Hijack log. Hjälp får en massa popups.

Grejen är det att jag får typ upp en halvfungerande hemsida där det står att det antivirus jag har nu inte funkar, sen en massa popups, och en lite ruta där det står att det inte kunde höras något kopplingston. Någon som känner igen detta eller vet hur jag ska lösa det?



Logfile of HijackThis v1.99.1
Scan saved at 21:15:45, on 2007-07-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Panda Software\Panda Antivirus 2007\pavsrv51.exe
C:\Program\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Norman\Nvc\BIN\Zanda.exe
C:\Program\Panda Software\Panda Antivirus 2007\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet. EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Norman\Nvc\BIN\ZLH.EXE
C:\Program\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE
C:\WINDOWS\system32\ctfmon.exe
c:\program\panda software\panda antivirus 2007\WebProxy.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\MSN Messenger\usnsvc.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program\VideoLAN\VLC\vlc.exe
C:\WINDOWS\SYSTEM32\taskmgr.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Örnberg\Skrivbord\hijackthis\HijackThis.e xe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet. EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\jjvbjkos.dll",forkonce
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?ee01f93455774bb68fadee3742e1bf70
O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?ee01f93455774bb68fadee3742e1bf70
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program\Delade filer\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @C:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.pixbox.se/aurigma/iu_4.5.4.0/ImageUploader4.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://81.8.160.183/activex/AMC.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam1.vilhelmina.se/activex/AxisCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.pixbox.se/static/ImageUploader3.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F2188E0-2816-4EBE-8A2C-493684A900FA}: NameServer = 81.8.160.254
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program\Delade filer\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program\DELADE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: PAVWAIT.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Unknown owner - D:\xampp\xampp\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Nvc\BIN\Zanda.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program\Panda Software\Panda Antivirus 2007\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program\Panda Software\Panda Antivirus 2007\PsImSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)

hämta detta program, spara det på skrivbordet.
http://www.atribune.org/ccount/click.php?id=4

starta programmet >klicka på scan for vundo >klicka på remove vundo.
välj ta bort filerna, vid fråga.
starta om, ev kan det bli aktuellt med flera omstarter.
posta loggen som finns här C:\vundofix.txt

har gjort de nu, loggen


VundoFix V6.5.6

Checking Java version...

Sun Java not detected
Scan started at 21:43:33 2007-07-24

Listing files found while scanning....

C:\WINDOWS\system32\awtqr.dll
C:\WINDOWS\system32\nejeytch.dll
C:\WINDOWS\system32\rqtwa.bak1
C:\WINDOWS\system32\rqtwa.bak2
C:\WINDOWS\system32\rqtwa.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awtqr.dll
C:\WINDOWS\system32\awtqr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nejeytch.dll
C:\WINDOWS\system32\nejeytch.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqtwa.bak1
C:\WINDOWS\system32\rqtwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqtwa.bak2
C:\WINDOWS\system32\rqtwa.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqtwa.ini
C:\WINDOWS\system32\rqtwa.ini Has been deleted!

Performing Repairs to the registry.
Done!

öppna HJT >klicka på open misc tools >open process manager >markera winlogon.exe >bocka för show dll's >klicka på kopiera ikonen bredvid >kopiera in här

posta en ny HJT logg

alltså jag fick de så de stod att den va kopierad till clipboard, sen då?
om de va så jag gjorde så är loggen här.



Logfile of HijackThis v1.99.1
Scan saved at 22:09:54, on 2007-07-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Panda Software\Panda Antivirus 2007\pavsrv51.exe
C:\Program\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Norman\Nvc\BIN\Zanda.exe
C:\Program\Panda Software\Panda Antivirus 2007\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet. EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Norman\Nvc\BIN\ZLH.EXE
C:\Program\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE
C:\WINDOWS\system32\ctfmon.exe
c:\program\panda software\panda antivirus 2007\WebProxy.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Örnberg\Skrivbord\hijackthis\HijackThis.e xe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet. EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\jjvbjkos.dll",forkonce
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?ee01f93455774bb68fadee3742e1bf70
O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?ee01f93455774bb68fadee3742e1bf70
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program\Delade filer\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @C:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.pixbox.se/aurigma/iu_4.5.4.0/ImageUploader4.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://81.8.160.183/activex/AMC.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam1.vilhelmina.se/activex/AxisCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.pixbox.se/static/ImageUploader3.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F2188E0-2816-4EBE-8A2C-493684A900FA}: NameServer = 81.8.160.254
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program\Delade filer\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program\DELADE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: PAVWAIT.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Unknown owner - D:\xampp\xampp\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Nvc\BIN\Zanda.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program\Panda Software\Panda Antivirus 2007\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program\Panda Software\Panda Antivirus 2007\PsImSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)

öppna HJT >klicka på open misc tools >open process manager >markera winlogon.exe >bocka för show dll's >klicka på kopiera ikonen bredvid >kopiera in här

Process list saved on 20:35:58, on 2007-07-25
Platform: Windows XP SP2 (WinNT 5.01.2600)

[pid] [full path to filename] [file version] [company name]
512 C:\WINDOWS\System32\smss.exe 5.1.2600.2180 Microsoft Corporation
592 C:\WINDOWS\SYSTEM32\winlogon.exe 5.1.2600.2180 Microsoft Corporation
636 C:\WINDOWS\system32\services.exe 5.1.2600.2180 Microsoft Corporation
648 C:\WINDOWS\system32\lsass.exe 5.1.2600.2180 Microsoft Corporation
816 C:\WINDOWS\system32\Ati2evxx.exe 6.14.10.4110 ATI Technologies Inc.
836 C:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1004 C:\Program\Panda Software\Panda Antivirus 2007\pavsrv51.exe 2.0.1840.32 Panda Software International
1024 C:\Program\Panda Software\Panda Antivirus 2007\AVENGINE.EXE 2.0.1840.33 Panda Software International
1156 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1532 C:\WINDOWS\system32\spoolsv.exe 5.1.2600.2696 Microsoft Corporation
1800 C:\WINDOWS\SYSTEM32\Ati2evxx.exe 6.14.10.4110 ATI Technologies Inc.
1880 C:\WINDOWS\Explorer.EXE 6.0.2900.2527 Microsoft Corporation
1996 C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe 7.5.1.36 GRISOFT s.r.o.
2036 C:\WINDOWS\system32\CTsvcCDA.exe 1.0.1.0 Creative Technology Ltd
188 C:\Norman\Nvc\BIN\Zanda.exe
324 C:\Program\Panda Software\Panda Antivirus 2007\PsImSvc.exe 2.6.36.0 Panda Software
572 C:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation
788 C:\WINDOWS\system32\MsPMSPSv.exe 7.0.0.1954 Microsoft Corporation
1220 C:\Program\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe 1.4.1.0 Creative Technology Ltd
1304 C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet. EXE 1.0.3.0 Creative Technology Ltd
1344 C:\WINDOWS\system32\CTHELPER.EXE 1.0.1.2 Creative Technology Ltd
940 C:\Norman\Nvc\BIN\ZLH.EXE
692 C:\Program\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE 7.0.11.0 Panda Software International
1732 C:\WINDOWS\system32\ctfmon.exe 5.1.2600.2180 Microsoft Corporation
2736 c:\program\panda software\panda antivirus 2007\WebProxy.exe 6.2.22.533 Panda Software International
3096 C:\Program\Internet Explorer\IEXPLORE.EXE 6.0.2900.2180 Microsoft Corporation
3136 C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe 4.100.313.1 Microsoft Corporation
3744 C:\Documents and Settings\Örnberg\Skrivbord\hijackthis\HijackThis.e xe 1.99.0.1 Soeperman Enterprises Ltd.


DLLs loaded by process C:\WINDOWS\SYSTEM32\winlogon.exe:

[full path to filename] [file version] [company name]
C:\WINDOWS\system32\ntdll.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\kernel32.dll 5.1.2600.3119 Microsoft Corporation
C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\AUTHZ.dll 5.1.2600.2622 Microsoft Corporation
C:\WINDOWS\system32\msvcrt.dll 7.0.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\USER32.dll 5.1.2600.3099 Microsoft Corporation
C:\WINDOWS\system32\GDI32.dll 5.1.2600.3099 Microsoft Corporation
C:\WINDOWS\system32\MSASN1.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\NDdeApi.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\PROFMAP.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.2976 Microsoft Corporation
C:\WINDOWS\system32\USERENV.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\PSAPI.DLL 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\REGAPI.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\Secur32.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\VERSION.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\WINSTA.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\WS2_32.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\SYSTEM32\MSGINA.dll 5.1.2600.2603 Microsoft Corporation
C:\WINDOWS\system32\COMCTL32.dll 5.82.2900.2982 Microsoft Corporation
C:\WINDOWS\SYSTEM32\ODBC32.dll 3.525.1117.0 Microsoft Corporation
C:\WINDOWS\system32\SHELL32.dll 6.0.2900.3051 Microsoft Corporation
C:\WINDOWS\system32\SHLWAPI.dll 6.0.2900.3121 Microsoft Corporation
C:\WINDOWS\system32\comdlg32.dll 6.0.2900.2180 Microsoft Corporation
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 6.0.2900.2982 Microsoft Corporation
C:\WINDOWS\SYSTEM32\odbcint.dll 3.525.1117.0 Microsoft Corporation
C:\WINDOWS\SYSTEM32\SHSVCS.dll 6.0.2900.3051 Microsoft Corporation
C:\WINDOWS\system32\sfc.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\SYSTEM32\sfc_os.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\ole32.dll 5.1.2600.2726 Microsoft Corporation
C:\WINDOWS\system32\Apphelp.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\SYSTEM32\sxs.dll 5.1.2600.3019 Microsoft Corporation
C:\WINDOWS\SYSTEM32\WINSCARD.DLL 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\SYSTEM32\WTSAPI32.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\SYSTEM32\WINMM.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\SYSTEM32\Ati2evxx.dll 6.14.10.4110 ATI Technologies Inc.
C:\WINDOWS\SYSTEM32\uxtheme.dll 6.0.2900.2180 Microsoft Corporation
C:\WINDOWS\SYSTEM32\avldr.dll 2.0.1840.1 Panda Software
C:\WINDOWS\SYSTEM32\rsaenh.dll 5.1.2600.2161 Microsoft Corporation
C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\SYSTEM32\SHFOLDER.dll 6.0.2900.2180 Microsoft Corporation
C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\urlmon.dll 6.0.2900.3121 Microsoft Corporation
C:\WINDOWS\SYSTEM32\cscdll.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\SYSTEM32\WlNotify.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\SYSTEM32\WINSPOOL.DRV 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\MPR.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\SYSTEM32\WgaLogon.dll 1.7.18.5 Microsoft Corporation
C:\WINDOWS\SYSTEM32\NTMARTA.DLL 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\SYSTEM32\SAMLIB.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\SYSTEM32\CLBCATQ.DLL 2001.12.4414.308 Microsoft Corporation
C:\WINDOWS\SYSTEM32\COMRes.dll 2001.12.4414.258 Microsoft Corporation
C:\WINDOWS\SYSTEM32\winwil32.dll
C:\WINDOWS\SYSTEM32\RASAPI32.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\SYSTEM32\rasman.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\SYSTEM32\TAPI32.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\SYSTEM32\rtutils.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\SYSTEM32\iphlpapi.dll 5.1.2600.2912 Microsoft Corporation
C:\WINDOWS\system32\msv1_0.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\SYSTEM32\byxwwts.dll
C:\WINDOWS\system32\WININET.dll 6.0.2900.3121 Microsoft Corporation
C:\WINDOWS\SYSTEM32\cscui.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\SYSTEM32\xpsp2res.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\SYSTEM32\wdmaud.drv 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\SYSTEM32\msacm32.drv 5.1.2600.0 Microsoft Corporation
C:\WINDOWS\SYSTEM32\MSACM32.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\SYSTEM32\midimap.dll 5.1.2600.2180 Microsoft Corporation

gör en ny scan med HJT, bocka för och fixa den här raden
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\jjvbjkos.dll",forkonce

***

http://swandog46.geekstogo.com/avenger.exe
spara exe filen på skrivbordet >starta programmet >bocka för input script manually >klicka på förstoringsglaset >kopiera in detta i fönstret:

Files to delete:
C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\SYSTEM32\winwil32.dll
C:\WINDOWS\SYSTEM32\byxwwts.dll

klicka på done >klicka på gröna lampan >svara ja.
när datorn är färdig så ska en logg visas.
visas ingen logg så finns den här C:\avenger.txt

posta en ny HJT logg

den nya loggen.


Logfile of HijackThis v1.99.1
Scan saved at 16:15:58, on 2007-07-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Panda Software\Panda Antivirus 2007\pavsrv51.exe
C:\Program\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Norman\Nvc\BIN\Zanda.exe
C:\Program\Panda Software\Panda Antivirus 2007\PsImSvc.exe
C:\Program\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet. EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Norman\Nvc\BIN\ZLH.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE
C:\WINDOWS\system32\ctfmon.exe
c:\program\panda software\panda antivirus 2007\WebProxy.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Örnberg\Skrivbord\hijackthis\HijackThis.e xe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {857A461D-8D96-4996-A4A0-AEA0A2535B86} - C:\WINDOWS\system32\byxwwts.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {91D07B95-ADF8-4425-AE56-51375EE85F2B} - C:\WINDOWS\system32\awvvu.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CCF00F4D-07C1-489F-9568-F8ABB85A28F9} - C:\WINDOWS\system32\awtqr.dll (file missing)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet. EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?ee01f93455774bb68fadee3742e1bf70
O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?ee01f93455774bb68fadee3742e1bf70
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program\Delade filer\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @C:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.pixbox.se/aurigma/iu_4.5.4.0/ImageUploader4.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://81.8.160.183/activex/AMC.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam1.vilhelmina.se/activex/AxisCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.pixbox.se/static/ImageUploader3.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F2188E0-2816-4EBE-8A2C-493684A900FA}: NameServer = 81.8.160.254
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program\Delade filer\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program\DELADE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: PAVWAIT.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: byxwwts - byxwwts.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winwil32 - C:\WINDOWS\SYSTEM32\winwil32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Unknown owner - D:\xampp\xampp\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Nvc\BIN\Zanda.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program\Panda Software\Panda Antivirus 2007\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program\Panda Software\Panda Antivirus 2007\PsImSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)

jag vill se den här loggen oxå
C:\avenger.txt

det blev ingen avenger log, inte i C:avenger

märkligt men du använde det programmet och gjorde som jag skrev?