Messenger virus og fjerning

[bokami]

Heia.

Var litt for kjapp med å åpne et vedlegg fra en venn på messenger her forleden. Hele datamaskinen gikk i stå. Slettet msn og messenger med det samme. Scannet så pc'en i sikkerhetsmodus vha norton anti. Ser ut til at det fortsatt er problemer. Brannmuren lar seg ikke opprette igjen. Noe overstyrer den. Er det mulig å fjerne problemet uten å formatere hele skiten? Har forlagt system cd'er, men finner forsåvidt windows programvare cd'en. Er dog usikker på hvordan jeg skal gjennomføre en evt formatering.

 

 

Kjørte forøvrig en hijackthis seksjon. Kan noe slettes:

 

Logfile of HijackThis v1.98.0

Scan saved at 18:58:18, on 14.11.2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe

C:\Norman\bin\ZLH.EXE

C:\Programfiler\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe

C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\Programfiler\DAEMON Tools\daemon.exe

C:\Programfiler\QuickTime\qttask.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\Fellesfiler\{3533D133-063A-1044-1021-04040420002f}\Update.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Skype\Phone\Skype.exe

C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Programfiler\MSN Toolbar Suite\DS\02.05.0001.1119\nb-no\bin\WindowsSearch.exe

C:\Programfiler\CASIO\Photo Loader\Plauto.exe

C:\PROGRA~1\FELLES~1\Nokia\MPAPI\MPAPI3s.exe

C:\Programfiler\MSN Toolbar Suite\DS\02.05.0001.1119\nb-no\bin\WindowsSearchIndexer.exe

C:\Programfiler\Microsoft AntiSpyware\gcasDtServ.exe

C:\Programfiler\Juniper Networks\Common Files\dsNcService.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Norman\bin\ZANDA.EXE

C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Programfiler\Fellesfiler\PCSuite\Services\ServiceLayer.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Norman\bin\NJEEVES.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\NORMAN\Nvc\BIN\nvcoas.exe

C:\NORMAN\Nvc\BIN\NVCSCHED.EXE

C:\Norman\Nvc\BIN\NIP.EXE

C:\NORMAN\Nvc\BIN\nipsvc.exe

C:\Norman\Nvc\bin\cclaw.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\WISPTIS.EXE

C:\Programfiler\Google\Google Talk\googletalk.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Iselin\Skrivebord\HijackThis1980.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

F0 - system.ini: Shell=

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll

O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Toolbar Suite\TB\02.05.0000.1105\nb-no\msntb.dll

O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Toolbar Suite\TB\02.05.0000.1105\nb-no\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programfiler\Fellesfiler\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programfiler\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [MsgCenterExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\RealOneMessageCenter.exe" -osboot

O4 - HKLM\..\Run: [gcasServ] "C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [PcSync] C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

O4 - Global Startup: PC-søk i Windows.lnk = C:\Programfiler\MSN Toolbar Suite\DS\02.05.0001.1119\nb-no\bin\WindowsSearch.exe

O4 - Global Startup: Photo Loader supervisory.lnk = C:\Programfiler\CASIO\Photo Loader\Plauto.exe

O8 - Extra context menu item: &MSN Search - res://C:\Programfiler\MSN Toolbar Suite\TB\02.05.0000.1105\nb-no\msntb.dll/search.htm

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\MSN Toolbar Suite\TAB\02.05.0000.1105\nb-no\msntabres.dll/229?8e3af631c27f4fd4b5ac488c27e68922

O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\MSN Toolbar Suite\TAB\02.05.0000.1105\nb-no\msntabres.dll/230?8e3af631c27f4fd4b5ac488c27e68922

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

O18 - Protocol: t-mobile - {C6D89159-3467-4C2F-9918-3362DA57BCD2} - C:\PROGRA~1\T-Mobile\HOTSPO~1\TMOBIL~1.DLL

[norbat]

Ser ok ut loggen din. Du kan laste ned nyeste versjon av HJT, rename den til eks. hjt.exe og legg ut en ny logg