All my Hotmail contacts are getting weird spam

[superchinees]

Recently I receive a lot of spam mail from postmaster@mail.hotmail.com with subject Delivery Status Notification (Failure) and the content of the mails:

This is an automatically generated Delivery Status Notification.

Delivery to the following recipients failed.

(contacts email)

and another one with subject Delivery Status Notification (Delay).
This is an automatically generated Delivery Status Notification.

THIS IS A WARNING MESSAGE ONLY.

YOU DO NOT NEED TO RESEND YOUR MESSAGE.

Delivery to the following recipients has been delayed.

(contacts email)


I would really appreciate it if someone can help me out here....
Below you can find the ComboFix, Malwarebytes' Anti-Maleware and hijackthis log.

ComboFix 11-05-06.02 - SuperChinees 06-05-2011 21:48:00.2.2 - x86
Microsoft Windows 7 Ultimate N 6.1.7601.1.1252.31.1043.18.2046.1183 [GMT 2:00]
Gestart vanuit: c:\users\SuperChinees\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\360Downloads
C:\360Rec
c:\windows\struct~.ini
c:\windows\system32\ps2.bat
D:\123.txt
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-04-06 to 2011-05-06 ))))))))))))))))))))))))))))))
.
.
2011-05-06 20:16 . 2011-05-06 20:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-06 09:23 . 2011-04-18 07:15 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5341B2FE-3F17-43AD-8A2F-8ADF3C3C3CA0}\mpengine.dll
2011-05-06 09:12 . 2011-05-06 09:12 -------- d-----w- c:\users\SuperChinees\AppData\Local\{7D72B30F-76AF-40DE-825E-14F1F16B40C4}
2011-05-05 18:14 . 2011-05-05 18:14 -------- d-----w- c:\users\SuperChinees\AppData\Local\{B0C47DBE-57F7-4259-BB40-B50F39DC2B80}
2011-05-05 01:06 . 2011-05-05 01:07 -------- d-----w- c:\users\SuperChinees\AppData\Local\{8A59D605-5E70-4D38-B389-A884D1BA20D1}
2011-05-04 08:58 . 2011-05-04 08:58 -------- d-----w- c:\users\SuperChinees\AppData\Local\{4842AE76-29D8-4655-A890-5356D5C09324}
2011-05-04 08:58 . 2011-05-04 08:58 -------- d-----w- c:\users\SuperChinees\AppData\Local\{BA15F48B-BA75-45BE-8492-4571935DDF53}
2011-05-03 13:00 . 2011-05-03 13:01 -------- d-----w- c:\users\SuperChinees\AppData\Local\{F18C9EA0-D94A-49FE-8229-0216595F0152}
2011-05-01 17:33 . 2011-05-01 17:33 -------- d-----w- c:\users\SuperChinees\AppData\Local\{6F60D000-58BE-44FF-A42F-098073765D75}
2011-05-01 17:32 . 2011-05-01 17:32 -------- d-----w- c:\users\SuperChinees\AppData\Local\{064345C8-1896-4FA8-A786-44725CABDBD2}
2011-04-30 10:14 . 2011-04-30 10:15 -------- d-----w- c:\users\SuperChinees\AppData\Local\{EC2EF889-3F15-4423-B652-BEDE6E6E9091}
2011-04-29 10:19 . 2011-04-29 10:19 -------- d-----w- c:\users\SuperChinees\AppData\Local\{396450C1-3F9D-435F-848F-9E26E3CF388C}
2011-04-27 19:37 . 2011-04-27 19:37 -------- d-----w- c:\users\SuperChinees\AppData\Local\{9692858F-A42F-4099-BCF8-421B33A4C5E6}
2011-04-26 17:52 . 2011-04-26 17:53 -------- d-----w- c:\users\SuperChinees\AppData\Local\{FA517695-7A32-4286-8A91-4FE10D19F331}
2011-04-25 16:24 . 2011-04-25 16:25 -------- d-----w- c:\users\SuperChinees\AppData\Local\{ECFD28C0-817B-4084-A199-C8D4EB3B2169}
2011-04-25 16:14 . 2011-04-25 16:14 -------- d-----w- c:\users\SuperChinees\AppData\Local\{33FCB425-669E-4635-8816-94BEE301A691}
2011-04-24 03:05 . 2011-04-24 03:05 -------- d-----w- c:\users\SuperChinees\AppData\Local\{8F1A8C13-0DDD-4BB6-9961-5AA555434337}
2011-04-24 03:04 . 2011-04-24 03:04 -------- d-----w- c:\users\SuperChinees\AppData\Local\{A2C27C1D-9DBF-4CAE-BEFB-DB0CFC7F0F03}
2011-04-23 09:27 . 2011-04-23 09:27 -------- d-----w- c:\users\SuperChinees\AppData\Local\{186FCDE3-BBAC-41FF-B50A-B2B57126B54E}
2011-04-22 08:18 . 2011-04-22 08:18 -------- d-----w- c:\users\SuperChinees\AppData\Local\{E1AF6B2D-F578-4D18-ADFB-41B0D12073EE}
2011-04-20 22:05 . 2011-04-20 22:05 -------- d-----w- c:\users\SuperChinees\AppData\Roaming\duowan
2011-04-20 22:05 . 2011-04-20 22:05 -------- d-----w- c:\program files\duowan
2011-04-17 21:13 . 2011-04-17 21:14 -------- d-----w- c:\users\SuperChinees\AppData\Local\{E2CB9C35-9266-43AD-B9CE-9248B761FCB5}
2011-04-17 00:10 . 2011-04-17 00:11 -------- d-----w- c:\users\SuperChinees\AppData\Local\{EF28DC6F-8E25-44D5-8FDF-8F9DC4507F37}
2011-04-17 00:10 . 2011-04-17 00:10 -------- d-----w- c:\users\SuperChinees\AppData\Local\{A5B248E4-4C22-4641-8305-53546ED9836D}
2011-04-15 21:54 . 2011-04-15 21:54 -------- d-----w- c:\users\SuperChinees\AppData\Local\{D1825D0D-4F00-467B-99B0-E294F6951F55}
2011-04-14 17:53 . 2011-04-14 17:54 -------- d-----w- c:\users\SuperChinees\AppData\Local\{14BC3EBC-59BE-48EA-9D2E-75F130A604CD}
2011-04-14 14:54 . 2011-02-23 04:48 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-14 14:54 . 2011-02-23 04:48 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-14 14:54 . 2011-02-23 04:47 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-14 14:54 . 2011-03-03 05:38 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-14 14:54 . 2011-03-03 05:36 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-14 14:53 . 2011-02-19 06:30 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-14 14:53 . 2011-02-19 04:34 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-04-14 14:53 . 2011-03-03 03:42 2333184 ----a-w- c:\windows\system32\win32k.sys
2011-04-14 14:53 . 2011-03-08 05:28 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-14 14:53 . 2011-02-12 05:35 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-14 14:53 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-04-14 14:53 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-14 14:53 . 2011-02-23 04:47 223232 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-14 14:53 . 2011-02-23 04:47 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-14 14:53 . 2011-02-23 04:47 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-14 14:53 . 2011-02-23 04:47 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-14 01:39 . 2011-04-14 01:39 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-04-14 01:39 . 2011-04-14 01:39 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-04-13 23:22 . 2011-04-13 23:22 -------- d-----w- C:\Softland
2011-04-13 20:02 . 2011-04-13 20:02 -------- d-----w- c:\users\SuperChinees\AppData\Local\{81D8859A-4642-4E26-861E-0BB2C38DBCD1}
2011-04-12 19:48 . 2011-04-12 19:48 -------- d-----w- C:\Python31
2011-04-12 18:12 . 2011-04-12 18:12 -------- d-----w- c:\program files\Internet Explorer Platform Preview
2011-04-10 22:58 . 2011-04-10 22:59 -------- d-----w- c:\users\SuperChinees\AppData\Local\{AFB5AA37-1719-40BD-86BA-9A3931545F4E}
2011-04-10 18:19 . 2011-04-10 18:20 -------- d-----w- c:\windows\system32\RTCOM
2011-04-10 18:15 . 2011-02-22 13:52 1730112 ----a-w- c:\windows\system32\FMAPO.dll
2011-04-10 18:15 . 2010-11-03 16:25 406120 ----a-w- c:\windows\system32\DTSVoiceClarityDLL.dll
2011-04-10 18:15 . 2010-11-03 16:25 429160 ----a-w- c:\windows\system32\DTSSymmetryDLL.dll
2011-04-10 18:15 . 2010-11-03 16:25 1132648 ----a-w- c:\windows\system32\DTSS2SpeakerDLL.dll
2011-04-10 18:15 . 2010-11-03 16:25 962664 ----a-w- c:\windows\system32\DTSS2HeadphoneDLL.dll
2011-04-10 18:14 . 2010-11-03 16:25 291432 ----a-w- c:\windows\system32\DTSNeoPCDLL.dll
2011-04-10 18:14 . 2010-11-03 16:25 224360 ----a-w- c:\windows\system32\DTSLimiterDLL.dll
2011-04-10 18:14 . 2010-11-03 16:25 107112 ----a-w- c:\windows\system32\DTSLFXAPO.dll
2011-04-10 18:14 . 2010-11-03 16:25 106600 ----a-w- c:\windows\system32\DTSGFXAPONS.dll
2011-04-10 18:14 . 2010-11-03 16:25 107112 ----a-w- c:\windows\system32\DTSGFXAPO.dll
2011-04-10 18:14 . 2010-11-03 16:25 236648 ----a-w- c:\windows\system32\DTSGainCompensatorDLL.dll
2011-04-10 18:14 . 2010-11-03 16:25 901224 ----a-w- c:\windows\system32\DTSBoostDLL.dll
2011-04-10 18:14 . 2010-11-03 16:25 448616 ----a-w- c:\windows\system32\DTSBassEnhancementDLL.dll
2011-04-10 18:14 . 2010-07-22 14:37 175200 ----a-w- c:\windows\system32\AERTACap.dll
2011-04-10 18:14 . 2009-11-17 16:13 96160 ----a-w- c:\windows\system32\AERTARen.dll
2011-04-10 10:20 . 2011-02-16 15:11 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2011-04-10 10:20 . 2011-02-16 15:11 340072 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2011-04-10 10:15 . 2011-04-10 10:15 -------- d-----w- c:\programdata\ATI
2011-04-10 10:15 . 2011-04-10 10:15 -------- d-----w- c:\program files\AMD APP
2011-04-10 10:15 . 2011-04-10 10:15 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-04-10 10:08 . 2011-04-10 10:08 -------- d-----w- C:\AMD
2011-04-10 08:56 . 2011-04-10 08:56 -------- d-----w- c:\users\SuperChinees\AppData\Local\{B79C79B0-A22F-45F8-B05F-3E51CC664623}
2011-04-10 02:40 . 2011-04-10 02:40 -------- d-----w- c:\users\SuperChinees\AppData\Local\{60C800D8-77C7-49D3-A410-23EC23C09184}
2011-04-10 02:36 . 2011-04-10 02:36 -------- d-----w- c:\program files\Auslogics
2011-04-09 11:46 . 2011-04-09 11:46 -------- d-----w- c:\programdata\IObit
2011-04-09 11:46 . 2011-04-09 11:46 -------- d-----w- c:\program files\IObit
2011-04-09 09:48 . 2011-04-09 09:49 -------- d-----w- c:\users\SuperChinees\AppData\Local\{A2E2E94F-FFB9-44DA-B3CF-1840535A716B}
2011-04-08 11:53 . 2011-04-08 11:53 -------- d-----w- c:\users\SuperChinees\AppData\Local\{D0152961-3CAA-423D-BA52-4B6A6F945DBA}
2011-04-06 21:25 . 2011-04-06 21:25 -------- d-----w- c:\users\SuperChinees\AppData\Local\{195D506C-043A-4FF8-AB8E-4CB0C70AB763}
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-02 12:07 . 2011-04-02 12:07 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-02 12:07 . 2011-04-02 12:07 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-02 12:07 . 2011-04-02 12:07 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-02 12:07 . 2011-04-02 12:07 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-02 12:07 . 2011-04-02 12:07 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-02 12:07 . 2011-04-02 12:07 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-02 12:07 . 2011-04-02 12:07 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-02 12:07 . 2011-04-02 12:07 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-02 12:07 . 2011-04-02 12:07 367104 ----a-w- c:\windows\system32\html.iec
2011-04-02 12:07 . 2011-04-02 12:07 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-02 12:07 . 2011-04-02 12:07 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-02 12:07 . 2011-04-02 12:07 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-02 12:07 . 2011-04-02 12:07 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-02 12:07 . 2011-04-02 12:07 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-02 12:07 . 2011-04-02 12:07 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-02 12:07 . 2011-04-02 12:07 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-02 12:07 . 2011-04-02 12:07 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-02 12:07 . 2011-04-02 12:07 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-02 12:07 . 2011-04-02 12:07 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-02 12:07 . 2011-04-02 12:07 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-02 12:07 . 2011-04-02 12:07 101888 ----a-w- c:\windows\system32\admparse.dll
2011-03-21 17:56 . 2011-03-21 17:56 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-03-21 17:56 . 2011-03-21 17:56 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-03-21 17:55 . 2011-03-21 17:55 12385792 ----a-w- c:\windows\system32\amdocl.dll
2011-03-14 19:30 . 2011-03-14 19:30 106496 ----a-r- c:\users\SuperChinees\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe
2011-03-14 19:30 . 2011-03-14 19:30 106496 ----a-r- c:\users\SuperChinees\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe
2011-03-14 19:30 . 2010-11-13 11:09 106496 ----a-r- c:\users\SuperChinees\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
2011-03-14 19:28 . 2010-07-29 17:38 18760 ----a-w- c:\windows\system32\QQVistaHelper.dll
2011-03-09 09:21 . 2011-03-09 09:21 7723008 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-03-09 08:39 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-09 05:19 . 2011-03-09 05:19 17397248 ----a-w- c:\windows\system32\atioglxx.dll
2011-03-09 04:57 . 2011-03-09 04:57 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-03-09 04:56 . 2011-03-09 04:56 679424 ----a-w- c:\windows\system32\aticfx32.dll
2011-03-09 04:53 . 2011-03-09 04:53 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-03-09 04:53 . 2011-03-09 04:53 393216 ----a-w- c:\windows\system32\atieclxx.exe
2011-03-09 04:52 . 2011-03-09 04:52 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-03-09 04:51 . 2011-03-09 04:51 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-03-09 04:51 . 2011-03-09 04:51 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-03-09 04:51 . 2011-03-09 04:51 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-03-09 04:51 . 2011-03-09 04:51 15872 ----a-w- c:\windows\system32\atimuixx.dll
2011-03-09 04:51 . 2011-03-09 04:51 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-03-09 04:48 . 2009-07-13 22:09 4277760 ----a-w- c:\windows\system32\atidxx32.dll
2011-03-09 04:34 . 2011-03-09 04:34 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-03-09 04:34 . 2011-03-09 04:34 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-03-09 04:32 . 2011-03-09 04:32 5618688 ----a-w- c:\windows\system32\aticaldd.dll
2011-03-09 04:30 . 2009-08-18 01:20 4294656 ----a-w- c:\windows\system32\atiumdag.dll
2011-03-09 04:18 . 2011-03-09 04:18 258048 ----a-w- c:\windows\system32\atiadlxx.dll
2011-03-09 04:17 . 2011-03-09 04:17 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-03-09 04:17 . 2011-03-09 04:17 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-03-09 04:17 . 2011-03-09 04:17 239616 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-03-09 04:17 . 2011-03-09 04:17 31232 ----a-w- c:\windows\system32\atiuxpag.dll
2011-03-09 04:16 . 2011-03-09 04:16 28672 ----a-w- c:\windows\system32\atiu9pag.dll
2011-03-09 04:16 . 2011-03-09 04:16 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-03-09 04:11 . 2011-03-09 04:11 52736 ----a-w- c:\windows\system32\coinst.dll
2011-03-09 03:42 . 2011-03-09 03:42 1912832 ----a-w- c:\windows\system32\atiumdmv.dll
2011-03-09 03:34 . 2009-08-18 01:05 3471872 ----a-w- c:\windows\system32\atiumdva.dll
2011-03-09 03:18 . 2011-03-09 03:18 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-03-09 03:18 . 2011-03-09 03:18 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2011-03-08 23:12 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-02-25 17:37 . 2010-02-12 15:42 1284712 ----a-w- c:\windows\RtlExUpd.dll
2011-02-25 03:30 . 2011-03-25 15:40 308600 ----a-w- c:\windows\system32\MMInstaller.dll
2011-02-19 06:30 . 2011-03-09 13:01 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:30 . 2011-03-09 13:01 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:30 . 2011-03-09 13:01 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-16 15:11 . 2010-01-21 15:35 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2011-03-18 17:53 . 2011-03-21 22:26 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}]
2011-01-20 12:50 238968 ----a-w- c:\program files\Tencent\QQPCMgr\4.5.985.201\TSWebMon.dat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\SuperChinees\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\SuperChinees\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\SuperChinees\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\SuperChinees\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 1983816]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800]
"PS2"="c:\windows\system32\ps2.exe" [2001-07-03 81920]
"KBD"="c:\hp\KBD\KBD.EXE" [2001-07-06 61440]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-08 336384]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-03-28 10029672]
.
c:\users\SuperChinees\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\SuperChinees\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-4-15 25345624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"NokiaMServer"=c:\program files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe"
"UUSeeMediaCenter"="c:\program files\Common Files\uusee\UUSeeMediaCenter.exe"
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
" QQPCTray"="c:\program files\Tencent\QQPCMgr\4.5.985.201\QQPCTray.exe" /regrun
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088]
R3 gogo6HACCESSApacheHTTPServer;gogo6 HACCESS Apache HTTP Server;c:\program files\gogo6\gogoCLIENT\haccess\apache\bin\httpd.exe [2010-09-08 18432]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-07-02 26248]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-04-10 266544]
R3 netw5v32;Intel(R) Wireless WiFi Link adapter stuurprogramma onder Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-09-15 6000640]
R3 PRODIGY;PRODIGY;c:\windows\system32\Drivers\PRODIGY.SYS [2006-08-29 32377]
R3 PsSdk41;PsSdk41;c:\windows\system32\Drivers\pssdk41.sys [2010-03-20 36928]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-03 1343400]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-01-07 20744]
S0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\DRIVERS\Si3531.sys [2009-02-05 212520]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-02-03 142592]
S1 TCSafeBox;TCSafeBox;c:\program files\Tencent\QQPCMgr\4.5.985.201\TCSafeBox.sys [2011-01-20 27128]
S1 TSKSP;TSKSP;c:\program files\Tencent\QQPCMgr\4.5.985.201\TSKsp.sys [2011-01-20 97656]
S1 TSSysKit;TSSysKit;c:\program files\Tencent\QQPCMgr\4.5.985.201\TSSysKit.sys [2011-01-20 29816]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-09 176128]
S2 gogoc;gogo6 gogoCLIENT;c:\program files\gogo6\gogoCLIENT\gogoc.exe [2010-03-26 415048]
S2 QQPCRTP;QQPCMgr RTP Service;c:\program files\Tencent\QQPCMgr\4.5.985.201\QQPCRTP.exe [2011-01-20 816632]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-03-09 7723008]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-03-09 239616]
S3 gogoTunnelDevice;gogo6 Multi-Virtual Tunnel Adapter;c:\windows\system32\DRIVERS\gogotun.sys [2010-03-26 21064]
S3 NETwLv32; Intel(R) Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [2010-08-16 6637056]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-02-16 340072]
S3 TcHardWare;TcHardWare;c:\program files\Tencent\QQPCMgr\4.5.985.201\QQPCHW.sys [2011-01-20 34168]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
.
Inhoud van de 'Gedeelde Taken' map
.
2011-05-06 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-02-03 15:24]
.
2011-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-916377579-3775670683-1468505813-1001Core.job
- c:\users\SuperChinees\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-21 01:16]
.
2011-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-916377579-3775670683-1468505813-1001UA.job
- c:\users\SuperChinees\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-21 01:16]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://vshare.toolbarhome.com/?hp=df
uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local>;*.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Formulieren opslaan - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Invul Formulieren - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Menu aanpassen - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: RoboForm Werkbalk - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: ??UUSee?? - c:\program files\uusee\geturltodown.htm
IE: ??UUSee???? - c:\program files\uusee\geturltoplay.htm
IE: {{998A88A0-A355-809B-831C-B83A80000991} - å°￾游æˆ￾,在线å°￾游æˆ￾,å￾Œäººå°￾游æˆ￾,Ugegeå°￾游æˆ￾
Trusted Zone: 111222.cn\list1
Trusted Zone: pps.tv\kan
Trusted Zone: pps.tv\list1
Trusted Zone: pps.tv\tvguide
Trusted Zone: pps.tv\vodguide
Trusted Zone: ppstream.com\list1
Trusted Zone: ppstream.com\notice
Trusted Zone: ppstream.com\xml1
Trusted Zone: ppstream.com\xml2
Trusted Zone: ppstream.com\xml3
Trusted Zone: ppstream.net\list1
Trusted Zone: ppstv.com\list1
Trusted Zone: ppstv.net\list1
Trusted Zone: security_PPStream.exe
TCP: {48CBA588-BDD8-4E60-B751-F4A45E3AD1FF} = 192.168.1.1,62.140.138.237,62.140.140.250
FF - ProfilePath - c:\users\SuperChinees\AppData\Roaming\Mozilla\Firefox\Profiles\mgyrjljo.default\
FF - prefs.js: browser.startup.homepage - hxxp://nl.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:nlfficial
FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
.
.
------- Bestandsassociaties -------
.
txtfile=c:\windows\notepad.exe %1
.
- - - - ORPHANS VERWIJDERD - - - -
.
BHO-{f6ec2c71-1604-02a4-9939-8b31fab2a097} - (no file)
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-916377579-3775670683-1468505813-1001\Software\G*e*n*i*e*"!\FM Genie Scout 10]
"GameDir"="c:\\Users\\SuperChinees\\Documents\\Sports Interactive\\Football Manager 2010\\games"
"ShortlistDir"="c:\\Users\\SuperChinees\\Documents\\Sports Interactive\\Football Manager 2010\\shortlists"
"ScreenshotsDir"="c:\\Users\\SuperChinees\\Documents\\Sports Interactive\\Football Manager 2010"
"SaveDir"="c:\\Users\\SuperChinees\\Documents\\Sports Interactive\\Football Manager 2010\\"
"HistoryDir"="c:\\Users\\SuperChinees\\Desktop\\FM Genie Scout 10\\History Points"
"LangDB"=""
"LastSaveGame"="c:\\Users\\SuperChinees\\Documents\\Sports Interactive\\Football Manager 2010\\games\\Feyenoord.fm"
"Language"="English"
"LoadLangDB"=dword:00000000
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00009da0
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000074
"UniqueID"="F5-A680-EB8F"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2011-05-06 22:27:56
ComboFix-quarantined-files.txt 2011-05-06 20:27
.
Pre-Run: 7.045.578.752 bytes beschikbaar
Post-Run: 7.196.286.976 bytes beschikbaar
.
- - End Of File - - C51780C0CAB715A9DFDDF8B3FB69CD06

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Databaseversie: 6521

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

6-5-2011 22:56:59
mbam-log-2011-05-06 (22-56-59).txt

Scantype: Snelle scan
Objecten gescand: 158372
Verstreken tijd: 10 minuut/minuten, 4 seconde

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:56:12, on 6-5-2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\SuperChinees\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Users\SuperChinees\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\SuperChinees\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\SuperChinees\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\SuperChinees\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\SuperChinees\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\SuperChinees\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\SuperChinees\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\SuperChinees\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\SuperChinees\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\SuperChinees\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\SuperChinees\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost; 127.0.0.1; <local>;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: TSWebMon - {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} - C:\Program Files\Tencent\QQPCMgr\4.5.985.201\TSWebMon.dat
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PS2] C:\Windows\system32\ps2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: Dropbox.lnk = SuperChinees\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Invul Formulieren - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RoboForm Werkbalk - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe
O9 - Extra button: ??? - {998A88A0-A355-809B-831C-B83A80000991} - å°￾游æˆ￾,在线å°￾游æˆ￾,å￾Œäººå°￾游æˆ￾,Ugegeå°￾游æˆ￾ (file missing)
O9 - Extra 'Tools' menuitem: ??? - {998A88A0-A355-809B-831C-B83A80000991} - å°￾游æˆ￾,在线å°￾游æˆ￾,å￾Œäººå°￾游æˆ￾,Ugegeå°￾游æˆ￾ (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://list1.111222.cn
O15 - Trusted Zone: PPS
O15 - Trusted Zone: http://list1.pps.tv
O15 - Trusted Zone: ?
O15 - Trusted Zone: ?
O15 - Trusted Zone: http://list1.ppstream.com
O15 - Trusted Zone: ppstream
O15 - Trusted Zone: http://xml1.ppstream.com
O15 - Trusted Zone: http://xml2.ppstream.com
O15 - Trusted Zone: http://xml3.ppstream.com
O15 - Trusted Zone: http://list1.ppstream.net
O15 - Trusted Zone: http://list1.ppstv.com
O15 - Trusted Zone: http://list1.ppstv.net
O15 - ESC Trusted Zone: http://list1.111222.cn
O15 - ESC Trusted Zone: PPS
O15 - ESC Trusted Zone: http://list1.pps.tv
O15 - ESC Trusted Zone: ?
O15 - ESC Trusted Zone: ?
O15 - ESC Trusted Zone: http://list1.ppstream.com
O15 - ESC Trusted Zone: ppstream
O15 - ESC Trusted Zone: http://xml1.ppstream.com
O15 - ESC Trusted Zone: http://xml2.ppstream.com
O15 - ESC Trusted Zone: http://xml3.ppstream.com
O15 - ESC Trusted Zone: http://list1.ppstream.net
O15 - ESC Trusted Zone: http://list1.ppstv.com
O15 - ESC Trusted Zone: http://list1.ppstv.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{48CBA588-BDD8-4E60-B751-F4A45E3AD1FF}: NameServer = 192.168.1.1,62.140.138.237,62.140.140.250
O17 - HKLM\System\CS1\Services\Tcpip\..\{48CBA588-BDD8-4E60-B751-F4A45E3AD1FF}: NameServer = 192.168.1.1,62.140.138.237,62.140.140.250
O17 - HKLM\System\CS2\Services\Tcpip\..\{48CBA588-BDD8-4E60-B751-F4A45E3AD1FF}: NameServer = 192.168.1.1,62.140.138.237,62.140.140.250
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: gogo6 HACCESS Apache HTTP Server (gogo6HACCESSApacheHTTPServer) - Apache Software Foundation - C:\Program Files\gogo6\gogoCLIENT\haccess\apache\bin\httpd.exe
O23 - Service: gogo6 gogoCLIENT (gogoc) - gogo6, Inc. - C:\Program Files\gogo6\gogoCLIENT\gogoc.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE (file missing)
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: QQPCMgr RTP Service (QQPCRTP) - Tencent - C:\Program Files\Tencent\QQPCMgr\4.5.985.201\QQPCRTP.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11878 bytes

 

[BloodyMercy]

Have you tried running those programs from safe mode? It definitely sounds like you have picked up a keylogger...Someone has picked up your hotmail account.

 

[superchinees]

Do you mean ComboFix, Malwarebytes' Anti-Maleware and hijackthis on safe mode? I made the scans etc. on normal mode.
Do you guys see something weird or potentially dangerous in the logs?

 

[BloodyMercy]

I don't want you to be mistaken I am not associated with the excellent knowledge of the mod team. I was just posting a casual observation, I have no cue how to analyze those logs. Most times I have found viruses myself on my machines I did so from Safe Mode. Honestly I don't even know if that is a recommended process, I'm sure one of the pros will bewith you shortly...I think you are supposed to post the logs under the analyze thread though.. not sure...

 

[KSoD]

Well right away I have to ask before I can be of help. do you know of all of these trusted zones and Proxy settings that are setup:

O15 - Trusted Zone: http://list1.111222.cn
O15 - Trusted Zone: PPS
O15 - Trusted Zone: http://list1.pps.tv
O15 - Trusted Zone: ?
O15 - Trusted Zone: ?
O15 - Trusted Zone: http://list1.ppstream.com
O15 - Trusted Zone: ppstream
O15 - Trusted Zone: http://xml1.ppstream.com
O15 - Trusted Zone: http://xml2.ppstream.com
O15 - Trusted Zone: http://xml3.ppstream.com
O15 - Trusted Zone: http://list1.ppstream.net
O15 - Trusted Zone: http://list1.ppstv.com
O15 - Trusted Zone: http://list1.ppstv.net
O15 - ESC Trusted Zone: http://list1.111222.cn
O15 - ESC Trusted Zone: PPS
O15 - ESC Trusted Zone: http://list1.pps.tv
O15 - ESC Trusted Zone: ?
O15 - ESC Trusted Zone: ?
O15 - ESC Trusted Zone: http://list1.ppstream.com
O15 - ESC Trusted Zone: ppstream
O15 - ESC Trusted Zone: http://xml1.ppstream.com
O15 - ESC Trusted Zone: http://xml2.ppstream.com
O15 - ESC Trusted Zone: http://xml3.ppstream.com
O15 - ESC Trusted Zone: http://list1.ppstream.net
O15 - ESC Trusted Zone: http://list1.ppstv.com
O15 - ESC Trusted Zone: http://list1.ppstv.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{48CBA588-BDD8-4E60-B751-F4A45E3AD1FF}: NameServer = 192.168.1.1,62.140.138.237,62.140.140.250
O17 - HKLM\System\CS1\Services\Tcpip\..\{48CBA588-BDD8-4E60-B751-F4A45E3AD1FF}: NameServer = 192.168.1.1,62.140.138.237,62.140.140.250
O17 - HKLM\System\CS2\Services\Tcpip\..\{48CBA588-BDD8-4E60-B751-F4A45E3AD1FF}: NameServer = 192.168.1.1,62.140.138.237,62.140.140.250

Cause if not then you are most definitely infected.

 

[superchinees]

I used to have PPStream installed on my laptop, it's a video streaming program a lot of chinese people use. I didn't know of these trusted zones and proxy settings.
What do I have to do? Delete them in hijackthis?

 

[KSoD]

Well if you know of PPStream, then you should leave those. But the other entries you will have to remove via the Host files.

 

[jr_sanford]

My Yahoo email account was doing the exact same thing along with Google links redirecting my browser to various other sites and my Netflix Silverlight plugin crashing every time when I wanted to watch a streaming video. I got them all fixed by downloading ComboFix to my desktop (renaming it to moon.exe) and running it. You can get that program from Bleeping Computer. Make sure you have no open programs open when you run it.

J.R.