documents and settings\Connie Nielson\Menuen Start\Programmer\Start\Picture Motion Browser Media Check Tool.lnk backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 16:05 15360 ———w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] “QuickTime Task”=“c:\programmer\QuickTime\qttask.exe” -atboottime “SSBkgdUpdate”=“c:\programmer\Fælles filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” -Embedding -boot “PaperPort PTD”=“c:\programmer\ScanSoft\PaperPort\pptd40nt.exe” “IndexSearch”=“c:\programmer\ScanSoft\PaperPort\IndexSearch.exe” “PPort11reminder”=“c:\programmer\ScanSoft\PaperPort\Ereg\Ereg.exe” -r “c:\documents and settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini” “Adobe Reader Speed Launcher”=“c:\programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe” . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] “EnableFirewall”= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] “%windir%\\system32\\sessmgr.exe”= “c:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE”= “c:\\Programmer\\Messenger\\msmsgs.exe”= “%windir%\\Network Diagnostic\\xpnetdiag.exe”= “c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe”= “c:\\Programmer\\Windows Live\\Sync\\WindowsLiveSync.exe”= “c:\\Documents and Settings\\Connie Nielson\\Application Data\\Dropbox\\bin\\Dropbox.exe”= “c:\\Programmer\\Fælles filer\\Apple\\Apple Application Support\\WebKit2WebProcess.exe”= “c:\\Programmer\\Bonjour\\mDNSResponder.exe”= “c:\\Programmer\\iTunes\\iTunes.exe”= . R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [01-07-2011 13:21 16024] R1 BdSpy;BdSpy;c:\windows\system32\drivers\BdSpy.sys [12-03-2010 10:34 64608] R1 NovaShieldFilterDriver;NovaShieldFilterDriver;c:\windows\system32\drivers\NSKernel.sys [06-02-2011 14:13 789448] R1 NovaShieldTDIDriver;NovaShieldTDIDriver;c:\windows\system32\drivers\NSNetmon.sys [06-02-2011 14:13 19272] R1 SASDIFSV;SASDIFSV;c:\programmer\SUPERAntiSpyware\sasdifsv.sys [22-07-2011 17:27 12880] R1 SASKUTIL;SASKUTIL;c:\programmer\SUPERAntiSpyware\SASKUTIL.SYS [12-07-2011 22:55 67664] R2 !SASCORE;SAS Core Service;c:\programmer\SUPERAntiSpyware\SASCore.exe [12-08-2011 00:38 116608] R2 BsBhvScan;BullGuard behavioural detection service;c:\programmer\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [06-02-2011 14:12 338776] R2 BsBrowser;BullGuard antiphishing service;c:\windows\System32\SvcHost.exe -k BullGuard_LowPriv [19-06-2007 16:38 14336] R2 BsFileScan;BullGuard on-access service;c:\windows\System32\SvcHost.exe -k BullGuard [19-06-2007 16:38 14336] R2 BsFire;BullGuard firewall service;c:\windows\System32\SvcHost.exe -k BullGuard [19-06-2007 16:38 14336] R2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\System32\SvcHost.exe -k BullGuard [19-06-2007 16:38 14336] R2 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe -k BullGuard_Main [19-06-2007 16:38 14336] R2 BsUpdate;BullGuard update service;c:\programmer\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [19-02-2012 14:53 330584] R2 ReflectService;Macrium Reflect Image Mounting Service;c:\programmer\Macrium\Reflect\ReflectService.exe [01-07-2011 13:21 220824] R2 Secunia PSI Agent;Secunia PSI Agent;c:\programmer\Secunia\PSI\PSIA.exe—start-service—> c:\programmer\Secunia\PSI\PSIA.exe—start-service [?] R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\Afw.sys [04-12-2009 11:00 34280] R3 afwcore;afwcore;c:\windows\system32\drivers\AfwCore.sys [04-12-2009 11:00 267624] S0 Lbd;Lbd; [x] S1 SABKUTIL;SABKUTIL;\??\c:\programmer\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys—> c:\programmer\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-03-2010 13:16 130384] S3 Amps2prt;Trust Ami PS/2 Port Mouse Driver (6);c:\windows\system32\drivers\Amps2prt.sys [19-10-2001 13:57 9056] S3 BgRaSvc;BgRaSvc;c:\programmer\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe [03-03-2010 21:07 125784] S3 BsScanner;BullGuard scanning service;c:\programmer\BullGuard Ltd\BullGuard\BullGuardScanner.exe [03-03-2010 21:07 288600] S3 cxbu0wdm;CardMan 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [28-02-2007 06:38 114304] S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [10-08-2009 12:07 89600] S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [01-09-2010 09:30 15544] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [21-12-2011 15:29 42496] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-03-2010 13:16 753504] S3 ZD1211BU(ICIDU);ICIDU Wireless USB Adapter Driver(ICIDU);c:\windows\system32\drivers\ZD1211BU.sys [28-06-2008 16:06 500736] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] BullGuard_Main REG_MULTI_SZ BsMain BullGuard REG_MULTI_SZ BsFileScan BsMailProxy BsFire BullGuard_LowPriv REG_MULTI_SZ BsBrowser . Indhold af mappen ‘Planlagte Opgaver’ . 2012-02-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programmer\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57] . 2012-02-26 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\programmer\Ask.com\UpdateTask.exe [2011-08-23 20:20] . 2012-02-25 c:\windows\Tasks\SUPERANTISPYWARE.job - c:\programmer\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [2012-01-20 18:16] . 