Just nu i M3-nätverket
Jump to content

Trojanproblem..


steveaktiv

Recommended Posts

Hej! Nybörjare här.. Har en trojan som jag inte blir av med.. IJBIHWN.DLL.... Filen är låst.. Har provat Windows commander.. Men kan inte låsa upp.. Tacksam för hjälp.

 

/Stefan

 

Link to comment
Share on other sites

Ladda hem och scanna med HijackThis,så kan någon av experterna här

ta en titt på loggen...

http://www.spychecker.com/program/hijackthis.html

Installera,starta,välj sedan Do a system scan and save a logfile

kopiera loggen som kommer upp (inget annat)

 

Du postar loggen på detta sätt:

 

Tryck på LOG-knappen i besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

Link to comment
Share on other sites

[log]

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:42:35, on 2008-09-29

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Java\jre1.6.0_07\bin\jusched.exe

C:\Program\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program\NETGEAR\WPN111\wpn111.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program\MSN Messenger\usnsvc.exe

C:\Program\BitTornado\btdownloadgui.exe

C:\Program\BitTornado\btdownloadgui.exe

C:\Program\BitTornado\btdownloadgui.exe

C:\Program\BitTornado\btdownloadgui.exe

C:\Program\BitTornado\btdownloadgui.exe

C:\Program\BitTornado\btdownloadgui.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: (no name) - {000D88BF-9769-47BC-AAF6-1A8D96E21D36} - c:\windows\system32\ijbihwn.dll (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avgnt] "C:\Program\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100

O20 - Winlogon Notify: fucxaomf - ijbihwn.dll (file missing)

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 4746 bytes

[/log]

 

Link to comment
Share on other sites

Du har en Windows som är full av säkerhetshål eftersom du inte har installerat något service pack till XP, inte undra på om datorn är infekterad.

Installera Service Pack 1a:

http://www.microsoft.com/downloads/details.aspx?displaylang=sv&FamilyID=0136e5f8-1684-4202-b2d0-c6a43430f12a

Klistra sedan in en ny HijackThis-logg.

 

Link to comment
Share on other sites

Min produktnyckel är inte giltig verkar det som

 

Varför tror du att din produktnyckel är ogiltig ?

 

 

 

[inlägget ändrat 2008-09-30 13:52:49 av Brynäsarn]

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...