Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Opstartitems verdwenen??

Edouard
10 antwoorden
  • Hallo,

    Over Norton gesproken, in een ander onderwerp, ik zie opeens dat die niet meer opstart. Bij MSCONFIG zijn alle opstart items verdwenen behalve die van de router.

    Windows start echter normaal op ??

    Iemand die weet hoe ik mijn oude opstartitems weer terug kan krijgen.

    Hiervoor had ik quicktime verwijderd omdat ik een melding kreeg van Norton dat qttask.exe, 59 wijzigingen had aangebracht in mijn register.

    Bij voorbaat dank voor aanwijzingen in dit mysterie.
  • Open een leeg kladblok venster en kopieer/plak onderstaande dikgedrukte tekst daarin:
    [b:82a90e5a11]
    regedit /e peek1.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\MSConfig\startupreg"
    regedit /e peek2.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\MSConfig\startupfolder"
    type peek1.txt >> output.txt
    type peek2.txt >> output.txt
    del peek*.txt
    start notepad output.txt
    [/b:82a90e5a11]
    Sla het vervolgens op als [b:82a90e5a11]fix.bat[/b:82a90e5a11] op je [u:82a90e5a11]Bureaublad[/u:82a90e5a11]
    Kies bij Opslaan als type voor [b:82a90e5a11]Alle bestanden[/b:82a90e5a11].

    Plaats de inhoud van output.txt in je volgende bericht :wink:

    Succes!
    Pim
  • Dank voor advies,
    hier is de output

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\MSConfig\startupreg]

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\MSConfig\startupfolder]
  • Misschien een Hijackthis plaatsen om te zien wat er gaande is.
  • Kunnen we proberen, de uitkomst hoort niet te zijn zoals het is.
    Plaats maar :)
  • Hier is de hijack logfile.

    Overigens zag ik dat de lege register sleutels normaal zijn, ook bij mijn andere computer. De opstartitems van msconfig staan daar in :

    HKLM\Software\microsoft\windows\currentversion\run

    Op deze computer bestaat deze sleutel niet, wel een run- ?????

    De Norton start ik nu handmatig ( CCApp.exe. ) voor ik op Internet ga.

    Hoe krijg ik mijn opstart items terug. Een systeemherstel werkt niet in normale modus, melding is er is niets veranderd, dus niets te herstellen.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:02:22, on 7-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Apps\ActivBoard
    hksrv.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.nl/home/home_center.asp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\van Buuren\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\van Buuren\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Setup.exe" "/REALUPREBOOT /temp /patched"
    O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user')
    O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177575424593
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard
    hksrv.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe


    End of file - 7228 bytes

  • Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Plaats het op je bureaublad.
    Dubbelklik er op om het programma te starten.
    In het scherm dat verschijnt tik je een 1 in om het cleaning- en analysesproces te laten uitvoeren.
    Volg de instructies op het scherm.
    Als het tooltje klaar is, opent er een logfile (combofix.txt).
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
  • Hier zijn de beide logs

    Ik ben benieuwd.



    ComboFix 08-01-04.1 - van Buuren 2008-01-07 14:59:09.1 - NTFSx86
    Gestart vanuit: C:\Documents and Settings\van Buuren\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2007-12-07 to 2008-01-07 ))))))))))))))))))))))))))))))
    .

    2008-01-07 14:58 . 2000-08-31 08:00 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2008-01-07 11:02 . 2001-08-17 21:28 771,581 –a—— C:\WINDOWS\system32\dllcache\OLDCC6.tmp
    2008-01-07 11:01 . 2001-08-17 21:28 794,654 –a—— C:\WINDOWS\system32\dllcache\OLDC4B.tmp
    2008-01-07 11:00 . 2004-08-04 06:32 571,392 –a—— C:\WINDOWS\system32\dllcache\OLDBC9.tmp
    2008-01-07 10:59 . 2004-08-04 09:03 464,384 –a—— C:\WINDOWS\system32\dllcache\OLDB1F.tmp
    2008-01-07 10:58 . 2001-09-06 21:27 495,616 –a—— C:\WINDOWS\system32\dllcache\OLDA42.tmp
    2008-01-07 10:57 . 2001-09-06 20:29 899,594 –a—— C:\WINDOWS\system32\dllcache\OLD9BD.tmp
    2008-01-07 10:56 . 2004-08-04 06:31 482,304 –a—— C:\WINDOWS\system32\dllcache\OLD958.tmp
    2008-01-07 10:55 . 2007-02-28 17:05 2,020,352 –a—— C:\WINDOWS\system32\dllcache\OLD8B0.tmp
    2008-01-07 10:54 . 2002-09-11 12:00 1,875,968 –a—— C:\WINDOWS\system32\dllcache\OLD828.tmp
    2008-01-07 10:53 . 2002-09-11 12:00 1,158,818 –a—— C:\WINDOWS\system32\dllcache\OLD782.tmp
    2008-01-07 10:52 . 2004-08-04 06:31 811,064 –a—— C:\WINDOWS\system32\dllcache\OLD6DD.tmp
    2008-01-07 10:51 . 2002-09-11 12:00 13,463,552 –a—— C:\WINDOWS\system32\dllcache\OLD677.tmp
    2008-01-07 10:50 . 2001-09-06 21:26 1,733,120 –a—— C:\WINDOWS\system32\dllcache\OLD5CC.tmp
    2008-01-07 10:49 . 2001-09-06 19:54 634,198 –a—— C:\WINDOWS\system32\dllcache\OLD48A.tmp
    2008-01-07 10:48 . 2001-08-17 20:14 952,007 –a—— C:\WINDOWS\system32\dllcache\OLD437.tmp
    2008-01-07 10:47 . 2002-09-11 12:00 1,677,824 –a—— C:\WINDOWS\system32\dllcache\OLD2F5.tmp
    2008-01-07 10:46 . 2001-08-17 21:28 871,388 –a—— C:\WINDOWS\system32\dllcache\OLD18E.tmp
    2008-01-07 10:45 . 2001-09-06 21:26 382,592 –a—— C:\WINDOWS\system32\dllcache\OLD10E.tmp
    2008-01-07 10:44 . 2001-08-17 21:28 762,780 –a—— C:\WINDOWS\system32\dllcache\OLD87.tmp
    2008-01-07 10:43 . 2008-01-07 11:03 <DIR> d——– C:\WINDOWS\LastGood
    2008-01-06 18:56 . 2008-01-06 19:28 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-04 14:08 ——— d—–w C:\Program Files\Common Files\Symantec Shared
    2007-12-21 13:59 ——— d—–w C:\Program Files\Norton AntiVirus
    2007-12-11 13:55 ——— d—–w C:\Documents and Settings\All Users\Application Data\Symantec
    2007-12-05 14:29 805 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2007-12-05 14:29 60,800 —-a-w C:\WINDOWS\system32\S32EVNT1.DLL
    2007-12-05 14:29 123,952 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-12-05 14:29 10,740 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2007-12-05 14:29 ——— d—–w C:\Program Files\Symantec
    2007-11-30 22:57 43,696 —-a-w C:\WINDOWS\system32\drivers\srtspx.sys
    2007-11-30 22:57 317,616 —-a-w C:\WINDOWS\system32\drivers\srtspl.sys
    2007-11-30 22:57 279,088 —-a-w C:\WINDOWS\system32\drivers\srtsp.sys
    2007-11-30 22:57 10,549 —-a-w C:\WINDOWS\system32\drivers\srtspx.cat
    2007-11-30 22:57 10,549 —-a-w C:\WINDOWS\system32\drivers\srtspl.cat
    2007-11-30 22:57 10,545 —-a-w C:\WINDOWS\system32\drivers\srtsp.cat
    2007-11-30 22:57 1,430 —-a-w C:\WINDOWS\system32\drivers\srtspl.inf
    2007-11-30 22:57 1,421 —-a-w C:\WINDOWS\system32\drivers\srtspx.inf
    2007-11-30 22:57 1,415 —-a-w C:\WINDOWS\system32\drivers\srtsp.inf
    2007-11-25 11:10 ——— d—–w C:\Program Files\Windows Sidebar
    2007-11-19 14:17 ——— d—–w C:\Documents and Settings\van Buuren\Application Data\Symantec
    2007-11-13 10:25 20,480 —-a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-10-30 23:27 3,590,656 —-a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-10-29 22:45 1,291,776 —-a-w C:\WINDOWS\system32\quartz.dll
    2007-10-29 22:45 1,291,776 —-a-w C:\WINDOWS\system32\dllcache\quartz.dll
    2007-10-25 16:44 8,507,392 —-a-w C:\WINDOWS\system32\dllcache\shell32.dll
    2007-10-25 08:28 222,720 —-a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-25 08:28 222,720 —-a-w C:\WINDOWS\system32\dllcache\wmasf.dll
    2007-10-10 23:54 824,832 —-a-w C:\WINDOWS\system32\dllcache\wininet.dll
    2007-10-10 23:53 671,232 —-a-w C:\WINDOWS\system32\dllcache\mstime.dll
    2007-10-10 23:53 63,488 ——w C:\WINDOWS\system32\dllcache\icardie.dll
    2007-10-10 23:53 6,065,664 ——w C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-10-10 23:53 52,224 ——w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2007-10-10 23:53 478,208 —-a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-10-10 23:53 459,264 ——w C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-10-10 23:53 44,544 —-a-w C:\WINDOWS\system32\dllcache\iernonce.dll
    2007-10-10 23:53 384,512 —-a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
    2007-10-10 23:53 383,488 ——w C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-10-10 23:53 27,648 —-a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-10-10 23:53 267,776 ——w C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-10-10 23:53 232,960 —-a-w C:\WINDOWS\system32\dllcache\webcheck.dll
    2007-10-10 23:53 230,400 —-a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
    2007-10-10 23:53 214,528 —-a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    2007-10-10 23:53 193,024 —-a-w C:\WINDOWS\system32\dllcache\msrating.dll
    2007-10-10 23:53 153,088 —-a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
    2007-10-10 23:53 132,608 —-a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-10-10 23:53 124,928 —-a-w C:\WINDOWS\system32\dllcache\advpack.dll
    2007-10-10 23:53 105,984 —-a-w C:\WINDOWS\system32\dllcache\url.dll
    2007-10-10 23:53 102,400 —-a-w C:\WINDOWS\system32\dllcache\occache.dll
    2007-10-10 23:53 1,159,680 —-a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-10-10 11:02 70,656 —-a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2007-10-10 11:02 625,152 —-a-w C:\WINDOWS\system32\dllcache\iexplore.exe
    2007-10-10 10:59 13,824 ——w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-10-10 05:46 161,792 —-a-w C:\WINDOWS\system32\dllcache\ieakui.dll
    2004-11-14 11:16 56,816 —-a-w C:\Documents and Settings\van Buuren\Application Data\GDIPFONTCACHEV1.DAT
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
    2007-11-25 12:13 116088 –a—— C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "SymLnch"="C:\Documents and Settings\van Buuren\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Support\SymLnch\SymLnch.exe" [2007-08-26 17:04 687976]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Symantec Network Driver Update Warning"="C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE" [ ]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Sitecom Wireless Utility.lnk - C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE [2007-01-11 15:34:30]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
    "ACTIVBOARD"=C:\Apps\ActivBoard\MMKeybd.exe
    "EM_EXEC"=C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    "SoundMan"=SOUNDMAN.EXE
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
    "HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2000-10-03 14:18]
    R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2002-06-07 11:38]
    R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-24 22:07]
    R2 nhksrv;Netropa NHK Server;C:\Apps\ActivBoard
    hksrv.exe [2000-09-13 15:18]
    R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 11:17]
    R3 LCcFltr;Logitech USB Filter Driver;C:\WINDOWS\system32\drivers\LCcFltr.Sys [2004-03-03 09:50]
    R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
    S3 cmudau;C-Media USB Sound Interface;C:\WINDOWS\system32\drivers\cmudau.sys []
    S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 16:57]
    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 16:58]
    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 16:59]
    S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
    S3 V90drv;v90drv;C:\WINDOWS\system32\DRIVERS\v90drv.sys []

