hijackthis logfile

**focuske** · 13 October 2006, 20:26

kan iemand dit logje eens bekijken aub want ik krijg weer vervelende popups enzo !
dank u voor de moeite in ieder geval , hier is het logje

Logfile of HijackThis v1.99.1
Scan saved at 20:24:26, on 13/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Veoh\VeohClientService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\PROGRA~1\eSnips\SnipBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.dontstayin.com/misc/Activ...eUploader3.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab47946.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Veoh Client Service - Veoh Networks, Inc. - C:\Program Files\Veoh\VeohClientService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

**jurgenv** · 13 October 2006, 20:41

Hernoem hijackthis.exe naar hjt.exe en post dan een nieuw hijackthis logje hier.

**focuske** · 14 October 2006, 15:28

Logfile of HijackThis v1.99.1
Scan saved at 15:25:41, on 14/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Veoh\VeohClientService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\dikdysny.dll
O2 - BHO: (no name) - {257B6DBE-DBB4-4200-9CC3-5BE697C8655D} - C:\WINDOWS\Fonts\mwsvsr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\PROGRA~1\eSnips\SnipBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.dontstayin.com/misc/Activ...eUploader3.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab47946.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: mllmj - C:\WINDOWS\system32\mllmj.dll (file missing)
O20 - Winlogon Notify: mwsvsr - C:\WINDOWS\Fonts\mwsvsr.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjgf32 - winjgf32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Veoh Client Service - Veoh Networks, Inc. - C:\Program Files\Veoh\VeohClientService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

**jurgenv** · 15 October 2006, 13:14

Download VundoFix.exe naar je bureaublad.

Dubbelklik VundoFix.exe om het te starten.
Klik de Scan for Vundo knop.
Eenmaal gedaan met scannen, klik de Remove Vundo knop.
Je zal een melding krijgen of je de bestanden wilt laten verwijderen, klik YES
Nadat je Yes hebt geklikt, zullen de icoontjes op je bureaublad verdwijnen tijdens het verwijderen van Vundo.
Wanneer voltooid zal je de melding krijgen dat het je PC zal afsluiten, klik OK.
Start je pc terug opnieuw op.
Post de inhoud van C:\vundofix.txt en een nieuwe hijackthislog in je volgende post.

Note: Het is mogelijk dat vundofix een bestand gevonden heeft dat niet kon verwijderd worden.
In dit geval zal VundoFix na het heropstarten van je pc nog eens opstarten. Dan moet je de instructies van hierboven nog eens uitvoeren vanaf: "Click the Scan for Vundo."

**focuske** · 25 October 2006, 21:18

vundofix

VundoFix V6.2.6

Checking Java version...

Java version is 1.5.0.4

Java version is 1.5.0.6

Scan started at 20:51:15 25/10/2006

Listing files found while scanning....

C:\WINDOWS\system32\dikdysny.dll
C:\WINDOWS\system32\vbkupvdn.exe
C:\WINDOWS\Fonts\mwsvsr.dll
C:\WINDOWS\Fonts\rsvswm.ini
C:\WINDOWS\Fonts\rsvswm.bak1
C:\WINDOWS\Fonts\rsvswm.bak2

Beginning removal...

Attempting to delete C:\WINDOWS\system32\dikdysny.dll
C:\WINDOWS\system32\dikdysny.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vbkupvdn.exe
C:\WINDOWS\system32\vbkupvdn.exe Has been deleted!

Attempting to delete C:\WINDOWS\Fonts\mwsvsr.dll
C:\WINDOWS\Fonts\mwsvsr.dll Could not be deleted.

Attempting to delete C:\WINDOWS\Fonts\rsvswm.ini
C:\WINDOWS\Fonts\rsvswm.ini Has been deleted!

Attempting to delete C:\WINDOWS\Fonts\rsvswm.bak1
C:\WINDOWS\Fonts\rsvswm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\Fonts\rsvswm.bak2
C:\WINDOWS\Fonts\rsvswm.bak2 Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\Fonts\mwsvsr.dll
C:\WINDOWS\Fonts\mwsvsr.dll Has been deleted!

Performing Repairs to the registry.
Done!

HIJACKTHIS

Logfile of HijackThis v1.99.1
Scan saved at 21:15:11, on 25/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Veoh\VeohClientService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\dikdysny.dll (file missing)
O2 - BHO: (no name) - {33BDF490-E2DC-491A-8903-B4302B3302D8} - C:\WINDOWS\Fonts\mwsvsr.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\PROGRA~1\eSnips\SnipBar.dll
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.dontstayin.com/misc/Activ...eUploader3.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab47946.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: mllmj - C:\WINDOWS\system32\mllmj.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjgf32 - winjgf32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Veoh Client Service - Veoh Networks, Inc. - C:\Program Files\Veoh\VeohClientService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

**jurgenv** · 25 October 2006, 21:52

Download combofix.exe: http://download.bleepingcomputer.com/sUBs/combofix.exe
Plaats het op je bureaublad.
Dubbelklik er op om het programma te starten.
In het scherm dat verschijnt tik je een Y in om het cleaningsprocess te starten.
Volg de instructies op het scherm.
Als het tooltje klaar is, opent er een logfile (combofix.txt) Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

**focuske** · 26 October 2006, 19:38

combifix
Bjorn - 06-10-26 19:31:30,62 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Bjorn\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\Inetget2
C:\Program Files\winupdates
C:\WINDOWS\system32\components

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Bjorn\Application Data\YMBOLS~1
C:\QooBox\Purity\Documents and Settings\Bjorn\Application Data\YMBOLS~1\?ymbols
C:\QooBox\Purity\Program Files\Common Files\DOBE~1

((((((((((((((((((((((((((((((( Files Created from 2006-09-26 to 2006-10-26 ))))))))))))))))))))))))))))))))))

2006-10-25 21:03 9,216 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2006-10-19 18:54 67,604 --a------ C:\WINDOWS\system32\alpwjupe.exe
2006-10-12 14:42 77,824 --a------ C:\WINDOWS\system32\driverif.dll
2006-10-12 14:42 733,236 --a------ C:\WINDOWS\system32\vete.dll
2006-10-12 14:42 541,733 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2006-10-12 14:42 21,605 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2006-10-12 14:42 15,668 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2006-10-12 14:42 12,288 --a------ C:\WINDOWS\system32\vetntmsg.dll
2006-10-12 14:42 108,453 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))

2006-10-26 19:32 -------- d-------- C:\Program Files\Common Files
2006-10-26 18:46 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-26 18:45 -------- d-------- C:\Program Files\Veoh
2006-10-25 23:41 -------- d-------- C:\Program Files\DC++
2006-10-25 21:14 -------- d-------- C:\Program Files\Hijackthis
2006-10-25 19:28 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-10-25 16:18 -------- d-------- C:\Program Files\VSToolbar
2006-10-24 00:41 -------- d-------- C:\Program Files\OpenOffice.org1.1.5
2006-10-23 19:31 -------- d-------- C:\Program Files\Trillian
2006-10-13 20:22 -------- d-------- C:\Program Files\Yahoo!
2006-10-12 14:37 -------- d-------- C:\Program Files\mIRC
2006-10-12 01:58 -------- d-------- C:\Program Files\Hitman Pro
2006-10-12 01:57 -------- d-------- C:\Documents and Settings\Bjorn\Application Data\Lavasoft
2006-10-11 18:32 -------- d-------- C:\Documents and Settings\Bjorn\Application Data\SmartFTP
2006-10-09 18:19 164352 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2006-10-05 13:09 -------- d-------- C:\Documents and Settings\Bjorn\Application Data\AdobeUM
2006-10-04 13:08 -------- d---s---- C:\Documents and Settings\Bjorn\Application Data\Microsoft
2006-10-04 13:07 -------- d-------- C:\Documents and Settings\Bjorn\Application Data\Template
2006-10-04 12:39 -------- d-------- C:\Program Files\Microsoft Works
2006-10-04 12:39 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-03 01:16 -------- d-------- C:\Program Files\WinDAC32
2006-10-03 00:09 -------- d-------- C:\Program Files\Exact Audio Copy
2006-10-02 23:38 -------- d-------- C:\Program Files\Easy CD-DA Extractor 10
2006-09-29 17:16 -------- d-------- C:\Program Files\NCH Swift Sound
2006-09-28 16:12 -------- d-------- C:\Program Files\MP3 CD Ripper
2006-09-26 13:12 -------- d-------- C:\Documents and Settings\Bjorn\Application Data\SearchToolbarCorp
2006-09-26 00:17 -------- d-------- C:\Program Files\VideoEgg
2006-09-26 00:17 -------- d-------- C:\Documents and Settings\Bjorn\Application Data\VideoEgg
2006-09-22 17:05 -------- d-------- C:\Program Files\MiniLyrics
2006-09-22 11:16 -------- d-------- C:\Program Files\Foxit Software
2006-09-19 16:40 -------- d-------- C:\Program Files\Easy Computing
2006-09-19 16:34 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-19 16:30 -------- d--h----- C:\Program Files\Uninstall Information
2006-09-15 12:18 -------- d-------- C:\Program Files\Canon
2006-09-15 11:36 -------- d-------- C:\Program Files\iTunes
2006-09-15 11:35 -------- d-------- C:\Program Files\iPod
2006-09-15 11:31 -------- d-------- C:\Program Files\QuickTime
2006-09-15 11:24 -------- d-------- C:\Program Files\Apple Software Update
2006-09-13 13:59 -------- d-------- C:\Program Files\eSnips
2006-09-13 07:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-09 14:43 -------- d-------- C:\Program Files\Acoustica Shared Effects
2006-09-09 14:43 -------- d-------- C:\Program Files\Acoustica Mixcraft
2006-09-04 23:52 -------- d-------- C:\Program Files\Winamp
2006-09-04 14:48 -------- d-------- C:\Program Files\Java
2006-09-04 14:46 -------- d-------- C:\Program Files\Common Files\Java
2006-08-31 15:01 -------- d-------- C:\Program Files\PCPitstop
2006-08-30 21:58 -------- d-------- C:\Program Files\Spyware Doctor
2006-08-30 20:35 2 --a------ C:\WINDOWS\system32\wnsapisv.exe
2006-08-30 19:14 -------- d-------- C:\Documents and Settings\Bjorn\Application Data\NCH Swift Sound
2006-08-29 19:43 135168 --a------ C:\WINDOWS\system32\swreg.exe
2006-08-25 17:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-23 23:38 75776 --a------ C:\WINDOWS\zllsputility.exe
2006-08-21 14:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 13:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-07-27 15:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00 ,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00 ,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff ,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23 ,00,00,00,dc,00,00,00,dc,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EX E"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EX E"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\polic ies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mllmj
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjgf32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 06-10-26 19:34:32.28
C:\ComboFix.txt ... 06-10-26 19:34

hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 19:36:43, on 26/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Veoh\VeohClientService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\dikdysny.dll (file missing)
O2 - BHO: (no name) - {33BDF490-E2DC-491A-8903-B4302B3302D8} - C:\WINDOWS\Fonts\mwsvsr.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\PROGRA~1\eSnips\SnipBar.dll
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.dontstayin.com/misc/Activ...eUploader3.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab47946.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: mllmj - C:\WINDOWS\system32\mllmj.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjgf32 - winjgf32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Veoh Client Service - Veoh Networks, Inc. - C:\Program Files\Veoh\VeohClientService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

**jurgenv** · 26 October 2006, 19:42

* Je Java software is verouderd. oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem. Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

Download de nieuwste versie hier: Java Runtime Environment (JRE) 5.0 Update 9.
Scroll naar beneden tot waar er staat: "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Klik dan rechts op de "Download" knop.
Vink het volgende aan waar er staat: "Accept License Agreement".
De pagina zal herladen.
Klik op de link om Windows Offline Installation te downloaden met Meerdere-talen En bewaar het naar je bureaublad.
Sluit alle programma's die eventueel open zijn - Zeker je web browser!
Ga dan naar Start > Configuratiescherm en dubbelklik op software en verwijder alle oudere versies van Java.
Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
Klik dan op Verwijderen of Wijzig/Verwijder knop.
Herhaal dit tot alle oudere versies verdwenen zijn.
Na het verwijderen van alle oudere versies, herstart dan je pc.
Dubbelkik dan op jre-1_5_0_09-windows-i586-p.exe op je bureaublad om de nieuwste versie van Java te installeren.

* Download en installeer AVG Anti-Spyware.

Na de installatie, open AVG Anti-Spyware:
* onder "Status", klik op Change state naast "Resident shield". (wijzig van active naar inactive!)
* onder "Update", klik op de Start update knop.
* onder "Scanner", tab "Settings":
- - onder "How to act?", klik op "Recommended actions" en selecteer Quarantine. (ZEER BELANGRIJK!)
  * onder "Reports", selecteer Automatically generate report after every scan en verwijder het vinkje bij Only if threats were found
Sluit AVG Anti-Spyware. Laat het nog niet scannen.

* Als je Adaware SE nog niet geïnstalleerd hebt, download, installeer en update het dan volgens de richtlijnen
die je kan vinden op: http://users.pandora.be/marcvn/spyware/1414188.htm
Download link van Ad-aware: http://www.lavasoftusa.com/products/...e_personal.php

* Start je computer op in VEILIGE MODUS

* Voer een volledige scan uit met Adaware en verwijder alles wat gevonden wordt.

* Start AVG Anti-Spyware.

* Klik op Scan en kies Complete System Scan.
Na de scan; volg onderstaande instructies :
BELANGRIJK : Klik niet op de "Save Scan Report" knop vooraleer je de "Apply all Actions" knop hebt aangeklikt !
* Draag er zorg voor dat Set all elements to: op Quarantine staat (1),
zoniet klik op de link en kies Quarantine in de popup menu. (2)
(Dit geldt niet voor cookies, deze worden onveranderlijk gedelete !)
* Onderaan het venster klik op de Apply all Actions knop. (3)

* Wanneer je de melding krijgt 'All actions have been applied', klik je onderaan op de knop Save Report.

* Herstart je computer in normale modus.

* Download ATF cleaner (by Atribune)

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Gebruik je ook Firefox als browser:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit verwijdert het vinkje bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Gebruik je ook Opera als browser:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

* Post dan een nieuw hijackthis logje hier met het rapport van AVG antispyware.

**focuske** · 27 October 2006, 19:25

Logfile of HijackThis v1.99.1
Scan saved at 19:18:40, on 27/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Veoh\VeohClientService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Hijackthis\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\dikdysny.dll (file missing)
O2 - BHO: (no name) - {33BDF490-E2DC-491A-8903-B4302B3302D8} - C:\WINDOWS\Fonts\mwsvsr.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\PROGRA~1\eSnips\SnipBar.dll
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.dontstayin.com/misc/Activ...eUploader3.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab47946.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: mllmj - C:\WINDOWS\system32\mllmj.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjgf32 - winjgf32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Veoh Client Service - Veoh Networks, Inc. - C:\Program Files\Veoh\VeohClientService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 19:05:27 27/10/2006

+ Scan result:

:mozilla.34:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.35:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.36:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.45:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.588:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Adocean : Cleaned with backup (quarantined).
:mozilla.589:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Adocean : Cleaned with backup (quarantined).
:mozilla.243:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.32:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).
:mozilla.39:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).
:mozilla.408:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.409:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.410:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.411:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.377:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Cqcounter : Cleaned with backup (quarantined).
:mozilla.136:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Estat : Cleaned with backup (quarantined).
:mozilla.49:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.50:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.52:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.53:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.337:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Itrack : Cleaned with backup (quarantined).
:mozilla.647:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.648:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.126:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.127:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.128:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.129:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.130:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.131:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.132:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.133:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.413:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.414:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.415:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.416:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.417:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.418:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.420:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.423:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.425:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.444:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.564:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.565:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.566:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.567:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.568:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.569:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.143:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.231:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.232:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.264:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.524:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.525:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.546:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.547:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.362:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
:mozilla.175:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.176:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.177:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.178:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.179:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.180:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.556:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Texttbnru : Cleaned with backup (quarantined).
:mozilla.282:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined).
:mozilla.287:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.31:C:\Documents and Settings\Bjorn\Application Data\Mozilla\Firefox\Profiles\vfylfzat.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

::Report end

**jurgenv** · 27 October 2006, 19:27

* Open hijackthis en vink volgende regels aan:

R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\dikdysny.dll (file missing)
O2 - BHO: (no name) - {33BDF490-E2DC-491A-8903-B4302B3302D8} - C:\WINDOWS\Fonts\mwsvsr.dll (file missing)
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll (file missing)
O20 - Winlogon Notify: mllmj - C:\WINDOWS\system32\mllmj.dll (file missing)
O20 - Winlogon Notify: winjgf32 - winjgf32.dll (file missing)

* Sluit dan alle vensters behalve hijackthis en klik op 'fix checked'

* Post dan een nieuw hijackthis logje hier en vertel hoe alles verder werkt.