[OPGELOST] Onderbreken van programma

giovanni · 1 april 2008

Mijn pc onderbreekt steeds voor enkele seconden en loopt dan weer verder, is wel lastig als men aan het typen is want als je je scherm niet in het oog hebt ben je in het niets aan het typen

Yannick · 1 april 2008

kunt u misschien iets duidelijker zijn met uw vraag?

wat onderbreekt er steeds?

slaat windows vast of gebeurt er iets anders?

hoe lang is dit al, en wat is er voorafgaand gebeurd dat dit had kunnen veroorzaken (installatie van iets?)

kweezie wabbit · 2 april 2008

Bij werken op de achtergrond van bvb een virusscanner kan het gebeuren dat je scherm even achterblijft en dat je niet onmiddellijk ziet wat je typt. Dit is wel hinderlijk maar niet gevaarlijk. Je kan misschien eens proberen te achterhalen welke processen er veel cpu power vreten op het moment dat het "probleem" zich voordoet.

aarondk1 · 2 april 2008

Of je kan eens kijken of er malware actief is.

Malware kan er namelijk voor zorgen dat je pc "vertraagt".

Download Hijackthis, dubbelklik op Hijackthis.exe en klik op "do a system and save a logfile".

Dan komt er een logje tevoorschijn, plak de inhoud ervan hier, sluit Hijackthis af.

a.d.h kunnen we kijken of er malware actief is.

Grtz

giovanni · 6 april 2008

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:58:35, on 6/04/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\SurfRight\Caretaker\CaretakerService.exe

C:\Program Files\SurfRight\Caretaker\AntispamService.exe

C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe

C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\McAfee\MBK\MBackMonitor.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\Program Files\SiteAdvisor\6253\SAService.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\PROGRA~1\McAfee.com\Agent\mcagent.exe

C:\WINDOWS\system32\nvraidservice.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\carpserv.exe

C:\WINDOWS\mHotkey.exe

C:\WINDOWS\CNYHKey.exe

C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe

C:\Program Files\CyberLink\PowerCinema\PCMService.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

C:\Program Files\TomTom HOME 2\HOMERunner.exe

C:\Program Files\SurfRight\Caretaker\Notifier.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Program Files\RegistrySmart\RegistrySmart.exe

C:\Program Files\SPYWAREfighter\spftray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\SPYWAREfighter\spfprc.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Zita - het web van Z tot A

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Zita - het web van Z tot A

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Zita - het web van Z tot A

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll

O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll

O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [CHotkey] mHotkey.exe

O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide

O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe

O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s

O4 - HKLM\..\Run: [CaretakerNotifier] C:\Program Files\SurfRight\Caretaker\Notifier.exe

O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe /auto

O4 - HKLM\..\Run: [RegistrySmart] C:\Program Files\RegistrySmart\RegistrySmart.exe

O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.targa.co.uk

O15 - Trusted Zone: http://*.mcafee.com

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193516308000

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx

O23 - Service: McAfee Application Installer Cleanup (0177501207128988) (0177501207128988mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\017750~1.EXE

O23 - Service: Caretaker Antispam Service (CaretakerAntispam) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\AntispamService.exe

O23 - Service: Caretaker Proxy (CaretakerProxy) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe

O23 - Service: Caretaker Service (CaretakerSvc) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerService.exe

O23 - Service: Caretaker Updater (CaretakerUpdate) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--

End of file - 13300 bytes

kape · 6 april 2008

Download Combofix en zet het op je Bureaublad.

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/.../armhelper.ocx

O23 - Service: McAfee Application Installer Cleanup (0177501207128988) (0177501207128988mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\017750~1.EXE

Klik op 'Fix checked' om de items te verwijderen.

Volgende vetgedrukte map mag je verwijderen met Windows Verkenner.

C:\Program Files\PartyGaming\PartyPoker

Twee vraagjes :

1. Is je PC een Targa ?

O14 - IERESET.INF: START_PAGE_URL=http://www.targa.co.uk

Zo niet, moet je bovenstaande lijn ook nog fixen met HJT, zo ja mag ze blijven.

2. Heb jij zelf dit adres van McAfee als betrouwbaar geregistreerd ?

O15 - Trusted Zone: http://*.mcafee.com

Zo niet, moet je bovenstaande lijn ook nog fixen met HJT, zo ja mag ze blijven.

Dubbelklik op Combofix.exe en volg de instructies, aanvaard de disclaimer door y te typen. Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, moet je dit toestaan.

Hang dan het log van Combofix en een nieuw log van HJT aan je volgende bericht. En laat meteen eens horen of de onderbreking van je programma's nog voorkomt ?

giovanni · 6 april 2008

ComboFix 08-04-06.1 - Guy Schadron 2008-04-06 22:58:59.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.464 [GMT 2:00]

Gestart vanuit: C:\Documents and Settings\All Users\Bureaublad\Admin\Mijn documenten\pps\ComboFix.exe

* Resident AV is active

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_IPRIP

(((((((((((((((((((( Bestanden Gemaakt van 2008-03-06 to 2008-04-06 ))))))))))))))))))))))))))))))

.

2008-04-06 11:58 . 2008-04-06 11:58 <DIR> d-------- C:\Program Files\Trend Micro

2008-04-04 16:33 . 2008-04-04 16:33 <DIR> d-------- C:\Team17

2008-04-01 13:19 . 2008-04-01 13:20 <DIR> d-------- C:\Program Files\SPYWAREfighter

2008-04-01 13:19 . 2008-04-01 13:19 <DIR> d-------- C:\Program Files\Common Files\Application

2008-04-01 13:15 . 2008-04-01 13:15 <DIR> d-------- C:\Program Files\RegistrySmart

2008-04-01 13:15 . 2008-04-01 13:16 <DIR> d-------- C:\Documents and Settings\Guy Schadron\Application Data\RegistrySmart

2008-03-28 10:21 . 2008-03-28 10:22 967,021 --a------ C:\afbeeldingen.doc

2008-03-27 13:32 . 2008-03-27 13:32 967,021 --a------ C:\foto.doc

2008-03-27 11:45 . 2008-03-27 11:45 <DIR> dr------- C:\Documents and Settings\LocalService\Favorieten

2008-03-27 02:35 . 2008-03-27 02:35 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SurfRight

2008-03-26 22:41 . 2008-03-26 22:41 <DIR> d-------- C:\Documents and Settings\Guy Schadron\Application Data\Lavasoft

2008-03-26 22:01 . 2008-03-26 22:21 <DIR> d-------- C:\Program Files\Spyware Doctor

2008-03-26 22:01 . 2008-03-26 22:01 <DIR> d-------- C:\Documents and Settings\Guy Schadron\Application Data\PC Tools

2008-03-26 22:01 . 2007-12-10 15:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2008-03-26 22:01 . 2007-12-10 15:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2008-03-26 22:01 . 2008-02-01 13:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2008-03-26 22:01 . 2007-12-10 15:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2008-03-26 22:00 . 2008-03-26 22:00 <DIR> d-------- C:\Program Files\Webroot

2008-03-26 22:00 . 2008-03-26 22:00 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot

2008-03-26 22:00 . 2008-03-26 22:00 <DIR> d-------- C:\Documents and Settings\Guy Schadron\Application Data\Webroot

2008-03-26 22:00 . 2008-03-26 22:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot

2008-03-26 22:00 . 2007-03-01 20:54 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys

2008-03-26 22:00 . 2007-03-01 20:54 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys

2008-03-26 22:00 . 2007-03-01 20:54 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys

2008-03-26 22:00 . 2007-03-01 20:54 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys

2008-03-26 22:00 . 2008-03-26 22:00 164 --a------ C:\install.dat

2008-03-26 21:58 . 2008-03-26 22:04 <DIR> d-------- C:\Program Files\SpywareBlaster

2008-03-26 21:58 . 2008-03-26 21:59 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

2008-03-26 21:58 . 2008-03-26 21:58 <DIR> d-------- C:\Program Files\Lavasoft

2008-03-26 21:58 . 2008-03-26 22:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-03-26 21:56 . 2008-03-27 12:55 <DIR> d-------- C:\Program Files\ESET

2008-03-26 21:56 . 2008-03-26 21:56 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys

2008-03-26 21:56 . 2008-03-26 21:56 298,104 --a------ C:\WINDOWS\system32\imon.dll

2008-03-26 21:56 . 2008-03-26 21:56 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys

2008-03-26 21:54 . 2008-03-26 21:56 <DIR> d-------- C:\Temp

2008-03-26 21:54 . 2008-03-26 21:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx

2008-03-26 21:40 . 2008-03-26 21:40 <DIR> d-------- C:\Program Files\SurfRight

2008-03-26 21:40 . 2008-03-26 21:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SurfRight

2008-03-26 21:31 . 2008-03-26 21:31 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy

2008-03-26 21:31 . 2008-04-06 23:07 <DIR> d-------- C:\Program Files\Hitman Pro

2008-03-19 12:46 . 2008-03-19 12:46 <DIR> d-------- C:\Program Files\Qualcomm

2008-03-19 12:46 . 2008-03-19 12:46 <DIR> d-------- C:\Program Files\Netscape

2008-03-19 12:46 . 2008-03-19 12:46 <DIR> d-------- C:\Documents and Settings\Guy Schadron\Application Data\Thunderbird

2008-03-19 12:46 . 2008-03-19 12:46 25,398 --a------ C:\WINDOWS\animbigN.bmp

2008-03-19 12:46 . 2008-03-19 12:46 9,728 --a------ C:\WINDOWS\system32\rnaph.dll

2008-03-19 12:46 . 2008-03-19 12:46 9,526 --a------ C:\WINDOWS\animsmalN.bmp

2008-03-19 12:46 . 2008-03-19 12:46 2,598 --a------ C:\WINDOWS\big static.bmp

2008-03-19 12:46 . 2008-03-19 12:46 1,606 --a------ C:\WINDOWS\small static.bmp

2008-03-19 12:46 . 2008-03-19 12:46 335 --a------ C:\WINDOWS\mozregistry.dat

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-06 21:08 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-04-06 20:43 --------- d-----w C:\Program Files\McAfee

2008-04-06 16:00 --------- d-----w C:\Program Files\Norton Security Scan

2008-04-06 08:18 --------- d-----w C:\Documents and Settings\Guy Schadron\Application Data\Image Zone Express

2008-04-04 16:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-04-04 14:33 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-04-02 17:25 26,814 ----a-w C:\Documents and Settings\Guy Schadron\Application Data\wklnhst.dat

2008-03-26 07:30 --------- d-----w C:\Documents and Settings\Guy Schadron\Application Data\SiteAdvisor

2008-03-24 21:52 --------- d-----w C:\Program Files\Java

2008-02-16 14:52 --------- d-----w C:\Program Files\TomTom HOME 2

2008-02-16 14:52 --------- d-----w C:\Program Files\TomTom HOME

2008-02-16 14:52 --------- d-----w C:\Documents and Settings\Guy Schadron\Application Data\TomTom

2008-02-16 14:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\TomTom

2008-02-16 13:41 --------- d-----w C:\Documents and Settings\Guy Schadron\Application Data\SpinTop

2008-02-16 01:01 --------- d-----w C:\Program Files\MSXML 6.0

2008-02-15 19:41 --------- d-----w C:\Program Files\Common Files\Adobe

2008-02-15 19:34 --------- d-----w C:\Program Files\MSBuild

2008-02-15 19:30 --------- d-----w C:\Program Files\Reference Assemblies

2008-02-15 19:14 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-02-15 17:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia

2008-02-12 07:50 --------- d-----w C:\Program Files\Microsoft.NET

2008-01-13 08:32 68,312 ----a-w C:\Documents and Settings\Guy Schadron\Application Data\GDIPFONTCACHEV1.DAT

2007-12-09 23:19 667 ----a-w C:\Documents and Settings\Guy Schadron\Application Data\mdb.bin

2003-01-13 09:12 278,528 ----a-w C:\Program Files\internet explorer\plugins\PanoViewer.dll

1999-04-30 14:00 98,304 ----a-w C:\Program Files\internet explorer\plugins\UPjpeg.dll

.

((((((((((((((((((((((((((((( snapshot@2008-04-06_22.49.30.37 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-04-06 21:07:06 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5ec.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53 204288]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-12 15:10 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2005-01-17 13:43 84480]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-03-30 10:48 5898240]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-03-30 10:48 86016]

"SoundMan"="SOUNDMAN.EXE" [2005-02-23 18:13 77824 C:\WINDOWS\SOUNDMAN.EXE]

"CARPService"="carpserv.exe" [2003-03-19 01:13 4608 C:\WINDOWS\system32\carpserv.exe]

"CHotkey"="mHotkey.exe" [2004-12-08 17:57 550912 C:\WINDOWS\mHotkey.exe]

"ledpointer"="CNYHKey.exe" [2004-03-02 20:24 5576704 C:\WINDOWS\CNYHKey.exe]

"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 16:26 406016]

"OEM-Reset"="" []

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 02:33 582992]

"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 23:57 36640]

"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-07-22 20:29 1160480]

"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-17 14:44 4838952]

"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]

"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2005-04-18 22:30 127118]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]

"AntivirusRegistration"="C:\Program Files\CA\Etrust Antivirus\Register.exe" [2005-01-31 15:09 458752]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 16:09 63712]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2007-10-31 11:19 378784]

"CaretakerNotifier"="C:\Program Files\SurfRight\Caretaker\Notifier.exe" [2008-03-18 13:58 542456]

"Hitman Pro Expiration Helper"="C:\Program Files\Hitman Pro\xphelper.exe" [2007-01-30 15:41 596760]

"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 13:55 1103240]

"MSConfig"="C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe" [2004-08-04 13:00 160256]

"RegistrySmart"="C:\Program Files\RegistrySmart\RegistrySmart.exe" [2008-03-14 15:09 4351216]

"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2008-02-21 15:37 115344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.I420"= vdrcodec.dll

"msacm.l3acm"= L3CODECA.ACM

"MSVideo8"= VfWWDM32.dll

"VIDC.MJPG"= Pvmjpg21.dll

"VIDC.PIM1"= pclepim1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2005-03-30 10:48 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2007-07-12 15:10 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3587:TCP"= 3587:TCP:Windows Peer-to-Peer-groepering

"3540:UDP"= 3540:UDP:PNRP (Peer Name Resolution Protocol)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2005-02-11 18:11]

R1 ctredrv.sys;ctredrv.sys;C:\WINDOWS\system32\drivers\ctredrv.sys [2008-01-25 00:08]

R2 CaretakerAntispam;Caretaker Antispam Service;"C:\Program Files\SurfRight\Caretaker\AntispamService.exe" [2008-03-18 13:12]

R2 CaretakerProxy;Caretaker Proxy;"C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe" [2008-03-17 16:23]

R2 CaretakerSvc;Caretaker Service;"C:\Program Files\SurfRight\Caretaker\CaretakerService.exe" [2008-03-17 16:21]

R2 CaretakerUpdate;Caretaker Updater;"C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe" [2008-03-17 16:21]

R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-02-09 17:02]

R3 IMT0521;Inmax USB IMT-0521 Smartcard Reader;C:\WINDOWS\system32\Drivers\IMT0521.sys [2003-07-11 09:50]

R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2008-02-21 15:38]

R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2008-02-21 15:37]

S3 ACSSCR;ACR38 Smart Card Reader;C:\WINDOWS\system32\DRIVERS\a38usb.sys [2006-03-24 19:14]

S3 p2pgasvc;Groepsverificatie van peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-08-04 13:00]

S3 p2pimsvc;Identiteitsbeheer van peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-08-04 13:00]

S3 p2psvc;Peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-08-04 13:00]

S3 PNRPSvc;Naamomzettingsprotocol van peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-08-04 13:00]

S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;C:\WINDOWS\system32\DRIVERS\SCR33X2K.sys [2003-12-03 04:22]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e22b3c1-c177-11d9-a0c2-806d6172696f}]

\Shell\AutoRun\command - D:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81b54033-c0ac-11d9-8195-806d6172696f}]

\Shell\AutoRun\command - D:\Autorun.exe

.

Inhoud van de 'Gedeelde Taken' map

"2008-03-15 00:15:19 C:\WINDOWS\Tasks\McDefragTask.job"

- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'

"2008-03-31 23:00:24 C:\WINDOWS\Tasks\McQcTask.job"

- c:\PROGRA~1\mcafee\mqc\QcConsol.exe

"2008-04-06 20:24:21 C:\WINDOWS\Tasks\Norton Security Scan.job"

- C:\Program Files\Norton Security Scan\Nss.exe

"2008-04-06 21:08:06 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"

- C:\Program Files\RegistrySmart\RegistrySmart.ex

- C:\Program Files\RegistrySmart

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-06 23:08:18

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

PROCESS: C:\WINDOWS\explorer.exe

-> C:\Program Files\SiteAdvisor\6253\saHook.dll

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\System32\SCardSvr.exe

C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe

C:\Program Files\McAfee\MBK\MBackMonitor.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\Program Files\SiteAdvisor\6253\SAService.exe

C:\WINDOWS\System32\snmp.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\PROGRA~1\McAfee.com\Agent\mcagent.exe

C:\Program Files\Windows Media Player\WMPNetwk.exe

C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

.

**************************************************************************

.

Voltooingstijd: 2008-04-06 23:12:10 - machine was rebooted

ComboFix-quarantined-files.txt 2008-04-06 21:12:01

ComboFix2.txt 2008-04-06 20:50:20

Pre-Run: 194,861,981,696 bytes beschikbaar

Post-Run: 194,822,868,992 bytes beschikbaar

.

2008-04-06 03:28:02 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:13:43, on 6/04/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\SurfRight\Caretaker\CaretakerService.exe

C:\Program Files\SurfRight\Caretaker\AntispamService.exe

C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe

C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\McAfee\MBK\MBackMonitor.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\Program Files\SiteAdvisor\6253\SAService.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\PROGRA~1\McAfee.com\Agent\mcagent.exe

C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

C:\WINDOWS\system32\nvraidservice.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\carpserv.exe

C:\WINDOWS\mHotkey.exe

C:\WINDOWS\CNYHKey.exe

C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe

C:\Program Files\CyberLink\PowerCinema\PCMService.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Program Files\TomTom HOME 2\HOMERunner.exe

C:\Program Files\SurfRight\Caretaker\Notifier.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Program Files\RegistrySmart\RegistrySmart.exe

C:\Program Files\SPYWAREfighter\spftray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\SPYWAREfighter\spfprc.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com