[i]2009-01-07:
Tråden är nu låst.
Tycker du att den är felaktigt låst, var god kontakta
Malou
*********************************************
Hej!
Jag har klantat mig med en fil. Skulle ta hem en textfil som var WinRar och det innehöll en fil som heter: Subpreview.exe. Det var virus så klart.
De åtgärder jag har gjort:
- [li]Städat med CCleaner[/li]
[li]Skannat med Anti-Malware, och fick bort två filer som var ohyra.[/li]
[li]Kört en HJT-logg enligt Malou's guide, som jag behöver lite hjälp med.[/li]
Det som kvarstår: är att varje gång jag startar dator så får jag upp en dialogruta.
Analys-resultat på filen: http://www.virustota...992b30048d25350
Hur får jag bort dialogrutan?? ::)
Tack för all hjälp på förhand :)
*********************HJT-LOGG*********************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:18:05, on 2008-12-05
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:ProgramTGTSoftStyleXPStyleXPService.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.exe
C:windowssystemhpsysdrv.exe
C:WINDOWSsystem32hphmon06.exe
C:HPKBDKBD.EXE
C:ProgramCreativeSBAudigy2ZSDVDAudioCTDVDDet.EXE
C:ProgramDelade filerLogiShrdLComMgrCommunications_Helper.exe
C:ProgramDelade filerLogiShrdLComMgrLVComSX.exe
C:ProgramHPHP Software UpdateHPWuSchd2.exe
C:ProgramAdobeAcrobat 9.0AcrobatAcrotray.exe
C:WINDOWSCTHELPER.EXE
C:WINDOWSsystem32RUNDLL32.EXE
C:ProgramJavajre6binjusched.exe
C:WINDOWSsystem32ctfmon.exe
C:ProgrameBoostreBoostrCP.exe
C:ProgramLogitechSetPointSetPoint.exe
C:ProgramDelade filerLogishrdKHAL2KHALMNPR.EXE
C:ProgramBonjourmDNSResponder.exe
C:ProgramNorton Internet SecurityNorton Internet SecurityAddOnsNorton AddOn
PackEngine3.1.0.7ccProxy.exe
C:WINDOWSsystem32CTSvcCDA.EXE
C:ProgramCreativeShared FilesCTDevSrv.exe
C:ProgrameBoostrEBstrSvc.exe
C:ProgramJavajre6binjqs.exe
c:ProgramDelade filerLightScribeLSSrvc.exe
C:ProgramDelade filerNeroNero BackItUp 4NBService.exe
C:ProgramNorton Internet SecurityNorton Internet SecurityEngine16.1.0.33ccSvcHst.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32HPZipm12.exe
C:WINDOWSsystem32MsPMSPSv.exe
C:ProgramNorton Internet SecurityNorton Internet SecurityEngine16.1.0.33ccSvcHst.exe
C:WINDOWSSystem32svchost.exe
C:ProgramInternet Exploreriexplore.exe
C:WINDOWSsystem32NOTEPAD.EXE
C:ProgramTrend MicroHijackThisRensare.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar =
http://ie.redirect.h...a...&pf=desktop
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page =
http://go.microsoft....k/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page =
http://go.microsoft....k/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://go.microsoft....k/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Länkar
F2 - REG:system.ini: Shell=Explorer.exe "C:Documents and SettingsHP_ÄgarenSkrivbordSub
Preview.exe"
F2 - REG:system.ini: UserInit=C:WINDOWSsystem32userinit.exe,"C:Documents and
SettingsHP_ÄgarenSkrivbordSub Preview.exe",
O1 - Hosts: 127.0.0.2 alltomxp.se.intellitxt.com
O1 - Hosts: 127.0.0.3 intellitxt.com
O1 - Hosts: 127.0.0.4 images.intellitxt.com
O1 - Hosts: 127.0.0.5 ctxt.tribalfusion.com
O1 - Hosts: 127.0.0.6 tribal.us.intellitxt.com
O1 - Hosts: 127.0.0.7 jupiter.us.intellitxt.com
O1 - Hosts: 127.0.0.8 itxt.vibrantmedia.com
O1 - Hosts: 127.0.0.9 freecodecs.us.intellitxt.com
O1 - Hosts: 127.0.0.20 sprintusers.us.intellitxt.com
O1 - Hosts: 127.0.0.21 afterdawn.us.intellitxt.com
O1 - Hosts: 127.0.0.22 softpedia.uk.intellitxt.com
O1 - Hosts: 127.0.0.23 freewarepalm.uk.intellitxt.com
O1 - Hosts: 127.0.0.24 date.ventivmedia.com
O1 - Hosts: 127.0.0.25 kona.kontera.com
O1 - Hosts: 127.0.0.26 kona2.kontera.com
O1 - Hosts: 127.0.0.27 kona3.kontera.com
