Hjälp med hijackthis

Hej.
Har fått problem med datorn, rätt säker på att det är en trojan eller något som sabbar för mig.
Har försökt med det mesta (vad jag vet, interemt kunning).
Hoppas någon kan kika på min hijackthis logga och hjälpa mig med det som är problemet.
Tack/Emil

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 19:15:46, on 2008-02-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program\Java\jre1.6.0_03\bin\jusched.exe
C:\Program\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\Messenger\msmsgs.exe
C:\Program\DNA\btdna.exe
C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Documents and Settings\Coffan\Skrivbord\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.se/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {31150C6C-59EA-4C4E-A674-8D571501D36C} - C:\WINDOWS\system32\ssqrq.dll
O2 - BHO: (no name) - {415D402F-A6FC-4CA2-927B-2323BAAFB966} - C:\WINDOWS\system32\byxyvtt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {0b6c6700-8139-fbf8-dc34-0445a39908ee} - {ee80993a-5440-43cd-8fbf-93180076c6b0} - C:\WINDOWS\system32\eaxmnylp.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [egui] "C:\Program\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TrojanScanner] C:\Program\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [ccc09dd8] rundll32.exe "C:\WINDOWS\system32\xxvndhpf.dll",b
O4 - HKLM\..\Run: [BMcff3ae44] Rundll32.exe "C:\WINDOWS\system32\odpudoxt.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program\DNA\btdna.exe"
O4 - HKCU\..\Run: [Steam] "c:\program\valve\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/...l/gtdownde.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O20 - Winlogon Notify: byxyvtt - C:\WINDOWS\SYSTEM32\byxyvtt.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8845 bytes

sorry att jag inte fixade klammrar, hoppas det funkar ändå!

Ingen som kan hjälpa mig?

hämta detta program, spara det på skrivbordet.
http://www.atribune.org/ccount/click.php?id=4
starta programmet >klicka på scan for vundo >klicka på remove vundo.
välj ta bort filerna, vid fråga.
starta om, ev kan det bli aktuellt med flera omstarter.
posta loggen som finns här C:\vundofix.txt
posta även en ny HJT logg

Okej, här kommer logga från vundo (kom ett meddelande när datorn hade startats om, var någon fil som inte kunde hittas).

VundoFix V6.7.7

Checking Java version...

Sun Java not detected
Scan started at 19:23:04 2008-02-05

Listing files found while scanning....

C:\WINDOWS\system32\bovyrubr.ini
C:\WINDOWS\system32\eaxmnylp.dll
C:\WINDOWS\system32\ekydirgm.dll
C:\WINDOWS\system32\knkubyqh.dll
C:\WINDOWS\system32\lgkabgpa.dll
C:\WINDOWS\system32\mllhuaig.dll
C:\WINDOWS\system32\odpudoxt.dll
C:\WINDOWS\system32\olsjjqex.dll
C:\WINDOWS\system32\plyknkbi.dll
C:\WINDOWS\system32\qttkkdco.dll
C:\WINDOWS\system32\radmtkyl.dll
C:\WINDOWS\system32\rburyvob.dll
C:\WINDOWS\system32\rmfwiteu.dll
C:\WINDOWS\system32\ssqrq.dll
C:\WINDOWS\system32\tanjlbde.dll
C:\WINDOWS\system32\wfsnnnxi.dll
C:\WINDOWS\system32\ymvtiqwf.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\bovyrubr.ini
C:\WINDOWS\system32\bovyrubr.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\eaxmnylp.dll
C:\WINDOWS\system32\eaxmnylp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ekydirgm.dll
C:\WINDOWS\system32\ekydirgm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\knkubyqh.dll
C:\WINDOWS\system32\knkubyqh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lgkabgpa.dll
C:\WINDOWS\system32\lgkabgpa.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mllhuaig.dll
C:\WINDOWS\system32\mllhuaig.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\odpudoxt.dll
C:\WINDOWS\system32\odpudoxt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\olsjjqex.dll
C:\WINDOWS\system32\olsjjqex.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\plyknkbi.dll
C:\WINDOWS\system32\plyknkbi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qttkkdco.dll
C:\WINDOWS\system32\qttkkdco.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\radmtkyl.dll
C:\WINDOWS\system32\radmtkyl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rburyvob.dll
C:\WINDOWS\system32\rburyvob.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rmfwiteu.dll
C:\WINDOWS\system32\rmfwiteu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqrq.dll
C:\WINDOWS\system32\ssqrq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tanjlbde.dll
C:\WINDOWS\system32\tanjlbde.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wfsnnnxi.dll
C:\WINDOWS\system32\wfsnnnxi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ymvtiqwf.dll
C:\WINDOWS\system32\ymvtiqwf.dll Has been deleted!

Performing Repairs to the registry.
Done!


Vill också nämna att jag har ett program som heter trojan remover (ingen aning om detta är effektivt dock, än så länge har det i alla fall inte lyckats ta bort någon fil, dock upptäcker det massor)

och här är den nya HJT loggan:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 19:48:25, on 2008-02-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program\Java\jre1.6.0_03\bin\jusched.exe
C:\Program\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program\Messenger\msmsgs.exe
C:\Program\DNA\btdna.exe
C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Coffan\Skrivbord\ej ta bort\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.se/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {01ebad1a-02f6-3f88-2f14-d2a029415b52} - {25b51492-0a2d-41f2-88f3-6f20a1dabe10} - C:\WINDOWS\system32\lgkabgpa.dll (file missing)
O2 - BHO: (no name) - {2F90FA06-3303-4877-8625-F4204B868501} - C:\WINDOWS\system32\ssqrq.dll (file missing)
O2 - BHO: (no name) - {415D402F-A6FC-4CA2-927B-2323BAAFB966} - C:\WINDOWS\system32\byxyvtt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [egui] "C:\Program\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TrojanScanner] C:\Program\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [BMcff3ae44] Rundll32.exe "C:\WINDOWS\system32\odpudoxt.dll",s
O4 - HKLM\..\Run: [ccc09dd8] rundll32.exe "C:\WINDOWS\system32\jsauubbm.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program\DNA\btdna.exe"
O4 - HKCU\..\Run: [Steam] "c:\program\valve\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/...l/gtdownde.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O20 - Winlogon Notify: byxyvtt - C:\WINDOWS\SYSTEM32\byxyvtt.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8810 bytes

öppna HJT >klicka på open misc tools >delete file on reboot, sök upp eller kopiera in detta C:\WINDOWS\system32\byxyvtt.dll >klicka på öppna >starta om

gör en ny HJT logg, gick det bra så står det så här på 02 och 020
C:\WINDOWS\system32\byxyvtt.dll (file missing)

funka det inte så gör så här (lite mera invecklat)
http://swandog46.geekstogo.com/avenger.exe
spara avenger.exe på skrivbordet >starta programmet >bocka för input script manually >klicka på förstoringsglaset >kopiera in detta i fönstret:

Files to delete:
C:\WINDOWS\system32\byxyvtt.dll

klicka på done >klicka på gröna lampan >svara ja.
när datorn är färdig så ska en logg visas. posta den och en ny HJT logg.
(visas ingen logg så finns den här C:\avenger.txt)

Script file located at: \??\C:\Documents and Settings\cnlqfujb.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\byxyvtt.dll deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


Hijacklogg:



Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:32:51, on 2008-02-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program\Java\jre1.6.0_03\bin\jusched.exe
C:\Program\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\Messenger\msmsgs.exe
C:\Program\DNA\btdna.exe
C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Coffan\Skrivbord\ej ta bort\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.se/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {917d485f-bcbc-06f9-5ac4-04d7654ad092} - {290da456-7d40-4ca5-9f60-cbcbf584d719} - C:\WINDOWS\system32\udiibxnt.dll
O2 - BHO: (no name) - {2F90FA06-3303-4877-8625-F4204B868501} - C:\WINDOWS\system32\ssqrq.dll (file missing)
O2 - BHO: (no name) - {415D402F-A6FC-4CA2-927B-2323BAAFB966} - C:\WINDOWS\system32\byxyvtt.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {CA567505-D035-449C-823D-17EF3302EC0C} - C:\WINDOWS\system32\vtstt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [egui] "C:\Program\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TrojanScanner] C:\Program\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [BMcff3ae44] Rundll32.exe "C:\WINDOWS\system32\odpudoxt.dll",s
O4 - HKLM\..\Run: [ccc09dd8] rundll32.exe "C:\WINDOWS\system32\ltqnueof.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program\DNA\btdna.exe"
O4 - HKCU\..\Run: [Steam] "c:\program\valve\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/...l/gtdownde.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O20 - Winlogon Notify: byxyvtt - byxyvtt.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8975 bytes

nu dök det upp mer skit igen, öppna HJT >klicka på open misc tools >open process manager >markera winlogon.exe >bocka för show dll's >klicka på kopiera-ikonen >kopiera in här

Process list saved on 10:56:14, on 2008-02-06
Platform: Windows XP SP2 (WinNT 5.01.2600)

[pid] [full path to filename] [file version] [company name]
776 C:\WINDOWS\System32\smss.exe 5.1.2600.2180 Microsoft Corporation
860 C:\WINDOWS\system32\winlogon.exe 5.1.2600.2180 Microsoft Corporation
904 C:\WINDOWS\system32\services.exe 5.1.2600.2180 Microsoft Corporation
916 C:\WINDOWS\system32\lsass.exe 5.1.2600.2180 Microsoft Corporation
1092 C:\WINDOWS\system32\Ati2evxx.exe 6.14.10.4162 ATI Technologies Inc.
1108 C:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1260 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1348 C:\WINDOWS\system32\Ati2evxx.exe 6.14.10.4162 ATI Technologies Inc.
1624 C:\WINDOWS\System32\WLTRYSVC.EXE
1656 C:\WINDOWS\System32\bcmwltry.exe 4.100.15.8 Dell Inc.
1664 C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe 7.0.2.5 Lavasoft AB
1948 C:\WINDOWS\system32\spoolsv.exe 5.1.2600.2696 Microsoft Corporation
204 C:\WINDOWS\Explorer.EXE 6.0.2900.3156 Microsoft Corporation
280 C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1.14.0.0 Apple, Inc.
348 C:\Program\Bonjour\mDNSResponder.exe 1.0.3.1 Apple Computer, Inc.
424 C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe 3.0.621.0 ESET
644 C:\WINDOWS\system32\PnkBstrA.exe
704 C:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1760 C:\Program\Synaptics\SynTP\SynTPEnh.exe 8.2.4.6 Synaptics, Inc.
1784 C:\WINDOWS\system32\WLTRAY.exe 4.100.15.8 Dell Inc.
1800 C:\WINDOWS\stsystra.exe 1.0.5143.0 SigmaTel, Inc.
1816 C:\Program\Java\jre1.6.0_03\bin\jusched.exe 6.0.30.5 Sun Microsystems, Inc.
1960 C:\Program\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe 3.2.0.12888 Adobe Systems Incorporated
2104 C:\Program\ESET\ESET NOD32 Antivirus\egui.exe 3.0.621.0 ESET
2272 C:\WINDOWS\system32\rundll32.exe 5.1.2600.2180 Microsoft Corporation
2340 C:\WINDOWS\system32\ctfmon.exe 5.1.2600.2180 Microsoft Corporation
2400 C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE 2.0.0.0 ATI Technologies Inc.
2416 C:\Program\MSN Messenger\msnmsgr.exe 8.1.178.0 Microsoft Corporation
2480 C:\Program\Messenger\msmsgs.exe 4.7.0.3001 Microsoft Corporation
2508 C:\Program\DNA\btdna.exe
2788 C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe 2.0.0.0 ATI Technologies Inc.
524 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
3848 C:\WINDOWS\system32\dlcfcoms.exe 1.154.21.0
2980 C:\Program\Internet Explorer\iexplore.exe 7.0.6000.16574 Microsoft Corporation
908 C:\Documents and Settings\Coffan\Skrivbord\ej ta bort\HiJackThis_v2.exe 2.0.0.0 Trend Micro Inc.


DLLs loaded by process C:\WINDOWS\system32\winlogon.exe:

[full path to filename] [file version] [company name]
C:\WINDOWS\system32\ntdll.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\kernel32.dll 5.1.2600.3119 Microsoft Corporation
C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.3173 Microsoft Corporation
C:\WINDOWS\system32\AUTHZ.dll 5.1.2600.2622 Microsoft Corporation
C:\WINDOWS\system32\msvcrt.dll 7.0.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\USER32.dll 5.1.2600.3099 Microsoft Corporation
C:\WINDOWS\system32\GDI32.dll 5.1.2600.3159 Microsoft Corporation
C:\WINDOWS\system32\MSASN1.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\NDdeApi.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\PROFMAP.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.2976 Microsoft Corporation
C:\WINDOWS\system32\USERENV.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\PSAPI.DLL 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\REGAPI.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\Secur32.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\VERSION.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\WINSTA.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\WS2_32.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\IMM32.DLL 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\MSGINA.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\SHELL32.dll 6.0.2900.3241 Microsoft Corporation
C:\WINDOWS\system32\SHLWAPI.dll 6.0.2900.2995 Microsoft Corporation
C:\WINDOWS\system32\COMCTL32.dll 5.82.2900.2982 Microsoft Corporation
C:\WINDOWS\system32\ODBC32.dll 3.525.1117.0 Microsoft Corporation
C:\WINDOWS\system32\comdlg32.dll 6.0.2900.2180 Microsoft Corporation
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 6.0.2900.2982 Microsoft Corporation
C:\WINDOWS\system32\odbcint.dll 3.525.1117.0 Microsoft Corporation
C:\WINDOWS\system32\SHSVCS.dll 6.0.2900.3051 Microsoft Corporation
C:\WINDOWS\system32\sfc.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\sfc_os.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\ole32.dll 5.1.2600.2726 Microsoft Corporation
C:\WINDOWS\system32\Apphelp.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\msctfime.ime 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\sxs.dll 5.1.2600.3019 Microsoft Corporation
C:\WINDOWS\system32\WINSCARD.DLL 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\WTSAPI32.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\WINMM.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\uxtheme.dll 6.0.2900.2180 Microsoft Corporation
C:\WINDOWS\system32\Ati2evxx.dll 6.14.10.4162 ATI Technologies Inc.
C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.3139 Microsoft Corporation
C:\WINDOWS\system32\cscdll.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\rsaenh.dll 5.1.2600.2161 Microsoft Corporation
C:\WINDOWS\system32\WlNotify.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\WINSPOOL.DRV 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\MPR.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\SAMLIB.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\msv1_0.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.2912 Microsoft Corporation
C:\WINDOWS\System32\BCMLogon.dll 4.100.15.8 Dell Inc.
C:\WINDOWS\System32\MFC71.DLL 7.10.3077.0 Microsoft Corporation
C:\WINDOWS\System32\MSVCR71.dll 7.10.3052.4 Microsoft Corporation
C:\WINDOWS\System32\MSVCP71.dll 7.10.3077.0 Microsoft Corporation
C:\WINDOWS\system32\cscui.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\NTMARTA.DLL 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\wdmaud.drv 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\msacm32.drv 5.1.2600.0 Microsoft Corporation
C:\WINDOWS\system32\MSACM32.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\midimap.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\COMRes.dll 2001.12.4414.258 Microsoft Corporation
C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.308 Microsoft Corporation

Om man Googlar på HijackThis så är den tredje sidan som dyker upp en sida som analyserar dina loggar. Använd den.

Takc, skall kolla. Dock litar jag mer på 927 som verkar ha fina kunskaper