CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede rasmusbl Nybegynder
18. august 2006 - 13:33 Der er 12 kommentarer og
2 løsninger

virus og browser hijacker

Har virus i følgende sti kommer AVG hele tiden op og siger: C:\\windows\system32\{233BDD07-F406-41F7-95A2-D09126A946B8}.exe virus

Trojan horse Generic. XFV

Kan ikke heale eller "move to vault". Har prøvet at scanne med AVG hele natten i fejlsikret tilstand, men da finder den ikke virusen? Da jeg så startede op normalt igen kom den op med virus advarslen.

Min browser er også blevet hijacked. Min log følger af nedenstående:

Logfile of HijackThis v1.99.1
Scan saved at 09:34:49, on 18-08-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\programmer\zango\zango.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\devldr32.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\ADMINI~1.MOB\LOKALE~1\Temp\Midlertidig mappe 1 for hijackthis
[1].zip\HijackThis.exe
C:\Programmer\Outlook Express\msimn.exe
C:\Programmer\ewido anti-spyware 4.0\guard.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Hyperlinks
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Zango Search Assistant
Helper /fleok=1D8A83A5C5E315789FA575760EA83FA5EF80752B94E3D67A5F7E46203DC0 -
{56F1D444-11BF-4879-A12B-79CF0177F038} - c:\programmer\zango\zangohook.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [zango] "c:\programmer\zango\zango.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -
atboottime
O4 - HKLM\..\Run: [yrzfi.exe] C:\WINDOWS\system32\yrzfi.exe
O4 - HKLM\..\Run: [!ewido] "C:\Programmer\ewido anti-spyware 4.0
\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN
Messenger\MsnMsgr.Exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) -
https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{577FD7C4-5FF2-40AE-8BBC-
876F78E1AB9A}: NameServer = 85.255.114.82,85.255.112.168
O17 - HKLM\System\CCS\Services\Tcpip\..\{9AC7D51C-31AF-4DF0-870F-
6CB164203086}: NameServer = 85.255.114.82,85.255.112.168
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.82
85.255.112.168
O17 - HKLM\System\CS1\Services\Tcpip\..\{577FD7C4-5FF2-40AE-8BBC-
876F78E1AB9A}: NameServer = 85.255.114.82,85.255.112.168
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.82
85.255.112.168
O17 - HKLM\System\CS2\Services\Tcpip\..\{577FD7C4-5FF2-40AE-8BBC-
876F78E1AB9A}: NameServer = 85.255.114.82,85.255.112.168
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.82
85.255.112.168
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1
\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1
\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. -
C:\Programmer\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32
\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. -
C:\Programmer\iPod\bin\iPodService.exe
Avatar billede Computer Hjælp (Gratis) Mester
18. august 2006 - 15:59 #1
Procedure følger - StandBy ...
Avatar billede Computer Hjælp (Gratis) Mester
18. august 2006 - 16:09 #2
Afinstall denne [Zango Search Assistant] - via Kontrolpanel
************
Under dette fix vil computeren blive genstartet, og du bør derfor printe vejledningen ud, for at have den ved din side under hele fixet. Fixet skal bruge adgang til internettet, så det skal du sikre dig, at der er.

1. Hent FixWareout fra et af disse links:

http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

2. Gem filen på dit Skrivebord og dobbeltklik på den. Klik Next -> Install og check, at der er et flueben i "Run fixit" - klik herefter på Finish. Fixet vil nu starte, og du skal blot følge instruktionerne. Du vil blive bedt om at genstarte din computer - gør venligst det. Genstarten vil tage lidt længere tid end normalt...

3. Når dit system genstarter skal du fortsat følge den vejledning, der gives på skærmen. Når fixet er færdigt vil der åbnes en log (report.txt), som du skal gemme og lægge herind i næste post.

4. Kør herefter HijackThis - klik på "Do a systemscan only", og sæt et flueben ud for følgende linier - luk øvrige programvinduer - klik "Fix checked":

O17 - HKLM\System\CCS\Services\Tcpip\..\{577FD7C4-5FF2-40AE-8BBC-
876F78E1AB9A}: NameServer = 85.255.114.82,85.255.112.168
O17 - HKLM\System\CCS\Services\Tcpip\..\{9AC7D51C-31AF-4DF0-870F-
6CB164203086}: NameServer = 85.255.114.82,85.255.112.168
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.82
85.255.112.168
O17 - HKLM\System\CS1\Services\Tcpip\..\{577FD7C4-5FF2-40AE-8BBC-
876F78E1AB9A}: NameServer = 85.255.114.82,85.255.112.168
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.82
85.255.112.168
O17 - HKLM\System\CS2\Services\Tcpip\..\{577FD7C4-5FF2-40AE-8BBC-
876F78E1AB9A}: NameServer = 85.255.114.82,85.255.112.168
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.82
85.255.112.168

5. Luk HJT og klik på OK for at fortsætte. Genstart din computer, og kopier indholdet af C:\fixwareout\report.txt herind sammen med en frisk HijackThis log.
Avatar billede rasmusbl Nybegynder
19. august 2006 - 10:24 #3
Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F0356D836158-3BA8-1B54-438A-C1F84537{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5A56EE7705DA-1E89-B414-33D9-83BA006B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B525DC1D140C-661A-3FC4-9E5B-E8A0A478{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}393C7BDC3288-A04B-6D84-AB0D-FD712687{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}ABE9EE84FCDB-D60B-8B74-A88C-1E52A170{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B879C72F3C1D-B20B-B3D4-432C-C1A89957{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}09DCB698CD49-A598-8894-855F-9644C5EF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9764FD219D31-A239-EB24-C315-44694B07{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F2004D0C8A0F-D578-B234-6665-9CDA5728{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F949FBAFF4F3-3588-CD64-84FD-D2F0407E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A045995CB919-137A-9E54-4642-A63AE302{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}51ACF502C141-C698-5A64-FC87-F3AA8E28{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}959FF44B5FDB-89AB-E5A4-CC82-855555C1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}577473D3F12D-9B78-2244-AA82-E4A27F9E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}65F0005E304D-11C9-7FA4-C131-0E192499{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}62CAF10A3496-65F9-51A4-CE99-23DCBA45{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5B8CF26FAFCC-51A9-6924-63A9-030801E1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}861D6A3EEE9D-A0F8-2B94-8C8E-3DD57A14{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}964BDDF5F6D1-A9CB-ABF4-C930-ACBA51E8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}09E484BAA830-4899-F654-EC23-59C32541{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D402FECEEBF6-1288-B3A4-2CB3-A344DC67{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EDA82B2EB9E5-47B8-2A84-5003-8C11969B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D6325C2A25D9-1618-AB34-AE54-E4418D8E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\isymd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8B649A62190D-2A59-7F14-604F-70DDB332{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}212A26F833C6-5D19-FC74-75FF-5A5A1CFF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BBF41BF0F494-9D09-BC74-A2AA-83BA397C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BFA49E4A17DE-C4C9-A8D4-DFD6-3F6DC9BC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}76FBB3CE0E54-EE08-0444-6321-FAF5E5D3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9DD24E06C723-1B78-79C4-7B4D-7666269D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}077506FB33DC-2F1A-7374-CA0E-7F9CD95E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6BA765500BCC-88EA-4AA4-5C2E-03D5803C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2DCF23F67675-8C48-2FA4-9387-2EB1CF1A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4AF0A4CAC5CE-CB2A-3CC4-60FF-1D5B56B6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BF97A3D947C5-91C9-4464-6A36-EF191ECF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AA6DDDEA40BE-8AD9-75A4-AEC3-AE743BFD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BE65FFFFBAB2-457A-AFE4-BF8D-6089BA3C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5545DC231946-62BB-9DD4-0E4F-7510238A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B97B48ABD244-CD38-2834-1157-914A8467{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}849912F68403-64E9-7144-549A-F824AA3B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8FEC9DA9C37F-2BE9-48A4-8473-BDAA50A9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FF575BEC8297-FC18-E9D4-7EE7-22D3C0E2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7E96FF1A21E5-8C5B-B354-8B7C-BAB82F65{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3915ADAC3273-97CB-A664-9470-4B7D3622{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\swen
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eerht
...

Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Searching by size/names...
* csr.exe  C:\WINDOWS\System32\CSQMZ.EXE

»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSQMZ.EXE      51.244 2006-08-17     

Other suspects.
Directory of C:\WINDOWS\system32
{2263D7B4-0749-466A-BC79-3723CADA5193}.exe
{56F28BAB-C7B8-453B-B5C8-5E12A1FF69E7}.exe
{2E0C3D22-7EE7-4D9E-81CF-7928CEB575FF}.exe
{9A05AADB-3748-4A84-9EB2-F73C9AD9CEF8}.exe
{B3AA428F-A945-4417-9E46-30486F219948}.exe
{7648A419-7511-4382-83DC-442DBA84B79B}.exe
{A8320157-F4E0-4DD9-BB26-649132CD5455}.exe
{C3AB9806-D8FB-4EFA-A754-2BABFFFF56EB}.exe
{DFB347EA-3CEA-4A57-9DA8-EB04AEDDD6AA}.exe
{FCE191FE-63A6-4644-9C19-5C749D3A79FB}.exe
{6B65B5D1-FF06-4CC3-A2BC-EC5CAC4A0FA4}.exe
{A1FC1BE2-7839-4AF2-84C8-57676F32FCD2}.exe
{C3085D30-E2C5-4AA4-AE88-CCB005567AB6}.exe
{E59DC9F7-E0AC-4737-A1F2-CD33BF605770}.exe
{D9626667-D4B7-4C97-87B1-327C60E42DD9}.exe
{3D5E5FAF-1236-4440-80EE-45E0EC3BBF67}.exe
{CB9CD6F3-6DFD-4D8A-9C4C-ED71A4E94AFB}.exe
{C793AB38-AA2A-47CB-90D9-494F0FB14FBB}.exe
{FFC1A5A5-FF57-47CF-91D5-6C338F62A212}.exe
{233BDD07-F406-41F7-95A2-D09126A946B8}.exe
{E8D8144E-45EA-43BA-8161-9D52A2C5236D}.exe
{B96911C8-3005-48A2-8B74-5E9BE2B28ADE}.exe
{76CD443A-3BC2-4A3B-8821-6FBEECEF204D}.exe
{14523C95-32CE-456F-9984-038AAB484E90}.exe
{8E15ABCA-039C-4FBA-BC9A-1D6F5FDDB469}.exe
{41A75DD3-E8C8-49B2-8F0A-D9EEE3A6D168}.exe
{1E108030-9A36-4296-9A15-CCFAF62FC8B5}.exe
{54ABCD32-99EC-4A15-9F56-6943A01FAC26}.exe
{E9F72A4E-28AA-4422-87B9-D21F3D374775}.exe
{1C555558-28CC-4A5E-BA98-BDF5B44FF959}.exe
{82E8AA3F-78CF-46A5-896C-141C205FCA15}.exe
{203EA36A-2464-45E9-A731-919BC599540A}.exe
{E7040F2D-DF48-46DC-8853-3F4FFABF949F}.exe
{8275ADC9-5666-432B-875D-F0A8C0D4002F}.exe
{70B49644-513C-42BE-932A-13D912DF4679}.exe
{FE5C4469-F558-4988-895A-94DC896BCD90}.exe
{75998A1C-C234-4D3B-B02B-D1C3F27C978B}.exe
{071A25E1-C88A-47B8-B06D-BDCF48EE9EBA}.exe
{786217DF-D0BA-48D6-B40A-8823CDB7C393}.exe
{874A0A8E-B5E9-4CF3-A166-C041D1CD525B}.exe
{B600AB38-9D33-414B-98E1-AD5077EE65A5}.exe

»»»»» Misc files.

»»»»» Checking for older varients covered by the Rem3 tool.

---------------

Logfile of HijackThis v1.99.1
Scan saved at 10:24:05, on 19-08-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmer\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\devldr32.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\ADMINI~1.MOB\LOKALE~1\Temp\Midlertidig mappe 4 for hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dmysi.exe] C:\WINDOWS\system32\dmysi.exe
O4 - HKLM\..\Run: [!ewido] "C:\Programmer\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [pxpms.exe] C:\WINDOWS\system32\pxpms.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmer\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
Avatar billede Computer Hjælp (Gratis) Mester
19. august 2006 - 17:06 #4
Har lige et 'hul' i programmet ->

Det er nogle jumske elementer du har fået indenbords - som kræver lidt extra gymnastik at få kvalt ...

-- Hent Avenger her:
http://swandog46.geekstogo.com/avenger.zip

-- Pak Avenger-programmet ud og dobbeltklik på avenger.exe

-- Sæt en prik i "Input Script Manually" og klik på Luppen - nu dukker der et lille vindue op, hvor du skal kopiere HELE indholdet mellem de stiplede linier ind:

------------------------
Files to delete:
C:\WINDOWS\System32\CSQMZ.EXE
C:\WINDOWS\system32\dmysi.exe
C:\WINDOWS\system32\pxpms.exe
C:\WINDOWS\System32\{2263D7B4-0749-466A-BC79-3723CADA5193}.exe
C:\WINDOWS\System32\{56F28BAB-C7B8-453B-B5C8-5E12A1FF69E7}.exe
C:\WINDOWS\System32\{2E0C3D22-7EE7-4D9E-81CF-7928CEB575FF}.exe
C:\WINDOWS\System32\{9A05AADB-3748-4A84-9EB2-F73C9AD9CEF8}.exe
C:\WINDOWS\System32\{B3AA428F-A945-4417-9E46-30486F219948}.exe
C:\WINDOWS\System32\{7648A419-7511-4382-83DC-442DBA84B79B}.exe
C:\WINDOWS\System32\{A8320157-F4E0-4DD9-BB26-649132CD5455}.exe
C:\WINDOWS\System32\{C3AB9806-D8FB-4EFA-A754-2BABFFFF56EB}.exe
C:\WINDOWS\System32\{DFB347EA-3CEA-4A57-9DA8-EB04AEDDD6AA}.exe
C:\WINDOWS\System32\{FCE191FE-63A6-4644-9C19-5C749D3A79FB}.exe
C:\WINDOWS\System32\{6B65B5D1-FF06-4CC3-A2BC-EC5CAC4A0FA4}.exe
C:\WINDOWS\System32\{A1FC1BE2-7839-4AF2-84C8-57676F32FCD2}.exe
C:\WINDOWS\System32\{C3085D30-E2C5-4AA4-AE88-CCB005567AB6}.exe
C:\WINDOWS\System32\{E59DC9F7-E0AC-4737-A1F2-CD33BF605770}.exe
C:\WINDOWS\System32\{D9626667-D4B7-4C97-87B1-327C60E42DD9}.exe
C:\WINDOWS\System32\{3D5E5FAF-1236-4440-80EE-45E0EC3BBF67}.exe
C:\WINDOWS\System32\{CB9CD6F3-6DFD-4D8A-9C4C-ED71A4E94AFB}.exe
C:\WINDOWS\System32\{C793AB38-AA2A-47CB-90D9-494F0FB14FBB}.exe
C:\WINDOWS\System32\{FFC1A5A5-FF57-47CF-91D5-6C338F62A212}.exe
C:\WINDOWS\System32\{233BDD07-F406-41F7-95A2-D09126A946B8}.exe
C:\WINDOWS\System32\{E8D8144E-45EA-43BA-8161-9D52A2C5236D}.exe
C:\WINDOWS\System32\{B96911C8-3005-48A2-8B74-5E9BE2B28ADE}.exe
C:\WINDOWS\System32\{76CD443A-3BC2-4A3B-8821-6FBEECEF204D}.exe
C:\WINDOWS\System32\{14523C95-32CE-456F-9984-038AAB484E90}.exe
C:\WINDOWS\System32\{8E15ABCA-039C-4FBA-BC9A-1D6F5FDDB469}.exe
C:\WINDOWS\System32\{41A75DD3-E8C8-49B2-8F0A-D9EEE3A6D168}.exe
C:\WINDOWS\System32\{1E108030-9A36-4296-9A15-CCFAF62FC8B5}.exe
C:\WINDOWS\System32\{54ABCD32-99EC-4A15-9F56-6943A01FAC26}.exe
C:\WINDOWS\System32\{E9F72A4E-28AA-4422-87B9-D21F3D374775}.exe
C:\WINDOWS\System32\{1C555558-28CC-4A5E-BA98-BDF5B44FF959}.exe
C:\WINDOWS\System32\{82E8AA3F-78CF-46A5-896C-141C205FCA15}.exe
C:\WINDOWS\System32\{203EA36A-2464-45E9-A731-919BC599540A}.exe
C:\WINDOWS\System32\{E7040F2D-DF48-46DC-8853-3F4FFABF949F}.exe
C:\WINDOWS\System32\{8275ADC9-5666-432B-875D-F0A8C0D4002F}.exe
C:\WINDOWS\System32\{70B49644-513C-42BE-932A-13D912DF4679}.exe
C:\WINDOWS\System32\{FE5C4469-F558-4988-895A-94DC896BCD90}.exe
C:\WINDOWS\System32\{75998A1C-C234-4D3B-B02B-D1C3F27C978B}.exe
C:\WINDOWS\System32\{071A25E1-C88A-47B8-B06D-BDCF48EE9EBA}.exe
C:\WINDOWS\System32\{786217DF-D0BA-48D6-B40A-8823CDB7C393}.exe
C:\WINDOWS\System32\{874A0A8E-B5E9-4CF3-A166-C041D1CD525B}.exe
C:\WINDOWS\System32\{B600AB38-9D33-414B-98E1-AD5077EE65A5}.exe
------------------------

-- Klik på Trafiklyset i Avenger. Programmet vil opfordre dig til at genstarte computeren straks, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.

-- Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

O4 - HKLM\..\Run: [dmysi.exe] C:\WINDOWS\system32\dmysi.exe
O4 - HKLM\..\Run: [pxpms.exe] C:\WINDOWS\system32\pxpms.exe


Genstart computeren, og lav en ny log med Hijackthis (ALTERNATIVE.EXE) , som du lægger herind sammen med loggen fra Avenger.
Avatar billede rasmusbl Nybegynder
21. august 2006 - 10:13 #5
hmmm, det gik vist ikke så godt med at slette de filer?

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\jkbnrjlf

*******************

Script file located at: \??\C:\twmmacrw.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\System32\CSQMZ.EXE deleted successfully.


File C:\WINDOWS\system32\dmysi.exe not found!
Deletion of file C:\WINDOWS\system32\dmysi.exe failed!

Could not process line:
C:\WINDOWS\system32\dmysi.exe
Status: 0xc0000034



File C:\WINDOWS\system32\pxpms.exe not found!
Deletion of file C:\WINDOWS\system32\pxpms.exe failed!

Could not process line:
C:\WINDOWS\system32\pxpms.exe
Status: 0xc0000034



File C:\WINDOWS\System32\{2263D7B4-0749-466A-BC79-3723CADA5193}.exe not found!
Deletion of file C:\WINDOWS\System32\{2263D7B4-0749-466A-BC79-3723CADA5193}.exe failed!

Could not process line:
C:\WINDOWS\System32\{2263D7B4-0749-466A-BC79-3723CADA5193}.exe
Status: 0xc0000034



File C:\WINDOWS\System32\{56F28BAB-C7B8-453B-B5C8-5E12A1FF69E7}.exe not found!
Deletion of file C:\WINDOWS\System32\{56F28BAB-C7B8-453B-B5C8-5E12A1FF69E7}.exe failed!

Could not process line:
C:\WINDOWS\System32\{56F28BAB-C7B8-453B-B5C8-5E12A1FF69E7}.exe
Status: 0xc0000034



File C:\WINDOWS\System32\{2E0C3D22-7EE7-4D9E-81CF-7928CEB575FF}.exe not found!
Deletion of file C:\WINDOWS\System32\{2E0C3D22-7EE7-4D9E-81CF-7928CEB575FF}.exe failed!

Could not process line:
C:\WINDOWS\System32\{2E0C3D22-7EE7-4D9E-81CF-7928CEB575FF}.exe
Status: 0xc0000034



File C:\WINDOWS\System32\{9A05AADB-3748-4A84-9EB2-F73C9AD9CEF8}.exe not found!
Deletion of file C:\WINDOWS\System32\{9A05AADB-3748-4A84-9EB2-F73C9AD9CEF8}.exe failed!

Could not process line:
C:\WINDOWS\System32\{9A05AADB-3748-4A84-9EB2-F73C9AD9CEF8}.exe
Status: 0xc0000034



File C:\WINDOWS\System32\{B3AA428F-A945-4417-9E46-30486F219948}.exe not found!
Deletion of file C:\WINDOWS\System32\{B3AA428F-A945-4417-9E46-30486F219948}.exe failed!

Could not process line:
C:\WINDOWS\System32\{B3AA428F-A945-4417-9E46-30486F219948}.exe
Status: 0xc0000034



File C:\WINDOWS\System32\{7648A419-7511-4382-83DC-442DBA84B79B}.exe not found!
Deletion of file C:\WINDOWS\System32\{7648A419-7511-4382-83DC-442DBA84B79B}.exe failed!

Could not process line:
C:\WINDOWS\System32\{7648A419-7511-4382-83DC-442DBA84B79B}.exe
Status: 0xc0000034



File C:\WINDOWS\System32\{A8320157-F4E0-4DD9-BB26-649132CD5455}.exe not found!
Deletion of file C:\WINDOWS\System32\{A8320157-F4E0-4DD9-BB26-649132CD5455}.exe failed!

Could not process line:
C:\WINDOWS\System32\{A8320157-F4E0-4DD9-BB26-649132CD5455}.exe
Status: 0xc0000034



File C:\WINDOWS\System32\{C3AB9806-D8FB-4EFA-A754-2BABFFFF56EB}.exe not found!
Deletion of file C:\WINDOWS\System32\{C3AB9806-D8FB-4EFA-A754-2BABFFFF56EB}.exe failed!

Could not process line:
C:\WINDOWS\System32\{C3AB9806-D8FB-4EFA-A754-2BABFFFF56EB}.exe
Status: 0xc0000034



File C:\WINDOWS\System32\{DFB347EA-3CEA-4A57-9DA8-EB04AEDDD6AA}.exe not found!
Deletion of file C:\WINDOWS\System32\{DFB347EA-3CEA-4A57-9DA8-EB04AEDDD6AA}.exe failed!

Could not process line:
C:\WINDOWS\System32\{DFB347EA-3CEA-4A57-9DA8-EB04AEDDD6AA}.exe
Status: 0xc0000034



File C:\WINDOWS\System32\{FCE191FE-63A6-4644-9C19-5C749D3A79FB}.exe not found!
Deletion of file C:\WINDOWS\System32\{FCE191FE-63A6-4644-9C19-5C749D3A79FB}.exe failed!

Could not process line:
C:\WINDOWS\System32\{FCE191FE-63A6-4644-9C19-5C749D3A79FB}.exe
Status: 0xc0000034



File C:\WINDOWS\System32\{6B65B5D1-FF06-4CC3-A2BC-EC5CAC4A0FA4}.exe not found!
Deletion of file C:\WINDOWS\System32\{6B65B5D1-FF06-4CC3-A2BC-EC5CAC4A0FA4}.exe failed!

Could not process line:
C:\WINDOWS\System32\{6B65B5D1-FF06-4CC3-A2BC-EC5CAC4A0FA4}.exe
Status: 0xc0000034



File C:\WINDOWS\System32\{A1FC1BE2-7839-4AF2-84C8-57676F32FCD2}.exe not found!
Deletion of file C:\WINDOWS\System32\{A1FC1BE2-7839-4AF2-84C8-57676F32FCD2}.exe failed!

Could not process line:
C:\WINDOWS\System32\{A1FC1BE2-7839-4AF2-84C8-57676F32FCD2}.exe
Status: 0xc0000034



File C:\WINDOWS\System32\{C3085D30-E2C5-4AA4-AE88-CCB005567AB6}.exe not found!
Deletion of file C:\WINDOWS\System32\{C3085D30-E2C5-4AA4-AE88-CCB005567AB6}.exe failed!

Could not process line:
C:\WINDOWS\System32\{C3085D30-E2C5-4AA4-AE88-CCB005567AB6}.exe
Status: 0xc0000034



File C:\WINDOWS\System32\{E59DC9F7-E0AC-4737-A1F2-CD33BF605770}.exe not found!
Deletion of file C:\WINDOWS\System32\{E59DC9F7-E0AC-4737-A1F2-CD33BF605770}.exe failed!

Could not process line:
C:\WINDOWS\System32\{E59DC9F7-E0AC-4737-A1F2-CD33BF605770}.exe
Status: 0xc0000034



File C:\WINDOWS\System32\{D9626667-D4B7-4C97-87B1-327C60E42DD9}.exe not found!
Deletion of file C:\WINDOWS\System32\{D9626667-D4B7-4C97-87B1-327C60E42DD9}.exe failed!

Could not process line:
C:\WINDOWS\System32\{D9626667-D4B7-4C97-87B1-327C60E42DD9}.exe
Status: 0xc0000034



File C:\WINDOWS\System32\{3D5E5FAF-1236-4440-80EE-45E0EC3BBF67}.exe not found!
Deletion of file C:\WINDOWS\System32\{3D5E5FAF-1236-4440-80EE-45E0EC3BBF67}.exe failed!

Could not process line:
C:\WINDOWS\System32\{3D5E5FAF-1236-4440-80EE-45E0EC3BBF67}.exe
Status: 0xc0000034



File C:\WINDOWS\System32\{CB9CD6F3-6DFD-4D8A-9C4C-ED71A4E94AFB}.exe not found!
Deletion of file C:\WINDOWS\System32\{CB9CD6F3-6DFD-4D8A-9C4C-ED71A4E94AFB}.exe failed!

Could not process line:
C:\WINDOWS\System32\{CB9CD6F3-6DFD-4D8A-9C4C-ED71A4E94AFB}.exe
Status: 0xc0000034



File C:\WINDOWS\System32\{C793AB38-AA2A-47CB-90D9-494F0FB14FBB}.exe not found!
Deletion of file C:\WINDOWS\System32\{C793AB38-AA2A-47CB-90D9-494F0FB14FBB}.exe failed!

Could not process line:
C:\WINDOWS\System32\{C793AB38-AA2A-47CB-90D9-494F0FB14FBB}.exe
Status: 0xc0000034



File C:\WINDOWS\System32\{FFC1A5A5-FF57-47CF-91D5-6C338F62A212}.exe not found!
Deletion of file C:\WINDOWS\System32\{FFC1A5A5-FF57-47CF-91D5-6C338F62A212}.exe failed!

Could not process line:
C:\WINDOWS\System32\{FFC1A5A5-FF57-47CF-91D5-6C338F62A212}.exe
Status: 0xc0000034



File C:\WINDOWS\System32\{233BDD07-F406-41F7-95A2-D09126A946B8}.exe not found!
Deletion of file C:\WINDOWS\System32\{233BDD07-F406-41F7-95A2-D09126A946B8}.exe failed!

Could not process line:
C:\WINDOWS\System32\{233BDD07-F406-41F7-95A2-D09126A946B8}.exe
Status: 0xc0000034



File C:\WINDOWS\System32\{E8D8144E-45EA-43BA-8161-9D52A2C5236D}.exe not found!
Deletion of file C:\WINDOWS\System32\{E8D8144E-45EA-43BA-8161-9D52A2C5236D}.exe failed!

Could not process line:
C:\WINDOWS\System32\{E8D8144E-45EA-43BA-8161-9D52A2C5236D}.exe
Status: 0xc0000034



File C:\WINDOWS\System32\{B96911C8-3005-48A2-8B74-5E9BE2B28ADE}.exe not found!
Deletion of file C:\WINDOWS\System32\{B96911C8-3005-48A2-8B74-5E9BE2B28ADE}.exe failed!

Could not process line:
C:\WINDOWS\System32\{B96911C8-3005-48A2-8B74-5E9BE2B28ADE}.exe
Status: 0xc0000034



File C:\WINDOWS\System32\{76CD443A-3BC2-4A3B-8821-6FBEECEF204D}.exe not found!
Deletion of file C:\WINDOWS\System32\{76CD443A-3BC2-4A3B-8821-6FBEECEF204D}.exe failed!

Could not process line:
C:\WINDOWS\System32\{76CD443A-3BC2-4A3B-8821-6FBEECEF204D}.exe
Status: 0xc0000034



File C:\WINDOWS\System32\{14523C95-32CE-456F-9984-038AAB484E90}.exe not found!
Deletion of file C:\WINDOWS\System32\{14523C95-32CE-456F-9984-038AAB484E90}.exe failed!

Could not process line:
C:\WINDOWS\System32\{14523C95-32CE-456F-9984-038AAB484E90}.exe
Status: 0xc0000034



File C:\WINDOWS\System32\{8E15ABCA-039C-4FBA-BC9A-1D6F5FDDB469}.exe not found!
Deletion of file C:\WINDOWS\System32\{8E15ABCA-039C-4FBA-BC9A-1D6F5FDDB469}.exe failed!

Could not process line:
C:\WINDOWS\System32\{8E15ABCA-039C-4FBA-BC9A-1D6F5FDDB469}.exe
Status: 0xc0000034



File C:\WINDOWS\System32\{41A75DD3-E8C8-49B2-8F0A-D9EEE3A6D168}.exe not found!
Deletion of file C:\WINDOWS\System32\{41A75DD3-E8C8-49B2-8F0A-D9EEE3A6D168}.exe failed!

Could not process line:
C:\WINDOWS\System32\{41A75DD3-E8C8-49B2-8F0A-D9EEE3A6D168}.exe
Status: 0xc0000034



File C:\WINDOWS\System32\{1E108030-9A36-4296-9A15-CCFAF62FC8B5}.exe not found!
Deletion of file C:\WINDOWS\System32\{1E108030-9A36-4296-9A15-CCFAF62FC8B5}.exe failed!

Could not process line:
C:\WINDOWS\System32\{1E108030-9A36-4296-9A15-CCFAF62FC8B5}.exe
Status: 0xc0000034



File C:\WINDOWS\System32\{54ABCD32-99EC-4A15-9F56-6943A01FAC26}.exe not found!
Deletion of file C:\WINDOWS\System32\{54ABCD32-99EC-4A15-9F56-6943A01FAC26}.exe failed!

Could not process line:
C:\WINDOWS\System32\{54ABCD32-99EC-4A15-9F56-6943A01FAC26}.exe
Status: 0xc0000034



File C:\WINDOWS\System32\{E9F72A4E-28AA-4422-87B9-D21F3D374775}.exe not found!
Deletion of file C:\WINDOWS\System32\{E9F72A4E-28AA-4422-87B9-D21F3D374775}.exe failed!

Could not process line:
C:\WINDOWS\System32\{E9F72A4E-28AA-4422-87B9-D21F3D374775}.exe
Status: 0xc0000034



File C:\WINDOWS\System32\{1C555558-28CC-4A5E-BA98-BDF5B44FF959}.exe not found!
Deletion of file C:\WINDOWS\System32\{1C555558-28CC-4A5E-BA98-BDF5B44FF959}.exe failed!

Could not process line:
C:\WINDOWS\System32\{1C555558-28CC-4A5E-BA98-BDF5B44FF959}.exe
Status: 0xc0000034



File C:\WINDOWS\System32\{82E8AA3F-78CF-46A5-896C-141C205FCA15}.exe not found!
Deletion of file C:\WINDOWS\System32\{82E8AA3F-78CF-46A5-896C-141C205FCA15}.exe failed!

Could not process line:
C:\WINDOWS\System32\{82E8AA3F-78CF-46A5-896C-141C205FCA15}.exe
Status: 0xc0000034



File C:\WINDOWS\System32\{203EA36A-2464-45E9-A731-919BC599540A}.exe not found!
Deletion of file C:\WINDOWS\System32\{203EA36A-2464-45E9-A731-919BC599540A}.exe failed!

Could not process line:
C:\WINDOWS\System32\{203EA36A-2464-45E9-A731-919BC599540A}.exe
Status: 0xc0000034



File C:\WINDOWS\System32\{E7040F2D-DF48-46DC-8853-3F4FFABF949F}.exe not found!
Deletion of file C:\WINDOWS\System32\{E7040F2D-DF48-46DC-8853-3F4FFABF949F}.exe failed!

Could not process line:
C:\WINDOWS\System32\{E7040F2D-DF48-46DC-8853-3F4FFABF949F}.exe
Status: 0xc0000034



File C:\WINDOWS\System32\{8275ADC9-5666-432B-875D-F0A8C0D4002F}.exe not found!
Deletion of file C:\WINDOWS\System32\{8275ADC9-5666-432B-875D-F0A8C0D4002F}.exe failed!

Could not process line:
C:\WINDOWS\System32\{8275ADC9-5666-432B-875D-F0A8C0D4002F}.exe
Status: 0xc0000034



File C:\WINDOWS\System32\{70B49644-513C-42BE-932A-13D912DF4679}.exe not found!
Deletion of file C:\WINDOWS\System32\{70B49644-513C-42BE-932A-13D912DF4679}.exe failed!

Could not process line:
C:\WINDOWS\System32\{70B49644-513C-42BE-932A-13D912DF4679}.exe
Status: 0xc0000034



File C:\WINDOWS\System32\{FE5C4469-F558-4988-895A-94DC896BCD90}.exe not found!
Deletion of file C:\WINDOWS\System32\{FE5C4469-F558-4988-895A-94DC896BCD90}.exe failed!

Could not process line:
C:\WINDOWS\System32\{FE5C4469-F558-4988-895A-94DC896BCD90}.exe
Status: 0xc0000034



File C:\WINDOWS\System32\{75998A1C-C234-4D3B-B02B-D1C3F27C978B}.exe not found!
Deletion of file C:\WINDOWS\System32\{75998A1C-C234-4D3B-B02B-D1C3F27C978B}.exe failed!

Could not process line:
C:\WINDOWS\System32\{75998A1C-C234-4D3B-B02B-D1C3F27C978B}.exe
Status: 0xc0000034



File C:\WINDOWS\System32\{071A25E1-C88A-47B8-B06D-BDCF48EE9EBA}.exe not found!
Deletion of file C:\WINDOWS\System32\{071A25E1-C88A-47B8-B06D-BDCF48EE9EBA}.exe failed!

Could not process line:
C:\WINDOWS\System32\{071A25E1-C88A-47B8-B06D-BDCF48EE9EBA}.exe
Status: 0xc0000034

File C:\WINDOWS\System32\{786217DF-D0BA-48D6-B40A-8823CDB7C393}.exe deleted successfully.


File C:\WINDOWS\System32\{874A0A8E-B5E9-4CF3-A166-C041D1CD525B}.exe not found!
Deletion of file C:\WINDOWS\System32\{874A0A8E-B5E9-4CF3-A166-C041D1CD525B}.exe failed!

Could not process line:
C:\WINDOWS\System32\{874A0A8E-B5E9-4CF3-A166-C041D1CD525B}.exe
Status: 0xc0000034



File C:\WINDOWS\System32\{B600AB38-9D33-414B-98E1-AD5077EE65A5}.exe not found!
Deletion of file C:\WINDOWS\System32\{B600AB38-9D33-414B-98E1-AD5077EE65A5}.exe failed!

Could not process line:
C:\WINDOWS\System32\{B600AB38-9D33-414B-98E1-AD5077EE65A5}.exe
Status: 0xc0000034



File C:\WINDOWS\System32\{874A0A8E-B5E9-4CF3-A166-C041D1CD525B}.exe not found!
Deletion of file C:\WINDOWS\System32\{874A0A8E-B5E9-4CF3-A166-C041D1CD525B}.exe failed!

Could not process line:
C:\WINDOWS\System32\{874A0A8E-B5E9-4CF3-A166-C041D1CD525B}.exe
Status: 0xc0000034



File C:\WINDOWS\System32\{B600AB38-9D33-414B-98E1-AD5077EE65A5}.exe not found!
Deletion of file C:\WINDOWS\System32\{B600AB38-9D33-414B-98E1-AD5077EE65A5}.exe failed!

Could not process line:
C:\WINDOWS\System32\{B600AB38-9D33-414B-98E1-AD5077EE65A5}.exe
Status: 0xc0000034


Completed script processing.

*******************

Finished!  Terminate.


-------------

Logfile of HijackThis v1.99.1
Scan saved at 10:13:00, on 21-08-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmer\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\devldr32.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\ADMINI~1.MOB\LOKALE~1\Temp\Midlertidig mappe 5 for hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dmysi.exe] C:\WINDOWS\system32\dmysi.exe
O4 - HKLM\..\Run: [pxpms.exe] C:\WINDOWS\system32\pxpms.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmer\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
Avatar billede ejvindh Ekspert
21. august 2006 - 16:08 #6
Lytter med her...
Avatar billede fromsej Praktikant
21. august 2006 - 17:17 #7
Det er en rigtig møginfektion du har fået ind, lad os se om vi kan pelse den på følgende måde.

Kør Hijackthis igen og fix:
O4 - HKLM\..\Run: [dmysi.exe] C:\WINDOWS\system32\dmysi.exe
O4 - HKLM\..\Run: [pxpms.exe] C:\WINDOWS\system32\pxpms.exe

Uden at genstarte, bruger du Avenger med følgende tekst:

Files to delete:
C:\WINDOWS\system32\dmysi.exe
C:\WINDOWS\system32\pxpms.exe

Genstart normalt, kør Fixwareout igen, kom  med loggen fra den og kom med en frisk Hijackthislog.
Avatar billede rasmusbl Nybegynder
21. august 2006 - 22:04 #8
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\sberyokt

*******************

Script file located at: \??\C:\WINDOWS\eelasgdy.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\dmysi.exe not found!
Deletion of file C:\WINDOWS\system32\dmysi.exe failed!

Could not process line:
C:\WINDOWS\system32\dmysi.exe
Status: 0xc0000034



File C:\WINDOWS\system32\pxpms.exe not found!
Deletion of file C:\WINDOWS\system32\pxpms.exe failed!

Could not process line:
C:\WINDOWS\system32\pxpms.exe
Status: 0xc0000034


Completed script processing.

*******************

Finished!  Terminate.

-------------------

Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please

Reg Entries that were deleted
...

Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Searching by size/names...

»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal

Other suspects.
Directory of C:\WINDOWS\system32

»»»»» Misc files.

»»»»» Checking for older varients covered by the Rem3 tool.

-----------

Logfile of HijackThis v1.99.1
Scan saved at 22:04:02, on 21-08-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmer\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\devldr32.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\ADMINI~1.MOB\LOKALE~1\Temp\Midlertidig mappe 6 for hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmer\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
Avatar billede fromsej Praktikant
22. august 2006 - 20:54 #9
Så er Wareout tilsyneladende væk, er dit problem løst?
Avatar billede rasmusbl Nybegynder
22. august 2006 - 21:23 #10
ja det tror jeg :) Takker. Hvis dem der har bidraget lige smider nogle svar?
Avatar billede fromsej Praktikant
22. august 2006 - 21:46 #11
Du bør lige deaktivere systemgendannelse, genstarte og genaktivere samt sætte filvisning til normal.
http://spywarefri.dk/virusscannere.htm#alle - Systemgendannelse.
Åbn en mappe, klik på Funktioner >Mappeindstillinger >Vis.
Sæt flueben ved "Skjul beskyttede operativsystemfiler".
Sæt flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis ikke skjulte filer og mapper".

For at holde den ren kan du kigge på vores pakke til formålet.
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm
Som minimum anbefaler jeg Spywareguard, Spywareblaster, IE-Spyad og IE Privacy Keeper.
Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414
http://fromsej.dk/html/avoid.html
Avatar billede Computer Hjælp (Gratis) Mester
24. august 2006 - 19:49 #12
<rasmusbl>: Du lukker lige pænt ikk' ->
http://expfaq.1go.dk/?id=3#behandling_af_svar
Avatar billede rasmusbl Nybegynder
26. august 2006 - 22:39 #13
<dr1>: jo men jeg skulle jo lige have dig til at ligge et svar også ik? ;-)
Avatar billede fromsej Praktikant
26. august 2006 - 22:44 #14
Tak for point.*S*
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus 21 22/06/202419:22 23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus 23 07/05/202421:02 13/05/202419:48
trusler Af gerhardpet i Virus 4 26/01/202410:02 27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus 16 09/01/202416:37 10/01/202419:59
virusscanning Af JetteD i Virus 2 10/11/202312:55 10/11/202316:36
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 17:36 støj fra bilradio når jeg oplader min telefon og hører musik via aux stikket Af ibnielsen i Mobiltelefoner
I går 08:58 Camera til usb > 30 Megapixel Af KurtG i Foto & video
I går 03:15 omarrangering af skærme Af jcr18 i Skærme
28/0711:41 Windows 10 : Ikke kopiere tekst med Firefox. Men gerne med Opera. Af Ikke-ekspert i Browsere
27/0718:09 Kan ikke fildele fra PC til PC Af gertLundberg i LAN/WAN
White papers
Flere white papers »


Premium
Teaser billede
Dybt inde i en sydøstasiatisk jungle sidder svindlere klar til at fuppe dig i et sofistikeret online scam
Læs mere »
Efter 6.000 flyaflysninger vil luftfartselskab kræve erstatning: Flere søgsmål mod Crowdstrike på vej
Nordkoreas mest aktive hackergruppe: APT45 er blevet spydspidsen i landets digitale maskine
Thomas Birn har været med til at smide cyberkriminelle fra et hav af lande ud af netværk: ”Jeg har set meget dårlig rådgivning gennem årene”
Se alle »
Computerworld
Teaser billede
Med SearchGPT har verden fået en spritny søgemaskine: Kan den true Googles dominans?
Læs mere »
Test: Endelig kan man få en soundbar der lyder godt - og som ikke behøver nogen klodset subwoofer
Nørgaard: Jeg har jo sagt det gang på gang på gang! VMS er det bedste styresystem EVER! Men lytter folk?! Nej, nej og atter nej!
Alvorlig fejl i Intel-chips breder sig: Listen over ramte processor vokser og vokser – og de kan blive permanent beskadigede
Se alle »
CIO
Teaser billede
Derfor står Danske Bank foran en kæmpe AWS-transformation: Ellers skulle vi bygge en ny infrastruktur for at følge med
Læs mere »
Stor aftale gør Microsofts datacentre hurtigere - investerer i netværksudstyr
Telenor skrotter ældre it-system: Nyt system er en hyldevare
Top-CIO Rasmus Lundgaard Pedersen balancerer hele tiden mellem to poler
Se alle »
Job & Karriere
Teaser billede
Efter 12 år er NNIT's hovedkvarter i Søborg nu ryddet og tomt - alle arbejder hjemme: "Det er med et vist vemod"
Læs mere »
KMD-direktør forlader selskabet: Det skal hun nu
Dansk top-profil trækker sig fra Microsoft: Skal være direktør i TDC Erhverv
IBM Danmark skifter ud i sin øverste ledelse - her er den nye direktion
Se alle »
White paper
Teaser billede
Sådan får du overblik og beskytter dine cloudapplikationer
Læs mere »
Informationshåndtering på frontlinjen: Sådan optimerer du med automatisering
Sådan høster du forretningsfordelene ved Internet of Things
Optimering af Source-to-Pay: Identificér oplagte gevinster og skær omkostninger
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »