YOUR COMPUTER IS IN DANGER!
09-05-2006,22:24 door
Ik heb een zwarte achtergrond met rechtsonderin your computer is in
danger met daarna een stukje tekst over windows security center ofzo, ik
heb een hijack logfile gemaakt (zie onderaan) ik kan nu mijn
bureaubladachtergrond niet meer veranderen :-( Hopelijk kunnen jullie me
helpen (A) alvast bedankt!!
de file:
Logfile of HijackThis v1.99.1
Scan saved at 22:19:11, on 9-5-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
C:PROGRA~1GrisoftAVGFRE~1avgemc.exe
C:Program FilesEsetnod32krn.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:Program FilesThomson SpeedTouchSpeedTouch 121g Wireless USB
MonitorPRISMSVR.EXE
C:PROGRA~1GrisoftAVGFRE~1avgcc.exe
C:WINDOWSewupdater.exe
C:Program FilesHewlett-PackardDigital Imagingbinhpohmr08.exe
C:Program FilesHewlett-PackardDigital Imagingbinhpotdd01.exe
C:Program FilesThomson SpeedTouchSpeedTouch 121g Wireless USB
Monitorst121g.exe
C:Program FilesHewlett-PackardDigital Imagingbinhpoevm08.exe
C:Program FilesHewlett-PackardDigital ImagingBinhpoSTS08.exe
C:Program FilesInternet Exploreriexplore.exe
C:DOCUME~1GEBRUI~1LOCALS~1TempTijdelijke map 1 voor
hijackthis.zipHijackThis.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar =
http://g.msn.nl/0SENLNL/SAOS01
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://www.startpagina.nl/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar =
http://www.easywebsearch.nl
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page =
http://www.easywebsearch.nl/ie.php
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://www.startpagina.nl
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch
= http://www.easywebsearch.nl
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
http://www.easywebsearch.nl/ie.php
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
http://www.easywebsearch.nl
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName
= Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0
ActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-
D4DAF1D92D43} - C:Program FilesJavajre1.5.0_06binssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} -
C:Program FilesMSN AppsST1.03.0000.1005en-xustmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-
64B5B4FF55D0} - C:Program FilesMSN AppsMSN
Toolbar1.02.4000.1001nlmsntb.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-
64B5B4FF55D0} - C:Program FilesMSN Toolbar1.01.2607.0
nlmsntb.dll (file missing)
O4 - HKLM..Run: [PRISMSVR.EXE] "C:Program FilesThomson
SpeedTouchSpeedTouch 121g Wireless USB
MonitorPRISMSVR.EXE" /APPLY
O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVGFRE~1
avgcc.exe /STARTUP
O4 - HKLM..Run: [ewupdater] C:WINDOWSewupdater.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: SpeedTouch 121g Wireless USB Monitor.lnk =
C:Program FilesThomson SpeedTouchSpeedTouch 121g Wireless USB
Monitorst121g.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel -
res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-
AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-
4C56B4E14E84} - C:PROGRA~1SPYWAR~2toolsiesdpb.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-
3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-
BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {3F2705D0-C9D8-4020-A15C-E495A0050EC6}
(Easywebinstaller Control) -
http://s7.blingblingcontent.com/toolbarcash/activex/easywebinstaller.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.ca
b
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat
Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
"C:PROGRA~1MSNMES~1msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -
C:PROGRA~1GrisoftAVGFRE~1avgemc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:Program
FilesEsetnod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32
HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research
Pty Ltd - C:Program FilesSpyware Doctorsdhelp.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:PROGRA~1
COMMON~1X10Commonx10nets.exe
danger met daarna een stukje tekst over windows security center ofzo, ik
heb een hijack logfile gemaakt (zie onderaan) ik kan nu mijn
bureaubladachtergrond niet meer veranderen :-( Hopelijk kunnen jullie me
helpen (A) alvast bedankt!!
de file:
Logfile of HijackThis v1.99.1
Scan saved at 22:19:11, on 9-5-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
C:PROGRA~1GrisoftAVGFRE~1avgemc.exe
C:Program FilesEsetnod32krn.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:Program FilesThomson SpeedTouchSpeedTouch 121g Wireless USB
MonitorPRISMSVR.EXE
C:PROGRA~1GrisoftAVGFRE~1avgcc.exe
C:WINDOWSewupdater.exe
C:Program FilesHewlett-PackardDigital Imagingbinhpohmr08.exe
C:Program FilesHewlett-PackardDigital Imagingbinhpotdd01.exe
C:Program FilesThomson SpeedTouchSpeedTouch 121g Wireless USB
Monitorst121g.exe
C:Program FilesHewlett-PackardDigital Imagingbinhpoevm08.exe
C:Program FilesHewlett-PackardDigital ImagingBinhpoSTS08.exe
C:Program FilesInternet Exploreriexplore.exe
C:DOCUME~1GEBRUI~1LOCALS~1TempTijdelijke map 1 voor
hijackthis.zipHijackThis.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar =
http://g.msn.nl/0SENLNL/SAOS01
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://www.startpagina.nl/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar =
http://www.easywebsearch.nl
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page =
http://www.easywebsearch.nl/ie.php
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://www.startpagina.nl
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch
= http://www.easywebsearch.nl
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
http://www.easywebsearch.nl/ie.php
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
http://www.easywebsearch.nl
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName
= Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0
ActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-
D4DAF1D92D43} - C:Program FilesJavajre1.5.0_06binssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} -
C:Program FilesMSN AppsST1.03.0000.1005en-xustmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-
64B5B4FF55D0} - C:Program FilesMSN AppsMSN
Toolbar1.02.4000.1001nlmsntb.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-
64B5B4FF55D0} - C:Program FilesMSN Toolbar1.01.2607.0
nlmsntb.dll (file missing)
O4 - HKLM..Run: [PRISMSVR.EXE] "C:Program FilesThomson
SpeedTouchSpeedTouch 121g Wireless USB
MonitorPRISMSVR.EXE" /APPLY
O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVGFRE~1
avgcc.exe /STARTUP
O4 - HKLM..Run: [ewupdater] C:WINDOWSewupdater.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: SpeedTouch 121g Wireless USB Monitor.lnk =
C:Program FilesThomson SpeedTouchSpeedTouch 121g Wireless USB
Monitorst121g.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel -
res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-
AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-
4C56B4E14E84} - C:PROGRA~1SPYWAR~2toolsiesdpb.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-
3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-
BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {3F2705D0-C9D8-4020-A15C-E495A0050EC6}
(Easywebinstaller Control) -
http://s7.blingblingcontent.com/toolbarcash/activex/easywebinstaller.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.ca
b
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat
Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
"C:PROGRA~1MSNMES~1msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -
C:PROGRA~1GrisoftAVGFRE~1avgemc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:Program
FilesEsetnod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32
HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research
Pty Ltd - C:Program FilesSpyware Doctorsdhelp.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:PROGRA~1
COMMON~1X10Commonx10nets.exe
