[kfarns00]

Hei Fyrene,
Jeg har sett rundt dette forumet og mange andre nettsteder, på utkikk etter en løsning på problemet mitt. Jeg har kommet over et par forskjellige tråder om dette viruset, så jeg ber om unnskyldning for å lage en ny en, men jeg prøvde feilrettingsfilene beskrevet i disse, og fikk ikke noen nærmere bli kvitt dette.
Når jeg åpner Oppgavebehandling, er det 2 "iexplore.exe" prosesser som kjører, en vanligvis bruker rundt 10.000 K av medlemmer, mens den andre er normalt rundt 40.000 K. Disse prosessene er der, selv om jeg ikke bruker Internet Explorer. Hvis jeg forsøker å få slutt disse prosessene, de automatisk retur. Jeg er også å få internet explorer popups noen få minutter, som jeg antar at dette er årsaken.

Allikevel, her er min hijackthis logg.

Logfile of HijackThis v1.99.1
Scan lagret 2:08:19 PM, on 12/4/2007
Plattform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Kjører prosesser:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Programfiler \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
C: \ WINDOWS \ system32 \ CTsvcCDA.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ UAService7.exe
C: \ WINDOWS \ Explorer.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ Programfiler \ Fellesfiler \ Real \ Update_OB \ realsched.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Programfiler \ Fellesfiler \ InstallShield \ UpdateService \ ISUSPM.exe
C: \ Programfiler \ Internet Explorer \ iexplore.exe
C: \ Programfiler \ Creative \ MediaSource \ Detector \ CTDetect.exe
C: \ Programfiler \ Internet Explorer \ iexplore.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programfiler \ Microsoft Office \ Office11 \ Winword.exe
C: \ Programfiler \ Mozilla Firefox \ firefox.exe
C: \ Programfiler \ MSN Messenger \ msnmsgr.exe
C: \ Programfiler \ MSN Messenger \ livecall.exe
C: \ Programfiler \ MSN Messenger \ usnsvc.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Programfiler \ hijackthis \ HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programfiler \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - (39F7E362-828A-4B5A-BCAF-5B79BFDFEA60) - C: \ Programfiler \ BitComet \ tools \ BitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - (53707962-6F74-2D53-2644-206D7942484F) - C: \ Programfiler \ Spybot - Search & Destroy \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O4 - HKLM \ .. \ Run: [NvCplDaemon] rundll32.exe C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [NvMediaCenter] rundll32.exe C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [SkyTel] SkyTel.EXE
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [LogonStudio] "C: \ Programfiler \ WinCustomize \ LogonStudio \ logonstudio.exe" / RANDOM
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Programfiler \ Fellesfiler \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [kroppen safe verktøy drv] C: \ Documents and Settings \ All Users \ Application Data \ aktiv bevege kroppen trygt \ media bone.exe
O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Programfiler \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe" / minimeres
O4 - HKCU \ .. \ Run: [MsnMsgr] "C: \ Programfiler \ MSN Messenger \ MsnMsgr.Exe" / background
O4 - HKCU \ .. \ Run: [Yahoo! Personsøker] "C: \ Programfiler \ Yahoo! \ Messenger \ YahooMessenger.exe" stille
O4 - HKCU \ .. \ Run: [JoyAxis] C: \ DOCUME ~ 1 \ KENFAR ~ 1 \ PROGRAMMER ~ 1 \ USERFL ~ 1 \ Vc cool.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [ISUSPM] "C: \ Programfiler \ Fellesfiler \ InstallShield \ UpdateService \ ISUSPM.exe"-planleggingstjenesten
O4 - HKCU \ .. \ Run: [Creative Detector] "C: \ Programfiler \ Creative \ MediaSource \ Detector \ CTDetect.exe" / R
O4 - HKCU \ .. \ Run: [Uniblue RegistryBooster 2] C: \ Programfiler \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe / S
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Programfiler \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
O8 - Extra sammenheng menyelement: & D & ownload & med BitComet - res: / / C: \ Programfiler \ BitComet \ BitComet.exe / AddLink.htm
O8 - Extra sammenheng menyelement: & D & ownload all video med BitComet - res: / / C: \ Programfiler \ BitComet \ BitComet.exe / AddVideo.htm
O8 - Extra sammenheng menyelement: & D & ownload all with BitComet - res: / / C: \ Programfiler \ BitComet \ BitComet.exe / AddAllLink.htm
O8 - Extra sammenheng menyelement: E & ksporter til Microsoft Excel - res: / / c: \ progra ~ 1 \ micros ~ 2 \ Office11 \ EXCEL.EXE/3000
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra "Verktøy" MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra knappen: BitComet Search - (461CC20B-FB6E-4f16-8FE8-C29359DB100E) - C: \ Programfiler \ BitComet \ tools \ BitCometBHO_1.1.7.4.dll
O9 - Extra knappen: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ progra ~ 1 \ micros ~ 2 \ Office11 \ REFIEBAR.DLL
O9 - Extra knappen: Yahoo! Messenger - (E5D12C4E-7B4F-11D3-B5C9-0050045C3C96) - C: \ Programfiler \ Yahoo! \ Messenger \ YahooMessenger.exe
O9 - Extra "Verktøy" MENUITEM: Yahoo! Messenger - (E5D12C4E-7B4F-11D3-B5C9-0050045C3C96) - C: \ Programfiler \ Yahoo! \ Messenger \ YahooMessenger.exe
O9 - Extra knappen: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O9 - Extra "Verktøy" MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O16 - DPF: (00B71CFB-6864-4346-a978-C0A14556272C) (Checkers Klassifikasjon) -- http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: (20A60F0D-9AFA-4515-A0FD-83BD84642501) (Checkers Klassifikasjon) -- http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (YInstStarter klasse) - C: \ Programfiler \ Yahoo! \ Common \ yinsthelper.dll
O16 - DPF: (4F1E5B1A-2A80-42CA-8532-2D05CB959537) (MSN Photo Upload Tool) -- http://gfx1.mail.live.com/mail/w1/re...s/MSNPUpld.cab
O16 - DPF: (5F8469B4-B055-49DD-83F7-62B522420ECC) (Facebook Photo Uploader Control) -- http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: (8E0D4DE5-3180-4024-a327-4DFAD1796A8D) (MessengerStatsClient Klassifikasjon) -- http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: (BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19) (CPlayFirstddfotgControl Object) -- http://www.shockwave.com/content/din...g.1.0.0.33.cab
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Klassifikasjon) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: (DF780F87-FF2B-4DF8-92D0-73DB16A1543A) (PopCapLoader Object) -- http://www.shockwave.com/content/bej...loader_v10.cab
O16 - DPF: (F04A8AE2-A59D-11D2-8792-00C04F8EF29D) (Hotmail Attachments Control) -- http://by111fd.bay111.hotmail.msn.co...x/HMAtchmt.ocx
O18 - Protocol: livecall - (828030A1-22C1-4009-854F-8E305202313F) - C: \ progra ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O18 - Protocol: msnim - (828030A1-22C1-4009-854F-8E305202313F) - C: \ progra ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \ system32 \ WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Grisoft sro - C: \ Programfiler \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C: \ WINDOWS \ system32 \ CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Programfiler \ Fellesfiler \ InstallShield \ Driver \ 1050 \ Intel 32 \ IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner -% ProgramFiles% \ WinPcap \ rpcapd.exe "-d-f"% ProgramFiles% \ WinPcap \ rpcapd.ini (fil mangler)
O23 - Service: SecuROM User Access Service (v7) (UserAccess7) - Unknown owner - C: \ WINDOWS \ system32 \ UAService7.exe

[evilfantasy]

Velkommen til TCF.

To spørsmål før vi fortsetter.

1. Hvorfor er det ingen antivirus kjører?

2. Har du Windows-brannmur aktivert?

[kfarns00]

Windows-brannmur er på, og jeg ikke har et anti-virus på her akkurat nå (dårlig, jeg vet)

[evilfantasy]

OK, først gå inn og laste ned og installere avast! 4 Free Home Edition fra Denne koblingen

Post tilbake når den er installert.

Ikke kjør et søk ennå.

[kfarns00]

ok, det er installert.

[evilfantasy]

Aktivere visning av skjulte systemfiler og mapper

1. Høyreklikk Start.
2. Velg Kontrollpanel.
3. Velg Verktøy menyen, og klikk Mappealternativer.
4. Velg Se Tab.
5. Under Skjulte filer og mapper posisjon velger Vis skjulte filer og mapper.
6. Fjern merkingen for Skjul filetternavn for kjente filtyper alternativet.
7. Fjern merkingen for Skjul beskyttede operativsystemfiler (anbefales) alternativet.
8. Klikk Søke.
9. Klikk OK.

--------------------

1. Reboot i sikkermodus

* For å komme inn i sikkermodus. Start PCen, og mens datamaskinen er oppstart begynne å trykke på "F8".
* Bruk piltastene til å flytte til "Safe Mode" og trykke Enter.

2. Åpne HijackThis og velg Gjør et system skanne bare og plasserer et merke ved siden:

O4 - HKLM \ .. \ Run: [kroppen safe verktøy drv] C: \ Documents and Settings \ All Users \ Application Data \ aktiv bevege kroppen trygt \ media bone.exe
O4 - HKCU \ .. \ Run: [JoyAxis] C: \ DOCUME ~ 1 \ KENFAR ~ 1 \ PROGRAMMER ~ 1 \ USERFL ~ 1 \ Vc cool.exe

Nå klikker Fix kontrollert.

3. Dobbeltklikk Min datamaskin på skrivebordet, og finn følgende filer / mapper og slette dem (hvis det)

C: \ WINDOWS \ system32 \ cool.exe

C: \ Documents and Settings \ KENFAR ~ 1 \ Application Data \ USERFL ~ 1 \ Vc cool.exe (den ~ 1 er banen forkortet)

C: \ Documents and Settings \ All Users \ Application Data \ aktiv bevege kroppen trygt \ media bone.exe

C: \ WINDOWS \ system32 \ media bone.exe

Reboot i normal oppstart-modus.

--------------------

Avinstaller kopi av HijackThis du har og installerer den nye versjonen fra Denne koblingen

Deretter legger du en ny HijackThis logg.

[kfarns00]

Logfile of Trend Micro HijackThis v2.0.2
Scan lagret 4:40:27 PM, on 12/4/2007
Plattform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Kjører prosesser:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programfiler \ Alwil Software \ Avast4 \ aswUpdSv.exe
C: \ Programfiler \ Alwil Software \ Avast4 \ ashServ.exe
C: \ WINDOWS \ Explorer.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Programfiler \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ WINDOWS \ system32 \ CTsvcCDA.exe
C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ Programfiler \ Fellesfiler \ Real \ Update_OB \ realsched.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ progra ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
C: \ WINDOWS \ system32 \ UAService7.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Programfiler \ Fellesfiler \ InstallShield \ UpdateService \ ISUSPM.exe
C: \ Programfiler \ Creative \ MediaSource \ Detector \ CTDetect.exe
C: \ Programfiler \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
C: \ Programfiler \ Alwil Software \ Avast4 \ ashMaiSv.exe
C: \ Programfiler \ Alwil Software \ Avast4 \ ashWebSv.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programfiler \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Programfiler \ Trend Micro \ HijackThis \ HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programfiler \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - (39F7E362-828A-4B5A-BCAF-5B79BFDFEA60) - C: \ Programfiler \ BitComet \ tools \ BitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - (53707962-6F74-2D53-2644-206D7942484F) - C: \ Programfiler \ Spybot - Search & Destroy \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O4 - HKLM \ .. \ Run: [NvCplDaemon] rundll32.exe C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [NvMediaCenter] rundll32.exe C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [SkyTel] SkyTel.EXE
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [LogonStudio] "C: \ Programfiler \ WinCustomize \ LogonStudio \ logonstudio.exe" / RANDOM
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Programfiler \ Fellesfiler \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Programfiler \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe" / minimeres
O4 - HKLM \ .. \ Run: [avast!] C: \ progra ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
O4 - HKCU \ .. \ Run: [MsnMsgr] "C: \ Programfiler \ MSN Messenger \ MsnMsgr.Exe" / background
O4 - HKCU \ .. \ Run: [Yahoo! Personsøker] "C: \ Programfiler \ Yahoo! \ Messenger \ YahooMessenger.exe" stille
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [ISUSPM] "C: \ Programfiler \ Fellesfiler \ InstallShield \ UpdateService \ ISUSPM.exe"-planleggingstjenesten
O4 - HKCU \ .. \ Run: [Creative Detector] "C: \ Programfiler \ Creative \ MediaSource \ Detector \ CTDetect.exe" / R
O4 - HKCU \ .. \ Run: [Uniblue RegistryBooster 2] C: \ Programfiler \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe / S
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Programfiler \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
O8 - Extra sammenheng menyelement: & D & ownload & med BitComet - res: / / C: \ Programfiler \ BitComet \ BitComet.exe / AddLink.htm
O8 - Extra sammenheng menyelement: & D & ownload all video med BitComet - res: / / C: \ Programfiler \ BitComet \ BitComet.exe / AddVideo.htm
O8 - Extra sammenheng menyelement: & D & ownload all with BitComet - res: / / C: \ Programfiler \ BitComet \ BitComet.exe / AddAllLink.htm
O8 - Extra sammenheng menyelement: E & ksporter til Microsoft Excel - res: / / c: \ progra ~ 1 \ micros ~ 2 \ Office11 \ EXCEL.EXE/3000
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra "Verktøy" MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra knappen: BitComet Search - (461CC20B-FB6E-4f16-8FE8-C29359DB100E) - C: \ Programfiler \ BitComet \ tools \ BitCometBHO_1.1.7.4.dll
O9 - Extra knappen: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ progra ~ 1 \ micros ~ 2 \ Office11 \ REFIEBAR.DLL
O9 - Extra knappen: Yahoo! Messenger - (E5D12C4E-7B4F-11D3-B5C9-0050045C3C96) - C: \ Programfiler \ Yahoo! \ Messenger \ YahooMessenger.exe
O9 - Extra "Verktøy" MENUITEM: Yahoo! Messenger - (E5D12C4E-7B4F-11D3-B5C9-0050045C3C96) - C: \ Programfiler \ Yahoo! \ Messenger \ YahooMessenger.exe
O9 - Extra knappen: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O9 - Extra "Verktøy" MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O16 - DPF: (00B71CFB-6864-4346-a978-C0A14556272C) (Checkers Klassifikasjon) -- http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: (20A60F0D-9AFA-4515-A0FD-83BD84642501) (Checkers Klassifikasjon) -- http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (YInstStarter klasse) - C: \ Programfiler \ Yahoo! \ Common \ yinsthelper.dll
O16 - DPF: (4F1E5B1A-2A80-42CA-8532-2D05CB959537) (MSN Photo Upload Tool) -- http://gfx1.mail.live.com/mail/w1/re...s/MSNPUpld.cab
O16 - DPF: (5F8469B4-B055-49DD-83F7-62B522420ECC) (Facebook Photo Uploader Control) -- http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: (8E0D4DE5-3180-4024-a327-4DFAD1796A8D) (MessengerStatsClient Klassifikasjon) -- http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: (BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19) (CPlayFirstddfotgControl Object) -- http://www.shockwave.com/content/din...g.1.0.0.33.cab
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Klassifikasjon) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: (DF780F87-FF2B-4DF8-92D0-73DB16A1543A) (PopCapLoader Object) -- http://www.shockwave.com/content/bej...loader_v10.cab
O16 - DPF: (F04A8AE2-A59D-11D2-8792-00C04F8EF29D) (Hotmail Attachments Control) -- http://by111fd.bay111.hotmail.msn.co...x/HMAtchmt.ocx
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Programfiler \ Alwil Software \ Avast4 \ aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C: \ Programfiler \ Alwil Software \ Avast4 \ ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Programfiler \ Alwil Software \ Avast4 \ ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Programfiler \ Alwil Software \ Avast4 \ ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Grisoft sro - C: \ Programfiler \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C: \ WINDOWS \ system32 \ CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Programfiler \ Fellesfiler \ InstallShield \ Driver \ 1050 \ Intel 32 \ IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C: \ Programfiler \ WinPcap \ rpcapd.exe
O23 - Service: SecuROM User Access Service (v7) (UserAccess7) - Unknown owner - C: \ WINDOWS \ system32 \ UAService7.exe

--
End of file - 7759 bytes

[evilfantasy]

Loggen ser bra, hvordan er maskinen nå?

[kfarns00]

Det er arbeider stor nå. den iexplore.exe oppgaver har ikke kommet tilbake, jeg har ikke hatt noen popups, og det ser ut til å kjøre litt fortere nå også.
Tusen takk for hjelpen! etter å lete rundt i flere dager å finne ut hvordan du blir kvitt dette, har du løst det på kort tid haha, takk igjen

[evilfantasy]

No problem.

Du bør kjøre en virusskanningen nå som avast er installert.
Også laste ned og kjøre Superantispyware (SAS) SUPERAntispyware Free Edition å sikre at ingenting annet er der HijackThis fant ikke.

Sjekk ut gratis verktøy i dette innlegget

Sikker surfing ........