[kfarns00]

Hi Guys,
Jeg har kigget omkring dette forum og mange andre steder, søger efter en løsning på mit problem. Jeg har stødt på et par forskellige tråde om denne virus, så jeg undskylder for at gøre et nyt, men jeg forsøgte de rettelser er beskrevet i disse, og ikke fik noget tættere på at komme af med denne ting.
Når jeg åbner Jobliste er der 2 'iexplore.exe "processer, der kører, en normalt bruger omkring 10.000 K i mem, mens den anden er normalt omkring 40.000 K. Disse processer er der, selv om jeg ikke bruger Internet Explorer. Hvis jeg forsøger slutter disse processer, er de automatisk returnere. Jeg er også at få Internet Explorer popups hvert par minutter, som jeg antager, det medfører.

Anyway, her er min hijackthis log.

Logfile af HijackThis v1.99.1
Scan gemt på 2:08:19 PM, den 12/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Kørende processer:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Programmer \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
C: \ WINDOWS \ system32 \ CTsvcCDA.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ UAService7.exe
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ Programmer \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Programmer \ Common Files \ InstallShield \ UpdateService \ ISUSPM.exe
C: \ Programmer \ Internet Explorer \ iexplore.exe
C: \ Programmer \ Creative \ MediaSource \ Detector \ CTDetect.exe
C: \ Programmer \ Internet Explorer \ iexplore.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Programmer \ Microsoft Office \ Office11 \ WINWORD.EXE
C: \ Programmer \ Mozilla Firefox \ firefox.exe
C: \ Programmer \ MSN Messenger \ msnmsgr.exe
C: \ Programmer \ MSN Messenger \ livecall.exe
C: \ Programmer \ MSN Messenger \ usnsvc.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Programmer \ hijackthis \ HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programmer \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - (39F7E362-828A-4B5A-BCAF-5B79BFDFEA60) - C: \ Programmer \ BitComet \ tools \ BitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - (53707962-6F74-2D53-2644-206D7942484F) - C: \ Programmer \ Spybot - Search & Destroy \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O4 - HKLM \ .. \ Run: [NvCplDaemon] rundll32.exe C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [NvMediaCenter] rundll32.exe C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [SkyTel] SkyTel.EXE
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [LogonStudio] "C: \ Programmer \ WinCustomize \ LogonStudio \ logonstudio.exe" / RANDOM
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Programmer \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [organ sikkert værktøj drv] C: \ Documents and Settings \ All Users \ Application Data \ aktive flytte organ sikker \ medier bone.exe
O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Programmer \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe" / minimeret
O4 - HKCU \ .. \ Run: [MsnMsgr] "C: \ Programmer \ MSN Messenger \ MsnMsgr.Exe" / baggrund
O4 - HKCU \ .. \ Run: [Yahoo! Pager] "C: \ Programmer \ Yahoo! \ Messenger \ YahooMessenger.exe"-quiet
O4 - HKCU \ .. \ Run: [JoyAxis] C: \ DOCUME ~ 1 \ KENFAR ~ 1 \ PROGRAMMER ~ 1 \ USERFL ~ 1 \ Vc cool.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [ISUSPM] "C: \ Programmer \ Common Files \ InstallShield \ UpdateService \ ISUSPM.exe"-Scheduler
O4 - HKCU \ .. \ Run: [Creative Detector] "C: \ Programmer \ Creative \ MediaSource \ Detector \ CTDetect.exe" / R
O4 - HKCU \ .. \ Run: [Uniblue RegistryBooster 2] C: \ Programmer \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe / S
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Programmer \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
O8 - Extra sammenhæng menupunktet: & D & ownload & med BitComet - res: / / C: \ Programmer \ BitComet \ BitComet.exe / AddLink.htm
O8 - Extra forbindelse menupunktet: & D & ownload all video med BitComet - res: / / C: \ Programmer \ BitComet \ BitComet.exe / AddVideo.htm
O8 - Extra sammenhæng menupunktet: & D & ownload alle med BitComet - res: / / C: \ Programmer \ BitComet \ BitComet.exe / AddAllLink.htm
O8 - Extra sammenhæng menupunktet: E & ksporter til Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ mikroer ~ 2 \ Office11 \ EXCEL.EXE/3000
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Ekstra knap: BitComet Search - (461CC20B-FB6E-4f16-8FE8-C29359DB100E) - C: \ Programmer \ BitComet \ tools \ BitCometBHO_1.1.7.4.dll
O9 - Ekstra knap: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ mikroer ~ 2 \ Office11 \ REFIEBAR.DLL
O9 - Ekstra knap: Yahoo! Messenger - (E5D12C4E-7B4F-11D3-B5C9-0050045C3C96) - C: \ Programmer \ Yahoo! \ Messenger \ YahooMessenger.exe
O9 - Extra 'Tools' MENUITEM: Yahoo! Messenger - (E5D12C4E-7B4F-11D3-B5C9-0050045C3C96) - C: \ Programmer \ Yahoo! \ Messenger \ YahooMessenger.exe
O9 - Ekstra knap: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O16 - DPF: (00B71CFB-6864-4346-A978-C0A14556272C) (Dam klasse) -- http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: (20A60F0D-9AFA-4515-A0FD-83BD84642501) (Dam klasse) -- http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (YInstStarter Class) - C: \ Programmer \ Yahoo! \ Common \ yinsthelper.dll
O16 - DPF: (4F1E5B1A-2A80-42CA-8532-2D05CB959537) (MSN Photo Upload Tool) -- http://gfx1.mail.live.com/mail/w1/re...s/MSNPUpld.cab
O16 - DPF: (5F8469B4-B055-49DD-83F7-62B522420ECC) (Facebook Photo Uploader Control) -- http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: (8E0D4DE5-3180-4024-A327-4DFAD1796A8D) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: (BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19) (CPlayFirstddfotgControl Object) -- http://www.shockwave.com/content/din...g.1.0.0.33.cab
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: (DF780F87-FF2B-4DF8-92D0-73DB16A1543A) (PopCapLoader Object) -- http://www.shockwave.com/content/bej...loader_v10.cab
O16 - DPF: (F04A8AE2-A59D-11D2-8792-00C04F8EF29D) (Hotmail Attachments Control) -- http://by111fd.bay111.hotmail.msn.co...x/HMAtchmt.ocx
O18 - Protocol: livecall - (828030A1-22C1-4009-854F-8E305202313F) - C: \ PROGRA ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O18 - Protocol: msnim - (828030A1-22C1-4009-854F-8E305202313F) - C: \ PROGRA ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Grisoft sro - C: \ Programmer \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C: \ WINDOWS \ system32 \ CTsvcCDA.exe
O23 - Service: InstallDriver Tabel Manager (IDriverT) - Macrovision Corporation - C: \ Programmer \ Common Files \ InstallShield \ Driver \ 1050 \ Intel 32 \ IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: Remote Packet Capture protokol v.0 (eksperimentelle) (rpcapd) - Unknown ejer -% ProgramFiles% \ WinPcap \ rpcapd.exe "-d-f"% ProgramFiles% \ WinPcap \ rpcapd.ini (filen mangler)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Ukendt ejer - C: \ WINDOWS \ system32 \ UAService7.exe

[evilfantasy]

Velkommen til TCF.

To spørgsmål, før vi fortsætter.

1. Hvorfor er der ingen antivirus kører?

2. Har du Windows firewall tændt?

[kfarns00]

Windows Firewall er aktiveret, og jeg dont have en anti-virus på her lige nu (dårlig, jeg kender)

[evilfantasy]

OK, for det første gå ud og hente og installere avast! 4 Fri Home Edition fra Dette link

Post tilbage, når det er installeret.

Undlad at køre en scanning endnu.

[kfarns00]

ok, det er installeret.

[evilfantasy]

Aktiver visning af skjulte System Files & Mapper

1. Højreklik Start.
2. Vælg Kontrolpanel.
3. Vælg Værktøj menuen og klikke Mappeindstillinger.
4. Vælg Se Tab.
5. Under Skjulte filer og mapper udgiftsområde vælge Vis skjulte filer og mapper.
6. Fjern markeringen Skjul filtypenavne for kendte filtyper mulighed.
7. Fjern markeringen Skjul beskyttede operativsystemfiler (anbefales) mulighed.
8. Klik på Ansøge.
9. Klik på OK.

--------------------

1. Genstart i fejlsikret tilstand

* At komme ind i fejlsikret tilstand. Genstart computeren, og computeren er opstart begynde at trykke på "F8".
* Brug piletasterne til at flytte til "Fejlsikret tilstand" og tryk på Enter-tasten.

2. Åbn HijackThis og vælg Må en systemscanning først og derefter anbringe en markering ved siden af:

O4 - HKLM \ .. \ Run: [organ sikkert værktøj drv] C: \ Documents and Settings \ All Users \ Application Data \ aktive flytte organ sikker \ medier bone.exe
O4 - HKCU \ .. \ Run: [JoyAxis] C: \ DOCUME ~ 1 \ KENFAR ~ 1 \ PROGRAMMER ~ 1 \ USERFL ~ 1 \ Vc cool.exe

Klik nu på Fix kontrolleres.

3. Dobbeltklik på Denne computer på skrivebordet, og find følgende filer / mapper og slette dem (hvis der)

C: \ WINDOWS \ system32 \ cool.exe

C: \ Documents and Settings \ KENFAR ~ 1 \ Application Data \ USERFL ~ 1 \ Vc cool.exe (det ~ 1 er stien forkortet)

C: \ Documents and Settings \ All Users \ Application Data \ aktive flytte organ sikker \ medier bone.exe

C: \ WINDOWS \ system32 \ medier bone.exe

Genstart i normal boot mode.

--------------------

Afinstaller kopi af HijackThis du har, og installere den nye version fra Dette link

Derefter sende en ny HijackThis log.

[kfarns00]

Logfile af Trend Micro HijackThis v2.0.2
Scan gemt på 4:40:27 PM, den 12/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Kørende processer:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programmer \ Alwil Software \ Avast4 \ aswUpdSv.exe
C: \ Programmer \ Alwil Software \ Avast4 \ ashServ.exe
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Programmer \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ WINDOWS \ system32 \ CTsvcCDA.exe
C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ Programmer \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
C: \ WINDOWS \ system32 \ UAService7.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Programmer \ Common Files \ InstallShield \ UpdateService \ ISUSPM.exe
C: \ Programmer \ Creative \ MediaSource \ Detector \ CTDetect.exe
C: \ Programmer \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
C: \ Programmer \ Alwil Software \ Avast4 \ ashMaiSv.exe
C: \ Programmer \ Alwil Software \ Avast4 \ ashWebSv.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Programmer \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Programmer \ Trend Micro \ HijackThis \ HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programmer \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - (39F7E362-828A-4B5A-BCAF-5B79BFDFEA60) - C: \ Programmer \ BitComet \ tools \ BitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - (53707962-6F74-2D53-2644-206D7942484F) - C: \ Programmer \ Spybot - Search & Destroy \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O4 - HKLM \ .. \ Run: [NvCplDaemon] rundll32.exe C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [NvMediaCenter] rundll32.exe C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [SkyTel] SkyTel.EXE
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [LogonStudio] "C: \ Programmer \ WinCustomize \ LogonStudio \ logonstudio.exe" / RANDOM
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Programmer \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Programmer \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe" / minimeret
O4 - HKLM \ .. \ Run: [avast!] C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
O4 - HKCU \ .. \ Run: [MsnMsgr] "C: \ Programmer \ MSN Messenger \ MsnMsgr.Exe" / baggrund
O4 - HKCU \ .. \ Run: [Yahoo! Pager] "C: \ Programmer \ Yahoo! \ Messenger \ YahooMessenger.exe"-quiet
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [ISUSPM] "C: \ Programmer \ Common Files \ InstallShield \ UpdateService \ ISUSPM.exe"-Scheduler
O4 - HKCU \ .. \ Run: [Creative Detector] "C: \ Programmer \ Creative \ MediaSource \ Detector \ CTDetect.exe" / R
O4 - HKCU \ .. \ Run: [Uniblue RegistryBooster 2] C: \ Programmer \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe / S
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Programmer \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
O8 - Extra sammenhæng menupunktet: & D & ownload & med BitComet - res: / / C: \ Programmer \ BitComet \ BitComet.exe / AddLink.htm
O8 - Extra forbindelse menupunktet: & D & ownload all video med BitComet - res: / / C: \ Programmer \ BitComet \ BitComet.exe / AddVideo.htm
O8 - Extra sammenhæng menupunktet: & D & ownload alle med BitComet - res: / / C: \ Programmer \ BitComet \ BitComet.exe / AddAllLink.htm
O8 - Extra sammenhæng menupunktet: E & ksporter til Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ mikroer ~ 2 \ Office11 \ EXCEL.EXE/3000
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Ekstra knap: BitComet Search - (461CC20B-FB6E-4f16-8FE8-C29359DB100E) - C: \ Programmer \ BitComet \ tools \ BitCometBHO_1.1.7.4.dll
O9 - Ekstra knap: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ mikroer ~ 2 \ Office11 \ REFIEBAR.DLL
O9 - Ekstra knap: Yahoo! Messenger - (E5D12C4E-7B4F-11D3-B5C9-0050045C3C96) - C: \ Programmer \ Yahoo! \ Messenger \ YahooMessenger.exe
O9 - Extra 'Tools' MENUITEM: Yahoo! Messenger - (E5D12C4E-7B4F-11D3-B5C9-0050045C3C96) - C: \ Programmer \ Yahoo! \ Messenger \ YahooMessenger.exe
O9 - Ekstra knap: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O16 - DPF: (00B71CFB-6864-4346-A978-C0A14556272C) (Dam klasse) -- http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: (20A60F0D-9AFA-4515-A0FD-83BD84642501) (Dam klasse) -- http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (YInstStarter Class) - C: \ Programmer \ Yahoo! \ Common \ yinsthelper.dll
O16 - DPF: (4F1E5B1A-2A80-42CA-8532-2D05CB959537) (MSN Photo Upload Tool) -- http://gfx1.mail.live.com/mail/w1/re...s/MSNPUpld.cab
O16 - DPF: (5F8469B4-B055-49DD-83F7-62B522420ECC) (Facebook Photo Uploader Control) -- http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: (8E0D4DE5-3180-4024-A327-4DFAD1796A8D) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: (BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19) (CPlayFirstddfotgControl Object) -- http://www.shockwave.com/content/din...g.1.0.0.33.cab
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: (DF780F87-FF2B-4DF8-92D0-73DB16A1543A) (PopCapLoader Object) -- http://www.shockwave.com/content/bej...loader_v10.cab
O16 - DPF: (F04A8AE2-A59D-11D2-8792-00C04F8EF29D) (Hotmail Attachments Control) -- http://by111fd.bay111.hotmail.msn.co...x/HMAtchmt.ocx
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Programmer \ Alwil Software \ Avast4 \ aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C: \ Programmer \ Alwil Software \ Avast4 \ ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Programmer \ Alwil Software \ Avast4 \ ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Programmer \ Alwil Software \ Avast4 \ ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Grisoft sro - C: \ Programmer \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C: \ WINDOWS \ system32 \ CTsvcCDA.exe
O23 - Service: InstallDriver Tabel Manager (IDriverT) - Macrovision Corporation - C: \ Programmer \ Common Files \ InstallShield \ Driver \ 1050 \ Intel 32 \ IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: Remote Packet Capture protokol v.0 (eksperimentelle) (rpcapd) - CACE Technologies - C: \ Programmer \ WinPcap \ rpcapd.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Ukendt ejer - C: \ WINDOWS \ system32 \ UAService7.exe

--
End of file - 7759 bytes

[evilfantasy]

Loggen ser fine, hvordan computeren nu?

[kfarns00]

Det er arbejder stor nu. Det iexplore.exe opgaver er ikke kommet tilbage, har jeg ikke haft nogen popups, og det ser ud til at køre lidt hurtigere nu også.
Thanks a lot for hjælp! efter at have kigget rundt i dagevis for at finde ud af, hvordan man kan slippe af med det, du løst det på ingen tid haha, tak igen

[evilfantasy]

Intet problem.

Du bør køre en virus scan nu at avast er installeret.
Også hente og køre Superantispyware (SAS) SUPERAntispyware Free Edition for at sikre, at intet andet er der at HijackThis kunne ikke finde.

Se de gratis værktøjer i dette indlæg

Sikker surfing ........