ComboFix 11-07-18.05 - Brian 19-07-2011   3:25.11.1 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.31.1043.18.2038.982 [GMT 2:00]
Gestart vanuit: c:\users\Brian\Desktop\ComboFix.exe
AV: Emsisoft Anti-Malware *Disabled/Updated* {0ADC9F7D-20C1-240F-01E2-43466EBA893A}
AV: Ziggo uitgebreide internetbeveiliging 9.12 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
FW: Ziggo uitgebreide internetbeveiliging 9.12 *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
SP: Emsisoft Anti-Malware *Disabled/Updated* {B1BD7E99-06FB-2B81-3B52-7834153DC387}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Ziggo uitgebreide internetbeveiliging 9.12 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
.
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Brian\AppData\Roaming\EurekaLog
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2011-06-19 to 2011-07-19  ))))))))))))))))))))))))))))))
.
.
2011-07-19 01:50 . 2011-07-19 01:51	--------	d-----w-	c:\users\Brian\AppData\Local\temp
2011-07-19 01:50 . 2011-07-19 01:50	--------	d-----w-	c:\users\Public\AppData\Local\temp
2011-07-19 01:50 . 2011-07-19 01:50	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-07-19 00:42 . 2011-07-19 00:42	--------	d-----w-	c:\program files\ESET
2011-07-17 22:38 . 2011-07-07 06:34	51144	----a-w-	c:\windows\system32\drivers\Soluto.sys
2011-07-17 22:38 . 2011-07-17 22:39	--------	d-----w-	c:\program files\Soluto
2011-07-15 16:37 . 2011-06-20 06:57	7074640	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{54CBAAD2-0993-4624-B0A2-15324179D67C}\mpengine.dll
2011-07-13 19:40 . 2011-04-21 13:55	508416	----a-w-	c:\windows\system32\drivers\bthport.sys
2011-07-13 19:40 . 2009-06-17 13:23	30208	----a-w-	c:\windows\system32\drivers\BTHUSB.SYS
2011-07-13 19:40 . 2011-06-02 13:34	2043392	----a-w-	c:\windows\system32\win32k.sys
2011-07-13 19:39 . 2011-04-20 15:55	375808	----a-w-	c:\windows\system32\winsrv.dll
2011-07-13 19:39 . 2011-04-20 15:50	49152	----a-w-	c:\windows\system32\csrsrv.dll
2011-07-11 21:59 . 2011-07-11 21:59	--------	d-----w-	c:\programdata\Macrium
2011-07-11 21:58 . 2011-07-11 21:58	--------	d-----w-	c:\program files\Macrium
2011-07-10 17:04 . 2011-07-10 17:04	--------	d-----w-	c:\users\Brian\AppData\Roaming\F-Secure
2011-07-10 16:04 . 2011-07-12 14:21	42664	----a-w-	c:\windows\system32\drivers\fsbts.sys
2011-07-10 15:59 . 2009-11-18 16:07	37544	----a-w-	c:\windows\system32\drivers\fses.sys
2011-07-10 15:59 . 2009-11-18 16:08	574376	----a-w-	c:\windows\system32\msvcp50.dll
2011-07-10 15:59 . 2009-11-18 16:07	72904	----a-w-	c:\windows\system32\drivers\fsdfw.sys
2011-07-10 15:57 . 2011-07-12 15:35	--------	d-----w-	c:\program files\Internetbeveiliging
2011-07-10 15:56 . 2011-07-12 14:09	--------	d-----w-	c:\programdata\fssg
2011-07-10 00:55 . 2011-07-10 00:55	--------	d-----w-	c:\programdata\PCSettings
2011-07-09 02:37 . 2011-07-09 02:37	--------	d-----w-	C:\NBRT
2011-07-08 19:00 . 2011-07-08 19:00	388096	----a-r-	c:\users\Brian\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-08 18:45 . 2011-07-08 18:45	--------	d-----w-	c:\users\Brian\AppData\Roaming\Canneverbe Limited
2011-07-08 18:45 . 2011-07-08 18:45	--------	d-----w-	c:\programdata\Canneverbe Limited
2011-07-08 18:45 . 2011-07-08 18:45	--------	d-----w-	c:\program files\CDBurnerXP
2011-07-08 11:11 . 2011-07-08 11:14	--------	d-----w-	c:\users\Brian\AppData\Roaming\DVDVideoSoft
2011-07-06 16:27 . 2011-04-29 15:59	276992	----a-w-	c:\windows\system32\schannel.dll
2011-07-06 00:11 . 2011-07-06 15:38	--------	d-----w-	c:\programdata\NOS
2011-07-06 00:11 . 2011-07-06 00:11	--------	d-----w-	c:\program files\NOS
2011-07-03 22:29 . 2011-07-03 22:29	--------	d-----w-	C:\temp
2011-07-03 22:22 . 2011-07-03 22:37	--------	d-----w-	c:\program files\Google
2011-07-03 18:35 . 2011-07-03 18:35	--------	d-----w-	c:\users\Brian\AppData\Roaming\dvdcss
2011-07-01 10:56 . 2011-07-01 10:56	12952	----a-w-	c:\windows\system32\drivers\PSVolAcc.sys
2011-07-01 10:55 . 2011-07-01 10:55	16024	----a-w-	c:\windows\system32\drivers\pssnap.sys
2011-07-01 10:55 . 2011-07-01 10:55	45208	----a-w-	c:\windows\system32\drivers\psmounter.sys
2011-06-25 00:30 . 2011-06-25 00:30	--------	d-----w-	c:\windows\nl
2011-06-25 00:02 . 2011-06-25 00:15	--------	d-----w-	c:\users\Brian\amsn
2011-06-25 00:01 . 2011-06-25 00:01	--------	d-----w-	c:\program files\aMSN
2011-06-21 23:57 . 2011-07-03 22:23	--------	d-----w-	c:\users\Brian\AppData\Local\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-19 01:04 . 2011-05-11 01:23	21064	----a-w-	c:\windows\system32\drivers\hitmanpro35.sys
2011-07-06 17:52 . 2010-12-04 16:26	41272	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2010-12-04 16:26	22712	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-06-21 21:52 . 2011-05-22 22:03	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-12 17:44 . 2010-11-04 23:16	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-05-24 17:14 . 2010-11-03 21:14	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-05-02 17:16 . 2011-06-14 23:25	739328	----a-w-	c:\windows\system32\inetcomm.dll
2011-04-29 13:25 . 2011-06-14 23:25	146432	----a-w-	c:\windows\system32\drivers\srv2.sys
2011-04-29 13:25 . 2011-06-14 23:25	102400	----a-w-	c:\windows\system32\drivers\srvnet.sys
2011-04-29 13:24 . 2011-06-14 23:25	214016	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-04-29 13:24 . 2011-06-14 23:25	79872	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2011-04-29 13:24 . 2011-06-14 23:25	106496	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-04-28 18:17 . 2011-04-28 18:17	161792	----a-w-	c:\windows\system32\msls31.dll
2011-04-28 18:17 . 2011-04-28 18:17	1126912	----a-w-	c:\windows\system32\wininet.dll
2011-04-28 18:17 . 2011-04-28 18:17	86528	----a-w-	c:\windows\system32\iesysprep.dll
2011-04-28 18:17 . 2011-04-28 18:17	76800	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2011-04-28 18:17 . 2011-04-28 18:17	74752	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2011-04-28 18:17 . 2011-04-28 18:17	63488	----a-w-	c:\windows\system32\tdc.ocx
2011-04-28 18:17 . 2011-04-28 18:17	48640	----a-w-	c:\windows\system32\mshtmler.dll
2011-04-28 18:17 . 2011-04-28 18:17	367104	----a-w-	c:\windows\system32\html.iec
2011-04-28 18:17 . 2011-04-28 18:17	74752	----a-w-	c:\windows\system32\iesetup.dll
2011-04-28 18:17 . 2011-04-28 18:17	23552	----a-w-	c:\windows\system32\licmgr10.dll
2011-04-28 18:17 . 2011-04-28 18:17	1427456	----a-w-	c:\windows\system32\inetcpl.cpl
2011-04-28 18:17 . 2011-04-28 18:17	420864	----a-w-	c:\windows\system32\vbscript.dll
2011-04-28 18:17 . 2011-04-28 18:17	152064	----a-w-	c:\windows\system32\wextract.exe
2011-04-28 18:17 . 2011-04-28 18:17	150528	----a-w-	c:\windows\system32\iexpress.exe
2011-04-28 18:17 . 2011-04-28 18:17	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2011-04-28 18:17 . 2011-04-28 18:17	11776	----a-w-	c:\windows\system32\mshta.exe
2011-04-28 18:17 . 2011-04-28 18:17	35840	----a-w-	c:\windows\system32\imgutil.dll
2011-04-28 18:17 . 2011-04-28 18:17	101888	----a-w-	c:\windows\system32\admparse.dll
2011-04-28 18:17 . 2011-04-28 18:17	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2011-04-22 23:35 . 2011-06-14 23:42	1797632	----a-w-	c:\windows\system32\jscript9.dll
2011-04-22 23:25 . 2011-06-14 23:42	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2011-04-21 13:58 . 2011-06-14 23:26	273408	----a-w-	c:\windows\system32\drivers\afd.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-20 3563520]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"RtHDVCpl"="RtHDVCpl.exe" [2008-02-04 4907008]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"F-Secure Manager"="c:\program files\Internetbeveiliging\Common\FSM32.EXE" [2009-11-18 201128]
"F-Secure TNB"="c:\program files\Internetbeveiliging\FSGUI\TNBUtil.exe" [2009-11-18 1655208]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-1-10 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	\0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
2009-11-18 16:07	1655208	----a-w-	c:\program files\Internetbeveiliging\FSGUI\tnbutil.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HyvesDesktop.exe]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59	254696	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51	17408	----a-w-	c:\program files\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38	1008184	----a-w-	c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-858306250-2938697709-906041462-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 a2acc;a2acc;c:\test software\EMSISOFT ANTI-MALWARE\EMSISOFT ANTI-MALWARE\a2accx86.sys [2011-02-20 73728]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x32.sys [x]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Internetbeveiliging\ORSP Client\fsorsp.exe [2011-07-10 61088]
R3 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [2010-11-07 38976]
R3 PSSDKLBF;PSSDKLBF;c:\windows\system32\Drivers\pssdklbf.sys [2010-11-07 53312]
R3 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 F-Secure Filter;F-Secure File System Filter;c:\program files\Internetbeveiliging\Anti-Virus\Win2K\FSfilter.sys [2009-11-18 41640]
R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Internetbeveiliging\Anti-Virus\Win2K\FSrec.sys [2009-11-18 27048]
R4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-01-13 129440]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2011-07-12 42664]
S0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\DRIVERS\pssnap.sys [2011-07-01 16024]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [2011-07-07 51144]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-02-07 717296]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Internetbeveiliging\HIPS\drivers\fshs.sys [2009-11-18 69928]
S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2009-11-18 37544]
S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-11-18 72904]
S1 fsvista;F-Secure Vista Support Driver;c:\program files\Internetbeveiliging\Anti-Virus\minifilter\fsvista.sys [2009-11-18 14248]
S2 a2AntiMalware;Emsisoft Anti-Malware 5.1 - Service;c:\test software\Emsisoft Anti-Malware\Emsisoft Anti-Malware\a2service.exe [2011-06-30 3029208]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-02-04 77824]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [2009-10-29 65536]
S2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2011-07-01 220824]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-01-10 993848]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-01-10 399416]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2011-07-07 376352]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Internetbeveiliging\Anti-Virus\minifilter\fsgk.sys [2011-07-12 148648]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-07-29 51288]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-06-12 43608]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
bthsvcs	REG_MULTI_SZ   	BthServ
.
Inhoud van de 'Gedeelde Taken' map
.
2011-07-18 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\INTERN~2\ANTI-V~1\fsav.exe [2011-07-10 16:06]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
IE: Free YouTube to MP3 Converter - c:\users\Brian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
LSP: c:\program files\Internetbeveiliging\FSPS\program\FSLSP.DLL
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-19 03:50
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ... 
.
scannen van verborgen autostart items ... 
.
scannen van verborgen bestanden ... 
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'Explorer.exe'(3548)
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
.
Voltooingstijd: 2011-07-19  04:02:02
ComboFix-quarantined-files.txt  2011-07-19 02:01
.
Pre-Run: 125.355.573.248 bytes beschikbaar
Post-Run: 124.183.703.552 bytes beschikbaar
.
- - End Of File - - 76E2F2EAAFA8C5898CFA9D979CC1A2AB