(LØST)Noen som vil se gjennom hjt logg?"HTML/EXPLOIT!....

[realoddball]

Jeg har fått Virus Warning fra Norman om at det er funnet "HTML/EXPLOIT!....." virus på maskinene. Jeg har kjørt igjennom hele pakken med SAS,Combofix og HJT. Er det noe "møkk" igjen her som kan fjernes? Virker som om viruset er borte nå.

 

realoddball som er imponert over problemløserne på denne siden :!:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:30:41, on 14.06.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

J:\WINDOWS\System32\smss.exe

J:\WINDOWS\system32\csrss.exe

J:\WINDOWS\system32\winlogon.exe

J:\WINDOWS\system32\services.exe

J:\WINDOWS\system32\lsass.exe

J:\Norman\Npm\bin\ELOGSVC.EXE

J:\WINDOWS\system32\svchost.exe

J:\WINDOWS\system32\svchost.exe

J:\WINDOWS\System32\svchost.exe

J:\Norman\Npm\Bin\Zanda.exe

J:\Norman\npm\bin\nvoy.exe

J:\WINDOWS\System32\svchost.exe

J:\WINDOWS\System32\svchost.exe

J:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

J:\Norman\Npm\bin\ZLH.EXE

J:\WINDOWS\system32\ctfmon.exe

J:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

J:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

J:\Norman\Nvc\BIN\NIP.EXE

J:\WINDOWS\system32\spoolsv.exe

J:\WINDOWS\System32\SCardSvr.exe

J:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

J:\WINDOWS\System32\CTsvcCDA.exe

J:\WINDOWS\system32\svchost.exe

J:\WINDOWS\system32\svchost.exe

J:\Programfiler\Ahead\InCD\InCDsrv.exe

J:\WINDOWS\System32\svchost.exe

J:\WINDOWS\system32\nvsvc32.exe

J:\WINDOWS\System32\svchost.exe

J:\WINDOWS\System32\svchost.exe

J:\WINDOWS\System32\MsPMSPSv.exe

J:\Norman\Npm\bin\NVCSCHED.EXE

J:\Norman\Nvc\bin\nvcoas.exe

J:\Norman\Npm\bin\NJEEVES.EXE

J:\WINDOWS\System32\alg.exe

J:\Norman\Nvc\bin\cclaw.exe

J:\WINDOWS\explorer.exe

J:\Programfiler\Internet Explorer\iexplore.exe

J:\Programfiler\HP\Smart Web Printing\hpswp_clipbook.exe

J:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

J:\WINDOWS\System32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - J:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - J:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - J:\Programfiler\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - J:\Programfiler\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - J:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - J:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - J:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - J:\Programfiler\Telenor\Online Start\IEFixItNowPlugin.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - J:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [Norman ZANDA] "J:\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE J:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [QuickTime Task] "J:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] J:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] J:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] J:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] J:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] J:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] J:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] J:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://J:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: HP Utklippsbok - {58ECB495-38F0-49cb-A538-10282ABF65E7} - J:\Programfiler\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: HP Smart valgmetode - {700259D7-1666-479a-93B1-3250410481E8} - J:\Programfiler\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - J:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - J:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - J:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Programfiler\Messenger\msmsgs.exe

O12 - Plugin for .spop: J:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1162236317515

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1202929646359

O16 - DPF: {B590F5BC-5774-47D8-859E-727E25E017AA} (DriverDetectiveMembers.members) - http://www.drivershq.com/files/cab/member/...Detective-m.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - J:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O20 - Winlogon Notify: !SASWinLogon - J:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - J:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - J:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - J:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - J:\Norman\Npm\bin\ELOGSVC.EXE

O23 - Service: Google Updater Service (gusvc) - Google - J:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - J:\Programfiler\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - J:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: Norman NJeeves - Unknown owner - J:\Norman\Npm\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Norman ASA - J:\Norman\Npm\Bin\Zanda.exe

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - J:\Norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - J:\Norman\Npm\bin\NVCSCHED.EXE

O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - J:\Norman\npm\bin\nvoy.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - J:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 8364 bytes

 

 

Endret 14. juni 2008 av realoddball

[norbat]

HJT-loggen ser grei ut. Du kan la HJT fixe følgende to linjer:

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

 

Har du brukt combofix, kan du fjerne dette ved å skrive combofix /u i kjør (start->kjør)

[realoddball]

HJT-loggen ser grei ut. Du kan la HJT fixe følgende to linjer:

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

 

Har du brukt combofix, kan du fjerne dette ved å skrive combofix /u i kjør (start->kjør)

Du snakker meg om!! Kjapt levert. Takk!!