ComboFix 11-08-12.01 - Mario 13/08/2011  11:43:42.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.32.1043.18.3002.1875 [GMT 2:00]
Gestart vanuit: c:\users\Mario\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Outdated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Telenet Security Pack 9.01 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
FW: Telenet Security Pack 9.01 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
SP: Microsoft Security Essentials *Enabled/Outdated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Telenet Security Pack 9.01 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2011-07-13 to 2011-08-13  ))))))))))))))))))))))))))))))
.
.
2011-08-13 09:59 . 2011-08-13 09:59	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-08-13 09:37 . 2011-08-13 09:37	28752	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{57739165-7C2B-4F8E-B890-3040F3D1100E}\MpKsl3a035948.sys
2011-08-13 09:09 . 2011-08-13 09:09	28752	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{57739165-7C2B-4F8E-B890-3040F3D1100E}\MpKsledf90096.sys
2011-08-10 12:01 . 2011-08-10 12:01	388096	----a-r-	c:\users\Mario\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-10 12:01 . 2011-08-10 12:01	--------	d-----w-	c:\program files\Trend Micro
2011-07-29 13:11 . 2011-07-29 13:11	--------	d-----w-	c:\users\Mario\{d11d19cd-28f5-4482-8058-3a3eb451f927}
2011-07-29 13:09 . 2011-07-29 13:09	--------	d-----w-	c:\users\Mario\AppData\Local\HP
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-27 18:24 . 2011-05-14 13:58	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-23 468264]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"F-Secure Manager"="c:\program files\Telenet Security Pack\Common\FSM32.EXE" [2009-08-05 199264]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
2009-08-05 15:57	2349664	----a-w-	c:\program files\Telenet Security Pack\FSGUI\tnbutil.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2010-11-30 11:20	997408	----a-w-	c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-11-10 00:54	4240760	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-08-01 15:14	202032	----a-w-	c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-12-24 14:55	222504	------w-	c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
2008-06-13 17:11	210216	------w-	c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2008-06-13 17:11	210216	------w-	c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]
2008-06-13 17:11	210216	------w-	c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2008-10-06 19:42	210216	------w-	c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
.
R1 MpKsl2c49f032;MpKsl2c49f032;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0F9CF810-303A-4B37-A247-0329A7B83FE0}\MpKsl2c49f032.sys [x]
R1 MpKsl478db3df;MpKsl478db3df;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0F9CF810-303A-4B37-A247-0329A7B83FE0}\MpKsl478db3df.sys [x]
R1 MpKslbd53cd07;MpKslbd53cd07;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D5590F32-7A48-476A-95D6-D6CAC397A357}\MpKslbd53cd07.sys [x]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Telenet Security Pack\ORSP Client\fsorsp.exe [2011-05-23 61088]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 F-Secure Filter;F-Secure File System Filter;c:\program files\Telenet Security Pack\Anti-Virus\Win2K\FSfilter.sys [2009-08-05 39776]
R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Telenet Security Pack\Anti-Virus\Win2K\FSrec.sys [2009-08-05 25184]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2010-12-15 42664]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Telenet Security Pack\HIPS\drivers\fshs.sys [2009-08-05 68064]
S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2010-12-23 36792]
S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2010-12-23 73160]
S1 fsvista;F-Secure Vista Support Driver;c:\program files\Telenet Security Pack\Anti-Virus\minifilter\fsvista.sys [2009-08-05 12384]
S1 MpKsl3a035948;MpKsl3a035948;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{57739165-7C2B-4F8E-B890-3040F3D1100E}\MpKsl3a035948.sys [2011-08-13 28752]
S1 MpKsledf90096;MpKsledf90096;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{57739165-7C2B-4F8E-B890-3040F3D1100E}\MpKsledf90096.sys [2011-08-13 28752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Telenet Security Pack\Anti-Virus\minifilter\fsgk.sys [2011-06-10 148648]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
S3 OA004Ufd;Creative Camera OA004 Upper Filter Driver;c:\windows\system32\DRIVERS\OA004Ufd.sys [2008-06-03 144672]
S3 OA004Vid;Creative Camera OA004 Function Driver;c:\windows\system32\DRIVERS\OA004Vid.sys [2008-07-17 269760]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - MPKSL3A035948
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 09:14	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
LSP: c:\program files\Telenet Security Pack\FSPS\program\FSLSP.DLL
TCP: DhcpNameServer = 195.130.131.131 195.130.130.3
.
- - - - ORPHANS VERWIJDERD - - - -
.
MSConfigStartUp-Google Update - c:\users\Mario\AppData\Local\Google\Update\GoogleUpdate.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-13 11:59
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ... 
.
scannen van verborgen autostart items ... 
.
scannen van verborgen bestanden ... 
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(736)
c:\program files\telenet security pack\hips\fshook32.dll
.
- - - - - - - > 'lsass.exe'(656)
c:\program files\telenet security pack\hips\fshook32.dll
.
Voltooingstijd: 2011-08-13  12:01:58
ComboFix-quarantined-files.txt  2011-08-13 10:01
.
Pre-Run: 214.368.964.608 bytes beschikbaar
Post-Run: 215.426.179.072 bytes beschikbaar
.
- - End Of File - - 0E0B58F8C92099DB31149F75663FD776