Gastaccount

[snel0026]

ComboFix 11-12-06.02 - Wim 08-12-2011 13:09:07.3.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.2038.920 [GMT 1:00]

Gestart vanuit: c:\users\Wim\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Wim\Desktop\CFScript.txt

AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\programdata\KGyGaAvL.sys"

"c:\windows\system32\srvany.exe"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}

c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}.native.bitness.log

c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}.native.data.log

c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}.native.elements.log

c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}.native.weight.log

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_KMService

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-11-08 to 2011-12-08 ))))))))))))))))))))))))))))))

.

.

2011-12-08 12:30 . 2011-12-08 12:30 -------- d-----w- c:\users\Gast\AppData\Local\temp

2011-12-08 12:30 . 2011-12-08 12:30 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-08 12:30 . 2011-12-08 12:30 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2011-12-05 14:48 . 2011-12-05 14:48 388096 ----a-r- c:\users\Wim\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-12-05 14:48 . 2011-12-05 14:48 -------- d-----w- C:\Trend Micro

2011-12-05 14:23 . 2011-12-05 14:23 3848 ----a-w- c:\users\Wim\ec_20111205.reg

2011-12-05 11:57 . 2011-12-05 11:57 -------- d-----w- c:\users\Administrator.Laptop\AppData\Roaming\SmartFix

2011-12-05 11:57 . 2011-12-05 11:57 -------- d-----w- c:\users\Administrator.Laptop\AppData\Local\SmartFix

2011-12-05 09:02 . 2011-12-05 09:02 -------- d-----w- c:\programdata\SmartFix

2011-12-05 09:02 . 2011-12-05 09:02 -------- d-----w- c:\program files\SmartFix

2011-12-05 09:02 . 2011-12-05 09:02 -------- d-----w- c:\users\Wim\AppData\Roaming\SmartFix

2011-12-05 09:02 . 2011-12-05 09:02 -------- d-----w- c:\users\Wim\AppData\Local\SmartFix

2011-12-03 11:04 . 2011-12-03 11:04 -------- d-----w- c:\program files\ESET

2011-12-03 10:22 . 2011-12-03 10:23 -------- d-----w- c:\users\Administrator.Laptop\AppData\Local\VirtualStore

2011-12-03 08:30 . 2011-12-03 08:31 -------- d-----w- c:\users\Wim\AppData\Local\VirtualStore

2011-11-30 19:41 . 2011-11-30 19:41 -------- d-----w- C:\Download

2011-11-30 19:40 . 2011-11-30 19:40 -------- d-----w- C:\AllSharePhotoSlide

2011-11-30 15:20 . 2011-10-27 01:25 78136 ----a-w- c:\windows\system32\drivers\ssudbus.sys

2011-11-30 15:20 . 2011-10-27 01:25 181432 ----a-w- c:\windows\system32\drivers\ssudmdm.sys

2011-11-30 15:09 . 2011-11-30 15:09 -------- d-----w- c:\program files\MarkAny

2011-11-23 15:05 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-23 15:05 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll

2011-11-23 15:05 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys

2011-11-22 12:34 . 2011-11-22 12:34 -------- d-----w- c:\program files\Common Files\Corel

2011-11-22 11:47 . 2011-11-22 11:47 335872 ----a-r- c:\users\Wim\AppData\Roaming\Microsoft\Installer\{F6EE49FD-B736-4888-A05A-115F3B1160FA}\ARPPRODUCTICON.exe

2011-11-22 11:47 . 2011-11-22 11:47 335872 ----a-r- c:\users\Wim\AppData\Roaming\Microsoft\Installer\{4873CC58-69D8-490D-9E5C-001DC2EE2020}\ARPPRODUCTICON.exe

2011-11-22 11:47 . 2011-11-22 11:47 335872 ----a-r- c:\users\Wim\AppData\Roaming\Microsoft\Installer\{4873CC58-69D8-490D-9E5C-001DC2EE2010}\ARPPRODUCTICON.exe

2011-11-19 20:48 . 2011-11-22 15:26 -------- d-----w- c:\program files\Common Files\Nero

2011-11-19 20:40 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll

2011-11-19 20:40 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll

2011-11-19 20:40 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll

2011-11-19 20:40 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll

2011-11-19 20:40 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll

2011-11-19 18:49 . 2011-11-19 18:49 -------- d-----w- c:\users\Wim\AppData\Local\Geckofx

2011-11-19 18:30 . 2011-11-19 18:33 -------- d-----w- c:\programdata\SpotGrit

2011-11-19 18:28 . 2011-11-19 18:28 -------- d-sh--w- c:\windows\system32\AI_RecycleBin

2011-11-19 18:28 . 2011-11-19 18:28 -------- d-----w- c:\program files\SpotGrit

2011-11-18 19:07 . 2011-11-18 19:07 -------- d-----w- c:\users\Wim\AppData\Roaming\XMedia Recode

2011-11-18 18:48 . 2011-11-18 18:49 -------- d-----w- c:\program files\XMedia Recode

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-22 12:41 . 2010-04-10 15:17 5642 --sha-w- c:\programdata\KGyGaAvL.sys

2011-11-14 08:34 . 2011-10-21 20:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-09-27 16:22 . 2011-09-27 16:22 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2011-09-16 09:54 . 2011-09-16 09:54 90112 ----a-w- c:\windows\MAMCityDownload.ocx

2011-09-16 09:54 . 2011-09-16 09:54 325552 ----a-w- c:\windows\MASetupCaller.dll

2011-09-16 09:54 . 2011-09-16 09:54 30568 ----a-w- c:\windows\MusiccityDownload.exe

2011-09-16 09:54 . 2011-09-16 09:54 974848 ----a-w- c:\windows\system32\cis-2.4.dll

2011-09-16 09:54 . 2011-09-16 09:54 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll

2011-09-16 09:54 . 2011-09-16 09:54 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll

2011-09-16 09:54 . 2011-09-16 09:54 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll

2011-09-16 09:54 . 2011-09-16 09:54 57344 ----a-w- c:\windows\system32\MK_Lyric.dll

2011-09-16 09:54 . 2011-09-16 09:54 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll

2011-09-16 09:54 . 2011-09-16 09:54 569344 ----a-w- c:\windows\system32\muzdecode.ax

2011-09-16 09:54 . 2011-09-16 09:54 491520 ----a-w- c:\windows\system32\muzapp.dll

2011-09-16 09:54 . 2011-09-16 09:54 49152 ----a-w- c:\windows\system32\MaJGUILib.dll

2011-09-16 09:54 . 2011-09-16 09:54 45056 ----a-w- c:\windows\system32\MaXMLProto.dll

2011-09-16 09:54 . 2011-09-16 09:54 45056 ----a-w- c:\windows\system32\MACXMLProto.dll

2011-09-16 09:54 . 2011-09-16 09:54 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll

2011-09-16 09:54 . 2011-09-16 09:54 40960 ----a-w- c:\windows\system32\MAMACExtract.dll

2011-09-16 09:54 . 2011-09-16 09:54 352256 ----a-w- c:\windows\system32\MSLUR71.dll

2011-09-16 09:54 . 2011-09-16 09:54 258048 ----a-w- c:\windows\system32\muzoggsp.ax

2011-09-16 09:54 . 2011-09-16 09:54 245760 ----a-w- c:\windows\system32\MSCLib.dll

2011-09-16 09:54 . 2011-09-16 09:54 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe

2011-09-16 09:54 . 2011-09-16 09:54 200704 ----a-w- c:\windows\system32\muzwmts.dll

2011-09-16 09:54 . 2011-09-16 09:54 155648 ----a-w- c:\windows\system32\MSFLib.dll

2011-09-16 09:54 . 2011-09-16 09:54 143360 ----a-w- c:\windows\system32\3DAudio.ax

2011-09-16 09:54 . 2011-09-16 09:54 135168 ----a-w- c:\windows\system32\muzaf1.dll

2011-09-16 09:54 . 2011-09-16 09:54 131072 ----a-w- c:\windows\system32\muzmpgsp.ax

2011-09-16 09:54 . 2011-09-16 09:54 122880 ----a-w- c:\windows\system32\muzeffect.ax

2011-09-16 09:54 . 2011-09-16 09:54 118784 ----a-w- c:\windows\system32\MaDRM.dll

2011-09-16 09:54 . 2011-09-16 09:54 110592 ----a-w- c:\windows\system32\muzmp4sp.ax

2011-09-16 09:54 . 2011-10-18 10:59 821824 ----a-w- c:\windows\system32\dgderapi.dll

2011-04-29 18:22 . 2011-03-23 09:17 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2006-05-03 10:06 163328 --sha-r- c:\windows\System32\flvDX.dll

2007-02-21 11:47 31232 --sha-r- c:\windows\System32\msfDX.dll

2008-03-16 13:30 216064 --sha-r- c:\windows\System32\nbDX.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Screenshot Captor"="c:\program files\ScreenshotCaptor\ScreenshotCaptor.exe" [2010-10-07 6363648]

"Nuria"="c:\program files\Nuria\Nuria.exe" [2008-11-06 1716224]

"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-11-29 21392]

"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-11-29 935312]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

"SupportAgent_HCC"="c:\program files\SmartFix\SupportAgent_HCC\SupportAgent.exe" [2011-12-05 4024320]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"FilterAdministratorToken"= 1 (0x1)

"DisableCAD"= 1 (0x1)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{0cab0400-7395-11d0-a5e5-0020afe2fdd9}"= "qvphook.dll" [2000-05-26 45056]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Quick View Plus.lnk]

backup=c:\windows\pss\Quick View Plus.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 17:29 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2011-09-27 06:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]

2010-03-24 17:50 2516296 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]

2010-04-02 08:18 1185112 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-08-20 19:45 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2009-09-23 17:30 173592 ----a-w- c:\windows\System32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2009-09-23 17:30 141848 ----a-w- c:\windows\System32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]

2010-03-02 17:52 140640 ----a-w- c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]

2011-11-29 11:58 935312 ----a-w- c:\program files\Samsung\Kies\KiesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]

2011-11-29 11:58 21392 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]

2011-11-29 11:58 3508624 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPN Assistent]

2011-08-18 15:22 33560288 ----a-w- c:\program files\KPN\KPN Assistent\KPN_Assistent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nuria]

2008-11-06 12:47 1716224 ----a-w- c:\program files\Nuria\Nuria.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NUSB3MON]

2010-04-27 08:09 113288 ----a-w- c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2009-09-23 17:30 150552 ----a-w- c:\windows\System32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2010-12-23 13:05 9972328 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-10-29 13:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2010-05-02 10:51 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2011-04-22 12:21 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2009-07-14 01:14 660480 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R0 PCGenFAM;PCGenFAM;c:\windows\system32\DRIVERS\PCGenFAM.sys [2010-11-01 181704]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-16 136176]

R2 SBKUPNT;SBKUPNT;c:\windows\system32\Drivers\SBKUPNT.SYS [x]

R3 azvusb;Virtual USB Hub;c:\windows\system32\DRIVERS\azvusb.sys [2009-08-13 44544]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2011-10-27 78136]

R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]

R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-16 136176]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-07-27 60800]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-07-27 140672]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

R3 PhilCap;NXP service;c:\windows\system32\DRIVERS\PhilCap.sys [2007-07-31 908896]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-22 174592]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2011-10-27 181432]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-06 1343400]

R3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]

R3 WSDScan;Ondersteuning voor WSD-scan via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]

R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\DRIVERS\Si3531.sys [2009-02-05 212520]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\SYMDS.SYS [2011-01-27 340088]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS [2011-03-15 744568]

S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111123.001\BHDrvx86.sys [2011-11-14 819320]

S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111207.001\IDSvix86.sys [2011-09-24 368248]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\Ironx86.SYS [2011-01-27 136312]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360\0501000.01D\SYMNETS.SYS [2011-07-08 299640]

S2 N360;Norton 360;c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]

S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.4.155\SymcPCCULaunchSvc.exe [2010-09-13 115056]

S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.4.155\ccSvcHst.exe [2009-08-24 126392]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]

S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 625224]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 106104]

S3 netw5v32;Stuurprogramma voor Intel® Wireless WiFi Link 5000 Series-adapter 32-bits Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

.

Inhoud van de 'Gedeelde Taken' map

.

2011-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-16 07:41]

.

2011-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-16 07:41]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.symbaloo.com/

IE: &Verzenden naar OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Doel van koppeling converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Doel van koppeling toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Open with WordPerfect - c:\program files\Corel\WordPerfect Office X5\Programs\WPLauncher.hta

IE: Toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

TCP: DhcpNameServer = 192.168.10.1

FF - ProfilePath - c:\users\Wim\AppData\Roaming\Mozilla\Firefox\Profiles\9tk1lfd8.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.symbaloo.com/nl/

FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties

FF - user.js: capability.policy.policynames - allowclipboard

FF - user.js: capability.policy.allowclipboard.sites - hxxp://www.goedenwel.nl/forum/

FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess

FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\services\N360]

"ImagePath"="\"c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\services\PCCUJobMgr]

"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.4.155\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.4.155\diMaster.dll\" /prefetch:1"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000001

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(1412)

c:\program files\Norton 360\Engine\5.1.0.29\buShell.dll

c:\program files\Norton 360\Engine\5.1.0.29\ccL100U.dll

c:\program files\Norton 360\Engine\5.1.0.29\ccVrTrst.dll

c:\program files\Norton 360\Engine\5.1.0.29\ccSet.dll

c:\program files\Norton 360\Engine\5.1.0.29\ccIPC.dll

c:\program files\Norton 360\Engine\5.1.0.29\ccGEvt.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

c:\program files\Canon\IJPLM\IJPLMSVC.EXE

c:\windows\system32\taskhost.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\conhost.exe

c:\windows\system32\sppsvc.exe

.

**************************************************************************

.

Voltooingstijd: 2011-12-08 13:39:04 - machine werd herstart

ComboFix-quarantined-files.txt 2011-12-08 12:39

ComboFix2.txt 2011-12-08 11:50

ComboFix3.txt 2011-12-07 13:29

.

Pre-Run: 18.942.017.536 bytes beschikbaar

Post-Run: 18.735.697.920 bytes beschikbaar

.

- - End Of File - - E92D01C7B9241C3BC6934EF3C655D45A

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:46:30, on 8-12-2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe

C:\Program Files\Norton PC Checkup\Engine\2.0.4.155\ccSvcHst.exe

C:\Windows\Explorer.exe

C:\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Symbaloo | Access your bookmarks anywhere

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coIEPlg.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [supportAgent_HCC] "C:\Program Files\SmartFix\SupportAgent_HCC\SupportAgent.exe"

O4 - HKCU\..\Run: [screenshot Captor] "C:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe" /autorun

O4 - HKCU\..\Run: [Nuria] C:\Program Files\Nuria\Nuria.exe

O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

O4 - HKCU\..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X5\Programs\WPLauncher.hta

O8 - Extra context menu item: Toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe

O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files\Norton PC Checkup\Engine\2.0.4.155\SymcPCCULaunchSvc.exe

O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files\Norton PC Checkup\Engine\2.0.4.155\ccSvcHst.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--

End of file - 6611 bytes

[kweezie wabbit]

Deze logjes zien er prima uit.

Hoe is het gesteld meet de gastaccount?

[snel0026]

Ik ben nu uiteindelijk goed ingelogd, maar bij MSOffice2010 moet ik voor Outlook en voor Excell toch nog steeds de programma's openen door in de map c:\program files\microsoft office\office14 de betreffende exe-file met rechts aan te klikken en dan als administrator te openen.

Maar ik probeer dat op te lossen door Office opnieuw te installeren.

Ik laat U weten hoe of wat. Ik kom er namelijk niet eerder aan toe dan zondagavond.

10 december 2011 aangepast door snel0026
tekstwijziging

[kweezie wabbit]

OK, geen probleem.

[snel0026]

Toch nog weer later geworden dan verwacht (hoesten, snotteren, benauwd, trillend op de benen) maar uiteindelijk er wel uitgekomen.

Een nieuwe installatie van MSOffice heeft alle problemen opgelost.

Ik kon de oude versie niet verwijderen vanwege onvoldoende machtigingen, maar met behulp van MS is toch alles verdwenen en kon ik herinstalleren.

Ik was bang dat ik een hele schone installatie ven Windows7 zou moeten doen, maar dat viel gelukkig mee.

Dankzij jou zijn de machtigingen in orde gekomen en dankzij MS loopt ook Office weer als een trein.

Heel veel dank.