2012-02-26 c:\windows\Tasks\User_Feed_Synchronization-{6D8183CE-8382-418D-8A71-3D0ABF0C0FC4}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 03:31] . . ———- Yderligere scanning———- . uStart Page = hxxp://www.google.dk/ uInternet Settings,ProxyOverride = .local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s Trusted Zone: danid.dk Trusted Zone: danskebank.dk Trusted Zone: sikker-adgang.dk\login Trusted Zone: skat.dk\www Trusted Zone: sydbank.dk Trusted Zone: tdc.dk\kundeservice Trusted Zone: danid.dk DPF: {07E8D22D-C723-485C-BE6F-003241549305} - hxxp://extcom.esoft.dk/extern/3d/eplan.cab DPF: {1469FF24-47F6-11D2-8805-006008C537E3} - hxxp://www.kps.dk/codebase/ffmail.cab DPF: {25C29129-E95F-4564-BFE3-000000006400} - hxxp://www.123hjemmeside.dk/builder/pages/KvikVideo-6-4-0-0.CAB DPF: {4445EA6A-9008-40D5-9160-035FDE5214C4} - hxxp://www.123hjemmeside.dk/builder/pages/Mpu-dk-1-0-0-8.cab DPF: {92EB6641-286A-11D2-A68E-00A0C996A6DD} - hxxp://www.kps.dk/codebase/jfsignature.cab DPF: {93B08541-9F6B-4697-9F9A-7058F1E33785} - hxxp://193.239.96.110/inquiero/mod/setup/ntractivex1182.cab DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/digitalsignatur-csp.exe . - - - - TOMME GENVEJE FJERNET - - - - . Toolbar-Locked - (no file) MSConfigStartUp-jumpcreative - c:\docume~1\CONNIE~1\APPLIC~1\BENDGL~1\Bowstray.exe MSConfigStartUp-SunJavaUpdateSched - c:\programmer\Java\jre6\bin\jusched.exe . . . ************************************************************************* .
[ Ignorer ] [ # 1 ] Fromsej TeamSpywarefri
27.02.2012 16:38:06 Administrator Team Spywarefri Antal indlæg: 55510	Afinstaller Ask toolbar i Tilføj/fjern programmer, genstart. Åbn mappen med Combofix, højreklik et tomt sted i mappen, vælg Ny->tekstdokument, åbn tekstdokumentet, kopier følgende ind: Killall:: Snapshot:: Folder:: c:\programmer\ask.com DDS:: BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\programmer\ask.com\GenericAskToolbar.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\programmer\ask.com\GenericAskToolbar.dll TB: {B4B3001E-0F56-4E51-8250-BDE11547EC55} - No File TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File mRun: [<NO NAME>] klik på Filer->Gem som, navngiv den CFScript, luk tekstdokumentet. Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du “giver slip” med musen. http://www.fromsej.saknet.dk/billeder/swfcombo.gif Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse. Kopier den fremkomne log herind. Får du noget der ligner denne fejl. Der blev forsøgt en ugyldig handling på en registreringsdatabasenøgle, som er blevet mærket til sletning Så genstart, en gang mere, det burde løse det. Signatur qui potest, obligatur Nierne bomaye - You’ll never walk alone Kaffen er drukket Kassen er lukket Støtten gør mere nytte Hos de små og forknytte Børns vilkår Hospitalsklovne
[ Ignorer ] [ # 2 ] planet
27.02.2012 18:30:24 Antal indlæg: 49	Tusind tak for dit hurtige svar, har kørt combofiks som beskrevet, her er log På forhånd tak. ComboFix 12-02-27.02 - Connie Nielson 27-02-2012 16:54:00.8.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.1470.858 [GMT 1:00] Kører fra: c:\documents and settings\Connie Nielson\Skrivebord\Ny mappe\ComboFix.exe Kommandoer benyttet :: c:\documents and settings\Connie Nielson\Skrivebord\Ny mappe\CFScript.txt AV: BullGuard Antivirus Disabled/Outdated {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913} FW: BullGuard Firewall Disabled {2AEF4CB6-61B5-4E60-AF22-D95E75B63FA1} . . ((((((((((((((((((((((((((((((((((((((( Andet, der er slettet ))))))))))))))))))))))))))))))))))))))))))))))))) . . Inficeret kopi af c:\windows\system32\Drivers\atapi.sys blev fundet og desinficeret Genskabt kopi fra - c:\windows\ERDNT\cache\atapi.sys . . ((((((((((((((((((((((((((((( Filer skabt fra 2012-01-27 til 2012-02-27 ))))))))))))))))))))))))))))))))))) . . 2012-02-26 18:23 . 2012-02-26 18:23 ———— d——-w- c:\documents and settings\Connie Nielson\Application Data\SUPERAntiSpyware.com 2012-02-26 16:45 . 2010-04-29 14:39 38224 ——a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-02-26 16:45 . 2010-04-29 14:39 20952 ——a-w- c:\windows\system32\drivers\mbam.sys 2012-02-26 16:45 . 2012-02-26 16:45 ———— d——-w- c:\programmer\Malwarebytes’ Anti-Malware 2012-02-26 09:38 . 2012-02-26 09:38 ———— d——-w- C:\Ny mappe 2012-02-23 11:16 . 2012-02-23 11:16 ———— d——-w- c:\programmer\Fælles filer\Java 2012-02-23 11:15 . 2012-02-23 11:15 73728 ——a-w- c:\windows\system32\javacpl.cpl 2012-02-16 07:14 . 2012-01-11 19:07 3072 -c——w- c:\windows\system32\dllcache\iacenc.dll 2012-02-16 07:14 . 2012-01-11 19:07 3072 ———w- c:\windows\system32\iacenc.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-23 11:16 . 2011-05-15 18:57 414368 ——a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-23 11:15 . 2010-10-12 17:28 472808 ——a-w- c:\windows\system32\deployJava1.dll 2012-01-24 21:10 . 2012-01-24 21:10 131408 ——a-w- c:\programmer\uninst.exe 2012-01-24 18:15 . 2012-01-24 18:15 2716992 ——a-w- c:\programmer\CCleaner.exe 2012-01-21 07:31 . 2010-03-18 16:03 100184 ——a-w- c:\windows\system32\BgGamingMonitor.dll 2012-01-12 17:20 . 2007-06-19 15:38 1859968 ——a-w- c:\windows\system32\win32k.sys 2011-12-19 10:52 . 2010-02-17 13:33 82776 ——a-w- c:\windows\system32\BGLsp.dll 2011-12-17 19:42 . 2007-06-19 15:38 916992 ——a-w- c:\windows\system32\wininet.dll 2011-12-17 19:42 . 2007-06-19 15:37 43520 ——a-w- c:\windows\system32\licmgr10.dll 2011-12-17 19:42 . 2007-06-19 15:37 1469440 ———w- c:\windows\system32\inetcpl.cpl 2011-12-16 12:23 . 2007-06-19 15:37 385024 ——a-w- c:\windows\system32\html.iec . . ((((((((((((((((((((((((((((((((((( Start steder i reg.basen )))))))))))))))))))))))))))))))))))))))))))))))) . . Bemærk tomme linier & lovlige standard linier vises ikke REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @=”{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}” [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ——a-w- c:\documents and settings\Connie Nielson\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @=”{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}” [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ——a-w- c:\documents and settings\Connie Nielson\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @=”{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}” [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ——a-w- c:\documents and settings\Connie Nielson\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @=”{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}” [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ——a-w- c:\documents and settings\Connie Nielson\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SUPERAntiSpyware”=“c:\programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe” [2012-01-20 4617600] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “BullGuard”=“c:\programmer\BullGuard Ltd\BullGuard\BullGuard.exe” [2012-02-27 1620824] “APSDaemon”=“c:\programmer\Fælles filer\Apple\Apple Application Support\APSDaemon.exe” [2011-11-01 59240] “QuickTime Task”=“c:\programmer\QuickTime\qttask.exe” [2011-10-24 421888] “Adobe Reader Speed Launcher”=“c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2012-01-03 37296] “Adobe ARM”=“c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe” [2012-01-02 843712] “AppleSyncNotifier”=“c:\programmer\Fælles filer\Apple\Mobile Device Support\AppleSyncNotifier.exe” [2011-11-02 59240] “iTunesHelper”=“c:\programmer\iTunes\iTunesHelper.exe” [2012-01-16 421736] “SunJavaUpdateSched”=“c:\programmer\Fælles filer\Java\Java Update\jusched.exe” [2012-01-18 254696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-14 15360] . c:\documents and settings\Connie Nielson\Menuen Start\Programmer\Start\ Dropbox.lnk - c:\documents and settings\Connie Nielson\Application Data\Dropbox\bin\Dropbox.exe [2012-2-15 24246216] . c:\documents and settings\All Users\Menuen Start\Programmer\Start\ Secunia PSI Tray.lnk - c:\programmer\Secunia\PSI\psi_tray.exe [2011-4-19 291896] SetWeb.lnk - c:\programmer\SetWeb\SetWeb.exe [2007-7-5 843776] Windows Search.lnk - c:\programmer\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] “{56F9679E-7826-4C84-81F3-532071A8BCC5}”= “c:\programmer\Windows Desktop Search\MSNLNamespaceMgr.dll” [2009-05-24 304128] “{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “c:\programmer\SUPERAntiSpyware\SASSEH.DLL” [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ——a-w- c:\programmer\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “AppInit_DLLs”=c:\windows\system32\BgGamingMonitor.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @=”“ . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain] @=“Service” . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner] @=“Service” . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @=“Driver” . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^McAfee Security Scan Plus.lnk] path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\McAfee Security Scan Plus.lnk backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Secunia PSI Tray.lnk] path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\Secunia PSI Tray.lnk backup=c:\windows\pss\Secunia PSI Tray.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Connie Nielson^Menuen Start^Programmer^Start^Dropbox.lnk] path=c:\documents and settings\Connie Nielson\Menuen Start\Programmer\Start\Dropbox.lnk backup=c:\windows\pss\Dropbox.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Connie Nielson^Menuen Start^Programmer^Start^Picture Motion Browser Media Check Tool.lnk] path=c:\documents and settings\Connie Nielson\Menuen Start\Programmer\Start\Picture Motion Browser Media Check Tool.lnk backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 16:05 15360 ———w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] “QuickTime Task”=“c:\programmer\QuickTime\qttask.exe” -atboottime “SSBkgdUpdate”=“c:\programmer\Fælles filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” -Embedding -boot “PaperPort PTD”=“c:\programmer\ScanSoft\PaperPort\pptd40nt.exe” “IndexSearch”=“c:\programmer\ScanSoft\PaperPort\IndexSearch.exe” “PPort11reminder”=“c:\programmer\ScanSoft\PaperPort\Ereg\Ereg.exe” -r “c:\documents and settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini” “Adobe Reader Speed Launcher”=“c:\programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe” . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] “EnableFirewall”= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] “%windir%\\system32\\sessmgr.exe”= “c:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE”= “c:\\Programmer\\Messenger\\msmsgs.exe”= “%windir%\\Network Diagnostic\\xpnetdiag.exe”= “c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe”= “c:\\Programmer\\Windows Live\\Sync\\WindowsLiveSync.exe”= “c:\\Documents and Settings\\Connie Nielson\\Application Data\\Dropbox\\bin\\Dropbox.exe”= “c:\\Programmer\\Fælles filer\\Apple\\Apple Application Support\\WebKit2WebProcess.exe”= “c:\\Programmer\\Bonjour\\mDNSResponder.exe”= “c:\\Programmer\\iTunes\\iTunes.exe”= . R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [01-07-2011 13:21 16024] R1 BdSpy;BdSpy;c:\windows\system32\drivers\BdSpy.sys [12-03-2010 10:34 64608] R1 NovaShieldFilterDriver;NovaShieldFilterDriver;c:\windows\system32\drivers\NSKernel.sys [06-02-2011 14:13 789448] R1 NovaShieldTDIDriver;NovaShieldTDIDriver;c:\windows\system32\drivers\NSNetmon.sys [06-02-2011 14:13 19272] R1 SASDIFSV;SASDIFSV;c:\programmer\SUPERAntiSpyware\sasdifsv.sys [22-07-2011 17:27 12880] R1 SASKUTIL;SASKUTIL;c:\programmer\SUPERAntiSpyware\SASKUTIL.SYS [12-07-2011 22:55 67664] R2 !SASCORE;SAS Core Service;c:\programmer\SUPERAntiSpyware\SASCore.exe [12-08-2011 00:38 116608] R2 BsBhvScan;BullGuard behavioural detection service;c:\programmer\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [06-02-2011 14:12 338776] R2 BsBrowser;BullGuard antiphishing service;c:\windows\System32\SvcHost.exe -k BullGuard_LowPriv [19-06-2007 16:38 14336] R2 BsFileScan;BullGuard on-access service;c:\windows\System32\SvcHost.exe -k BullGuard [19-06-2007 16:38 14336] R2 BsFire;BullGuard firewall service;c:\windows\System32\SvcHost.exe -k BullGuard [19-06-2007 16:38 14336] R2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\System32\SvcHost.exe -k BullGuard [19-06-2007 16:38 14336] R2 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe -k BullGuard_Main [19-06-2007 16:38 14336] R2 BsUpdate;BullGuard update service;c:\programmer\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [27-02-2012 07:32 330584] R2 ReflectService;Macrium Reflect Image Mounting Service;c:\programmer\Macrium\Reflect\ReflectService.exe [01-07-2011 13:21 220824] R2 Secunia PSI Agent;Secunia PSI Agent;c:\programmer\Secunia\PSI\PSIA.exe—start-service—> c:\programmer\Secunia\PSI\PSIA.exe—start-service [?] R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\Afw.sys [04-12-2009 11:00 34280] R3 afwcore;afwcore;c:\windows\system32\drivers\AfwCore.sys [04-12-2009 11:00 267624] S0 Lbd;Lbd; [x] S1 SABKUTIL;SABKUTIL;\??\c:\programmer\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys—> c:\programmer\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-03-2010 13:16 130384] S3 Amps2prt;Trust Ami PS/2 Port Mouse Driver (6);c:\windows\system32\drivers\Amps2prt.sys [19-10-2001 13:57 9056] S3 BgRaSvc;BgRaSvc;c:\programmer\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe [03-03-2010 21:07 125784] S3 BsScanner;BullGuard scanning service;c:\programmer\BullGuard Ltd\BullGuard\BullGuardScanner.exe [03-03-2010 21:07 288600] S3 cxbu0wdm;CardMan 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [28-02-2007 06:38 114304] S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [10-08-2009 12:07 89600] S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [01-09-2010 09:30 15544] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [21-12-2011 15:29 42496] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-03-2010 13:16 753504] S3 ZD1211BU(ICIDU);ICIDU Wireless USB Adapter Driver(ICIDU);c:\windows\system32\drivers\ZD1211BU.sys [28-06-2008 16:06 500736] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] BullGuard_Main REG_MULTI_SZ BsMain BullGuard REG_MULTI_SZ BsFileScan BsMailProxy BsFire BullGuard_LowPriv REG_MULTI_SZ BsBrowser . Indhold af mappen ‘Planlagte Opgaver’ . 2012-02-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programmer\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57] . 2012-02-27 c:\windows\Tasks\SUPERANTISPYWARE.job - c:\programmer\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [2012-01-20 18:16] . 2012-02-27 c:\windows\Tasks\User_Feed_Synchronization-{6D8183CE-8382-418D-8A71-3D0ABF0C0FC4}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 03:31] . . ———- Yderligere scanning———- . uStart Page = hxxp://www.google.dk/ uInternet Settings,ProxyOverride = .local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s Trusted Zone: danid.dk Trusted Zone: danskebank.dk Trusted Zone: sikker-adgang.dk\login Trusted Zone: skat.dk\www Trusted Zone: sydbank.dk Trusted Zone: tdc.dk\kundeservice Trusted Zone: danid.dk TCP: DhcpNameServer = 212.10.10.5 212.10.10.4 DPF: {07E8D22D-C723-485C-BE6F-003241549305} - hxxp://extcom.esoft.dk/extern/3d/eplan.cab DPF: {1469FF24-47F6-11D2-8805-006008C537E3} - hxxp://www.kps.dk/codebase/ffmail.cab DPF: {25C29129-E95F-4564-BFE3-000000006400} - hxxp://www.123hjemmeside.dk/builder/pages/KvikVideo-6-4-0-0.CAB DPF: {4445EA6A-9008-40D5-9160-035FDE5214C4} - hxxp://www.123hjemmeside.dk/builder/pages/Mpu-dk-1-0-0-8.cab DPF: {92EB6641-286A-11D2-A68E-00A0C996A6DD} - hxxp://www.kps.dk/codebase/jfsignature.cab DPF: {93B08541-9F6B-4697-9F9A-7058F1E33785} - hxxp://193.239.96.110/inquiero/mod/setup/ntractivex1182.cab DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/digitalsignatur-csp.exe . . *********************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-02-27 17:05 Windows 5.1.2600 Service Pack 3 NTFS . scanner skjulte processer ... . scanner skjulte autostarter ... . scanner skjulte filer ... . scanning gennemført med succes skjulte filer: 0 . ************************************************************************ . ——————————- LÅSTE REGISTRERINGS NØGLER——————————- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A86B5F7B-57BC-FDE1-4BA107CD048CA334}\{FAA6C91D-89D7-F6D7-A2ABB279A6F1429D}\{4006DA5B-3A8C-C500-035107788F07ACDE}] “1D1OWFM6WKF6TLM3S2BGKKUUDG1”=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44, fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 . [HKEY_LOCAL_MACHINE\software\Microsoft\Environment] “Licence0”=“04F0D21-79D8-7A25-D702-433F” . ——————————- DLLs startet under kørende Processer——————————- . - - - - - - - > ‘winlogon.exe’(1180) c:\programmer\SUPERAntiSpyware\SASWINLO.DLL . - - - - - - - > ‘explorer.exe’(2460) c:\programmer\BullGuard Ltd\BullGuard\spamfilter\LittleHook.dll c:\documents and settings\Connie Nielson\Application Data\Dropbox\bin\DropboxExt.14.dll c:\programmer\Windows Desktop Search\deskbar.dll c:\programmer\Windows Desktop Search\da-dk\dbres.dll.mui c:\programmer\Windows Desktop Search\dbres.dll c:\programmer\Windows Desktop Search\wordwheel.dll c:\programmer\Windows Desktop Search\da-dk\msnlExtRes.dll.mui c:\programmer\Windows Desktop Search\msnlExtRes.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\programmer\BullGuard Ltd\BullGuard\BackupShellHook.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ————————————Andre kørende processer———————————— . c:\windows\system32\brss01a.exe c:\windows\System32\SCardSvr.exe c:\programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\programmer\Bonjour\mDNSResponder.exe c:\programmer\Java\jre6\bin\jqs.exe c:\programmer\Secunia\PSI\PSIA.exe c:\programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\windows\system32\SearchIndexer.exe c:\programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\wscntfy.exe c:\programmer\iPod\bin\iPodService.exe . ************************************************************************** . Gennemført tid: 2012-02-27 17:11:25 - maskinen blev genstartet ComboFix-quarantined-files.txt 2012-02-27 16:11 ComboFix2.txt 2012-02-26 21:41 ComboFix3.txt 2009-09-15 07:15 ComboFix4.txt 2009-08-14 21:11 ComboFix5.txt 2012-02-27 15:52 . Pre-Kørsel: 52.991.619.072 byte ledig Post-Kørsel: 52.973.957.120 byte ledig . - - End Of File - - C912A00614AB77CCEA04E011BA566F2A
[ Ignorer ] [ # 3 ] planet
27.02.2012 18:44:37 Antal indlæg: 49	Hej igen, jeg har lige prøvet at scanne for Bank Texeasy Detection, den kører lidt længere men melder så fejl igen? Hvad gør jeg nu? med venlig hilsen Planet
[ Ignorer ] [ # 4 ] Fromsej TeamSpywarefri
27.02.2012 19:17:20 Administrator Team Spywarefri Antal indlæg: 55510	Der er ikke mere i din log, combofix tog det sidste. Hvad angår Bank Texeasy Detection, så er det en fejl i programmet, Perhaps beskriver den her: http://www.softwareguides.dk/sidste_nyt.html 26.02.2012 Opfølgning på NemID-sagen Bank Texeasy Detection Tool, som CSIS har udviklet til at detektere et angreb på NemID, har en programmeringsfejl, der gør, at det ikke vil virke hos alle computerbrugere. Programmet vil blive lukket ned, og komme med en fejlmeddelelse, der siger ” Bank Texeasy Detection Tool har fundet en fejl og afsluttes. Vi beklager fejlen. Informer Microsoft om fejlen. Fejl hedder noget i retning af: Temp\xxx_appcompat.txt. Signatur qui potest, obligatur Nierne bomaye - You’ll never walk alone Kaffen er drukket Kassen er lukket Støtten gør mere nytte Hos de små og forknytte Børns vilkår Hospitalsklovne
[ Ignorer ] [ # 5 ] planet
27.02.2012 19:28:39 Antal indlæg: 49	Tusind tak for hjælpen, hvad var det jeg havde fået, er der fare for at det samme er på min bærbar? jeg er ellers meget forsigtig med hvad jeg åbner og har jo den nyeste Bulguard, har alt sat på automtisk opdatering, har også Secunia PSI installeret, den fortæller jo hvis ikke alt er opdateret. Hvad kan jeg ellers gøre? Hilsen Planet
[ Ignorer ] [ # 6 ] Fromsej TeamSpywarefri
27.02.2012 20:14:02 Administrator Team Spywarefri Antal indlæg: 55510	Velbekomme. Det kan ikke udelukkes, at vi lige bør tjekke din bærbare også. Det vi har fjernet, er Ask toolbar, den bliver “tilbudt” masser af steder, af princip bør man altid fravælge toolbars, når man installerer programmer, hold øje med de enkelte vinduer, når man klikker OK eller fortsæt, så vil der som regel være et flueben, der skal fjernes. Inficeret kopi af c:\windows\system32\Drivers\atapi.sys, det kan være noget så simpelt som en korrupt fil, eller en grim virus. Jeg hælder mest til det første, da der ikke har været andre tegn på de vira, der angriber systemfiler. Prøv lige at tjekke om Notesblok, Paint og et par andre af windows småprogrammer virker. Signatur qui potest, obligatur Nierne bomaye - You’ll never walk alone Kaffen er drukket Kassen er lukket Støtten gør mere nytte Hos de små og forknytte Børns vilkår Hospitalsklovne
[ Ignorer ] [ # 7 ] planet
27.02.2012 21:05:30 Antal indlæg: 49	Tusind tak for det, hvad skal jeg sende ind fra den bærbare, Jeg tjekker om Ask toolbar er å den også og fjerner den. Har skannet den efter jeres anvisninger, men ikke kørt combofix på den, hvad vil i have sendt ind?
