Vraag & Antwoord

Beveiliging & privacy

Opstartitems verdwenen??

10 antwoorden
  • Hallo, Over Norton gesproken, in een ander onderwerp, ik zie opeens dat die niet meer opstart. Bij MSCONFIG zijn alle opstart items verdwenen behalve die van de router. Windows start echter normaal op ?? Iemand die weet hoe ik mijn oude opstartitems weer terug kan krijgen. Hiervoor had ik quicktime verwijderd omdat ik een melding kreeg van Norton dat qttask.exe, 59 wijzigingen had aangebracht in mijn register. Bij voorbaat dank voor aanwijzingen in dit mysterie.
  • Open een leeg kladblok venster en kopieer/plak onderstaande dikgedrukte tekst daarin: [b:82a90e5a11] regedit /e peek1.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\MSConfig\startupreg" regedit /e peek2.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\MSConfig\startupfolder" type peek1.txt >> output.txt type peek2.txt >> output.txt del peek*.txt start notepad output.txt [/b:82a90e5a11] Sla het vervolgens op als [b:82a90e5a11]fix.bat[/b:82a90e5a11] op je [u:82a90e5a11]Bureaublad[/u:82a90e5a11] Kies bij Opslaan als type voor [b:82a90e5a11]Alle bestanden[/b:82a90e5a11]. Plaats de inhoud van output.txt in je volgende bericht :wink: Succes! Pim
  • Dank voor advies, hier is de output Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\MSConfig\startupreg] Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\MSConfig\startupfolder]
  • Misschien een Hijackthis plaatsen om te zien wat er gaande is.
  • Kunnen we proberen, de uitkomst hoort niet te zijn zoals het is. Plaats maar :)
  • Hier is de hijack logfile. Overigens zag ik dat de lege register sleutels normaal zijn, ook bij mijn andere computer. De opstartitems van msconfig staan daar in : HKLM\Software\microsoft\windows\currentversion\run Op deze computer bestaat deze sleutel niet, wel een run- ????? De Norton start ik nu handmatig ( CCApp.exe. ) voor ik op Internet ga. Hoe krijg ik mijn opstart items terug. Een systeemherstel werkt niet in normale modus, melding is er is niets veranderd, dus niets te herstellen. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:02:22, on 7-1-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Apps\ActivBoard\nhksrv.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.nl/home/home_center.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\van Buuren\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\van Buuren\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Setup.exe" "/REALUPREBOOT /temp /patched" O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user') O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177575424593 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe -- End of file - 7228 bytes
  • Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe Plaats het op je bureaublad. Dubbelklik er op om het programma te starten. In het scherm dat verschijnt tik je een 1 in om het cleaning- en analysesproces te laten uitvoeren. Volg de instructies op het scherm. Als het tooltje klaar is, opent er een logfile (combofix.txt). Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
  • Hier zijn de beide logs Ik ben benieuwd. ComboFix 08-01-04.1 - van Buuren 2008-01-07 14:59:09.1 - NTFSx86 Gestart vanuit: C:\Documents and Settings\van Buuren\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((( Bestanden Gemaakt van 2007-12-07 to 2008-01-07 )))))))))))))))))))))))))))))) . 2008-01-07 14:58 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-07 11:02 . 2001-08-17 21:28 771,581 --a------ C:\WINDOWS\system32\dllcache\OLDCC6.tmp 2008-01-07 11:01 . 2001-08-17 21:28 794,654 --a------ C:\WINDOWS\system32\dllcache\OLDC4B.tmp 2008-01-07 11:00 . 2004-08-04 06:32 571,392 --a------ C:\WINDOWS\system32\dllcache\OLDBC9.tmp 2008-01-07 10:59 . 2004-08-04 09:03 464,384 --a------ C:\WINDOWS\system32\dllcache\OLDB1F.tmp 2008-01-07 10:58 . 2001-09-06 21:27 495,616 --a------ C:\WINDOWS\system32\dllcache\OLDA42.tmp 2008-01-07 10:57 . 2001-09-06 20:29 899,594 --a------ C:\WINDOWS\system32\dllcache\OLD9BD.tmp 2008-01-07 10:56 . 2004-08-04 06:31 482,304 --a------ C:\WINDOWS\system32\dllcache\OLD958.tmp 2008-01-07 10:55 . 2007-02-28 17:05 2,020,352 --a------ C:\WINDOWS\system32\dllcache\OLD8B0.tmp 2008-01-07 10:54 . 2002-09-11 12:00 1,875,968 --a------ C:\WINDOWS\system32\dllcache\OLD828.tmp 2008-01-07 10:53 . 2002-09-11 12:00 1,158,818 --a------ C:\WINDOWS\system32\dllcache\OLD782.tmp 2008-01-07 10:52 . 2004-08-04 06:31 811,064 --a------ C:\WINDOWS\system32\dllcache\OLD6DD.tmp 2008-01-07 10:51 . 2002-09-11 12:00 13,463,552 --a------ C:\WINDOWS\system32\dllcache\OLD677.tmp 2008-01-07 10:50 . 2001-09-06 21:26 1,733,120 --a------ C:\WINDOWS\system32\dllcache\OLD5CC.tmp 2008-01-07 10:49 . 2001-09-06 19:54 634,198 --a------ C:\WINDOWS\system32\dllcache\OLD48A.tmp 2008-01-07 10:48 . 2001-08-17 20:14 952,007 --a------ C:\WINDOWS\system32\dllcache\OLD437.tmp 2008-01-07 10:47 . 2002-09-11 12:00 1,677,824 --a------ C:\WINDOWS\system32\dllcache\OLD2F5.tmp 2008-01-07 10:46 . 2001-08-17 21:28 871,388 --a------ C:\WINDOWS\system32\dllcache\OLD18E.tmp 2008-01-07 10:45 . 2001-09-06 21:26 382,592 --a------ C:\WINDOWS\system32\dllcache\OLD10E.tmp 2008-01-07 10:44 . 2001-08-17 21:28 762,780 --a------ C:\WINDOWS\system32\dllcache\OLD87.tmp 2008-01-07 10:43 . 2008-01-07 11:03 <DIR> d-------- C:\WINDOWS\LastGood 2008-01-06 18:56 . 2008-01-06 19:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-04 14:08 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-12-21 13:59 --------- d-----w C:\Program Files\Norton AntiVirus 2007-12-11 13:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-12-05 14:29 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-12-05 14:29 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2007-12-05 14:29 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-12-05 14:29 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-12-05 14:29 --------- d-----w C:\Program Files\Symantec 2007-11-30 22:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys 2007-11-30 22:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys 2007-11-30 22:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys 2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat 2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat 2007-11-30 22:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat 2007-11-30 22:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf 2007-11-30 22:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf 2007-11-30 22:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf 2007-11-25 11:10 --------- d-----w C:\Program Files\Windows Sidebar 2007-11-19 14:17 --------- d-----w C:\Documents and Settings\van Buuren\Application Data\Symantec 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-30 23:27 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-25 16:44 8,507,392 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll 2007-10-10 23:54 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll 2007-10-10 23:53 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll 2007-10-10 23:53 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll 2007-10-10 23:53 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll 2007-10-10 23:53 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-10-10 23:53 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-10-10 23:53 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-10-10 23:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll 2007-10-10 23:53 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-10-10 23:53 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-10-10 23:53 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-10-10 23:53 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll 2007-10-10 23:53 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll 2007-10-10 23:53 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-10-10 23:53 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-10-10 23:53 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll 2007-10-10 23:53 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-10-10 23:53 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll 2007-10-10 23:53 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll 2007-10-10 23:53 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll 2007-10-10 23:53 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll 2007-10-10 23:53 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll 2007-10-10 11:02 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-10-10 11:02 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe 2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll 2004-11-14 11:16 56,816 ----a-w C:\Documents and Settings\van Buuren\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] 2007-11-25 12:13 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "SymLnch"="C:\Documents and Settings\van Buuren\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Support\SymLnch\SymLnch.exe" [2007-08-26 17:04 687976] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Symantec Network Driver Update Warning"="C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE" [ ] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Sitecom Wireless Utility.lnk - C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE [2007-01-11 15:34:30] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" "ACTIVBOARD"=C:\Apps\ActivBoard\MMKeybd.exe "EM_EXEC"=C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE "SoundMan"=SOUNDMAN.EXE "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2000-10-03 14:18] R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2002-06-07 11:38] R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-24 22:07] R2 nhksrv;Netropa NHK Server;C:\Apps\ActivBoard\nhksrv.exe [2000-09-13 15:18] R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 11:17] R3 LCcFltr;Logitech USB Filter Driver;C:\WINDOWS\system32\drivers\LCcFltr.Sys [2004-03-03 09:50] R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27] S3 cmudau;C-Media USB Sound Interface;C:\WINDOWS\system32\drivers\cmudau.sys [] S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55] S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 16:57] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 16:58] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 16:59] S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27] S3 V90drv;v90drv;C:\WINDOWS\system32\DRIVERS\v90drv.sys [] *Newly Created Service* - PROCEXP90 . Inhoud van de 'Gedeelde Taken' map "2007-12-01 17:47:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-11-25 11:21:12 C:\WINDOWS\Tasks\Norton AntiVirus - Volledige systeemscan uitvoeren - van Buuren.job" - C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK: . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-07 15:03:48 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-01-07 15:04:56 ComboFix2.txt 2007-10-18 12:40:04 . 2007-12-12 14:31:21 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:06:47, on 7-1-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Apps\ActivBoard\nhksrv.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.nl/home/home_center.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\van Buuren\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\van Buuren\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Setup.exe" "/REALUPREBOOT /temp /patched" O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user') O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177575424593 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe -- End of file - 6937 bytes
  • Al verder speurend vond ik bij Norton, dat ik een verwijderd risico, nl. de qktask.exe weer kon herstellen, uit de quarantaine halen. Dit gedaan en de opstart file was weer terug in Msconfig. Quicktime die ik had verwijderd via Software is nog steeds weg. Het blijkt nu dat Norton het hele Msconfig bestand had geschoond ipv alleen de qktask.exe. Nu het programma opgeruimd is, is er ook geen opstart item meer. Dus probleem is opgelost, Norton was te rigoreus. Was er nog nieuws over de combofix en hijack log. Met dank voor de moeite en geduld. :D
  • Mooi dat je het zelf had opgelost want eerlijk gezegt taste ik in het duister :o Deinstalleer Combofix: Ga naar start --> uitvoeren en typ daar: [b:968a1feda3]combofix /u[/b:968a1feda3] Combofix wordt nu verwijderd en er wordt een nieuw herstelpunt aangemaakt. Voor de rest ziet het er goed uit :) Pim

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.