Vraag & Antwoord

Beveiliging & privacy

Conhook again.......

7 antwoorden
  • Bij mij is ie ook binnengekomen, Conhook. Eerst zelf de dag bezig geweest met bitdefender, adware scan programma's en het weghalen van files en aanpassen van het Vista register n.a.v. de meldingen door bitdefender. Helaas is het mij niet gelukt om het helemaal te verwijderen. Na een paar minuten op de pc te hebben gewerkt meldt Bitdefender weer een ernstige bedreiging, "Conhook.i" Zoals ik nu op het forum heb gezien is een hijack logfile het startpunt om e.e.a. goed op te kunnen lossen. Ik hoop dat iemand mij weer even kan assisteren. Ben geen beginner , maar dit soort problemen gaan mijn pet toch even te boven. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:27:13, on 27-7-2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Windows\BR040286.exe C:\Acer\Empowering Technology\eDSMSNfix.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe D:\Program Files\PowerDVD\PDVDServ.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Windows\Imgtask.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Windows\system32\conime.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Windows\explorer.exe D:\Program Files\HijackThis\HijackThis.exe C:\Program Files\Internet Explorer\iexplore.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.intl.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 201.134.177.1:3128 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: (no name) - {C5FB06B8-7B08-4433-8291-520AEBAACB8F} - C:\Windows\system32\urqNHaWo.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [BisonInst0402] C:\Windows\BR040286.exe O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [RemoteControl] "d:\Program Files\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "d:\Program Files\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O20 - AppInit_DLLs: eNetHook.dll O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe O23 - Service: XobniService - Xobni Corporation - d:\Program Files\Xobni Insight\XobniService.exe -- End of file - 8194 bytes
  • Hoi, Het klopt, ik zie nog 1 spoortje van Vundo/Conhook. Die gaan we even snel verwijderen. 1) [*]Schakel Windows Defender even uit, omdat hij de fix in de weg kan zitten: [list:fcdf3e989e] [*:fcdf3e989e]Start Windows Defender. [*:fcdf3e989e]Klik Tools. [*:fcdf3e989e]Klik General Settings. [*:fcdf3e989e]Scroll naar Real-time protection options. [*:fcdf3e989e]Verwijder het vinkje voor Turn on Real-time protection (recommended). [*:fcdf3e989e]Klik Save. [/list:u:fcdf3e989e] 2) Start HijackThis op. - Kies nu voor [b:fcdf3e989e]"Do a system scan only.[/b:fcdf3e989e]. - Zet nu een vinkje voor de volgende items:[list:fcdf3e989e] [*:fcdf3e989e] O2 - BHO: (no name) - {C5FB06B8-7B08-4433-8291-520AEBAACB8F} - C:\Windows\system32\urqNHaWo.dll [/list:u:fcdf3e989e] - Sluit nu alle vensters behalve die van HijackThis en kies nu voor [b:fcdf3e989e] "fix checked[/b:fcdf3e989e]". 3) Herstart je computer. 4) Download [url=http://www.besttechie.net/tools/mbam-setup.exe][b:fcdf3e989e][color=red:fcdf3e989e]MalwareBytes' Anti-Malware[/color:fcdf3e989e][/b:fcdf3e989e][/url] en sla het op je bureaublad op. Dubbelklik op [b:fcdf3e989e]mbam-setup.exe[/b:fcdf3e989e] om het programma te installeren. Zorg dat er na de installatie een vinkje is geplaatst bij:[list:fcdf3e989e][*:fcdf3e989e]Update MalwareBytes' Anti-Malware [*:fcdf3e989e]Start MalwareBytes' Anti-Malware [/list:u:fcdf3e989e]Klik daarna op "[b:fcdf3e989e]Voltooien[/b:fcdf3e989e]". Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:fcdf3e989e][*:fcdf3e989e]Zodra het programma gestart is, ga dan naar het tabblad "[b:fcdf3e989e]Instellingen[/b:fcdf3e989e]". [*:fcdf3e989e]Vink hier aan: "[b:fcdf3e989e]Sluit Internet Explorer tijdens verwijdering van malware[/b:fcdf3e989e]". [*:fcdf3e989e]Ga daarna naar het tabblad "[b:fcdf3e989e]Scanner[/b:fcdf3e989e]", kies hier voor "[b:fcdf3e989e]Snelle Scan[/b:fcdf3e989e]". [*:fcdf3e989e]Druk vervolgens op "[b:fcdf3e989e]Scannen[/b:fcdf3e989e]" om de scan te starten. [*:fcdf3e989e]Het scannen kan een tijdje duren, dus wees geduldig. [*:fcdf3e989e]Wanneer de scan voltooid is, klik op [b:fcdf3e989e]OK[/b:fcdf3e989e], daarna "[b:fcdf3e989e]Bekijk Resultaten[/b:fcdf3e989e]" om de resultaten te zien. [*:fcdf3e989e]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:fcdf3e989e]Verwijder geselecteerde[/b:fcdf3e989e]". [*:fcdf3e989e]Na het verwijderen zal een log openen, indien er gevraagd wordt om je computer te herstarten moet je dit toestaan. Dit is namelijk noodzakelijk om sommige infecties te kunnen verwijderen [/list:u:fcdf3e989e]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:fcdf3e989e]Logs[/b:fcdf3e989e]" tab te klikken in het programma. Post dit logje in je volgende reactie. 5) Mag ik ook een nieuw Hijackthis logje van je ? Groetjes, Roelof
  • Hier is dan het resultaat. Alle mogelijke scaning programma's geven aan dat er niets meer aanwezig is! Bedankt Malwarebytes' Anti-Malware 1.23 Database versie: 999 Windows 6.0.6001 Service Pack 1 20:27:59 27-7-2008 mbam-log-7-27-2008 (20-27-59).txt Scan type: Snelle Scan Objecten gescand: 41058 Verstreken tijd: 5 minute(s), 26 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 1 Registersleutels geïnfecteerd: 8 Registerwaarden geïnfecteerd: 1 Registerdata bestanden geïnfecteerd: 2 Mappen geïnfecteerd: 3 Bestanden geïnfecteerd: 12 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: C:\Windows\System32\urqNHaWo.dll (Trojan.Vundo) -> Delete on reboot. Registersleutels geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{600e5932-6a6f-4d83-bbe6-ebb6ecf6884c} (Trojan.Vundo) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{600e5932-6a6f-4d83-bbe6-ebb6ecf6884c} (Trojan.Vundo) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{099ac52c-1cd4-434c-9cc6-ff56dabb5010} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\AntispywareBot (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{099ac52c-1cd4-434c-9cc6-ff56dabb5010} (Trojan.Vundo) -> Quarantined and deleted successfully. Registerdata bestanden geïnfecteerd: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqnhawo -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqnhawo -> Delete on reboot. Mappen geïnfecteerd: C:\Users\eric\AppData\Roaming\AntispywareBot (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. C:\Users\eric\AppData\Roaming\AntispywareBot\Log (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. C:\Users\eric\AppData\Roaming\AntispywareBot\Settings (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\Windows\System32\urqNHaWo.dll (Trojan.Vundo) -> Delete on reboot. C:\Windows\System32\oWaHNqru.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Windows\System32\oWaHNqru.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\eric\AppData\Local\Temp\tmp0000d977 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\eric\AppData\Local\Temp\tmp0001265f (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\eric\AppData\Local\Temp\tmp0003b9fa (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\eric\AppData\Local\Temp\202603.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\eric\AppData\Roaming\AntispywareBot\DataBaseNew.ref (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. C:\Users\eric\AppData\Roaming\AntispywareBot\Log\2008 Jul 27 - 02_14_19 PM_722.log (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. C:\Windows\System32\ias.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\Tasks\AntispywareBot Scheduled Scan.job (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. C:\Users\eric\AppData\Local\Temp\s1265.php (Trojan.FakeAlert) -> Quarantined and deleted successfully. En de nieuwe hijack Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:33:01, on 27-7-2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Windows\BR040286.exe C:\Acer\Empowering Technology\eDSMSNfix.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Eset\nod32kui.exe D:\Program Files\PowerDVD\PDVDServ.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe D:\Program Files\HijackThis\HijackThis.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.intl.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 201.134.177.1:3128 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [BisonInst0402] C:\Windows\BR040286.exe O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [RemoteControl] "d:\Program Files\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "d:\Program Files\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O20 - AppInit_DLLs: eNetHook.dll O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe O23 - Service: XobniService - Xobni Corporation - d:\Program Files\Xobni Insight\XobniService.exe -- End of file - 7814 bytes
  • Hou er wel even rekening mee dat enkele trojans verwijdert worden na een reboot, dus ik raad je aan om even een reboot te doen indien je dat nog niet had gedaan. :)
  • Hoi, Logje lijkt schoon alleen zie ik dat je een proxyserver hebt ingesteld uit Mexico. Klopt dit anders moeten we dit even aanpakken. Groetjes, Roelof
  • Endor, Het is heel onbeleefd om als een persoon iemand helpt er in te breken. Roelof
  • Ik heb even gekeken, die proxy heb ik een keer gebruikt voor een testje. Stond nog wel ingevuld maar niet "actief". ik heb voor de zekerheid ook dit maar even schoon gemaakt. Dus ik denk dat we er nu zijn, en nogmaals bedankt voor de moeite!

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.