PDA

Volledige versie bekijken : probleem



Cuniva
17 april 2005, 10:41
ik startte mijn pc zonet op en dit had ik als wallpaper : http://users.telenet.be/cuniva/wallpaper.JPG
als ik Start > Configuratiescherm > Vormgeving & Thema's doe dan staan die dingen voor je wallpaper te veranderen er niet meer en als ik rechtsklik op pic en dan "Als bureabladachtergrond gebruiken" doe helpt het ook niet :x

een ander probleem dat ik ook al een eindje heb is dat hij altijd als ik pc opstart of counter strike opstart een bericht geeft van dat er iets mis is met se.dll in mijn temp files ofzo ..

help me pls ..

mijn hijackthis log :

Logfile of HijackThis v1.99.1
Scan saved at 9:40:00, on 17/04/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\windows\system32\spoolsv.exe
C:\windows\System32\nvsvc32.exe
C:\windows\System32\svchost.exe
C:\windows\explorer.exe
C:\windows\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\windows\System32\RUNDLL32.EXE
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Ylosdz\Ojce.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\windows\System32\svsloadn32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\wp.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\System32\wuauclt.exe
C:\Program Files\mIRC\mirc.exe
C:\Documents and Settings\G-unit soldier\Bureaublad\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\G-UNIT~1\LOCALS~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\G-UNIT~1\LOCALS~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SEDP Class - {3BA765C2-08DB-4fe2-9279-311CA10D582A} - C:\windows\sehlpw.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: (no name) - {EC956D4A-50AC-43C6-823D-AB8C101F5368} - C:\windows\System32\nmii.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SToolbar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\windows\stlbd.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [Windows Xp Service Pack 2] C:\WINDOWS\system\svchost.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\ogqtulg.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [BKC6a] C:\WINDOWS\gsqxmhbf.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Tsl] C:\PROGRA~1\COMMON~1\tsa\tsl.exe
O4 - HKLM\..\Run: [Kapbw] C:\Program Files\Ylosdz\Ojce.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [svsload32] svsloadn32.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\RunServices: [svsload32] svsloadn32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MessengerDiscovery] C:\Program Files\MessengerDiscovery\MessengerDiscovery.exe
O4 - HKCU\..\Run: [CTFMON32] C:\windows\System32\CTFMON32.EXE
O4 - HKCU\..\Run: [CSRSSU] C:\windows\System32\CSRSSU.EXE
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {8F4BB684-6E18-4C7C-B32E-A0E1F76D8197} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8F4BB684-6E18-4C7C-B32E-A0E1F76D8197} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {A189F86C-EFD3-4146-BAD7-4CB58D6BF4CF} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A189F86C-EFD3-4146-BAD7-4CB58D6BF4CF} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F9DE8909-4A95-477D-8439-F2776EEE1BB2} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F9DE8909-4A95-477D-8439-F2776EEE1BB2} - (no file) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Filter: text/html - {C7239C7F-A98E-451D-BF33-B407855B3B2D} - C:\windows\System32\nmii.dll
O18 - Filter: text/plain - {C7239C7F-A98E-451D-BF33-B407855B3B2D} - C:\windows\System32\nmii.dll
O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290B5B738} - C:\WINDOWS\System32\Ifjpqdcq.dll
O23 - Service: AVG6 Service (AvgServ) - GRISOFT s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

gregman
17 april 2005, 11:10
hmmm... kan het dat je een skin op je pc staan ebt?
(stylexp) anders moet je eens een andere downloaden (vb van alienware)
en kijk dan of je hetzelfde tegenkomt

Grtz, Grego

Cuniva
17 april 2005, 12:30
ja , ik heb stylexp staan .. wat moet ik doen?

st3ph3n
17 april 2005, 14:11
Malware processen:
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Ylosdz\Ojce.exe
C:\windows\System32\svsloadn32.exe
C:\wp.exe

Te fixen:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\G-UNIT~1\LOCALS~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\G-UNIT~1\LOCALS~1\Temp\se.dll/spage.html
O2 - BHO: SEDP Class - {3BA765C2-08DB-4fe2-9279-311CA10D582A} - C:\windows\sehlpw.dll
O2 - BHO: (no name) - {EC956D4A-50AC-43C6-823D-AB8C101F5368} - C:\windows\System32\nmii.dll
O3 - Toolbar: SToolbar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\windows\stlbd.dll
O4 - HKLM\..\Run: [Windows Xp Service Pack 2] C:\WINDOWS\system\svchost.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\ogqtulg.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [BKC6a] C:\WINDOWS\gsqxmhbf.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Tsl] C:\PROGRA~1\COMMON~1\tsa\tsl.exe
O4 - HKLM\..\Run: [Kapbw] C:\Program Files\Ylosdz\Ojce.exe
O4 - HKLM\..\Run: [svsload32] svsloadn32.exe
O4 - HKLM\..\RunServices: [svsload32] svsloadn32.exe
O4 - HKCU\..\Run: [CTFMON32] C:\windows\System32\CTFMON32.EXE
O4 - HKCU\..\Run: [CSRSSU] C:\windows\System32\CSRSSU.EXE
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O9 - Extra button: Microsoft AntiSpyware helper - {8F4BB684-6E18-4C7C-B32E-A0E1F76D8197} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8F4BB684-6E18-4C7C-B32E-A0E1F76D8197} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {A189F86C-EFD3-4146-BAD7-4CB58D6BF4CF} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A189F86C-EFD3-4146-BAD7-4CB58D6BF4CF} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F9DE8909-4A95-477D-8439-F2776EEE1BB2} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F9DE8909-4A95-477D-8439-F2776EEE1BB2} - (no file) (HKCU)
O18 - Filter: text/html - {C7239C7F-A98E-451D-BF33-B407855B3B2D} - C:\windows\System32\nmii.dll
O18 - Filter: text/plain - {C7239C7F-A98E-451D-BF33-B407855B3B2D} - C:\windows\System32\nmii.dll
O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290B5B738} - C:\WINDOWS\System32\Ifjpqdcq.dll

Je hebt malware processen dus je zal moeten opstarten naar Veilige Modus. Daar kan je bovenstaande items fixen met HiJackThis. Achteraf kan je gewoon opstarten naar Normale Modus.

Steven

PS: Hier worden enkel HiJackThis-logs opgekuist. Voor andere vragen moet je in Software-forum of Windows-forum zijn.

Cuniva
17 april 2005, 16:07
ok , ik heb dat nu gedaan , maar ik heb nog steeds die 2 problemen :/

st3ph3n
17 april 2005, 20:46
Dan is die infectie mogelijk niet helemaal verwijderd. Post eens een nieuw log.

Steven

Cuniva
17 april 2005, 20:58
dit is mn log van nu ;
Logfile of HijackThis v1.99.1
Scan saved at 17:37:08, on 17/04/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\System32\nvsvc32.exe
C:\windows\System32\svchost.exe
C:\windows\explorer.exe
C:\windows\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\windows\System32\RUNDLL32.EXE
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\windows\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\G-unit soldier\Bureaublad\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\G-UNIT~1\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MessengerDiscovery] C:\Program Files\MessengerDiscovery\MessengerDiscovery.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: AVG6 Service (AvgServ) - GRISOFT s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe

st3ph3n
17 april 2005, 21:38
Te fixen:
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\G-UNIT~1\LOCALS~1\Temp\se.dll,DllInstall

Best is dat je ook dit verwijdert in Veilige Modus.

Steven

j .
18 april 2005, 00:05
Als dat het niet oplost, moet je in het register duiken:
maak eerst een herstelpunt met systeemherstel.
Start>uitvoeren>regedit
Ga dan naar HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\System
Verwijder alles in die map behalve default (rechtsklik + verwijder).
Let wel: zo kunnen ook andere instellingen verdwijnen, en je moet nog steeds zelf de desktop herinstellen.
Verwijder ook wp.bmp en wp.exe (in c:\)

Als alles terug in orde is, maak dan een nieuw herstelpunt met systeemherstel.