willievanesch
Gebruiker
- Lid geworden
- 11 mei 2001
- Berichten
- 23
Beste Helpdesk,
Mijn internetverbindig wordt zodra ik een pagina heb opgestart, automatisch verbroken. Zodra ik verbinding heb begint zich ook een programma te installeren (kan helaas niet zien wat het is). Dit klik ik dan weg en daarna valt ook mijn internetverbinding weg.
Heb daarna ook veel last van Worms infecties. Die niet verdwijnen In 1e instantie verwijderd AV Personal deze netjes (aldus de logfile) en op het eind vindt hij toch nog 2 detections.
De Worms die gevonden worden zijn o.a. WORM Korgo.X
RBot.LB RBot.LB, Rbot LC, Rbot KV, Sdbot 120832, Rbot NH, Rbot MY. Deze worden keurig gedetecteerd en deleted.
Dropper Dr/Bridge.a.2 en TR/Spy.Briss.G worden in 1e instantie ook gedeleted, maar op het eind van de log staan deze laatste 2 weer als gedetecteerd !!!
Ik heb Spyboot en Ad Aware ook nog gedraaid.
Zou U zo vriendelijk willen zijn om naar mijn Hijckthislog
te kijken ? Bij voorbaat dank.
Logfile of HijackThis v1.97.7
Scan saved at 22:05:57, on 27-10-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\servicess.exe
C:\WINDOWS\system32\systems.exe
C:\WINDOWS\system32\IEXPLORE.EXE
C:\WINDOWS\system32\msxmlx.exe
C:\WINDOWS\system32\crvss.exe
C:\Program Files\Win Comm\WinComm.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Digital Image\Monitor.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\WINDOWS\system32\wuauclt.exe
A:\HijackThis.exe
A:\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.defaultsearch.com/search/69E3ECB948C14E1F8A3503F1F7690EF6/1033/ie/searchba.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.defaultsearch.com/search/69E3ECB948C14E1F8A3503F1F7690EF6/1033/ie/searchmn.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.defaultsearch.com/search/69E3ECB948C14E1F8A3503F1F7690EF6/1033/ie/searchba.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.defaultsearch.com/search/69E3ECB948C14E1F8A3503F1F7690EF6/1033/ie/searchmn.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.defaultsearch.com/search/69E3ECB948C14E1F8A3503F1F7690EF6/1033/ie/searchmn.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.defaultsearch.com/search/69E3ECB948C14E1F8A3503F1F7690EF6/1033/ie/searchcs.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.defaultsearch.com/search/69E3ECB948C14E1F8A3503F1F7690EF6/1033/ie/searchsa.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [MS Sound Config 16bit] sndcfg16.exe
O4 - HKLM\..\Run: [NVIDIA Video drivers] video_32D.exe
O4 - HKLM\..\Run: [Services] servicess.exe
O4 - HKLM\..\Run: [WindowsRegKey update] wdnupdate.exe
O4 - HKLM\..\Run: [System Uptime Server] sysentry.exe
O4 - HKLM\..\Run: [update service] winu32.exe
O4 - HKLM\..\Run: [Microsoft Update] muamgrd.exe
O4 - HKLM\..\Run: [System Service] systems.exe
O4 - HKLM\..\Run: [Microsoft Direct Configs] directx64.exe
O4 - HKLM\..\Run: [msupdates] msupdt.exe
O4 - HKLM\..\Run: [Microsoft IE] IEXPLORE.EXE
O4 - HKLM\..\Run: [Microsoft XML Service] msxmlx.exe
O4 - HKLM\..\Run: [Windows media service] crvss.exe
O4 - HKLM\..\Run: [Win Comm] C:\Program Files\Win Comm\WinComm.exe
O4 - HKLM\..\RunServices: [8E8641A2] C:\WINDOWS\System32\ojddpuzitkxg.exe
O4 - HKLM\..\RunServices: [MS Sound Config 16bit] sndcfg16.exe
O4 - HKLM\..\RunServices: [NVIDIA Video drivers] video_32D.exe
O4 - HKLM\..\RunServices: [Services] servicess.exe
O4 - HKLM\..\RunServices: [WindowsRegKey update] wdnupdate.exe
O4 - HKLM\..\RunServices: [System Uptime Server] sysentry.exe
O4 - HKLM\..\RunServices: [update service] winu32.exe
O4 - HKLM\..\RunServices: [Microsoft Update] muamgrd.exe
O4 - HKLM\..\RunServices: [System Service] systems.exe
O4 - HKLM\..\RunServices: [Microsoft Direct Configs] directx64.exe
O4 - HKLM\..\RunServices: [msupdates] msupdt.exe
O4 - HKLM\..\RunServices: [Microsoft IE] IEXPLORE.EXE
O4 - HKLM\..\RunServices: [Microsoft XML Service] msxmlx.exe
O4 - HKLM\..\RunServices: [Windows media service] crvss.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Services] servicess.exe
O4 - HKCU\..\Run: [\Pribi.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.exe
O4 - HKCU\..\Run: [WindowsRegKey update] wdnupdate.exe
O4 - HKCU\..\Run: [NVIDIA Video drivers] video_32D.exe
O4 - HKCU\..\Run: [System Service] systems.exe
O4 - HKCU\..\Run: [Microsoft IE] IEXPLORE.EXE
O4 - HKLM\..\RunOnce: [System Service] systems.exe
O4 - HKLM\..\RunOnce: [Microsoft IE] IEXPLORE.EXE
O4 - HKCU\..\RunOnce: [Microsoft IE] IEXPLORE.EXE
O4 - HKCU\..\RunOnce: [System Service] systems.exe
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Digital Image Monitor.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...31d9d0c31979:1c94cf8dd60a92140234c44bda683591
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
Mijn internetverbindig wordt zodra ik een pagina heb opgestart, automatisch verbroken. Zodra ik verbinding heb begint zich ook een programma te installeren (kan helaas niet zien wat het is). Dit klik ik dan weg en daarna valt ook mijn internetverbinding weg.
Heb daarna ook veel last van Worms infecties. Die niet verdwijnen In 1e instantie verwijderd AV Personal deze netjes (aldus de logfile) en op het eind vindt hij toch nog 2 detections.
De Worms die gevonden worden zijn o.a. WORM Korgo.X
RBot.LB RBot.LB, Rbot LC, Rbot KV, Sdbot 120832, Rbot NH, Rbot MY. Deze worden keurig gedetecteerd en deleted.
Dropper Dr/Bridge.a.2 en TR/Spy.Briss.G worden in 1e instantie ook gedeleted, maar op het eind van de log staan deze laatste 2 weer als gedetecteerd !!!
Ik heb Spyboot en Ad Aware ook nog gedraaid.
Zou U zo vriendelijk willen zijn om naar mijn Hijckthislog
te kijken ? Bij voorbaat dank.
Logfile of HijackThis v1.97.7
Scan saved at 22:05:57, on 27-10-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\servicess.exe
C:\WINDOWS\system32\systems.exe
C:\WINDOWS\system32\IEXPLORE.EXE
C:\WINDOWS\system32\msxmlx.exe
C:\WINDOWS\system32\crvss.exe
C:\Program Files\Win Comm\WinComm.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Digital Image\Monitor.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\WINDOWS\system32\wuauclt.exe
A:\HijackThis.exe
A:\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.defaultsearch.com/search/69E3ECB948C14E1F8A3503F1F7690EF6/1033/ie/searchba.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.defaultsearch.com/search/69E3ECB948C14E1F8A3503F1F7690EF6/1033/ie/searchmn.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.defaultsearch.com/search/69E3ECB948C14E1F8A3503F1F7690EF6/1033/ie/searchba.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.defaultsearch.com/search/69E3ECB948C14E1F8A3503F1F7690EF6/1033/ie/searchmn.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.defaultsearch.com/search/69E3ECB948C14E1F8A3503F1F7690EF6/1033/ie/searchmn.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.defaultsearch.com/search/69E3ECB948C14E1F8A3503F1F7690EF6/1033/ie/searchcs.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.defaultsearch.com/search/69E3ECB948C14E1F8A3503F1F7690EF6/1033/ie/searchsa.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [MS Sound Config 16bit] sndcfg16.exe
O4 - HKLM\..\Run: [NVIDIA Video drivers] video_32D.exe
O4 - HKLM\..\Run: [Services] servicess.exe
O4 - HKLM\..\Run: [WindowsRegKey update] wdnupdate.exe
O4 - HKLM\..\Run: [System Uptime Server] sysentry.exe
O4 - HKLM\..\Run: [update service] winu32.exe
O4 - HKLM\..\Run: [Microsoft Update] muamgrd.exe
O4 - HKLM\..\Run: [System Service] systems.exe
O4 - HKLM\..\Run: [Microsoft Direct Configs] directx64.exe
O4 - HKLM\..\Run: [msupdates] msupdt.exe
O4 - HKLM\..\Run: [Microsoft IE] IEXPLORE.EXE
O4 - HKLM\..\Run: [Microsoft XML Service] msxmlx.exe
O4 - HKLM\..\Run: [Windows media service] crvss.exe
O4 - HKLM\..\Run: [Win Comm] C:\Program Files\Win Comm\WinComm.exe
O4 - HKLM\..\RunServices: [8E8641A2] C:\WINDOWS\System32\ojddpuzitkxg.exe
O4 - HKLM\..\RunServices: [MS Sound Config 16bit] sndcfg16.exe
O4 - HKLM\..\RunServices: [NVIDIA Video drivers] video_32D.exe
O4 - HKLM\..\RunServices: [Services] servicess.exe
O4 - HKLM\..\RunServices: [WindowsRegKey update] wdnupdate.exe
O4 - HKLM\..\RunServices: [System Uptime Server] sysentry.exe
O4 - HKLM\..\RunServices: [update service] winu32.exe
O4 - HKLM\..\RunServices: [Microsoft Update] muamgrd.exe
O4 - HKLM\..\RunServices: [System Service] systems.exe
O4 - HKLM\..\RunServices: [Microsoft Direct Configs] directx64.exe
O4 - HKLM\..\RunServices: [msupdates] msupdt.exe
O4 - HKLM\..\RunServices: [Microsoft IE] IEXPLORE.EXE
O4 - HKLM\..\RunServices: [Microsoft XML Service] msxmlx.exe
O4 - HKLM\..\RunServices: [Windows media service] crvss.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Services] servicess.exe
O4 - HKCU\..\Run: [\Pribi.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.exe
O4 - HKCU\..\Run: [WindowsRegKey update] wdnupdate.exe
O4 - HKCU\..\Run: [NVIDIA Video drivers] video_32D.exe
O4 - HKCU\..\Run: [System Service] systems.exe
O4 - HKCU\..\Run: [Microsoft IE] IEXPLORE.EXE
O4 - HKLM\..\RunOnce: [System Service] systems.exe
O4 - HKLM\..\RunOnce: [Microsoft IE] IEXPLORE.EXE
O4 - HKCU\..\RunOnce: [Microsoft IE] IEXPLORE.EXE
O4 - HKCU\..\RunOnce: [System Service] systems.exe
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Digital Image Monitor.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...31d9d0c31979:1c94cf8dd60a92140234c44bda683591
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab