Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

hijackthis log

pimvandenderen
2 antwoorden
  • nod32 virus warning:

    file:
    C:\WINDOWS\TEMP\VRT2A.tmp

    Treat:
    a variant of Win32/TrojanDownloader.Small.NUS trojan

    Comment:
    Event occurred on a file modified by the application: \??\C:\WINDOWS\system32\winlogon.exe. The file was moved to quarantine. You may close this window.

    In VRT2C.tmp is een fout opgetreden en moet worden afgesloten. Onze excuses voor dit ongemak.

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 16:11, on 2007-09-30
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Eset
    od32kui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Eset
    od32krn.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Jan Staal\Bureaublad\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
    od32kui.exe" /WAITSERVICE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Hoofdmap E Jan\Programma's\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\HOOFDM~1\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)


    End of file - 4295 bytes
  • ComboFix 07-09-21.2 - "Jan Staal" 2007-09-30 16:26:31.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.307 [GMT 2:00]
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2007-08-28 to 2007-09-30 ))))))))))))))))))))))))))))))
    .

    2007-09-30 15:55 57,856 –a—— C:\WINDOWS\NirCmd.exe
    2007-09-30 15:44 <DIR> d——– C:\VundoFix Backups
    2007-09-30 15:37 512,096 –a—— C:\WINDOWS\system32\drivers\amon.sys
    2007-09-30 15:37 298,104 –a—— C:\WINDOWS\system32\imon.dll
    2007-09-30 15:37 15,424 –a—— C:\WINDOWS\system32\drivers
    od32drv.sys
    2007-09-30 15:16 <DIR> dr-h—– C:\DOCUME~1\JANSTA~1\Onlangs geopend
    2007-09-30 12:19 <DIR> d——– C:\Program Files\MSXML 6.0
    2007-09-30 12:12 22,328 –a—— C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2007-09-30 12:12 103,736 –a—— C:\WINDOWS\system32\PnkBstrB.exe
    2007-09-30 11:37 186,256 –a—— C:\WINDOWS\system32\SymNPPWA.dll
    2007-09-29 17:30 <DIR> d——– C:\WINDOWS\system32\XPSViewer
    2007-09-29 17:29 <DIR> d——– C:\Program Files\Reference Assemblies
    2007-09-29 17:27 14,048 ——— C:\WINDOWS\system32\spmsg2.dll
    2007-09-29 17:06 <DIR> d——– C:\Program Files\Teamspeak2_RC2
    2007-09-29 17:06 <DIR> d——– C:\DOCUME~1\JANSTA~1\APPLIC~1\teamspeak2
    2007-09-29 17:05 <DIR> d——– C:\WINDOWS\system32\URTTemp
    2007-09-29 16:51 364,544 –a—— C:\WINDOWS\system32\NVUNINST.EXE
    2007-09-29 16:33 84,480 –a–c— C:\WINDOWS\system32\dllcache\ac97via.sys
    2007-09-29 16:33 84,480 –a—— C:\WINDOWS\system32\drivers\ac97via.sys
    2007-09-29 16:00 <DIR> d——– C:\Program Files\Norton 360
    2007-09-29 15:58 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
    2007-09-29 15:57 <DIR> d——– C:\Program Files\Common Files\Symantec Shared
    2007-09-29 15:55 <DIR> d——– C:\Program Files\CCleaner
    2007-09-29 15:53 685,816 –a—— C:\WINDOWS\system32\drivers\sptd.sys
    2007-09-29 15:47 2,297,552 –a—— C:\WINDOWS\system32\d3dx9_26.dll
    2007-09-29 15:40 <DIR> d——– C:\Program Files\Wolfenstein - Enemy Territory
    2007-09-29 14:01 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
    2007-09-29 13:54 2,463,976 –a—— C:\WINDOWS\system32\NPSWF32.dll
    2007-09-29 13:54 190,696 –a—— C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
    2007-09-29 13:54 <DIR> d——– C:\Program Files\QuickTime
    2007-09-29 13:52 <DIR> d——– C:\Program Files\Bonjour
    2007-09-29 13:50 740,442 –a—— C:\WINDOWS\system32\divx.dll
    2007-09-29 13:50 73,728 –a—— C:\WINDOWS\system32\dpl100.dll
    2007-09-29 13:50 7,680 –a—— C:\WINDOWS\system32\ff_vfw.dll
    2007-09-29 13:50 348,160 –a—— C:\WINDOWS\system32\msvcr71.dll
    2007-09-29 13:50 3,596,288 –a—— C:\WINDOWS\system32\qt-dx331.dll
    2007-09-29 13:50 282,624 –a—— C:\WINDOWS\system32\xvidvfw.dll
    2007-09-29 13:50 217,088 –a—— C:\WINDOWS\system32\yv12vfw.dll
    2007-09-29 13:50 163,840 –a—— C:\WINDOWS\system32\unrar.dll
    2007-09-29 13:50 1,559,040 –a—— C:\WINDOWS\system32\xvidcore.dll
    2007-09-29 13:50 <DIR> d——– C:\Program Files\K-Lite Codec Pack
    2007-09-29 13:36 <DIR> d——– C:\Program Files\Common Files\Macrovision Shared
    2007-09-29 08:30 <DIR> d——– C:\DOCUME~1\JANSTA~1\Contacts
    2007-09-29 08:29 <DIR> d—-c— C:\WINDOWS\system32\DRVSTORE
    2007-09-29 08:29 <DIR> d——– C:\Program Files\MSN Messenger
    2007-09-29 08:24 <DIR> d——– C:\Program Files\Windows Media Connect 2
    2007-09-29 08:22 <DIR> d——– C:\WINDOWS\system32\LogFiles
    2007-09-29 08:22 <DIR> d——– C:\WINDOWS\system32\drivers\UMDF
    2007-09-29 08:19 <DIR> d——– C:\WINDOWS\system32
    l-nl
    2007-09-29 07:49 <DIR> d——– C:\Program Files\MSBuild
    2007-09-29 07:49 <DIR> d——– C:\Program Files\Microsoft Works
    2007-09-29 07:42 <DIR> d——– C:\WINDOWS\SHELLNEW
    2007-09-29 07:41 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
    2007-09-28 18:40 82,944 –a—— C:\WINDOWS\system32\drivers\wdmaud.sys
    2007-09-28 18:40 6,400 –a—— C:\WINDOWS\system32\drivers\splitter.sys
    2007-09-28 18:40 54,272 –a—— C:\WINDOWS\system32\drivers\swmidi.sys
    2007-09-28 18:40 52,864 –a—— C:\WINDOWS\system32\drivers\DMusic.sys
    2007-09-28 18:40 4,992 –a—— C:\WINDOWS\system32\drivers\MSPQM.sys
    2007-09-28 18:40 2,944 –a—— C:\WINDOWS\system32\drivers\drmkaud.sys
    2007-09-28 18:40 172,416 –a—— C:\WINDOWS\system32\drivers\kmixer.sys
    2007-09-28 18:40 142,464 –a—— C:\WINDOWS\system32\drivers\aec.sys
    2007-09-28 18:39 7,552 –a—— C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2007-09-28 18:39 60,800 –a—— C:\WINDOWS\system32\drivers\sysaudio.sys
    2007-09-28 18:39 57,856 –a—— C:\WINDOWS\system32\drivers\redbook.sys
    2007-09-28 18:39 5,376 –a—— C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2007-09-28 18:39 3,072 –a—— C:\WINDOWS\system32\drivers\audstub.sys
    2007-09-28 18:39 10,624 –a—— C:\WINDOWS\system32\drivers\gameenum.sys
    2007-09-28 18:38 76,288 –a—— C:\WINDOWS\system32\usbui.dll
    2007-09-28 18:38 60,288 –a—— C:\WINDOWS\system32\drivers\drmk.sys
    2007-09-28 18:38 42,240 –a—— C:\WINDOWS\system32\drivers\VIAAGP.SYS
    2007-09-28 18:38 4,274,816 –a—— C:\WINDOWS\system32
    v4_disp.dll
    2007-09-28 18:38 4,096 –a—— C:\WINDOWS\system32\ksuser.dll
    2007-09-28 18:38 334,208 –a—— C:\WINDOWS\system32\drivers\ds1wdm.sys
    2007-09-28 18:38 20,992 –a—— C:\WINDOWS\system32\drivers\RTL8139.sys
    2007-09-28 18:38 145,792 –a—— C:\WINDOWS\system32\drivers\portcls.sys
    2007-09-28 18:38 1,897,408 –a—— C:\WINDOWS\system32\drivers
    v4_mini.sys
    2007-09-28 18:36 <DIR> dr——- C:\DOCUME~1\DEFAUL~1\Menu Start
    2007-09-28 18:36 <DIR> dr——- C:\DOCUME~1\ALLUSE~1\Menu Start
    2007-09-28 18:36 <DIR> dr——- C:\DOCUME~1\ALLUSE~1\Documenten
    2007-09-28 18:36 <DIR> d–h—– C:\DOCUME~1\DEFAUL~1\Sjablonen
    2007-09-28 18:36 <DIR> d–h—– C:\DOCUME~1\DEFAUL~1\Onlangs geopend
    2007-09-28 18:36 <DIR> d–h—– C:\DOCUME~1\DEFAUL~1\Netwerkprinteromgeving
    2007-09-28 18:36 <DIR> d–h—– C:\DOCUME~1\ALLUSE~1\Sjablonen
    2007-09-28 18:36 <DIR> d——– C:\DOCUME~1\DEFAUL~1\Mijn documenten
    2007-09-28 18:36 <DIR> d——– C:\DOCUME~1\DEFAUL~1\Favorieten
    2007-09-28 18:36 <DIR> d——– C:\DOCUME~1\DEFAUL~1\Bureaublad
    2007-09-28 18:36 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Favorieten
    2007-09-28 18:36 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Bureaublad
    2007-09-28 18:35 <DIR> d——– C:\WINDOWS\system32\CatRoot2
    2007-09-28 18:35 <DIR> d——– C:\WINDOWS\system32\CatRoot

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-09-29 00:19 ——— d——– C:\Program Files\microsoft frontpage
    2007-07-30 19:19 92504 –a—— C:\WINDOWS\system32\cdm.dll
    2007-07-30 19:19 549720 –a—— C:\WINDOWS\system32\wuapi.dll
    2007-07-30 19:19 53080 –a—— C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 19:19 43352 –a—— C:\WINDOWS\system32\wups2.dll
    2007-07-30 19:19 325976 –a—— C:\WINDOWS\system32\wucltui.dll
    2007-07-30 19:19 203096 –a—— C:\WINDOWS\system32\wuweb.dll
    2007-07-30 19:19 1712984 –a—— C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 19:18 33624 –a—— C:\WINDOWS\system32\wups.dll
    2007-07-20 00:57 267112 –a—— C:\WINDOWS\system32\xactengine2_9.dll
    2007-07-20 00:54 18280 –a—— C:\WINDOWS\system32\x3daudio1_2.dll
    2007-07-19 18:14 444776 –a—— C:\WINDOWS\system32\d3dx10_35.dll
    2007-07-19 18:14 3727720 –a—— C:\WINDOWS\system32\d3dx9_35.dll
    2007-07-19 18:14 1358192 –a—— C:\WINDOWS\system32\D3DCompiler_35.dll
    2007-06-26 08:10 1104896 –a—— C:\WINDOWS\system32\msxml3.dll
    2007-06-20 20:46 266088 –a—— C:\WINDOWS\system32\xactengine2_8.dll
    2007-06-19 15:33 282112 –a—— C:\WINDOWS\system32\gdi32.dll
    2007-06-13 15:24 1043456 –a—— C:\WINDOWS\explorer.exe
    .

    ((((((((((((((((((((((((((((( snapshot_2007-09-30_155931,01 )))))))))))))))))))))))))))))))))))))))))
    .
    —-a-w 749,568 2006-10-30 01:33:58 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    —-a-w 131,072 2006-10-30 01:34:02 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    —-a-w 45,056 2006-10-20 19:21:24 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    —-a-w 263,168 2006-10-12 11:09:53 C:\WINDOWS\msagent\agentsvr.exe
    —-a-w 22,016 2004-08-03 23:03:28 C:\WINDOWS\system32\ctfmon.exe
    -c–a-w 114,176 2004-08-03 23:03:36 C:\WINDOWS\system32\dllcache\sysocmgr.exe
    -c–a-w 9,728 2001-09-07 12:00:00 C:\WINDOWS\system32\dllcache\systray.exe
    -c–a-w 10,752 2001-09-07 12:00:00 C:\WINDOWS\system32\dllcache\unlodctr.exe
    -c–a-w 324,608 2007-06-27 13:57:10 C:\WINDOWS\system32\dllcache\unregmp2.exe
    -c–a-w 125,440 2004-08-03 23:03:38 C:\WINDOWS\system32\dllcache\wbemtest.exe
    -c–a-w 72,704 2004-08-03 23:03:38 C:\WINDOWS\system32\dllcache\wextract.exe
    -c–a-w 443,392 2004-08-03 23:03:38 C:\WINDOWS\system32\dllcache\wiaacmgr.exe
    -c–a-w 70,656 2006-11-02 20:53:14 C:\WINDOWS\system32\dllcache\wmplayer.exe
    .
    —-a-w 741,376 2006-10-30 01:33:58 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    —-a-w 122,880 2006-10-30 01:34:02 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    —-a-w 36,864 2006-10-20 19:21:24 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    —-a-w 256,512 2006-10-12 11:09:53 C:\WINDOWS\msagent\agentsvr.exe
    —-a-w 15,360 2004-08-03 23:03:28 C:\WINDOWS\system32\ctfmon.exe
    -c–a-w 107,520 2004-08-03 23:03:36 C:\WINDOWS\system32\dllcache\sysocmgr.exe
    -c–a-w 3,072 2001-09-07 12:00:00 C:\WINDOWS\system32\dllcache\systray.exe
    -c–a-w 4,096 2001-09-07 12:00:00 C:\WINDOWS\system32\dllcache\unlodctr.exe
    -c–a-w 317,952 2007-06-27 13:57:10 C:\WINDOWS\system32\dllcache\unregmp2.exe
    -c–a-w 118,784 2004-08-03 23:03:38 C:\WINDOWS\system32\dllcache\wbemtest.exe
    -c–a-w 66,048 2004-08-03 23:03:38 C:\WINDOWS\system32\dllcache\wextract.exe
    -c–a-w 436,736 2004-08-03 23:03:38 C:\WINDOWS\system32\dllcache\wiaacmgr.exe
    -c–a-w 64,000 2006-11-02 20:53:14 C:\WINDOWS\system32\dllcache\wmplayer.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "nod32kui"="C:\Program Files\Eset
    od32kui.exe" [2007-09-30 15:36]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03]
    "AlcoholAutomount"="D:\Hoofdmap E Jan\Programma's\Alcohol Soft\Alcohol 52\axcmd.exe" [2007-07-02 12:22]


    .
    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-09-30 16:28:57
    Windows 5.1.2600 Service Pack 2 NTFS

    detected NTDLL code modification:
    ZwOpenFile

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-09-30 16:30:03
    C:\ComboFix-quarantined-files.txt … 2007-09-30 16:29
    .
    — E O F —

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.