Vraag & Antwoord

Beveiliging & privacy

hijackthis log

2 antwoorden
  • nod32 virus warning: file: C:\WINDOWS\TEMP\VRT2A.tmp Treat: a variant of Win32/TrojanDownloader.Small.NUS trojan Comment: Event occurred on a file modified by the application: \??\C:\WINDOWS\system32\winlogon.exe. The file was moved to quarantine. You may close this window. In VRT2C.tmp is een fout opgetreden en moet worden afgesloten. Onze excuses voor dit ongemak. Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 16:11, on 2007-09-30 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Jan Staal\Bureaublad\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Hoofdmap E Jan\Programma's\Alcohol Soft\Alcohol 52\axcmd.exe" /automount O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\HOOFDM~1\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing) -- End of file - 4295 bytes
  • ComboFix 07-09-21.2 - "Jan Staal" 2007-09-30 16:26:31.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.307 [GMT 2:00] . (((((((((((((((((((( Bestanden Gemaakt van 2007-08-28 to 2007-09-30 )))))))))))))))))))))))))))))) . 2007-09-30 15:55 57,856 --a------ C:\WINDOWS\NirCmd.exe 2007-09-30 15:44 <DIR> d-------- C:\VundoFix Backups 2007-09-30 15:37 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys 2007-09-30 15:37 298,104 --a------ C:\WINDOWS\system32\imon.dll 2007-09-30 15:37 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys 2007-09-30 15:16 <DIR> dr-h----- C:\DOCUME~1\JANSTA~1\Onlangs geopend 2007-09-30 12:19 <DIR> d-------- C:\Program Files\MSXML 6.0 2007-09-30 12:12 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-09-30 12:12 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2007-09-30 11:37 186,256 --a------ C:\WINDOWS\system32\SymNPPWA.dll 2007-09-29 17:30 <DIR> d-------- C:\WINDOWS\system32\XPSViewer 2007-09-29 17:29 <DIR> d-------- C:\Program Files\Reference Assemblies 2007-09-29 17:27 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2007-09-29 17:06 <DIR> d-------- C:\Program Files\Teamspeak2_RC2 2007-09-29 17:06 <DIR> d-------- C:\DOCUME~1\JANSTA~1\APPLIC~1\teamspeak2 2007-09-29 17:05 <DIR> d-------- C:\WINDOWS\system32\URTTemp 2007-09-29 16:51 364,544 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2007-09-29 16:33 84,480 --a--c--- C:\WINDOWS\system32\dllcache\ac97via.sys 2007-09-29 16:33 84,480 --a------ C:\WINDOWS\system32\drivers\ac97via.sys 2007-09-29 16:00 <DIR> d-------- C:\Program Files\Norton 360 2007-09-29 15:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec 2007-09-29 15:57 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared 2007-09-29 15:55 <DIR> d-------- C:\Program Files\CCleaner 2007-09-29 15:53 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-09-29 15:47 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2007-09-29 15:40 <DIR> d-------- C:\Program Files\Wolfenstein - Enemy Territory 2007-09-29 14:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet 2007-09-29 13:54 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll 2007-09-29 13:54 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe 2007-09-29 13:54 <DIR> d-------- C:\Program Files\QuickTime 2007-09-29 13:52 <DIR> d-------- C:\Program Files\Bonjour 2007-09-29 13:50 740,442 --a------ C:\WINDOWS\system32\divx.dll 2007-09-29 13:50 73,728 --a------ C:\WINDOWS\system32\dpl100.dll 2007-09-29 13:50 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-09-29 13:50 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2007-09-29 13:50 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-09-29 13:50 282,624 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-09-29 13:50 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll 2007-09-29 13:50 163,840 --a------ C:\WINDOWS\system32\unrar.dll 2007-09-29 13:50 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-09-29 13:50 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2007-09-29 13:36 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared 2007-09-29 08:30 <DIR> d-------- C:\DOCUME~1\JANSTA~1\Contacts 2007-09-29 08:29 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2007-09-29 08:29 <DIR> d-------- C:\Program Files\MSN Messenger 2007-09-29 08:24 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2007-09-29 08:22 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2007-09-29 08:22 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2007-09-29 08:19 <DIR> d-------- C:\WINDOWS\system32\nl-nl 2007-09-29 07:49 <DIR> d-------- C:\Program Files\MSBuild 2007-09-29 07:49 <DIR> d-------- C:\Program Files\Microsoft Works 2007-09-29 07:42 <DIR> d-------- C:\WINDOWS\SHELLNEW 2007-09-29 07:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help 2007-09-28 18:40 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys 2007-09-28 18:40 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2007-09-28 18:40 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys 2007-09-28 18:40 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys 2007-09-28 18:40 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys 2007-09-28 18:40 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys 2007-09-28 18:40 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys 2007-09-28 18:40 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys 2007-09-28 18:39 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys 2007-09-28 18:39 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys 2007-09-28 18:39 57,856 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-09-28 18:39 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2007-09-28 18:39 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-09-28 18:39 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys 2007-09-28 18:38 76,288 --a------ C:\WINDOWS\system32\usbui.dll 2007-09-28 18:38 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2007-09-28 18:38 42,240 --a------ C:\WINDOWS\system32\drivers\VIAAGP.SYS 2007-09-28 18:38 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll 2007-09-28 18:38 4,096 --a------ C:\WINDOWS\system32\ksuser.dll 2007-09-28 18:38 334,208 --a------ C:\WINDOWS\system32\drivers\ds1wdm.sys 2007-09-28 18:38 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys 2007-09-28 18:38 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys 2007-09-28 18:38 1,897,408 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys 2007-09-28 18:36 <DIR> dr------- C:\DOCUME~1\DEFAUL~1\Menu Start 2007-09-28 18:36 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Menu Start 2007-09-28 18:36 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documenten 2007-09-28 18:36 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\Sjablonen 2007-09-28 18:36 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\Onlangs geopend 2007-09-28 18:36 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\Netwerkprinteromgeving 2007-09-28 18:36 <DIR> d--h----- C:\DOCUME~1\ALLUSE~1\Sjablonen 2007-09-28 18:36 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Mijn documenten 2007-09-28 18:36 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Favorieten 2007-09-28 18:36 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Bureaublad 2007-09-28 18:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Favorieten 2007-09-28 18:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Bureaublad 2007-09-28 18:35 <DIR> d-------- C:\WINDOWS\system32\CatRoot2 2007-09-28 18:35 <DIR> d-------- C:\WINDOWS\system32\CatRoot . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-29 00:19 --------- d-------- C:\Program Files\microsoft frontpage 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-20 00:57 267112 --a------ C:\WINDOWS\system32\xactengine2_9.dll 2007-07-20 00:54 18280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll 2007-07-19 18:14 444776 --a------ C:\WINDOWS\system32\d3dx10_35.dll 2007-07-19 18:14 3727720 --a------ C:\WINDOWS\system32\d3dx9_35.dll 2007-07-19 18:14 1358192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll 2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-20 20:46 266088 --a------ C:\WINDOWS\system32\xactengine2_8.dll 2007-06-19 15:33 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-13 15:24 1043456 --a------ C:\WINDOWS\explorer.exe . ((((((((((((((((((((((((((((( snapshot_2007-09-30_155931,01 ))))))))))))))))))))))))))))))))))))))))) . ----a-w 749,568 2006-10-30 01:33:58 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe ----a-w 131,072 2006-10-30 01:34:02 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe ----a-w 45,056 2006-10-20 19:21:24 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe ----a-w 263,168 2006-10-12 11:09:53 C:\WINDOWS\msagent\agentsvr.exe ----a-w 22,016 2004-08-03 23:03:28 C:\WINDOWS\system32\ctfmon.exe -c--a-w 114,176 2004-08-03 23:03:36 C:\WINDOWS\system32\dllcache\sysocmgr.exe -c--a-w 9,728 2001-09-07 12:00:00 C:\WINDOWS\system32\dllcache\systray.exe -c--a-w 10,752 2001-09-07 12:00:00 C:\WINDOWS\system32\dllcache\unlodctr.exe -c--a-w 324,608 2007-06-27 13:57:10 C:\WINDOWS\system32\dllcache\unregmp2.exe -c--a-w 125,440 2004-08-03 23:03:38 C:\WINDOWS\system32\dllcache\wbemtest.exe -c--a-w 72,704 2004-08-03 23:03:38 C:\WINDOWS\system32\dllcache\wextract.exe -c--a-w 443,392 2004-08-03 23:03:38 C:\WINDOWS\system32\dllcache\wiaacmgr.exe -c--a-w 70,656 2006-11-02 20:53:14 C:\WINDOWS\system32\dllcache\wmplayer.exe . ----a-w 741,376 2006-10-30 01:33:58 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe ----a-w 122,880 2006-10-30 01:34:02 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe ----a-w 36,864 2006-10-20 19:21:24 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe ----a-w 256,512 2006-10-12 11:09:53 C:\WINDOWS\msagent\agentsvr.exe ----a-w 15,360 2004-08-03 23:03:28 C:\WINDOWS\system32\ctfmon.exe -c--a-w 107,520 2004-08-03 23:03:36 C:\WINDOWS\system32\dllcache\sysocmgr.exe -c--a-w 3,072 2001-09-07 12:00:00 C:\WINDOWS\system32\dllcache\systray.exe -c--a-w 4,096 2001-09-07 12:00:00 C:\WINDOWS\system32\dllcache\unlodctr.exe -c--a-w 317,952 2007-06-27 13:57:10 C:\WINDOWS\system32\dllcache\unregmp2.exe -c--a-w 118,784 2004-08-03 23:03:38 C:\WINDOWS\system32\dllcache\wbemtest.exe -c--a-w 66,048 2004-08-03 23:03:38 C:\WINDOWS\system32\dllcache\wextract.exe -c--a-w 436,736 2004-08-03 23:03:38 C:\WINDOWS\system32\dllcache\wiaacmgr.exe -c--a-w 64,000 2006-11-02 20:53:14 C:\WINDOWS\system32\dllcache\wmplayer.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-09-30 15:36] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03] "AlcoholAutomount"="D:\Hoofdmap E Jan\Programma's\Alcohol Soft\Alcohol 52\axcmd.exe" [2007-07-02 12:22] . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-30 16:28:57 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwOpenFile scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-09-30 16:30:03 C:\ComboFix-quarantined-files.txt ... 2007-09-30 16:29 . --- E O F ---

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.