kevinvo Skrevet 9. desember 2007 Del Skrevet 9. desember 2007 Jeg har en fil som ligger i mappen C:\WINDOWS\system32\avmete.dll som jeg ikke klarer å slette. Får feilmld: "Du har ikke tilgang eller filen er i bruk, kan ikke slettes" Har funnet ut at det er en Browser helper Object (BHO) som kjører i IE som add on, har disabled den men kan forsatt ikke slette filen. Den er en trojansk hest og angriper meg hele tiden. Jeg har prøvd følgende men uten å lykkes 1) Slette filen i safe mode. 2) Slette filen med Killbox.exe og hijackthis.exe. 3) Har kjørt spybot s&d og ad-adware uten å finne den. 4) Har kjørt BHOZapper program og fant filen men klarte ikke å slette den heller. 5) Har gått inn regedit og slette en verdi av den filen som opprettet uten hell. 6) Systemgjenoppretting kan ikke brukes fordi jeg har ikke noe tidligere tidspunkt å gjenopprette til. Har dere noen andre forslag... Vær vennlig å hjelpe meg folkens Lenke til kommentar
norbat Skrevet 9. desember 2007 Del Skrevet 9. desember 2007 Last ned Hijackthis. Legg det i en egen mappe på skrivebordet. Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster. Lenke til kommentar
Skagen Skrevet 9. desember 2007 Del Skrevet 9. desember 2007 Tråden flyttes til Programvare > Antivirusprogrammer og datasikkerhet. (Vennligst ikke kommenter dette innlegget. Reaksjoner på moderering gjøres via PM/melding) Lenke til kommentar
andreash Skrevet 9. desember 2007 Del Skrevet 9. desember 2007 Jeg har en fil som ligger i mappen C:\WINDOWS\system32\avmete.dll som jeg ikke klarer å slette.Får feilmld: "Du har ikke tilgang eller filen er i bruk, kan ikke slettes" Har funnet ut at det er en Browser helper Object (BHO) som kjører i IE som add on, har disabled den men kan forsatt ikke slette filen. Den er en trojansk hest og angriper meg hele tiden. Jeg har prøvd følgende men uten å lykkes 1) Slette filen i safe mode. 2) Slette filen med Killbox.exe og hijackthis.exe. 3) Har kjørt spybot s&d og ad-adware uten å finne den. 4) Har kjørt BHOZapper program og fant filen men klarte ikke å slette den heller. 5) Har gått inn regedit og slette en verdi av den filen som opprettet uten hell. 6) Systemgjenoppretting kan ikke brukes fordi jeg har ikke noe tidligere tidspunkt å gjenopprette til. Har dere noen andre forslag... Vær vennlig å hjelpe meg folkens Har du prøvd superantispyware? Den ligger på www.superantispyware.com Vet navnet høres rart ut, men den er faktisk ganske bra. Andreas Lenke til kommentar
kevinvo Skrevet 10. desember 2007 Forfatter Del Skrevet 10. desember 2007 Takk for forslaget, jeg skal prøve superantispyware idag Lenke til kommentar
kevinvo Skrevet 10. desember 2007 Forfatter Del Skrevet 10. desember 2007 Superantispyware fungerte heller ikke Har du noen andre forslag, takker og bukker for alle svar... Lenke til kommentar
kevinvo Skrevet 10. desember 2007 Forfatter Del Skrevet 10. desember 2007 Hei Norbat! Her har du Hijackthis loggen min. Hva skal jeg gjøre videre? Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\hphmon06.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Programfiler\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Billionton\Bluetooth-programvare\bin\btwdins.exe C:\Programfiler\Symantec AntiVirus\DefWatch.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe C:\Programfiler\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\HP_Eier\Skrivebord\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O2 - BHO: (no name) - {EE679482-C395-4756-8395-6724C7ECF778} - C:\WINDOWS\system32\avmete.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programfiler\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Programfiler\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [THGuard] "C:\Programfiler\TrojanHunter 5.0\THGuard.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [bHOZapper] C:\Programfiler\BHOZapper\BHOZapper.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O8 - Extra context menu item: &MSN Search - res://C:\Programfiler\MSN Toolbar Suite\TB2.05.0000.1105\nb-no\msntb.dll/search.htm O8 - Extra context menu item: &Search - ?p=ZRxdm480YYNO O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\Billionton\Bluetooth-programvare\btsendto_ie_ctx.htm O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programfiler\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://CD-en.scan.onecare.live.com/resource/...lscbase4009.