[ Ignorer ] [ # 8 ] Fromsej TeamSpywarefri
27.02.2012 21:52:25 Administrator Team Spywarefri Antal indlæg: 55510	Lad os bare få en combofixlog. Hent Combofix, og gem den i en mappe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe Åbn mappen med Combofix, højreklik et tomt sted i mappen, vælg Ny->tekstdokument, åbn tekstdokumentet, kopier følgende ind: Killall:: Snapshot:: klik på Filer->Gem som, navngiv den CFScript, luk tekstdokumentet. Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du “giver slip” med musen. http://www.fromsej.saknet.dk/billeder/swfcombo.gif Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse. Kopier den fremkomne log herind. Får du noget der ligner denne fejl. Der blev forsøgt en ugyldig handling på en registreringsdatabasenøgle, som er blevet mærket til sletning Så genstart, en gang mere, det burde løse det. Signatur qui potest, obligatur Nierne bomaye - You’ll never walk alone Kaffen er drukket Kassen er lukket Støtten gør mere nytte Hos de små og forknytte Børns vilkår Hospitalsklovne
[ Ignorer ] [ # 9 ] planet
27.02.2012 23:33:33 Antal indlæg: 49	Hej igen, her er combofix fra min bærbar, hilsen Planet. ComboFix 12-02-2 7.02 - Hans 27-02-2012 22:01:06.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.1022.536 [GMT 1:00] Kører fra: c:\documents and settings\Hans\Skrivebord\Ny mappe\ComboFix.exe AV: BullGuard Antivirus Enabled/Updated {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913} FW: BullGuard Firewall Enabled {2AEF4CB6-61B5-4E60-AF22-D95E75B63FA1} FW: Norton Internet Worm Protection Disabled {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} . . ((((((((((((((((((((((((((((((((((((((( Andet, der er slettet ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programmer\Setup.exe c:\windows\system32\SET60.tmp c:\windows\system32\SET6C.tmp c:\windows\system32\SET75.tmp c:\windows\system32\SET76.tmp c:\windows\system32\SET77.tmp c:\windows\system32\SET7A.tmp D:\Autorun.inf . . ((((((((((((((((((((((((((((( Filer skabt fra 2012-01-27 til 2012-02-27 ))))))))))))))))))))))))))))))))))) . . 2012-02-26 18:41 . 2012-02-26 18:41 ———— d——-w- c:\documents and settings\Hans\Application Data\SUPERAntiSpyware.com 2012-02-26 16:51 . 2012-02-26 16:51 ———— d——-w- c:\documents and settings\Hans\Application Data\Malwarebytes 2012-02-26 16:51 . 2010-04-29 14:39 38224 ——a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-02-26 16:51 . 2012-02-26 16:51 ———— d——-w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-02-26 16:51 . 2012-02-26 16:51 ———— d——-w- c:\programmer\Malwarebytes’ Anti-Malware 2012-02-26 16:51 . 2010-04-29 14:39 20952 ——a-w- c:\windows\system32\drivers\mbam.sys 2012-02-26 12:29 . 2012-02-26 12:29 ———— d——-w- c:\programmer\Fælles filer\Java 2012-02-26 12:26 . 2012-02-26 12:26 ———— d——-w- c:\documents and settings\All Users\Application Data\Ask 2012-02-15 16:03 . 2012-01-11 19:07 3072 ———w- c:\windows\system32\iacenc.dll 2012-02-15 16:03 . 2012-01-11 19:07 3072 ———w- c:\windows\system32\dllcache\iacenc.dll 2012-02-12 10:31 . 2012-02-12 10:31 ———— d——-w- c:\programmer\Microsoft.NET . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-26 12:25 . 2010-10-13 13:05 73728 ——a-w- c:\windows\system32\javacpl.cpl 2012-02-26 12:25 . 2010-05-04 18:23 472808 -c—a-w- c:\windows\system32\deployJava1.dll 2012-02-19 16:28 . 2011-05-26 11:12 414368 ——a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-01-21 08:42 . 2010-03-18 16:03 100184 ——a-w- c:\windows\system32\BgGamingMonitor.dll 2012-01-12 17:20 . 2004-08-27 08:00 1859968 ———w- c:\windows\system32\win32k.sys 2011-12-19 18:11 . 2010-02-17 13:33 82776 ——a-w- c:\windows\system32\BGLsp.dll 2011-12-17 19:42 . 2004-08-27 08:00 916992 ——a-w- c:\windows\system32\wininet.dll 2011-12-17 19:42 . 2004-08-27 08:00 43520 ——a-w- c:\windows\system32\licmgr10.dll 2011-12-17 19:42 . 2004-08-27 08:00 1469440 ———w- c:\windows\system32\inetcpl.cpl 2011-12-16 12:23 . 2004-08-27 08:00 385024 ——a-w- c:\windows\system32\html.iec 2008-05-30 23:38 . 2008-05-30 23:38 1821008 -c—a-w- c:\programmer\instmsiw.exe 2008-05-30 23:38 . 2008-05-30 23:38 1707856 -c—a-w- c:\programmer\instmsia.exe 2008-05-30 23:38 . 2008-05-30 23:38 4368384 -c—a-w- c:\programmer\openofficeorg24.msi . . ((((((((((((((((((((((((((((((((((( Start steder i reg.basen )))))))))))))))))))))))))))))))))))))))))))))))) . . Bemærk tomme linier & lovlige standard linier vises ikke REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “swg”=“c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2007-10-11 68856] “SUPERAntiSpyware”=“c:\programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe” [2012-01-20 4617600] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ATIPTA”=“c:\programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2005-11-10 344064] “SynTPEnh”=“c:\programmer\Synaptics\SynTP\SynTPEnh.exe” [2007-09-15 1015808] “eabconfg.cpl”=“c:\programmer\HPQ\Quick Launch Buttons\EabServr.exe” [2005-12-22 405504] “Cpqset”=“c:\programmer\HPQ\Default Settings\cpqset.exe” [2005-08-01 233534] “RecGuard”=“c:\windows\SMINST\RecGuard.exe” [2005-10-11 1187840] “Reminder”=“c:\windows\CREATOR\Remind_XP.exe” [2006-02-09 643072] “hpWirelessAssistant”=“c:\programmer\hpq\HP Wireless Assistant\HP Wireless Assistant.exe” [2005-12-13 507904] “ISUSPM Startup”=“c:\progra~1\FLLESF~1\INSTAL~1\UPDATE~1\ISUSPM.exe” [2004-07-27 221184] “ISUSScheduler”=“c:\programmer\Fælles filer\InstallShield\UpdateService\issch.exe” [2005-02-16 81920] “QPService”=“c:\programmer\HP\QuickPlay\QPService.exe” [2006-08-22 102400] “SynTPStart”=“c:\programmer\Synaptics\SynTP\SynTPStart.exe” [2007-09-15 102400] “BullGuard”=“c:\programmer\BullGuard Ltd\BullGuard\BullGuard.exe” [2012-02-26 1620824] “HP Software Update”=“c:\programmer\Hp\HP Software Update\HPWuSchd2.exe” [2010-06-09 49208] “Adobe Reader Speed Launcher”=“c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2012-01-03 37296] “Adobe ARM”=“c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe” [2012-01-02 843712] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-14 15360] . c:\documents and settings\Hans\Menuen Start\Programmer\Start\ OpenOffice.org 3.3.lnk - c:\programmer\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] Picture Motion Browser Media Check Tool.lnk - c:\programmer\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-2-26 344064] . c:\documents and settings\All Users\Menuen Start\Programmer\Start\ HP Photosmart Premier Hurtig start.lnk - c:\programmer\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728] Secunia PSI Tray.lnk - c:\programmer\Secunia\PSI\psi_tray.exe [2010-12-21 291896] Windows Search.lnk - c:\programmer\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] “{56F9679E-7826-4C84-81F3-532071A8BCC5}”= “c:\programmer\Windows Desktop Search\MSNLNamespaceMgr.dll” [2009-05-24 304128] “{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “c:\programmer\SUPERAntiSpyware\SASSEH.DLL” [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ——a-w- c:\programmer\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “AppInit_DLLs”=c:\windows\system32\BgGamingMonitor.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @=”“ . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain] @=“Service” . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner] @=“Service” . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] “DisableMonitoring”=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] “EnableFirewall”= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] “%windir%\\system32\\sessmgr.exe”= “c:\\Programmer\\Messenger\\msmsgs.exe”= “%windir%\\Network Diagnostic\\xpnetdiag.exe”= . R1 BdSpy;BdSpy;c:\windows\system32\drivers\BdSpy.sys [12-03-2010 10:34 64608] R1 NovaShieldFilterDriver;NovaShieldFilterDriver;c:\windows\system32\drivers\NSKernel.sys [09-02-2011 15:46 789448] R1 NovaShieldTDIDriver;NovaShieldTDIDriver;c:\windows\system32\drivers\NSNetmon.sys [09-02-2011 15:46 19272] R1 SASDIFSV;SASDIFSV;c:\programmer\SUPERAntiSpyware\sasdifsv.sys [22-07-2011 17:27 12880] R1 SASKUTIL;SASKUTIL;c:\programmer\SUPERAntiSpyware\SASKUTIL.SYS [12-07-2011 22:55 67664] R2 !SASCORE;SAS Core Service;c:\programmer\SUPERAntiSpyware\SASCore.exe [12-08-2011 00:38 116608] R2 BsBrowser;BullGuard antiphishing service;c:\windows\System32\SvcHost.exe -k BullGuard_LowPriv [27-08-2004 09:00 14336] R2 BsFileScan;BullGuard on-access service;c:\windows\System32\SvcHost.exe -k BullGuard [27-08-2004 09:00 14336] R2 BsFire;BullGuard firewall service;c:\windows\System32\SvcHost.exe -k BullGuard [27-08-2004 09:00 14336] R2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\System32\SvcHost.exe -k BullGuard [27-08-2004 09:00 14336] R2 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe -k BullGuard_Main [27-08-2004 09:00 14336] R2 BsUpdate;BullGuard update service;c:\programmer\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [26-02-2012 21:31 330584] R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\Afw.sys [04-12-2009 11:00 34280] R3 afwcore;afwcore;c:\windows\system32\drivers\AfwCore.sys [04-12-2009 11:00 267624] R3 BsScanner;BullGuard scanning service;c:\programmer\BullGuard Ltd\BullGuard\BullGuardScanner.exe [03-03-2010 21:07 288600] R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [22-08-2005 10:06 231424] R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [01-09-2010 09:30 15544] S1 SABKUTIL;SABKUTIL;\??\c:\programmer\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys—> c:\programmer\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [?] S2 BsBhvScan;BullGuard behavioural detection service;c:\programmer\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [09-02-2011 15:46 338776] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-03-2010 13:16 130384] S2 gupdate;Google Update Tjeneste (gupdate);c:\programmer\Google\Update\GoogleUpdate.exe [06-11-2011 18:16 136176] S2 Secunia PSI Agent;Secunia PSI Agent;c:\programmer\Secunia\PSI\PSIA.exe—start-service—> c:\programmer\Secunia\PSI\PSIA.exe—start-service [?] S2 Secunia Update Agent;Secunia Update Agent;c:\programmer\Secunia\PSI\sua.exe—start-service—> c:\programmer\Secunia\PSI\sua.exe—start-service [?] S3 BgRaSvc;BgRaSvc;c:\programmer\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe [03-03-2010 21:07 125784] S3 gupdatem;Google Update Tjeneste (gupdatem);c:\programmer\Google\Update\GoogleUpdate.exe [06-11-2011 18:16 136176] S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [21-06-2010 12:18 100736] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-03-2010 13:16 753504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] BullGuard_Main REG_MULTI_SZ BsMain BullGuard REG_MULTI_SZ BsFileScan BsMailProxy BsFire BullGuard_LowPriv REG_MULTI_SZ BsBrowser . Indhold af mappen ‘Planlagte Opgaver’ . 2012-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\programmer\Google\Update\GoogleUpdate.exe [2011-11-06 17:16] . 2012-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\programmer\Google\Update\GoogleUpdate.exe [2011-11-06 17:16] . 2012-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3568943995-2508963422-2485145322-1006Core.job - c:\documents and settings\Hans\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe [2011-12-06 17:16] . 2012-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3568943995-2508963422-2485145322-1006UA.job - c:\documents and settings\Hans\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe [2011-12-06 17:16] . 2012-02-27 c:\windows\Tasks\User_Feed_Synchronization-{A037A666-E539-4CF9-89F1-51152CD46129}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . . ———- Yderligere scanning———- . uStart Page = hxxp://www.google.dk/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = about:blank uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver; - c:\windows\system32\GPhotos.scr/200 LSP: c:\windows\system32\BGLsp.dll Trusted Zone: danskbank.dk Trusted Zone: stofanet.dk TCP: DhcpNameServer = 212.10.10.5 212.10.10.4 . - - - - TOMME GENVEJE FJERNET - - - - . Toolbar-Locked - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) SafeBoot-SolutoService AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe . . . ************************************************************************ . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-02-27 22:05 Windows 5.1.2600 Service Pack 3 NTFS . scanner skjulte processer ... . scanner skjulte autostarter ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\programmer\HPQ\Default Settings\cpqset.exe?????????????n?n??\|?????? ???B????????? ???hLC???????? . scanner skjulte filer ... . scanning gennemført med succes skjulte filer: 0 . ************************************************************************ . ——————————- DLLs startet under kørende Processer——————————- . - - - - - - - > ‘winlogon.exe’(1004) c:\windows\system32\BgGamingMonitor.dll c:\programmer\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\Ati2evxx.dll . - - - - - - - > ‘lsass.exe’(1060) c:\windows\system32\BgGamingMonitor.dll c:\windows\system32\BGLsp.dll . Gennemført tid: 2012-02-27 22:07:57 ComboFix-quarantined-files.txt 2012-02-27 21:07 . Pre-Kørsel: 70.614.958.080 byte ledig Post-Kørsel: 70.697.558.016 byte ledig . WindowsXP-KB310994-SP2-Home-BootDisk-DAN.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons UnsupportedDebug=“do not select this” /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Home Edition” /noexecute=optin /fastdetect . - - End Of File - - 22695F66DE6CB85703E95A704F135E31
[ Ignorer ] [ # 10 ] Fromsej TeamSpywarefri
28.02.2012 17:37:37 Administrator Team Spywarefri Antal indlæg: 55510	Det ser fint ud. Combofix tog den smule der var, og det var ikke noget kritisk. Signatur qui potest, obligatur Nierne bomaye - You’ll never walk alone Kaffen er drukket Kassen er lukket Støtten gør mere nytte Hos de små og forknytte Børns vilkår Hospitalsklovne
[ Ignorer ] [ # 11 ] planet
28.02.2012 21:08:57 Antal indlæg: 49	Tusind tak, stråden må gerne lukkes med venlig hilsen Planet
[ Ignorer ] [ # 12 ] Fromsej TeamSpywarefri
28.02.2012 21:25:32 Administrator Team Spywarefri Antal indlæg: 55510	Velbekomme. Jeg låser tråden, du er velkommen en anden gang. Signatur qui potest, obligatur Nierne bomaye - You’ll never walk alone Kaffen er drukket Kassen er lukket Støtten gør mere nytte Hos de små og forknytte Børns vilkår Hospitalsklovne