Probleem met backup.

[hel22]

ComboFix 11-09-18.01 - Rivky 18/09/2011 20:08:47.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3069.1415 [GMT 2:00]

Running from: c:\users\Rivky\Documents\Downloads\Programs\ComboFix.exe

AV: Ashampoo Anti-Malware *Disabled/Updated* {1586225C-B0F7-7A3E-FBB7-F15B3A4D2579}

SP: Ashampoo Anti-Malware *Disabled/Updated* {AEE7C3B8-96CD-75B0-C107-CA2941CA6FC4}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\apps

c:\apps\wwpc\Free Sat TV.url

c:\apps\wwpc\Get Google Pack.url

c:\apps\wwpc\license.txt

c:\apps\wwpc\Movie Downloads.url

c:\apps\wwpc\Privacy Policy.url

c:\apps\wwpc\readme.txt

c:\apps\wwpc\unins000.dat

c:\apps\wwpc\unins000.exe

c:\apps\wwpc\Uninstall Instructions.txt

c:\apps\wwpc\weight loss.url

c:\apps\wwpc\WWPointsCalc.exe

c:\program files\rnamfler

c:\program files\rnamfler\naomf.exe

c:\program files\rnamfler\radprlib.dll

c:\users\Rivky\AppData\Local\ApplicationHistory

c:\users\Rivky\AppData\Local\ApplicationHistory\LacieBackup.exe.c88ccb81.ini.inuse

c:\users\Rivky\AppData\Roaming\.#

c:\users\Rivky\AppData\Roaming\inst.exe

c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf

c:\windows\iun6002.exe

D:\install.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-08-18 to 2011-09-18 )))))))))))))))))))))))))))))))

.

.

2011-09-18 18:32 . 2011-09-18 18:32 -------- d-----w- c:\users\Guest\AppData\Local\temp

2011-09-18 17:37 . 2011-09-18 17:37 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS

2011-09-16 13:00 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{533FC25A-887C-4B45-A490-8D5174F3FE08}\mpengine.dll

2011-09-04 19:19 . 2011-09-04 19:19 -------- d-----w- c:\programdata\Playrix Entertainment

2011-09-04 10:30 . 2011-09-04 10:30 -------- d-----w- c:\program files\Playrix Entertainment

2011-09-01 09:22 . 2011-09-01 09:22 -------- d-----w- c:\program files\iPod

2011-08-31 16:10 . 2011-08-31 16:10 -------- d-----w- c:\users\Rivky\AppData\Roaming\Intel

2011-08-31 16:08 . 2011-08-31 16:08 -------- d-----w- c:\program files\Cisco

2011-08-31 16:08 . 2011-08-31 20:55 -------- d-----w- c:\program files\Common Files\Intel

2011-08-31 16:08 . 2011-08-31 16:08 -------- d-----w- c:\programdata\Intel

2011-08-30 20:54 . 2011-08-30 20:56 -------- d-----w- c:\programdata\Logishrd

2011-08-30 20:54 . 2011-08-30 20:55 -------- d-----w- c:\program files\Logitech

2011-08-30 20:51 . 2011-08-31 20:53 -------- d-----w- c:\program files\Common Files\LogiShrd

2011-08-30 20:51 . 2011-08-30 20:56 -------- d-----w- c:\users\Rivky\AppData\Roaming\Logitech

2011-08-30 20:51 . 2011-08-30 20:51 -------- d-----w- c:\users\Rivky\AppData\Roaming\Logishrd

2011-08-30 14:51 . 2011-08-31 20:53 -------- d-----w- c:\users\UpdatusUser

2011-08-30 14:48 . 2011-08-30 14:48 -------- d-----w- c:\programdata\NVIDIA Corporation

2011-08-30 14:42 . 2011-08-31 20:53 -------- d-----w- c:\program files\NVIDIA Corporation

2011-08-30 14:41 . 2011-08-30 14:41 -------- d-----w- C:\NVIDIA

2011-08-30 13:50 . 2011-08-30 13:50 -------- d-----w- c:\program files\Addition

2011-08-30 10:33 . 2011-08-30 10:36 -------- d-----w- C:\Drivers Backup

2011-08-30 10:30 . 2011-02-08 12:58 1882104 ----a-w- c:\windows\system32\Codejock.Controls.v15.0.1.ocx

2011-08-30 10:30 . 2005-01-12 09:19 456536 ----a-w- c:\windows\system32\XCEEDZIP.DLL

2011-08-30 10:30 . 2004-09-28 09:13 526184 ----a-w- c:\windows\system32\XceedCry.dll

2011-08-30 10:30 . 2004-08-11 13:55 110602 ----a-w- c:\windows\system32\xcdsfx32.bin

2011-08-30 10:30 . 2011-08-30 10:33 -------- d-----w- c:\program files\Driver Magician

2011-08-25 14:41 . 2011-07-09 04:30 2048 ----a-w- c:\windows\system32\tzres.dll

2011-08-23 21:26 . 2011-08-23 21:26 -------- d-----w- c:\program files\Hofmann

2011-08-23 21:11 . 2011-08-23 21:30 -------- d-----w- c:\users\Rivky\FOTO_com

2011-08-22 21:23 . 2011-08-22 21:23 -------- d-----w- C:\temp_petan

2011-08-22 17:21 . 2011-08-31 17:57 -------- d-----w- c:\users\Rivky\AppData\Roaming\petanDrive

2011-08-22 17:20 . 2011-08-22 17:21 -------- d-----w- c:\program files\PetanDrive

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-22 17:04 . 2011-05-20 07:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-26 10:22 . 2011-05-19 22:32 60528 ----a-w- c:\users\Rivky\AppData\Roaming\mdbu.bin

2011-07-22 02:54 . 2011-08-14 13:33 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-07-22 02:48 . 2011-08-14 13:33 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-07-22 02:44 . 2011-08-14 13:33 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-19 06:32 . 2011-07-19 06:32 95744 ----a-w- c:\windows\system32\drivers\dokan.sys

2011-07-19 06:32 . 2011-07-19 06:32 35840 ----a-w- c:\windows\system32\dokan.dll

2011-07-17 16:50 . 2011-07-17 16:50 388096 ----a-r- c:\users\Rivky\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-07-16 04:37 . 2011-08-13 23:06 169984 ----a-w- c:\windows\system32\winsrv.dll

2011-07-16 04:34 . 2011-08-13 23:06 290816 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 04:31 . 2011-08-13 23:06 271360 ----a-w- c:\windows\system32\conhost.exe

2011-07-16 04:19 . 2011-08-13 23:06 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2011-07-16 04:19 . 2011-08-13 23:06 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2011-07-16 04:19 . 2011-08-13 23:06 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2011-07-16 04:19 . 2011-08-13 23:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2011-07-16 04:19 . 2011-08-13 23:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2011-07-16 04:19 . 2011-08-13 23:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2011-07-16 04:19 . 2011-08-13 23:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2011-07-16 04:19 . 2011-08-13 23:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2011-07-16 04:19 . 2011-08-13 23:06 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2011-07-16 04:19 . 2011-08-13 23:06 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2011-07-16 04:19 . 2011-08-13 23:06 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2011-07-16 04:19 . 2011-08-13 23:06 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2011-07-16 04:19 . 2011-08-13 23:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2011-07-16 04:19 . 2011-08-13 23:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2011-07-16 04:19 . 2011-08-13 23:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2011-07-16 04:19 . 2011-08-13 23:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2011-07-16 04:19 . 2011-08-13 23:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2011-07-16 04:19 . 2011-08-13 23:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2011-07-16 04:19 . 2011-08-13 23:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2011-07-16 04:19 . 2011-08-13 23:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2011-07-16 04:19 . 2011-08-13 23:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2011-07-16 04:19 . 2011-08-13 23:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2011-07-16 04:19 . 2011-08-13 23:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2011-07-16 04:19 . 2011-08-13 23:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2011-07-16 02:21 . 2011-08-13 23:06 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:21 . 2011-08-13 23:06 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:21 . 2011-08-13 23:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:21 . 2011-08-13 23:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-12 09:20 . 2011-07-12 09:20 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 09:20 . 2011-07-12 09:20 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 09:20 . 2011-07-12 09:20 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-09 02:26 . 2011-08-13 23:02 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-07-05 16:37 . 2011-07-05 16:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-07-05 16:37 . 2011-07-05 16:37 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-06-23 04:38 . 2011-08-13 23:03 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-06-23 04:38 . 2011-08-13 23:03 3902336 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-06-21 05:39 . 2011-08-13 23:02 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-04-14 16:57 . 2011-07-22 07:48 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2011-03-02 16:23 68216 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 221184]

"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-03-17 3278232]

"StartMenu7"="c:\program files\Start Menu 7\StartMenu7.exe" [2010-04-19 2919288]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Ashampoo Anti-Malware Guard"="c:\program files\Ashampoo\Ashampoo Anti-Malware\AAMW_Guard.exe" [2010-08-26 3314176]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-18 421736]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk]

backup=c:\windows\pss\HotSync Manager.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Rivky^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^Rivky^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk]

path=c:\users\Rivky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk

backup=c:\windows\pss\PdaNet Desktop.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FastFoxUninstall]

rmdir [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FastFoxUninstall2]

rmdir [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FastFoxUninstall3]

rmdir [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FastFoxUninstall4]

rmdir [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FastFoxUninstall5]

rmdir [X]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeechInk Transcription Alerter

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DesktopIconToy]

2009-04-06 15:37 450560 ----a-w- c:\program files\Desktop Icon Toy\DesktopIconToy.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]

2004-01-14 01:10 409600 ----a-w- c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2008-11-12 21:30 133104 ----atw- c:\users\Rivky\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-08-18 23:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaCie Backup]

2007-12-03 09:31 2600960 ----a-w- c:\program files\LaCie\Backup Software\LacieBackup.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]

2007-11-01 16:42 554288 ----a-w- c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-07-05 16:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]

"QlbCtrl.exe"=c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

.

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-12-01 717296]

R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 a2acc;a2acc;c:\program files\MAMUTU\a2accx86.sys [x]

R3 BCASPROT;Advanced System Protector;c:\program files\Systweak\Advanced System Protector\sasprot32.sys [x]

R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2009-09-24 22528]

R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]

R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2009-08-26 25480]

R3 jrdusbser;Modem Interface Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\jrdusbser.sys [2010-08-27 105344]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-21 1343400]

S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-09-24 19592]

S0 RVSDISK;RVSDISK;c:\windows\system32\Drivers\RVSDISK.sys [2008-12-30 11904]

S0 RVSYSTEM;RVSYSTEM;c:\windows\system32\Drivers\RVSYSTEM.sys [2008-12-30 38272]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\HP\QuickPlay\000.fcl [2008-04-23 39408]

S2 AAMW_WSC_Service_Vista;Ashampoo Anti-Malware WSC Service;c:\program files\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_Vista.exe [2010-03-02 52616]

S2 AAMWService;Ashampoo Anti-Malware Service;c:\program files\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe [2011-08-17 1313184]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_08f19d3e5efcf526\aestsrv.exe [2008-02-12 73728]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [2011-07-19 95744]

S2 DokanMounter;DokanMounter;c:\program files\PetanDrive\dokan\mounter.exe [2011-07-19 14848]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]

S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-03-17 86280]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2011-08-10 94880]

S2 PfFilter;PfFilter;c:\program files\IObit\Protected Folder\pffilter.sys [2011-03-16 32672]

S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-03-26 341328]

S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-01 81296]

S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-08-06 44576]

S3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm.sys [2006-09-28 9472]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - AAMWRegFilter

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1169181582-1379610226-3118248491-1001Core.job

- c:\users\Rivky\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-12 21:30]

.

2011-09-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1169181582-1379610226-3118248491-1001UA.job

- c:\users\Rivky\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-12 21:30]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.be/

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyServer = 127.0.0.1:8080

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm

IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm

IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Rivky\AppData\Roaming\Mozilla\Firefox\Profiles\nvl7tg9i.default\

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: browser.startup.homepage - chrome://foxtab/content/homepage.html

FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Read It Later: isreaditlater@ideashower.com - %profile%\extensions\isreaditlater@ideashower.com

FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - %profile%\extensions\mozilla_cc@internetdownloadmanager.com

FF - Ext: Fierr: {2E481B23-66AC-313F-D6A8-A81DDDF26249} - %profile%\extensions\{2E481B23-66AC-313F-D6A8-A81DDDF26249}

FF - Ext: Dr.Web anti-virus link checker: {6614d11d-d21d-b211-ae23-815234e1ebb5} - %profile%\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}

FF - Ext: PlainOldFavorites: {7E7165E2-0767-448c-852F-5FA8714F2C37} - %profile%\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37}

FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor

FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\users\Rivky\AppData\Roaming\IDM\idmmzcc3

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-HotSync - c:\program files\PalmSource\Desktop\HotSync.exe

AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe

AddRemove-MostFun.com Games - Lex Venture: a Crossword Caper - c:\program files\MostFun\LexVentureaCrossword\Uninstall.exe

AddRemove-Weight Watchers Points Calculator_is1 - c:\apps\wwpc\unins000.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]

"ImagePath"="\??\c:\program files\HP\QuickPlay\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1169181582-1379610226-3118248491-1001_Classes\CLSID\{16368eef-0022-4a81-a797-d5c597da3015}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:0000006a

"Therad"=dword:00000018

.

[HKEY_USERS\S-1-5-21-1169181582-1379610226-3118248491-1001_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"scansk"=hex(0):2f,41,ef,87,9b,37,82,a0,70,a7,cb,22,47,a9,99,8f,67,7f,dc,da,85,

67,57,eb,0f,0a,5e,aa,d4,4c,ef,d3,97,bf,af,50,98,42,74,49,00,00,00,00,00,00,\

.

[HKEY_USERS\S-1-5-21-1169181582-1379610226-3118248491-1001_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):23,ca,66,8f,9c,1c,5d,30,fe,6a,7a,18,a1,e5,b3,f6,04,16,2a,6e,41,

86,30,ba,23,6f,5c,42,cd,5b,40,bc,43,61,35,8b,0b,90,e0,79,00,00,00,00,00,00,\

.

[HKEY_USERS\S-1-5-21-1169181582-1379610226-3118248491-1001_Classes\CLSID\{d74196dd-2f44-458d-bb22-0afd0698ea17}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:0000016c

"Therad"=dword:0000000f

"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,

1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-09-18 20:36:33

ComboFix-quarantined-files.txt 2011-09-18 18:36

.

Pre-Run: 32.705.253.376 bytes free

Post-Run: 32.634.490.880 bytes free

.

- - End Of File - - 8A76C9BAD82598324A7D6657B909F6F1

Het startte automatisch op nadat ik het geinstalleerd had... hopelijk is het in orde...

(net daarvoor deed ik een anti virus scan en het vond 1 hoge risico maar toen bleef het haperen bij c://users/rivky/skype/mijn.naam/main.db (of zoiets) en skype is allang verwijderd uit mijn computer. Wat kan dat zijn? Dat lijkt het probleem te zijn, ook bij het backup maken.)

[kape]

Zit de Skype-map nog ergens op je computer ? De foutmelding zou alvast kunnen aanduiden dat dit nog wel het geval is ? Proeer anders met "zoeken" even te ontdekken wat de exacte locatie ervan is ?

[hel22]

Cc cleaner heeft nu nog restjes gevonden. Bij c/ program files heb ik de Skype map verwijdert. Hoe ziet het logje eruit?

[kape]

Combofix heeft wel wat ongewenste items verwijderd, maar verder geen opmerkelijke problemen. Al stel ik me wel vragen bij het herhaald voorkomen van dit :

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FastFoxUninstall]

rmdir [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FastFoxUninstall2]

rmdir [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FastFoxUninstall3]

rmdir [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FastFoxUninstall4]

rmdir [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FastFoxUninstall5]

rmdir [X]

Lijkt me niet nuttig om daar verschillende versies van te hebben. Maar ... dit mag normaal geen aanleiding zijn voor de aanvankelijk gemelde problemen. Zoek het nog even verder uit of het verwijderen van een aantal van deze registerfuncties nuttig en nodig is ?

[hel22]

Wat is dat? Firefox? Wat moet ik nu juist doen?

[kape]

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FastFoxUninstall2]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FastFoxUninstall3]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FastFoxUninstall4]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FastFoxUninstall5]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

[hel22]

Ik ben bezig het bovenvermelde te doen en ashampoo antimalware stopt het en zegt: Toegang gedetecteerd to een geinfecteerd bestand.Het geinfecteerd bestand word momenteel gekopieerd of in het geheugen geladen.

Bestand:C:/32788R22FWJFW/explore.exe

is geinfecteerd door: Heuristic.Dialer;Ras!A2

en vraagt wat ik wil doen? Ik laat het even zo en wacht op je antwoord?

Bedankt

[kape]

Gewoon doorklikken ... veel scanners hebben - ten onrechte - problemen met Combofix.

[hel22]

ComboFix 11-09-19.01 - Rivky 19/09/2011 15:24:56.2.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3069.1733 [GMT 2:00]

Running from: c:\users\Rivky\Desktop\ComboFix_2.exe

Command switches used :: c:\users\Rivky\Desktop\CFScript.txt..txt

AV: Ashampoo Anti-Malware *Disabled/Updated* {1586225C-B0F7-7A3E-FBB7-F15B3A4D2579}

SP: Ashampoo Anti-Malware *Disabled/Updated* {AEE7C3B8-96CD-75B0-C107-CA2941CA6FC4}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2011-08-19 to 2011-09-19 )))))))))))))))))))))))))))))))

.

.

2011-09-19 13:37 . 2011-09-19 13:37 -------- d-----w- c:\users\Guest\AppData\Local\temp

2011-09-19 13:37 . 2011-09-19 13:37 -------- d-----w- c:\users\Gershey\AppData\Local\temp

2011-09-19 13:37 . 2011-09-19 13:37 -------- d-----w- c:\users\gasten\AppData\Local\temp

2011-09-19 13:37 . 2011-09-19 13:37 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-09-16 13:00 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{533FC25A-887C-4B45-A490-8D5174F3FE08}\mpengine.dll

2011-09-04 19:19 . 2011-09-04 19:19 -------- d-----w- c:\programdata\Playrix Entertainment

2011-09-04 10:30 . 2011-09-04 10:30 -------- d-----w- c:\program files\Playrix Entertainment

2011-09-01 09:22 . 2011-09-01 09:22 -------- d-----w- c:\program files\iPod

2011-08-31 16:10 . 2011-08-31 16:10 -------- d-----w- c:\users\Rivky\AppData\Roaming\Intel

2011-08-31 16:08 . 2011-08-31 16:08 -------- d-----w- c:\program files\Cisco

2011-08-31 16:08 . 2011-08-31 20:55 -------- d-----w- c:\program files\Common Files\Intel

2011-08-31 16:08 . 2011-08-31 16:08 -------- d-----w- c:\programdata\Intel

2011-08-30 20:54 . 2011-08-30 20:56 -------- d-----w- c:\programdata\Logishrd

2011-08-30 20:54 . 2011-08-30 20:55 -------- d-----w- c:\program files\Logitech

2011-08-30 20:51 . 2011-08-31 20:53 -------- d-----w- c:\program files\Common Files\LogiShrd

2011-08-30 20:51 . 2011-08-30 20:56 -------- d-----w- c:\users\Rivky\AppData\Roaming\Logitech

2011-08-30 20:51 . 2011-08-30 20:51 -------- d-----w- c:\users\Rivky\AppData\Roaming\Logishrd

2011-08-30 14:51 . 2011-08-31 20:53 -------- d-----w- c:\users\UpdatusUser

2011-08-30 14:48 . 2011-08-30 14:48 -------- d-----w- c:\programdata\NVIDIA Corporation

2011-08-30 14:42 . 2011-08-31 20:53 -------- d-----w- c:\program files\NVIDIA Corporation

2011-08-30 14:41 . 2011-08-30 14:41 -------- d-----w- C:\NVIDIA

2011-08-30 13:50 . 2011-08-30 13:50 -------- d-----w- c:\program files\Addition

2011-08-30 10:33 . 2011-08-30 10:36 -------- d-----w- C:\Drivers Backup

2011-08-30 10:30 . 2011-02-08 12:58 1882104 ----a-w- c:\windows\system32\Codejock.Controls.v15.0.1.ocx

2011-08-30 10:30 . 2005-01-12 09:19 456536 ----a-w- c:\windows\system32\XCEEDZIP.DLL

2011-08-30 10:30 . 2004-09-28 09:13 526184 ----a-w- c:\windows\system32\XceedCry.dll

2011-08-30 10:30 . 2004-08-11 13:55 110602 ----a-w- c:\windows\system32\xcdsfx32.bin

2011-08-30 10:30 . 2011-08-30 10:33 -------- d-----w- c:\program files\Driver Magician

2011-08-25 14:41 . 2011-07-09 04:30 2048 ----a-w- c:\windows\system32\tzres.dll

2011-08-23 21:26 . 2011-08-23 21:26 -------- d-----w- c:\program files\Hofmann

2011-08-23 21:11 . 2011-08-23 21:30 -------- d-----w- c:\users\Rivky\FOTO_com

2011-08-22 21:23 . 2011-08-22 21:23 -------- d-----w- C:\temp_petan

2011-08-22 17:21 . 2011-08-31 17:57 -------- d-----w- c:\users\Rivky\AppData\Roaming\petanDrive

2011-08-22 17:20 . 2011-08-22 17:21 -------- d-----w- c:\program files\PetanDrive

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-22 17:04 . 2011-05-20 07:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-26 10:22 . 2011-05-19 22:32 60528 ----a-w- c:\users\Rivky\AppData\Roaming\mdbu.bin

2011-07-22 02:54 . 2011-08-14 13:33 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-07-22 02:48 . 2011-08-14 13:33 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-07-22 02:44 . 2011-08-14 13:33 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-19 06:32 . 2011-07-19 06:32 95744 ----a-w- c:\windows\system32\drivers\dokan.sys

2011-07-19 06:32 . 2011-07-19 06:32 35840 ----a-w- c:\windows\system32\dokan.dll

2011-07-17 16:50 . 2011-07-17 16:50 388096 ----a-r- c:\users\Rivky\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-07-16 04:37 . 2011-08-13 23:06 169984 ----a-w- c:\windows\system32\winsrv.dll

2011-07-16 04:34 . 2011-08-13 23:06 290816 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 04:31 . 2011-08-13 23:06 271360 ----a-w- c:\windows\system32\conhost.exe

2011-07-16 04:19 . 2011-08-13 23:06 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2011-07-16 04:19 . 2011-08-13 23:06 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2011-07-16 04:19 . 2011-08-13 23:06 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2011-07-16 04:19 . 2011-08-13 23:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2011-07-16 04:19 . 2011-08-13 23:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2011-07-16 04:19 . 2011-08-13 23:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2011-07-16 04:19 . 2011-08-13 23:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2011-07-16 04:19 . 2011-08-13 23:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2011-07-16 04:19 . 2011-08-13 23:06 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2011-07-16 04:19 . 2011-08-13 23:06 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2011-07-16 04:19 . 2011-08-13 23:06 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2011-07-16 04:19 . 2011-08-13 23:06 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2011-07-16 04:19 . 2011-08-13 23:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2011-07-16 04:19 . 2011-08-13 23:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2011-07-16 04:19 . 2011-08-13 23:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2011-07-16 04:19 . 2011-08-13 23:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2011-07-16 04:19 . 2011-08-13 23:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2011-07-16 04:19 . 2011-08-13 23:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2011-07-16 04:19 . 2011-08-13 23:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2011-07-16 04:19 . 2011-08-13 23:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2011-07-16 04:19 . 2011-08-13 23:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2011-07-16 04:19 . 2011-08-13 23:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2011-07-16 04:19 . 2011-08-13 23:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2011-07-16 04:19 . 2011-08-13 23:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2011-07-16 02:21 . 2011-08-13 23:06 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:21 . 2011-08-13 23:06 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:21 . 2011-08-13 23:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:21 . 2011-08-13 23:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-12 09:20 . 2011-07-12 09:20 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 09:20 . 2011-07-12 09:20 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 09:20 . 2011-07-12 09:20 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-09 02:26 . 2011-08-13 23:02 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-07-05 16:37 . 2011-07-05 16:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-07-05 16:37 . 2011-07-05 16:37 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-06-23 04:38 . 2011-08-13 23:03 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-06-23 04:38 . 2011-08-13 23:03 3902336 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-04-14 16:57 . 2011-07-22 07:48 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2011-03-02 16:23 68216 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 221184]

"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-03-17 3278232]

"StartMenu7"="c:\program files\Start Menu 7\StartMenu7.exe" [2010-04-19 2919288]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Ashampoo Anti-Malware Guard"="c:\program files\Ashampoo\Ashampoo Anti-Malware\AAMW_Guard.exe" [2010-08-26 3314176]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-18 421736]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk]

backup=c:\windows\pss\HotSync Manager.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Rivky^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^Rivky^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk]

path=c:\users\Rivky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk

backup=c:\windows\pss\PdaNet Desktop.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FastFoxUninstall]

rmdir [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DesktopIconToy]

2009-04-06 15:37 450560 ----a-w- c:\program files\Desktop Icon Toy\DesktopIconToy.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]

2004-01-14 01:10 409600 ----a-w- c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2008-11-12 21:30 133104 ----atw- c:\users\Rivky\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-08-18 23:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaCie Backup]

2007-12-03 09:31 2600960 ----a-w- c:\program files\LaCie\Backup Software\LacieBackup.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]

2007-11-01 16:42 554288 ----a-w- c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-07-05 16:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]

"QlbCtrl.exe"=c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

.

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-12-01 717296]

R2 AAMW_WSC_Service_Vista;Ashampoo Anti-Malware WSC Service;c:\program files\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_Vista.exe [2010-03-02 52616]

R2 DokanMounter;DokanMounter;c:\program files\PetanDrive\dokan\mounter.exe [2011-07-19 14848]

R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 a2acc;a2acc;c:\program files\MAMUTU\a2accx86.sys [x]

R3 BCASPROT;Advanced System Protector;c:\program files\Systweak\Advanced System Protector\sasprot32.sys [x]

R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2009-09-24 22528]

R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]

R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2009-08-26 25480]

R3 jrdusbser;Modem Interface Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\jrdusbser.sys [2010-08-27 105344]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-21 1343400]

S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-09-24 19592]

S0 RVSDISK;RVSDISK;c:\windows\system32\Drivers\RVSDISK.sys [2008-12-30 11904]

S0 RVSYSTEM;RVSYSTEM;c:\windows\system32\Drivers\RVSYSTEM.sys [2008-12-30 38272]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\HP\QuickPlay\000.fcl [2008-04-23 39408]

S2 AAMWService;Ashampoo Anti-Malware Service;c:\program files\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe [2011-08-17 1313184]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_08f19d3e5efcf526\aestsrv.exe [2008-02-12 73728]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [2011-07-19 95744]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]

S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-03-17 86280]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2011-08-10 94880]

S2 PfFilter;PfFilter;c:\program files\IObit\Protected Folder\pffilter.sys [2011-03-16 32672]

S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-03-26 341328]

S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]

S3 AAMWRegFilter;AAMWRegFilter;c:\program files\Ashampoo\Ashampoo Anti-Malware\AAMW_Regfilter32.sys [2010-01-20 18584]

S3 ASW3Scan;ASW3Scan;c:\program files\Ashampoo\Ashampoo Anti-Malware\AAMW_IFS32.sys [2010-06-16 17816]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-01 81296]

S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-08-06 44576]

S3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm.sys [2006-09-28 9472]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - AAMWREGFILTER

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1169181582-1379610226-3118248491-1001Core.job

- c:\users\Rivky\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-12 21:30]

.

2011-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1169181582-1379610226-3118248491-1001UA.job

- c:\users\Rivky\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-12 21:30]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.be/

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyServer = 127.0.0.1:8080

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm

IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm

IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Rivky\AppData\Roaming\Mozilla\Firefox\Profiles\nvl7tg9i.default\

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: browser.startup.homepage - chrome://foxtab/content/homepage.html

FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Read It Later: isreaditlater@ideashower.com - %profile%\extensions\isreaditlater@ideashower.com

FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - %profile%\extensions\mozilla_cc@internetdownloadmanager.com

FF - Ext: Fierr: {2E481B23-66AC-313F-D6A8-A81DDDF26249} - %profile%\extensions\{2E481B23-66AC-313F-D6A8-A81DDDF26249}

FF - Ext: Dr.Web anti-virus link checker: {6614d11d-d21d-b211-ae23-815234e1ebb5} - %profile%\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}

FF - Ext: PlainOldFavorites: {7E7165E2-0767-448c-852F-5FA8714F2C37} - %profile%\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37}

FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor

FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\users\Rivky\AppData\Roaming\IDM\idmmzcc3

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]

"ImagePath"="\??\c:\program files\HP\QuickPlay\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1169181582-1379610226-3118248491-1001_Classes\CLSID\{16368eef-0022-4a81-a797-d5c597da3015}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:0000006a

"Therad"=dword:00000018

.

[HKEY_USERS\S-1-5-21-1169181582-1379610226-3118248491-1001_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"scansk"=hex(0):2f,41,ef,87,9b,37,82,a0,70,a7,cb,22,47,a9,99,8f,67,7f,dc,da,85,

67,57,eb,0f,0a,5e,aa,d4,4c,ef,d3,97,bf,af,50,98,42,74,49,00,00,00,00,00,00,\

.

[HKEY_USERS\S-1-5-21-1169181582-1379610226-3118248491-1001_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):23,ca,66,8f,9c,1c,5d,30,fe,6a,7a,18,a1,e5,b3,f6,04,16,2a,6e,41,

86,30,ba,23,6f,5c,42,cd,5b,40,bc,43,61,35,8b,0b,90,e0,79,00,00,00,00,00,00,\

.

[HKEY_USERS\S-1-5-21-1169181582-1379610226-3118248491-1001_Classes\CLSID\{d74196dd-2f44-458d-bb22-0afd0698ea17}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:0000016c

"Therad"=dword:0000000f

"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,

1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(4808)

c:\program files\Start Menu 7\VistaStartMenu.dll

c:\windows\system32\BsLangInDepRes.dll

c:\windows\system32\Bs2Res.dll

.

Completion time: 2011-09-19 15:45:13

ComboFix-quarantined-files.txt 2011-09-19 13:45

ComboFix2.txt 2011-09-18 18:36

.

Pre-Run: 32.869.945.344 bytes free

Post-Run: 34.397.433.856 bytes free

.

- - End Of File - - B5CDCCBD9E9301E74E03514354C84833

[kape]

OK, nu zijn we er helemaal door. Hoe staat het nu met je initiële probleem ?