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programfiler\Windows Live\Mail\mailcomm.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FELLES~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Programfiler\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\Billionton\Bluetooth-programvare\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programfiler\Symantec AntiVirus\DefWatch.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programfiler\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programfiler\Symantec AntiVirus\Rtvscan.exe O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Programfiler\UltraVNC\WinVNC.exe" -service (file missing) Lenke til kommentar
norbat Skrevet 10. desember 2007 Del Skrevet 10. desember 2007 Start hjt, velg "Do a system scan only", sett merke framfor følgede linje og klikk Fix checked: O2 - BHO: (no name) - {EE679482-C395-4756-8395-6724C7ECF778} - C:\WINDOWS\system32\avmete.dll Hent Avenger og pakk det ut. Start programmet, sett prikk i "Input Script Manually" og klikk på lupen. I vinduet som kommer opp kopierer du og limer inn det som er i fet skrift under: Files to delete: C:\WINDOWS\system32\avmete.dll Klikk på Trafikklyset. Restart PC-en. Etter restart vil det komme en loggfil som forteller hva som har skjedd. Du trenger ikke å poste den. Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) + ny hjt-logg. Lenke til kommentar
kevinvo Skrevet 10. desember 2007 Forfatter Del Skrevet 10. desember 2007 Her har du de loggene. 2007-12-10 20:31 . 2007-12-10 20:39 <DIR> d----c--- C:\Programfiler\a-squared HiJackFree 2007-12-10 19:56 . 2007-12-10 20:13 <DIR> d----c--- C:\Programfiler\Anti Trojan Elite 2007-12-09 21:46 . 2007-12-10 17:55 <DIR> d----c--- C:\Programfiler\BHOZapper 2007-12-09 21:22 . 2007-12-10 20:46 <DIR> dr-h-c--- C:\Documents and Settings\HP_Eier\Siste 2007-12-09 19:50 . 2007-12-09 19:54 <DIR> d----c--- C:\Programfiler\Windows Live Safety Center 2007-12-09 18:50 . 2007-12-09 19:26 1,537,765,888 --a--c--- C:\4343.tmp 2007-12-09 11:37 . 2007-12-09 11:53 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-12-09 11:37 . 2007-12-09 11:37 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2007-12-09 11:37 . 2007-12-09 11:37 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2007-12-09 11:37 . 2007-12-09 11:37 1,406 --a------ C:\WINDOWS\system32\Help.ico 2007-12-09 11:37 . 2006-04-03 10:59 128 --a------ C:\WINDOWS\system32\xposer.cfg 2007-12-09 11:37 . 2006-04-03 10:59 128 --a------ C:\WINDOWS\system32\asinst.cfg 2007-12-09 11:13 . 2007-12-09 11:13 256 --a------ C:\WINDOWS\adaway.lic 2007-12-09 00:31 . 2007-12-09 00:31 <DIR> d----c--- C:\Programfiler\CCleaner 2007-12-09 00:31 . 2007-12-09 00:31 <DIR> d----c--- C:\Documents and Settings\LocalService\Skrivebord 2007-12-08 23:54 . 2007-12-10 18:46 <DIR> d----c--- C:\Documents and Settings\HP_Eier\Programdata\SUPERAntiSpyware.com 2007-12-08 22:58 . 2007-12-10 19:42 <DIR> d----c--- C:\Programfiler\SUPERAntiSpyware 2007-12-08 22:58 . 2007-12-08 22:58 <DIR> d----c--- C:\Documents and Settings\LocalService\Programdata\SUPERAntiSpyware.com 2007-12-08 22:58 . 2007-12-08 22:58 <DIR> d----c--- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2007-12-08 22:24 . 2007-12-08 22:24 <DIR> d----c--- C:\Documents and Settings\Administrator.VODUYBINH.000\Programdata\TrojanHunter 2007-12-08 20:00 . 2007-12-08 20:00 <DIR> d----c--- C:\Documents and Settings\HP_Eier\Programdata\TrojanHunter 2007-12-08 18:45 . 2007-12-10 20:30 <DIR> d----c--- C:\Programfiler\TrojanHunter 5.0 2007-12-08 18:26 . 2007-12-08 18:35 0 --a------ C:\WINDOWS\system32\sys_dll.dll 2007-12-08 17:59 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-12-08 17:04 . 2005-01-01 22:53 <DIR> d----c--- C:\Documents and Settings\Administrator.VODUYBINH.000\WINDOWS 2007-12-08 17:04 . 2006-08-03 06:59 <DIR> dr---c--- C:\Documents and Settings\Administrator.VODUYBINH.000\Start-meny 2007-12-08 17:04 . 2004-11-30 22:24 <DIR> d--h-c--- C:\Documents and Settings\Administrator.VODUYBINH.000\Skrivere 2007-12-08 17:04 . 2005-01-01 22:58 <DIR> d----c--- C:\Documents and Settings\Administrator.VODUYBINH.000\Skrivebord 2007-12-08 17:04 . 2007-12-08 22:33 <DIR> dr-h-c--- C:\Documents and Settings\Administrator.VODUYBINH.000\Siste 2007-12-08 17:04 . 2005-01-01 23:10 <DIR> d----c--- C:\Documents and Settings\Administrator.VODUYBINH.000\Programdata\Symantec 2007-12-08 17:04 . 2005-01-01 23:02 <DIR> d----c--- C:\Documents and Settings\Administrator.VODUYBINH.000\Programdata\SampleView 2007-12-08 17:04 . 2005-01-01 22:52 <DIR> d----c--- C:\Documents and Settings\Administrator.VODUYBINH.000\Programdata\Apple Computer 2007-12-08 17:04 . 2006-08-03 06:59 <DIR> dr-h-c--- C:\Documents and Settings\Administrator.VODUYBINH.000\Programdata 2007-12-08 17:04 . 2006-08-03 06:59 <DIR> dr---c--- C:\Documents and Settings\Administrator.VODUYBINH.000\Mine dokumenter 2007-12-08 17:04 . 2006-08-03 07:02 <DIR> d--h-c--- C:\Documents and Settings\Administrator.VODUYBINH.000\Maler 2007-12-08 17:04 . 2004-12-01 01:17 <DIR> d--h-c--- C:\Documents and Settings\Administrator.VODUYBINH.000\Lokale innstillinger 2007-12-08 17:04 . 2006-08-03 06:59 <DIR> dr---c--- C:\Documents and Settings\Administrator.VODUYBINH.000\Favoritter 2007-12-08 17:04 . 2004-11-30 22:23 <DIR> d--h-c--- C:\Documents and Settings\Administrator.VODUYBINH.000\AndrMask 2007-12-08 16:50 . 2007-12-08 16:50 <DIR> d----c--- C:\Documents and Settings\LocalService\Start-meny 2007-12-08 16:45 . 2007-12-08 23:14 <DIR> dr---c--- C:\Documents and Settings\LocalService\Mine dokumenter 2007-11-28 19:25 . 2007-11-28 19:25 <DIR> d----c--- C:\Documents and Settings\LocalService\Programdata\MEGAUPLOADTOOLBAR 2007-11-28 19:25 . 2007-12-09 00:08 <DIR> dr---c--- C:\Documents and Settings\LocalService\Favoritter 2007-11-21 19:11 . 19,456 C:\WINDOWS\system32\drivers\dzdbtgcz.dat 2007-11-21 18:52 . 2004-08-04 13:00 108,800 --a------ C:\WINDOWS\system32\avmete.dll 2007-11-20 20:07 . 2007-11-28 18:21 <DIR> d----c--- C:\Programfiler\Dcads Advanced Toolbar 2007-11-20 20:07 . 2007-11-21 20:09 <DIR> d----c--- C:\Documents and Settings\HP_Eier\Programdata\Dcads Advanced Toolbar 2007-11-20 20:07 . 2007-11-21 20:11 40,731 --a------ C:\WINDOWS\system32\superiorads-uninst.exe 2007-11-15 21:33 . 2007-11-15 21:33 <DIR> d----c--- C:\Programfiler\Microsoft SQL Server Compact Edition 2007-11-15 21:26 . 2007-11-15 21:28 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-10 20:12 --------- dc----w C:\Programfiler\Symantec AntiVirus 2007-12-10 17:46 --------- dc----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-12-09 20:22 --------- dc----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2007-12-09 19:59 --------- dc----w C:\Programfiler\Yahoo! 2007-12-09 12:53 --------- dc----w C:\Programfiler\Windows Live Toolbar 2007-12-09 12:12 --------- dc----w C:\Programfiler\Fellesfiler\Symantec Shared 2007-12-08 18:25 --------- dc----w C:\Programfiler\Google 2007-12-08 17:48 --------- dc----w C:\Programfiler\UltraVNC 2007-12-04 17:52 --------- dc----w C:\Documents and Settings\HP_Eier\Programdata\Hamachi 2007-11-28 18:17 --------- dc----w C:\Documents and Settings\HP_Eier\Programdata\LimeWire 2007-11-28 17:23 --------- dc----w C:\Programfiler\Windows Live 2007-11-20 21:06 --------- dc----w C:\Documents and Settings\All Users\Programdata\WinZip 2007-11-15 20:26 --------- dc----w C:\Documents and Settings\All Users\Programdata\WLInstaller 2007-11-14 17:48 --------- dc----w C:\Documents and Settings\All Users\Programdata\Microsoft Help 2007-10-30 14:27 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys 2007-10-25 15:43 --------- dc----w C:\Programfiler\Mio Technology 2007-10-23 16:49 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR 2007-10-23 16:47 --------- dc----w C:\Documents and Settings\HP_Eier\Programdata\Screenshot Sender 2007-10-23 08:24 --------- dc----w C:\Programfiler\LimeWire 2007-10-12 19:07 --------- dc-h--r C:\Documents and Settings\HP_Eier\Programdata\yahoo! 2007-10-12 19:07 --------- dc----w C:\Documents and Settings\All Users\Programdata\yahoo! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE679482-C395-4756-8395-6724C7ECF778}] 2004-08-04 13:00 108800 --a------ C:\WINDOWS\system32\avmete.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub)] @={99FD978C-D287-4F50-827F-B2C658EDA8E7} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Groove Explorer Icon Overlay 2 (GFS Stub)] @={AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] @={920E6DB1-9907-4370-B3A0-BAFC03D81399} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Groove Explorer Icon Overlay 3 (GFS Folder)] @={16F3DD56-1AF5-4347-846D-7C10C4192619} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark)] @={2916C86E-86A6-43FE-8112-43ABE6BF8DCC} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Offline Files] [HKEY_CLASSES_ROOT\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}] 2006-10-26 23:48 2210608 --a------ C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [HKEY_CLASSES_ROOT\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}] 2006-10-26 23:48 2210608 --a------ C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [HKEY_CLASSES_ROOT\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}] 2006-10-26 23:48 2210608 --a------ C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [HKEY_CLASSES_ROOT\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}] 2006-10-26 23:48 2210608 --a------ C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [HKEY_CLASSES_ROOT\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}] 2006-10-26 23:48 2210608 --a------ C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04] "ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-06 04:05] "HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 20:30] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 21:54] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2004-06-09 19:31] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-10-06 16:56] "Adobe Version Cue CS2"="C:\Programfiler\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 17:58] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{7F7A1EDD-E15E-41ED-AA85-06EA55C7E13A}"= blank [ ] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Acrobat Speed Launcher.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Acrobat Speed Launcher.lnk backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Gamma.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Logitech Desktop Messenger.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Logitech Desktop Messenger.lnk backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^MioSync.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\MioSync.lnk backup=C:\WINDOWS\pss\MioSync.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Programfiler\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] C:\Programfiler\Yahoo!\Messenger\YahooMessenger.exe -quiet R0 yvrmzpak;yvrmzpak;C:\WINDOWS\system32\drivers\dzdbtgcz.dat R2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS R3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys S3 AdWatchDrv;AW Realtime Driver;\??\C:\WINDOWS\system32\drivers\AWRTPD.sys S3 ATE_PROCMON;ATE_PROCMON;\??\C:\Programfiler\Anti Trojan Elite\ATEPMon.sys S3 Usblink;Usblink Driver;C:\WINDOWS\system32\Drivers\ulink.sys . Contents of the 'Scheduled Tasks' folder "2006-07-19 19:32:17 C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job" - C:\Programfiler\Fellesfiler\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0 "2007-12-10 19:49:01 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job" - C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156] -> C:\DOCUME~1\HP_Eier\LOKALE~1\Temp\ljgsqsfgH.dll . ************************************************************************** catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-10 21:15:13 Windows 5.1.2600 Service Pack 2 NTFS ---------------- HJT log R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O2 - BHO: (no name) - {EE679482-C395-4756-8395-6724C7ECF778} - C:\WINDOWS\system32\avmete.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programfiler\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Programfiler\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O8 - Extra context menu item: &MSN Search - res://C:\Programfiler\MSN Toolbar Suite\TB2.05.0000.1105\nb-no\msntb.dll/search.htm O8 - Extra context menu item: &Search - ?p=ZRxdm480YYNO O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\Billionton\Bluetooth-programvare\btsendto_ie_ctx.htm O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programfiler\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://CD-en.scan.onecare.live.com/resource/...lscbase4009.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programfiler\Windows Live\Mail\mailcomm.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FELLES~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Programfiler\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\Billionton\Bluetooth-programvare\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programfiler\Symantec AntiVirus\DefWatch.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programfiler\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programfiler\Symantec AntiVirus\Rtvscan.exe O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Programfiler\UltraVNC\WinVNC.exe" -service (file missing) Lenke til kommentar
kevinvo Skrevet 10. desember 2007 Forfatter Del Skrevet 10. desember 2007 Filen er ikke slettet og problemet vedvarer Finnes det andre ting som er verdt å prøve? Lenke til kommentar
norbat Skrevet 10. desember 2007 Del Skrevet 10. desember 2007 Vi prøver følgende: Kjør HJT og fix følgede linjer: O2 - BHO: (no name) - {EE679482-C395-4756-8395-6724C7ECF778} - C:\WINDOWS\system32\avmete.dll O8 - Extra context menu item: &Search - ?p=ZRxdm480YYNO Åpne notisblokk og kopier inn det som er i fet tekst under. Lagre fila som regfix.reg og legg den på skrivebordet. Dobbeltklikk på fila og si ja til å legge til info'n i registeret: Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE679482-C395-4756-8395-6724C7ECF778}] Start Avenger igjen og lim inn følgende (i fet): Files to delete: C:\4343.tmp C:\WINDOWS\adaway.lic C:\WINDOWS\system32\avmete.dll Folders to delete: C:\Programfiler\Dcads Advanced Toolbar C:\Documents and Settings\HP_Eier\Programdata\Dcads Advanced Toolbar Deretter går du til følgende nettsted og laster opp fila (i fet): C:\WINDOWS\system32\drivers\dzdbtgcz.dat Blir det funnet noe i forbindelse med den, så sletter du den. Gi tilbakemelding på hvordan det gikk med slettingen. Lenke til kommentar
kevinvo Skrevet 10. desember 2007 Forfatter Del Skrevet 10. desember 2007 "Deretter går du til følgende nettsted og laster opp fila (i fet): C:\WINDOWS\system32\drivers\dzdbtgcz.dat" Hvilke nettsted mener du, har du adressen eller link dit? Lenke til kommentar
norbat Skrevet 10. desember 2007 Del Skrevet 10. desember 2007 Sorry, gikk litt fort i svingene her....Nettstedet: Jotti Lenke til kommentar
kevinvo Skrevet 10. desember 2007 Forfatter Del Skrevet 10. desember 2007 Alt annet ble slettet unntatt fra filen avmete.dll. Avenger: File C:\4343.tmp deleted successfully. File C:\WINDOWS\adaway.lic deleted successfully. Could not open file C:\WINDOWS\system32\avmete.dll for deletion Deletion of file C:\WINDOWS\system32\avmete.dll failed! Could not process line: C:\WINDOWS\system32\avmete.dll Status: 0xc0000022 Folder C:\Programfiler\Dcads Advanced Toolbar deleted successfully. Folder C:\Documents and Settings\HP_Eier\Programdata\Dcads Advanced Toolbar deleted successfully. Completed script processing. ------------------------------------------ Jotti: The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file Lenke til kommentar
norbat Skrevet 10. desember 2007 Del Skrevet 10. desember 2007 Er det mulig å laste opp C:\WINDOWS\system32\avmete.dll til Jotti? Hvis, hva blir resultatet? Lenke til kommentar
kevinvo Skrevet 10. desember 2007 Forfatter Del Skrevet 10. desember 2007 Ja det gikk an men jeg fikk samme meldingen The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file. Takk for alle svarene Lenke til kommentar
norbat Skrevet 11. desember 2007 Del Skrevet 11. desember 2007 (endret) Vi gir ikke opp Hent Smitfraudfix, legg det på skrivebordet Kjør Smitfraudfix, velg valg 1. Logg: Vanligvis å finne i C:\rapport.txt. Den poster du. Imens noen ser på den loggen kan du fortsette med følgende: Klikk: Start->Kjør Skriv/kopier inn: regsvr32 /u C:\WINDOWS\system32\avmete.dll Prøv deretter å slette filen (avenger/killbox eller manuelt fra sikker modus) Endret 11. desember 2007 av norbat Lenke til kommentar
kevinvo Skrevet 12. desember 2007 Forfatter Del Skrevet 12. desember 2007 Kanskje det er løsningen, men jeg har allerede kjørt en Windows gjenoppretting F10. Så jeg har fått fikset problemet Men tar litt tid å reinst. alle applikasjoner på nytt. Likevel tusen takk for hjelpen, Norbat. Jeg synes du er veldig dyktig. Lenke til kommentar
norbat Skrevet 12. desember 2007 Del Skrevet 12. desember 2007 Ja, noen ganger er det vel bare å bite i det sure reinstalleringseplet. Du får komme tilbake om det er behov for det (la oss ikke håpe det, men man vet jo aldri). mvh n Lenke til kommentar
morgan_kane Skrevet 12. desember 2007 Del Skrevet 12. desember 2007 går det ann å bruke en linux live cd for å slette ting på windows instalasjonen? Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå