Post die logjes ook maar even

Tja ??

Welke logjes en waar vind ik die .
Sorry hoor maar ken er wel iets van maar Net niet genoeg
Mvg Luc

Zijn het deze ??

Deckard's System Scanner v20071014.68
Run by Luc &Pascale on 2008-04-30 09:13:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis (run as Luc &Pascale.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:13:42, on 30/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\vwtmxahm\xkfepmnw.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\vsnpstd2.exe
C:\apps\ABoard\AOSD.exe
C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Telenet EasyCare\bin\mpbtn.exe
C:\PROGRA~1\Motive\Common\MOTIVE~1.EXE
C:\Program Files\Telenet EasyCare\bin\mad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Luc &Pascale\Bureaublad\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\LUC&PA~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {641C5B98-BEA6-41FD-968E-66C944C58355} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A9AF4926-E6B9-4CB7-9128-85001AFEAD10} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [RVAXO] RVAXO.bat
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [KC5GPChTBf] C:\Documents and Settings\All Users\Application Data\vwtmxahm\xkfepmnw.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Telenet EasyCare.lnk = C:\Program Files\Telenet EasyCare\bin\matcli.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\benl.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174591918187
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://prinsipessaa.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-bed.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - http://imikimi.com/download/imikimi_plugin.cab
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 9731 bytes

-- Files created between 2008-03-30 and 2008-04-30 -----------------------------

2008-04-30 08:21:27 7048 --a------ C:\WINDOWS\system32\fixp.bat
2008-04-30 08:21:26 16384 --a------ C:\WINDOWS\system32\Restart.exe <Not Verified; WareSoft Software; restart>
2008-04-30 08:21:25 811442 --a------ C:\WINDOWS\system32\RVAXO.bat
2008-04-30 08:21:25 69632 --a------ C:\WINDOWS\system32\remove.exe
2008-04-30 08:08:19 0 d-------- C:\Program Files\SpywareBlaster
2008-04-30 07:40:55 0 d-------- C:\Program Files\Trend Micro
2008-04-24 18:07:33 77824 --a-----t C:\WINDOWS\system32\DRWEBSP.DLL <Not Verified; Doctor Web, Ltd.; Dr.Web Anti-Virus>
2008-04-24 18:07:28 0 d-------- C:\Program Files\DrWeb
2008-04-24 15:15:37 0 d-------- C:\Program Files\Enigma Software Group
2008-04-16 18:31:20 0 d-------- C:\Program Files\TrojanHunter 4.2
2008-04-16 18:02:44 0 dr-h----- C:\Documents and Settings\Luc &Pascale\Onlangs geopend
2008-04-14 11:57:10 86615 --ahs---- C:\WINDOWS\system32\YHRsBJjl.ini2
2008-04-14 01:09:55 92996 --ahs---- C:\WINDOWS\system32\rAbdNXyb.ini2
2008-04-14 01:04:57 0 d-------- C:\Documents and Settings\All Users\Application Data\vwtmxahm
2008-04-06 21:04:49 0 d-------- C:\Program Files\InterActual
2008-04-06 20:08:08 0 d-------- C:\Program Files\MP3 Player Utilities 3.68
2008-04-06 19:40:36 0 d-------- C:\Movavi files


-- Find3M Report ---------------------------------------------------------------

2008-04-24 18:07:28 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-20 13:00:09 513792 --a------ C:\WINDOWS\system32\perfh013.dat
2008-04-20 13:00:09 92930 --a------ C:\WINDOWS\system32\perfc013.dat
2008-04-18 16:30:09 0 d-------- C:\Documents and Settings\Luc &Pascale\Application Data\AVG7
2008-03-11 16:31:13 0 d-------- C:\Program Files\MSN Messenger
2008-03-11 15:59:20 0 d------c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-11 15:59:12 0 d-------- C:\Program Files\Windows Live
2008-03-11 15:58:23 0 d-------- C:\Program Files\Windows Live Toolbar
2008-03-10 19:32:27 0 d-------- C:\Program Files\Java
2008-03-05 12:51:04 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-05 12:42:29 0 d-------- C:\Program Files\Common Files
2008-03-03 13:18:58 0 d-------- C:\Documents and Settings\Luc &Pascale\Application Data\Vso


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{641C5B98-BEA6-41FD-968E-66C944C58355}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A9AF4926-E6B9-4CB7-9128-85001AFEAD10}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/08/2004 15:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 15:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 15:00]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [01/07/2004 13:02]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [01/07/2004 12:58]
"SoundMan"="SOUNDMAN.EXE" [18/06/2004 17:31 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 02:11]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [08/10/2004 04:14]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [02/05/2003 11:31]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [15/04/2008 11:29]
"SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [30/08/2004 16:37]
"Motive SmartBridge"="C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe" [21/04/2006 15:41]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [27/04/2007 09:41]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [14/09/2005 20:44]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 15:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [09/06/2007 17:57]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 18:24]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"RVAXO"=RVAXO.bat

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [10/04/2007 17:28:05]
Telenet EasyCare.lnk - C:\Program Files\Telenet EasyCare\bin\matcli.exe [25/04/2007 17:59:42]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"KC5GPChTBf"=C:\Documents and Settings\All Users\Application Data\vwtmxahm\xkfepmnw.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ljJBsRHY




-- End of Deckard's System Scanner: finished at 2008-04-30 09:14:02 ------------

Start Hijackthis en vink alleen de volgende regels aan:
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {641C5B98-BEA6-41FD-968E-66C944C58355} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A9AF4926-E6B9-4CB7-9128-85001AFEAD10} - (no file)
O2 - BHO: (no name) - {EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9} - (no file)
O4 - HKLM\..\Policies\Explorer\Run: [KC5GPChTBf] C:\Documents and Settings\All Users\Application Data\vwtmxahm\xkfepmnw.exe
Sluit alle openstaande vensters(behalve Hijackthis) en klik op de knop "Fix checked".

Herstart je computer.

Post na de herstart een nieuw logje van Deckard's System Scanner

heb hetr uitgevoerd en dit zijn de logs
Mvg

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:23:58, on 5/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\apps\ABoard\AOSD.exe
C:\WINDOWS\vsnpstd2.exe
C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Telenet EasyCare\bin\mpbtn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.standaard.be/index.html?ref=20080505
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Telenet EasyCare.lnk = C:\Program Files\Telenet EasyCare\bin\matcli.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\benl.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174591918187
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://prinsipessaa.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-bed.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - http://imikimi.com/download/imikimi_plugin.cab
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 8993 bytes

Download dit bestand: zoek.exe
Dubbelklik het, na een tijdje opent er een logje.
Post de inhoud van dit logje in je volgende bericht

======C:\WINDOWS====
----a-w 0 2008-05-06 09:19:24 C:\WINDOWS\0.log
--s-a-w 2,048 2008-05-06 09:18:23 C:\WINDOWS\bootstat.dat
----a-w 5,143 2008-04-20 16:44:57 C:\WINDOWS\cdplayer.ini
----a-w 3,030 2008-04-24 10:43:07 C:\WINDOWS\EventSystem.log
----a-w 0 2008-04-06 19:06:34 C:\WINDOWS\iPlayer.INI
----a-w 1,409 2008-04-23 11:44:39 C:\WINDOWS\QTFont.for
---ha-w 54,156 2008-04-23 11:44:39 C:\WINDOWS\QTFont.qfn
----a-w 32,460 2008-05-06 08:19:22 C:\WINDOWS\SchedLgU.Txt
----a-w 13,600 2008-04-30 06:23:50 C:\WINDOWS\setupapi.log
------r 59,392 2008-04-16 16:31:21 C:\WINDOWS\streamhlp.dll
----a-w 159 2008-05-06 09:18:51 C:\WINDOWS\wiadebug.log
----a-w 49 2008-05-06 09:18:49 C:\WINDOWS\wiaservc.log
----a-w 696 2008-04-06 18:11:14 C:\WINDOWS\win.ini
----a-w 1,921,941 2008-05-06 13:01:13 C:\WINDOWS\WindowsUpdate.log
----a-w 4,806 2008-04-29 20:53:42 C:\WINDOWS\wmsetup.log
----a-w 489 2008-04-26 04:21:39 C:\WINDOWS\wmsetup10.log

Entries: 16 (14)
Directories: 0 Files: 16
Bytes: 2,099,378 Blocks: 4,106
======C:\WINDOWS\system32=====
----a-w 15 2008-04-15 10:38:06 C:\WINDOWS\System32\clkcnt.txt
----atw 77,824 2008-04-24 16:07:33 C:\WINDOWS\System32\DRWEBSP.DLL
----a-w 325,912 2008-04-09 12:29:10 C:\WINDOWS\System32\FNTCACHE.DAT
----a-w 6,242 2008-03-10 17:32:27 C:\WINDOWS\System32\jupdate-1.6.0_05-b13.log
----a-w 143 2008-04-15 10:38:07 C:\WINDOWS\System32\mcrh.tmp
----a-w 19,836,024 2008-04-06 05:56:20 C:\WINDOWS\System32\MRT.exe
----a-w 72,800 2008-04-20 11:00:09 C:\WINDOWS\System32\perfc009.dat
----a-w 92,930 2008-04-20 11:00:09 C:\WINDOWS\System32\perfc013.dat
----a-w 445,368 2008-04-20 11:00:09 C:\WINDOWS\System32\perfh009.dat
----a-w 513,792 2008-04-20 11:00:09 C:\WINDOWS\System32\perfh013.dat
----a-w 1,139,012 2008-04-20 11:00:09 C:\WINDOWS\System32\PerfStringBackup.INI
--sha-w 93,778 2008-04-14 08:18:55 C:\WINDOWS\System32\rAbdNXyb.ini
--sha-w 92,996 2008-04-14 08:17:51 C:\WINDOWS\System32\rAbdNXyb.ini2
----a-w 811,442 2008-04-30 05:05:20 C:\WINDOWS\System32\RVAXO.bat
----a-w 90,112 2008-05-05 11:58:59 C:\WINDOWS\System32\vqladoda.exe
----a-w 1,845,376 2008-03-20 08:10:47 C:\WINDOWS\System32\win32k.sys
----a-w 1,158 2008-05-06 14:07:49 C:\WINDOWS\System32\wpa.dbl
--sha-w 86,615 2008-04-15 20:12:36 C:\WINDOWS\System32\YHRsBJjl.ini
--sha-w 86,615 2008-04-15 20:11:11 C:\WINDOWS\System32\YHRsBJjl.ini2

Entries: 19 (15)
Directories: 0 Files: 19
Bytes: 25,618,154 Blocks: 50,046
======C:\WINDOWS\system32\drivers=====
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0
=======C:\Program Files=====
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0
=======C:=====
----a-w 478 2008-04-07 12:41:25 C:\LOG12.log
----a-w 0 2008-04-07 12:41:25 C:\LOG12.tmp
----a-w 504 2008-03-19 15:49:58 C:\LOG12E.log
----a-w 0 2008-03-19 15:47:57 C:\LOG12E.tmp
--sha-w 791,715,840 2008-05-06 09:18:17 C:\pagefile.sys
----a-w 160 2008-04-30 07:39:27 C:\RVAXO-results.log
---ha-w 232 2008-03-25 22:48:35 C:\sqmdata02.sqm
---ha-w 232 2008-04-09 09:05:13 C:\sqmdata03.sqm
---ha-w 232 2008-04-09 17:51:21 C:\sqmdata04.sqm
---ha-w 232 2008-04-23 19:06:30 C:\sqmdata05.sqm
---ha-w 244 2008-03-25 22:48:35 C:\sqmnoopt02.sqm
---ha-w 244 2008-04-09 09:05:12 C:\sqmnoopt03.sqm
---ha-w 244 2008-04-09 17:51:20 C:\sqmnoopt04.sqm
---ha-w 244 2008-04-23 19:06:30 C:\sqmnoopt05.sqm

Entries: 14 (5)
Directories: 0 Files: 14
Bytes: 791,718,886 Blocks: 1,546,331
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0
======C:\Temp======
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0
----a-w 6,291,456 2008-05-06 13:10:36 C:\Documents and Settings\Luc &Pascale\ntuser.dat
---ha-w 65,536 2008-05-06 14:10:07 C:\Documents and Settings\Luc &Pascale\ntuser.dat.LOG
--sh--w 288 2008-05-06 13:10:37 C:\Documents and Settings\Luc &Pascale\ntuser.ini

Entries: 3 (1)
Directories: 0 Files: 3
Bytes: 6,357,280 Blocks: 12,417
======C:\WINDOWS\Downloaded Program Files====
----a-w 1,527,056 2008-03-24 17:33:02 C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe

Entries: 1 (1)
Directories: 0 Files: 1
Bytes: 1,527,056 Blocks: 2,983
=============

Open een kladblokbestand.
Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

@ECHO OFF
RD /S /Q "C:\Documents and Settings\All Users\Application Data\vwtmxahm"
IF EXIST log.txt DEL log.txt
ECHO Deleting files>>log.txt
FOR %%g in (
C:\WINDOWS\System32\clkcnt.txt
C:\WINDOWS\System32\mcrh.tmp
C:\WINDOWS\System32\rAbdNXyb.ini
C:\WINDOWS\System32\rAbdNXyb.ini2
C:\WINDOWS\System32\vqladoda.exe
C:\WINDOWS\System32\YHRsBJjl.ini
C:\WINDOWS\System32\YHRsBJjl.ini2
"C:\Documents and Settings\All Users\Application Data\vwtmxahm") DO (
DEL /Q %%gNUCIA
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
REN %%g *NUCIA
IF EXIST %%gNUCIA (
ECHO renamed to %%gNUCIA>>log.txt)
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
ECHO.>>log.txt
TYPE C:\RVAXO-results.log>>log.txt
START NOTEPAD.EXE log.txt

Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: del.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.

Dubbelklik op del.bat en post de inhoud van de logfile die opent.

Deleting files
C:\WINDOWS\System32\clkcnt.txt deleted
C:\WINDOWS\System32\mcrh.tmp deleted
C:\WINDOWS\System32\rAbdNXyb.ini deleted
C:\WINDOWS\System32\rAbdNXyb.ini2 deleted
C:\WINDOWS\System32\vqladoda.exe deleted
C:\WINDOWS\System32\YHRsBJjl.ini deleted
C:\WINDOWS\System32\YHRsBJjl.ini2 deleted
"C:\Documents and Settings\All Users\Application Data\vwtmxahm" not found

---RVAXO.exe Updated: 2008-04-30---first run---
Uninstallers:
---RVAXO.exe Updated: 2008-04-30---first run---
Uninstallers:

Doe dit nog:

Je Java software is verouderd.
Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

• Download Java Runtime Environment (JRE) 6u6 en bewaar het naar je Bureaublad.
• Sluit alle programma's die eventueel open zijn - Zeker je web browser!
• Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
• Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
• Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
• Herhaal dit tot alle oudere versies verdwenen zijn.
• Na het verwijderen van alle oudere versies, herstart je pc.
• Dubbelklik vervolgens op jre-6u6-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.

Download ATF cleaner (mirror)(gemaakt door Atribune)

Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Het volgende doen als je ook FireFox als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Het volgende doen als je ook Opera als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
Kijk hier hoe je je systeemherstel moet uitschakelen.
Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

Groeten smeenk

heb alles uitgevoerd zolas je me opdraagde
Moet er nu nog iets gebeuren of is alles weg nu
Alvast bedankt om je zeer deskundige uitleg en hulp

Graag gedaan hoor

Volgens mij is alles OK nu