    *Newly Created Service* - PROCEXP90
    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-12-01 17:47:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2007-11-25 11:21:12 C:\WINDOWS\Tasks\Norton AntiVirus - Volledige systeemscan uitvoeren - van Buuren.job"
    - C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-07 15:03:48
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2008-01-07 15:04:56
    ComboFix2.txt 2007-10-18 12:40:04
    .
    2007-12-12 14:31:21 — E O F —


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:06:47, on 7-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Apps\ActivBoard
    hksrv.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.nl/home/home_center.asp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\van Buuren\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\van Buuren\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Setup.exe" "/REALUPREBOOT /temp /patched"
    O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user')
    O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177575424593
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard
    hksrv.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe


    End of file - 6937 bytes


  • Al verder speurend vond ik bij Norton, dat ik een verwijderd risico, nl. de qktask.exe weer kon herstellen, uit de quarantaine halen.

    Dit gedaan en de opstart file was weer terug in Msconfig.

    Quicktime die ik had verwijderd via Software is nog steeds weg. Het blijkt nu dat Norton het hele Msconfig bestand had geschoond ipv alleen de qktask.exe.

    Nu het programma opgeruimd is, is er ook geen opstart item meer.

    Dus probleem is opgelost, Norton was te rigoreus.

    Was er nog nieuws over de combofix en hijack log.

    Met dank voor de moeite en geduld. :D
  • Mooi dat je het zelf had opgelost want eerlijk gezegt taste ik in het duister :o

    Deinstalleer Combofix:
    Ga naar start –> uitvoeren en typ daar: [b:968a1feda3]combofix /u[/b:968a1feda3]
    Combofix wordt nu verwijderd en er wordt een nieuw herstelpunt aangemaakt.

    Voor de rest ziet het er goed uit :)
    Pim

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.