Ændring af titellinie i explorer- vindue.

Hvis der ikke er nogen der kender stien i regedit, så kan jeg fjerne den med hijackthis

Hent hijackthis : http://www.spywarefri.dk/vaerktoj.htm#hijackthis

den udpakker du og kører Hijackthis, scan, save log og kopier logfilen herind, så kigger vi på den.

DU MÅ IKKE FIXE NOGET SELV. NÅR VI HAR TJEKKET LOGGEN IGENNEM FORTÆLLER VI DIG HVAD DER SKAL SLETTES...

Manual for installering af hijackthis:
http://www.spywarefri.dk/hijackthis.man.htm

Du kan se vejledning her http://www.tweakxp.com/display.aspx?id=129
Eller du kan hente Tweak XP fra samme site og bruge den til det og mange andre tweaks i windows

Følgende er logfilen:
Logfile of HijackThis v1.97.7
Scan saved at 9:33:01 PM, on 12/15/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Norton Internet Security\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~2\DAP\DAP.EXE
C:\WINDOWS\htpatch.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Programmer\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
D:\Programmer\Mus\iTouch\iTouch.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\WINDOWS\System32\IEDriver\IEDriver.exe
C:\WINDOWS\essspk.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmer\adobe\Distillr\acrotray.exe
C:\Programmer\Norton Internet Security\ccPxySvc.exe
C:\PROGRA~2\NORTON~3\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~2\NORTON~3\SPEEDD~1\nopdb.exe
C:\Programmer\adobe\Acrobat\Acrobat.exe
C:\WINDOWS\System32\wisptis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\THOMAS~1\LOCALS~1\TEMP\HIJACKTHIS.EXE
C:\WINDOWS\System32\IEDriver\IEUpdate.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\sb.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kom.jubii.dk/email/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://tdconline.dk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer leveret af TDC
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - (no file)
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Programmer\DAP\DAPBHO.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\adobe\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Programmer\DAP\DAPIEBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\adobe\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~2\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programmer\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [zBrowser Launcher] D:\Programmer\Mus\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [IEDriver] C:\WINDOWS\System32\IEDriver\IEDriver.exe
O4 - HKLM\..\Run: [Zenet] rundll32.exe C:\PROGRA~1\COMMON~2\Toolbar\CNBabe.dll,DllStartup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: restart_vs.lnk = F:\Viewsonic.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmer\adobe\Distillr\acrotray.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~2\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~2\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Run DAP (HKLM)
O9 - Extra 'Tools' menuitem: TurboDownload (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O10 - Hijacked Internet access by CommonName
O10 - Hijacked Internet access by CommonName
O10 - Hijacked Internet access by CommonName
O10 - Hijacked Internet access by CommonName
O14 - IERESET.INF: START_PAGE_URL=http://tdconline.dk
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/18723f1c29e944912614/netzip/RdxIE601.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.bgbank.dk/html/activex/danskesikker/BG/DanskeSikker.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{76E10A26-ECED-4D14-8B64-2EE321A6935A}: NameServer = 212.54.64.170,212.54.64.171

Okay - du skal vist også have tjekket den log :)

ja, jeg tjekker lige din log for snavs samtidig, for der er lidt snavs i den.

Du skal hente Lspfix http://www.cexx.org/LSPFix.exe og trykke gem og lægge den på dit skrivebord. Du har noget snavs der når vi fjerner det måske ødelægger din netforbindelse. Hvis du mister internetforbindelsen når du fixer de ting jeg kommer med skal du kører det lspfix, starte det, klik til fuld skærm, markere I know what I am doing og klikke på finish, genstart og lav en ny logfil, som du smider herind.

Først når det fix ligger på dit skrivebord, går du igang med det nedeunder.

Der var en del snavs:
Du skal nu til at i gang med at fixe. Men først skal du lige have noget instruktion. Allerførst skal du slå systemgendannelse fra. Hvis du ikke ved hvordan du gør det så kig her: http://www.spywarefri.dk/virus.htm#alle derefter skal du åbne hijackthis. Du får herunder nogle filer som du skal fixe, det du skal gøre er at sætte en vinge ud for alle disse filer. IKKE FIXE endnu. Når du har gjort det så lukker du alle andre vinduer ned, det er meget vigtigt at det eneste vindue som er åbent er HijackThis vinduet. Husk også at lukke dette vindue når du har markeret filerne. Nu må du fixe. Klik på Fix chekede. Efter fix skal du genstarte din computer.
Her er de filer, du skal fixe :


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\sb.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer leveret af TDC
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - (no file)
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Programmer\DAP\DAPBHO.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Programmer\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~2\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [Zenet] rundll32.exe C:\PROGRA~1\COMMON~2\Toolbar\CNBabe.dll,DllStartup
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~2\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~2\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Run DAP (HKLM)
O10 - Hijacked Internet access by CommonName
O10 - Hijacked Internet access by CommonName
O10 - Hijacked Internet access by CommonName
O10 - Hijacked Internet access by CommonName
O14 - IERESET.INF: START_PAGE_URL=http://tdconline.dk
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/18723f1c29e944912614/netzip/RdxIE601.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab


Derefter Genstarter du i fejlsikret tilstand(Fejlsikret tilstand kommer du i ved at trykke på <F8> når maskinen starter op, lige inden den begynder at indlæse Windows.) Find følgende fil i Stifinder og slet den:


C:\PROGRA~2\DAP\DAP.EXE


Derefter genstarter du og sender en ny log herind, for at se om vi har fået den helt ren.
Først når din log er endelig godkendt, må du aktiver din systemgendannelse igen.


DAP er ren spyware, derfor ryger den ud.
Alternativer: http://www.spywarefri.dk/software.htm#produktet.

Logfile of HijackThis v1.97.7
Scan saved at 10:06:51 PM, on 12/15/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmer\Norton Internet Security\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\Programmer\Norton Internet Security\ccPxySvc.exe
C:\PROGRA~2\NORTON~3\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~2\NORTON~3\SPEEDD~1\nopdb.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~2\DAP\DAP.EXE
C:\WINDOWS\htpatch.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Programmer\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
D:\Programmer\Mus\iTouch\iTouch.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\WINDOWS\System32\IEDriver\IEDriver.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\essspk.exe
C:\WINDOWS\system32\mobsync.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmer\adobe\Distillr\acrotray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Zip\UltimateZip 2.7\uzip.exe
C:\DOCUME~1\THOMAS~1\LOCALS~1\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\sb.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kom.jubii.dk/email/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://tdconline.dk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer leveret af TDC
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - (no file)
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Programmer\DAP\DAPBHO.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\adobe\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Programmer\DAP\DAPIEBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\adobe\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~2\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programmer\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [zBrowser Launcher] D:\Programmer\Mus\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [IEDriver] C:\WINDOWS\System32\IEDriver\IEDriver.exe
O4 - HKLM\..\Run: [Zenet] rundll32.exe C:\PROGRA~1\COMMON~2\Toolbar\CNBabe.dll,DllStartup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: restart_vs.lnk = F:\Viewsonic.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmer\adobe\Distillr\acrotray.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~2\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~2\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Run DAP (HKLM)
O9 - Extra 'Tools' menuitem: TurboDownload (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O10 - Hijacked Internet access by CommonName
O10 - Hijacked Internet access by CommonName
O10 - Hijacked Internet access by CommonName
O10 - Hijacked Internet access by CommonName
O14 - IERESET.INF: START_PAGE_URL=http://tdconline.dk
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/18723f1c29e944912614/netzip/RdxIE601.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.bgbank.dk/html/activex/danskesikker/BG/DanskeSikker.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{76E10A26-ECED-4D14-8B64-2EE321A6935A}: NameServer = 212.54.64.170,212.54.64.171

Har du fixe den jeg skrev, for der er ikke noget der er væk, så prøv igen og husk at deaktiver din systemgendannelse

Jeg har nu forsøgt tre gange... netforbindelsen er helt død og LSPFix genopretter ikke min bredbåndsforbindelse. Derfor har jeg kørt ghost for at komme tilbage til de gamle opsætninger. Følgende log-fil fik jeg dog lavet inden jeg kørte ghost:
Logfile of HijackThis v1.97.7
Scan saved at 11:16:42 PM, on 12/15/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Zip\UltimateZip 2.7\uzip.exe
C:\DOCUME~1\THOMAS~1\LOCALS~1\TEMP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kom.jubii.dk/email/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://tdconline.dk
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\adobe\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\adobe\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programmer\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [zBrowser Launcher] D:\Programmer\Mus\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [IEDriver] C:\WINDOWS\System32\IEDriver\IEDriver.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zenet] rundll32.exe C:\PROGRA~1\COMMON~2\Toolbar\CNBabe.dll,DllStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: restart_vs.lnk = F:\Viewsonic.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmer\adobe\Distillr\acrotray.exe
O9 - Extra 'Tools' menuitem: TurboDownload (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.bgbank.dk/html/activex/danskesikker/BG/DanskeSikker.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{76E10A26-ECED-4D14-8B64-2EE321A6935A}: NameServer = 212.54.64.170,212.54.64.171

Du nåede at blive ren, så jeg syntes lige at du skal smide en frisk log herind. så kigger vi på det.

Det er/var også noget rigtig grimt snavs, du havde fået dig, men nu ser vi med den nye log

følgende log er ny, men svarer til den gamle da jeg med ghost er kommet tilbage til de gamle opsætninger. Jeg kan ikke komme videre når den er blevet ren da netforbindelsen er død og ikke oprettes af LSPFix. "Ny log- fil";

Logfile of HijackThis v1.97.7
Scan saved at 7:24:38 AM, on 12/16/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Norton Internet Security\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\Programmer\Norton Internet Security\ccPxySvc.exe
C:\PROGRA~2\NORTON~3\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~2\NORTON~3\SPEEDD~1\nopdb.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~2\DAP\DAP.EXE
C:\WINDOWS\htpatch.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Programmer\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
D:\Programmer\Mus\iTouch\iTouch.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\WINDOWS\System32\IEDriver\IEDriver.exe
C:\WINDOWS\essspk.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmer\adobe\Distillr\acrotray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Thomas Styrk\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\sb.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kom.jubii.dk/email/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://tdconline.dk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer leveret af TDC
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - (no file)
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Programmer\DAP\DAPBHO.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\adobe\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Programmer\DAP\DAPIEBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\adobe\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~2\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programmer\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [zBrowser Launcher] D:\Programmer\Mus\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [IEDriver] C:\WINDOWS\System32\IEDriver\IEDriver.exe
O4 - HKLM\..\Run: [Zenet] rundll32.exe C:\PROGRA~1\COMMON~2\Toolbar\CNBabe.dll,DllStartup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: restart_vs.lnk = F:\Viewsonic.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmer\adobe\Distillr\acrotray.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~2\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~2\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Run DAP (HKLM)
O9 - Extra 'Tools' menuitem: TurboDownload (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O10 - Hijacked Internet access by CommonName
O10 - Hijacked Internet access by CommonName
O10 - Hijacked Internet access by CommonName
O10 - Hijacked Internet access by CommonName
O14 - IERESET.INF: START_PAGE_URL=http://tdconline.dk
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/18723f1c29e944912614/netzip/RdxIE601.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.bgbank.dk/html/activex/danskesikker/BG/DanskeSikker.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{76E10A26-ECED-4D14-8B64-2EE321A6935A}: NameServer = 212.54.64.170,212.54.64.171

SE om du har dette i din internetindstillinger, så skal vingerne fjernes ud for dem.
http://www.commonname.com/english/ug/toolbar/default.asp?idx=10#2

Et alternativ fix, når lspfix ikke kan klare opgaven:
kør dette program :
http://members.shaw.ca/techcd/WinsockXPFix.exe

klik på linket og åbn. tryk på fix og ja (reparer) og genstart..

Prøv at køre det fix nu og derefter genstarte og smid en ny log herind. Det han være vi er heldige at den fjernet problemet for os.


CommonName er noget at det værste spyware og meget svært at komme af med, det vi skal nok få has på det..

Nu lykkedes det. Common name findes ikke i mine internetindstillinger, men der er en mappe der hedder dette i mappen program files- skal den slettes. Common files findes ikke når jeg går ind i kontrolpaneler/ add or remove programs.
Frisk log:
Logfile of HijackThis v1.97.7
Scan saved at 9:22:36 AM, on 12/16/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmer\Norton Internet Security\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\Programmer\Norton Internet Security\ccPxySvc.exe
C:\PROGRA~2\NORTON~3\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~2\NORTON~3\SPEEDD~1\nopdb.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Programmer\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
D:\Programmer\Mus\iTouch\iTouch.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\WINDOWS\System32\IEDriver\IEDriver.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\essspk.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmer\adobe\Distillr\acrotray.exe
C:\WINDOWS\System32\wisptis.exe
C:\Documents and Settings\Thomas Styrk\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\sb.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kom.jubii.dk/email/
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\adobe\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\adobe\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programmer\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [zBrowser Launcher] D:\Programmer\Mus\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [IEDriver] C:\WINDOWS\System32\IEDriver\IEDriver.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zenet] rundll32.exe C:\PROGRA~1\COMMON~2\Toolbar\CNBabe.dll,DllStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: restart_vs.lnk = F:\Viewsonic.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmer\adobe\Distillr\acrotray.exe
O9 - Extra 'Tools' menuitem: TurboDownload (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://tdconline.dk
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/18723f1c29e944912614/netzip/RdxIE601.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.bgbank.dk/html/activex/danskesikker/BG/DanskeSikker.cab

Common files må ikke slettes..

skal fixes i hijackthis:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\sb.htm
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - (no file)
O14 - IERESET.INF: START_PAGE_URL=http://tdconline.dk
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/18723f1c29e944912614/netzip/RdxIE601.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

genstart og ny log

Forresten er der kommet en del filer på skrivebordet bla. med navnene: "backup-20031216-085538-108-Microsoft Office" & "backup-20031216-085538-108" skal disse fjernes??

De backups er den vi har slettet og det er snavs, så ud med dem og husk at tømme papirkurven bagefter

Ny LOG:
Logfile of HijackThis v1.97.7
Scan saved at 9:55:21 AM, on 12/16/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Norton Internet Security\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\Programmer\Norton Internet Security\ccPxySvc.exe
C:\PROGRA~2\NORTON~3\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~2\NORTON~3\SPEEDD~1\nopdb.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Programmer\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
D:\Programmer\Mus\iTouch\iTouch.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\WINDOWS\System32\IEDriver\IEDriver.exe
C:\WINDOWS\essspk.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmer\adobe\Distillr\acrotray.exe
C:\Documents and Settings\Thomas Styrk\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\sb.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kom.jubii.dk/email/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\adobe\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\adobe\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programmer\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [zBrowser Launcher] D:\Programmer\Mus\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [IEDriver] C:\WINDOWS\System32\IEDriver\IEDriver.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zenet] rundll32.exe C:\PROGRA~1\COMMON~2\Toolbar\CNBabe.dll,DllStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: restart_vs.lnk = F:\Viewsonic.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmer\adobe\Distillr\acrotray.exe
O9 - Extra 'Tools' menuitem: TurboDownload (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.bgbank.dk/html/activex/danskesikker/BG/DanskeSikker.cab

denne skal lige fixes igen:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\sb.htm

genstart og (måske) sidste log

Måske sidste log:
Logfile of HijackThis v1.97.7
Scan saved at 10:10:34 AM, on 12/16/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Norton Internet Security\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\Programmer\Norton Internet Security\ccPxySvc.exe
C:\PROGRA~2\NORTON~3\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~2\NORTON~3\SPEEDD~1\nopdb.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Programmer\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
D:\Programmer\Mus\iTouch\iTouch.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\WINDOWS\System32\IEDriver\IEDriver.exe
C:\WINDOWS\essspk.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmer\adobe\Distillr\acrotray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Thomas Styrk\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\sb.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kom.jubii.dk/email/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\adobe\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\adobe\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programmer\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [zBrowser Launcher] D:\Programmer\Mus\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [IEDriver] C:\WINDOWS\System32\IEDriver\IEDriver.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zenet] rundll32.exe C:\PROGRA~1\COMMON~2\Toolbar\CNBabe.dll,DllStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: restart_vs.lnk = F:\Viewsonic.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmer\adobe\Distillr\acrotray.exe
O9 - Extra 'Tools' menuitem: TurboDownload (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.bgbank.dk/html/activex/danskesikker/BG/DanskeSikker.cab

hmm.
Genstart i fejlsikret(f8 ved opstart) og fix denne:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\sb.htm

genstart og ja gæt*S*

Endnu en LOG:
Logfile of HijackThis v1.97.7
Scan saved at 10:23:49 AM, on 12/16/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Norton Internet Security\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\Programmer\Norton Internet Security\ccPxySvc.exe
C:\PROGRA~2\NORTON~3\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~2\NORTON~3\SPEEDD~1\nopdb.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Programmer\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
D:\Programmer\Mus\iTouch\iTouch.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\WINDOWS\System32\IEDriver\IEDriver.exe
C:\WINDOWS\essspk.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\mobsync.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmer\adobe\Distillr\acrotray.exe
C:\Documents and Settings\Thomas Styrk\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\sb.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kom.jubii.dk/email/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\adobe\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\adobe\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programmer\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [zBrowser Launcher] D:\Programmer\Mus\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [IEDriver] C:\WINDOWS\System32\IEDriver\IEDriver.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zenet] rundll32.exe C:\PROGRA~1\COMMON~2\Toolbar\CNBabe.dll,DllStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: restart_vs.lnk = F:\Viewsonic.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmer\adobe\Distillr\acrotray.exe
O9 - Extra 'Tools' menuitem: TurboDownload (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.bgbank.dk/html/activex/danskesikker/BG/DanskeSikker.cab

Og nu må det være nok!!

Det er en lille bagatel, som lyste i øjnene på mig, så derfor ville jeg gerne af med den, men når den er så besværlig, så overlever vi nok..

Du er ren og kan aktiver din systemgendannelse igen

For at sikre din fremtidige færden på nettet vil jeg foreslå at du henter følgende freeware programmer :
Spywareblaster & Spywareguard & IE-SPYAD & Empty Temp Folders

Alle programmerne finder du her http://www.spywarefri.dk/vaerktoj.htm

Hvor der også er en beskrivelse af programmerne, samt en installations vejledning..

Alt sammen skal løbende opdateres, Du kan følge med hvornår programmet sidst er opdateret nederst på www.spywarefri.dk.

Det er meget vigtigt at du også holder dit windows og IE opdateret.

du skal lige sørge for at få lukket Dcom. Her kan du se hvordan du skal gøre det : http://www.spywarefri.dk/tipsogtricks.htm#DCom

Derefter kan du trygt surfe på nettet, uden at få alt det snavs på computeren.

Jeg siger mange tak!!

Velbekommen