weeral backdoor trojan

[slijkdabberke]

wil je deze eens nakijken mijn av gaf melding van een backdoor trojan
maar weet de naam nietmeer
alvast bedankt

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14:53:56, on 15/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\a2\a-squared Free\a2service.exe
D:\adaware\aawservice.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\ATKKBService.exe
D:\AVG Anti-Spyware 7.5\guard.exe
D:\kaspersky\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
D:\acronis\TrueImageMonitor.exe
D:\acronis\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
D:\kaspersky\avp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
E:\vorige schijf\back up\hijackthis\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\acronis\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\acronis\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [kis] "D:\kaspersky\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\abdobe\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ccleaner] "D:\ccleaner\ccleaner.exe" /AUTO
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Voeg toe aan de Kaspersky Anti-Banner - D:\kaspersky\\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\kaspersky\scieplugin.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - AppInit_DLLs: D:\KASPER~1\adialhk.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\a2\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\adaware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - D:\kaspersky\avp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6214 bytes

[jurgenv]

Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Plaats het op je bureaublad.
Dubbelklik er op om het programma te starten.
In het scherm dat verschijnt tik je een Y in om het cleaningsprocess te starten.
Volg de instructies op het scherm.
Als het tooltje klaar is, opent er een logfile (combofix.txt) Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

[slijkdabberke]

oke bedankt jurgenv voor de snelle reactie
hier de gevraagde logje's

ComboFix 07-08-14.4 - "Kris" 2007-08-16 20:34:59.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.1588 [GMT 2:00]


((((((((((((((((((((((((( Files Created from 2007-07-16 to 2007-08-16 )))))))))))))))))))))))))))))))


2007-08-16 20:34 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-16 20:11 <DIR> dr-h----- C:\DOCUME~1\Kris\Onlangs geopend
2007-08-16 10:04 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-08-14 22:14 <DIR> d-------- C:\Program Files\DivX
2007-08-03 20:33 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-03 20:32 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-03 20:30 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-08-02 23:18 <DIR> d-------- C:\WINDOWS\pss
2007-08-02 22:03 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-07-31 17:51 <DIR> d----c--- C:\DOCUME~1\britt\APPLIC~1\WinRAR
2007-07-29 13:38 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
2007-07-29 13:38 <DIR> d-------- C:\Program Files\Media Player Classic
2007-07-29 13:38 <DIR> d-------- C:\DOCUME~1\Kris\APPLIC~1\Real
2007-07-29 13:38 <DIR> d-------- C:\DOCUME~1\Kris\APPLIC~1\Media Player Classic
2007-07-27 12:58 <DIR> d----c--- C:\DOCUME~1\britt\Incomplete
2007-07-27 12:58 <DIR> d----c--- C:\DOCUME~1\britt\APPLIC~1\LimeWire
2007-07-27 01:06 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-27 01:06 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-24 20:04 <DIR> d----c--- C:\DOCUME~1\jill\Incomplete
2007-07-24 20:04 <DIR> d----c--- C:\DOCUME~1\jill\APPLIC~1\LimeWire
2007-07-22 20:40 <DIR> d----c--- C:\DOCUME~1\jill\APPLIC~1\WinRAR
2007-07-20 21:08 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bitstream Font Navigator
2007-07-20 00:05 <DIR> d-------- C:\DOCUME~1\Kris\APPLIC~1\Corel
2007-07-20 00:04 <DIR> d-------- C:\WINDOWS\Corel
2007-07-16 21:48 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-16 18:55 <DIR> d----c--- C:\DOCUME~1\britt\Contacts
2007-07-16 18:52 1,572,864 --ah----- C:\DOCUME~1\britt\NTUSER.DAT
2007-07-16 18:52 <DIR> dr-h-c--- C:\DOCUME~1\britt\Onlangs geopend
2007-07-16 18:52 <DIR> dr---c--- C:\DOCUME~1\britt\Mijn documenten
2007-07-16 18:52 <DIR> dr---c--- C:\DOCUME~1\britt\Menu Start
2007-07-16 18:52 <DIR> dr---c--- C:\DOCUME~1\britt\Favorieten
2007-07-16 18:52 <DIR> d--h-c--- C:\DOCUME~1\britt\Sjablonen
2007-07-16 18:52 <DIR> d--h-c--- C:\DOCUME~1\britt\Netwerkprinteromgeving
2007-07-16 18:52 <DIR> d----c--- C:\DOCUME~1\britt\Bureaublad
2007-07-16 11:07 <DIR> d----c--- C:\DOCUME~1\jill\Contacts


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

2007-08-16 20:35 26184736 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-08-16 20:34 744736 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-08-16 18:21 371372 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-08-16 18:21 363764 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-08-14 20:18 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-14 20:18 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-10 13:37 --------- d-------- C:\DOCUME~1\Kris\APPLIC~1\LimeWire
2007-07-20 00:04 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-19 08:59 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-18 20:08 1080 --a------ C:\WINDOWS\AUTOLNCH.REG
2007-07-15 23:06 --------- d-------- C:\DOCUME~1\Kris\APPLIC~1\Ashampoo
2007-07-14 22:25 --------- d-------- C:\DOCUME~1\Kris\APPLIC~1\WinRAR
2007-07-13 01:32 765952 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-30 21:29 --------- d-------- C:\DOCUME~1\Kris\APPLIC~1\Lavasoft
2007-06-30 19:36 --------- d-------- C:\Program Files\Microsoft.NET
2007-06-30 19:24 --------- d-------- C:\Program Files\MSN Messenger
2007-06-27 23:06 2426 --a------ C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore. bin
2007-06-27 23:05 8972 --a------ C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin
2007-06-27 23:01 395744 --a------ C:\WINDOWS\system32\drivers\timntr.sys
2007-06-27 23:01 39264 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys
2007-06-27 23:00 114048 --a------ C:\WINDOWS\system32\drivers\snapman.sys
2007-06-27 23:00 --------- d-------- C:\Program Files\Common Files\Acronis
2007-06-27 22:57 --------- d-------- C:\Program Files\hp deskjet 920c series
2007-06-27 22:56 --------- d-------- C:\Program Files\Hewlett-Packard
2007-06-27 22:47 --------- d-------- C:\Program Files\Common Files\SpeechEngines
2007-06-27 22:47 --------- d-------- C:\Program Files\Common Files\ODBC
2007-06-27 22:30 --------- d-------- C:\Program Files\Messenger
2007-06-27 21:14 --------- d-------- C:\Program Files\My Company Name
2007-06-27 21:07 --------- d-------- C:\Program Files\Analog Devices
2007-06-27 21:05 --------- d-------- C:\Program Files\AMD
2007-06-27 21:04 --------- d-------- C:\Program Files\NVIDIA Corporation
2007-06-27 21:04 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-06-27 20:56 --------- d-------- C:\Program Files\microsoft frontpage
2007-06-27 20:55 0 -rahsc--- C:\MSDOS.SYS
2007-06-27 20:55 0 -rahsc--- C:\IO.SYS
2007-06-27 20:55 0 --a--c--- C:\CONFIG.SYS
2007-06-27 20:55 0 --a--c--- C:\AUTOEXEC.BAT
2007-06-27 20:54 --------- d--h----- C:\Program Files\WindowsUpdate
2007-06-27 20:54 --------- d-------- C:\Program Files\Online Services
2007-06-27 20:54 --------- d-------- C:\Program Files\Movie Maker
2007-06-27 20:54 --------- d-------- C:\Program Files\Common Files\MSSoap
2007-06-27 20:53 --------- d-------- C:\Program Files\MSN Gaming Zone
2007-06-27 20:52 --------- d-------- C:\Program Files\Windows NT
2007-06-27 16:12 823808 --a--c--- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 16:12 671232 --a--c--- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 16:12 52224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 16:12 477696 --a--c--- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 16:12 459264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 16:12 232960 --a--c--- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 16:12 193024 --a--c--- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 16:12 1152000 --a--c--- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 16:12 105984 --a--c--- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 16:12 102400 --a--c--- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 16:11 6058496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 16:11 44544 --a--c--- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 16:11 384512 --a--c--- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 16:11 383488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 16:11 27648 --a--c--- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 16:11 267776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 16:11 230400 --a--c--- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 16:11 153088 --a--c--- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 16:11 132608 --a--c--- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 16:11 124928 --a--c--- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 10:29 625152 --a--c--- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 10:27 63488 --a--c--- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 10:27 13824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 09:00 161792 --a--c--- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 08:10 1104896 --a--c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 15:33 282112 --a--c--- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-19 15:33 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 15:24 1036800 --a--c--- C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 15:24 1036800 --a------ C:\WINDOWS\explorer.exe
2007-05-17 13:30 549376 --a--c--- C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-05-17 13:30 549376 --a------ C:\WINDOWS\system32\oleaut32.dll
2007-05-16 17:19 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 17:19 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 17:19 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 17:19 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 17:19 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 17:19 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 04:07]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 15:43]
"nwiz"="nwiz.exe" [2006-08-11 15:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [2006-08-11 15:43]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86 \3\hpztsb04.exe" [2001-10-29 21:42]
"TrueImageMonitor.exe"="D:\acronis\TrueImageMonito r.exe" [2006-10-16 21:12]
"AcronisTimounterMonitor"="D:\acronis\TimounterMon itor.exe" [2006-10-16 21:17]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-10-16 21:13]
"kis"="D:\kaspersky\avp.exe" [2006-03-24 19:09]
"Adobe Reader Speed Launcher"="D:\abdobe\Reader\Reader_sl.exe" [2007-05-11 03:06]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"!AVG Anti-Spyware"="D:\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"ccleaner"="D:\ccleaner\ccleaner.exe" [2007-07-13 11:10]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=D:\KASPER~1\adialhk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
"Authentication Packages"= msv1_0 relog_ap

R0 mv614x;mv614x;C:\WINDOWS\system32\DRIVERS\mv614x.s ys
R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys
R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys
R1 NVTCP;NVIDIA TCP/IP Protocol Driver;C:\WINDOWS\system32\DRIVERS\NVTcp.sys
R2 tifsfilter;Acronis True Image FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
R3 SenFiltService;SenFilt Service;C:\WINDOWS\system32\drivers\Senfilt.sys


************************************************** ************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-16 20:35:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

Completion time: 2007-08-16 20:36:16

--- E O F ---


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:43:07, on 16/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\a2\a-squared Free\a2service.exe
D:\adaware\aawservice.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\ATKKBService.exe
D:\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
D:\acronis\TrueImageMonitor.exe
D:\acronis\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
D:\kaspersky\avp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
D:\mozilla\firefox\firefox.exe
C:\WINDOWS\explorer.exe
E:\vorige schijf\back up\hijackthis\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\acronis\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\acronis\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [kis] "D:\kaspersky\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\abdobe\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ccleaner] "D:\ccleaner\ccleaner.exe" /AUTO
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Voeg toe aan de Kaspersky Anti-Banner - D:\kaspersky\\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\kaspersky\scieplugin.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1187251511656
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - AppInit_DLLs: D:\KASPER~1\adialhk.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\a2\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\adaware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - D:\kaspersky\avp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6370 bytes

[slijkdabberke]

nog ff een vraagje is het normaal dat combofix mijne antivirus uitschakeld of was dat iets anders
bedankt

[jurgenv]

Nee is niet normaal, heb je een screenshot van de melding van AVG?

doe ook even dit:

Download sophos-anti-rootkit: http://www.sophos.com/products/free-...i-rootkit.html
Plaatst het op je bureaublad.
Dubbelklik op sarsfx.exe om de bestanden uit te pakken. (aanvaard de standaardinstallatiemap)
Open de map C:\SOPHTEMP en dubbelklik op sargui.exe om het programma te starten.
Zorg dat aangevinkt zijn:
- Running processes
- Windows Registry
- Local Hard Drives
Klik op de knop "Start Scan".

Wanneer je een melding krijgt dat de scan klaar is, klik je op de knop "OK" en sluit je het programma af.
Ga naar Start - Uitvoeren en tik in: %temp%\sarscan.log
Er opent een kladblokbestandje. Post de inhoud van dit bestand.

[slijkdabberke]

neen geen melding
is wel kaspersky
avg is anti-spyware
zal eerst die sophos es downloaden
bedankt

[slijkdabberke]

Sophos Anti-Rootkit Version 1.3 (data 1.06) (c) 2006 Sophos Plc
Started logging on 16/08/2007 at 21:38:10
Stopped logging on 16/08/2007 at 21:39:34

is precies weinig gevonden ?

[slijkdabberke]

is'ter nog een oplossing jurgen
of moet ik met een schoone lei beginnen (format)

[jurgenv]

Toch nog een poging doen.


* Download Dr.Web CureIt naar je bureaublad:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

• Dubbelklik drweb-cureit.exe en sta het toe om de express scan te starten.
• Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
• Eenmaal de korte scan is beeïndigd, Klik Options > Change Settings
• Kies de "Scan"-tab en verwijder het vinkje bij "Heuristic analyse"
• Terug in het hoofdvenster kan je de drives selecteren die je wilt laten scannen.
• Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
• Klik daarna de groene pijl rechts om de scan te starten.
• Klik 'Yes to all' wanneer er gevraagd wordt om cure of move uit te voeren.
• Wanneer de scan gedaan is, kijk of je volgende icoontje kan aanklikken dat staat naast hetgeen gevonden werd:
• Indien wel, klik erop en daarna klik op het icoontje er net onder en kies: Move incurable zoals je zal zien in volgende afbeelding:
  
  Dit zal de bestanden verplaatsen naar volgende map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden. (dit in het geval dat we samples nodig hebben)
• Na bovenstaande te selecteren, in het menu bovenaan van Dr.Web CureIt, klik file en kies save report list. Bewaar de log op je bureaublad.
• Sluit daarna Dr.Web Cureit.
• Herstart je computer!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.
• Na het herstarten, Kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post.

[slijkdabberke]

bedankt jurgen ga het dadelijk proberen
deze ellende is begonnen toen onze kleinste van een contactpersoon via msn een afbeelding heeft toegezonden gekregen