PDA

Volledige versie bekijken : [check]Hijack log



Mich
19 juli 2005, 13:40
Onlangs heb ik al een logje laten nakijken, maar nu is het voor een andere pc. Zelfde vraag: wat kan hier verwijderd worden? Dank bij voorbaat (+rep natuurlijk) :) .

Logfile of HijackThis v1.99.1
Scan saved at 13:37:54, on 19/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\VANMIN~1\LOCALS~1\Temp\Rar$EX00.671\Hi jackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe,reginit.exe -shell
O1 - Hosts: 127.87.9.211 www.mcafee.com
O1 - Hosts: 127.242.202.10 mcafee.com
O1 - Hosts: 127.71.133.112 us.mcafee.com
O1 - Hosts: 127.219.120.234 www.sophos.com
O1 - Hosts: 127.3.112.59 sophos.com
O1 - Hosts: 127.245.239.35 www.viruslist.com
O1 - Hosts: 127.61.238.207 viruslist.com
O1 - Hosts: 127.206.157.62 f-secure.com
O1 - Hosts: 127.63.9.0 www.f-secure.com
O1 - Hosts: 127.243.201.25 kaspersky.com
O1 - Hosts: 127.212.234.243 www.avp.com
O1 - Hosts: 127.105.239.153 www.kaspersky.com
O1 - Hosts: 127.61.254.58 avp.com
O1 - Hosts: 127.45.103.76 www.networkassociates.com
O1 - Hosts: 127.207.158.201 networkassociates.com
O1 - Hosts: 127.191.185.31 www.ca.com
O1 - Hosts: 127.252.222.221 ca.com
O1 - Hosts: 127.235.44.173 my-etrust.com
O1 - Hosts: 127.250.129.38 www.my-etrust.com
O1 - Hosts: 127.61.123.221 secure.nai.com
O1 - Hosts: 127.73.76.218 nai.com
O1 - Hosts: 127.237.168.196 www.nai.com
O1 - Hosts: 127.194.42.124 trendmicro.com
O1 - Hosts: 127.46.108.254 www.trendmicro.com
O1 - Hosts: 127.249.229.117 housecall.trendmicro.com
O1 - Hosts: 127.20.182.5 www.pandasoftware.com
O1 - Hosts: 127.19.90.218 www.bitdefender.com
O1 - Hosts: 127.146.50.47 www.ravantivirus.com
O1 - Hosts: 127.100.113.233 www3.ca.com
O1 - Hosts: 127.76.214.84 v4.windowsupdate.microsoft.com
O1 - Hosts: 127.113.73.41 v5.windowsupdate.microsoft.com
O1 - Hosts: 127.32.224.79 v5windowsupdate.microsoft.nsatc.net
O1 - Hosts: 127.37.77.57 windowsupdate.microsoft.com
O1 - Hosts: 127.160.81.235 www.mcafee.com
O1 - Hosts: 127.71.150.94 mcafee.com
O1 - Hosts: 127.242.37.24 us.mcafee.com
O1 - Hosts: 127.215.139.96 www.sophos.com
O1 - Hosts: 127.72.69.246 sophos.com
O1 - Hosts: 127.109.0.154 www.viruslist.com
O1 - Hosts: 127.25.177.62 viruslist.com
O1 - Hosts: 127.77.96.76 f-secure.com
O1 - Hosts: 127.78.199.122 www.f-secure.com
O1 - Hosts: 127.236.80.165 kaspersky.com
O1 - Hosts: 127.189.72.49 www.avp.com
O1 - Hosts: 127.178.230.224 www.kaspersky.com
O1 - Hosts: 127.96.24.31 avp.com
O1 - Hosts: 127.204.148.30 www.networkassociates.com
O1 - Hosts: 127.190.156.71 networkassociates.com
O1 - Hosts: 127.99.229.169 www.ca.com
O1 - Hosts: 127.67.199.195 ca.com
O1 - Hosts: 127.218.152.104 my-etrust.com
O1 - Hosts: 127.128.48.143 www.my-etrust.com
O1 - Hosts: 127.226.193.172 secure.nai.com
O1 - Hosts: 127.127.203.207 nai.com
O1 - Hosts: 127.126.244.160 www.nai.com
O1 - Hosts: 127.182.23.61 trendmicro.com
O1 - Hosts: 127.85.168.254 www.trendmicro.com
O1 - Hosts: 127.69.227.190 housecall.trendmicro.com
O1 - Hosts: 127.221.86.219 www.pandasoftware.com
O1 - Hosts: 127.112.244.85 www.bitdefender.com
O1 - Hosts: 127.69.253.164 www.ravantivirus.com
O1 - Hosts: 127.163.50.234 www3.ca.com
O1 - Hosts: 127.47.16.164 v4.windowsupdate.microsoft.com
O1 - Hosts: 127.99.46.155 v5.windowsupdate.microsoft.com
O1 - Hosts: 127.147.3.173 v5windowsupdate.microsoft.nsatc.net
O1 - Hosts: 127.235.21.153 windowsupdate.microsoft.com
O1 - Hosts: 127.201.26.212 www.symantec.com
O1 - Hosts: 127.82.240.42 securityresponse.symantec.com
O1 - Hosts: 127.33.192.188 symantec.com
O1 - Hosts: 127.247.89.35 www.mcafee.com
O1 - Hosts: 127.249.245.139 mcafee.com
O1 - Hosts: 127.230.104.24 us.mcafee.com
O1 - Hosts: 127.158.217.207 www.sophos.com
O1 - Hosts: 127.200.26.18 sophos.com
O1 - Hosts: 127.159.18.151 www.viruslist.com
O1 - Hosts: 127.194.77.237 viruslist.com
O1 - Hosts: 127.164.171.87 f-secure.com
O1 - Hosts: 127.232.101.71 www.f-secure.com
O1 - Hosts: 127.74.81.253 kaspersky.com
O1 - Hosts: 127.158.8.110 www.avp.com
O1 - Hosts: 127.217.144.92 www.kaspersky.com
O1 - Hosts: 127.16.117.192 avp.com
O1 - Hosts: 127.232.31.63 www.networkassociates.com
O1 - Hosts: 127.65.81.64 networkassociates.com
O1 - Hosts: 127.73.104.185 www.ca.com
O1 - Hosts: 127.104.13.73 ca.com
O1 - Hosts: 127.223.190.150 my-etrust.com
O1 - Hosts: 127.142.44.158 www.my-etrust.com
O1 - Hosts: 127.31.10.245 secure.nai.com
O1 - Hosts: 127.176.18.83 nai.com
O1 - Hosts: 127.110.212.112 www.nai.com
O1 - Hosts: 127.207.39.62 trendmicro.com
O1 - Hosts: 127.161.239.99 www.trendmicro.com
O1 - Hosts: 127.175.105.246 housecall.trendmicro.com
O1 - Hosts: 127.68.55.44 www.pandasoftware.com
O1 - Hosts: 127.64.209.128 www.bitdefender.com
O1 - Hosts: 127.113.28.124 www.ravantivirus.com
O1 - Hosts: 127.220.14.67 www3.ca.com
O1 - Hosts: 127.97.246.20 v4.windowsupdate.microsoft.com
O1 - Hosts: 127.223.125.216 v5.windowsupdate.microsoft.com
O1 - Hosts: 127.2.80.123 v5windowsupdate.microsoft.nsatc.net
O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Program Files\iMesh\iMesh5\iMeshBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\2.bin\IMESHBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\2.bin\IMESHBAR.DLL
O4 - HKLM\..\Run: [CheckStat16] reginit.exe -services
O4 - HKLM\..\Run: [wp_config] wpconfig.exe
O4 - HKLM\..\RunServices: [wp_config] wpconfig.exe
O4 - HKLM\..\RunServices: [CheckStat16] reginit.exe -services
O4 - HKLM\..\RunServices: [IPConfig] ipconfigs.exe
O4 - HKLM\..\RunOnce: [wp_config] wpconfig.exe
O4 - HKCU\..\Run: [CheckStat16] reginit.exe -drivers
O4 - HKCU\..\Run: [wp_config] wpconfig.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\RunOnce: [wp_config] wpconfig.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

st3ph3n
19 juli 2005, 16:34
Te fixen:
R3 - Default URLSearchHook is missing
F2 - REGystem.ini: Shell=Explorer.exe,reginit.exe -shell
O1 - Hosts: 127.87.9.211 www.mcafee.com
O1 - Hosts: 127.242.202.10 mcafee.com
O1 - Hosts: 127.71.133.112 us.mcafee.com
O1 - Hosts: 127.219.120.234 www.sophos.com
O1 - Hosts: 127.3.112.59 sophos.com
O1 - Hosts: 127.245.239.35 www.viruslist.com
O1 - Hosts: 127.61.238.207 viruslist.com
O1 - Hosts: 127.206.157.62 f-secure.com
O1 - Hosts: 127.63.9.0 www.f-secure.com
O1 - Hosts: 127.243.201.25 kaspersky.com
O1 - Hosts: 127.212.234.243 www.avp.com
O1 - Hosts: 127.105.239.153 www.kaspersky.com
O1 - Hosts: 127.61.254.58 avp.com
O1 - Hosts: 127.45.103.76 www.networkassociates.com
O1 - Hosts: 127.207.158.201 networkassociates.com
O1 - Hosts: 127.191.185.31 www.ca.com
O1 - Hosts: 127.252.222.221 ca.com
O1 - Hosts: 127.235.44.173 my-etrust.com
O1 - Hosts: 127.250.129.38 www.my-etrust.com
O1 - Hosts: 127.61.123.221 secure.nai.com
O1 - Hosts: 127.73.76.218 nai.com
O1 - Hosts: 127.237.168.196 www.nai.com
O1 - Hosts: 127.194.42.124 trendmicro.com
O1 - Hosts: 127.46.108.254 www.trendmicro.com
O1 - Hosts: 127.249.229.117 housecall.trendmicro.com
O1 - Hosts: 127.20.182.5 www.pandasoftware.com
O1 - Hosts: 127.19.90.218 www.bitdefender.com
O1 - Hosts: 127.146.50.47 www.ravantivirus.com
O1 - Hosts: 127.100.113.233 www3.ca.com
O1 - Hosts: 127.76.214.84 v4.windowsupdate.microsoft.com
O1 - Hosts: 127.113.73.41 v5.windowsupdate.microsoft.com
O1 - Hosts: 127.32.224.79 v5windowsupdate.microsoft.nsatc.net
O1 - Hosts: 127.37.77.57 windowsupdate.microsoft.com
O1 - Hosts: 127.160.81.235 www.mcafee.com
O1 - Hosts: 127.71.150.94 mcafee.com
O1 - Hosts: 127.242.37.24 us.mcafee.com
O1 - Hosts: 127.215.139.96 www.sophos.com
O1 - Hosts: 127.72.69.246 sophos.com
O1 - Hosts: 127.109.0.154 www.viruslist.com
O1 - Hosts: 127.25.177.62 viruslist.com
O1 - Hosts: 127.77.96.76 f-secure.com
O1 - Hosts: 127.78.199.122 www.f-secure.com
O1 - Hosts: 127.236.80.165 kaspersky.com
O1 - Hosts: 127.189.72.49 www.avp.com
O1 - Hosts: 127.178.230.224 www.kaspersky.com
O1 - Hosts: 127.96.24.31 avp.com
O1 - Hosts: 127.204.148.30 www.networkassociates.com
O1 - Hosts: 127.190.156.71 networkassociates.com
O1 - Hosts: 127.99.229.169 www.ca.com
O1 - Hosts: 127.67.199.195 ca.com
O1 - Hosts: 127.218.152.104 my-etrust.com
O1 - Hosts: 127.128.48.143 www.my-etrust.com
O1 - Hosts: 127.226.193.172 secure.nai.com
O1 - Hosts: 127.127.203.207 nai.com
O1 - Hosts: 127.126.244.160 www.nai.com
O1 - Hosts: 127.182.23.61 trendmicro.com
O1 - Hosts: 127.85.168.254 www.trendmicro.com
O1 - Hosts: 127.69.227.190 housecall.trendmicro.com
O1 - Hosts: 127.221.86.219 www.pandasoftware.com
O1 - Hosts: 127.112.244.85 www.bitdefender.com
O1 - Hosts: 127.69.253.164 www.ravantivirus.com
O1 - Hosts: 127.163.50.234 www3.ca.com
O1 - Hosts: 127.47.16.164 v4.windowsupdate.microsoft.com
O1 - Hosts: 127.99.46.155 v5.windowsupdate.microsoft.com
O1 - Hosts: 127.147.3.173 v5windowsupdate.microsoft.nsatc.net
O1 - Hosts: 127.235.21.153 windowsupdate.microsoft.com
O1 - Hosts: 127.201.26.212 www.symantec.com
O1 - Hosts: 127.82.240.42 securityresponse.symantec.com
O1 - Hosts: 127.33.192.188 symantec.com
O1 - Hosts: 127.247.89.35 www.mcafee.com
O1 - Hosts: 127.249.245.139 mcafee.com
O1 - Hosts: 127.230.104.24 us.mcafee.com
O1 - Hosts: 127.158.217.207 www.sophos.com
O1 - Hosts: 127.200.26.18 sophos.com
O1 - Hosts: 127.159.18.151 www.viruslist.com
O1 - Hosts: 127.194.77.237 viruslist.com
O1 - Hosts: 127.164.171.87 f-secure.com
O1 - Hosts: 127.232.101.71 www.f-secure.com
O1 - Hosts: 127.74.81.253 kaspersky.com
O1 - Hosts: 127.158.8.110 www.avp.com
O1 - Hosts: 127.217.144.92 www.kaspersky.com
O1 - Hosts: 127.16.117.192 avp.com
O1 - Hosts: 127.232.31.63 www.networkassociates.com
O1 - Hosts: 127.65.81.64 networkassociates.com
O1 - Hosts: 127.73.104.185 www.ca.com
O1 - Hosts: 127.104.13.73 ca.com
O1 - Hosts: 127.223.190.150 my-etrust.com
O1 - Hosts: 127.142.44.158 www.my-etrust.com
O1 - Hosts: 127.31.10.245 secure.nai.com
O1 - Hosts: 127.176.18.83 nai.com
O1 - Hosts: 127.110.212.112 www.nai.com
O1 - Hosts: 127.207.39.62 trendmicro.com
O1 - Hosts: 127.161.239.99 www.trendmicro.com
O1 - Hosts: 127.175.105.246 housecall.trendmicro.com
O1 - Hosts: 127.68.55.44 www.pandasoftware.com
O1 - Hosts: 127.64.209.128 www.bitdefender.com
O1 - Hosts: 127.113.28.124 www.ravantivirus.com
O1 - Hosts: 127.220.14.67 www3.ca.com
O1 - Hosts: 127.97.246.20 v4.windowsupdate.microsoft.com
O1 - Hosts: 127.223.125.216 v5.windowsupdate.microsoft.com
O1 - Hosts: 127.2.80.123 v5windowsupdate.microsoft.nsatc.net
O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Program Files\iMesh\iMesh5\iMeshBHO.dll
O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\2.bin\IMESHBAR.DLL
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\2.bin\IMESHBAR.DLL
O4 - HKLM\..\Run: [CheckStat16] reginit.exe -services
O4 - HKLM\..\Run: [wp_config] wpconfig.exe
O4 - HKLM\..\RunServices: [wp_config] wpconfig.exe
O4 - HKLM\..\RunServices: [CheckStat16] reginit.exe -services
O4 - HKLM\..\RunServices: [IPConfig] ipconfigs.exe
O4 - HKLM\..\RunOnce: [wp_config] wpconfig.exe
O4 - HKCU\..\Run: [CheckStat16] reginit.exe -drivers
O4 - HKCU\..\Run: [wp_config] wpconfig.exe
O4 - HKCU\..\RunOnce: [wp_config] wpconfig.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net

Voor de zekerheid fixen in Veilige Modus.

Steven

Mich
19 juli 2005, 16:50
k, bedankt st3ph3n :) .