ตอนนี้พอใช้ google หรือ การ search อะไรก็ตาม firefox จะเปิดขึ้นมาอีกหน้าต่างนึงอ่ะค่ะ
น่าจะเป็น spyware แค่ลองใช้ spybot s&D และ toraj remover แล้วก็ไม่หายน่ะค่ะ


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 352 PM, on 12/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0EF96850-BAC4-48F6-8C96-DCFB03DE6C02} - (no file)
O2 - BHO: (no name) - {1C2DA439-4680-4E85-A22D-EB2385FABF80} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7D53D30B-8053-4F95-BBA9-53CA9520F386} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C1A3C3A1-A4F7-420F-9A15-91044BD568EF} - (no file)
O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [USB Antivirus] "C:\Program Files\USB Disk Security\USBGuard.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] "C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" boot
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\RunOnce: [SpybotDeletingA5460] command /c del "C:\Program Files\Mozilla Firefox\chrome\a2ffxtbr.jar"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1129] cmd /c del "C:\Program Files\Mozilla Firefox\chrome\a2ffxtbr.jar"
O4 - HKLM\..\RunOnce: [SpybotDeletingA970] command /c del "C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9748] cmd /c del "C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE"
O4 - HKLM\..\RunOnce: [SpybotDeletingA211] command /c del "C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6286] cmd /c del "C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2710] command /c del "C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9470] cmd /c del "C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7887] command /c del "C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8192] command /c del "C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3958] cmd /c del "C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9793] command /c del "C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6729] cmd /c del "C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7223] command /c del "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3315] cmd /c del "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9389] command /c del "C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5651] cmd /c del "C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7164] command /c del "C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6616] cmd /c del "C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4910] command /c del "C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1339] cmd /c del "C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5561] command /c del "C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2655] cmd /c del "C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3295] command /c del "C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1338] cmd /c del "C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4642] command /c del "C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1666] cmd /c del "C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST"
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: ส่&งออกไปยัง Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ?????? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: ??&???? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: bvhqeg.dll fgwevo.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 10737 bytes