O1 - Hosts: 127.0.0.28 kona4.kontera.com
O1 - Hosts: 127.0.0.29 kona5.kontera.com
O1 - Hosts: 127.0.0.30 kona6.kontera.com
O1 - Hosts: 127.0.0.31 kona7.kontera.com
O1 - Hosts: 127.0.0.32 kona8.kontera.com
O1 - Hosts: 127.0.0.33 pages.etology.com
O1 - Hosts: 127.0.0.34 content.yieldmanager.edgesuite.net
O1 - Hosts: 127.0.0.35 ad.yieldmanager.com
O1 - Hosts: 127.0.0.36 clicktorrent.info
O1 - Hosts: 127.0.0.37 www.clicktorrent.info
O1 - Hosts: 127.0.0.38 pagead.googlesyndication.com
O1 - Hosts: 127.0.0.39 pagead1.googlesyndication.com
O1 - Hosts: 127.0.0.40 pagead2.googlesyndication.com
O1 - Hosts: 127.0.0.41 pagead3.googlesyndication.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:ProgramDelade
filerAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:ProgramNorton Internet
SecurityNorton Internet SecurityEngine16.1.0.33coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -
C:ProgramNorton Internet SecurityNorton Internet SecurityEngine16.1.0.33IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:ProgramJavajre6binssv.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} -
C:ProgramDelade filerMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} -
C:ProgramDelade filerAdobeAcrobatActiveXAcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} -
C:ProgramJavajre6binjp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -
C:ProgramJavajre6libdeployjqsiejqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:ProgramDelade
filerAdobeAcrobatActiveXAcroIEFavClient.dll
O3 - Toolbar: HP-vy - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:ProgramHPDigital
ImagingbinHPDTLK02.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:ProgramNorton
Internet SecurityNorton Internet SecurityEngine16.1.0.33coIEPlg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:ProgramDelade
filerAdobeAcrobatActiveXAcroIEFavClient.dll
O4 - HKLM..Run: [hpsysdrv] c:windowssystemhpsysdrv.exe
O4 - HKLM..Run: [HPHUPD06] c:ProgramHP{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}hphupd06.exe
O4 - HKLM..Run: [HPHmon06] C:WINDOWSsystem32hphmon06.exe
O4 - HKLM..Run: [KBD] C:HPKBDKBD.EXE
O4 - HKLM..Run: [Recguard] C:WINDOWSSMINSTRECGUARD.EXE
O4 - HKLM..Run: [PS2] C:WINDOWSsystem32ps2.exe
O4 - HKLM..Run: [CTDVDDET] C:ProgramCreativeSBAudigy2ZSDVDAudioCTDVDDet.EXE
O4 - HKLM..Run: [UpdReg] C:WINDOWSUpdReg.EXE
O4 - HKLM..Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM..Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM..Run: [LogitechCommunicationsManager] "C:ProgramDelade
filerLogiShrdLComMgrCommunications_Helper.exe"
O4 - HKLM..Run: [LVCOMSX] "C:ProgramDelade filerLogiShrdLComMgrLVComSX.exe"
O4 - HKLM..Run: [HP Software Update] C:ProgramHPHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [QuickTime Task] "C:ProgramQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [Adobe Acrobat Speed Launcher] "C:ProgramAdobeAcrobat 9.0
AcrobatAcrobat_sl.exe"
O4 - HKLM..Run: [Acrobat Assistant 8.0] "C:ProgramAdobeAcrobat 9.0AcrobatAcrotray.exe"
O4 - HKLM..Run: [CTHelper] CTHELPER.EXE
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [SunJavaUpdateSched] "C:ProgramJavajre6binjusched.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [STYLEXP] C:ProgramTGTSoftStyleXPStyleXP.exe -Hide
O4 - HKCU..Run: [msnmsgr] "C:ProgramWindows LiveMessengermsnmsgr.exe" /background
O4 - HKCU..PoliciesExplorerRun: [Painty] C:Documents and SettingsHP_ÄgarenSkrivbordSub
Preview.exe
O4 - HKUSS-1-5-18..Run: [SetDefaultMIDI] MIDIDef.exe (User 'SYSTEM')
O4 - HKUSS-1-5-18..RunOnce: [SetDefaultMIDI] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [SetDefaultMIDI] MIDIDef.exe (User 'Default user')
O4 - HKUS.DEFAULT..RunOnce: [SetDefaultMIDI] MIDIDEF.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk.disabled
O4 - Global Startup: eBoostr Control Panel.lnk = C:ProgrameBoostreBoostrCP.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:ProgramLogitechSetPointSetPoint.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:ProgramDelade
filerAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:ProgramDelade
filerAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:ProgramDelade
filerAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:ProgramDelade
filerAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:ProgramMICROS~2
Office12REFIEBAR.DLL
O9 - Extra button: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} -
C:WINDOWSPCHEALTHHELPCTRVendorsCN=Hewlett-
Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm
O9 - Extra 'Tools' menuitem: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} -
C:WINDOWSPCHEALTHHELPCTRVendorsCN=Hewlett-
Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork
Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:ProgramMessengerMSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:ProgramMessengerMSMSGS.EXE
O9 - Extra button: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} -
C:WINDOWSPCHEALTHHELPCTRVendorsCN=Hewlett-
Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm (HKCU)
O9 - Extra 'Tools' menuitem: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} -
C:WINDOWSPCHEALTHHELPCTRVendorsCN=Hewlett-
Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm (HKCU)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -
http://www.nvidia.co.../sysreqlab3.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) -
http://www.creative....101/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.mi.../muweb_site.cab?
1195300132406
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package)
- http://www.creative....15106/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:ProgramSUPERAntiSpywareSASWINLO.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple
Computer, Inc. - C:ProgramBonjourmDNSResponder.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:ProgramNorton
Internet SecurityNorton Internet SecurityAddOnsNorton AddOn PackEngine3.1.0.7ccProxy.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -
C:WINDOWSsystem32CTSvcCDA.EXE
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd -
C:ProgramCreativeShared FilesCTDevSrv.exe
O23 - Service: eBoostr Service (EBOOSTRSVC) - eBoostr.com - C:ProgrameBoostrEBstrSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:ProgramDelade
filerMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. -
C:ProgramJavajre6binjqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:ProgramDelade
filerLogitechBluetoothLBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-
Packard Company - c:ProgramDelade filerLightScribeLSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation -
C:ProgramSymantecLiveUpdateLuComServer_3_4.EXE
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:ProgramDelade filerNeroNero
BackItUp 4NBService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:ProgramNorton Internet
SecurityNorton Internet SecurityEngine16.1.0.33ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32
nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner -
C:ProgramCyberLinkShared filesRichVideo.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware -
C:ProgramSiSoftwareSiSoftware Sandra Pro Home 2007.SP1Win32RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:ProgramSiSoftwareSiSoftware
Sandra Pro Home 2007.SP1RpcSandraSrv.exe
O23 - Service: StyleXPService - Unknown owner - C:ProgramTGTSoftStyleXPStyleXPService.exe
--
End of file - 13986 bytes
