ComboFix 11-08-17.02 - admin 17/08/2011  18:03:19.2.2 - x86
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.32.1043.18.2486.1417 [GMT 2:00]
Gestart vanuit: c:\users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9G0GRA9U\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2011-07-17 to 2011-08-17  ))))))))))))))))))))))))))))))
.
.
2011-08-17 16:08 . 2011-08-17 16:08	--------	d-----w-	c:\users\WindowsImageBackup\AppData\Local\temp
2011-08-17 16:08 . 2011-08-17 16:08	--------	d-----w-	c:\users\Public\AppData\Local\temp
2011-08-17 16:08 . 2011-08-17 16:08	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-08-17 16:08 . 2011-08-17 16:08	--------	d-----w-	c:\users\ADMIN-PC\AppData\Local\temp
2011-08-17 14:34 . 2011-08-17 14:34	28752	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{361C4CC5-0150-44BF-867B-3D96C9D0D43C}\MpKsl66db9386.sys
2011-08-17 06:47 . 2011-08-12 02:44	7152464	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{361C4CC5-0150-44BF-867B-3D96C9D0D43C}\mpengine.dll
2011-08-16 18:11 . 2011-08-16 18:11	--------	d-----w-	c:\users\admin\AppData\Roaming\Malwarebytes
2011-08-16 18:11 . 2011-07-08 05:55	41272	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-16 18:10 . 2011-08-16 18:10	--------	d-----w-	c:\programdata\Malwarebytes
2011-08-16 18:10 . 2011-08-17 03:50	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-08-16 18:10 . 2011-07-08 05:55	22712	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-08-15 14:33 . 2011-08-15 14:33	388096	----a-r-	c:\users\admin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-15 09:00 . 2011-08-15 14:33	--------	d-----w-	c:\program files\Trend Micro
2011-08-11 08:06 . 2010-12-18 21:08	439632	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EE8AA5AF-05D4-4A9C-A5FE-3979DB1F7335}\gapaengine.dll
2011-08-10 07:27 . 2011-06-23 04:33	3912576	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-08-10 07:27 . 2011-06-23 04:33	3967872	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-08-10 07:26 . 2011-07-09 02:30	223744	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-08-10 07:26 . 2011-06-21 05:34	1290624	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-08-10 07:15 . 2011-06-15 08:55	86016	----a-w-	c:\windows\system32\odbccu32.dll
2011-08-10 07:15 . 2011-06-15 08:55	81920	----a-w-	c:\windows\system32\odbccr32.dll
2011-08-10 07:15 . 2011-06-15 08:55	319488	----a-w-	c:\windows\system32\odbcjt32.dll
2011-08-10 07:15 . 2011-06-15 08:55	163840	----a-w-	c:\windows\system32\odbctrac.dll
2011-08-10 07:15 . 2011-06-15 08:55	122880	----a-w-	c:\windows\system32\odbccp32.dll
2011-08-10 07:15 . 2011-06-15 08:54	94208	----a-w-	c:\program files\Common Files\System\Ole DB\msdaosp.dll
2011-08-04 08:04 . 2011-08-04 08:04	--------	d-----w-	c:\users\admin\AppData\Roaming\SiteRanker
2011-08-01 08:43 . 2011-08-16 20:13	--------	d-----w-	c:\users\admin\LDV-Muziek
2011-08-01 03:31 . 2011-08-01 03:31	528	----a-r-	c:\users\WindowsImageBackup\MediaID.bin
2011-07-31 13:27 . 2011-07-31 13:27	--------	d-----w-	c:\program files\VirtualDJ
2011-07-28 20:17 . 2011-07-31 12:31	--------	d-----w-	c:\program files\Ask.com
2011-07-28 20:17 . 2011-07-28 20:17	--------	d-----w-	C:\Firefox
2011-07-27 05:58 . 2011-08-16 17:47	--------	d-----w-	c:\program files\SiteRanker
2011-07-26 03:30 . 2011-07-26 03:30	--------	d-----w-	c:\users\admin\AppData\Roaming\Fighters
2011-07-24 20:09 . 2011-07-24 20:09	--------	d-----w-	c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-13 03:39 . 2010-12-21 04:37	6881616	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-04 11:07 . 2009-07-14 02:05	152576	----a-w-	c:\windows\system32\msclmd.dll
2011-06-25 09:17 . 2011-06-25 09:17	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-11 02:29 . 2011-07-13 12:15	2334208	----a-w-	c:\windows\system32\win32k.sys
2011-06-01 06:16 . 2010-12-18 20:45	6656	----a-w-	c:\windows\system32\bcmwlrc.dll
2011-06-01 03:36 . 2010-12-21 21:43	48648	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-05-24 10:44 . 2011-06-29 07:18	293376	----a-w-	c:\windows\system32\umpnpmgr.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Super MP3 Download"="c:\program files\SuperMp3Download\SuperMp3Download.exe" [2011-06-09 4499184]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2011-08-04 966712]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2006-11-29 90112]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-08 449584]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-08 1047656]
.
c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 miofjrll;miofjrll;c:\windows\system32\drivers\miofjrll.sys [x]
R1 MpKsl8d5921dc;MpKsl8d5921dc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9FE4CBD5-B85B-4AA9-A9E0-15481EAA75BA}\MpKsl8d5921dc.sys [x]
R1 MpKslbaeb236d;MpKslbaeb236d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{43345F3B-83DC-4A7C-AE1A-2B338A2A1ECF}\MpKslbaeb236d.sys [x]
R1 MpKsld7b18a80;MpKsld7b18a80;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A4B408C9-8EB5-4947-B40F-232FCD520AB4}\MpKsld7b18a80.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-13 136176]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2010-12-18 23456]
R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-13 136176]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2008-12-30 103040]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-08 41272]
R3 netr73;Stuurprogramma voor RT73 USB draadloze LAN-kaart voor Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-20 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 MpKsl66db9386;MpKsl66db9386;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{361C4CC5-0150-44BF-867B-3D96C9D0D43C}\MpKsl66db9386.sys [2011-08-17 28752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-08 366640]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-08 22712]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - MPKSL66DB9386
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPService	REG_MULTI_SZ   	HPSLPSVC
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhoud van de 'Gedeelde Taken' map
.
2011-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-13 07:19]
.
2011-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-13 07:19]
.
2011-08-17 c:\windows\Tasks\SLOW-PCfighter-admin-Startup.job
- c:\program files\Fighters\SLOW-PCfighter\SLOW-PCfighter.exe [2011-04-07 18:56]
.
2011-08-17 c:\windows\Tasks\WinMaximizer-admin-Startup.job
- c:\program files\WinMaximizer\WinMaximizer.exe [2011-07-14 13:04]
.
.
------- Bijkomende Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS VERWIJDERD - - - -
.
AddRemove-IMBoosterARP - c:\program files\Iminent\inst\Bootstrapper\Bootstrapper.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{9384BD4C-DD14-4BE9-80F7-F6277511E4F5}"=hex:51,66,7a,6c,4c,1d,38,12,22,be,97,
   97,26,93,87,0e,ff,e1,b5,67,70,4f,a0,e1
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
   d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
   07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
   36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{593DDEC6-7468-4CDD-90E1-42DADAA222E9}"=hex:51,66,7a,6c,4c,1d,38,12,a8,dd,2e,
   5d,5a,3a,b3,09,ef,f7,01,9a,df,fc,66,fd
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
   fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}"=hex:51,66,7a,6c,4c,1d,38,12,49,e1,1e,
   1a,d6,12,cd,0b,d4,1a,c8,43,e4,f4,32,a8
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13,
   36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
   51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{73C0A9ED-248D-49FF-B71D-7994953805EC}"=hex:51,66,7a,6c,4c,1d,38,12,83,aa,d3,
   77,bf,6a,91,0c,c8,0b,3a,d4,90,66,41,f8
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:37,25,1e,2f,c8,21,cc,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2011-08-17  18:10:01
ComboFix-quarantined-files.txt  2011-08-17 16:10
ComboFix2.txt  2011-03-03 10:50
.
Pre-Run: 229.220.352 bytes beschikbaar
Post-Run: 202.289.152 bytes beschikbaar
.
- - End Of File - - 127769D346DCE746F1C6D81D245FD19C