Stort problem.

Hallå. Efter att jag startat upp datorn idag så hände det massa sjuka saker.

1. Seg vid uppstart
2. Min brandvägg(zonealarm) blockar massa internet access men säger att datorn är SAFE.
3. Texten på en del filer är BLÅ istället för SVART.
4. Jag har scannat datorn och tagit bort allt jag hittat.

Nån som vet vad som kan vara fel?

Här är min HiJackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 00:43:08, on 2007-03-23
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Symantec\NORTON~1\GHOSTS~2.EXE
D:\Spel\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
D:\Spel\Spyware Doctor\sdhelp.exe
C:\Program\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\devldr32.exe
D:\Spel\Eset\nod32kui.exe
D:\spel\steam\steam.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program\MSN Messenger\msnmsgr.exe
D:\Spel\Eset\nod32.exe
C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5 462\GoogleToolbarNotifier.exe
C:\DOCUME~1\Johan\LOKALA~1\Temp\Rar$EX01.424\Hijac kThis.exe
D:\Spel\Mozilla Firefox 1.5\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - URLSearchHook: (no name) - _{A045DC85-FC44-45be-8A50-E4F9C62C9A84} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spel\Spybot\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\Spel\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7BD78798-8303-7B68-31B0-FBB2F5641FCB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\Spel\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [nod32kui] "D:\Spel\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [Steam] "d:\spel\steam\steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5 462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\Spel\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - D:\Spel\MultiPoker\MultiPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - D:\Spel\MultiPoker\MultiPoker.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Spel\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Spel\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab27571.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {83873F92-B99B-400A-9E36-52B5F4970FB7} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab27571.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://dh1.lana.nu/cams/AxisCamControl.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} - http://security.symantec.com/SSC/Sha.../bin/cabsa.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.comp...bio5_1_6_0.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: GhostStartService - Symantec Corporation - C:\Program\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Spel\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Spel\Spyware Doctor\sdhelp.exe
O23 - Service: Serviço de protocolo Microsoft SSVP (svchostx) - Unknown owner - C:\WINDOWS\system\svchost.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) - Uppdatera på windowsupdate.com.

R3 - URLSearchHook: (no name) - _{A045DC85-FC44-45be-8A50-E4F9C62C9A84} - (no file) - Fixa.

O2 - BHO: (no name) - {7BD78798-8303-7B68-31B0-FBB2F5641FCB} - (no file) - Fixa.

O23 - Service: Serviço de protocolo Microsoft SSVP (svchostx) - Unknown owner - C:\WINDOWS\system\svchost.exe (file missing) - Fixa!

Gick inte att få bort den sista ;/

O23 - Service: Serviço de protocolo Microsoft SSVP (svchostx) - Unknown owner - C:\WINDOWS\system\svchost.exe (file missing)



The firewall has blocked Internet access to your computer (UDP Port 11062) from 71.240.10.104 (UDP Port 50144)

The firewall has blocked Internet access to your computer (UDP Port 11062) from 209.121.51.152 (UDP Port 1152)

Får upp sånna alerts HELA tiden, måste ta don't show this dialog again. Vet fan inte vad detta är för nåt..

Blå filnamn i Wndows är väl komprimerade filer?
Vilket antivirus kör du?

Har du scannat datorn efter virus och spyware/trojaner?

Jag har scannat datorn med följande:

NOD32 - hittade inget
Avast! - hittade 3 trojaner, borttagna
Spybot Search And Destroy - svchost.exe fanns med i infected, reparerad.
Ad-aware - hittade inget
Kaspersky Online Scanner - hittade inget
Spyware Doctor - hittade inget
rensade registret med CCleaner
Provade Systemåterställning, det fungerade inte :/

Kör med NOD32 för tillfället.

ZoneAlarm has blocked access to port 11062 on your computer

ZoneAlarm has successfully stopped local network or Internet traffic from reaching your computer. No breach in your security has occurred. Your computer is safe.

What happened?

ZoneAlarm blocked traffic to port 11062 on your machine from port 32921 on a remote computer whose IP address is 85.18.136.102. This communication attempt may have been a port scan, or simply one of the millions of unsolicited commercial or network control messages that are routinely sent out over the Internet. Such unsolicited messages are often called Internet background noise.

Should I be concerned?

This alert should not be a cause for concern. ZoneAlarm has protected your machine according to the firewall settings you have selected.

Skriv\kopiera rader nedan en i taget i Kör fältet och klicka Ok efter bägge rad

sc stop svchostx
sc delete svchostx

sen ta bort om hittas = C:\WINDOWS\system\svchost.exe

Alltså jag drog ut nätverkskabeln över natten och satte i den igen efter att datorn startats upp. Nu blockar inte brandväggen nånting längre

Det har ingenting med brandväggen att göra. Gör bara som han säger.

Skrev dom där 2 sakerna i kör nu, ska jag ta bort svchost.exe i windows mappen nu?

Verkar inte fungera...

Förklara...