Har jeg virus?

følg denne vejledning:
http://exp.dk/artikler/755

Lad os se en hijackthis www.arlet.dk/hjt.htm

Du får lov at køre hele turen, når hcma catbody siger det*S*

Her er en log fra DRWEB:
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 51712
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 2
Riskware programs found: 4
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 6
Objects moved: 0
Objects ignored: 0
Scan speed: 687 Kb/s
Scan time: 01:21:50
-----------------------------------------------------------------------------

Og her en fra HIJACKTHIS

Logfile of HijackThis v1.99.1
Scan saved at 10:12:48, on 09-01-2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
D:\Programmer\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
d:\Programmer\ewido anti-malware\ewidoctrl.exe
d:\Programmer\ewido anti-malware\ewidoguard.exe
C:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe
D:\Programmer\MagicRotation\MagicPvt.exe
D:\Programmer\nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\PROGRA~1\FÆLLES~1\PCSuite\DATALA~1\DATALA~1.EXE
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
D:\Programmer\nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\FÆLLES~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\FÆLLES~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmer\MailWasher Pro\MailWasher.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Documents and Settings\fsa\Skrivebord\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - D:\Programmer\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1030,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [SetecCertUtil] C:\Programmer\Setec\Web and Email Security\Certutil.exe
O4 - HKLM\..\Run: [ActiveFax Client] D:\programmer\activefax\Client\ActFaxClient.exe -Autostart
O4 - HKLM\..\Run: [MagicRotation] d:\Programmer\MagicRotation\MagicPvt.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Programmer\nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FÆLLES~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TrojanScanner] d:\Programmer\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [PcSync] D:\Programmer\nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: MailWasherPro.lnk = C:\Programmer\MailWasher Pro\MailWasher.exe
O4 - Startup: BUFFALO EasyBackup.lnk = C:\Programmer\BUFFALO\LinkStation\LsBackup.exe
O4 - Global Startup: MailWasherPro.lnk = C:\Programmer\MailWasher Pro\MailWasher.exe
O4 - Global Startup: HPAiODevice(hp officejet d series) - 1.lnk = C:\Programmer\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Programmer\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Programmer\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Programmer\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .ai: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .xar: C:\PROGRA~1\INTERN~1\PLUGINS\NPXaraC.dll
O16 - DPF: {0006F063-0000-0000-C000-000000000046} (Microsoft Outlook View Control) - http://demo.cps.intrafinity.com/modules/outlook_mail/controls/outlctlx.CAB
O16 - DPF: {0D06CDB2-163D-46FD-94B7-BD3B1D69F846} (WDX.WDX_Main) - https://www.web-direct.dk/WDX.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://business.bgbank.dk/html/activex/BG/Menu.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125988167435
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} (TSCCInstall Class) - http://www.techsmith.com/codec/tsccinst.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {89A312AE-8D21-42B1-848B-FD8E27F9A2A9} (PrimeInk for Web Applications Signing Component) - https://webreg.dk/web.dll
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.bang-olufsen.com/InstallObjs/isetup.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://communities.msn.dk/scr/MsnUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/install/guidedsolutions.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {C07E5288-22FB-11D7-962E-0004AC77C761} (Dataloen.ctlVirtuelDesktop) - http://activex.dataloen.dk/controls/Dataloen3319.CAB
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.norton.com/us/sa/common/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540001} - http://www.original-ecards.net/au/flashplayer.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://business.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://business.bgbank.dk/businessbg/activex/DanskeSikker.cab
O16 - DPF: {FF2ED99D-13F1-460A-9A8F-C1A876B62D37} (WDX.WDX_Main) - https://www.web-direct.dk/WDX.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{1042E6AA-B2F7-4BDE-ABC1-31B7F8C4B242}: NameServer = 194.239.134.83
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC0AEF53-8604-4CCA-A9A3-CC77FA9DFDA6}: Domain = SEH
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC0AEF53-8604-4CCA-A9A3-CC77FA9DFDA6}: NameServer = 194.239.134.83,193.162.153.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{1042E6AA-B2F7-4BDE-ABC1-31B7F8C4B242}: NameServer = 194.239.134.83
O17 - HKLM\System\CS2\Services\Tcpip\..\{1042E6AA-B2F7-4BDE-ABC1-31B7F8C4B242}: NameServer = 194.239.134.83
O17 - HKLM\System\CS3\Services\Tcpip\..\{1042E6AA-B2F7-4BDE-ABC1-31B7F8C4B242}: NameServer = 194.239.134.83
O20 - Winlogon Notify: sslx32 - C:\WINDOWS\SYSTEM32\sslx32.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard, Ltd. - D:\Programmer\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: ewido security suite control - ewido networks - d:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - d:\Programmer\ewido anti-malware\ewidoguard.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - D:\Programmer\UltraVNC\WinVNC.exe" -service (file missing)

