ellentosserams

Hi, "Dr Watson debugger" melding verschijnt nog steeds als ik bestanden wil kopiëren.. Weten jullie of en hoe ik dit kan verhelpen? Bedankt alvast voor je moeite

Geen resultaat helaas.. Is er misschien nog een mogelijkheid/optie?

Hi, Zou iemand mij kunnen helpen met het volgende probleem; Als ik documenten kopieer en plak krijg ik een foutmelding van Windows explorer: Windows Explorer has encountered a problem and needs to close. We are sorry for the inconvenience. Of een melding waarin DrWatson debugger in vermeld wordt. Ook in deze melding wordt aangegeven dat de pc opnieuw opgestart dient te worden. Dit is het HJT log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:06:30, on 25.05.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\ibmpmsvc.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\svchost.exe C:\windows\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Intel\AMT\LMS.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe C:\windows\system32\Prot_srv.exe C:\Program Files\RemotelyAnywhere\RaMaint.exe C:\Program Files\RemotelyAnywhere\RemotelyAnywhere.exe C:\windows\system32\svchost.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe C:\windows\System32\TPHDEXLG.exe C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE C:\windows\system32\CCM\CcmExec.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\TEMP\KR1D1E.EXE C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe C:\Program Files\Citrix\ICA Client\ssonsvr.exe C:\windows\Explorer.EXE C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe C:\windows\system32\TpShocks.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe C:\windows\system32\rundll32.exe C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\FreePDF_XP\fpassist.exe C:\Program Files\RemotelyAnywhere\RAGui.exe C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://portal.europe.odcorp.net R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.europe.odcorp.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = euclprisa01:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;100.*;172.*;*.odcorp.net;*.odeurope.com; *.officedepot.com;*.officedepot.co.uk;*.officedepot.nl; *.viking.com;*.viking.de;*.vikingdirect.com;*.vikingdirect.nl; *.vikingdirect.fr;*.vikingdirect.es;*.vikingdirect.be;*.viking-direct.co.uk;*.vikingop.com;*.vikingop.it; *.uschecomrnd.*;*.uschecom.net;*.nad.odcorpd.net; *na.odcorpd.net;<local> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [bLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [RemotelyAnywhere GUI] "C:\Program Files\RemotelyAnywhere\RAGui.exe" O4 - HKLM\..\Run: [Pointsec Tray] C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://eunlveav01/officescan/console/ClientInstall/WinNTChk.cab O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://eunlveav01/officescan/console/ClientInstall/setup.cab O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://eunlveav01/officescan/console/html/AtxEnc.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222200629437 O16 - DPF: {B49BC7A2-057F-4046-B03A-0586FE18834F} (InstallShield Setup Player 2K2) - file://nlvecs05/deciweb/ClientConfig/setup.exe O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://nlvepc-t500:2000/activex/RACtrl.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = europe.odcorp.net O17 - HKLM\Software\..\Telephony: DomainName = europe.odcorp.net O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = europe.odcorp.net O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = europe.odcorp.net,odeurope.com,odcorp.net,officedepot.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = europe.odcorp.net,odeurope.com,odcorp.net,officedepot.com O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE O23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINDOWS\system32\FpLogonServ.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\windows\system32\ibmpmsvc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: Pointsec - Unknown owner - C:\windows\system32\Prot_srv.exe O23 - Service: Pointsec Service Start (Pointsec_start) - Unknown owner - C:\windows\system32\pstartSr.exe O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE O23 - Service: RemotelyAnywhere Maintenance Service (RAMaint) - 3am Labs, Inc. - C:\Program Files\RemotelyAnywhere\RaMaint.exe O23 - Service: RemotelyAnywhere - 3am Labs, Inc. - C:\Program Files\RemotelyAnywhere\RemotelyAnywhere.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: OfficeScanNT Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\windows\System32\TPHDEXLG.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- End of file - 15408 bytes Zouden jullie mij hiermee willen helpen aub? Alvast bedankt! Groeten Ellen

Ik heb nu geen trojan melidingen meer. Geweldig! Bedankt voor je moeite.. ik ben ontzettend gelukkig met je hulp. Goed werk, 1000 maal dank! Groeten Ellen

Gevonden:) ComboFix 10-05-11.06 - Jeroen-Coopmans 12.05.2010 20:07:16.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.968.456 [GMT 2:00] Running from: c:\documents and settings\jeroen-coopmans\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\jeroen-coopmans\Desktop\CFScript.txt AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {F5C8ADDB-A305-4E3B-BBE5-F1AFC8C9506B} FW: Trend Micro OfficeScan Enterprise Client Firewall *disabled* {2B979CA0-F1F8-4D1F-AE1C-0D749B3017D4} FW: Trend Micro OfficeScan Enterprise Client Firewall *disabled* {F5C8ADDB-A305-4E3B-BBE5-F1AFC8C9506B} FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6} * Created a new restore point FILE :: "c:\temp\catchme.dll" "c:\temp\Perflib_Perfdata_d34.dat" "c:\temp\TR60B.EXE" "c:\windows\system32\drivers\ramirr.sys" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\temp\BTN%Copy%1 c:\temp\log c:\temp\msohtml c:\temp\msohtml1 c:\temp\OIS c:\temp\Perflib_Perfdata_d34.dat c:\temp\VBE c:\temp\WPDNSE c:\windows\ms c:\windows\system32\drivers\ramirr.sys ----- BITS: Possible infected sites ----- hxxp://nlvesm01.europe.odcorp.net:80 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_ramirr ((((((((((((((((((((((((( Files Created from 2010-04-12 to 2010-05-12 ))))))))))))))))))))))))))))))) . 2010-05-12 18:18 . 2010-05-12 18:18 -------- d-----w- c:\temp\WPDNSE 2010-05-12 18:18 . 2010-05-12 18:18 53248 ----a-w- c:\temp\catchme.dll 2010-05-12 18:18 . 2010-05-12 18:18 16384 ----atw- c:\temp\Perflib_Perfdata_8a0.dat 2010-05-12 18:16 . 2009-01-16 08:32 296224 ----a-w- c:\temp\SJ75BC.EXE 2010-05-12 18:12 . 2010-05-12 18:12 16384 ----atw- c:\temp\Perflib_Perfdata_dec.dat 2010-05-08 14:04 . 2010-05-08 14:04 -------- d-----w- c:\documents and settings\jeroen-coopmans\Application Data\Malwarebytes 2010-05-08 14:04 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-08 14:04 . 2010-05-08 14:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-08 14:04 . 2010-05-08 14:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-05-08 14:04 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-08 11:16 . 2010-05-12 18:19 -------- d-----w- c:\temp\Acrobat Distiller 7 2010-05-08 10:31 . 2010-05-09 18:37 -------- d-----w- c:\temp\Google Toolbar 2010-05-08 09:37 . 2010-05-08 09:37 388096 ----a-r- c:\documents and settings\jeroen-coopmans\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-05-08 09:18 . 2010-05-08 09:18 -------- d-----w- c:\documents and settings\jeroen-coopmans\Application Data\Yahoo! 2010-05-08 09:18 . 2010-05-08 10:14 -------- d-----w- c:\program files\Yahoo! 2010-05-08 09:14 . 2010-05-08 09:14 1699840 ----a-w- c:\documents and settings\jeroen-coopmans\Application Data\Data Protection\datprot.exe 2010-05-08 09:14 . 2010-05-08 09:14 61440 ----a-w- c:\documents and settings\jeroen-coopmans\Application Data\Data Protection\Uninstall.exe 2010-05-08 09:14 . 2010-05-08 09:14 41984 ----a-w- c:\documents and settings\jeroen-coopmans\Application Data\Data Protection\datext.dll 2010-05-08 09:14 . 2010-05-08 09:14 22528 ----a-w- c:\documents and settings\jeroen-coopmans\Application Data\Data Protection\dathook.dll 2010-05-08 09:14 . 2010-05-08 09:14 -------- d-----w- c:\documents and settings\jeroen-coopmans\Application Data\Data Protection 2010-05-02 10:34 . 2010-05-11 17:29 -------- d-----w- c:\documents and settings\jeroen-coopmans\Application Data\skypePM 2010-05-02 10:34 . 2010-05-02 10:34 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2010-05-02 10:33 . 2010-05-02 10:35 -------- d-----w- c:\documents and settings\jeroen-coopmans\Local Settings\Application Data\Temp 2010-05-02 10:33 . 2010-05-02 10:33 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google 2010-05-02 10:33 . 2010-05-02 10:55 -------- d-----w- c:\documents and settings\jeroen-coopmans\Local Settings\Application Data\Google 2010-05-02 10:33 . 2010-05-11 18:48 -------- d-----w- c:\documents and settings\jeroen-coopmans\Application Data\Skype 2010-05-02 10:32 . 2010-05-02 10:33 -------- d-----w- c:\program files\Google 2010-05-02 10:32 . 2010-05-02 10:32 -------- d-----w- c:\program files\Common Files\Skype 2010-05-02 10:32 . 2010-05-02 10:32 -------- d-----r- c:\program files\Skype 2010-05-02 10:32 . 2010-05-02 10:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2010-04-29 09:51 . 2010-03-05 18:45 456704 -c----w- c:\windows\system32\dllcache\smtpsvc.dll 2010-04-27 18:29 . 2001-08-17 20:36 5632 ----a-w- c:\windows\system32\ptpusb.dll 2010-04-27 18:29 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2010-04-27 18:29 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2010-04-27 18:29 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll 2010-04-16 06:55 . 2010-01-13 14:01 86016 -c----w- c:\windows\system32\dllcache\cabview.dll 2010-04-16 06:55 . 2009-12-24 06:59 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll 2010-04-16 06:55 . 2010-02-12 04:33 100864 -c----w- c:\windows\system32\dllcache\6to4svc.dll 2010-04-15 20:26 . 2010-04-15 20:36 -------- d-----w- c:\documents and settings\jeroen-coopmans\Application Data\Apple Computer 2010-04-15 20:26 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2010-04-15 20:26 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2010-04-15 20:25 . 2010-04-15 20:25 -------- d-----w- c:\program files\iPod 2010-04-15 20:25 . 2010-04-15 20:26 -------- d-----w- c:\program files\iTunes 2010-04-15 20:25 . 2010-04-15 20:26 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-04-15 20:24 . 2010-04-15 20:24 -------- d-----w- c:\documents and settings\jeroen-coopmans\Local Settings\Application Data\Apple 2010-04-15 20:24 . 2010-04-15 20:24 -------- d-----w- c:\program files\Apple Software Update 2010-04-15 20:24 . 2010-04-15 20:24 -------- d-----w- c:\program files\Bonjour 2010-04-15 20:23 . 2010-04-15 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2010-04-15 20:23 . 2010-04-15 20:24 -------- d-----w- c:\program files\Common Files\Apple 2010-04-15 19:27 . 2010-04-15 19:27 -------- d-----w- c:\program files\Belastingdienst . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-12 06:52 . 2008-09-30 10:18 -------- d-----w- c:\program files\RemotelyAnywhere 2010-05-08 10:09 . 2010-03-21 11:30 -------- d-----w- c:\documents and settings\jeroen-coopmans\Application Data\uTorrent 2010-05-08 09:37 . 2009-01-14 11:48 -------- d-----w- c:\program files\Trend Micro 2010-05-08 09:18 . 2008-09-23 13:01 -------- d-----w- c:\program files\CCleaner 2010-05-01 07:14 . 2010-03-21 11:30 -------- d-----w- c:\program files\uTorrent 2010-04-15 20:25 . 2008-09-24 08:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2010-04-15 20:25 . 2008-09-24 08:16 -------- d-----w- c:\program files\QuickTime Alternative 2010-04-15 19:28 . 2009-05-12 18:09 -------- d-----w- c:\documents and settings\jeroen-coopmans\Application Data\Belastingdienst 2010-03-25 23:48 . 2010-03-25 23:48 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe 2010-03-10 06:15 . 2006-02-28 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-02-25 06:24 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2006-02-28 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-16 14:08 . 2006-02-28 12:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 13:25 . 2004-08-03 22:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 09:46 . 2010-02-12 09:46 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-02-12 09:46 . 2010-02-12 09:46 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-02-12 04:33 . 2006-02-28 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll . ------- Sigcheck ------- [-] 2008-09-26 12:27 . CAB5F4D65D49C24FAA4EF0351B3755A3 . 23552 . . [1.0.0.4] . . c:\windows\system32\ctfmon.exe [-] 2008-09-26 12:27 . CAB5F4D65D49C24FAA4EF0351B3755A3 . 23552 . . [1.0.0.4] . . c:\windows\system32\dllcache\ctfmon.exe [7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe [7] 2006-02-28 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-02 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TpShocks"="TpShocks.exe" [2008-06-06 181536] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-05 242976] "TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-31 60192] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-07-28 331776] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-07-28 208896] "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-03-24 68464] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424] "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-11 143360] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-11 172032] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-11 143360] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808] "FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2007-06-26 312320] "RemotelyAnywhere GUI"="c:\program files\RemotelyAnywhere\RAGui.exe" [2005-04-18 267016] "Pointsec Tray"="c:\program files\Pointsec\Pointsec for PC\P95Tray.exe" [2007-10-04 659832] "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328] "OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2009-01-16 718120] "QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2010-03-17 421888] "Malwarebytes Anti-Malware (rootkit-scan)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-BA7E-100000000002}\SC_Acrobat.exe [2008-11-24 25214] VPN Client.lnk - c:\windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2008-9-24 6144] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RAinit] 2005-04-18 11:24 10496 ----a-w- c:\windows\system32\RAinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] 2006-09-06 14:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2008-03-17 14:02 34080 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-03-25 23:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] 2010-04-30 19:55 321328 ----a-w- c:\program files\uTorrent\uTorrent.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "12345:TCP"= 12345:TCP:Trend Micro OfficeScan Listener R0 prot_2k;prot_2k;c:\windows\system32\drivers\prot_2k.sys [04.10.2007 14:33 210040] R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [14.05.2008 16:21 19496] R2 Pointsec;Pointsec;c:\windows\system32\Prot_srv.exe [04.10.2007 14:33 364920] R2 Pointsec_start;Pointsec Service Start;c:\windows\system32\pstartSr.exe [04.10.2007 14:33 143736] R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [23.09.2008 19:17 94208] R2 RAInfo;RemotelyAnywhere Kernel Information Provider;c:\program files\RemotelyAnywhere\rainfo.sys [18.04.2005 13:24 11136] R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\tmxpflt.sys [14.01.2009 13:48 230928] R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [14.01.2009 13:48 36368] R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [23.09.2008 19:02 2058776] R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [23.09.2008 19:26 475136] R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [13.06.2008 16:42 243856] R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [14.01.2009 13:48 338448] R3 TmPfw;OfficeScanNT Personal Firewall;c:\program files\Trend Micro\OfficeScan Client\TmPfw.exe [18.01.2009 13:22 488768] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [02.05.2010 12:33 135664] S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [10.05.2008 07:24 102400] S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [18.01.2009 13:22 652552] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [28.02.2006 14:00 14336] S4 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [10.05.2008 07:11 1160440] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WINRM REG_MULTI_SZ WINRM . Contents of the 'Scheduled Tasks' folder 2010-04-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50] 2010-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cae9e32c0108d6.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-02 10:33] 2010-05-12 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-09-23 23:43] . . ------- Supplementary Scan ------- . uStart Page = hxxp://portal.europe.odcorp.net/ uInternet Settings,ProxyOverride = 10.*;100.*;172.*;*.odcorp.net;*.odeurope.com;*.officedepot.com;*.officedepot.co.uk;*.officedepot.nl;*.viking.com;*.viking.de;*.vikingdirect.com;*.vikingdirect.nl;*.vikingdirect.fr;*.vikingdirect.es;*.vikingdirect.be;*.viking-direct.co.uk;*.vikingop.com;*.vikingop.it;*.uschecomrnd.*;*.uschecom.net;*.nad.odcorpd.net;*na.odcorpd.net;<local> uInternet Settings,ProxyServer = euclprisa01:80 IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {B49BC7A2-057F-4046-B03A-0586FE18834F} - file://nlvecs05/deciweb/ClientConfig/setup.exe . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-05-12 20:18 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1776) c:\windows\system32\pssogina.dll c:\windows\system32\csgina.dll c:\windows\system32\stlport_vc6.dll c:\windows\system32\RAinit.dll c:\program files\Lenovo\HOTKEY\tphklock.dll - - - - - - - > 'lsass.exe'(1832) c:\program files\Citrix\ICA Client\pnsson.dll c:\windows\system32\PssoCM32.dll - - - - - - - > 'explorer.exe'(800) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\progra~1\WINDOW~2\wmpband.dll c:\program files\iTunes\iTunesMiniPlayer.dll c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ibmpmsvc.exe c:\windows\system32\acs.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Cisco Systems\VPN Client\cvpnd.exe c:\program files\Intel\AMT\LMS.exe c:\program files\Trend Micro\OfficeScan Client\ntrtscan.exe c:\program files\RemotelyAnywhere\RaMaint.exe c:\program files\RemotelyAnywhere\RemotelyAnywhere.exe c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe c:\program files\Trend Micro\OfficeScan Client\tmlisten.exe c:\windows\System32\TPHDEXLG.exe c:\windows\system32\TpKmpSVC.exe c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe c:\windows\system32\CCM\CcmExec.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\windows\system32\msiexec.exe c:\temp\SJ75BC.EXE c:\program files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe c:\program files\Citrix\ICA Client\ssonsvr.exe c:\windows\system32\TpShocks.exe c:\program files\Synaptics\SynTP\SynTPLpr.exe c:\windows\system32\rundll32.exe c:\program files\Lenovo\HOTKEY\TPONSCR.exe c:\program files\Lenovo\Zoom\TpScrex.exe c:\windows\system32\igfxsrvc.exe c:\program files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe c:\program files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe . ************************************************************************** . Completion time: 2010-05-12 20:22:32 - machine was rebooted ComboFix-quarantined-files.txt 2010-05-12 18:22 ComboFix2.txt 2010-05-11 17:07 Pre-Run: 30.259.150.848 bytes free Post-Run: 30.249.070.592 bytes free - - End Of File - - 4FD0BB5948AED26DA3BBBBE86D8A4FDC

Bovenstaande acties heb ik uitgevoerd. Ik weet niet zeker of je dit txt bericht bedoelt..: Combofix-quarantined-files.txt? Dit staat hieronder. Indien je een ander txt bestand bedoelt zou je dan aan willen geven waar ik dit kan vinden? Bedankt alvast voor al je moeite! 2010-05-12 18:11:05 . 2010-05-12 18:11:05 4,236 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ramirr.reg.dat 2010-05-12 18:07:14 . 2010-05-12 18:07:14 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt 2010-05-11 17:06:46 . 2010-05-11 17:06:46 932 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Aangifte inkomstenbelasting 2009.reg.dat 2010-05-11 17:06:46 . 2010-05-11 17:06:46 932 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Aangifte inkomstenbelasting 2008.reg.dat 2010-05-11 17:06:33 . 2010-05-11 17:06:34 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440}.reg.dat 2010-05-11 16:52:22 . 2010-05-12 07:32:12 4,232 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat.vir 2010-05-11 16:52:22 . 2010-05-12 07:32:08 5,353 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat.vir 2010-05-11 16:48:56 . 2010-05-11 16:48:56 1,614 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ufkvd.reg.dat 2010-05-11 16:48:56 . 2010-05-11 16:48:56 1,822 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_jwkj.reg.dat 2010-05-11 16:48:56 . 2010-05-11 16:48:56 1,756 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_fbafqisj.reg.dat 2010-05-11 16:48:56 . 2010-05-11 16:48:56 1,184 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_ufkvd.reg.dat 2010-05-11 16:48:56 . 2010-05-11 16:48:56 1,172 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_jwkj.reg.dat 2010-05-11 16:48:56 . 2010-05-11 16:48:56 1,220 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_fbafqisj.reg.dat 2010-05-11 16:46:24 . 2010-05-12 18:11:00 14,121 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2010-05-10 07:39:37 . 2010-05-12 18:05:56 255 ----a-w- C:\Qoobox\Quarantine\catchme.log 2010-05-08 14:39:29 . 2010-05-08 14:39:29 54,016 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\aqxtld.sys.vir 2010-05-08 14:26:12 . 2010-05-08 14:26:12 54,016 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\grmbkjwm.sys.vir 2010-05-08 14:17:35 . 2010-05-08 14:17:35 54,016 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\qshfj.sys.vir 2010-05-08 09:16:04 . 2010-05-08 14:12:26 31 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\jeroen-coopmans\Desktop\spam001.exe.vir 2010-05-08 09:16:04 . 2010-05-08 14:12:26 31 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\jeroen-coopmans\Desktop\spam003.exe.vir 2010-05-08 09:16:04 . 2010-05-08 14:12:26 31 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\jeroen-coopmans\Desktop\troj000.exe.vir 2009-01-22 11:45:52 . 2009-01-10 11:50:58 280,611 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\TEMP\WormStomper.EXE.vir 2008-09-24 12:12:08 . 2004-02-13 04:12:44 722,192 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\vb40032.dll.vir 2008-09-24 09:46:28 . 2008-09-24 09:46:29 282,756 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\setup.dll.vir 2005-04-18 11:24:20 . 2005-04-18 11:24:20 7,424 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ramirr.sys.vir

Bedankt! dit is het Combofix log: ComboFix 10-05-10.05 - Jeroen-Coopmans 11.05.2010 18:43:58.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.968.460 [GMT 2:00] Running from: c:\documents and settings\jeroen-coopmans\Desktop\ComboFix.exe AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {F5C8ADDB-A305-4E3B-BBE5-F1AFC8C9506B} FW: Trend Micro OfficeScan Enterprise Client Firewall *disabled* {2B979CA0-F1F8-4D1F-AE1C-0D749B3017D4} FW: Trend Micro OfficeScan Enterprise Client Firewall *disabled* {F5C8ADDB-A305-4E3B-BBE5-F1AFC8C9506B} FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\jeroen-coopmans\Desktop\spam001.exe c:\documents and settings\jeroen-coopmans\Desktop\spam003.exe c:\documents and settings\jeroen-coopmans\Desktop\troj000.exe c:\windows\Downloaded Program Files\setup.dll c:\windows\system32\drivers\aqxtld.sys c:\windows\system32\drivers\grmbkjwm.sys c:\windows\system32\drivers\qshfj.sys c:\windows\system32\Temp c:\windows\system32\Temp\WormStomper.EXE c:\windows\system32\vb40032.dll ----- BITS: Possible infected sites ----- hxxp://nlvesm01.europe.odcorp.net:80 hxxp://NLVESM01.europe.odcorp.net:80 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_fbafqisj -------\Legacy_jwkj -------\Legacy_ufkvd -------\Service_fbafqisj -------\Service_jwkj -------\Service_ufkvd ((((((((((((((((((((((((( Files Created from 2010-04-11 to 2010-05-11 ))))))))))))))))))))))))))))))) . 2010-05-11 17:03 . 2010-05-11 17:03 -------- d-----w- c:\temp\WPDNSE 2010-05-11 17:03 . 2010-05-11 17:03 53248 ----a-w- c:\temp\catchme.dll 2010-05-11 16:52 . 2009-01-16 08:32 296224 ----a-w- c:\temp\TR60B.EXE 2010-05-11 16:49 . 2010-05-11 16:49 16384 ----atw- c:\temp\Perflib_Perfdata_d34.dat 2010-05-11 16:25 . 2010-05-11 16:25 -------- d-----w- c:\temp\log 2010-05-11 12:00 . 2010-05-11 12:00 -------- d-----w- c:\windows\ms 2010-05-10 09:21 . 2010-05-11 13:25 -------- d-----w- c:\temp\msohtml1 2010-05-10 09:21 . 2010-05-10 09:21 -------- d-----w- c:\temp\msohtml 2010-05-10 07:52 . 2010-05-10 07:52 -------- d-----w- c:\temp\OIS 2010-05-09 09:53 . 2010-05-09 09:53 -------- d-----w- c:\temp\BTN%Copy%1 2010-05-08 14:27 . 2010-05-08 14:27 -------- d-----w- c:\temp\VBE 2010-05-08 14:04 . 2010-05-08 14:04 -------- d-----w- c:\documents and settings\jeroen-coopmans\Application Data\Malwarebytes 2010-05-08 14:04 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-08 14:04 . 2010-05-08 14:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-08 14:04 . 2010-05-08 14:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-05-08 14:04 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-08 11:16 . 2010-05-11 17:04 -------- d-----w- c:\temp\Acrobat Distiller 7 2010-05-08 10:31 . 2010-05-09 18:37 -------- d-----w- c:\temp\Google Toolbar 2010-05-08 09:37 . 2010-05-08 09:37 388096 ----a-r- c:\documents and settings\jeroen-coopmans\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-05-08 09:18 . 2010-05-08 09:18 -------- d-----w- c:\documents and settings\jeroen-coopmans\Application Data\Yahoo! 2010-05-08 09:18 . 2010-05-08 10:14 -------- d-----w- c:\program files\Yahoo! 2010-05-08 09:14 . 2010-05-08 09:14 1699840 ----a-w- c:\documents and settings\jeroen-coopmans\Application Data\Data Protection\datprot.exe 2010-05-08 09:14 . 2010-05-08 09:14 61440 ----a-w- c:\documents and settings\jeroen-coopmans\Application Data\Data Protection\Uninstall.exe 2010-05-08 09:14 . 2010-05-08 09:14 41984 ----a-w- c:\documents and settings\jeroen-coopmans\Application Data\Data Protection\datext.dll 2010-05-08 09:14 . 2010-05-08 09:14 22528 ----a-w- c:\documents and settings\jeroen-coopmans\Application Data\Data Protection\dathook.dll 2010-05-08 09:14 . 2010-05-08 09:14 -------- d-----w- c:\documents and settings\jeroen-coopmans\Application Data\Data Protection 2010-05-02 10:34 . 2010-05-02 10:34 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2010-05-02 10:34 . 2010-05-02 10:34 -------- d-----w- c:\documents and settings\jeroen-coopmans\Application Data\skypePM 2010-05-02 10:33 . 2010-05-02 10:35 -------- d-----w- c:\documents and settings\jeroen-coopmans\Local Settings\Application Data\Temp 2010-05-02 10:33 . 2010-05-02 10:33 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google 2010-05-02 10:33 . 2010-05-02 10:55 -------- d-----w- c:\documents and settings\jeroen-coopmans\Local Settings\Application Data\Google 2010-05-02 10:33 . 2010-05-02 19:58 -------- d-----w- c:\documents and settings\jeroen-coopmans\Application Data\Skype 2010-05-02 10:32 . 2010-05-02 10:33 -------- d-----w- c:\program files\Google 2010-05-02 10:32 . 2010-05-02 10:32 -------- d-----w- c:\program files\Common Files\Skype 2010-05-02 10:32 . 2010-05-02 10:32 -------- d-----r- c:\program files\Skype 2010-05-02 10:32 . 2010-05-02 10:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2010-04-29 09:51 . 2010-03-05 18:45 456704 -c----w- c:\windows\system32\dllcache\smtpsvc.dll 2010-04-27 18:29 . 2001-08-17 20:36 5632 ----a-w- c:\windows\system32\ptpusb.dll 2010-04-27 18:29 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2010-04-27 18:29 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2010-04-27 18:29 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll 2010-04-16 06:55 . 2010-01-13 14:01 86016 -c----w- c:\windows\system32\dllcache\cabview.dll 2010-04-16 06:55 . 2009-12-24 06:59 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll 2010-04-16 06:55 . 2010-02-12 04:33 100864 -c----w- c:\windows\system32\dllcache\6to4svc.dll 2010-04-15 20:26 . 2010-04-15 20:36 -------- d-----w- c:\documents and settings\jeroen-coopmans\Application Data\Apple Computer 2010-04-15 20:26 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2010-04-15 20:26 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2010-04-15 20:25 . 2010-04-15 20:25 -------- d-----w- c:\program files\iPod 2010-04-15 20:25 . 2010-04-15 20:26 -------- d-----w- c:\program files\iTunes 2010-04-15 20:25 . 2010-04-15 20:26 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-04-15 20:24 . 2010-04-15 20:24 -------- d-----w- c:\documents and settings\jeroen-coopmans\Local Settings\Application Data\Apple 2010-04-15 20:24 . 2010-04-15 20:24 -------- d-----w- c:\program files\Apple Software Update 2010-04-15 20:24 . 2010-04-15 20:24 -------- d-----w- c:\program files\Bonjour 2010-04-15 20:23 . 2010-04-15 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2010-04-15 20:23 . 2010-04-15 20:24 -------- d-----w- c:\program files\Common Files\Apple 2010-04-15 19:27 . 2010-04-15 19:27 -------- d-----w- c:\program files\Belastingdienst . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-11 06:20 . 2008-09-30 10:18 -------- d-----w- c:\program files\RemotelyAnywhere 2010-05-08 10:09 . 2010-03-21 11:30 -------- d-----w- c:\documents and settings\jeroen-coopmans\Application Data\uTorrent 2010-05-08 09:37 . 2009-01-14 11:48 -------- d-----w- c:\program files\Trend Micro 2010-05-08 09:18 . 2008-09-23 13:01 -------- d-----w- c:\program files\CCleaner 2010-05-01 07:14 . 2010-03-21 11:30 -------- d-----w- c:\program files\uTorrent 2010-04-15 20:25 . 2008-09-24 08:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2010-04-15 20:25 . 2008-09-24 08:16 -------- d-----w- c:\program files\QuickTime Alternative 2010-04-15 19:28 . 2009-05-12 18:09 -------- d-----w- c:\documents and settings\jeroen-coopmans\Application Data\Belastingdienst 2010-03-25 23:48 . 2010-03-25 23:48 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe 2010-03-10 06:15 . 2006-02-28 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-02-25 06:24 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2006-02-28 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-16 14:08 . 2006-02-28 12:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 13:25 . 2004-08-03 22:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 09:46 . 2010-02-12 09:46 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-02-12 09:46 . 2010-02-12 09:46 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-02-12 04:33 . 2006-02-28 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2006-02-28 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys . ------- Sigcheck ------- [-] 2008-09-26 12:27 . CAB5F4D65D49C24FAA4EF0351B3755A3 . 23552 . . [1.0.0.4] . . c:\windows\system32\ctfmon.exe [-] 2008-09-26 12:27 . CAB5F4D65D49C24FAA4EF0351B3755A3 . 23552 . . [1.0.0.4] . . c:\windows\system32\dllcache\ctfmon.exe [7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe [7] 2006-02-28 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-02 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TpShocks"="TpShocks.exe" [2008-06-06 181536] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-05 242976] "TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-31 60192] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-07-28 331776] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-07-28 208896] "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-03-24 68464] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424] "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-11 143360] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-11 172032] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-11 143360] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808] "FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2007-06-26 312320] "RemotelyAnywhere GUI"="c:\program files\RemotelyAnywhere\RAGui.exe" [2005-04-18 267016] "Pointsec Tray"="c:\program files\Pointsec\Pointsec for PC\P95Tray.exe" [2007-10-04 659832] "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328] "OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2009-01-16 718120] "QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2010-03-17 421888] "Malwarebytes Anti-Malware (rootkit-scan)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-BA7E-100000000002}\SC_Acrobat.exe [2008-11-24 25214] VPN Client.lnk - c:\windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2008-9-24 6144] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RAinit] 2005-04-18 11:24 10496 ----a-w- c:\windows\system32\RAinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] 2006-09-06 14:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2008-03-17 14:02 34080 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-03-25 23:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] 2010-04-30 19:55 321328 ----a-w- c:\program files\uTorrent\uTorrent.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "12345:TCP"= 12345:TCP:Trend Micro OfficeScan Listener R0 prot_2k;prot_2k;c:\windows\system32\drivers\prot_2k.sys [04.10.2007 14:33 210040] R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [14.05.2008 16:21 19496] R2 Pointsec;Pointsec;c:\windows\system32\Prot_srv.exe [04.10.2007 14:33 364920] R2 Pointsec_start;Pointsec Service Start;c:\windows\system32\pstartSr.exe [04.10.2007 14:33 143736] R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [23.09.2008 19:17 94208] R2 RAInfo;RemotelyAnywhere Kernel Information Provider;c:\program files\RemotelyAnywhere\rainfo.sys [18.04.2005 13:24 11136] R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\tmxpflt.sys [14.01.2009 13:48 230928] R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [14.01.2009 13:48 36368] R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [23.09.2008 19:02 2058776] R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [23.09.2008 19:26 475136] R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [13.06.2008 16:42 243856] R3 ramirr;ramirr;c:\windows\system32\drivers\ramirr.sys [18.04.2005 13:24 7424] R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [14.01.2009 13:48 338448] R3 TmPfw;OfficeScanNT Personal Firewall;c:\program files\Trend Micro\OfficeScan Client\TmPfw.exe [18.01.2009 13:22 488768] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [02.05.2010 12:33 135664] S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [10.05.2008 07:24 102400] S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [18.01.2009 13:22 652552] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [28.02.2006 14:00 14336] S4 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [10.05.2008 07:11 1160440] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WINRM REG_MULTI_SZ WINRM . Contents of the 'Scheduled Tasks' folder 2010-04-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50] 2010-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cae9e32c0108d6.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-02 10:33] 2010-05-11 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-09-23 23:43] . . ------- Supplementary Scan ------- . uStart Page = hxxp://portal.europe.odcorp.net/ uInternet Settings,ProxyOverride = 10.*;100.*;172.*;*.odcorp.net;*.odeurope.com;*.officedepot.com; *.officedepot.co.uk;*.officedepot.nl;*.viking.com;*.viking.de; *.vikingdirect.com;*.vikingdirect.nl;*.vikingdirect.fr; *.vikingdirect.es;*.vikingdirect.be;*.viking-direct.co.uk;*.vikingop.com;*.vikingop.it;*.uschecomrnd.*; *.uschecom.net;*.nad.odcorpd.net;*na.odcorpd.net;<local> uInternet Settings,ProxyServer = euclprisa01:80 IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {B49BC7A2-057F-4046-B03A-0586FE18834F} - file://nlvecs05/deciweb/ClientConfig/setup.exe . - - - - ORPHANS REMOVED - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) AddRemove-Aangifte inkomstenbelasting 2008 - c:\documents and settings\jeroen-coopmans\Desktop\2008\ib2008u.exe AddRemove-Aangifte inkomstenbelasting 2009 - c:\documents and settings\jeroen-coopmans\Desktop\2009\ib2009u.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-05-11 19:03 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1772) c:\windows\system32\pssogina.dll c:\windows\system32\csgina.dll c:\windows\system32\stlport_vc6.dll c:\windows\system32\RAinit.dll c:\program files\Lenovo\HOTKEY\tphklock.dll - - - - - - - > 'lsass.exe'(1828) c:\program files\Citrix\ICA Client\pnsson.dll c:\windows\system32\PssoCM32.dll - - - - - - - > 'explorer.exe'(780) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\progra~1\WINDOW~2\wmpband.dll c:\program files\iTunes\iTunesMiniPlayer.dll c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ibmpmsvc.exe c:\windows\system32\acs.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Cisco Systems\VPN Client\cvpnd.exe c:\program files\Intel\AMT\LMS.exe c:\program files\Trend Micro\OfficeScan Client\ntrtscan.exe c:\program files\RemotelyAnywhere\RaMaint.exe c:\program files\RemotelyAnywhere\RemotelyAnywhere.exe c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe c:\program files\Trend Micro\OfficeScan Client\tmlisten.exe c:\windows\System32\TPHDEXLG.exe c:\windows\system32\TpKmpSVC.exe c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe c:\windows\system32\CCM\CcmExec.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\windows\system32\msiexec.exe c:\temp\TR60B.EXE c:\program files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe c:\program files\Citrix\ICA Client\ssonsvr.exe c:\windows\system32\TpShocks.exe c:\windows\system32\rundll32.exe c:\program files\Synaptics\SynTP\SynTPLpr.exe c:\program files\Lenovo\HOTKEY\TPONSCR.exe c:\program files\Lenovo\Zoom\TpScrex.exe c:\windows\system32\igfxsrvc.exe c:\program files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe c:\program files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe . ************************************************************************** . Completion time: 2010-05-11 19:07:32 - machine was rebooted ComboFix-quarantined-files.txt 2010-05-11 17:07 Pre-Run: 30.418.972.672 bytes free Post-Run: 30.338.990.080 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\windows [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\windows="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - DA8276493B9025820DAEDAE5FF1DAE14

Ja, ik heb meerdere malen herstart maar dit geinfecteerde bestand blijft staan. Is er een andere manier om deze te verwijderen? Alvast bedankt voor je moeite!

Bedank voor je hulp zover, en ik ben ontzettend blij dat er al een hele beg rotzooi van mijn PC af is. Het ene geinfecteerde bestand dat ik er niet af krijg is: Infectie: Windows.Tool.Disabled Categorie: Registry Value Object: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\disableconfig Dit is het log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversie: 4077 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 09.05.2010 15:17:08 mbam-log-2010-05-09 (15-17-08).txt Scantype: Snelle scan Objecten gescand: 154337 Verstreken tijd: 13 minuut/minuten, 15 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 1 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\disableconfig (Windows.Tool.Disabled) -> Delete on reboot. Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd)

Hoe zou ik dit laatste geinfecteerde object kunnen verwijderen?

MBAM heeft inderdaad moeilijkheden met het verwijderen van bepaalde bestanden. Dit is het MBAM log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversie: 4077 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 09.05.2010 12:16:54 mbam-log-2010-05-09 (12-16-54).txt Scantype: Snelle scan Objecten gescand: 154368 Verstreken tijd: 10 minuut/minuten, 23 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 9 Registerwaarden geïnfecteerd: 1 Registerdata geïnfecteerd: 5 Mappen geïnfecteerd: 2 Bestanden geïnfecteerd: 26 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pragmacvnntsitid (Trojan.DNSChanger) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\pragma (Rootkit.TDSS) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\PRAGMA (Rootkit.TDSS) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Data Protection (Rogue.DataProtection) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Data Protection (Rogue.DataProtection) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\disableconfig (Windows.Tool.Disabled) -> Delete on reboot. Registerdata geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Mappen geïnfecteerd: C:\WINDOWS\PRAGMAcvnntsitid (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Documents and Settings\jeroen-coopmans\Start Menu\Programs\Data Protection (Rogue.DataProtection) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\Temp\wscsvc32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\PRAGMAcvnntsitid\pragmabbr.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\WINDOWS\PRAGMAcvnntsitid\PRAGMAc.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\WINDOWS\PRAGMAcvnntsitid\PRAGMAcfg.ini (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\WINDOWS\PRAGMAcvnntsitid\PRAGMAd.sys (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\WINDOWS\PRAGMAcvnntsitid\pragmaserf.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\WINDOWS\PRAGMAcvnntsitid\PRAGMAsrcr.dat (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Documents and Settings\jeroen-coopmans\Start Menu\Programs\Data Protection\About.lnk (Rogue.DataProtection) -> Quarantined and deleted successfully. C:\Documents and Settings\jeroen-coopmans\Start Menu\Programs\Data Protection\Activate.lnk (Rogue.DataProtection) -> Quarantined and deleted successfully. C:\Documents and Settings\jeroen-coopmans\Start Menu\Programs\Data Protection\Buy.lnk (Rogue.DataProtection) -> Quarantined and deleted successfully. C:\Documents and Settings\jeroen-coopmans\Start Menu\Programs\Data Protection\Data Protection Support.lnk (Rogue.DataProtection) -> Quarantined and deleted successfully. C:\Documents and Settings\jeroen-coopmans\Start Menu\Programs\Data Protection\Data Protection.lnk (Rogue.DataProtection) -> Quarantined and deleted successfully. C:\Documents and Settings\jeroen-coopmans\Start Menu\Programs\Data Protection\Scan.lnk (Rogue.DataProtection) -> Quarantined and deleted successfully. C:\Documents and Settings\jeroen-coopmans\Start Menu\Programs\Data Protection\Settings.lnk (Rogue.DataProtection) -> Quarantined and deleted successfully. C:\Documents and Settings\jeroen-coopmans\Start Menu\Programs\Data Protection\Update.lnk (Rogue.DataProtection) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\pragmamfeklnmal.dll (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\Temp\pragmamainqt.dll (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\jeroen-coopmans\Desktop\nudetube.com.lnk (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\jeroen-coopmans\Desktop\****otube.com.lnk (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\jeroen-coopmans\Desktop\you****.com.lnk (Rogue.Link) -> Quarantined and deleted successfully. C:\Temp\MSWINSCK.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Temp\kernel64xp.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\jeroen-coopmans\Desktop\Data Protection.LNK (Rogue.DataProtection) -> Quarantined and deleted successfully. C:\Documents and Settings\jeroen-coopmans\Desktop\Data Protection Support.LNK (Rogue.DataProtection) -> Quarantined and deleted successfully. C:\Documents and Settings\jeroen-coopmans\Application Data\Microsoft\Internet Explorer\Quick Launch\Data Protection.LNK (Rogue.DataProtection) -> Quarantined and deleted successfully. ---------- Post toegevoegd om 10:31 ---------- Vorige post was om 10:27 ---------- en dit is het HJT log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:30:06, on 09.05.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\ibmpmsvc.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\svchost.exe C:\windows\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Intel\AMT\LMS.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe C:\windows\system32\Prot_srv.exe C:\Program Files\RemotelyAnywhere\RaMaint.exe C:\Program Files\RemotelyAnywhere\RemotelyAnywhere.exe C:\windows\system32\svchost.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe C:\windows\System32\TPHDEXLG.exe C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE C:\windows\system32\CCM\CcmExec.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe C:\TEMP\JPE66.EXE C:\Program Files\Citrix\ICA Client\ssonsvr.exe C:\windows\Explorer.EXE C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe C:\windows\system32\TpShocks.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe C:\windows\system32\rundll32.exe C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\FreePDF_XP\fpassist.exe C:\Program Files\RemotelyAnywhere\RAGui.exe C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://portal.europe.odcorp.net R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.europe.odcorp.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = euclprisa01:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;100.*;172.*;*.odcorp.net;*.odeurope.com;*.officedepot.com; *.officedepot.co.uk;*.officedepot.nl;*.viking.com;*.viking.de; *.vikingdirect.com;*.vikingdirect.nl;*.vikingdirect.fr;*.vikingdirect.es; *.vikingdirect.be;*.vikingdirect.co.uk;*.vikingop.com;*.vikingop.it; *.uschecomrnd.*;*.uschecom.net;*.nad.odcorpd.net;*na.odcorpd.net;<local> O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [bLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [RemotelyAnywhere GUI] "C:\Program Files\RemotelyAnywhere\RAGui.exe" O4 - HKLM\..\Run: [Pointsec Tray] C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://eunlveav01/officescan/console/ClientInstall/WinNTChk.cab O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://eunlveav01/officescan/console/ClientInstall/setup.cab O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://eunlveav01/officescan/console/html/AtxEnc.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222200629437 O16 - DPF: {B49BC7A2-057F-4046-B03A-0586FE18834F} (InstallShield Setup Player 2K2) - file://nlvecs05/deciweb/ClientConfig/setup.exe O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://nlvepc-t500:2000/activex/RACtrl.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = europe.odcorp.net O17 - HKLM\Software\..\Telephony: DomainName = europe.odcorp.net O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = europe.odcorp.net O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = europe.odcorp.net,odeurope.com,odcorp.net,officedepot.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = europe.odcorp.net,odeurope.com,odcorp.net,officedepot.com O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE O23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINDOWS\system32\FpLogonServ.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\windows\system32\ibmpmsvc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: Pointsec - Unknown owner - C:\windows\system32\Prot_srv.exe O23 - Service: Pointsec Service Start (Pointsec_start) - Unknown owner - C:\windows\system32\pstartSr.exe O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE O23 - Service: RemotelyAnywhere Maintenance Service (RAMaint) - 3am Labs, Inc. - C:\Program Files\RemotelyAnywhere\RaMaint.exe O23 - Service: RemotelyAnywhere - 3am Labs, Inc. - C:\Program Files\RemotelyAnywhere\RemotelyAnywhere.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: OfficeScanNT Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\windows\System32\TPHDEXLG.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- End of file - 15453 bytes ---------- Post toegevoegd om 10:43 ---------- Vorige post was om 10:31 ---------- Na een 2e scan bleef er 1 geinfecteerd object over. dit is het log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:30:06, on 09.05.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\ibmpmsvc.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\svchost.exe C:\windows\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Intel\AMT\LMS.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe C:\windows\system32\Prot_srv.exe C:\Program Files\RemotelyAnywhere\RaMaint.exe C:\Program Files\RemotelyAnywhere\RemotelyAnywhere.exe C:\windows\system32\svchost.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe C:\windows\System32\TPHDEXLG.exe C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE C:\windows\system32\CCM\CcmExec.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe C:\TEMP\JPE66.EXE C:\Program Files\Citrix\ICA Client\ssonsvr.exe C:\windows\Explorer.EXE C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe C:\windows\system32\TpShocks.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe C:\windows\system32\rundll32.exe C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\FreePDF_XP\fpassist.exe C:\Program Files\RemotelyAnywhere\RAGui.exe C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://portal.europe.odcorp.net R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.europe.odcorp.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = euclprisa01:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;100.*;172.*;*.odcorp.net;*.odeurope.com;*.officedepot.com; *.officedepot.co.uk;*.officedepot.nl;*.viking.com;*.viking.de; *.vikingdirect.com;*.vikingdirect.nl;*.vikingdirect.fr;*.vikingdirect.es; *.vikingdirect.be;*.vikingdirect.co.uk;*.vikingop.com;*.vikingop.it; *.uschecomrnd.*;*.uschecom.net;*.nad.odcorpd.net;*na.odcorpd.net;<local> O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [bLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [RemotelyAnywhere GUI] "C:\Program Files\RemotelyAnywhere\RAGui.exe" O4 - HKLM\..\Run: [Pointsec Tray] C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://eunlveav01/officescan/console/ClientInstall/WinNTChk.cab O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://eunlveav01/officescan/console/ClientInstall/setup.cab O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://eunlveav01/officescan/console/html/AtxEnc.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222200629437 O16 - DPF: {B49BC7A2-057F-4046-B03A-0586FE18834F} (InstallShield Setup Player 2K2) - file://nlvecs05/deciweb/ClientConfig/setup.exe O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://nlvepc-t500:2000/activex/RACtrl.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = europe.odcorp.net O17 - HKLM\Software\..\Telephony: DomainName = europe.odcorp.net O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = europe.odcorp.net O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = europe.odcorp.net,odeurope.com,odcorp.net,officedepot.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = europe.odcorp.net,odeurope.com,odcorp.net,officedepot.com O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE O23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINDOWS\system32\FpLogonServ.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\windows\system32\ibmpmsvc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: Pointsec - Unknown owner - C:\windows\system32\Prot_srv.exe O23 - Service: Pointsec Service Start (Pointsec_start) - Unknown owner - C:\windows\system32\pstartSr.exe O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE O23 - Service: RemotelyAnywhere Maintenance Service (RAMaint) - 3am Labs, Inc. - C:\Program Files\RemotelyAnywhere\RaMaint.exe O23 - Service: RemotelyAnywhere - 3am Labs, Inc. - C:\Program Files\RemotelyAnywhere\RemotelyAnywhere.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: OfficeScanNT Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\windows\System32\TPHDEXLG.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- End of file - 15453 bytes

met de scan worden 37 geinfecteerde objecten gevonden. Er verschijnt een pop-up met de tekst: " De scan is voltooid. Klik op 'Bekijk resultaten' om de geinfecteerde objecten te zien" <OK> Als ik op ok klik. Verdwijnt het hele venster waar de knop " bekijk resultaten" staat. Ik kan de resultaten dus niet zien. en als ik de malwarebytes opnieuw opstart moet ik weer opnieuw scannen. Wat kan ik doen?

& keylogger activity! Wat kan ik doen?

Daarnaast krijg ik ook een Warning: Zlob.****.Ad adware has been detected. Hoe kan ik dit verwijderen?

Heb Blijkbaar een Vervelende Trojan gedowd? Heb reeds verschillende zaken geprobeerd om deze te verwijderen maar tevergeefs . Dit is het Hijack log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:39:49, on 08.05.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\ibmpmsvc.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\svchost.exe C:\windows\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Intel\AMT\LMS.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe C:\windows\system32\Prot_srv.exe C:\Program Files\RemotelyAnywhere\RaMaint.exe C:\Program Files\RemotelyAnywhere\RemotelyAnywhere.exe C:\windows\system32\svchost.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe C:\windows\System32\TPHDEXLG.exe C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe C:\Program Files\Citrix\ICA Client\ssonsvr.exe C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe C:\TEMP\YH6FA.EXE C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe C:\windows\Explorer.EXE C:\windows\system32\TpShocks.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe C:\windows\system32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\FreePDF_XP\fpassist.exe C:\Program Files\RemotelyAnywhere\RAGui.exe C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Temp\MSWINSCK.exe C:\Documents and Settings\jeroen-coopmans\Application Data\Data Protection\datprot.exe C:\Temp\wscsvc32.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\CCleaner\CCleaner.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://portal.europe.odcorp.net R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.europe.odcorp.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = euclprisa01:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;100.*;172.*;*.odcorp.net;*.odeurope.com;*.officedepot.com; *.officedepot.co.uk;*.officedepot.nl;*.viking.com; *.viking.de;*.vikingdirect.com;*.vikingdirect.nl;*.vikingdirect.fr;*.vikingdirect.es;*.vikingdirect.be;*.viking-direct.co.uk;*.vikingop.com; *.vikingop.it;*.uschecomrnd.*;*.uschecom.net;*.nad.odcorpd.net;*na.odcorpd.net;<local> R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [bLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [DIRECT!] C:\PROGRA~1\COURIO~1\IDENTI~1\direct.exe O4 - HKLM\..\Run: [RemotelyAnywhere GUI] "C:\Program Files\RemotelyAnywhere\RAGui.exe" O4 - HKLM\..\Run: [Pointsec Tray] C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [MSWINSCK.exe] C:\Temp\MSWINSCK.exe O4 - HKCU\..\Run: [Data Protection] "C:\Documents and Settings\jeroen-coopmans\Application Data\Data Protection\datprot.exe" -noscan O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://eunlveav01/officescan/console/ClientInstall/WinNTChk.cab O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://eunlveav01/officescan/console/ClientInstall/setup.cab O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://eunlveav01/officescan/console/html/AtxEnc.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222200629437 O16 - DPF: {B49BC7A2-057F-4046-B03A-0586FE18834F} (InstallShield Setup Player 2K2) - file://nlvecs05/deciweb/ClientConfig/setup.exe O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://nlvepc-t500:2000/activex/RACtrl.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = europe.odcorp.net O17 - HKLM\Software\..\Telephony: DomainName = europe.odcorp.net O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = europe.odcorp.net O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = europe.odcorp.net,odeurope.com,odcorp.net,officedepot.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = europe.odcorp.net,odeurope.com,odcorp.net,officedepot.com O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: ATFUS - C:\WINDOWS\system32\FpWinLogonNp.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE O23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINDOWS\system32\FpLogonServ.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\windows\system32\ibmpmsvc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: Pointsec - Unknown owner - C:\windows\system32\Prot_srv.exe O23 - Service: Pointsec Service Start (Pointsec_start) - Unknown owner - C:\windows\system32\pstartSr.exe O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE O23 - Service: RemotelyAnywhere Maintenance Service (RAMaint) - 3am Labs, Inc. - C:\Program Files\RemotelyAnywhere\RaMaint.exe O23 - Service: RemotelyAnywhere - 3am Labs, Inc. - C:\Program Files\RemotelyAnywhere\RemotelyAnywhere.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: OfficeScanNT Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\windows\System32\TPHDEXLG.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- End of file - 16431 bytes Kan iemand mij helpen? ---------- Post toegevoegd om 10:03 ---------- Vorige post was om 09:49 ---------- En mijn virus protection wert niet.. en krijg ****o-snelkoppelingen op mijn bureaublad:(