Krijg vandaag continu spysweeperalarmen met blokkeringen door het schild internetcommunicatie. Dit na een update van Spybot.
alarm en blokkeringen gaan over o.a. :asta-killer, ad.mokead.com, adgate, ad.z-quest.com, ad-ware.cc, antipsylab.com, awmdabest.com, enz.....
scan met ad-adware, spybot, en spysxeeper gaven niks abnormaals?????
De blokkeringen en alarmen gaan à rato van 30-40 min!!!!!
hieronder een logje:(ps: zoon zit sinds 10 dagen thuis door werkongeval, toeval of?????)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:56:40, on 15/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
D:\programmas\Ad-Aware SE Professional\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\programmas\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\programmas\Nod32\egui.exe
d:\programmas\a-squared free\a2service.exe
D:\programmas\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
D:\programmas\Nod32\ekrn.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\SLEE81.exe
D:\programmas\alcoholer120\Alcohol 120\StarWind\StarWindService.exe
D:\programmas\Spy Sweeper\SpySweeper.exe
D:\programmas\Spy Sweeper\SSU.EXE
D:\programmas\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.hoehel.be
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nieuwsblad.be
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\programmas\SkypePhone\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\programmas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\programmas\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [egui] "D:\programmas\Nod32\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SpySweeper] D:\programmas\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [Skype] "D:\programmas\SkypePhone\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\RunOnce: [SSS7] "D:\programmas\steganos seccurity suite\sss7.exe" -firstboot (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-20\..\RunOnce: [SSS7] "D:\programmas\steganos seccurity suite\sss7.exe" -firstboot (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\programmas\Officexp\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\programmas\SkypePhone\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\programmas\Officexp\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\programmas\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\programmas\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.be/ImageUploader4.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - d:\programmas\a-squared free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\programmas\Ad-Aware SE Professional\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\programmas\Nod32\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - D:\programmas\Nod32\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Unknown owner - D:\programmas\Nero\InCD\InCDsrv.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Steganos Live Encryption Engine 8.1 [Service] (SLEE_81_SERVICE) - Unknown owner - C:\WINDOWS\System32\SLEE81.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\programmas\alcoholer120\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - D:\programmas\Spy Sweeper\SpySweeper.exe
--
End of file - 7366 bytes

Zou dit niet te maken hebben met dat spybot uw host file aanpast om slechte websites te blokkeren en dat spysweeper dit niet toelaat omdat hij uw hostfile ook beschermd?

zou inderdaad best kunnen, komt inderdaad voor direct nadat ik de nieuwe versie van Spybot heb gezet..best eens terug de oude versie zetten dan??
heb wel tea timer van Spybot niet laten installeren...

bon, niks mee te zien dus; heb zopas Spybot verwijderd, Regcleaner nog eens gedraaid en heropgestart. Sinds ik dus hier aan het typen ben, zie ik dat het 'schild internetcommunicatie van Spysweeper volgende zaken blokkeert: www.pesttrap.com (http://www.pesttrap.com), www.pimaccesscode.com (http://www.pimaccesscode.com), www.popcorn.net (http://www.popcorn.net), www.0pornmagpass.com (http://www.0pornmagpass.com), www.preferiti-windows.com (http://www.preferiti-windows.com), www.promo.dollarrevenue.com (http://www.promo.dollarrevenue.com) en ik kan zo blijven doorgaan want de popups van Spysweeper blijben komen.......er moet toch iets zijn die deze websites aantrekt???????

Hoi,

* Bezoek volgende pagina met de instructies voor het downloaden en gebruiken van Combofix.

http://www.bleepingcomputer.com/combofix/n...ruikt-te-worden (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden)

Voer dus de instructies op die pagina uit, dus inclusief het installeren van de XP Recovery Console.
(Indien je geen XP hebt, mag je deze stap ivm de Recovery Console overslaan)

Daarna post je de log van Combofix in je volgende post samen met een nieuw HijackThislog.

PS: als je melding krijgt van je beveiligingssoftware over Combofix, schakel die dan tijdelijk uit en voer de instructies opnieuw uit!!!

heb zopas Spybot terug gezet, en eens de backups nagezien die hij bij de installatie makt: zie dat 'Smithfraud' erin voorkomt........deugt niet echt he, dus hoe verwijder ik dat best?

heeft het zin om een herstelpunt van paar dagen geleden terug te plaatsen, of mijn image van de Cschijf van 01feb?