EWIDO genererede en tom log. (Intet fundet!).

Problemet med Outlook har løst sig. Dog er maskinen langsommere end normalt.
Jeg har netop kørt en Windows Update samt afinstalleret programmer der ikke længere er i brug.

Kan der læses noget kritisk ud af loggen?

Hent L2mfix.exe fra et af disse steder:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Gem filen på dit Skrivebord og dobbeltklik på l2mfix.exe. Klik på Install knappen og følg instruktionerne. Åben herefter den nye mappe der er dannet på dit Skrivebord (l2mfix). Dobbeltklik på l2mfix.bat og vælg option 1 (Run Find log) ved at taste "1" og "Enter". Din computer bliver nu scannet - efter et par minutter åbnes en tekstfil i Notesblok. Kopier indholdet herind.

NB: Du må ikke køre option 2 eller andre af filerne i l2mfix mappen, før du er blevet bedt om det.

Her er log'en.

L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
  6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sslx32]
"secureUID"="[389289451074291060]"
"secureTIME"="23:12"
"DllName"=hex(2):73,00,73,00,6c,00,78,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,\
  00,00
"Startup"="KsCheckSDT"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
"MaxWait"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Egenskabsark for multimediefiler"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-scannerstyring"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Sikkerhedsside"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Egenskabsside for OLE-dokumentfil"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Gr‘nsefladeudvidelse til deling"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Kontrolpanel-udvidelse til sk‘rmkort"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Kontrolpanel-udvidelse til sk‘rm"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Kontrolpanel-udvidelse til sk‘rmpanorering"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security-side"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilitetsside"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Udvidelsen Diskcopy"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Gr‘nsefladeudvidelser til Microsoft Windows-netv‘rksobjekter"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-sk‘rmstyring"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-printerstyring"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Gr‘nsefladeudvidelser til filkomprimering"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Gr‘nsefladeudvidelse til webudskrift"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Kontekstmenu til kryptering"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Rejsetaske"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-ikon"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profil"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Sikkerhedsside"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Gr‘nsefladeudvidelse til deling"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO-filtype"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto signeringsfiltype"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netv‘rksforbindelser"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netv‘rksforbindelser"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scannere og kameraer"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scannere og kameraer"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scannere og kameraer"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scannere og kameraer"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scannere og kameraer"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell-udvidelser til  Windows Script-v‘rt"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft-dataforbindelse"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Planlagte opgaver"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Proceslinje og menuen Start"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="S›g"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hj‘lp og support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hj‘lp og support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="K›r..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internettet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Merge Shell Folder"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Microsoft SearchBand"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft URL-oversigtstjeneste"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Oversigt"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Velkomstbillede til Internet Explorer 4-suiten"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internettet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-cachemappe"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Programstyring"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Opt‘lling af installerede programmer"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Udpakning af miniaturer til GDI+-filer"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Dokumentinfo om miniaturehandler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Udpakning af HTML-miniaturer"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Guiden Webudgivelse"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestil billedudskrift over World Wide Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objekt til guiden Webudgivelse"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Guiden F† et Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Brugerkonti"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanalfil"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Genvej til kanal"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Mappen Offlinefiler"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Efter &personer..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{13709620-C279-11CE-A49E-444553540000}"="Shell Automation Service"
"{62112AA1-EBE4-11cf-A5FB-0020AFE7292D}"="Shell Automation Folder View"
"{7BA4C740-9E81-11CF-99D3-00AA004AE837}"="Microsoft SendTo Service"
"{D969A300-E7FF-11d0-A93B-00A0C90F2719}"="Microsoft New Object Service"
"{0E5CBF21-D15F-11d0-8301-00AA005B4383}"="&Links"
"{7487cd30-f71a-11d0-9ea7-00805f714772}"="Thumbnail Image"
"{568804CA-CBD7-11d0-9816-00C04FD91972}"="Menu Shell Folder"
"{ECD4FC4F-521C-11D0-B792-00A0C90312E1}"="Menu Desk Bar"
"{4622AD11-FF23-11d0-8D34-00A0C90F2719}"="Menuen Start"
"{E13EF4E4-D2F2-11d0-9816-00C04FD91972}"="Menu Site"
"{D82BE2B0-5764-11D0-A96E-00C04FD705A2}"="IShellFolderBand"
"{3AD1E410-AAB9-11d0-89D7-00C04FC9E26E}"="Name Space Control Band"
"{57651662-CE3E-11D0-8D77-00C04FC99D61}"="CmdFileIcon"
"{B091E540-83E3-11CF-A713-0020AFD79762}"="Side til filtyper"
"{3FC0B520-68A9-11D0-8D77-00C04FD70822}"="Display Control Panel HTML Extensions"
"{8BEBB290-52D0-11D0-B7F4-00C04FD706EC}"="Miniaturer"
"{7D688A77-C613-11D0-999B-00C04FD655E1}"="SlowFile Icon Overlay"
"{5b4dae26-b807-11d0-9815-00c04fd91972}"="Menu Band"
"{8278F931-2A3E-11d2-838F-00C04FD918D0}"="Tracking Shell Menu"
"{C2FBB630-2971-11d1-A18C-00C04FD75D13}"="Microsoft CopyTo Service"
"{C2FBB631-2971-11d1-A18C-00C04FD75D13}"="Microsoft MoveTo Service"
"{75048700-EF1F-11D0-9888-006097DEACF9}"="ActiveDesktop"
"{6D5313C0-8C62-11D1-B2CD-006097DF8C11}"="Folder Options Property Page Extension"
"{FBF23B41-E3F0-101B-8488-00AA003E56F8}"="Hook til MIME-filtyper"
"{8DE56A0D-E58B-41FE-9F80-3563CDCB2C22}"="Udpakning af standardbillede for egenskaber"
"{BB7DF450-F119-11CD-8465-00AA00425D90}"="Microsoft Access Custom Icon Handler"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Exchange"
"{59850401-6664-101B-B21C-00AA004BA90B}"="Microsoft Office - Adskil projektmappe"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{0AC6C6C5-F7A8-11D2-BEF4-00C04F990001}"="Allaire FTP & RDS"
"{1E2CDF40-419B-11D2-A5A1-002018648BA7}"="AVG Shell Extension"
"{00000000-0002-5041-4354-0020e48020af}"="12Ghosts Backup Context Menu Extension"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{40950107-FEA6-4d53-A65F-B2DCBA57DD58}"="Nokia Phone Browser"
"{FBFE7864-D495-41f0-B7DC-4BB601CC295E}"="Contact View"
"{C0C4375A-5B72-4efe-929D-3B848C3A1E91}"="Message View"
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension"
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension"
"{52B87208-9CCF-42C9-B88E-069281105805}"="Trojan Remover Shell Extension"
"{9E5E1445-6CEA-4761-8E45-AA19F654571E}"="MagicRotation Shell Extension"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:

No matches found.
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
  trj_nt~1.tmp  Mon  9 Jan 2006  11.29.04  A....          2.318    2,26 K

1 item found:  1 file, 0 directories.
  Total of file sizes:  2.318 bytes      2,26 K
**********************************************************************************
Directory Listing of system files:
Disken i drev C har ikke noget navn.
Diskens serienummer er 3449-1EDE

Indhold af C:\WINDOWS\System32

06-06-2005  19:24    <DIR>          Microsoft
06-06-2005  18:37    <DIR>          dllcache
22-02-2004  18:30          119.808 MSSTDFMT.DLL
09-09-2002  14:13          569.344 oleaut32.dll
09-09-2002  14:12          323.072 msvcrt.dll
09-09-2002  14:12          401.462 msvcp60.dll
09-10-2001  15:00          106.496 OLEPRO32.DLL
09-10-2001  15:00            50.688 msvcirt.dll
09-10-2001  15:00          995.383 mfc42.dll
              7 fil(er)        2.566.253 byte
              2 mappe(r)    734.498.816 byte ledig

Scan lige denne fil med jotti: http://www.arlet.dk/jottis.htm
C:\WINDOWS\SYSTEM32\sslx32.dll

Jeg kan ikke få lov til at åbne filen, selvom jeg er administrator, og AVG knalder vildt ud nu! Nogle gode råd?

Hent denne scanner.
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
(men lad være med at scanne endnu).

Genstart computeren i fejlsikret tilstand(Du skal klikke på f8 tasten under genstarten (ca. lige når der er talt ram), og så vælge fejlsikret tilstand. Er du i tvivl, så klik bare på f8 flere gange.)

Dobbeltklik på drweb-cureit.exe, den vil køre en expressscan, det siger du ja til.
Når den skriver Done nederst til venstre, skal du klikke på Options->Change settings.
Skift til fanebladet Scan, fjern fluebenet ved Heuristic analysis.
Skift til fanebladet Actions, her skal alle punkter under Malware sættes til Rename.
Klik så på det eller de drev du vil have scannet, der kommer en rød prik for at vise det/de er valgt.

Klik så på den grønne pil ovre til højre på siden, så starter scanningen.
Første gang Dr.Web finder noget, klik "Yes to All", så fjerner den hvad den finder.
Klik så på Start->Søg, find filen drweb32w.log kopier det nederste af teksten herind, startende med:
Scan statistics.

Jeg har allerede scannet i fejlsikker tilstand med drweb efter ovenstående fremgangsmåde, men den fandt tilsyneladende ikke den virus der laver påstyret her!

Forøvrigt kan jeg ikke få lov at se sslx32.dll i system32 biblioteket selvom jeg har sat indstillinger til at vise skjulte filer.

Så tager vi den på en anden måde..

Hent KillBox her:
http://www.bleepingcomputer.com/files/spyware/KillBox.zip

Brugsanvisning kan du finde her:
http://www.fbeej.dk/KillBox2_manual.htm

Kør KillBox, sæt prik i "Delete on reboot". Kopier nedenstående linier ind i tekstfeltet på Killbox og klik herefter på den røde knap med det hvide kryds. Programmet vil spørge om du vil genstarte - svar NEJ undtagen når du når til den sidste linie - der skal du svare JA, og din computer vil genstarte

C:\WINDOWS\SYSTEM32\sslx32.dll

Hent Spysweeper prøveversion her: http://www.spywarefri.dk/downloads1.htm
Installer og opdater det (check for definition update)
Derefter, tryk på Options.
sæt prik i- sweep all folders on selected drive (s)
fjern flueben ved-don´t sweep systemrestore folder.
sæt flueben ved- sweep for Rootkits

Luk programmet.

Så lukker du computeren, og lader den være i ca. 30 sekunder. Så starter du op i fejlsikret tilstand (Tryk f8 flere gange under opstart). Vælg med piletasterne fejlsikret tilstand og tast <enter>


Start Spysweeper. Så popper der en boks op fra Spysweeper, der trykker du på NO

Kør så en Sweep. Når scanningen er færdig, tryk på- next-select all-next-finish. Luk programmet.

Kør en scanning med HijackThis, så du kan se alle filer. Luk alle vinduer, sæt flueben ved denne linie, og klik fix checked.

O20 - Winlogon Notify: sslx32 - C:\WINDOWS\SYSTEM32\sslx32.dll

Genstart til normaltilstand, og tag en online scan her (Complete scan) http://housecall.trendmicro.com/
og med X Cleaner her
http://www.spywarefri.dk/onlinevark.htm

Kom med en frisk HijackThis log.

Logfile of HijackThis v1.99.1
Scan saved at 16:18:45, on 09-01-2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
d:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe
D:\Programmer\UltraVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Setec\Web and Email Security\Certutil.exe
D:\programmer\activefax\Client\ActFaxClient.exe
D:\Programmer\MagicRotation\MagicPvt.exe
D:\Programmer\nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\PROGRA~1\FÆLLES~1\PCSuite\DATALA~1\DATALA~1.EXE
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
D:\Programmer\nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\FÆLLES~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\FÆLLES~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmer\MailWasher Pro\MailWasher.exe
D:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Documents and Settings\fsa\Skrivebord\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - D:\Programmer\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1030,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SetecCertUtil] C:\Programmer\Setec\Web and Email Security\Certutil.exe
O4 - HKLM\..\Run: [ActiveFax Client] D:\programmer\activefax\Client\ActFaxClient.exe -Autostart
O4 - HKLM\..\Run: [MagicRotation] d:\Programmer\MagicRotation\MagicPvt.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Programmer\nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FÆLLES~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [PcSync] D:\Programmer\nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: MailWasherPro.lnk = C:\Programmer\MailWasher Pro\MailWasher.exe
O4 - Startup: BUFFALO EasyBackup.lnk = C:\Programmer\BUFFALO\LinkStation\LsBackup.exe
O4 - Global Startup: MailWasherPro.lnk = C:\Programmer\MailWasher Pro\MailWasher.exe
O4 - Global Startup: HPAiODevice(hp officejet d series) - 1.lnk = C:\Programmer\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmtrans.html
O12 - Plugin for .ai: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .xar: C:\PROGRA~1\INTERN~1\PLUGINS\NPXaraC.dll
O16 - DPF: {0006F063-0000-0000-C000-000000000046} (Microsoft Outlook View Control) - http://demo.cps.intrafinity.com/modules/outlook_mail/controls/outlctlx.CAB
O16 - DPF: {0D06CDB2-163D-46FD-94B7-BD3B1D69F846} (WDX.WDX_Main) - https://www.web-direct.dk/WDX.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://business.bgbank.dk/html/activex/BG/Menu.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125988167435
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} (TSCCInstall Class) - http://www.techsmith.com/codec/tsccinst.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {89A312AE-8D21-42B1-848B-FD8E27F9A2A9} (PrimeInk for Web Applications Signing Component) - https://webreg.dk/web.dll
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.bang-olufsen.com/InstallObjs/isetup.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/install/guidedsolutions.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {C07E5288-22FB-11D7-962E-0004AC77C761} (Dataloen.ctlVirtuelDesktop) - http://activex.dataloen.dk/controls/Dataloen3319.CAB
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.norton.com/us/sa/common/common/bin/cabsa.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://business.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://business.bgbank.dk/businessbg/activex/DanskeSikker.cab
O16 - DPF: {FF2ED99D-13F1-460A-9A8F-C1A876B62D37} (WDX.WDX_Main) - https://www.web-direct.dk/WDX.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{1042E6AA-B2F7-4BDE-ABC1-31B7F8C4B242}: NameServer = 194.239.134.83
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC0AEF53-8604-4CCA-A9A3-CC77FA9DFDA6}: Domain = SEH
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC0AEF53-8604-4CCA-A9A3-CC77FA9DFDA6}: NameServer = 194.239.134.83,193.162.153.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{1042E6AA-B2F7-4BDE-ABC1-31B7F8C4B242}: NameServer = 194.239.134.83
O17 - HKLM\System\CS2\Services\Tcpip\..\{1042E6AA-B2F7-4BDE-ABC1-31B7F8C4B242}: NameServer = 194.239.134.83
O17 - HKLM\System\CS3\Services\Tcpip\..\{1042E6AA-B2F7-4BDE-ABC1-31B7F8C4B242}: NameServer = 194.239.134.83
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - d:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - d:\Programmer\ewido anti-malware\ewidoguard.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - D:\Programmer\UltraVNC\WinVNC.exe" -service (file missing)

Så er din log endelig ren igen.

Efter sådan en tur er det altid en god ide og rydde op i dine systemgendannelses filerne.
Deaktiver systemgendannelse ( http://www.arlet.dk/systemgendannelsen.htm ) - genstart din computer - aktiver systemgendannelse.

Generel oprydning: http://www.arlet.dk/oprydning.htm

For at beskytte dig mod snavs har jeg lavet en sikkerhedspakke,
som du kan se her : www.arlet.dk/pakke.htm

Hvis lige hcma_catbody vil smide et svar så han og arlet kan dele point.

Bukker og takker for fin hjælp.

ingen point til mig;  arlet lavede jo det hele  ;o)

Sludder og vrøvl -> Få bare lagt det svar..

Jeg skylder dig helt sikkert fra en anden gang

okay - så bare lidt  :o)