Waarschijnlijk een virus, maar onvindbaar.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:00:32, on 15-04-2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\Documents and Settings\Administrator.SINKE\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Citrix\Licensing\LS\lmgrd.exe
C:\Program Files\Citrix\Licensing\LicWMI\Citrix_GTLicensingProv.exe
C:\Program Files\Citrix\system32\CpSvc.exe
C:\Program Files\Citrix\Licensing\LMC\Tomcat\bin\tomcat.exe
C:\Program Files\Citrix\Licensing\LS\CITRIX.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\lserver.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\Citrix\Installer\AgentSVC.exe
C:\Program Files\Citrix\Installer\saginst.exe
C:\Program Files\Citrix\system32\cdmsvc.exe
C:\Program Files\Citrix\system32\encsvc.exe
C:\Program Files\Citrix\System32\Citrix\Ima\ImaSrv.exe
C:\Program Files\Citrix\System32\mfcom.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Citrix\Sma\SmaService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Citrix\Server Resource Management\CPU Utilization Management\bin\ctxcpusched.exe
C:\Program Files\Citrix\Server Resource Management\CPU Utilization Management\bin\ctxcpuusync.exe
C:\Program Files\Citrix\Server Resource Management\Memory Optimization Management\Program\CtxSFOSvc.exe
C:\Program Files\Citrix\system32\citrix\WMI\ctxwmisvc.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\GIM\Client\bin\GIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Canon\DIAS\CnxDIAS.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator.SINKE\Desktop\Windows-KB890830-V1.40.exe
d:\bb7cebd448804cbc53eca737\mrtstub.exe
C:\WINDOWS\system32\MRT.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Administrator.SINKE\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet.sinke.local.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.22.111.22:3128
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IcaBar] "C:\Program Files\Citrix\system32\icabar.exe" /adminonly
O4 - HKLM\..\Run: [GIM] C:\Program Files\GIM\Client\bin\GIM.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: []  (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: []  (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\administrator.sinke\windows\system32\mswsock.dll' missing
O15 - ESC Trusted Zone: http://ardownload.adobe.com
O15 - ESC Trusted Zone: http://www.adobe.com
O15 - ESC Trusted Zone: http://www.cdsassuradeuren.nl
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134386653781
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134392381225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sinke.local.com
O17 - HKLM\Software\..\Telephony: DomainName = sinke.local.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{F99FE80C-0423-425F-8B87-6E35CA92B57C}: NameServer = 10.22.111.21
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sinke.local.com
O20 - AppInit_DLLs: RMProcessLink.dll,mfaphook.dll zlc_api.dll
O23 - Service: ADF Installer Service (ADF Installer) - Citrix Systems, Inc. - C:\Program Files\Citrix\Installer\AgentSVC.exe
O23 - Service: Canon Driver Information Assist Service - CANON INC. - C:\Program Files\Canon\DIAS\CnxDIAS.exe
O23 - Service: Diagnostic Facility COM Server (CdfSvc) - Citrix Systems, Inc. - C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe
O23 - Service: Client Network (CdmService) - Citrix Systems, Inc. - C:\Program Files\Citrix\system32\cdmsvc.exe
O23 - Service: Citrix SMA Service - Citrix Systems Inc. - C:\Program Files\Citrix\Sma\SmaService.exe
O23 - Service: Citrix Virtual Memory Optimization - Citrix Systems, Inc. - C:\Program Files\Citrix\Server Resource Management\Memory Optimization Management\Program\CtxSFOSvc.exe
O23 - Service: CitrixLicensing - Macrovision Corporation - C:\Program Files\Citrix\Licensing\LS\lmgrd.exe
O23 - Service: Citrix WMI Service (CitrixWMIService) - Citrix Systems, Inc. - C:\Program Files\Citrix\system32\citrix\WMI\ctxwmisvc.exe
O23 - Service: Citrix XTE Server (CitrixXTEServer) - Citrix Systems, Inc. - C:\Program Files\Citrix\XTE\bin\XTE.exe
O23 - Service: Citrix Licensing WMI  (Citrix_GTLicensingProv) - Unknown owner - C:\Program Files\Citrix\Licensing\LicWMI\Citrix_GTLicensingProv.exe
O23 - Service: Citrix Print Manager Service (cpsvc) - Citrix Systems, Inc. - C:\Program Files\Citrix\system32\CpSvc.exe
O23 - Service: Citrix CPU Utilization Mgmt/CPU Rebalancer (CTXCPUBal) - Aurema Pty Limited - C:\Program Files\Citrix\Server Resource Management\CPU Utilization Management\bin\ctxcpubal.exe
O23 - Service: Citrix CPU Utilization Mgmt/Resource Mgmt (ctxcpuSched) - Aurema Pty Limited - C:\Program Files\Citrix\Server Resource Management\CPU Utilization Management\bin\ctxcpusched.exe
O23 - Service: Citrix CPU Utilization Mgmt/User-Session Sync (CTXCPUUsync) - Aurema Pty Limited - C:\Program Files\Citrix\Server Resource Management\CPU Utilization Management\bin\ctxcpuusync.exe
O23 - Service: License Management Console for Citrix Licensing (CTXLMC) - Alexandria Software Consulting - C:\Program Files\Citrix\Licensing\LMC\Tomcat\bin\tomcat.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Encryption Service - Citrix Systems, Inc. - C:\Program Files\Citrix\system32\encsvc.exe
O23 - Service: Independent Management Architecture (IMAService) - Citrix Systems, Inc. - C:\Program Files\Citrix\System32\Citrix\Ima\ImaSrv.exe
O23 - Service: MetaFrame COM Server (MFCom) - Citrix Systems, Inc. - C:\Program Files\Citrix\System32\mfcom.exe
O23 - Service: CCS Databaseservers (ProService9.1D) - Unknown owner - C:\Program Files\PROGRESS\DLC91D\BIN\PROSRVC.EXE (file missing)
O23 - Service: Resource Manager Mail (ResourceManagerMail) - Citrix Systems, Inc. - C:\Program Files\Citrix\System32\Citrix\IMA\MailService.exe
O23 - Service: winvnc - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe

--
End of file - 9061 bytes

HKLM\SECURITY\Policy\Secrets\SAC*   12-12-2005 11:58    0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI*   12-12-2005 11:58    0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SCM:{148f1a14-53f3-4074-a573-e1ccd344e1d0}*    12-12-2005 23:31    0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SCM:{3D14228D-FBE1-11D0-995D-00C04FD919C1}*    12-12-2005 17:08    0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SCM:{76db1bf3-e820-4765-a1b2-0b16a86b1950}*    23-10-2007 20:43    0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SCM:{BBBF5400-E091-11D8-AD76-005056C00008}*    12-12-2005 16:54    0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SCM:{EC141AA5-2FCB-4A70-BBA0-025B6A2A626E}*    12-12-2005 16:54    0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Reliability\LastAliveUptime  15-04-2008 15:34    4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Reliability\LastAliveStamp   15-04-2008 15:34    16 bytes    Data mismatch between Windows API and raw hive data.
C:\Documents and Settings\Administrator.SINKE\Local Settings\Temp\117d3fc.exe   15-04-2008 16:04    10.35 KB    Hidden from Windows API.
C:\Documents and Settings\Administrator.SINKE\Local Settings\Temporary Internet Files\Content.IE5\EJ2BQD23\google_nl[1].htm 15-04-2008 15:52    6.86 KB Hidden from Windows API.
C:\Documents and Settings\Administrator.SINKE\Local Settings\Temporary Internet Files\Content.IE5\EJ2BQD23\google_nl[2].htm 15-04-2008 14:50    6.86 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\oldfiles\em000_32.dat   15-04-2008 14:58    48.26 KB    Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\oldfiles\em001_32.dat   15-04-2008 14:58    298.93 KB   Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\oldfiles\em002_32.dat   15-04-2008 14:59    8.50 MB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\oldfiles\em003_32.dat   15-04-2008 14:59    203.77 KB   Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\oldfiles\em005_32.dat   15-04-2008 14:59    37.03 KB    Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\temp\em000_32.dat   15-04-2008 14:59    48.15 KB    Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\temp\em001_32.dat   15-04-2008 14:59    300.36 KB   Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\temp\em002_32.dat   15-04-2008 14:59    8.68 MB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\temp\em003_32.dat   15-04-2008 14:59    210.65 KB   Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\temp\em005_32.dat   15-04-2008 14:59    38.11 KB    Visible in Windows API, but not in MFT or directory index.