Internet starte

Følg vejledningen her:
Gå ind her og hent Hijackthis.
http://danborg.org/spy/HJT/hijackthis.exe
Kør Hijackthis, scan, save log og kopier logfilen herind, så kigger jeg på den. Lad være med at slette noget selv med Hijackthis, det kan skade mere end det gavner.

<umulius>: Du er ikke specielt flink til selv at følge op:
http://www.eksperten.dk/list.phtml?sort=&order=DESC&status_1=on&status_2=on&spm_creator=umulius&spm_part=&spm_answer=&find=&engine=exp

her er log filenLogfile of HijackThis v1.99.1
Scan saved at 19:52:04, on 25-05-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\SYSTEM32\init34x.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe
C:\Programmer\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\inet20038\services.exe
C:\Documents and Settings\administrator\Internet Optimizer\optimize.exe
C:\WINDOWS\inet20038\explorer.exe
C:\WINDOWS\system32\msxct.exe
C:\WINDOWS\sys318.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\winsocks5.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\sys3217.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe
\Saturn\fambeck\ulrik\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-paga.com/10087/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: Shell=Explorer.exe init34x.exe
F3 - REG:win.ini: run=C:\WINDOWS\inet20038\services.exe
O1 - Hosts: 255.255.255.255 ar.atwola.com atdmt.com avp.ch avp.com avp.ru awaps.net ca.com dispatch.mcafee.com download.mcafee.com download.microsoft.com downloads.microsoft.com engine.awaps.net f-secure.com ftp.f-secure.com ftp.sophos.com go.microsoft.com liveupdate.symantec.com mast.mcafee.com mcafee.com msdn.microsoft.com my-etrust.com nai.com networkassociates.com office.microsoft.com phx.corporate-ir.net secure.nai.com securityresponse.symantec.com service1.symantec.com sophos.com spd.atdmt.com support.microsoft.com symantec.com update.symantec.com updates.symantec.com us.mcafee.com vil.nai.com viruslist.ru windowsupdate.microsoft.com www.avp.ch www.avp.com www.avp.ru www.awaps.net www.ca.com www.f-secure.com www.kaspersky.ru www.mcafee.com www.my-etrust.com www.nai.com www.networkassociates.com www.sophos.com www.symantec.com www.trendmicro.com www.viruslist.com www.viruslist.ru www3.ca.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - C:\WINDOWS\SYSTEM\Loader.dll
O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inet20038\3.00.05.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ALUAlert] C:\Programmer\Symantec\LiveUpdate\ALUNOTIFY.EXE
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmer\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Documents and Settings\administrator\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20038\services.exe
O4 - HKLM\..\Run: [sys009] C:\WINDOWS\system32\sys009.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Programmer\Security iGuard\Security iGuard.exe
O4 - HKLM\..\RunOnce: [DeleteISTbar] rundll32.exe advpack.dll,DelNodeRunDLL32 "C:\Programmer\ISTbar\istbarcm.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20038\services.exe
O4 - Startup: Reboot.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {9D201181-0570-453C-A3CB-1D1846CC632F} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {9D201181-0570-453C-A3CB-1D1846CC632F} - (no file) (HKCU)
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = farver79.dk
O17 - HKLM\Software\..\Telephony: DomainName = farver79.dk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = farver79.dk
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmer\Fælles filer\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe

Jeg kigger lige på den ..

Hent denne Kaspersky scanner, den skal du bruge senere.
http://www.spywareinfo.dk/download/mwav.exe - Virusscanner.

http://bilder.informationsarchiv.net/Nikitas_Tools/HSFix.zip

... og denne fil (gem den på dit Skrivebord):
www.spywareinfo.dk/download/cleantempxp2k.bat

Så skal du genstarte pc'en i fejlsikret tilstand. Klik F8 under opstart.

Kør hsfix.bat - 2 gange.

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, slet mapper og filer listet nederst.
Dobbelttjek, så alt kommer med.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-paga.com/10087/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
F2 - REG:system.ini: Shell=Explorer.exe init34x.exe
F3 - REG:win.ini: run=C:\WINDOWS\inet20038\services.exe
O1 - Hosts: 255.255.255.255 ar.atwola.com atdmt.com avp.ch avp.com avp.ru awaps.net ca.com dispatch.mcafee.com download.mcafee.com download.microsoft.com downloads.microsoft.com engine.awaps.net f-secure.com ftp.f-secure.com ftp.sophos.com go.microsoft.com liveupdate.symantec.com mast.mcafee.com mcafee.com msdn.microsoft.com my-etrust.com nai.com networkassociates.com office.microsoft.com phx.corporate-ir.net secure.nai.com securityresponse.symantec.com service1.symantec.com sophos.com spd.atdmt.com support.microsoft.com symantec.com update.symantec.com updates.symantec.com us.mcafee.com vil.nai.com viruslist.ru windowsupdate.microsoft.com www.avp.ch www.avp.com www.avp.ru www.awaps.net www.ca.com www.f-secure.com www.kaspersky.ru www.mcafee.com www.my-etrust.com www.nai.com www.networkassociates.com www.sophos.com www.symantec.com www.trendmicro.com www.viruslist.com www.viruslist.ru www3.ca.com
O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - C:\WINDOWS\SYSTEM\Loader.dll
O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inet20038\3.00.05.dll
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Documents and Settings\administrator\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20038\services.exe
O4 - HKLM\..\Run: [sys009] C:\WINDOWS\system32\sys009.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Programmer\Security iGuard\Security iGuard.exe
O4 - HKLM\..\RunOnce: [DeleteISTbar] rundll32.exe advpack.dll,DelNodeRunDLL32 "C:\Programmer\ISTbar\istbarcm.dll"
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20038\services.exe
O4 - Startup: Reboot.exe
O9 - Extra button: Microsoft AntiSpyware helper - {9D201181-0570-453C-A3CB-1D1846CC632F} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {9D201181-0570-453C-A3CB-1D1846CC632F} - (no file) (HKCU)
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

---------------------------------------
Sletning af filer og mapper:
Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".
Brug af Start->Søg.
Klik på "Alle filer og mapper"
Klik på "Avancerede indstillinger"
Sæt flueben i de tre øverste.
-------------------
Mapper:
C:\WINDOWS\inet20038
c:\Documents and Settings\administrator\Internet Optimizer
C:\Programmer\Security iGuard
C:\Programmer\ISTbar

Filer:
C:\WINDOWS\SYSTEM32\init34x.exe
C:\WINDOWS\system32\msxct.exe
C:\WINDOWS\sys318.exe
C:\WINDOWS\sys3217.exe
C:\WINDOWS\SYSTEM\Loader.dll
C:\WINDOWS\system32\sys009.exe

Dobbeltklik på cleantempxp2k.bat

---------------------------------------
Så kører du engangsskanneren fra Kaspersky - Aktiver det hele i opsætningen derinde, så den kan skanne alt igennem.
---------------------------------------

Genstart normalt og kom med en ny log til kontrol samt hsfix log'en (som du finder i C:/hslog.txt)

Der manglede lige lidt info omkring denne linie:
"http://bilder.informationsarchiv.net/Nikitas_Tools/HSFix.zip"

Her var det der skulle have stået:

Hent denne fil og pak den ud på Skrivebordet:
http://bilder.informationsarchiv.net/Nikitas_Tools/HSFix.zip

(Hvad endte denne tråd med?)

lukket

<umulius> -> http://www.eksperten.dk/list.phtml?sort=&order=DESC&status_1=on&status_2=on&spm_creator=umulius&spm_part=&spm_answer=&find=&engine=exp ??? - pt stadig 17 stk. åbne/uafsluttede...