TrojanSpm/lx waarschuwing => log

[GeHaWk]

Hey iedereen ik krijg een trojanspml/lx waarschuwing

ik post ff een logje:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:03:24, on 9/10/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Dit.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Online Video Add-on\isfmntr.exe
C:\Program Files\Online Video Add-on\icthis.exe
C:\Program Files\Online Video Add-on\isfmm.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Online Video Add-on\icmntr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\ESET\nod32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O2 - BHO: (no name) - {CFE15135-C591-4000-A55E-A50E5F9F82BC} - C:\Program Files\Online Video Add-on\isfmdl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Trust Gaming mouse] "C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\RunOnce: [AAW] "C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Online Video Add-on\icthis.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Online Video Add-on\isfmntr.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} (Microsoft Office XP Professional Step by Step Interactive) - file://C:\Program Files\Microsoft Interactieve Training\o10c\mitm0026.cab
O22 - SharedTaskScheduler: evangeliarium - {34ec76b6-53c4-4686-822f-910c790683fb} - C:\WINDOWS\System32\flirek.dll (file missing)
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE (file missing)
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

--
End of file - 7701 bytes

What to do?
Merci!

[Jurgenv1]

* Download SmitfraudFix (by S!Ri)
Unzip het naar je bureaublad.
Lees hier hoe je op de juiste wijze moet unzippen/uitpakken.
Dit zal een nieuwe map op je bureaublad aanmaken met de naam Smitfraudfix
Verder nog niet gebruiken.

* Start nu je pc op in VEILIGE MODE. ( zonder netwerkondersteuning! )
Hoe start ik in veilige mode op.

* Clean de Cache and Cookies in IE:

• Sluit Internet Explorer.
• Ga naar Configuratiescherm > Internet Opties > tab Algemeen
• Klik de "Cookies verwijderen" knop
• Klik op de "Bestanden verwijderen" knop ernaast
• Vink aan: "Ook alle off line items verwijderen", klik OK

* Clean de Cache and Cookies in Firefox (In geval Firefox geïnstalleerd is):

• Go to Extra > Opties.
• Klik Privacy in het menu.
• Klik op de knop wissen (Geschiedenis, Cookies, Cache).
• Klik OK om het venster opnieuw te sluiten.

* Clean andere Temporary files + Prullenbak

• Ga naar start > uitvoeren en typ: cleanmgr en klik ok.
• Laat het je systeem scannen op bestanden die moeten verwijderd worden
• Zorg er wel voor dat je daar enkel maar 'tijdelijke bestanden', 'tijdelijke internetbestanden' en 'prullenbak' staan aangevinkt.
• Klik daarna op ok.

* Open de SmitfraudFix map en dubbelklik smitfraudfix.cmd
Kies optie #2 - Clean door 2 te typen en op "Enter" te klikken.

Er zal gevraagd worden : "Registry cleaning - Do you want to clean the registry ?"; antwoord "Yes/ja" door Y te typen en daarna op "Enter" te klikken. Dit zal je bureaublad terug herstellen en registersleutels die deze infectie heeft gemaakt terug verwijderen.

Daarna zal de tool nagaan als wininet.dll is geïnfecteerd. Indien dit het geval is, zal er gevraagd worden om de geïnfecteerde wininet.dll te herplaatsen met een niet geïnfecteerde kopie van wininet.dll aanwezig op je computer (indien gevonden); antwoord "Yes/ja" door Y te typen en daarna op Enter te klikken.

De tool zal daarna je computer opnieuw laten opstarten om de restanten te verwijderen;
Indien het niet automatisch opstart, start je pc zelf opnieuw op naar normale mode terug (dus geen veilige mode)
Een log zal openen na het opnieuw opstarten. Deze bevindt zich ook hier: C:\rapport.txt
Ik heb die log later nodig als checkup.

Opgelet : Optie #2 gebruiken op een niet geïnfecteerde computer zal uw bureaublad verwijderen.

* Voer een onlinescan uit met Panda: http://www.pandasoftware.com/products/activescan.htm
Vink aan: All my computer
Zorg ervoor dat alles aangevinkt is in de scanopties.

Na de scan kan je een log laten maken. Bewaar die log naar je bureaublad en kopieer en plak die in je volgend bericht,
samen met een nieuwe HijackThis Log en de log van smitfraudfix ( C:\rapport.txt )

[GeHaWk]

Hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:06:33, on 14/10/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Dit.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Trust Gaming mouse] "C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} (Microsoft Office XP Professional Step by Step Interactive) - file://C:\Program Files\Microsoft Interactieve Training\o10c\mitm0026.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O22 - SharedTaskScheduler: evangeliarium - {34ec76b6-53c4-4686-822f-910c790683fb} - C:\WINDOWS\System32\flirek.dll (file missing)
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE (file missing)
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

--
End of file - 6729 bytes

panda scan




Incident Status Location

Virus:Generic Malware Not disinfected C:\Documents and Settings\Eigenaar\Bureaublad\setup(2).exe[²ÜÇ\gala.dll]
Virus:Generic Malware Not disinfected C:\Documents and Settings\Eigenaar\Bureaublad\setup.exe[²ÜÇ\gala.dll]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Eigenaar\Bureaublad\SmitfraudFix\Process. exe
Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\Eigenaar\Bureaublad\SmitfraudFix\Reboot.e xe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Eigenaar\Bureaublad\SmitfraudFix\restart. exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Eigenaar\Bureaublad\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\Eigenaar\Bureaublad\SmitfraudFix.zip[SmitfraudFix/Reboot.exe]
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Eigenaar\Bureaublad\SmitfraudFix.zip[SmitfraudFix/restart.exe]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Eigenaar\Cookies\eigenaar@atdmt[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Eigenaar\Cookies\eigenaar@doubleclick[1].txt
Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\Eigenaar\Cookies\eigenaar@metriweb[1].txt
Adware:Adware/VirusProtectPro Not disinfected C:\WINDOWS\system32\flirek.0ll
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected D:\December 2005\Jelle\benodigdheden\nnscript381.exe[script\dlls\moo.dll]
Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected D:\TE REDDEN 11-2004b\GUIDO\Downloads\mirc downloads\nnscript371.exe[script\dlls\moo.dll]
Hacktool:HackTool/Flood Not disinfected D:\TE REDDEN 11-2004b\GUIDO\Downloads\mirc downloads\nnscript371.exe[script\dlls\nHTMLn.dll]
Hacktool:HackTool/Zapgon.A Not disinfected D:\TE REDDEN 11-2004b\GUIDO\Downloads\mirc downloads\nnscript371.exe[script\dlls\stdio.dll]
Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected D:\TE REDDEN 11-2004b\GUIDO\Downloads\mirc downloads\nnscript379.exe[script\dlls\moo.dll]
Hacktool:HackTool/Flood Not disinfected D:\TE REDDEN 11-2004b\GUIDO\Downloads\mirc downloads\nnscript379.exe[script\dlls\nHTMLn.dll]
Hacktool:HackTool/Zapgon.A Not disinfected D:\TE REDDEN 11-2004b\GUIDO\Downloads\mirc downloads\nnscript379.exe[script\dlls\stdio.dll]
Spyware:Cookie/Barelylegal Not disinfected D:\TE REDDEN 11-2004b\GUIDO\Misschien\Cookies\guido@c.fsx[1].txt
Spyware:Cookie/Ccbill Not disinfected D:\TE REDDEN 11-2004b\GUIDO\Misschien\Cookies\guido@ccbill[2].txt
Spyware:Cookie/LinkExchange Not disinfected D:\TE REDDEN 11-2004b\GUIDO\Misschien\Cookies\guido@linkexchange[1].txt
Spyware:Cookie/Toplist Not disinfected D:\TE REDDEN 11-2004b\GUIDO\Misschien\Cookies\guido@toplist[1].txt
Spyware:Cookie/Xiti Not disinfected D:\TE REDDEN 11-2004b\GUIDO\Misschien\Cookies\guido@xiti[1].txt
Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected D:\TE REDDEN 11-2004b\JELLE\bestanden van jelle\gedownloade zaken\nnscript379.exe[script\dlls\moo.dll]
Hacktool:HackTool/Flood Not disinfected D:\TE REDDEN 11-2004b\JELLE\bestanden van jelle\gedownloade zaken\nnscript379.exe[script\dlls\nHTMLn.dll]
Hacktool:HackTool/Zapgon.A Not disinfected D:\TE REDDEN 11-2004b\JELLE\bestanden van jelle\gedownloade zaken\nnscript379.exe[script\dlls\stdio.dll]
Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected D:\TE REDDEN 11-2004b\JELLE\bestanden van jelle\rtcw mappen en updates\nnscript381.exe[script\dlls\moo.dll]
Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected D:\TE REDDEN 12-2004\guido\Downloads\mirc downloads\nnscript371.exe[script\dlls\moo.dll]
Hacktool:HackTool/Flood Not disinfected D:\TE REDDEN 12-2004\guido\Downloads\mirc downloads\nnscript371.exe[script\dlls\nHTMLn.dll]
Hacktool:HackTool/Zapgon.A Not disinfected D:\TE REDDEN 12-2004\guido\Downloads\mirc downloads\nnscript371.exe[script\dlls\stdio.dll]
Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected D:\TE REDDEN 12-2004\guido\Downloads\mirc downloads\nnscript379.exe[script\dlls\moo.dll]
Hacktool:HackTool/Flood Not disinfected D:\TE REDDEN 12-2004\guido\Downloads\mirc downloads\nnscript379.exe[script\dlls\nHTMLn.dll]
Hacktool:HackTool/Zapgon.A Not disinfected D:\TE REDDEN 12-2004\guido\Downloads\mirc downloads\nnscript379.exe[script\dlls\stdio.dll]

rapport van smitfraudfix

SmitFraudFix v2.239

Scan done at 14:05:36,75, zo 14/10/2007
Run from C:\Documents and Settings\Eigenaar\Bureaublad\SmitfraudFix
OS: Microsoft Windows XP [versie 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{34ec76b6-53c4-4686-822f-910c790683fb}"="evangeliarium"

[HKEY_CLASSES_ROOT\CLSID\{34ec76b6-53c4-4686-822f-910c790683fb}\InProcServer32]
@="C:\WINDOWS\System32\flirek.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{34ec76b 6-53c4-4686-822f-910c790683fb}\InProcServer32]
@="C:\WINDOWS\System32\flirek.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Program Files\Online Video Add-on\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{74D6A56C-A23B-4794-809E-F50617B8A6DF}: DhcpNameServer=192.168.130.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CA4DDB42-DE6B-4419-82D4-D587B789B338}: DhcpNameServer=192.168.130.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{74D6A56C-A23B-4794-809E-F50617B8A6DF}: DhcpNameServer=192.168.130.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CA4DDB42-DE6B-4419-82D4-D587B789B338}: DhcpNameServer=192.168.130.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{74D6A56C-A23B-4794-809E-F50617B8A6DF}: DhcpNameServer=192.168.130.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{CA4DDB42-DE6B-4419-82D4-D587B789B338}: DhcpNameServer=192.168.130.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.130.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.130.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.130.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{34ec76b6-53c4-4686-822f-910c790683fb}"="evangeliarium"

[HKEY_CLASSES_ROOT\CLSID\{34ec76b6-53c4-4686-822f-910c790683fb}\InProcServer32]
@="C:\WINDOWS\System32\flirek.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{34ec76b 6-53c4-4686-822f-910c790683fb}\InProcServer32]
@="C:\WINDOWS\System32\flirek.dll"



»»»»»»»»»»»»»»»»»»»»»»»» End

Bedankt en sorry voor de trage reply, beetje druk geweest

[Jurgenv1]

Download roguescanfix_setup.

Dubbelklik op roguescanfix_setup om het te installeren.

Na de installatie krijg je de vraag om het programma te laten opstarten. Kies dan JA/YES.

Nota: Deze tool heeft internet connectie nodig zodat het een extra bestand kan downloaden om deze tool te laten werken.
Indien je Firewall een alert geeft, sta het toe en blokkeer het niet
Indien je daarna nog steeds de melding krijgt dat BFU.exe niet aanwezig is, download BFU.exe van hier.
Unzip het en plaats BFU.exe in de c:\PROGRAM FILES\Roguescanfix-map. Dubbelklik daarna opnieuw op Roguescanfix.bat

Er zal een dosvenster openen met een keuzemenu.
Kies hier optie #1: Run roguescanfix

Deze tool zal sommige ongewenste programma's deïnstalleren en gerelateerde bestanden en registersleutels verwijderen.
Indien sommige bestanden niet kunnen verwijderd worden, zal deze tool vragen of je je pc opnieuw wilt opstarten.
Zorg er wel eerst voor dat het deïnstalleren van de ongewenste programma's voltooid is vooraleer je op 'Yes' klikt om je pc opnieuw te laten opstarten.

Er zal een kladblokbestandje openen. Plaats de inhoud van dat bestandje in je volgende antwoord, samen met een nieuw logje van Hijackthis.
(Het bestandje vind je ook in c:\program files\roguescanfix\task.txt)

[GeHaWk]

Ik blijf steken op :

http://img137.imageshack.us/my.php?image=screen3lv3.jpg

Hij geeft als foutmelding : invalid procedure, call or argument

[Jurgenv1]

Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Plaats het op je bureaublad.
Dubbelklik er op om het programma te starten.
In het scherm dat verschijnt tik je een Y in om het cleaningsprocess te starten.
Volg de instructies op het scherm.
Als het tooltje klaar is, opent er een logfile (combofix.txt) Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

[GeHaWk]

ComboFix 07-10-12.4 - Eigenaar 2007-10-14 22:40:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.31.1043.18.130 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((( Bestanden Gemaakt van 2007-09-14 to 2007-10-14 ))))))))))))))))))))))))))))))
.

2007-10-14 22:40 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-14 22:12 <DIR> d-------- C:\Program Files\Roguescanfix
2007-10-14 14:11 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-14 14:05 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-14 14:05 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-14 14:05 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-14 14:05 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-14 14:05 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-14 14:05 2,606 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-14 13:44 <DIR> d--h----- C:\Documents and Settings\Administrator\Sjablonen
2007-10-14 13:44 <DIR> d--h----- C:\Documents and Settings\Administrator\Onlangs geopend
2007-10-14 13:44 <DIR> d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
2007-10-14 13:44 <DIR> d-------- C:\Documents and Settings\Administrator\Mijn documenten
2007-10-14 13:44 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2007-10-14 13:44 <DIR> d-------- C:\Documents and Settings\Administrator\Favorieten
2007-10-14 13:44 <DIR> d-------- C:\Documents and Settings\Administrator\Bureaublad
2007-10-12 13:39 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Applicati on Data\Webroot
2007-10-09 22:02 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-09 21:38 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-10-09 21:38 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-10-09 21:38 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-10-09 21:15 <DIR> d-------- C:\Program Files\Webroot
2007-10-09 21:15 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-10-09 21:15 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-10-09 21:15 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-10-09 21:15 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\Webroot
2007-10-09 21:15 102,912 --a------ C:\WINDOWS\system32\islzma.dll
2007-10-09 21:15 78,336 --a------ C:\WINDOWS\system32\drivers\ssi.sys
2007-10-09 20:51 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\Lavasoft
2007-10-09 20:01 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2007-10-09 20:01 <DIR> d-------- C:\Program Files\Hitman Pro
2007-10-09 19:38 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-09 19:14 22,528 --a------ C:\WINDOWS\system32\drivers\mouclass.sys
2007-10-09 19:14 22,528 --a--c--- C:\WINDOWS\system32\dllcache\mouclass.sys
2007-10-09 19:14 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-10-09 19:14 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2007-10-09 02:21 <DIR> d-------- C:\Program Files\Trust
2007-10-09 02:21 2,637,824 --a------ C:\WINDOWS\system32\XWheel.dll
2007-10-09 02:21 1,146,880 --a------ C:\WINDOWS\system32\MousePage.dll
2007-10-09 02:21 679,936 --a------ C:\WINDOWS\system32\XIndicator.dll
2007-10-09 02:21 229,376 --a------ C:\WINDOWS\system32\Hook.dll
2007-10-09 02:21 27,648 --a------ C:\WINDOWS\system32\drivers\GMFilter.sys
2007-10-06 13:37 34,560 --a--c--- C:\WINDOWS\system32\dllcache\hidclass.sys
2007-10-06 13:37 23,680 --a--c--- C:\WINDOWS\system32\dllcache\hidparse.sys
2007-10-06 13:37 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2007-10-05 11:56 <DIR> d-------- C:\Documents and Settings\NetworkService\Menu Start
2007-10-01 23:18 <DIR> d-------- C:\WINDOWS\pss
2007-10-01 22:17 <DIR> d--h----- C:\WINDOWS\PIF
2007-10-01 01:42 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2007-09-26 23:47 <DIR> d-------- C:\Program Files\Rhidge Online
2007-09-23 12:22 4,096 --a------ C:\WINDOWS\system32\drivers\nocashio.sys
2007-09-18 15:18 <DIR> d-------- C:\WINDOWS\Sun

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-10-14 19:16 12,528 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-14 18:42 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\uTorrent
2007-10-14 17:18 --------- d-----w C:\Program Files\MSN Messenger
2007-10-14 17:13 --------- d-----w C:\Program Files\Google
2007-10-14 17:12 --------- d-----w C:\Program Files\DAP
2007-10-14 17:12 --------- d-----w C:\Program Files\DAEMON Tools
2007-10-09 20:24 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\LimeWire
2007-10-09 18:51 --------- d-----w C:\Program Files\Lavasoft
2007-10-09 00:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-01 20:57 --------- d-----w C:\Program Files\Eusing Free Registry Cleaner
2007-09-23 11:00 --------- d-----w C:\Program Files\uTorrent
2007-09-06 20:27 --------- d-----w C:\Program Files\ParetoLogic
2007-09-05 21:36 --------- d-----w C:\Program Files\Counter-Strike 1.6
2007-09-04 01:54 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-09-04 01:44 --------- d-----w C:\Program Files\Smart Projects
2007-08-30 20:03 --------- d-----w C:\Program Files\Spyware Doctor
2007-08-28 12:10 --------- d-----w C:\Program Files\Java
2007-08-28 12:06 --------- d-----w C:\Program Files\Common Files\Java
2007-08-28 12:02 --------- d-----w C:\Program Files\LimeWire
2007-08-28 11:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
2007-08-27 14:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-08-27 13:17 --------- d-----w C:\Program Files\PCPitstop
2007-08-27 12:49 --------- d-----w C:\Program Files\Skype(2)
2007-08-27 12:49 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Skype(2)
2007-08-27 12:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-08-27 12:48 --------- d-----w C:\Program Files\mIRC
2007-08-27 12:47 --------- d-----w C:\Program Files\BearShare
2007-08-26 15:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-07-22 16:25 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-07-20 17:00 126,976 ----a-w C:\WINDOWS\War3Unin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"@"="" []
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 12:22]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2002-08-15 12:46 C:\WINDOWS\soundman.exe]
"Dit"="Dit.exe" [2002-08-28 13:43 C:\WINDOWS\Dit.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray. dll" [2006-10-22 12:22]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2005-09-19 09:30]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 17:49]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-04-22 17:51]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 C:\WINDOWS\KHALMNPR.Exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Trust Gaming mouse"="C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe" [2006-12-28 09:20]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-10-09 21:37]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"@"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-07-03 23:52]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-09 14:08]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-29 17:09]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-21 20:42:28]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04]

R0 SSI;SSI;C:\WINDOWS\System32\Drivers\SSI.SYS
R2 F-Secure Filter;F-Secure File System Filter;\??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys
R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys
R2 FSpm;F-Secure Policy Manager;\??\C:\Program Files\F-Secure\Common\FSPM.SYS
R3 GMFilter Filter;GMFilter Filter;C:\WINDOWS\System32\Drivers\GMFilter.sys
S2 BackWeb Client - 7681197;F-Secure BackWeb;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
S3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\System32\DRIVERS\Cap7134.sys
S3 Intels51;Creatix V.9X DSP Data Fax Modem;C:\WINDOWS\System32\DRIVERS\ctxs51.sys
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter;C:\WINDOWS\System32\Drivers\LUsbFilt.Sys
S3 nocashio;nocashio;C:\WINDOWS\System32\drivers\noca shio.sys
S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\System32\DRIVERS\PhTVTune.sys

.
Inhoud van de 'Gedeelde Taken' map
"2007-09-18 16:00:00 C:\WINDOWS\Tasks\Pareto UNS.job"
- C:\Program Files\Common Files\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe
"2007-10-14 20:44:57 C:\WINDOWS\Tasks\RegCure Program Check.job"
"2007-10-01 20:12:56 C:\WINDOWS\Tasks\RegCure.job"
- C:\spellekes\regcure\RegCure.exe
.
************************************************** ************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-14 22:45:17
Windows 5.1.2600 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

************************************************** ************************
.
Voltooingstijd: 2007-10-14 22:46:30 - machine was rebooted
.
--- E O F ---

Hijack log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:47:47, on 14/10/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Dit.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Trust Gaming mouse] "C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} (Microsoft Office XP Professional Step by Step Interactive) - file://C:\Program Files\Microsoft Interactieve Training\o10c\mitm0026.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE (file missing)
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

--
End of file - 6633 bytes

[Jurgenv1]

Start roguescanfix opnieuw, en kies nu voor optie #2: Run sharedtasksrem.
Er zal een kladblokbestandje openen. Plaats de inhoud van dat bestandje in je volgende antwoord.

[GeHaWk]

ROGUESCANFIX LOGFILE


--- Export SharedTaskScheduler key ---

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"



--- Export SSODL key ---

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"



--- Cleaning process finished! ---



--- Export SharedTaskScheduler key after cleaning process ---

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"




--- Export SSODL key ---


REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"


Finished!

[Jurgenv1]

Ok, kan ik een nieuw hijackthis logje zien?

[GeHaWk]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:01:46, on 16/10/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Dit.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Trust Gaming mouse] "C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} (Microsoft Office XP Professional Step by Step Interactive) - file://C:\Program Files\Microsoft Interactieve Training\o10c\mitm0026.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE (file missing)
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

--
End of file - 6738 bytes

[Jurgenv1]

* Fix deze regel in hijackthis:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

* Je Java software is verouderd.
Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

Download Java Runtime Environment (JRE) 6u3.

• Scroll omlaag naar : "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
• Klik op de "Download" knop aan de rechterkant.
• Vink aan: "Accept License Agreement".
• De pagina zal herladen.
• Klik op de link om Windows Offline Installation te downloaden met Meerdere-talen, en bewaar het naar je Bureaublad.
• Sluit alle programma's die eventueel open zijn - Zeker je web browser!
• Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
• Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
• Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
• Herhaal dit tot alle oudere versies verdwenen zijn.
• Na het verwijderen van alle oudere versies, herstart je pc.
• Dubbelklik vervolgens op jre-6u3-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.

* Voor de rest ziet het er goed uit.

[GeHaWk]

ok, bedankt voor alle hulp!

[Jurgenv1]

Graag gedaan.