Archief - hijacklog

Logfile of HijackThis v1.99.0
Scan saved at 6:12:15, on 1/03/1999
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Robin Havet\Mijn documenten\My Received Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.zxffgbwpcbhit.com/v7I4zMAUbaybpVENj22xeJGQvOIEDRzUpa18MJeksCXZntkpkB_zWnhTTx4ypkfi.htm
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing

ok kan iemand zeggen wat hier fout aan is?

gr33tz illu :doc:

Gebruik spybot eens.
Verwijder:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.zxffgbwpcbhit.com/v7I4zM...nhTTx4ypkfi.htm
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing


Is wel een heel kort log, staat er echt bijna niets op de pc(geen firewall/antivirus...)?

wat J. zei is juist
alleen dit -> O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing

dat moet ge wegdoen met LSPfix
eerst aanvinken "i know what i'm doing" of zoiets endan 'xfire_lsp_10650.dll' removen

wil iemand eens kijken aub?
Logfile of HijackThis v1.99.0
Scan saved at 18:18:23, on 12/19/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
K:\WINDOWS\System32\smss.exe
K:\WINDOWS\system32\winlogon.exe
K:\WINDOWS\system32\services.exe
K:\WINDOWS\system32\lsass.exe
K:\WINDOWS\system32\Ati2evxx.exe
K:\WINDOWS\system32\svchost.exe
K:\WINDOWS\System32\svchost.exe
K:\WINDOWS\system32\spoolsv.exe
K:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
K:\WINDOWS\system32\Ati2evxx.exe
K:\WINDOWS\Explorer.EXE
K:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
K:\Program Files\Promise\Utility\MsgAgt.exe
K:\WINDOWS\System32\svchost.exe
K:\Program Files\Common Files\Real\Update_OB\realsched.exe
K:\Program Files\Messenger Plus! 3\MsgPlus.exe
K:\WINDOWS\SOUNDMAN.EXE
K:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
K:\Program Files\ATI Technologies\ATI.ACE\cli.exe
K:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
K:\Program Files\Messenger\msmsgs.exe
K:\Program Files\MSN Messenger\msnmsgr.exe
K:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
K:\PROGRA~1\INCRED~1\bin\IMApp.exe
K:\Program Files\WinZip\WZQKPICK.EXE
K:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
K:\Documents and Settings\Eigenaar_2\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - K:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - K:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - K:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NeroCheck] K:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "K:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "K:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Realtime Audio Engine] mmrtkrnl.exe
O4 - HKLM\..\Run: [MessengerPlus3] "K:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ATIPTA] K:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "K:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ATICCC] "K:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [avast!] K:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "K:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "K:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [IncrediMail] K:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - Startup: Rainlendar.lnk = K:\Program Files\Rainlendar\Rainlendar.exe
O4 - Startup: Shortcut to ScarletDial.lnk = ?
O4 - Global Startup: ATI CATALYST System Tray.lnk = K:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Microsoft Office.lnk = K:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = K:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - K:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Download using LeechGet - file://K:\Program Files\LeechGet 2004\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://K:\Program Files\LeechGet 2004\\Wizard.html
O8 - Extra context menu item: Parse with LeechGet - file://K:\Program Files\LeechGet 2004\\Parser.html
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - K:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - K:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - K:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - K:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - K:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://netbanking.dexia.be
O16 - DPF: Dexia netbanking - http://netbanking.dexia.be/PC//Dynamic/Shared/Applet//DexiaIIA.cab
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.wow-europe.com/signup/en/wowbeta/Si.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9E1089BC-1AE8-4685-8D77-6721E5C318A8} - http://dload.ipbill.com/del/loader.cab
O16 - DPF: {C3FDA8CE-9414-4E33-AC6B-4922922259A5} - http://www.jambalala.com/movies.exe
O16 - DPF: {C9A703E2-3145-11D8-813C-005022E14DE2} (Installer Class) - http://www.looknmeet.be:8080/lnm_v4/agent/LNMAgentInstaller.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE0F8A41-00B4-4256-8AB3-9786BB69978A}: NameServer = 193.74.208.65 193.121.171.135
O23 - Service: avast! iAVS4 Control Service - Unknown - K:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - K:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - K:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown - K:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - K:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: PC-cillin PersonalFirewall - Trend Micro Inc. - K:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: Promise RAID message agent - Promise Technology, Inc. - K:\Program Files\Promise\Utility\MsgAgt.exe
O23 - Service: Sandra Data Service - SiSoftware - K:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service - SiSoftware - K:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: Trend NT Realtime Service - Unknown - K:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe (file missing)

wat J. zei is juist
alleen dit -> O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing

dat moet ge wegdoen met LSPfix
eerst aanvinken "i know what i'm doing" of zoiets endan 'xfire_lsp_10650.dll' removen

Klik om te vergroten...

Spybot doet hetzelfde als LSPfix.

@ cram:
Overbodig:
O4 - HKLM\..\Run: [QuickTime Task] "K:\Program Files\QuickTime\qttask.exe" -atboottime
O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.c...sharingctrl.cab
O16 - DPF: {9E1089BC-1AE8-4685-8D77-6721E5C318A8} - http://dload.ipbill.com/del/loader.cab
O16 - DPF: {C3FDA8CE-9414-4E33-AC6B-4922922259A5} - http://www.jambalala.com/movies.exe
O23 - Service: Trend NT Realtime Service - Unknown - K:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe (file missing)

Ik zie geen problemen.

Ik danku J.

Mag ik mijn log ook eens posten ?
Hier is ie!

Logfile of HijackThis v1.98.2
Scan saved at 12:15:37, on 20/12/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Norton Internet Security\IAMAPP.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\program files\valve\steam\steam.exe
C:\WINDOWS\mdm.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\dnetc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Tom\Local Settings\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://82.179.166.192/search.php?v=6&aff=221679
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://82.179.166.192/index.php?v=6&aff=221679
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *new-search.net*;*x-google.net*
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: BHOSurfBuddy Class - {20F88735-345D-404A-B830-0CE3BC715976} - C:\Program Files\Surfapps.com\Surfbuddy!\SurfBuddy.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SurfBuddy! Surf Companion - {232409D8-8BD0-4662-B475-16E02E313376} - C:\Program Files\Surfapps.com\Surfbuddy!\SurfBuddy.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [tfrzsxpit] C:\WINDOWS\System32\mzebzs.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Clock] C:\WINDOWS\mdm.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Sam.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {20F88735-345D-404A-B830-0CE3BC715977} - C:\Program Files\Surfapps.com\Surfbuddy!\SurfBuddy.dll
O9 - Extra 'Tools' menuitem: SurfBuddy! Options... - {20F88735-345D-404A-B830-0CE3BC715977} - C:\Program Files\Surfapps.com\Surfbuddy!\SurfBuddy.dll
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://82.179.166.145/x15.chm::/trs15.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....com/pthalo/nl/win/QuickTimeFullInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.be/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll

wat mag ik verwijderen ??
dank bij voorbaat !

Malware processen:
C:\WINDOWS\mdm.exe

Te fixen:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://82.179.166.192/search.php?v=6&aff=221679
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://82.179.166.192/index.php?v=6&aff=221679
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *new-search.net*;*x-google.net*
O2 - BHO: BHOSurfBuddy Class - {20F88735-345D-404A-B830-0CE3BC715976} - C:\Program Files\Surfapps.com\Surfbuddy!\SurfBuddy.dll
O3 - Toolbar: SurfBuddy! Surf Companion - {232409D8-8BD0-4662-B475-16E02E313376} - C:\Program Files\Surfapps.com\Surfbuddy!\SurfBuddy.dll
O4 - HKLM\..\Run: [tfrzsxpit] C:\WINDOWS\System32\mzebzs.exe
O4 - HKCU\..\Run: [Clock] C:\WINDOWS\mdm.exe
O9 - Extra button: (no name) - {20F88735-345D-404A-B830-0CE3BC715977} - C:\Program Files\Surfapps.com\Surfbuddy!\SurfBuddy.dll
O9 - Extra 'Tools' menuitem: SurfBuddy! Options... - {20F88735-345D-404A-B830-0CE3BC715977} - C:\Program Files\Surfapps.com\Surfbuddy!\SurfBuddy.dll
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://82.179.166.145/x15.chm::/trs15.exe

Malware processen eerst afsluiten (Ctrl-Shift-Escape) ofwel HiJackThis laten cleanen in Veilige Modus.

Steven