Vraag & Antwoord

Beveiliging & privacy

kan niet op map all user documents komen

Anoniem
sjouwer
13 antwoorden
  • bij installeren van een programma werd bij 10 % afgebroken door beveiliging van all user/documents

    ook bji het administation account is dit het geval

    ook bij het toestemming geven door het delen en beveiligen toestemming te geven blijft het probleem

    de map wordt dan trouwens shared documents

    avg en mbam vonden niks

    combofix vond wel wat

    log mbam

    Malwarebytes' Anti-Malware 1.44
    Database versie: 3510
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    25-2-2010 21:52:51
    mbam-log-2010-02-25 (21-52-51).txt

    Scan type: Snelle Scan
    Objecten gescand: 130966
    Verstreken tijd: 36 minute(s), 22 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    volgt combofix
    Anoniem
    Anoniem
  • ComboFix 10-02-25.02 - ClubPerfect 7 25-02-2010 22:10:31.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.176 [GMT 1:00]
    Running from: E:\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\srchasst
    ls302en.lex
    c:\windows\system32\Thumbs.db

    .
    ((((((((((((((((((((((((( Files Created from 2010-01-25 to 2010-02-25 )))))))))))))))))))))))))))))))
    .

    2010-02-25 20:14 . 2010-02-25 20:14 ——– d—–w- c:\program files\TrendMicro
    2010-02-25 20:13 . 2010-02-25 20:13 ——– d—–w- c:\documents and settings\ClubPerfect 7\Application Data\Malwarebytes
    2010-02-25 20:13 . 2010-01-07 15:07 19160 —-a-w- c:\windows\system32\drivers\mbam.sys
    2010-02-25 20:13 . 2010-01-07 15:07 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-02-25 20:12 . 2010-02-25 20:12 ——– d—–w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-02-25 20:12 . 2010-02-25 20:15 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2010-02-16 19:01 . 2010-02-16 19:01 ——– d—–w- c:\documents and settings\All Users\New Folder
    2010-02-16 17:24 . 2010-02-16 17:24 ——– d-sh–w- c:\documents and settings\Administrator\IETldCache

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-02-25 21:39 . 2008-08-23 08:05 62523424 –sha-w- c:\windows\system32\drivers\fidbox.dat
    2010-02-25 21:33 . 2010-02-25 21:33 2490826 —-a-w- c:\windows\Internet Logs\tvDebug.zip
    2010-02-25 21:31 . 2008-08-23 08:05 733556 –sha-w- c:\windows\system32\drivers\fidbox.idx
    2010-02-25 20:14 . 2010-02-25 20:14 388096 —-a-r- c:\documents and settings\ClubPerfect 7\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
    2010-02-25 20:14 . 2010-02-25 20:14 5115823 —-a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2010-02-16 19:11 . 2006-05-13 18:45 ——– d—–w- c:\program files\Corel
    2010-02-16 17:09 . 2006-05-13 18:38 ——– d—–w- c:\program files\WordPerfect OfficeReady 1.5
    2010-02-16 17:08 . 2004-05-08 22:30 ——– d–h–w- c:\program files\InstallShield Installation Information
    2010-02-16 16:59 . 2008-11-29 18:37 ——– d—–w- c:\program files\Google
    2010-02-11 06:13 . 2010-02-16 16:48 266240 —-a-w- c:\windows\Internet Logs\xDB3.tmp
    2009-12-31 16:50 . 1980-01-01 07:00 353792 —-a-w- c:\windows\system32\drivers\srv.sys
    2009-12-26 07:37 . 2006-09-30 08:14 6580 –sha-w- c:\windows\system32\KGyGaAvL.sys
    2009-12-21 19:14 . 1980-01-01 07:00 916480 —-a-w- c:\windows\system32\wininet.dll
    2009-12-16 18:43 . 2002-09-27 00:11 343040 —-a-w- c:\windows\system32\mspaint.exe
    2009-12-14 07:08 . 1980-01-01 07:00 33280 —-a-w- c:\windows\system32\csrsrv.dll
    2009-12-04 18:22 . 1980-01-01 07:00 455424 —-a-w- c:\windows\system32\drivers\mrxsmb.sys
    2007-02-10 11:40 . 2006-05-13 18:11 61038 -c–a-w- c:\program files\mozilla firefox\components\jar50.dll
    2007-02-10 11:40 . 2006-05-13 18:11 49256 -c–a-w- c:\program files\mozilla firefox\components\jsd3250.dll
    2007-02-10 11:40 . 2006-05-13 18:11 166000 -c–a-w- c:\program files\mozilla firefox\components\xpinstal.dll
    2009-02-16 20:13 . 2006-09-30 11:06 88 -csh–r- c:\windows\system32\4E7DB04ADC.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2003-01-07 495616]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "S3TRAY2"="S3Tray2.exe" [2001-10-12 69632]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-07-31 110592]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-07-31 512000]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
    "TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2003-08-07 94208]
    "BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2002-11-01 64000]
    "TPTRAY"="c:\progra~1\ThinkPad\UTILIT~1\TP98TRAY.EXE" [2002-11-01 48640]
    "QCWLICON"="c:\program files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2003-03-27 53248]
    "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2003-08-08 897024]
    "TP4EX"="tp4ex.exe" [2002-09-04 53248]
    "NPDTray"="c:\progra~1\ThinkPad\UTILIT~1\NPDTray.exe" [2002-10-30 204800]
    "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2002-11-01 204800]
    "AGRSMMSG"="AGRSMMSG.exe" [2002-10-18 87751]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-04-30 315392]
    "tgcmd"="c:\program files\Support.com\bin\tgcmd.exe" [2002-10-16 1622016]
    "ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2003-01-07 495616]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
    "PdxRegCl"="c:\program files\Paradox\Programs\PdxRegCl.exe" [2004-06-14 49152]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
    Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2002-1-10 200704]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\avgrsstarter]
    2009-10-29 16:42 12464 —-a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Support.com\\Bin\\tgcmd.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [18-4-2009 9:20 333192]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [18-4-2009 9:20 360584]
    R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [8-5-2004 23:29 12288]
    R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [29-10-2009 17:41 906520]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [29-10-2009 17:41 285392]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13-11-2009 12:31 92008]
    R3 AEIWL;IBM High Rate Wireless LAN MiniPCI Combo Card Driver;c:\windows\system32\drivers\AEIWLNDS.sys [1-1-1980 8:00 611328]
    S3 gpslc;gpslc;c:\windows\system32\drivers\gpslc.sys [8-10-2009 19:31 56832]

    — Other Services/Drivers In Memory —

    *Deregistered* - uphcleanhlp
    .
    Contents of the 'Scheduled Tasks' folder

    2004-05-08 c:\windows\Tasks\BMMTask.job
    - c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2004-05-08 08:31]
    .
    .
    ——- Supplementary Scan ——-
    .
    uStart Page = about:blank
    IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
    TCP: {F87F08FC-C6D1-404E-AA48-0632823BC9E5} = 192.168.2.1
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\ClubPerfect 7\Application Data\Mozilla\Firefox\Profiles\ac2bjkau.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - about:blank
    FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
    FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    —- FIREFOX POLICIES —-
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties";);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties";);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-UC_SMB - (no file)
    AddRemove-HijackThis - e:\hijackthis202\HijackThis.exe
    AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-02-25 22:35
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ——————— DLLs Loaded Under Running Processes ———————

    - - - - - - - > 'winlogon.exe'(808)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(2992)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ———————— Other Running Processes ————————
    .
    c:\windows\system32\ibmpmsvc.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\AVG\AVG9\avgchsvx.exe
    c:\program files\AVG\AVG9\avgrsx.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\System32\QCONSVC.EXE
    c:\windows\system32\TpKmpSVC.exe
    c:\program files\UPHClean\uphclean.exe
    c:\program files\Canon\CAL\CALMAIN.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\RunDll32.exe
    c:\program files\AVG\AVG9\avgnsx.exe
    c:\windows\AGRSMMSG.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    c:\program files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
    c:\program files\ThinkPad\UltraNav Wizard\UNavTray.EXE
    c:\program files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2010-02-25 22:44:42 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-02-25 21:44

    Pre-Run: 2.971.148.288 bytes free
    Post-Run: 3.411.656.704 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

    - - End Of File - - 2F19FA2ADFC42D467BD51BE82A916771

    volgt hjt

    Anoniem
    Anoniem
  • deze moest over ivm winupdates

    Logfile of Trend Micro HijackThis v2.0.3 (BETA)
    Scan saved at 6:14:35, on 26-2-2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\QCONSVC.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
    C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
    C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
    C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
    C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
    O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
    O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
    O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
    O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
    O4 - HKLM\..\Run: [NPDTray] C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exe
    O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
    O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [PdxRegCl] "C:\Program Files\Paradox\Programs\PdxRegCl.exe" /s /c
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
    O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F87F08FC-C6D1-404E-AA48-0632823BC9E5}: NameServer = 192.168.2.1
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: PLSRemote Service (PLSRemoteSvc) - Unknown owner - C:\WINDOWS\SYSTEM32\PLSRemote.exe (file missing)
    O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


    End of file - 7983 bytes
    Anoniem
    Anoniem
  • Hallo Arie, indien ik mij niet vergis, is dit dezelfde PC als het vorige log?
    Anoniem
    Anoniem
  • nope

    de andere heeft geen zonealarm als firewall
    Anoniem
    Anoniem
  • ook de avg anti virus as daar niet
    Anoniem
    Anoniem
  • Het was alles plausibel als je die andere PC dan dezelfde beveiliging had gegeven.

    On topic: download, installeer en blijf [b:744b398e36]MBAM[/b:744b398e36] gebruiken.
    Al meteen na de installatie wil [b:744b398e36]MBAM[/b:744b398e36] zijn database opwaarderen – toestaan dus.
    Ook bij herhaald gebruik: eerst de tab [b:744b398e36]Update[/b:744b398e36] aandoen!

    [b:744b398e36]Download MBAM[/b:744b398e36] (KLIK)

    Start [b:744b398e36]MBAM[/b:744b398e36] en kies voor [b:744b398e36]Snelle Scan[/b:744b398e36]

    Het scannen kan een tijdje duren, dus wees geduldig.
    Wanneer de scan voltooid is, klik dan op de knop [b:744b398e36]OK[/b:744b398e36] , daarna op de knop [b:744b398e36]Bekijk Resultaten[/b:744b398e36] om de resultaten te zien.
    Zorg ervoor dat daar alles aangevinkt is, daarna klikken op: [b:744b398e36]Verwijder geselecteerde[/b:744b398e36] .
    Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

    Het log wordt automatisch bewaard door [b:744b398e36]MBAM[/b:744b398e36] en dat kan je terugvinden door op de tab [b:744b398e36]Logs[/b:744b398e36] te klikken in [b:744b398e36]MBAM[/b:744b398e36] .

    Indien [b:744b398e36]MBAM[/b:744b398e36] moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op [b:744b398e36]OK[/b:744b398e36] klikken!
    Daarna zal [b:744b398e36]MBAM[/b:744b398e36] vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.


    Hierna een nieuw Hijack This Log aanmaken en het resultaat daarvan samen met het scanresultaat van MBAM posten;
    tevens een Uninstall-lijst posten (Start HijackThis, klik op de knop [b:744b398e36]Open the Misc Tools section[/b:744b398e36], dan op de knop [b:744b398e36]Open Uninstall Manager[/b:744b398e36] en als laatse op de knop [b:744b398e36]Save[/b:744b398e36].
    Anoniem
    Anoniem
  • had ik niet eerder over mbam geschreven

    hierbij toch de log

    Malwarebytes' Anti-Malware 1.44
    Database versie: 3799
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    27-2-2010 6:41:41
    mbam-log-2010-02-27 (06-41-41).txt

    Scan type: Snelle Scan
    Objecten gescand: 121842
    Verstreken tijd: 17 minute(s), 8 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)
    Anoniem
    Anoniem
  • hjt log

    Logfile of Trend Micro HijackThis v2.0.3 (BETA)
    Scan saved at 6:43:52, on 27-2-2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\QCONSVC.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
    C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
    C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
    C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
    C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
    C:\Program Files\AVG\AVG9\avgscanx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
    O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
    O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
    O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
    O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
    O4 - HKLM\..\Run: [NPDTray] C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exe
    O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
    O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [PdxRegCl] "C:\Program Files\Paradox\Programs\PdxRegCl.exe" /s /c
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
    O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F87F08FC-C6D1-404E-AA48-0632823BC9E5}: NameServer = 192.168.2.1
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: PLSRemote Service (PLSRemoteSvc) - Unknown owner - C:\WINDOWS\SYSTEM32\PLSRemote.exe (file missing)
    O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


    End of file - 7973 bytes
    Anoniem
    Anoniem
  • uninstall log

    Access IBM
    Access IBM Message Center
    Access IBM Tools
    Adobe Flash Player 10 ActiveX
    Adobe Reader 7.0.7 - Nederlands
    Agere Systems AC'97 Modem
    alm
    AnswerWorks Runtime
    ATI Control Panel
    ATI Display Driver
    ATI HydraVision
    AVG Free 9.0
    AVRStudio4
    Bluetoothcomponent voor I-Qbot
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon EOS 5D WIA Driver
    CANON iMAGE GATEWAY Task for ZoomBrowser EX
    Canon Internet Library for ZoomBrowser EX
    Canon RAW Image Task for ZoomBrowser EX
    Canon Utilities CameraWindow
    Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
    Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    Canon Utilities Digital Photo Professional 3.4
    Canon Utilities EOS Utility
    Canon Utilities MyCamera
    Canon Utilities Original Data Security Tools
    Canon Utilities PhotoStitch
    Canon Utilities Picture Style Editor
    Canon Utilities RemoteCapture Task for ZoomBrowser EX
    Canon Utilities WFT-E1/E2/E3 Utility
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    CorelDRAW Graphics Suite X3
    Critical Update for Windows Media Player 11 (KB959772)
    FinePixViewer Ver.3.2
    FontNav
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    IBM Access Connections
    IBM Access Support
    IBM Access Support - Local Content Pack
    IBM Rapid Restore PC Setup
    IBM Themes
    IBM ThinkPad Battery MaxiMiser and Power Management Features
    IBM ThinkPad Configuration
    IBM ThinkPad EasyEject Utility
    IBM ThinkPad Keyboard Customizer Utility
    IBM ThinkPad Power Management Driver
    IBM ThinkPad Presentation Director
    IBM ThinkPad UltraNav Driver
    IBM ThinkPad UltraNav Wizard
    IBM TrackPoint Accessibility Features
    IBM Update Connector
    i-gotU Suite
    Intel(R) PRO Network Adapters and Drivers
    I-QBot PC Control
    I-QBot Visual C-like Editor
    Java 2 Runtime Environment, SE v1.4.2_13
    Java(TM) 6 Update 17
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office PowerPoint Viewer 2003
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Mozilla Firefox (1.5.0.9)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB933579)
    NL
    Paradox
    PC-Doctor for Windows
    PL-2303 USB-to-Serial
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 9 (KB911565)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978706)
    Support.com Software
    ThinkPad FullScreen Magnifier
    ThinkPad Software Installer
    TomTom HOME 2.7.3.1894
    TomTom HOME Visual Studio Merge Modules
    TPNala Wallpaper
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB969497)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Manager
    User Profile Hive Cleanup Service
    VBA
    WinAVR 20090313 (remove only)
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Format SDK Hotfix - KB891122
    Windows Media Player 11
    Windows Media Player 11
    Windows XP Service Pack 3
    ZoneAlarm
    Anoniem
    Anoniem
  • Goedemorgen Arie,
    je hebt software van Support.com Software geïnstalleerd.
    Daarmee hangt deze entrie samen: O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
    Het algemen vermoeden is, dat deze service gegevens van jou doorstuurt naar Support.com.

    Dus indien je deze regel wil fixen, dan is dat geen problem!
    Indien je deze regel fixt, dien je daarna je thinkpad opnieuw op te starten.


    N.B.: verder geeft je log geen aanwijzingen waarom je een probleem hebt met het openen van de map All Users\Documents.


    Start HijackThis opnieuw en kies voor [b:e9cf15687d]Scan only[/b:e9cf15687d],

    • zet een vinkje voor die regel(s) welke met de onderstaande regels corresponderen
    • vervolgens klik je daarna op de knop [b:e9cf15687d]Fix checked[/b:e9cf15687d]

    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
    O23 - Service: PLSRemote Service (PLSRemoteSvc) - Unknown owner - C:\WINDOWS\SYSTEM32\PLSRemote.exe (file missing)



    De geïnstalleerde Adobe Reader is oud en daardoor een veiligheidsrisico!

    Deïnstalleren dus.

    Adobe Reader 9.3: http://get.adobe.com/nl
    eader/

    Na installatie klik je in de menubalk op Help en kies je voor Zoeken naar updates (dit om een geconstateerd veiligheidslek in de nieuwe reader weer te dichten!)


    Wil je van Adobe Reader af dan kan je bijv. kiezen voor de Foxit Reader of Sumatra PDF.



    Doe na het bovenstaande gedaan te hebben het volgende: een test, om te kijken hoe je huidige veiligheidssituatie is.

    Download naar je bureaublad [b:e9cf15687d].


    • Klik/dubbelklik op [b:e9cf15687d]SecurityCheck.exe[/b:e9cf15687d] en let op de instrukties in het zwarte vesnter.
    • Een Kladblok document genaamd [b:e9cf15687d]checkup.txt[/b:e9cf15687d] dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad.

    Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.

    Post de inhoud van [b:e9cf15687d]checkup.txt [/b:e9cf15687d]in je volgende post
    En doe er ook een aktueel HJT-log bij.
    Anoniem
    Anoniem
  • Results of screen317's Security Check version 0.99.1
    Windows XP Service Pack 3
    [b:448a06f57b]``````````````````````````````
    [u:448a06f57b]Antivirus/Firewall Check:[/u:448a06f57b][/b:448a06f57b]
    Windows Firewall Disabled!
    AVG Free 9.0
    ZoneAlarm
    Antivirus up to date!
    [b:448a06f57b]``````````````````````````````
    [u:448a06f57b]Anti-malware/Other Utilities Check:[/u:448a06f57b][/b:448a06f57b]
    Java(TM) 6 Update 17
    Java 2 Runtime Environment, SE v1.4.2_13
    Adobe Flash Player 10
    Adobe Reader 7.0.7 - Nederlands
    Anoniem
    Anoniem
  • Wat bedoel je nu hiermee "ik geef deze een schop terug naar degene die de herstel cd heeft"?

    Jouw Thinkpad heeft een blauwe knop, waarmee je o.a. ook kan kiezen voor Systeemherstel/herinstallatie.
    Dit vermits de recoverypartitie op je HD nog intact is.
    Anoniem
    Anoniem

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.

Gerelateerde vragen

We hebben je een e-mail gestuurd!

Oops… er ging wat mis.

Hoera, je account is nu geactiveerd!

Dit token is niet meer valide.

Wachtwoord vergeten?

Je aanvraag is verstuurd

Wachtwoord herstellen

Wachtwoord herstellen

Dit token is niet meer valide.

Je vraag is geplaatst!

Je antwoord is geplaatst!

Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord