Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Conhook again.......

roelof2
7 antwoorden
  • Bij mij is ie ook binnengekomen, Conhook. Eerst zelf de dag bezig geweest met bitdefender, adware scan programma's en het weghalen van files en aanpassen van het Vista register n.a.v. de meldingen door bitdefender.

    Helaas is het mij niet gelukt om het helemaal te verwijderen. Na een paar minuten op de pc te hebben gewerkt meldt Bitdefender weer een ernstige bedreiging, "Conhook.i"
    Zoals ik nu op het forum heb gezien is een hijack logfile het startpunt om e.e.a. goed op te kunnen lossen. Ik hoop dat iemand mij weer even kan assisteren. Ben geen beginner , maar dit soort problemen gaan mijn pet toch even te boven.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:27:13, on 27-7-2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Windows\BR040286.exe
    C:\Acer\Empowering Technology\eDSMSNfix.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Eset
    od32kui.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    D:\Program Files\PowerDVD\PDVDServ.exe
    C:\Windows\WindowsMobile\wmdSync.exe
    C:\Windows\Imgtask.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Windows\system32\conime.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Windows\explorer.exe
    D:\Program Files\HijackThis\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.intl.acer.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.intl.acer.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 201.134.177.1:3128
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: (no name) - {C5FB06B8-7B08-4433-8291-520AEBAACB8F} - C:\Windows\system32\urqNHaWo.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [BisonInst0402] C:\Windows\BR040286.exe
    O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
    od32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [RemoteControl] "d:\Program Files\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "d:\Program Files\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEEM')
    O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O20 - AppInit_DLLs: eNetHook.dll
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    O23 - Service: XobniService - Xobni Corporation - d:\Program Files\Xobni Insight\XobniService.exe


    End of file - 8194 bytes


  • Hoi,

    Het klopt, ik zie nog 1 spoortje van Vundo/Conhook. Die gaan we even snel verwijderen.

    1)
  • Schakel Windows Defender even uit, omdat hij de fix in de weg kan zitten: [list:fcdf3e989e]
  • [*:fcdf3e989e]Start Windows Defender.
    [*:fcdf3e989e]Klik Tools.
    [*:fcdf3e989e]Klik General Settings.
    [*:fcdf3e989e]Scroll naar Real-time protection options.
    [*:fcdf3e989e]Verwijder het vinkje voor Turn on Real-time protection (recommended).
    [*:fcdf3e989e]Klik Save.
    [/list:u:fcdf3e989e]

    2) Start HijackThis op.
    - Kies nu voor [b:fcdf3e989e]"Do a system scan only.[/b:fcdf3e989e].
    - Zet nu een vinkje voor de volgende items:[list:fcdf3e989e]
    [*:fcdf3e989e] O2 - BHO: (no name) - {C5FB06B8-7B08-4433-8291-520AEBAACB8F} - C:\Windows\system32\urqNHaWo.dll
    [/list:u:fcdf3e989e]
    - Sluit nu alle vensters behalve die van HijackThis en kies nu voor [b:fcdf3e989e] "fix checked[/b:fcdf3e989e]".

    3) Herstart je computer.

    4) Download [b:fcdf3e989e] en sla het op je bureaublad op.
    Dubbelklik op [b:fcdf3e989e]mbam-setup.exe[/b:fcdf3e989e] om het programma te installeren.

    Zorg dat er na de installatie een vinkje is geplaatst bij:[list:fcdf3e989e][*:fcdf3e989e]Update MalwareBytes' Anti-Malware
    [*:fcdf3e989e]Start MalwareBytes' Anti-Malware
    [/list:u:fcdf3e989e]Klik daarna op "[b:fcdf3e989e]Voltooien[/b:fcdf3e989e]".
    Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:fcdf3e989e][*:fcdf3e989e]Zodra het programma gestart is, ga dan naar het tabblad "[b:fcdf3e989e]Instellingen[/b:fcdf3e989e]".
    [*:fcdf3e989e]Vink hier aan: "[b:fcdf3e989e]Sluit Internet Explorer tijdens verwijdering van malware[/b:fcdf3e989e]".
    [*:fcdf3e989e]Ga daarna naar het tabblad "[b:fcdf3e989e]Scanner[/b:fcdf3e989e]", kies hier voor "[b:fcdf3e989e]Snelle Scan[/b:fcdf3e989e]".
    [*:fcdf3e989e]Druk vervolgens op "[b:fcdf3e989e]Scannen[/b:fcdf3e989e]" om de scan te starten.
    [*:fcdf3e989e]Het scannen kan een tijdje duren, dus wees geduldig.

    [*:fcdf3e989e]Wanneer de scan voltooid is, klik op [b:fcdf3e989e]OK[/b:fcdf3e989e], daarna "[b:fcdf3e989e]Bekijk Resultaten[/b:fcdf3e989e]" om de resultaten te zien.
    [*:fcdf3e989e]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:fcdf3e989e]Verwijder geselecteerde[/b:fcdf3e989e]".
    [*:fcdf3e989e]Na het verwijderen zal een log openen, indien er gevraagd wordt om je computer te herstarten moet je dit toestaan.
    Dit is namelijk noodzakelijk om sommige infecties te kunnen verwijderen
    [/list:u:fcdf3e989e]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:fcdf3e989e]Logs[/b:fcdf3e989e]" tab te klikken in het programma. Post dit logje in je volgende reactie.

    5) Mag ik ook een nieuw Hijackthis logje van je ?

    Groetjes,

    Roelof
  • Hier is dan het resultaat. Alle mogelijke scaning programma's geven aan dat er niets meer aanwezig is!
    Bedankt

    Malwarebytes' Anti-Malware 1.23
    Database versie: 999
    Windows 6.0.6001 Service Pack 1

    20:27:59 27-7-2008
    mbam-log-7-27-2008 (20-27-59).txt

    Scan type: Snelle Scan
    Objecten gescand: 41058
    Verstreken tijd: 5 minute(s), 26 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 1
    Registersleutels geïnfecteerd: 8
    Registerwaarden geïnfecteerd: 1
    Registerdata bestanden geïnfecteerd: 2
    Mappen geïnfecteerd: 3
    Bestanden geïnfecteerd: 12

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    C:\Windows\System32\urqNHaWo.dll (Trojan.Vundo) -> Delete on reboot.

    Registersleutels geïnfecteerd:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{600e5932-6a6f-4d83-bbe6-ebb6ecf6884c} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{600e5932-6a6f-4d83-bbe6-ebb6ecf6884c} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{099ac52c-1cd4-434c-9cc6-ff56dabb5010} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\AntispywareBot (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

    Registerwaarden geïnfecteerd:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{099ac52c-1cd4-434c-9cc6-ff56dabb5010} (Trojan.Vundo) -> Quarantined and deleted successfully.

    Registerdata bestanden geïnfecteerd:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqnhawo -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqnhawo -> Delete on reboot.

    Mappen geïnfecteerd:
    C:\Users\eric\AppData\Roaming\AntispywareBot (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
    C:\Users\eric\AppData\Roaming\AntispywareBot\Log (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
    C:\Users\eric\AppData\Roaming\AntispywareBot\Settings (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.

    Bestanden geïnfecteerd:
    C:\Windows\System32\urqNHaWo.dll (Trojan.Vundo) -> Delete on reboot.
    C:\Windows\System32\oWaHNqru.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Windows\System32\oWaHNqru.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\eric\AppData\Local\Temp\tmp0000d977 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\eric\AppData\Local\Temp\tmp0001265f (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\eric\AppData\Local\Temp\tmp0003b9fa (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\eric\AppData\Local\Temp\202603.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\eric\AppData\Roaming\AntispywareBot\DataBaseNew.ref (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
    C:\Users\eric\AppData\Roaming\AntispywareBot\Log\2008 Jul 27 - 02_14_19 PM_722.log (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
    C:\Windows\System32\ias.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\Tasks\AntispywareBot Scheduled Scan.job (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
    C:\Users\eric\AppData\Local\Temp\s1265.php (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    En de nieuwe hijack
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:33:01, on 27-7-2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Windows\BR040286.exe
    C:\Acer\Empowering Technology\eDSMSNfix.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Eset
    od32kui.exe
    D:\Program Files\PowerDVD\PDVDServ.exe
    C:\Windows\WindowsMobile\wmdSync.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    D:\Program Files\HijackThis\HijackThis.exe
    C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.intl.acer.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.intl.acer.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 201.134.177.1:3128
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [BisonInst0402] C:\Windows\BR040286.exe
    O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
    od32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [RemoteControl] "d:\Program Files\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "d:\Program Files\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEEM')
    O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O20 - AppInit_DLLs: eNetHook.dll
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    O23 - Service: XobniService - Xobni Corporation - d:\Program Files\Xobni Insight\XobniService.exe


    End of file - 7814 bytes


  • Hou er wel even rekening mee dat enkele trojans verwijdert worden na een reboot, dus ik raad je aan om even een reboot te doen indien je dat nog niet had gedaan. :)
  • Hoi,

    Logje lijkt schoon alleen zie ik dat je een proxyserver hebt ingesteld uit Mexico.

    Klopt dit anders moeten we dit even aanpakken.

    Groetjes,

    Roelof
  • Endor,

    Het is heel onbeleefd om als een persoon iemand helpt er in te breken.

    Roelof
  • Ik heb even gekeken, die proxy heb ik een keer gebruikt voor een testje. Stond nog wel ingevuld maar niet "actief". ik heb voor de zekerheid ook dit maar even schoon gemaakt.

    Dus ik denk dat we er nu zijn, en nogmaals bedankt voor de moeite!
  • Beantwoord deze vraag

    Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.