nele

Lukt niet met ze alle 3 kan dat? via verkenner krijg ik foutmelding dat het niet verwijderd kan worden omdat het door iemand of een ander programma in gebruik is, maar staat niets anders open , en met de andere twee vonden ze niet, staat al verborgen map in verkenner .

Zenuwen ja heb me al dikwijls vervloekt deze dagen, ook zoals de andere personen hier in huis, maar zo leert men wel vlug, spijtig ComboFix 08-03-26.1 - Beheerder 2008-03-28 16:58:25.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.165 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Beheerder\Bureaublad\ComboFix.exe Command switches used :: C:\Documents and Settings\Beheerder\Bureaublad\CFScript.txt * Nieuw herstelpunt werd aangemaakt * Resident AV is active WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! FILE :: C:\sqmdata01.sqm C:\sqmdata02.sqm C:\sqmdata03.sqm C:\sqmdata04.sqm C:\sqmnoopt02.sqm C:\sqmnoopt03.sqm C:\sqmnoopt04.sqm C:\sqmnoopt05.sqm C:\WINDOWS\system32\kshsxl.exe . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\CPV C:\sqmdata01.sqm C:\sqmdata02.sqm C:\sqmdata03.sqm C:\sqmdata04.sqm C:\sqmnoopt02.sqm C:\sqmnoopt03.sqm C:\sqmnoopt04.sqm C:\sqmnoopt05.sqm C:\WINDOWS\ERUNT\SDFIX C:\WINDOWS\ERUNT\SDFIX\DEFAULT C:\WINDOWS\ERUNT\SDFIX\ERDNT.CON C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE C:\WINDOWS\ERUNT\SDFIX\ERDNT.INF C:\WINDOWS\ERUNT\SDFIX\ERDNTDOS.LOC C:\WINDOWS\ERUNT\SDFIX\ERDNTWIN.LOC C:\WINDOWS\ERUNT\SDFIX\Find2.txt C:\WINDOWS\ERUNT\SDFIX\report2.txt C:\WINDOWS\ERUNT\SDFIX\SAM C:\WINDOWS\ERUNT\SDFIX\SECURITY C:\WINDOWS\ERUNT\SDFIX\SOFTWARE C:\WINDOWS\ERUNT\SDFIX\SYSTEM C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat C:\WINDOWS\system32\kshsxl.exe . (((((((((((((((((((( Bestanden Gemaakt van 2008-02-28 to 2008-03-28 )))))))))))))))))))))))))))))) . 2008-03-28 15:19 . 2008-03-28 16:58 <DIR> d-------- C:\WINDOWS\ERUNT 2008-03-28 15:02 . 2008-03-28 15:36 <DIR> d-------- C:\SDFix 2008-03-27 18:28 . 2008-03-27 18:28 <DIR> d-------- C:\Program Files\Trend Micro 2008-03-26 21:05 . 2008-03-27 16:50 12,783,882 -r-hs---- C:\AVG7DB_F.DAT 2008-03-26 20:44 . 2008-03-26 20:44 12,394,737 --------- C:\AVG7QT.DAT 2008-03-26 20:43 . 2008-03-26 20:43 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2008-03-26 20:43 . 2008-03-26 20:43 <DIR> d-------- C:\Documents and Settings\Beheerder\Application Data\AVG7 2008-03-26 20:42 . 2008-03-26 20:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-26 20:42 . 2008-03-27 17:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7 2008-03-26 19:47 . 2008-03-26 19:47 <DIR> d-------- C:\Program Files\Alwil Software . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-28 13:55 --------- d-----w C:\Program Files\Windows Live 2008-03-27 21:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-25 19:37 --------- d-----w C:\Program Files\Windows Live Toolbar 2008-03-22 14:59 --------- d-----w C:\Documents and Settings\Beheerder\Application Data\LimeWirePlus 2008-03-10 20:41 --------- d-----w C:\Documents and Settings\Beheerder\Application Data\DivX 2008-02-27 11:26 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-02-26 14:23 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-02-23 15:03 --------- d-----w C:\Documents and Settings\Beheerder\Application Data\PC Suite 2008-02-21 11:37 --------- d-----w C:\Documents and Settings\Beheerder\Application Data\Nokia 2008-02-20 11:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite 2008-02-20 11:37 --------- d-----w C:\Program Files\Nokia 2008-02-20 11:37 --------- d-----w C:\Program Files\DIFX 2008-02-20 11:37 --------- d-----w C:\Program Files\Common Files\PCSuite 2008-02-20 11:37 --------- d-----w C:\Program Files\Common Files\Nokia 2008-02-20 11:36 --------- d-----w C:\Program Files\PC Connectivity Solution 2008-02-20 11:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations 2008-02-13 19:46 --------- d-----w C:\Documents and Settings\Beheerder\Application Data\LG Electronics 2008-02-13 17:46 --------- d-----w C:\Program Files\DivX 2008-02-13 17:44 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-13 17:44 --------- d-----w C:\Program Files\LG Electronics 2008-02-13 17:43 --------- d-----w C:\Program Files\LG PC Suite 2 2008-02-13 17:41 --------- d-----w C:\Documents and Settings\Beheerder\Application Data\InstallShield 2008-02-13 17:39 --------- d-----w C:\Program Files\Packard Bell GPS 2008-01-29 18:41 --------- d-----w C:\Documents and Settings\Beheerder\Application Data\Qtrax1 2008-01-29 18:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\SongbirdVLC 2008-01-11 05:52 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll . ((((((((((((((((((((((((((((( snapshot@2008-03-27_19.07.19.59 ))))))))))))))))))))))))))))))))))))))))) . + 2006-07-11 08:41:36 345,656 ----a-w C:\WINDOWS\Downloaded Program Files\ewidoOnlineScan.dll + 2008-03-28 02:48:45 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2008-03-28 14:20:15 4,268,032 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat + 2008-03-28 14:20:15 110,592 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat - 2008-03-27 16:30:22 29,926 ----a-r C:\WINDOWS\Installer\{A0C978B8-B82B-4FAD-8C31-EBEE8E57468A}\MsblIco.Exe + 2008-03-27 21:42:03 29,926 ----a-r C:\WINDOWS\Installer\{A0C978B8-B82B-4FAD-8C31-EBEE8E57468A}\MsblIco.Exe - 2008-03-25 20:19:24 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2008-03-28 11:57:11 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2008-03-25 20:19:24 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat + 2008-03-28 11:57:11 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat - 2008-03-25 20:19:24 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-03-28 11:57:11 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}] 2007-11-08 12:11 1502232 --a------ C:\Program Files\LimewirePlus\tbLime.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{47E161A0-F4BA-41DD-A17B-D2EB26AD6A02}"= "C:\Program Files\LimewirePlus\tbLime.dll" [2007-11-08 12:11 1502232] [HKEY_CLASSES_ROOT\clsid\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{47E161A0-F4BA-41DD-A17B-D2EB26AD6A02}"= C:\Program Files\LimewirePlus\tbLime.dll [2007-11-08 12:11 1502232] [HKEY_CLASSES_ROOT\clsid\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [2004-08-06 02:10 442368] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 16:00 15360] "H/PC Connection Agent"="C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [2006-06-27 19:25 1211176] "IBM RecordNow!"="" [] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-08 11:17 110592] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-08 11:17 512000] "TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-04 18:39 897024] "TpShocks"="TpShocks.exe" [2005-04-05 15:14 106496 C:\WINDOWS\system32\TpShocks.exe] "TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-04-04 12:43 94208] "ControlCenter"="C:\Program Files\IBM fingerprint software\ctlcntr.exe" [2005-04-12 16:34 286821] "TP4EX"="tp4ex.exe" [2004-11-12 01:07 40960 C:\WINDOWS\system32\TP4EX.exe] "EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-03-23 02:11 217088] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 07:27 860160] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-10 21:05 344064] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-09-02 01:05 127035] "ibmmessages"="C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe" [2004-08-06 02:10 442368] "IBMPRC"="C:\IBMTOOLS\UTILS\ibmprc.exe" [2005-04-27 09:53 90112] "QCTRAY"="C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE" [2005-03-18 03:07 745472] "QCWLICON"="C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2005-03-18 03:07 86016] "PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-04-14 01:01 139264] "BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-14 01:01 208896] "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-18 08:00 94208] "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50 139320] "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" [2003-10-07 09:48 147514] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-03-26 20:42 352768] "AVG7_EMC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" [2008-03-26 20:42 272896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 16:00 15360] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [ ] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2008-03-26 20:42 151552] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] BTTray.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [2005-05-24 22:41:58 565309] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-12-10 03:14:03 24576] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] C:\Program Files\IBM fingerprint software\psfus.dll 2005-04-12 16:39 110179 C:\Program Files\IBM fingerprint software\psfus.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina] QConGina.dll 2005-03-18 03:07 262144 C:\WINDOWS\system32\QConGina.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] tphklock.dll 2004-08-12 20:11 24576 C:\WINDOWS\system32\tphklock.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"= "C:\\StubInstaller.exe"= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\\Program Files\\LimeWire Plus\\LimeWire.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\DOCUME~1\\BEHEER~1\\LOCALS~1\\Temp\\ebquéé£'£'%''msn'è%'fix''.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2005-01-14 12:20] R0 TPDiskPM;TPDiskPM;C:\WINDOWS\system32\drivers\TPDiskPM.sys [2004-12-02 16:14] R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-03-18 03:07] R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\drivers\IBMBLDID.SYS [2005-03-18 03:07] R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2004-05-14 12:59] R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2005-04-14 01:01] R2 ibmfilter;ibmfilter;C:\WINDOWS\system32\drivers\ibmfilter.sys [2005-04-27 10:27] R2 SmiHlp;SMI helper driver;C:\Program Files\IBM fingerprint software\smihlp.sys [2005-04-12 16:31] R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2005-04-12 16:41] R3 TPInput;TPInput;C:\WINDOWS\system32\DRIVERS\TPInput.sys [2004-12-02 15:54] R3 TPM11;NSC Integrated Trusted Platform Module 1.1;C:\WINDOWS\system32\DRIVERS\nsctpm11.sys [2005-04-21 16:44] S3 QCNDISIF;QCNDISIF;C:\WINDOWS\system32\drivers\qcndisif.SYS [2005-03-18 03:07] S3 USRSp50;USRSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\USRSp50.sys [2004-09-07 14:42] . Inhoud van de 'Gedeelde Taken' map "2008-03-28 15:02:38 C:\WINDOWS\Tasks\PMTask.job" - C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-28 17:01:39 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... ? [288] scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\tphklock.dll . Voltooingstijd: 2008-03-28 17:02:43 ComboFix-quarantined-files.txt 2008-03-28 16:02:27 ComboFix2.txt 2008-03-28 14:54:55 ComboFix3.txt 2008-03-27 21:06:51 ComboFix4.txt 2008-03-27 19:07:56 ComboFix5.txt 2008-03-27 18:07:49 Pre-Run: 36,018,671,616 bytes beschikbaar Post-Run: 36,009,762,816 bytes beschikbaar . 2008-03-20 12:04:18 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:08:08, on 28/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\savedump.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Common Files\Virtual Token\vtserver.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\IBM\Messages By IBM\ibmmessages.exe C:\IBMTOOLS\UTILS\ibmprc.exe C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\MI3AA1~1\wcescomm.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\interMute\AdSubtract\AdSub.exe C:\WINDOWS\System32\QCONSVC.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\TPHDEXLG.EXE C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\system32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1034 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLime.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\BEHEER~1\LOCALS~1\Temp\ebquéé£'£'%''msn'è%'fix''.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLime.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLime.dll O3 - Toolbar: AdSubtract Toolbar - {F14AABDD-0232-4e5a-9B52-4178AC0A62B5} - C:\WINDOWS\system32\adsubtb.dll O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\IBM fingerprint software\ctlcntr.exe" /startup O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe O4 - HKLM\..\Run: [iBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [bLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\BEHEER~1\LOCALS~1\Temp\ebquéé£'£'%''msn'è%'fix''.exe O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: AdSubtract.lnk = C:\Program Files\interMute\AdSubtract\AdSub.exe O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: AdSubtract: Bypass Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/360 O8 - Extra context menu item: AdSubtract: Cloak Image - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/361 O8 - Extra context menu item: AdSubtract: Report Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/359 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ThinkPad-software bijwerken - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe O11 - Options group: [JAVA_IBM] Java (IBM) O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing) O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe -- End of file - 12751 bytes

nu krijg ik wel als ik internet opstart, reclame elke keer van http://kjr72.bestrevenue.net

Hier is dan weer eens alles Laat je ook weten wanneer ik nog eens msn mag proberen dank je ComboFix 08-03-26.1 - Beheerder 2008-03-28 15:44:32.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.63 [GMT 1:00]Gestart vanuit: C:\Documents and Settings\Beheerder\Bureaublad\ComboFix.exe Command switches used :: C:\Documents and Settings\Beheerder\Bureaublad\CFScript.txt * Nieuw herstelpunt werd aangemaakt * Resident AV is active WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Temporary C:\WINDOWS\b155.exe C:\WINDOWS\mrofinu1423.exe C:\WINDOWS\mrofinu1423.exe.tmp . (((((((((((((((((((( Bestanden Gemaakt van 2008-02-28 to 2008-03-28 )))))))))))))))))))))))))))))) . 2008-03-28 15:35 . 2008-03-28 15:35 <DIR> d-------- C:\Program Files\CPV 2008-03-28 15:19 . 2008-03-28 15:20 <DIR> d-------- C:\WINDOWS\ERUNT 2008-03-28 15:02 . 2008-03-28 15:36 <DIR> d-------- C:\SDFix 2008-03-28 12:57 . 2008-03-28 12:57 9,296 --a------ C:\WINDOWS\system32\kshsxl.exe 2008-03-28 12:57 . 2008-03-28 12:57 244 --ah----- C:\sqmnoopt05.sqm 2008-03-28 12:57 . 2008-03-28 12:57 232 --ah----- C:\sqmdata04.sqm 2008-03-28 11:51 . 2008-03-28 11:51 244 --ah----- C:\sqmnoopt04.sqm 2008-03-28 11:51 . 2008-03-28 11:51 232 --ah----- C:\sqmdata03.sqm 2008-03-28 00:03 . 2008-03-28 00:03 244 --ah----- C:\sqmnoopt03.sqm 2008-03-28 00:03 . 2008-03-28 00:03 232 --ah----- C:\sqmdata02.sqm 2008-03-27 23:25 . 2008-03-27 23:25 244 --ah----- C:\sqmnoopt02.sqm 2008-03-27 23:25 . 2008-03-27 23:25 232 --ah----- C:\sqmdata01.sqm 2008-03-27 18:28 . 2008-03-27 18:28 <DIR> d-------- C:\Program Files\Trend Micro 2008-03-26 21:05 . 2008-03-27 16:50 12,783,882 -r-hs---- C:\AVG7DB_F.DAT 2008-03-26 20:44 . 2008-03-26 20:44 12,394,737 --------- C:\AVG7QT.DAT 2008-03-26 20:43 . 2008-03-26 20:43 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2008-03-26 20:43 . 2008-03-26 20:43 <DIR> d-------- C:\Documents and Settings\Beheerder\Application Data\AVG7 2008-03-26 20:42 . 2008-03-26 20:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-26 20:42 . 2008-03-27 17:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7 2008-03-26 19:47 . 2008-03-26 19:47 <DIR> d-------- C:\Program Files\Alwil Software . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-28 13:55 --------- d-----w C:\Program Files\Windows Live 2008-03-27 21:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-25 19:37 --------- d-----w C:\Program Files\Windows Live Toolbar 2008-03-22 14:59 --------- d-----w C:\Documents and Settings\Beheerder\Application Data\LimeWirePlus 2008-03-10 20:41 --------- d-----w C:\Documents and Settings\Beheerder\Application Data\DivX 2008-02-27 11:26 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-02-26 14:23 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-02-23 15:03 --------- d-----w C:\Documents and Settings\Beheerder\Application Data\PC Suite 2008-02-21 11:37 --------- d-----w C:\Documents and Settings\Beheerder\Application Data\Nokia 2008-02-20 11:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite 2008-02-20 11:37 --------- d-----w C:\Program Files\Nokia 2008-02-20 11:37 --------- d-----w C:\Program Files\DIFX 2008-02-20 11:37 --------- d-----w C:\Program Files\Common Files\PCSuite 2008-02-20 11:37 --------- d-----w C:\Program Files\Common Files\Nokia 2008-02-20 11:36 --------- d-----w C:\Program Files\PC Connectivity Solution 2008-02-20 11:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations 2008-02-13 19:46 --------- d-----w C:\Documents and Settings\Beheerder\Application Data\LG Electronics 2008-02-13 17:46 --------- d-----w C:\Program Files\DivX 2008-02-13 17:44 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-13 17:44 --------- d-----w C:\Program Files\LG Electronics 2008-02-13 17:43 --------- d-----w C:\Program Files\LG PC Suite 2 2008-02-13 17:41 --------- d-----w C:\Documents and Settings\Beheerder\Application Data\InstallShield 2008-02-13 17:39 --------- d-----w C:\Program Files\Packard Bell GPS 2008-01-29 18:41 --------- d-----w C:\Documents and Settings\Beheerder\Application Data\Qtrax1 2008-01-29 18:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\SongbirdVLC . ((((((((((((((((((((((((((((( snapshot@2008-03-27_19.07.19.59 ))))))))))))))))))))))))))))))))))))))))) . + 2006-07-11 08:41:36 345,656 ----a-w C:\WINDOWS\Downloaded Program Files\ewidoOnlineScan.dll + 2008-03-28 02:48:45 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE + 2008-03-28 14:20:31 4,268,032 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat + 2008-03-28 14:20:31 110,592 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat + 2008-03-28 02:48:45 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2008-03-28 14:20:15 4,268,032 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat + 2008-03-28 14:20:15 110,592 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat - 2008-03-27 16:30:22 29,926 ----a-r C:\WINDOWS\Installer\{A0C978B8-B82B-4FAD-8C31-EBEE8E57468A}\MsblIco.Exe + 2008-03-27 21:42:03 29,926 ----a-r C:\WINDOWS\Installer\{A0C978B8-B82B-4FAD-8C31-EBEE8E57468A}\MsblIco.Exe - 2008-03-25 20:19:24 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2008-03-28 11:57:11 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2008-03-25 20:19:24 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat + 2008-03-28 11:57:11 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat - 2008-03-25 20:19:24 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-03-28 11:57:11 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}] 2008-03-28 15:35 51200 --a------ C:\Program Files\CPV\CPV7.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}] 2007-11-08 12:11 1502232 --a------ C:\Program Files\LimewirePlus\tbLime.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{47E161A0-F4BA-41DD-A17B-D2EB26AD6A02}"= "C:\Program Files\LimewirePlus\tbLime.dll" [2007-11-08 12:11 1502232] [HKEY_CLASSES_ROOT\clsid\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{47E161A0-F4BA-41DD-A17B-D2EB26AD6A02}"= C:\Program Files\LimewirePlus\tbLime.dll [2007-11-08 12:11 1502232] [HKEY_CLASSES_ROOT\clsid\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [2004-08-06 02:10 442368] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 16:00 15360] "H/PC Connection Agent"="C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [2006-06-27 19:25 1211176] "IBM RecordNow!"="" [] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-08 11:17 110592] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-08 11:17 512000] "TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-04 18:39 897024] "TpShocks"="TpShocks.exe" [2005-04-05 15:14 106496 C:\WINDOWS\system32\TpShocks.exe] "TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-04-04 12:43 94208] "ControlCenter"="C:\Program Files\IBM fingerprint software\ctlcntr.exe" [2005-04-12 16:34 286821] "TP4EX"="tp4ex.exe" [2004-11-12 01:07 40960 C:\WINDOWS\system32\TP4EX.exe] "EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-03-23 02:11 217088] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 07:27 860160] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-10 21:05 344064] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-09-02 01:05 127035] "ibmmessages"="C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe" [2004-08-06 02:10 442368] "IBMPRC"="C:\IBMTOOLS\UTILS\ibmprc.exe" [2005-04-27 09:53 90112] "QCTRAY"="C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE" [2005-03-18 03:07 745472] "QCWLICON"="C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2005-03-18 03:07 86016] "PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-04-14 01:01 139264] "BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-14 01:01 208896] "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-18 08:00 94208] "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50 139320] "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" [2003-10-07 09:48 147514] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-03-26 20:42 352768] "AVG7_EMC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" [2008-03-26 20:42 272896] "Flash Media"="C:\DOCUME~1\BEHEER~1\LOCALS~1\Temp\ebquéé£'£'%''msn'è%'fix''.exe" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 16:00 15360] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [ ] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2008-03-26 20:42 151552] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] BTTray.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [2005-05-24 22:41:58 565309] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-12-10 03:14:03 24576] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] C:\Program Files\IBM fingerprint software\psfus.dll 2005-04-12 16:39 110179 C:\Program Files\IBM fingerprint software\psfus.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina] QConGina.dll 2005-03-18 03:07 262144 C:\WINDOWS\system32\QConGina.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] tphklock.dll 2004-08-12 20:11 24576 C:\WINDOWS\system32\tphklock.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"= "C:\\StubInstaller.exe"= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\\Program Files\\LimeWire Plus\\LimeWire.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\DOCUME~1\\BEHEER~1\\LOCALS~1\\Temp\\ebquéé£'£'%''msn'è%'fix''.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2005-01-14 12:20] R0 TPDiskPM;TPDiskPM;C:\WINDOWS\system32\drivers\TPDiskPM.sys [2004-12-02 16:14] R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-03-18 03:07] R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\drivers\IBMBLDID.SYS [2005-03-18 03:07] R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2004-05-14 12:59] R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2005-04-14 01:01] R2 ibmfilter;ibmfilter;C:\WINDOWS\system32\drivers\ibmfilter.sys [2005-04-27 10:27] R2 SmiHlp;SMI helper driver;C:\Program Files\IBM fingerprint software\smihlp.sys [2005-04-12 16:31] R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2005-04-12 16:41] R3 TPInput;TPInput;C:\WINDOWS\system32\DRIVERS\TPInput.sys [2004-12-02 15:54] R3 TPM11;NSC Integrated Trusted Platform Module 1.1;C:\WINDOWS\system32\DRIVERS\nsctpm11.sys [2005-04-21 16:44] S3 QCNDISIF;QCNDISIF;C:\WINDOWS\system32\drivers\qcndisif.SYS [2005-03-18 03:07] S3 USRSp50;USRSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\USRSp50.sys [2004-09-07 14:42] *Newly Created Service* - ENTDRV51 . Inhoud van de 'Gedeelde Taken' map "2008-03-28 14:37:04 C:\WINDOWS\Tasks\PMTask.job" - C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-28 15:51:47 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... ? [556] scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\tphklock.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Common Files\Virtual Token\vtserver.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\QCONSVC.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\TPHDEXLG.EXE C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\Windows Media Player\WMPNetwk.exe C:\WINDOWS\system32\Ati2evxx.exe . ************************************************************************** . Voltooingstijd: 2008-03-28 15:54:54 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-28 14:54:49 ComboFix2.txt 2008-03-27 21:06:51 ComboFix3.txt 2008-03-27 19:07:56 ComboFix4.txt 2008-03-27 18:07:49 Pre-Run: 36,006,379,520 bytes beschikbaar Post-Run: 36,000,505,856 bytes beschikbaar . 2008-03-20 12:04:18 --- E O F --- SDFix: Version 1.163 Run by Beheerder on vr 28/03/2008 at 15:22 Microsoft Windows XP [versie 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-28 15:32:20 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... C:\DOCUME~1\BEHEER~1\LOCALS~1\Temp\ebquéé£'£'%''msn'è%'fix''.exe [1732] 0x81A20DA0 scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:00000040 scanning hidden files ... scan completed successfully hidden processes: 1 hidden services: 0 hidden files: 1 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"="C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault" "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer" "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer" "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "C:\\Program Files\\LimeWire Plus\\LimeWire.exe"="C:\\Program Files\\LimeWire Plus\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\DOCUME~1\\BEHEER~1\\LOCALS~1\\Temp\\ebqu‚‚œ'œ'%''msn'Š%'fix''.exe"="C:\\DOCUME~1\\BEHEER~1\\LOCALS~1\\Temp\\ebqu‚‚œ'œ'%''msn'Š%'fix''.exe:*:Enabled:Flash Media" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Wed 23 Jan 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Mon 14 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Wed 27 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2112b4f456fe6310ed58588b71b93f62\BIT9.tmp" Finished! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:06:19, on 28/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\savedump.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Common Files\Virtual Token\vtserver.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\QCONSVC.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\TPHDEXLG.EXE C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\IBM\Messages By IBM\ibmmessages.exe C:\IBMTOOLS\UTILS\ibmprc.exe C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\MI3AA1~1\wcescomm.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\interMute\AdSubtract\AdSub.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1034 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLime.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\BEHEER~1\LOCALS~1\Temp\ebquéé£'£'%''msn'è%'fix''.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\CPV\CPV7.dll O2 - BHO: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLime.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLime.dll O3 - Toolbar: AdSubtract Toolbar - {F14AABDD-0232-4e5a-9B52-4178AC0A62B5} - C:\WINDOWS\system32\adsubtb.dll O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\IBM fingerprint software\ctlcntr.exe" /startup O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe O4 - HKLM\..\Run: [iBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [bLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\BEHEER~1\LOCALS~1\Temp\ebquéé£'£'%''msn'è%'fix''.exe O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: AdSubtract.lnk = C:\Program Files\interMute\AdSubtract\AdSub.exe O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: AdSubtract: Bypass Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/360 O8 - Extra context menu item: AdSubtract: Cloak Image - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/361 O8 - Extra context menu item: AdSubtract: Report Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/359 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ThinkPad-software bijwerken - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe O11 - Options group: [JAVA_IBM] Java (IBM) O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing) O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe -- End of file - 12787 bytes

nog niet in orde , steeds hetzelfde pff

ComboFix 08-03-26.1 - Beheerder 2008-03-27 22:02:21.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.187 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Beheerder\Bureaublad\ComboFix.exe Command switches used :: C:\Documents and Settings\Beheerder\Bureaublad\CFScript.txt * Nieuw herstelpunt werd aangemaakt * Resident AV is active WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! FILE :: C:\Documents and Settings\Beheerder\ljzech.exe C:\sqmdata01.sqm C:\sqmnoopt02.sqm C:\WINDOWS\system32\mqecdo.exe . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Beheerder\ljzech.exe C:\sqmdata01.sqm C:\sqmnoopt02.sqm C:\WINDOWS\system32\mqecdo.exe . (((((((((((((((((((( Bestanden Gemaakt van 2008-02-27 to 2008-03-27 )))))))))))))))))))))))))))))) . 2008-03-27 18:28 . 2008-03-27 18:28 <DIR> d-------- C:\Program Files\Trend Micro 2008-03-26 21:05 . 2008-03-27 16:50 12,783,882 -r-hs---- C:\AVG7DB_F.DAT 2008-03-26 20:44 . 2008-03-26 20:44 12,394,737 --------- C:\AVG7QT.DAT 2008-03-26 20:43 . 2008-03-26 20:43 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2008-03-26 20:43 . 2008-03-26 20:43 <DIR> d-------- C:\Documents and Settings\Beheerder\Application Data\AVG7 2008-03-26 20:42 . 2008-03-26 20:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-26 20:42 . 2008-03-27 17:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7 2008-03-26 19:47 . 2008-03-26 19:47 <DIR> d-------- C:\Program Files\Alwil Software 2008-02-27 12:26 . 2008-02-27 12:26 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-02-27 11:54 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-02-27 11:54 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-02-27 11:54 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-27 16:25 --------- d-----w C:\Program Files\Windows Live 2008-03-27 16:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-25 19:37 --------- d-----w C:\Program Files\Windows Live Toolbar 2008-03-22 14:59 --------- d-----w C:\Documents and Settings\Beheerder\Application Data\LimeWirePlus 2008-03-10 20:41 --------- d-----w C:\Documents and Settings\Beheerder\Application Data\DivX 2008-02-26 14:23 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-02-23 15:03 --------- d-----w C:\Documents and Settings\Beheerder\Application Data\PC Suite 2008-02-21 11:37 --------- d-----w C:\Documents and Settings\Beheerder\Application Data\Nokia 2008-02-20 11:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite 2008-02-20 11:37 --------- d-----w C:\Program Files\Nokia 2008-02-20 11:37 --------- d-----w C:\Program Files\DIFX 2008-02-20 11:37 --------- d-----w C:\Program Files\Common Files\PCSuite 2008-02-20 11:37 --------- d-----w C:\Program Files\Common Files\Nokia 2008-02-20 11:36 --------- d-----w C:\Program Files\PC Connectivity Solution 2008-02-20 11:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations 2008-02-13 19:46 --------- d-----w C:\Documents and Settings\Beheerder\Application Data\LG Electronics 2008-02-13 17:46 --------- d-----w C:\Program Files\DivX 2008-02-13 17:44 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-13 17:44 --------- d-----w C:\Program Files\LG Electronics 2008-02-13 17:43 --------- d-----w C:\Program Files\LG PC Suite 2 2008-02-13 17:41 --------- d-----w C:\Documents and Settings\Beheerder\Application Data\InstallShield 2008-02-13 17:39 --------- d-----w C:\Program Files\Packard Bell GPS 2008-01-29 18:41 --------- d-----w C:\Documents and Settings\Beheerder\Application Data\Qtrax1 2008-01-29 18:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\SongbirdVLC 2008-01-11 05:52 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll . ((((((((((((((((((((((((((((( snapshot@2008-03-27_19.07.19.59 ))))))))))))))))))))))))))))))))))))))))) . + 2006-07-11 08:41:36 345,656 ----a-w C:\WINDOWS\Downloaded Program Files\ewidoOnlineScan.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}] 2007-11-08 12:11 1502232 --a------ C:\Program Files\LimewirePlus\tbLime.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{47E161A0-F4BA-41DD-A17B-D2EB26AD6A02}"= "C:\Program Files\LimewirePlus\tbLime.dll" [2007-11-08 12:11 1502232] [HKEY_CLASSES_ROOT\clsid\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{47E161A0-F4BA-41DD-A17B-D2EB26AD6A02}"= C:\Program Files\LimewirePlus\tbLime.dll [2007-11-08 12:11 1502232] [HKEY_CLASSES_ROOT\clsid\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [2004-08-06 02:10 442368] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 16:00 15360] "H/PC Connection Agent"="C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [2006-06-27 19:25 1211176] "IBM RecordNow!"="" [] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-08 11:17 110592] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-08 11:17 512000] "TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-04 18:39 897024] "TpShocks"="TpShocks.exe" [2005-04-05 15:14 106496 C:\WINDOWS\system32\TpShocks.exe] "TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-04-04 12:43 94208] "ControlCenter"="C:\Program Files\IBM fingerprint software\ctlcntr.exe" [2005-04-12 16:34 286821] "TP4EX"="tp4ex.exe" [2004-11-12 01:07 40960 C:\WINDOWS\system32\TP4EX.exe] "EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-03-23 02:11 217088] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 07:27 860160] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-10 21:05 344064] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-09-02 01:05 127035] "ibmmessages"="C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe" [2004-08-06 02:10 442368] "IBMPRC"="C:\IBMTOOLS\UTILS\ibmprc.exe" [2005-04-27 09:53 90112] "QCTRAY"="C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE" [2005-03-18 03:07 745472] "QCWLICON"="C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2005-03-18 03:07 86016] "PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-04-14 01:01 139264] "BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-14 01:01 208896] "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-18 08:00 94208] "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50 139320] "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" [2003-10-07 09:48 147514] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-03-26 20:42 352768] "AVG7_EMC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" [2008-03-26 20:42 272896] "runner1"="C:\WINDOWS\mrofinu1423.exe" [2008-03-27 22:06 37376] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 16:00 15360] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [ ] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2008-03-26 20:42 151552] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] BTTray.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [2005-05-24 22:41:58 565309] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-12-10 03:14:03 24576] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] C:\Program Files\IBM fingerprint software\psfus.dll 2005-04-12 16:39 110179 C:\Program Files\IBM fingerprint software\psfus.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina] QConGina.dll 2005-03-18 03:07 262144 C:\WINDOWS\system32\QConGina.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] tphklock.dll 2004-08-12 20:11 24576 C:\WINDOWS\system32\tphklock.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"= "C:\\StubInstaller.exe"= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\\Program Files\\LimeWire Plus\\LimeWire.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\DOCUME~1\\BEHEER~1\\LOCALS~1\\Temp\\ebquéé£'£'%''msn'è%'fix''.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2005-01-14 12:20] R0 TPDiskPM;TPDiskPM;C:\WINDOWS\system32\drivers\TPDiskPM.sys [2004-12-02 16:14] R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-03-18 03:07] R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\drivers\IBMBLDID.SYS [2005-03-18 03:07] R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2004-05-14 12:59] R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2005-04-14 01:01] R2 ibmfilter;ibmfilter;C:\WINDOWS\system32\drivers\ibmfilter.sys [2005-04-27 10:27] R2 SmiHlp;SMI helper driver;C:\Program Files\IBM fingerprint software\smihlp.sys [2005-04-12 16:31] R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2005-04-12 16:41] R3 TPInput;TPInput;C:\WINDOWS\system32\DRIVERS\TPInput.sys [2004-12-02 15:54] R3 TPM11;NSC Integrated Trusted Platform Module 1.1;C:\WINDOWS\system32\DRIVERS\nsctpm11.sys [2005-04-21 16:44] S3 QCNDISIF;QCNDISIF;C:\WINDOWS\system32\drivers\qcndisif.SYS [2005-03-18 03:07] S3 USRSp50;USRSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\USRSp50.sys [2004-09-07 14:42] *Newly Created Service* - ENTDRV51 . Inhoud van de 'Gedeelde Taken' map "2008-03-27 19:59:18 C:\WINDOWS\Tasks\PMTask.job" - C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-27 22:05:45 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... ? [320] scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\tphklock.dll . Voltooingstijd: 2008-03-27 22:06:50 ComboFix-quarantined-files.txt 2008-03-27 21:06:34 ComboFix2.txt 2008-03-27 19:07:56 ComboFix3.txt 2008-03-27 18:07:49 Pre-Run: 36,341,760,000 bytes beschikbaar Post-Run: 36,332,576,768 bytes beschikbaar . 2008-03-20 12:04:18 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:35:27, on 27/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Common Files\Virtual Token\vtserver.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\QCONSVC.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\TPHDEXLG.EXE C:\WINDOWS\system32\TpKmpSVC.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\IBM\Messages By IBM\ibmmessages.exe C:\IBMTOOLS\UTILS\ibmprc.exe C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\mrofinu1423.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\PROGRA~1\MI3AA1~1\wcescomm.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\interMute\AdSubtract\AdSub.exe C:\WINDOWS\17PHolmes1423.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe -- End of file - 4089 bytes en nu probere, op hoop van zegen . . . ik laat je iets weten

denk dat ik alles heb gedaan wat gevraagd al vond ik 1ding niet voor te selecteren ComboFix 08-03-26.1 - 2008-03-27 20:04:09.2 - NTFSx86 Gestart vanuit: C:\Documents and Settings\Beheerder\Bureaublad\ComboFix.exe * Resident AV is active WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . (((((((((((((((((((( Bestanden Gemaakt van 2008-02-27 to 2008-03-27 )))))))))))))))))))))))))))))) . 2008-03-27 18:28 . 2008-03-27 18:28 <DIR> d-------- C:\Program Files\Trend Micro 2008-03-27 18:11 . 2008-03-27 18:11 827 --a------ C:\Documents and Settings\Beheerder\ljzech.exe 2008-03-27 18:06 . 2008-03-27 18:06 827 --a------ C:\WINDOWS\system32\mqecdo.exe 2008-03-26 21:05 . 2008-03-27 16:50 12,783,882 -r-hs---- C:\AVG7DB_F.DAT 2008-03-26 20:44 . 2008-03-26 20:44 12,394,737 --------- C:\AVG7QT.DAT 2008-03-26 20:43 . 2008-03-26 20:43 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2008-03-26 20:43 . 2008-03-26 20:43 <DIR> d-------- C:\Documents and Settings\Beheerder\Application Data\AVG7 2008-03-26 20:42 . 2008-03-26 20:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-26 20:42 . 2008-03-27 17:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7 2008-03-26 19:47 . 2008-03-26 19:47 <DIR> d-------- C:\Program Files\Alwil Software 2008-03-25 21:19 . 2008-03-25 21:19 244 --ah----- C:\sqmnoopt02.sqm 2008-03-25 21:19 . 2008-03-25 21:19 232 --ah----- C:\sqmdata01.sqm 2008-02-27 12:26 . 2008-02-27 12:26 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-02-27 11:54 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-02-27 11:54 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-02-27 11:54 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-27 16:25 --------- d-----w C:\Program Files\Windows Live 2008-03-27 16:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-25 19:37 --------- d-----w C:\Program Files\Windows Live Toolbar 2008-03-22 14:59 --------- d-----w C:\Documents and Settings\Beheerder\Application Data\LimeWirePlus 2008-03-10 20:41 --------- d-----w C:\Documents and Settings\Beheerder\Application Data\DivX 2008-02-26 14:23 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-02-23 15:03 --------- d-----w C:\Documents and Settings\Beheerder\Application Data\PC Suite 2008-02-21 11:37 --------- d-----w C:\Documents and Settings\Beheerder\Application Data\Nokia 2008-02-20 11:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite 2008-02-20 11:37 --------- d-----w C:\Program Files\Nokia 2008-02-20 11:37 --------- d-----w C:\Program Files\DIFX 2008-02-20 11:37 --------- d-----w C:\Program Files\Common Files\PCSuite 2008-02-20 11:37 --------- d-----w C:\Program Files\Common Files\Nokia 2008-02-20 11:36 --------- d-----w C:\Program Files\PC Connectivity Solution 2008-02-20 11:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations 2008-02-13 19:46 --------- d-----w C:\Documents and Settings\Beheerder\Application Data\LG Electronics 2008-02-13 17:46 --------- d-----w C:\Program Files\DivX 2008-02-13 17:44 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-13 17:44 --------- d-----w C:\Program Files\LG Electronics 2008-02-13 17:43 --------- d-----w C:\Program Files\LG PC Suite 2 2008-02-13 17:41 --------- d-----w C:\Documents and Settings\Beheerder\Application Data\InstallShield 2008-02-13 17:39 --------- d-----w C:\Program Files\Packard Bell GPS 2008-01-29 18:41 --------- d-----w C:\Documents and Settings\Beheerder\Application Data\Qtrax1 2008-01-29 18:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\SongbirdVLC 2008-01-11 05:52 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll . ((((((((((((((((((((((((((((( snapshot@2008-03-27_19.07.19.59 ))))))))))))))))))))))))))))))))))))))))) . + 2006-07-11 08:41:36 345,656 ----a-w C:\WINDOWS\Downloaded Program Files\ewidoOnlineScan.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}] 2007-11-08 12:11 1502232 --a------ C:\Program Files\LimewirePlus\tbLime.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{47E161A0-F4BA-41DD-A17B-D2EB26AD6A02}"= "C:\Program Files\LimewirePlus\tbLime.dll" [2007-11-08 12:11 1502232] [HKEY_CLASSES_ROOT\clsid\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{47E161A0-F4BA-41DD-A17B-D2EB26AD6A02}"= C:\Program Files\LimewirePlus\tbLime.dll [2007-11-08 12:11 1502232] [HKEY_CLASSES_ROOT\clsid\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [2004-08-06 02:10 442368] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 16:00 15360] "H/PC Connection Agent"="C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [2006-06-27 19:25 1211176] "IBM RecordNow!"="" [] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-08 11:17 110592] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-08 11:17 512000] "TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-04 18:39 897024] "TpShocks"="TpShocks.exe" [2005-04-05 15:14 106496 C:\WINDOWS\system32\TpShocks.exe] "TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-04-04 12:43 94208] "ControlCenter"="C:\Program Files\IBM fingerprint software\ctlcntr.exe" [2005-04-12 16:34 286821] "TP4EX"="tp4ex.exe" [2004-11-12 01:07 40960 C:\WINDOWS\system32\TP4EX.exe] "EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-03-23 02:11 217088] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 07:27 860160] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-10 21:05 344064] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-09-02 01:05 127035] "ibmmessages"="C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe" [2004-08-06 02:10 442368] "IBMPRC"="C:\IBMTOOLS\UTILS\ibmprc.exe" [2005-04-27 09:53 90112] "QCTRAY"="C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE" [2005-03-18 03:07 745472] "QCWLICON"="C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2005-03-18 03:07 86016] "PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-04-14 01:01 139264] "BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-14 01:01 208896] "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-18 08:00 94208] "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50 139320] "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" [2003-10-07 09:48 147514] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-03-26 20:42 352768] "AVG7_EMC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" [2008-03-26 20:42 272896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 16:00 15360] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [ ] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2008-03-26 20:42 151552] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] BTTray.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [2005-05-24 22:41:58 565309] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-12-10 03:14:03 24576] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] C:\Program Files\IBM fingerprint software\psfus.dll 2005-04-12 16:39 110179 C:\Program Files\IBM fingerprint software\psfus.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina] QConGina.dll 2005-03-18 03:07 262144 C:\WINDOWS\system32\QConGina.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] tphklock.dll 2004-08-12 20:11 24576 C:\WINDOWS\system32\tphklock.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"= "C:\\StubInstaller.exe"= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\\Program Files\\LimeWire Plus\\LimeWire.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\DOCUME~1\\BEHEER~1\\LOCALS~1\\Temp\\ebquéé£'£'%''msn'è%'fix''.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2005-01-14 12:20] R0 TPDiskPM;TPDiskPM;C:\WINDOWS\system32\drivers\TPDiskPM.sys [2004-12-02 16:14] R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-03-18 03:07] R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\drivers\IBMBLDID.SYS [2005-03-18 03:07] R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2004-05-14 12:59] R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2005-04-14 01:01] R2 ibmfilter;ibmfilter;C:\WINDOWS\system32\drivers\ibmfilter.sys [2005-04-27 10:27] R2 SmiHlp;SMI helper driver;C:\Program Files\IBM fingerprint software\smihlp.sys [2005-04-12 16:31] R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2005-04-12 16:41] R3 TPInput;TPInput;C:\WINDOWS\system32\DRIVERS\TPInput.sys [2004-12-02 15:54] R3 TPM11;NSC Integrated Trusted Platform Module 1.1;C:\WINDOWS\system32\DRIVERS\nsctpm11.sys [2005-04-21 16:44] S3 QCNDISIF;QCNDISIF;C:\WINDOWS\system32\drivers\qcndisif.SYS [2005-03-18 03:07] S3 USRSp50;USRSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\USRSp50.sys [2004-09-07 14:42] . Inhoud van de 'Gedeelde Taken' map "2008-03-27 18:03:11 C:\WINDOWS\Tasks\PMTask.job" - C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-27 20:07:06 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... ? [632] scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\tphklock.dll . Voltooingstijd: 2008-03-27 20:07:55 ComboFix-quarantined-files.txt 2008-03-27 19:07:45 ComboFix2.txt 2008-03-27 18:07:49 Pre-Run: 36,336,922,624 bytes beschikbaar Post-Run: 36,343,377,920 bytes beschikbaar . 2008-03-20 12:04:18 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:11:02, on 27/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Common Files\Virtual Token\vtserver.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\QCONSVC.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\TPHDEXLG.EXE C:\WINDOWS\system32\TpKmpSVC.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\IBM\Messages By IBM\ibmmessages.exe C:\IBMTOOLS\UTILS\ibmprc.exe C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\MI3AA1~1\wcescomm.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\Explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1034 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLime.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\BEHEER~1\LOCALS~1\Temp\ebquéé£'£'%''msn'è%'fix''.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLime.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLime.dll O3 - Toolbar: AdSubtract Toolbar - {F14AABDD-0232-4e5a-9B52-4178AC0A62B5} - C:\WINDOWS\system32\adsubtb.dll O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\IBM fingerprint software\ctlcntr.exe" /startup O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe O4 - HKLM\..\Run: [iBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [bLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: AdSubtract.lnk = C:\Program Files\interMute\AdSubtract\AdSub.exe O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: AdSubtract: Bypass Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/360 O8 - Extra context menu item: AdSubtract: Cloak Image - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/361 O8 - Extra context menu item: AdSubtract: Report Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/359 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ThinkPad-software bijwerken - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe O11 - Options group: [JAVA_IBM] Java (IBM) O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing) O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe -- End of file - 12480 bytes

Ook zo dom geweest voor het te openen, sindsdien krijgen al mijn contactpersonen hetzelfde bericht van jou foto. Virusscanner mcafee vind niets. maar problemen blijven komen . Kan iemand mij aub helpen. ben geen expert in computers. alvast bedankt Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:29:34, on 27/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Common Files\Virtual Token\vtserver.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\QCONSVC.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe C:\WINDOWS\System32\TPHDEXLG.EXE C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\IBM\Messages By IBM\ibmmessages.exe C:\IBMTOOLS\UTILS\ibmprc.exe C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\MI3AA1~1\wcescomm.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\interMute\AdSubtract\AdSub.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1034 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLime.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\BEHEER~1\LOCALS~1\Temp\ebquéé£'£'%''msn'è%'fix''.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLime.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLime.dll O3 - Toolbar: AdSubtract Toolbar - {F14AABDD-0232-4e5a-9B52-4178AC0A62B5} - C:\WINDOWS\system32\adsubtb.dll O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\IBM fingerprint software\ctlcntr.exe" /startup O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe O4 - HKLM\..\Run: [iBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [bLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\BEHEER~1\LOCALS~1\Temp\ebquéé£'£'%''msn'è%'fix''.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: AdSubtract.lnk = C:\Program Files\interMute\AdSubtract\AdSub.exe O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: AdSubtract: Bypass Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/360 O8 - Extra context menu item: AdSubtract: Cloak Image - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/361 O8 - Extra context menu item: AdSubtract: Report Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/359 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ThinkPad-software bijwerken - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O11 - Options group: [JAVA_IBM] Java (IBM) O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing) O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe -- End of file - 13455 bytes hijackthis1.log