Tjek af Hijackthis log..

tjekker den nu

Hent herefter denne lille fil og pak den ud til dit Skrivebord:
http://www.dknoppix.com/cgi-bin/download.cgi?Nailfix

----------------------------

Download og gem denne scanner på skrivebordet. (Vi skal bruge den senere)
http://www.spywareinfo.dk/download/mwav.exe

----------------------

Ewido skal du downloade her: http://www.ewido.net/en/download/ ( Vi skal bruge den senere)
Klik på Download now. Installer og kør Ewido. Opdater straks efter installationen programmet.

-----------------------

Du skal nu til at i gang med at fixe:

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, luk hijackthis igen.
Dobbelttjek, så alt kommer med.


F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O4 - HKLM\..\Run: [jnttbj] c:\windows\system32\qrgqpl.exe r


--------------------------------------------------------------------

Åbn en tilfældig mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

------------------------------

Hent denne bats fil og kør den :
http://www.spywareinfo.dk/download/cleantempxp2k.bat
den sletter alt i din temp mappe.

------------------------------

Find og slet disse manuelt :

c:\windows\system32\qrgqpl.exe
C:\WINDOWS\Nail.exe

-----------------------------

Genstart computeren i fejlsikret tilstand(Du skal klikke på f8 tasten under genstarten (ca. lige når der er talt ram), og så vælge fejlsikret tilstand. Er du i tvivl, så klik bare på f8 flere gange.
Dobbeltklik på nailfix.cmd, som du hentede og pakkede ud før.

---------------------------------

Stadig i fejlsikret:
Klik på mwav.exe som du hentede, programmet pakker sig selv ud og starter.
Sæt flueben i følgende:
Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende:
All local drives og Scan all files
Og så trykker du på Scan Clean
Det tager lidt over en time at scanne

-------------------------------

Stadig i fejlsikret:
Kør nu en fuld scanning med Ewido. Når den er færdig trykker du save report og gemmer rapporten.

Så genstarter du computeren normalt og laver en ny hijackthis log, som du lægger herind sammen med reporten fra Ewido

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on:            17:21:50, 23-06-2005
+ Report-Checksum:        4146EFB

+ Date of database:        23-06-2005
+ Version of scan engine:    v3.0

+ Duration:                81 min
+ Scanned Files:            268426
+ Speed:                55.02 Files/Second
+ Infected files:            60
+ Removed files:            30
+ Files put in quarantine:        30
+ Files that could not be opened:    0
+ Files that could not be cleaned:    30

+ Binder:        Yes
+ Crypter:        Yes
+ Archives:        Yes

+ Scanned items:
    C:\
    D:\
    E:\
    F:\
    C:\
    D:\
    E:\
    F:\

+ Scan result:
    C:\Documents and Settings\Torben Andersen\Cookies\torben andersen@7372395[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\Torben Andersen\Cookies\torben andersen@9217397[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\Torben Andersen\Cookies\torben andersen@adremote.timeinc[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\Torben Andersen\Cookies\torben andersen@as1.falkag[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\Torben Andersen\Cookies\torben andersen@bluestreak[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\Torben Andersen\Cookies\torben andersen@burstnet[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\Torben Andersen\Cookies\torben andersen@cgi-bin[3].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\Torben Andersen\Cookies\torben andersen@com[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\Torben Andersen\Cookies\torben andersen@cz3.clickzs[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\Torben Andersen\Cookies\torben andersen@hb.lycos[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\Torben Andersen\Cookies\torben andersen@image.masterstats[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\Torben Andersen\Cookies\torben andersen@outster[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\Torben Andersen\Cookies\torben andersen@search.msn[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\Torben Andersen\Cookies\torben andersen@server.iad.liveperson[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\Torben Andersen\Cookies\torben andersen@tradedoubler[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\Torben Andersen\Cookies\torben andersen@tribalfusion[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\Torben Andersen\Lokale indstillinger\Temp\14E2.tmp\thnall1a.exe -> Spyware.BetterInternet.f -> Cleaned with backup
    C:\Documents and Settings\Torben Andersen\Lokale indstillinger\Temp\BTY\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
    C:\Documents and Settings\Torben Andersen\Lokale indstillinger\Temp\CZW\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
    C:\Documents and Settings\Torben Andersen\Lokale indstillinger\Temp\DFG\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
    C:\Documents and Settings\Torben Andersen\Lokale indstillinger\Temp\MOF\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
    C:\Documents and Settings\Torben Andersen\Lokale indstillinger\Temp\PRO\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
    C:\Documents and Settings\Torben Andersen\Lokale indstillinger\Temp\RXQ\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
    C:\Documents and Settings\Torben Andersen\Lokale indstillinger\Temp\WGV\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
    C:\Documents and Settings\Torben Andersen\Lokale indstillinger\Temporary Internet Files\Content.IE5\ISCLCSKD\mov06[1].exe -> TrojanDownloader.Zlob.q -> Cleaned with backup
    C:\RECYCLER\S-1-5-21-1960408961-562591055-839522115-1004\Dc1.exe -> Trojan.Nail -> Cleaned with backup
    C:\RECYCLER\S-1-5-21-1960408961-562591055-839522115-1004\Dc2.exe -> Trojan.Nail -> Cleaned with backup
    E:\Installers\pxIRC2.2.finale\pxIRC2.2.bug.fixed\control.ini -> Backdoor.IRC.Fylex.a -> Cleaned with backup
    F:\backup-20040530-194237-867.dll -> Spyware.Quick.a -> Cleaned with backup
    F:\backup-20040530-194239-840.dll -> Dialer.Generic -> Cleaned with backup
    C:\Documents and Settings\Torben Andersen\Cookies\torben andersen@7372395[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
    C:\Documents and Settings\Torben Andersen\Cookies\torben andersen@9217397[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
    C:\Documents and Settings\Torben Andersen\Cookies\torben andersen@adremote.timeinc[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
    C:\Documents and Settings\Torben Andersen\Cookies\torben andersen@as1.falkag[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
    C:\Documents and Settings\Torben Andersen\Cookies\torben andersen@bluestreak[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
    C:\Documents and Settings\Torben Andersen\Cookies\torben andersen@burstnet[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
    C:\Documents and Settings\Torben Andersen\Cookies\torben andersen@cgi-bin[3].txt -> Spyware.Tracking-Cookie -> Error during cleaning
    C:\Documents and Settings\Torben Andersen\Cookies\torben andersen@com[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
    C:\Documents and Settings\Torben Andersen\Cookies\torben andersen@cz3.clickzs[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
    C:\Documents and Settings\Torben Andersen\Cookies\torben andersen@hb.lycos[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
    C:\Documents and Settings\Torben Andersen\Cookies\torben andersen@image.masterstats[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
    C:\Documents and Settings\Torben Andersen\Cookies\torben andersen@outster[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
    C:\Documents and Settings\Torben Andersen\Cookies\torben andersen@search.msn[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
    C:\Documents and Settings\Torben Andersen\Cookies\torben andersen@server.iad.liveperson[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
    C:\Documents and Settings\Torben Andersen\Cookies\torben andersen@tradedoubler[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
    C:\Documents and Settings\Torben Andersen\Cookies\torben andersen@tribalfusion[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
    C:\Documents and Settings\Torben Andersen\Lokale indstillinger\Temp\14E2.tmp\thnall1a.exe -> Spyware.BetterInternet.f -> Error during cleaning
    C:\Documents and Settings\Torben Andersen\Lokale indstillinger\Temp\BTY\aurareco.exe -> Spyware.BetterInternet -> Error during cleaning
    C:\Documents and Settings\Torben Andersen\Lokale indstillinger\Temp\CZW\aurareco.exe -> Spyware.BetterInternet -> Error during cleaning
    C:\Documents and Settings\Torben Andersen\Lokale indstillinger\Temp\DFG\aurareco.exe -> Spyware.BetterInternet -> Error during cleaning
    C:\Documents and Settings\Torben Andersen\Lokale indstillinger\Temp\MOF\aurareco.exe -> Spyware.BetterInternet -> Error during cleaning
    C:\Documents and Settings\Torben Andersen\Lokale indstillinger\Temp\PRO\aurareco.exe -> Spyware.BetterInternet -> Error during cleaning
    C:\Documents and Settings\Torben Andersen\Lokale indstillinger\Temp\RXQ\aurareco.exe -> Spyware.BetterInternet -> Error during cleaning
    C:\Documents and Settings\Torben Andersen\Lokale indstillinger\Temp\WGV\aurareco.exe -> Spyware.BetterInternet -> Error during cleaning
    C:\Documents and Settings\Torben Andersen\Lokale indstillinger\Temporary Internet Files\Content.IE5\ISCLCSKD\mov06[1].exe -> TrojanDownloader.Zlob.q -> Error during cleaning
    C:\RECYCLER\S-1-5-21-1960408961-562591055-839522115-1004\Dc1.exe -> Trojan.Nail -> Error during cleaning
    C:\RECYCLER\S-1-5-21-1960408961-562591055-839522115-1004\Dc2.exe -> Trojan.Nail -> Error during cleaning
    E:\Installers\pxIRC2.2.finale\pxIRC2.2.bug.fixed\control.ini -> Backdoor.IRC.Fylex.a -> Error during cleaning
    F:\backup-20040530-194237-867.dll -> Spyware.Quick.a -> Error during cleaning
    F:\backup-20040530-194239-840.dll -> Dialer.Generic -> Error during cleaning


::Report End


Og Hijackthis...

Logfile of HijackThis v1.99.1
Scan saved at 17:25:54, on 23-06-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
C:\Programmer\ScanSoft\PaperPort\pptd40nt.exe
C:\Programmer\Brother\ControlCenter2\brctrcen.exe
C:\Programmer\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
F:\programmer\steam\steam.exe
C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe
C:\Programmer\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Torben Andersen\Dokumenter\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [razertra] C:\Programmer\Razer\razertra.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmer\Fælles filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programmer\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programmer\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Programmer\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programmer\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe  /start
O4 - HKCU\..\Run: [Steam] "f:\programmer\steam\steam.exe" -silent
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: LærSelv MS Minimanual.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Expekt.com Poker - {3852AC86-965F-4abe-A75F-3DCB7E81A4B2} - C:\Programmer\expektMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com/cabs/cssweb.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe

Takker for hjælpen

Start op i fejlsikret og fix denne:
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

find og slet:
C:\WINDOWS\Nail.exe

genstart og ny log

<arlet>: Mon ikke disse også skal fixes:
O4 - HKLM\..\Run: [razertra] C:\Programmer\Razer\razertra.exe
Ref.:
http://castlecops.com/s7429-razertra_exe.html
samt
O4 - Global Startup: Status Monitor.lnk = C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe
Ref.: http://castlecops.com/s6014-BrMfcWnd_exe.html

Hvorfor vil du have dem slettet Majsmarken?
De tilhører min mus og min printer

Logfile of HijackThis v1.99.1
Scan saved at 16:43:59, on 24-06-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
C:\Programmer\ScanSoft\PaperPort\pptd40nt.exe
C:\Programmer\Brother\ControlCenter2\brctrcen.exe
C:\Programmer\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
F:\programmer\steam\steam.exe
C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe
C:\Programmer\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Torben Andersen\Dokumenter\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [razertra] C:\Programmer\Razer\razertra.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmer\Fælles filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programmer\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programmer\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Programmer\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programmer\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe  /start
O4 - HKCU\..\Run: [Steam] "f:\programmer\steam\steam.exe" -silent
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: LærSelv MS Minimanual.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Expekt.com Poker - {3852AC86-965F-4abe-A75F-3DCB7E81A4B2} - C:\Programmer\expektMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com/cabs/cssweb.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe

takker mange gange

Ja, jeg ved altså heller ikke hvorfor de skulle slettes til din mus og printer...

Så er din log ren.

Efter sådan en tur er det altid en god ide og rydde op i dine systemgendannelses filerne.
Deaktiver systemgendannelse ( http://www.arlet.dk/systemgendannelsen.htm ) - genstart din computer - aktiver systemgendannelse.
Og så skal du også lige skjule dine filer og mapper igen, så du ikke ved en fejl kommer til at slette en vigtig fil.
Det gør du samme sted, hvor du satte det til at vise alle filer, denne gang vælger du bare: Vis ikke skjulte filer og mapper.

Generel oprydning: http://www.arlet.dk/oprydning.htm

For at beskytte dig mod snavs har jeg lavet en sikkerhedspakke,
som du kan hente her : www.arlet.dk/pakke.htm

Sorry - jeg 'misforstod' lige info hos: castlecops.com - det var vist lidt sent...