Virus Hjälp!

Helt plötsligt kommer en varning upp som säger att min windows brandvägg har inaktiverats, jag går snabbt in och sätter på den igen. Sedan kommer det upp ett medelande som jag tror att det stod svchost.exe
forsätt att blockera eller häv blockering. Jag klickade i rutan fortsätt blockera. Sedan stängs datorn av och jag försöker komma in på mitt "windows account" ( Jag är administratör på datorn). Jag kommer in men hinner inte göra något förrens datorn stängs av igen.
Jag kan bara komma in på min flickväns " windows account" nu, Jag kan inte starta mitt virusprogram (avg free). Och detta kommer hela tiden upp : http://img222.imageshack.us/my.php?image=virusob5.png

Jag tror att det är filen SVCHOST.EXE som det har kommit in ett virus i, för det stod senast ändrad på programmet minuterna efter jag upptäckt viruset.
snälla hjälp mig!

Vet du var sökvägen är på filen?

starta datorn i "felsäkert läge med nätverk", ladda ner, installera, uppdatera och scanna med malwarebytes 2 ggr.

http://www.download.com/3001-8022_4-...rt=dl-10804572

du startar datorn i felsäkert läge genom att nöta in F8 vid uppstarten.

Hittar 3 st virus som inte går att ta bort, har tryckt på remove 1000ggr men de kommer bara upp igen å igen å igen http://img222.imageshack.us/my.php?image=virrsx8.png

Vad kan jag göra åt saken nu?

posta loggen i stället

Ja och sedan scannar jag igen och de kommer upp igen

starta malwarebytes, gå till fliken "loggar", kopiera all text och klistra in här.

2008-10-22 21:45:38
mbam-log-2008-10-22 (21-45-38).txt

Scan type: Quick Scan
Objects scanned: 55185
Time elapsed: 4 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: f:\windows\system32\ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
F:\WINDOWS\system32\ (Trojan.Agent) -> Quarantined and deleted successfully.





2008-10-22 21:49:50
mbam-log-2008-10-22 (21-49-50).txt

Scan type: Quick Scan
Objects scanned: 55233
Time elapsed: 1 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: f:\windows\system32\ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
F:\WINDOWS\system32\ (Trojan.Agent) -> Quarantined and deleted successfully.




[b]Malwarebytes' Anti-Malware 1.29
Database version: 1306
Windows 5.1.2600 Service Pack 2

2008-10-22 21:52:02
mbam-log-2008-10-22 (21-52-02).txt

Scan type: Quick Scan
Objects scanned: 55233
Time elapsed: 1 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: f:\windows\system32\ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
F:\WINDOWS\system32\ (Trojan.Agent) -> Quarantined and deleted successfully.



2008-10-22 22:05:05
mbam-log-2008-10-22 (22-05-05).txt

Scan type: Quick Scan
Objects scanned: 55248
Time elapsed: 1 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: f:\windows\system32\ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
F:\WINDOWS\system32\ (Trojan.Agent) -> Quarantined and deleted successfully.

startade du om datorn efter varje scanning?
hur beter sig datorn i normalt läge?

Nej det gjorde jag inte. Jag är in loggad i felsäkert läge nu och när jag gjorde scannerna. I normalt läge funkar det bara att vara inloggad på min flickvänns "windows konto". Mitt konto som också är administratörs kontot fungerar inte alls, när man loggar in på det startar datorn om sig.

i vilket konto är du i felsäkert läge?

posta en HJT logg här

ladda ner och starta hijackthis, välj "do a system scan and save a logg file" efter några sekunder kommer det upp text, kopiera och posta här.

http://www.trendsecure.com/portal/en...hijackthis/qsg

[quote=w580i]i vilket konto är du i felsäkert läge?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:54:04, on 2008-10-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Safe mode with network support

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\ctfmon.exe
F:\Program\Mozilla Firefox\firefox.exe
F:\Program\Trend Micro\HijackThis\this.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - F:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\Program\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG7_CC] F:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "F:\Program\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "f:\program\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\Program\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = F:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stardock ObjectDock.lnk = F:\Program\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download all links using BitComet - res://F:\Program\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://F:\Program\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://F:\Program\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Program\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: karna.dat
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - F:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - F:\Program\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Procedure Call (HPM) (RPCH) - Unknown owner - F:\Program\NetMeeting\nmwb.exe (file missing)

--
End of file - 6384 bytes

posta en hijackthis logg, inte en mbam logg