Dat zal geen zin hebben, doe maar wat Rosty zegt aub.

logje combofix
ComboFix 08-02-15.2 - guido 2008-02-15 20:30:21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1078 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\guido\Bureaublad\ComboFix.exe
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\1.tmp
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\nm

(((((((((((((((((((( Bestanden Gemaakt van 2008-01-15 to 2008-02-15 ))))))))))))))))))))))))))))))
.
2008-02-15 13:48 . 2008-02-15 18:56 <DIR> dr-h----- C:\Documents and Settings\guido\Onlangs geopend
2008-02-07 21:03 . 2008-02-07 21:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-02-07 21:02 . 2008-02-07 21:02 <DIR> d-------- C:\Documents and Settings\guido\Application Data\NCH Swift Sound
2008-02-07 20:53 . 2008-02-07 20:53 <DIR> d-------- C:\Converted Music
2008-01-23 10:37 . 2008-01-23 10:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-02-15 19:11 --------- d-----w C:\Documents and Settings\guido\Application Data\Skype
2008-02-15 17:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-11 12:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-02-09 17:31 --------- d-----w C:\Documents and Settings\guido\Application Data\Steganos Security Suite 7
2008-02-07 20:06 --------- d-----w C:\Program Files\NCH Swift Sound
2008-01-24 20:31 --------- d-----w C:\Documents and Settings\guido\Application Data\AdobeUM
2008-01-17 17:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-02 12:35 --------- d-----w C:\Program Files\Steganos 3
2007-12-29 20:20 --------- d-----w C:\Program Files\Panda Security
2007-12-27 17:12 --------- d-----w C:\Documents and Settings\guido\Application Data\OfficeUpdate12
2007-12-27 16:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-12-27 10:56 --------- d-----w C:\Program Files\HP
2007-12-27 10:56 --------- d-----w C:\Program Files\Hewlett-Packard
2007-12-21 07:21 33,800 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-12-21 07:20 30,216 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2007-12-21 07:19 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2005-04-16 12:50 51,328 ----a-w C:\Documents and Settings\guido\Application Data\GDIPFONTCACHEV1.DAT
2006-10-18 15:37 88 --sh--r C:\WINDOWS\system32\C138F94F4A.sys
2007-10-21 14:54 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Skype"="D:\programmas\SkypePhone\Phone\Skype.exe" [2007-09-13 12:31 22880040]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-24 21:05 344064]
"ZoneAlarm Client"="D:\programmas\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe" [2004-03-04 15:46 172032]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"egui"="D:\programmas\Nod32\egui.exe" [2007-12-21 08:21 1443072]
"SpySweeper"="D:\programmas\Spy Sweeper\SpySweeperUI.exe" [2007-10-01 16:40 5367608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2004-08-04 01:03 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Notification Packages REG_MULTI_SZ :\WINDOWS\system3
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^e-Backup 1.42 Scheduler.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\e-Backup 1.42 Scheduler.lnk
backup=C:\WINDOWS\pss\e-Backup 1.42 Scheduler.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^PC Alert 4.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\PC Alert 4.lnk
backup=C:\WINDOWS\pss\PC Alert 4.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Scanner Finder.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Scanner Finder.lnk
backup=C:\WINDOWS\pss\Scanner Finder.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^SOKO.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\SOKO.lnk
backup=C:\WINDOWS\pss\SOKO.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Telenet EasyCare.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Telenet EasyCare.lnk
backup=C:\WINDOWS\pss\Telenet EasyCare.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^guido^Menu Start^Programma's^Opstarten^Freecom Personal Media Suite.lnk]
path=C:\Documents and Settings\guido\Menu Start\Programma's\Opstarten\Freecom Personal Media Suite.lnk
backup=C:\WINDOWS\pss\Freecom Personal Media Suite.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ABBYY Community Agent]
--a------ 2001-09-21 02:39 253952 D:\programmas\finereader5.0\CAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
D:\programmas\Clonecd\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
C:\Program Files\dvd43\dvd43_tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GCS]
D:\programmas\grabclipsave\GrabClipSave.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--a------ 2005-01-04 14:17 1937408 D:\programmas\Nero\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-08-23 12:41 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
D:\programmas\skypefoon\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update Service]
C:\Program Files\Common Files\Teknum Systems\update.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Spooler"=2 (0x2)
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfw tdir.sys [2007-12-21 08:21]
R1 FSLX;FSLX;C:\WINDOWS\system32\drivers\fslx.sys [2006-05-17 18:19]
R2 SLEE_81_DRIVER;Steganos Live Encryption Engine 8.1 [Driver];C:\WINDOWS\System32\drivers\SLEE81.sys [2004-07-19 17:32]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]
S3 CoolerXPDriver;CoolerXPDriver;D:\programmas\Pc Alert 4\NTCooler.sys []
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\1.tmp []
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{9473817e-acc4-11dc-8730-0050babde466}]
\Shell\AutoRun\command - H:\InstallTomTomHOME.exe
.
Inhoud van de 'Gedeelde Taken' map
"2008-02-11 16:12:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-11 21:13:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-05-17 20:13:46 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-15 20:36:30
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
D:\programmas\Ad-Aware SE Professional\aawservice.exe
d:\programmas\a-squared free\a2service.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
D:\programmas\Nod32\ekrn.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\SLEE81.exe
D:\programmas\alcoholer120\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\wdfmgr.exe
D:\programmas\Spy Sweeper\SpySweeper.exe
.
************************************************** ************************
.
Voltooingstijd: 2008-02-15 20:38:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-15 19:38:18
.
2008-02-13 19:07:24 --- E O F ---


log hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:45:47, on 15/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
D:\programmas\Ad-Aware SE Professional\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
d:\programmas\a-squared free\a2service.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
D:\programmas\Nod32\ekrn.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\SLEE81.exe
D:\programmas\alcoholer120\Alcohol 120\StarWind\StarWindService.exe
D:\programmas\Spy Sweeper\SpySweeper.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\programmas\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\programmas\Nod32\egui.exe
D:\programmas\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\wuauclt.exe
D:\programmas\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.hoehel.be
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nieuwsblad.be
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\programmas\SkypePhone\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\programmas\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [egui] "D:\programmas\Nod32\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SpySweeper] "D:\programmas\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Skype] "D:\programmas\SkypePhone\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\RunOnce: [SSS7] "D:\programmas\steganos seccurity suite\sss7.exe" -firstboot (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-20\..\RunOnce: [SSS7] "D:\programmas\steganos seccurity suite\sss7.exe" -firstboot (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\programmas\Officexp\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\programmas\SkypePhone\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\programmas\Officexp\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.be/ImageUploader4.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - d:\programmas\a-squared free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\programmas\Ad-Aware SE Professional\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\programmas\Nod32\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - D:\programmas\Nod32\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Unknown owner - D:\programmas\Nero\InCD\InCDsrv.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Steganos Live Encryption Engine 8.1 [Service] (SLEE_81_SERVICE) - Unknown owner - C:\WINDOWS\System32\SLEE81.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\programmas\alcoholer120\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - D:\programmas\Spy Sweeper\SpySweeper.exe
--
End of file - 6942 bytes

Hoi,

je je logjes zien er goed uit hoor.
Hoe werkt alles verder?

goeie middag Rosty

Alles werkt naar behoren, en de popups door spysweeper zijn gestopt. In de backup van het register die spybot gemaakt heeft staat die 'smithfraud' vermeld. Mag ik die gewoon daar verwijderen? Wat doe ik met de twee bestanden op het bureaublad (combofix en het windowsbestand? Ook naar de prullebak of moeten die op eenaprte manier verwijderd worden?
Alvast bedankt voor de hulp, maak er nog een leuk weekend van!!!

goeie middag Rosty

In de backup van het register die spybot gemaakt heeft staat die 'smithfraud' vermeld. Mag ik die gewoon daar verwijderen?[quote]
Ja hoor, die mag je gewoon verwijderen!!

[quote] Wat doe ik met de twee bestanden op het bureaublad (combofix en het windowsbestand?
Combofix gaan we zo verwijderen:
Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak Combofix /U klik op OK of toets Enter.

http://hicheckthis.gethost.nl/images/Uninstall_combofix.JPG

Dit zal Combofix verwijderen+gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en reset je Systeemherstel opnieuw.
Het windowsbestan,d mag je via de prullenbak verwijderen.


Alvast bedankt voor de hulp, maak er nog een leuk weekend van!!!
Graag gedaan hoor.

sorry voor laattijdige reactie, had niet eerder tijd.
doe de uninstall van combofix morgenvoormiddag.
nogmaals bedankt voor de snelle hulp!! :good: