Mededeling

**smeenk** · 02-02-08, 11:59

Download: RVAXO.exe

Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
Start nu de computer in veilige modus.
Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
Post de inhoud van de logfile in je volgende bericht.

Download Combofix (mirror) naar je Bureaublad.
Dubbelklik op Combofix.exe
Kies voor "Continue" door 1 te typen gevolgd door ENTER.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

**vegetassj22** · 02-02-08, 12:04

Ondertussen is avg al aan het scannen... hij vindt 5 threads... moet ik die eerst laten uitbollen?

**smeenk** · 02-02-08, 12:08

Is beter van wel, die tools laten je systeem herstarten en dan wordt je scanner afgebroken.
Niet echt handig trouwens

**vegetassj22** · 02-02-08, 12:28

Ik krijg een runddl hiscwqvr.ddl error bij het aanloggen... (specified module could not be found)

---RVAXO.exe Updated: 2008-02-02---first run---
Files found:
C:\WINDOWS\system32\qougniax.dllbox
C:\WINDOWS\system32\drvsefr.dll
C:\WINDOWS\system32\rrutv.ini2
C:\Program Files\ucleaner_setup.exe

Uninstallers:

Folders Found:

C:\Program Files\Ultimate Defender

Hosts-file was reset, If you use a custom hosts file please replace it...

--------------RVAXO.exe last run---------------

Files found:

Folders Found:

--------------RVAXO.exe finished----------------

ComboFix blijft zelfs na 20 minuten op Stage_7 steken. Heb uit miserie PC gereset.

**smeenk** · 02-02-08, 12:54

Draai RVAXO nog een keer en post daarna het volgende logje: C:\RVAXO-Vfind.log

Post ook een nieuw logje van Hijackthis

**vegetassj22** · 02-02-08, 13:00

VFind.log is leeg...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:00, on 2008-02-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Stefaan\Desktop\HiJackThis.exe

O2 - BHO: (no name) - {0D8EAB5C-CC9B-4DBD-B10A-3B8AC8F34758} - C:\WINDOWS\system32\vturr.dll (file missing)
O2 - BHO: {451cd522-5523-f13b-aaa4-ca21a8e3e51f} - {f15e3e8a-12ac-4aaa-b31f-3255225dc154} - C:\WINDOWS\system32\xflqdvkg.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [1c3cdeaf] rundll32.exe "C:\WINDOWS\system32\hiscwqvr.dll",b
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201472888093
O17 - HKLM\System\CCS\Services\Tcpip\..\{21494A61-7057-4AD5-9E3F-D96746C11C24}: NameServer = 195.238.2.21,195.238.2.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{21494A61-7057-4AD5-9E3F-D96746C11C24}: NameServer = 195.238.2.21,195.238.2.22
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: qougniax - qougniax.dll (file missing)
O20 - Winlogon Notify: wingdm32 - wingdm32.dll (file missing)
O20 - Winlogon Notify: xxyayww - xxyayww.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 5971 bytes

**smeenk** · 02-02-08, 13:04

Dat is dan jammer

Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
O2 - BHO: (no name) - {0D8EAB5C-CC9B-4DBD-B10A-3B8AC8F34758} - C:\WINDOWS\system32\vturr.dll (file missing)
O2 - BHO: {451cd522-5523-f13b-aaa4-ca21a8e3e51f} - {f15e3e8a-12ac-4aaa-b31f-3255225dc154} - C:\WINDOWS\system32\xflqdvkg.dll (file missing)
O4 - HKLM\..\Run: [1c3cdeaf] rundll32.exe "C:\WINDOWS\system32\hiscwqvr.dll",b
O20 - Winlogon Notify: qougniax - qougniax.dll (file missing)
O20 - Winlogon Notify: wingdm32 - wingdm32.dll (file missing)
O20 - Winlogon Notify: xxyayww - xxyayww.dll (file missing)
Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

Download Deckard's System Scanner naar je Bureaublad.

Sluit alle toepassingen en vensters.
Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
- zorg dat sigcheck.exe toestemming krijgt om dit te doen !
Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

**vegetassj22** · 02-02-08, 13:09

Deckard's System Scanner v20071014.68
Run by Stefaan on 2008-02-02 13:07:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
31: 2008-02-02 12:07:11 UTC - RP31 - Deckard's System Scanner Restore Point
30: 2008-02-02 11:29:54 UTC - RP30 - ComboFix created restore point
29: 2008-02-02 10:57:26 UTC - RP29 - Installed AVG 7.5
28: 2008-02-02 10:50:37 UTC - RP28 - Last known good configuration
27: 2008-02-02 10:50:35 UTC - RP27 - System Checkpoint

-- First Restore Point --
1: 2008-02-02 10:50:31 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Stefaan.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:07, on 2008-02-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Documents and Settings\Stefaan\Desktop\dss.exe
C:\DOCUME~1\Stefaan\Desktop\Stefaan.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201472888093
O17 - HKLM\System\CCS\Services\Tcpip\..\{21494A61-7057-4AD5-9E3F-D96746C11C24}: NameServer = 195.238.2.21,195.238.2.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{21494A61-7057-4AD5-9E3F-D96746C11C24}: NameServer = 195.238.2.21,195.238.2.22
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 5518 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\Stefaan\Desktop\backups\) -------------

backup-20080202-130634-260 O20 - Winlogon Notify: qougniax - qougniax.dll (file missing)
backup-20080202-130634-270 O2 - BHO: {451cd522-5523-f13b-aaa4-ca21a8e3e51f} - {f15e3e8a-12ac-4aaa-b31f-3255225dc154} - C:\WINDOWS\system32\xflqdvkg.dll (file missing)
backup-20080202-130634-353 O2 - BHO: (no name) - {0D8EAB5C-CC9B-4DBD-B10A-3B8AC8F34758} - C:\WINDOWS\system32\vturr.dll (file missing)
backup-20080202-130634-445 O4 - HKLM\..\Run: [1c3cdeaf] rundll32.exe "C:\WINDOWS\system32\hiscwqvr.dll",b
backup-20080202-130634-771 O20 - Winlogon Notify: wingdm32 - wingdm32.dll (file missing)
backup-20080202-130634-913 O20 - Winlogon Notify: xxyayww - xxyayww.dll (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ForceWare Intelligent Application Manager (IAM) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcappflt.exe <Not Verified; ; app_filter Module>
R2 ForcewareWebInterface (Forceware Web Interface) - "c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
R2 nSvcLog (ForceWare user log service) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvclog.exe <Not Verified; NVIDIA; NVIDIA nSvcLog>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Files created between 2008-01-02 and 2008-02-02 -----------------------------

2008-02-02 12:59:35 0 d-------- C:\RVAXO
2008-02-02 12:59:31 16384 --a------ C:\WINDOWS\system32\Restart.exe <Not Verified; WareSoft Software; restart>
2008-02-02 12:51:33 0 d-------- C:\Programmabestanden
2008-02-02 12:51:10 305152 --a------ C:\WINDOWS\IsUn0413.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-02-02 12:51:04 0 d-------- C:\Documents and Settings\Stefaan\WINDOWS
2008-02-02 12:29:37 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-02 12:29:37 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-02 12:29:37 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-02 12:29:37 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-02 12:29:36 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-02-02 12:24:16 652657 --a------ C:\WINDOWS\system32\RVAXO.bat
2008-02-02 12:24:16 69632 --a------ C:\WINDOWS\system32\remove.exe
2008-02-02 11:59:42 0 dr-h----- C:\$VAULT$.AVG
2008-02-02 11:57:41 0 d-------- C:\Documents and Settings\Stefaan\Application Data\AVG7
2008-02-02 11:57:33 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-02 11:57:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-02 11:57:27 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-02-02 11:45:34 103936 --a------ C:\WINDOWS\system32\drvsef.dll
2008-02-02 11:42:32 0 d-------- C:\Program Files\uTorrent
2008-02-02 11:42:29 0 d-------- C:\Documents and Settings\Stefaan\Application Data\uTorrent
2008-02-02 11:15:18 0 d-------- C:\UbiSoft
2008-02-02 11:15:08 0 d-------- C:\WINDOWS\UbiSoft
2008-02-02 11:14:16 0 d-------- C:\Documents and Settings\Michiel\Application Data\Help
2008-02-01 22:13:42 0 d---s---- C:\Documents and Settings\Anneleen\UserData
2008-02-01 18:10:36 0 d-------- C:\Program Files\Google
2008-02-01 18:10:34 0 d-------- C:\Program Files\Picasa2
2008-01-31 21:51:37 0 d-------- C:\Documents and Settings\Maria-Laura\Application Data\Macromedia
2008-01-31 21:51:37 0 d-------- C:\Documents and Settings\Maria-Laura\Application Data\Adobe
2008-01-31 21:51:02 0 d-------- C:\Documents and Settings\Maria-Laura\Application Data\Mozilla
2008-01-31 19:41:12 0 d-------- C:\Documents and Settings\Michiel\Application Data\teamspeak2
2008-01-31 19:41:05 0 d-------- C:\Program Files\Teamspeak2_RC2
2008-01-31 19:15:06 0 d-------- C:\Documents and Settings\Michiel\Contacts
2008-01-31 12:52:04 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-01-31 12:48:10 0 d-------- C:\hegames
2008-01-31 10:17:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-01-30 21:15:15 0 d-------- C:\Documents and Settings\Thomas\Contacts
2008-01-30 19:18:32 0 d-------- C:\Documents and Settings\Hilde\Application Data\Xfire
2008-01-30 19:02:40 0 d-------- C:\Documents and Settings\Anneleen\Application Data\Xfire
2008-01-30 16:44:11 0 d-------- C:\Documents and Settings\Maria-Laura\Contacts
2008-01-29 20:00:49 0 d-------- C:\Documents and Settings\Maria-Laura\Application Data\fretsonfire
2008-01-29 19:57:24 0 d-------- C:\Documents and Settings\Maria-Laura\Application Data\Identities
2008-01-29 19:57:19 0 d--h----- C:\Documents and Settings\Maria-Laura\Templates
2008-01-29 19:57:19 0 dr------- C:\Documents and Settings\Maria-Laura\Start Menu
2008-01-29 19:57:19 0 dr-h----- C:\Documents and Settings\Maria-Laura\SendTo
2008-01-29 19:57:19 0 dr-h----- C:\Documents and Settings\Maria-Laura\Recent
2008-01-29 19:57:19 0 d--h----- C:\Documents and Settings\Maria-Laura\PrintHood
2008-01-29 19:57:19 720896 --a------ C:\Documents and Settings\Maria-Laura\NTUSER.DAT
2008-01-29 19:57:19 0 d--h----- C:\Documents and Settings\Maria-Laura\NetHood
2008-01-29 19:57:19 0 dr------- C:\Documents and Settings\Maria-Laura\My Documents
2008-01-29 19:57:19 0 d--h----- C:\Documents and Settings\Maria-Laura\Local Settings
2008-01-29 19:57:19 0 dr------- C:\Documents and Settings\Maria-Laura\Favorites
2008-01-29 19:57:19 0 d-------- C:\Documents and Settings\Maria-Laura\Desktop
2008-01-29 19:57:19 0 d---s---- C:\Documents and Settings\Maria-Laura\Cookies
2008-01-29 19:57:19 0 dr-h----- C:\Documents and Settings\Maria-Laura\Application Data
2008-01-29 19:57:19 0 d---s---- C:\Documents and Settings\Maria-Laura\Application Data\Microsoft
2008-01-29 08:17:05 0 d-------- C:\Documents and Settings\Thomas\Application Data\fretsonfire
2008-01-28 21:14:05 0 d-------- C:\Documents and Settings\Anneleen\Application Data\fretsonfire
2008-01-28 19:02:38 0 d-------- C:\WINDOWS\system32\LogFiles
2008-01-28 18:53:52 0 d-------- C:\Program Files\WarRock
2008-01-28 18:53:40 0 d-------- C:\Documents and Settings\Stefaan\Application Data\InstallShield
2008-01-28 18:26:43 0 d-------- C:\Documents and Settings\Michiel\Application Data\fretsonfire
2008-01-28 17:10:00 0 d-------- C:\Program Files\Common Files\Logitech
2008-01-28 17:09:40 0 d-------- C:\Program Files\Common Files\LogiShrd
2008-01-28 17:09:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-01-28 17:08:23 0 d-------- C:\Program Files\Logitech
2008-01-28 16:54:17 0 d-------- C:\Documents and Settings\Stefaan\Application Data\fretsonfire
2008-01-28 16:54:10 0 d-------- C:\Program Files\Frets on Fire
2008-01-28 16:11:14 0 d-------- C:\Documents and Settings\Michiel\Application Data\Macromedia
2008-01-28 16:11:14 0 d-------- C:\Documents and Settings\Michiel\Application Data\Adobe
2008-01-28 16:10:20 0 d-------- C:\Documents and Settings\Michiel\Application Data\Mozilla
2008-01-28 16:04:34 0 d-------- C:\Documents and Settings\Michiel\Application Data\Identities
2008-01-28 16:04:30 0 d--h----- C:\Documents and Settings\Michiel\Templates
2008-01-28 16:04:30 0 dr------- C:\Documents and Settings\Michiel\Start Menu
2008-01-28 16:04:30 0 dr-h----- C:\Documents and Settings\Michiel\SendTo
2008-01-28 16:04:30 0 dr-h----- C:\Documents and Settings\Michiel\Recent
2008-01-28 16:04:30 0 d--h----- C:\Documents and Settings\Michiel\PrintHood
2008-01-28 16:04:30 868352 --a------ C:\Documents and Settings\Michiel\NTUSER.DAT
2008-01-28 16:04:30 0 d--h----- C:\Documents and Settings\Michiel\NetHood
2008-01-28 16:04:30 0 dr------- C:\Documents and Settings\Michiel\My Documents
2008-01-28 16:04:30 0 d--h----- C:\Documents and Settings\Michiel\Local Settings
2008-01-28 16:04:30 0 dr------- C:\Documents and Settings\Michiel\Favorites
2008-01-28 16:04:30 0 d-------- C:\Documents and Settings\Michiel\Desktop
2008-01-28 16:04:30 0 d---s---- C:\Documents and Settings\Michiel\Cookies
2008-01-28 16:04:30 0 dr-h----- C:\Documents and Settings\Michiel\Application Data
2008-01-28 16:04:30 0 d---s---- C:\Documents and Settings\Michiel\Application Data\Microsoft
2008-01-28 13:07:30 0 d-------- C:\Documents and Settings\Hilde\Application Data\Macromedia
2008-01-28 13:07:30 0 d-------- C:\Documents and Settings\Hilde\Application Data\Adobe
2008-01-28 13:07:12 0 d-------- C:\Documents and Settings\Hilde\Application Data\Mozilla
2008-01-28 08:46:46 0 d-------- C:\Documents and Settings\Thomas\Application Data\Adobe
2008-01-28 08:45:50 0 d-------- C:\Documents and Settings\Thomas\Application Data\Mozilla
2008-01-28 08:36:05 0 d-------- C:\Documents and Settings\Thomas\Application Data\Macromedia
2008-01-28 07:57:16 0 d-------- C:\Documents and Settings\Hilde\Contacts
2008-01-28 07:55:51 0 d-------- C:\Documents and Settings\Hilde\Application Data\Identities
2008-01-28 07:55:48 0 d--h----- C:\Documents and Settings\Hilde\Templates
2008-01-28 07:55:48 0 dr------- C:\Documents and Settings\Hilde\Start Menu
2008-01-28 07:55:48 0 dr-h----- C:\Documents and Settings\Hilde\SendTo
2008-01-28 07:55:48 0 dr-h----- C:\Documents and Settings\Hilde\Recent
2008-01-28 07:55:48 0 d--h----- C:\Documents and Settings\Hilde\PrintHood
2008-01-28 07:55:48 737280 --a------ C:\Documents and Settings\Hilde\NTUSER.DAT
2008-01-28 07:55:48 0 d--h----- C:\Documents and Settings\Hilde\NetHood
2008-01-28 07:55:48 0 dr------- C:\Documents and Settings\Hilde\My Documents
2008-01-28 07:55:48 0 d--h----- C:\Documents and Settings\Hilde\Local Settings
2008-01-28 07:55:48 0 dr------- C:\Documents and Settings\Hilde\Favorites
2008-01-28 07:55:48 0 d-------- C:\Documents and Settings\Hilde\Desktop
2008-01-28 07:55:48 0 d---s---- C:\Documents and Settings\Hilde\Cookies
2008-01-28 07:55:48 0 dr-h----- C:\Documents and Settings\Hilde\Application Data
2008-01-28 07:55:48 0 d---s---- C:\Documents and Settings\Hilde\Application Data\Microsoft
2008-01-28 07:39:07 0 d-------- C:\Documents and Settings\Anneleen\Application Data\Macromedia
2008-01-28 07:39:07 0 d-------- C:\Documents and Settings\Anneleen\Application Data\Adobe
2008-01-28 07:38:16 0 d-------- C:\Documents and Settings\Anneleen\Application Data\Mozilla
2008-01-28 07:37:19 0 d-------- C:\Documents and Settings\Thomas\Application Data\Identities
2008-01-28 07:37:16 0 d--h----- C:\Documents and Settings\Thomas\Templates
2008-01-28 07:37:16 0 dr------- C:\Documents and Settings\Thomas\Start Menu
2008-01-28 07:37:16 0 dr-h----- C:\Documents and Settings\Thomas\SendTo
2008-01-28 07:37:16 0 dr-h----- C:\Documents and Settings\Thomas\Recent
2008-01-28 07:37:16 0 d--h----- C:\Documents and Settings\Thomas\PrintHood
2008-01-28 07:37:16 749568 --a------ C:\Documents and Settings\Thomas\NTUSER.DAT
2008-01-28 07:37:16 0 d--h----- C:\Documents and Settings\Thomas\NetHood
2008-01-28 07:37:16 0 dr------- C:\Documents and Settings\Thomas\My Documents
2008-01-28 07:37:16 0 d--h----- C:\Documents and Settings\Thomas\Local Settings
2008-01-28 07:37:16 0 dr------- C:\Documents and Settings\Thomas\Favorites
2008-01-28 07:37:16 0 d-------- C:\Documents and Settings\Thomas\Desktop
2008-01-28 07:37:16 0 d---s---- C:\Documents and Settings\Thomas\Cookies
2008-01-28 07:37:16 0 dr-h----- C:\Documents and Settings\Thomas\Application Data
2008-01-28 07:37:16 0 d---s---- C:\Documents and Settings\Thomas\Application Data\Microsoft
2008-01-28 07:27:43 0 d-------- C:\Documents and Settings\Anneleen\Contacts
2008-01-28 07:26:48 0 d-------- C:\Documents and Settings\Anneleen\Application Data\Identities
2008-01-28 07:26:40 0 d--h----- C:\Documents and Settings\Anneleen\Templates
2008-01-28 07:26:40 0 dr------- C:\Documents and Settings\Anneleen\Start Menu
2008-01-28 07:26:40 0 dr-h----- C:\Documents and Settings\Anneleen\SendTo
2008-01-28 07:26:40 0 dr-h----- C:\Documents and Settings\Anneleen\Recent
2008-01-28 07:26:40 0 d--h----- C:\Documents and Settings\Anneleen\PrintHood
2008-01-28 07:26:40 1175552 --a------ C:\Documents and Settings\Anneleen\NTUSER.DAT
2008-01-28 07:26:40 0 d--h----- C:\Documents and Settings\Anneleen\NetHood
2008-01-28 07:26:40 0 dr------- C:\Documents and Settings\Anneleen\My Documents
2008-01-28 07:26:40 0 d--h----- C:\Documents and Settings\Anneleen\Local Settings
2008-01-28 07:26:40 0 dr------- C:\Documents and Settings\Anneleen\Favorites
2008-01-28 07:26:40 0 d-------- C:\Documents and Settings\Anneleen\Desktop
2008-01-28 07:26:40 0 d---s---- C:\Documents and Settings\Anneleen\Cookies
2008-01-28 07:26:40 0 dr-h----- C:\Documents and Settings\Anneleen\Application Data
2008-01-28 07:26:40 0 d---s---- C:\Documents and Settings\Anneleen\Application Data\Microsoft
2008-01-28 00:17:45 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-01-28 00:17:14 0 d-------- C:\WINDOWS\Prefetch
2008-01-28 00:12:38 0 d-------- C:\WINDOWS\peernet
2008-01-28 00:12:37 0 d-------- C:\WINDOWS\provisioning
2008-01-28 00:11:54 0 d-------- C:\WINDOWS\ServicePackFiles
2008-01-28 00:09:31 0 d-------- C:\WINDOWS\EHome
2008-01-27 23:39:46 0 d-------- C:\WINDOWS\system32\PreInstall
2008-01-27 23:39:40 0 d-------- C:\Program Files\Microsoft.NET
2008-01-27 23:39:36 0 d--h----- C:\WINDOWS\$hf_mig$
2008-01-27 23:39:35 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-01-27 23:39:21 0 d-------- C:\WINDOWS\SHELLNEW
2008-01-27 23:30:45 0 d-------- C:\WINDOWS\system32\bits
2008-01-27 23:28:13 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-01-27 23:27:57 0 d---s---- C:\Documents and Settings\Stefaan\UserData
2008-01-27 23:27:00 0 d-------- C:\Documents and Settings\Stefaan\Contacts
2008-01-27 23:26:41 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-01-27 23:26:38 0 d-------- C:\Program Files\MSN Messenger
2008-01-27 23:26:12 0 d-------- C:\Documents and Settings\Stefaan\Application Data\Macromedia
2008-01-27 23:26:12 0 d-------- C:\Documents and Settings\Stefaan\Application Data\Adobe
2008-01-27 23:26:08 1279 --a------ C:\WINDOWS\mozver.dat
2008-01-27 23:24:23 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-27 23:24:22 0 d-------- C:\Documents and Settings\Stefaan\Application Data\Mozilla
2008-01-27 23:24:06 0 d-------- C:\Documents and Settings\Stefaan\Application Data\Xfire
2008-01-27 23:24:05 0 d-------- C:\Program Files\Xfire
2008-01-27 23:15:48 0 d-------- C:\WINDOWS\pss
2008-01-27 23:15:10 0 d-------- C:\Program Files\AMD
2008-01-27 23:14:18 53248 --a------ C:\WINDOWS\system32\wdmioctl.dll <Not Verified; Analog Devices Inc.; Analog Devices Inc. wdmioctl>
2008-01-27 23:14:18 1285632 --a------ C:\WINDOWS\system32\SMMedia.dll <Not Verified; Analog Devices; SoundMAX Integrated Digital Audio>
2008-01-27 23:14:14 49152 --a------ C:\WINDOWS\system32\DSndUp.exe <Not Verified; Analog Devices Inc.; adi DSndUp>
2008-01-27 23:14:14 45056 --a------ C:\WINDOWS\system32\CleanUp.exe <Not Verified; adi; adi CleanUp>
2008-01-27 23:14:14 0 d-------- C:\Program Files\Analog Devices
2008-01-27 23:11:05 0 d-------- C:\WINDOWS\nview
2008-01-27 23:10:19 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-27 23:10:03 22 --a------ C:\WINDOWS\FileName
2008-01-27 23:09:59 0 d-------- C:\Program Files\NVIDIA Corporation
2008-01-27 23:06:32 0 d-------- C:\WINDOWS\ASUSInstAll
2008-01-27 23:06:12 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-01-27 23:05:54 0 d-------- C:\WINDOWS\NV11601268.TMP
2008-01-27 23:05:08 0 d-------- C:\Program Files\Common Files\InstallShield
2008-01-27 23:03:15 5824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-01-27 20:24:01 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-01-27 20:13:56 0 d--hs---- C:\WINDOWS\Installer
2008-01-27 20:13:55 0 d-------- C:\Documents and Settings\Stefaan\Application Data\Identities
2008-01-27 20:13:50 0 d--h----- C:\Documents and Settings\Stefaan\Templates
2008-01-27 20:13:50 0 dr------- C:\Documents and Settings\Stefaan\Start Menu
2008-01-27 20:13:50 0 dr-h----- C:\Documents and Settings\Stefaan\SendTo
2008-01-27 20:13:50 0 dr-h----- C:\Documents and Settings\Stefaan\Recent
2008-01-27 20:13:50 0 d--h----- C:\Documents and Settings\Stefaan\PrintHood
2008-01-27 20:13:50 1310720 --ah----- C:\Documents and Settings\Stefaan\NTUSER.DAT
2008-01-27 20:13:50 0 d--h----- C:\Documents and Settings\Stefaan\NetHood
2008-01-27 20:13:50 0 dr------- C:\Documents and Settings\Stefaan\My Documents
2008-01-27 20:13:50 0 d--h----- C:\Documents and Settings\Stefaan\Local Settings
2008-01-27 20:13:50 0 dr------- C:\Documents and Settings\Stefaan\Favorites
2008-01-27 20:13:50 0 d-------- C:\Documents and Settings\Stefaan\Desktop
2008-01-27 20:13:50 0 d---s---- C:\Documents and Settings\Stefaan\Cookies
2008-01-27 20:13:50 0 dr-h----- C:\Documents and Settings\Stefaan\Application Data
2008-01-27 20:13:07 0 d--hs---- C:\System Volume Information
2008-01-27 20:13:06 229376 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-01-27 20:13:06 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-01-27 20:13:06 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-01-27 20:13:06 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-01-27 20:13:06 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-01-27 20:13:06 229376 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-01-27 20:13:06 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-01-27 20:13:06 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-01-27 20:13:06 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-01-27 20:13:06 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-01-27 20:10:40 0 d-------- C:\WINDOWS\system32\xircom
2008-01-27 20:10:40 0 d-------- C:\Program Files\microsoft frontpage
2008-01-27 20:10:33 229376 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-01-27 20:10:32 0 -rahs---- C:\MSDOS.SYS
2008-01-27 20:10:32 0 -rahs---- C:\IO.SYS
2008-01-27 20:10:32 0 --a------ C:\CONFIG.SYS
2008-01-27 20:10:32 0 --a------ C:\AUTOEXEC.BAT
2008-01-27 20:10:01 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-01-27 20:09:55 0 dr------- C:\WINDOWS\Offline Web Pages
2008-01-27 20:09:54 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-01-27 20:09:33 0 d-------- C:\WINDOWS\system32\DirectX
2008-01-27 20:08:50 0 d---s---- C:\WINDOWS\Tasks
2008-01-27 20:08:47 0 d-------- C:\Program Files\Common Files\MSSoap
2008-01-27 20:08:42 0 d-------- C:\WINDOWS\system32\Macromed
2008-01-27 20:08:42 0 d-------- C:\WINDOWS\srchasst
2008-01-27 20:08:40 0 d-------- C:\Program Files\Movie Maker
2008-01-27 20:08:36 0 d-------- C:\WINDOWS\system32\Restore
2008-01-27 20:08:36 0 d-------- C:\WINDOWS\PCHealth
2008-01-27 20:08:13 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-01-27 20:08:11 0 d-------- C:\WINDOWS\Registration
2008-01-27 20:08:10 0 d--h----- C:\Program Files\WindowsUpdate
2008-01-27 20:08:10 0 d-------- C:\Program Files\Online Services
2008-01-27 20:08:06 0 d-------- C:\Program Files\Messenger
2008-01-27 20:08:00 0 d-------- C:\Program Files\MSN Gaming Zone
2008-01-27 20:07:21 0 d-------- C:\Program Files\Windows NT
2008-01-27 20:07:18 0 d-------- C:\WINDOWS\system32\MsDtc
2008-01-27 20:07:17 0 d-------- C:\WINDOWS\system32\Com
2008-01-27 19:54:04 0 d-------- C:\Program Files\Common Files\ODBC
2008-01-27 19:54:02 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-01-27 19:54:01 0 dr------- C:\Program Files
2008-01-27 19:54:01 0 d-------- C:\Program Files\Common Files
2008-01-27 19:53:42 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-01-27 19:53:42 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-01-27 19:53:42 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-01-27 19:53:42 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-01-27 19:53:42 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-01-27 19:53:42 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-01-27 19:53:42 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-01-27 19:53:42 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-01-27 19:53:42 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-01-27 19:53:42 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-01-27 19:53:42 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-01-27 19:53:42 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-01-27 19:53:42 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-01-27 19:53:42 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-01-27 19:53:42 0 dr------- C:\Documents and Settings\All Users\Documents
2008-01-27 19:53:42 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-01-27 19:53:32 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-01-27 19:53:32 0 d-------- C:\WINDOWS\system32\CatRoot
2008-01-27 19:53:26 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-01-27 19:53:26 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-01-27 19:53:26 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-01-27 19:53:26 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-01-27 19:53:08 0 d-------- C:\Documents and Settings
2008-01-27 19:48:48 0 d-------- C:\WINDOWS
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\WinSxS
2008-01-27 19:48:48 0 dr------- C:\WINDOWS\Web
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\twain_32
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\system32
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\system32\wins
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\system32\wbem
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\system32\usmt
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\system32\spool
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\system32\ShellExt
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\system32\Setup
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\system32\ras
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\system32\oobe
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\system32\npp
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\system32\mui
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\system32\inetsrv
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\system32\IME
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\system32\icsxml
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\system32\ias
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\system32\export
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\system32\drivers
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-01-27 19:48:48 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\system32\dhcp
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\system32\config
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\system32\3076
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\system32\2052
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\system32\1054
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\system32\1042
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\system32\1041
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\system32\1037
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\system32\1033
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\system32\1031
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\system32\1028
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\system32\1025
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\system
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\security
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\Resources
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\repair
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\mui
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\msapps
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\msagent
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\Media
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\java
2008-01-27 19:48:48 0 d--h----- C:\WINDOWS\inf
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\ime
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\Help
2008-01-27 19:48:48 0 dr--s---- C:\WINDOWS\Fonts
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\Driver Cache
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\Debug
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\Cursors
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\Connection Wizard
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\Config
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\AppPatch
2008-01-27 19:48:48 0 d-------- C:\WINDOWS\addins

-- Find3M Report ---------------------------------------------------------------

2008-01-28 00:21:55 502272 --a------ C:\WINDOWS\system32\winlogon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-01-27 19:53:42 62 --ahs---- C:\Documents and Settings\Stefaan\Application Data\desktop.ini

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-01-24 11:15]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-01-24 11:15]
"nwiz"="nwiz.exe" [2006-01-24 11:15 C:\WINDOWS\system32\nwiz.exe]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 10:40]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-02 11:59]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
HDAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
"C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smgr]
mgrs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
"C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe

*Newly Created Service* - PNKBSTRB
*Newly Created Service* - PNKBSTRK

-- End of Deckard's System Scanner: finished at 2008-02-02 13:08:25 ------------

Er staat ook een stefaan.exe in mijn desktop...?

**smeenk** · 02-02-08, 13:21

1) Open een kladblokbestand.
2) Kopieer onderstaande code in dit kladblokbestand.
3) Ga naar Bestand - Opslaan als.
-Bij "Opslaan in" kies je: Bureaublad
-Bij "Bestandsnaam" zet je: fix.reg
-Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
-Klik op de knop Opslaan.

Code:

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smgr]

4) Dubbelklik op de fix.reg file en laat de wijzigingen aan het register toevoegen.

Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
Dit zal alles van RVAXO doen verwijderen.

Verwijder het volgende bestand:
C:\WINDOWS\system32\drvsef.dll

Download ATF cleaner (mirror)(gemaakt door Atribune)

Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Het volgende doen als je ook FireFox als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Het volgende doen als je ook Opera als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

Ga naar Start - Uitvoeren en geef hier het volgende in:
Combofix /U
Druk daarna op OK.
Let op: Er moet een spatie tussen Combofix en /U zitten.

Dit zal Combofix deïnstalleren.

Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
Kijk hier hoe je je systeemherstel moet uitschakelen.
Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

Vertel of er nog problemen zijn

**vegetassj22** · 02-02-08, 19:16

Nee bedankt, alles in orde.

**smeenk** · 02-02-08, 20:10

Graag gedaan hoor

Mededeling

Adware Probleem

Adware Probleem

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment