wilhelmberg Posted June 10, 2004 Share Posted June 10, 2004 Logfile of HijackThis v1.97.7 Scan saved at 18:36:07, on 2004-06-10 Platform: Windows 2000 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\Explorer.exe C:\WINNT\System32\nesnbx.exe C:\WINNT\System32\internat.exe C:\Documents and Settings\Administrator\Application Data\socu.exe C:\WINNT\System32\wtstr.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\winnt\msbb.exe C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login1.telia.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINNT\twaintec.dll O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINNT\2_0_1browserhelper2.dll O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINNT\Downloaded Program Files\bridge.dll O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\Program Files\Bargain Buddy\bin2\apuc.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\Downloaded Program Files\bridge.dll",Load O4 - HKLM\..\Run: [frvofe] C:\WINNT\System32\nesnbx.exe O4 - HKLM\..\Run: [ifmtwhyb] C:\WINNT\ifmtwhyb.exe O4 - HKLM\..\Run: [alchem] C:\WINNT\alchem.exe O4 - HKLM\..\Run: [msbb] c:\winnt\msbb.exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [shsh] C:\Documents and Settings\Administrator\Application Data\socu.exe O4 - HKCU\..\Run: [WAPI] C:\WINNT\System32\wtstr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flingstone.com/cab/2000XP/CDTInc/bridge.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Link to comment Share on other sites More sharing options...
Mij Posted June 10, 2004 Share Posted June 10, 2004 Hej. Följande hittar jag ingen information om [FET] C:\WINNT\System32\nesnbx.exe C:\Documents and Settings\Administrator\Application Data\socu.exe O4 - HKLM\..\Run: [frvofe] C:\WINNT\System32\nesnbx.exe O4 - HKLM\..\Run: [ifmtwhyb] C:\WINNT\ifmtwhyb.exe O4 - HKCU\..\Run: [shsh] C:\Documents and Settings\Administrator\Application Data\socu.exe [/FET] Detta kan du ta bort [FET] C:\WINNT\System32\wtstr.exe C:\winnt\msbb.exe O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINNT\2_0_1browserhelper2.dll O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINNT\Downloaded Program Files\bridge.dll O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\Program Files\Bargain Buddy\bin2\apuc.dll O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\Downloaded Program Files\bridge.dll",Load O4 - HKLM\..\Run: [alchem] C:\WINNT\alchem.exe O4 - HKLM\..\Run: [msbb] c:\winnt\msbb.exe O4 - HKCU\..\Run: [WAPI] C:\WINNT\System32\wtstr.exe O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flingstone.com/cab/2000XP/CDTInc/bridge.cab [/FET] De översta objekten hittar jag som sagt ingen info om, men det verkar bäst att ta bort även dessa. Hur du gör är dock upp till dig. Om du är osäker så kan du döpa om filerna tills vidare, tex till orginalnamn_old.exe Om du inte märker något problem på ett par dagar kan du ta bort dom, annars ändrar du tillbaks namnet. När du har tagit bort det som skall bort rekommenderar jag en onlinescanning på tex Trend Micro: http://housecall.trendmicro.com/housecall/start_corp.asp ----------------------------------------------------------------- Mail: Mij@idgmail.se Link to comment Share on other sites More sharing options...
wilhelmberg Posted June 10, 2004 Author Share Posted June 10, 2004 Tack så mycket för hjälpen !! Link to comment Share on other sites More sharing options...
.thumb.png.71a73be41d8bf63826729db87e16f1ce.png)
Recommended Posts
Archived
This topic is now archived and is closed to further replies.