Vraag & Antwoord

Beveiliging & privacy

Conhook again.......

Anoniem
roelof2
7 antwoorden
 • Bij mij is ie ook binnengekomen, Conhook. Eerst zelf de dag bezig geweest met bitdefender, adware scan programma's en het weghalen van files en aanpassen van het Vista register n.a.v. de meldingen door bitdefender.

  Helaas is het mij niet gelukt om het helemaal te verwijderen. Na een paar minuten op de pc te hebben gewerkt meldt Bitdefender weer een ernstige bedreiging, "Conhook.i"
  Zoals ik nu op het forum heb gezien is een hijack logfile het startpunt om e.e.a. goed op te kunnen lossen. Ik hoop dat iemand mij weer even kan assisteren. Ben geen beginner , maar dit soort problemen gaan mijn pet toch even te boven.

  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 19:27:13, on 27-7-2008
  Platform: Windows Vista SP1 (WinNT 6.00.1905)
  MSIE: Internet Explorer v7.00 (7.00.6001.18000)
  Boot mode: Normal

  Running processes:
  C:\Windows\system32\taskeng.exe
  C:\Windows\system32\Dwm.exe
  C:\Program Files\Windows Defender\MSASCui.exe
  C:\Windows\RtHDVCpl.exe
  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
  C:\Windows\BR040286.exe
  C:\Acer\Empowering Technology\eDSMSNfix.exe
  C:\Program Files\Launch Manager\LManager.exe
  C:\Program Files\Eset\nod32kui.exe
  C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
  D:\Program Files\PowerDVD\PDVDServ.exe
  C:\Windows\WindowsMobile\wmdSync.exe
  C:\Windows\Imgtask.exe
  C:\Program Files\Windows Sidebar\sidebar.exe
  C:\Windows\ehome\ehtray.exe
  C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
  C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
  C:\Program Files\Windows Media Player\wmpnscfg.exe
  C:\Windows\ehome\ehmsas.exe
  C:\Program Files\Windows Sidebar\sidebar.exe
  C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
  C:\Program Files\Internet Explorer\IEXPLORE.EXE
  C:\Windows\system32\conime.exe
  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
  C:\Windows\explorer.exe
  D:\Program Files\HijackThis\HijackThis.exe
  C:\Program Files\Internet Explorer\iexplore.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.intl.acer.yahoo.com
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.intl.acer.yahoo.com
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 201.134.177.1:3128
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
  O1 - Hosts: ::1 localhost
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
  O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
  O2 - BHO: (no name) - {C5FB06B8-7B08-4433-8291-520AEBAACB8F} - C:\Windows\system32\urqNHaWo.dll
  O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
  O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
  O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
  O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
  O4 - HKLM\..\Run: [BisonInst0402] C:\Windows\BR040286.exe
  O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe
  O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
  O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
  O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
  O4 - HKLM\..\Run: [RemoteControl] "d:\Program Files\PowerDVD\PDVDServ.exe"
  O4 - HKLM\..\Run: [LanguageShortcut] "d:\Program Files\PowerDVD\Language\Language.exe"
  O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
  O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
  O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
  O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
  O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
  O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
  O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
  O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
  O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
  O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
  O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
  O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEEM')
  O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
  O13 - Gopher Prefix:
  O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
  O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
  O20 - AppInit_DLLs: eNetHook.dll
  O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
  O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
  O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
  O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
  O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
  O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
  O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
  O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
  O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
  O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
  O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
  O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
  O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
  O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
  O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
  O23 - Service: XobniService - Xobni Corporation - d:\Program Files\Xobni Insight\XobniService.exe


  End of file - 8194 bytes
 • Hoi,

  Het klopt, ik zie nog 1 spoortje van Vundo/Conhook. Die gaan we even snel verwijderen.

  1) [*]Schakel Windows Defender even uit, omdat hij de fix in de weg kan zitten: [list:fcdf3e989e]
  [*:fcdf3e989e]Start Windows Defender.
  [*:fcdf3e989e]Klik Tools.
  [*:fcdf3e989e]Klik General Settings.
  [*:fcdf3e989e]Scroll naar Real-time protection options.
  [*:fcdf3e989e]Verwijder het vinkje voor Turn on Real-time protection (recommended).
  [*:fcdf3e989e]Klik Save.
  [/list:u:fcdf3e989e]

  2) Start HijackThis op.
  - Kies nu voor [b:fcdf3e989e]"Do a system scan only.[/b:fcdf3e989e].
  - Zet nu een vinkje voor de volgende items:[list:fcdf3e989e]
  [*:fcdf3e989e] O2 - BHO: (no name) - {C5FB06B8-7B08-4433-8291-520AEBAACB8F} - C:\Windows\system32\urqNHaWo.dll
  [/list:u:fcdf3e989e]
  - Sluit nu alle vensters behalve die van HijackThis en kies nu voor [b:fcdf3e989e] "fix checked[/b:fcdf3e989e]".

  3) Herstart je computer.

  4) Download [b:fcdf3e989e] en sla het op je bureaublad op.
  Dubbelklik op [b:fcdf3e989e]mbam-setup.exe[/b:fcdf3e989e] om het programma te installeren.

  Zorg dat er na de installatie een vinkje is geplaatst bij:[list:fcdf3e989e][*:fcdf3e989e]Update MalwareBytes' Anti-Malware
  [*:fcdf3e989e]Start MalwareBytes' Anti-Malware
  [/list:u:fcdf3e989e]Klik daarna op "[b:fcdf3e989e]Voltooien[/b:fcdf3e989e]".
  Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:fcdf3e989e][*:fcdf3e989e]Zodra het programma gestart is, ga dan naar het tabblad "[b:fcdf3e989e]Instellingen[/b:fcdf3e989e]".
  [*:fcdf3e989e]Vink hier aan: "[b:fcdf3e989e]Sluit Internet Explorer tijdens verwijdering van malware[/b:fcdf3e989e]".
  [*:fcdf3e989e]Ga daarna naar het tabblad "[b:fcdf3e989e]Scanner[/b:fcdf3e989e]", kies hier voor "[b:fcdf3e989e]Snelle Scan[/b:fcdf3e989e]".
  [*:fcdf3e989e]Druk vervolgens op "[b:fcdf3e989e]Scannen[/b:fcdf3e989e]" om de scan te starten.
  [*:fcdf3e989e]Het scannen kan een tijdje duren, dus wees geduldig.

  [*:fcdf3e989e]Wanneer de scan voltooid is, klik op [b:fcdf3e989e]OK[/b:fcdf3e989e], daarna "[b:fcdf3e989e]Bekijk Resultaten[/b:fcdf3e989e]" om de resultaten te zien.
  [*:fcdf3e989e]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:fcdf3e989e]Verwijder geselecteerde[/b:fcdf3e989e]".
  [*:fcdf3e989e]Na het verwijderen zal een log openen, indien er gevraagd wordt om je computer te herstarten moet je dit toestaan.
  Dit is namelijk noodzakelijk om sommige infecties te kunnen verwijderen
  [/list:u:fcdf3e989e]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:fcdf3e989e]Logs[/b:fcdf3e989e]" tab te klikken in het programma. Post dit logje in je volgende reactie.

  5) Mag ik ook een nieuw Hijackthis logje van je ?

  Groetjes,

  Roelof
 • Hier is dan het resultaat. Alle mogelijke scaning programma's geven aan dat er niets meer aanwezig is!
  Bedankt

  Malwarebytes' Anti-Malware 1.23
  Database versie: 999
  Windows 6.0.6001 Service Pack 1

  20:27:59 27-7-2008
  mbam-log-7-27-2008 (20-27-59).txt

  Scan type: Snelle Scan
  Objecten gescand: 41058
  Verstreken tijd: 5 minute(s), 26 second(s)

  Geheugenprocessen geïnfecteerd: 0
  Geheugenmodulen geïnfecteerd: 1
  Registersleutels geïnfecteerd: 8
  Registerwaarden geïnfecteerd: 1
  Registerdata bestanden geïnfecteerd: 2
  Mappen geïnfecteerd: 3
  Bestanden geïnfecteerd: 12

  Geheugenprocessen geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Geheugenmodulen geïnfecteerd:
  C:\Windows\System32\urqNHaWo.dll (Trojan.Vundo) -> Delete on reboot.

  Registersleutels geïnfecteerd:
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{600e5932-6a6f-4d83-bbe6-ebb6ecf6884c} (Trojan.Vundo) -> Delete on reboot.
  HKEY_CLASSES_ROOT\CLSID\{600e5932-6a6f-4d83-bbe6-ebb6ecf6884c} (Trojan.Vundo) -> Delete on reboot.
  HKEY_CLASSES_ROOT\CLSID\{099ac52c-1cd4-434c-9cc6-ff56dabb5010} (Trojan.Vundo) -> Quarantined and deleted successfully.
  HKEY_CURRENT_USER\SOFTWARE\AntispywareBot (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
  HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

  Registerwaarden geïnfecteerd:
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{099ac52c-1cd4-434c-9cc6-ff56dabb5010} (Trojan.Vundo) -> Quarantined and deleted successfully.

  Registerdata bestanden geïnfecteerd:
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqnhawo -> Quarantined and deleted successfully.
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqnhawo -> Delete on reboot.

  Mappen geïnfecteerd:
  C:\Users\eric\AppData\Roaming\AntispywareBot (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
  C:\Users\eric\AppData\Roaming\AntispywareBot\Log (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
  C:\Users\eric\AppData\Roaming\AntispywareBot\Settings (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.

  Bestanden geïnfecteerd:
  C:\Windows\System32\urqNHaWo.dll (Trojan.Vundo) -> Delete on reboot.
  C:\Windows\System32\oWaHNqru.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Windows\System32\oWaHNqru.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Users\eric\AppData\Local\Temp\tmp0000d977 (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Users\eric\AppData\Local\Temp\tmp0001265f (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Users\eric\AppData\Local\Temp\tmp0003b9fa (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Users\eric\AppData\Local\Temp\202603.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Users\eric\AppData\Roaming\AntispywareBot\DataBaseNew.ref (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
  C:\Users\eric\AppData\Roaming\AntispywareBot\Log\2008 Jul 27 - 02_14_19 PM_722.log (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
  C:\Windows\System32\ias.dll (Trojan.Agent) -> Quarantined and deleted successfully.
  C:\Windows\Tasks\AntispywareBot Scheduled Scan.job (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
  C:\Users\eric\AppData\Local\Temp\s1265.php (Trojan.FakeAlert) -> Quarantined and deleted successfully.

  En de nieuwe hijack
  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 20:33:01, on 27-7-2008
  Platform: Windows Vista SP1 (WinNT 6.00.1905)
  MSIE: Internet Explorer v7.00 (7.00.6001.18000)
  Boot mode: Normal

  Running processes:
  C:\Windows\system32\taskeng.exe
  C:\Windows\system32\Dwm.exe
  C:\Windows\Explorer.EXE
  C:\Program Files\Windows Defender\MSASCui.exe
  C:\Windows\RtHDVCpl.exe
  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
  C:\Windows\BR040286.exe
  C:\Acer\Empowering Technology\eDSMSNfix.exe
  C:\Program Files\Launch Manager\LManager.exe
  C:\Program Files\Eset\nod32kui.exe
  D:\Program Files\PowerDVD\PDVDServ.exe
  C:\Windows\WindowsMobile\wmdSync.exe
  C:\Program Files\Windows Sidebar\sidebar.exe
  C:\Windows\ehome\ehtray.exe
  C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
  C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
  C:\Program Files\Windows Media Player\wmpnscfg.exe
  C:\Windows\ehome\ehmsas.exe
  C:\Program Files\Windows Sidebar\sidebar.exe
  D:\Program Files\HijackThis\HijackThis.exe
  C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.intl.acer.yahoo.com
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.intl.acer.yahoo.com
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 201.134.177.1:3128
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
  O1 - Hosts: ::1 localhost
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
  O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
  O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
  O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
  O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
  O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
  O4 - HKLM\..\Run: [BisonInst0402] C:\Windows\BR040286.exe
  O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe
  O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
  O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
  O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
  O4 - HKLM\..\Run: [RemoteControl] "d:\Program Files\PowerDVD\PDVDServ.exe"
  O4 - HKLM\..\Run: [LanguageShortcut] "d:\Program Files\PowerDVD\Language\Language.exe"
  O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
  O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
  O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
  O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
  O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
  O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
  O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
  O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
  O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
  O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
  O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
  O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEEM')
  O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
  O13 - Gopher Prefix:
  O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
  O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
  O20 - AppInit_DLLs: eNetHook.dll
  O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
  O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
  O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
  O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
  O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
  O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
  O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
  O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
  O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
  O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
  O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
  O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
  O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
  O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
  O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
  O23 - Service: XobniService - Xobni Corporation - d:\Program Files\Xobni Insight\XobniService.exe


  End of file - 7814 bytes
 • Hou er wel even rekening mee dat enkele trojans verwijdert worden na een reboot, dus ik raad je aan om even een reboot te doen indien je dat nog niet had gedaan. :)
 • Hoi,

  Logje lijkt schoon alleen zie ik dat je een proxyserver hebt ingesteld uit Mexico.

  Klopt dit anders moeten we dit even aanpakken.

  Groetjes,

  Roelof
 • Endor,

  Het is heel onbeleefd om als een persoon iemand helpt er in te breken.

  Roelof
 • Ik heb even gekeken, die proxy heb ik een keer gebruikt voor een testje. Stond nog wel ingevuld maar niet "actief". ik heb voor de zekerheid ook dit maar even schoon gemaakt.

  Dus ik denk dat we er nu zijn, en nogmaals bedankt voor de moeite!

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.