Just nu i M3-nätverket
Jump to content

HijackThis, vad kan bort?


wilhelmberg

Recommended Posts

wilhelmberg

 

Logfile of HijackThis v1.97.7

Scan saved at 18:36:07, on 2004-06-10

Platform: Windows 2000 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\Explorer.exe

C:\WINNT\System32\nesnbx.exe

C:\WINNT\System32\internat.exe

C:\Documents and Settings\Administrator\Application Data\socu.exe

C:\WINNT\System32\wtstr.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\winnt\msbb.exe

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login1.telia.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINNT\twaintec.dll

O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINNT\2_0_1browserhelper2.dll

O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINNT\Downloaded Program Files\bridge.dll

O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\Program Files\Bargain Buddy\bin2\apuc.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\Downloaded Program Files\bridge.dll",Load

O4 - HKLM\..\Run: [frvofe] C:\WINNT\System32\nesnbx.exe

O4 - HKLM\..\Run: [ifmtwhyb] C:\WINNT\ifmtwhyb.exe

O4 - HKLM\..\Run: [alchem] C:\WINNT\alchem.exe

O4 - HKLM\..\Run: [msbb] c:\winnt\msbb.exe

O4 - HKCU\..\Run: [internat.exe] internat.exe

O4 - HKCU\..\Run: [shsh] C:\Documents and Settings\Administrator\Application Data\socu.exe

O4 - HKCU\..\Run: [WAPI] C:\WINNT\System32\wtstr.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flingstone.com/cab/2000XP/CDTInc/bridge.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 

 

 

Link to comment
Share on other sites

Hej.

 

Följande hittar jag ingen information om

[FET]

C:\WINNT\System32\nesnbx.exe

 

C:\Documents and Settings\Administrator\Application Data\socu.exe

 

O4 - HKLM\..\Run: [frvofe] C:\WINNT\System32\nesnbx.exe

 

O4 - HKLM\..\Run: [ifmtwhyb] C:\WINNT\ifmtwhyb.exe

 

O4 - HKCU\..\Run: [shsh] C:\Documents and Settings\Administrator\Application Data\socu.exe

 

[/FET]

 

Detta kan du ta bort

[FET]

C:\WINNT\System32\wtstr.exe

 

C:\winnt\msbb.exe

 

O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINNT\2_0_1browserhelper2.dll

 

O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINNT\Downloaded Program Files\bridge.dll

 

O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\Program Files\Bargain Buddy\bin2\apuc.dll

 

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\Downloaded Program Files\bridge.dll",Load

 

O4 - HKLM\..\Run: [alchem] C:\WINNT\alchem.exe

 

O4 - HKLM\..\Run: [msbb] c:\winnt\msbb.exe

 

O4 - HKCU\..\Run: [WAPI] C:\WINNT\System32\wtstr.exe

 

O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flingstone.com/cab/2000XP/CDTInc/bridge.cab

[/FET]

 

De översta objekten hittar jag som sagt ingen info om, men det verkar bäst att ta bort även dessa.

Hur du gör är dock upp till dig.

 

Om du är osäker så kan du döpa om filerna tills vidare, tex till

orginalnamn_old.exe

 

Om du inte märker något problem på ett par dagar kan du ta bort dom, annars ändrar du tillbaks namnet.

 

När du har tagit bort det som skall bort rekommenderar jag en onlinescanning på tex Trend Micro:

http://housecall.trendmicro.com/housecall/start_corp.asp

 

-----------------------------------------------------------------

 

Mail: Mij@idgmail.se

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...