Windows Update werkt niet meer

mswintie · 8 augustus 2012

OK. De PC is niet moeten herstarten.

Het is wel een hele boterham geworden ;-)

Asjeblief:

ComboFix 12-08-08.01 - Michael 08/08/2012 20:47:09.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.8086.6281 [GMT 2:00]

Gestart vanuit: c:\users\Michael\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\Roaming

c:\users\Michael\Internet Explorer.lnk

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-07-08 to 2012-08-08 ))))))))))))))))))))))))))))))

.

2012-08-08 07:01 . 2012-08-08 07:01 74703 ----a-w- c:\windows\SysWow64\mfc45.dll

2012-08-08 07:01 . 2012-08-08 07:02 -------- d-----w- c:\programdata\iolo

2012-08-08 07:01 . 2012-08-08 07:01 -------- d-----w- c:\program files (x86)\iolo

2012-08-07 20:33 . 2012-08-07 20:33 -------- d-----w- c:\programdata\Malwarebytes

2012-08-07 20:33 . 2012-08-07 20:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-08-07 20:33 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-07 09:25 . 2012-08-07 09:25 388096 ----a-r- c:\users\Michael\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-08-07 09:25 . 2012-08-07 09:25 -------- d-----w- c:\program files (x86)\Trend Micro

2012-08-07 08:29 . 2012-08-07 08:29 -------- d-----w- c:\users\Michael\AppData\Roaming\InstallShield

2012-08-07 08:29 . 2012-08-07 08:29 -------- d-----w- C:\swsetup

2012-08-07 08:19 . 2012-08-07 08:19 -------- d-----w- C:\bb26a787cc3116d973cbb6db

2012-08-07 07:56 . 2012-06-22 05:38 177144 ----a-w- c:\windows\system32\mfevtps.exe

2012-08-07 07:53 . 2012-08-07 07:53 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-08-07 07:53 . 2012-08-07 07:53 -------- d-----w- c:\program files (x86)\Oracle

2012-08-07 07:53 . 2012-07-05 20:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-08-07 07:48 . 2012-08-07 07:49 -------- d-----w- c:\users\McAfee

2012-08-07 07:37 . 2012-08-07 07:37 -------- d-----w- c:\windows\SysWow64\wbem\Logs

2012-08-07 07:23 . 2012-08-07 07:23 -------- d-----w- c:\users\Michael\AppData\Roaming\SUPERAntiSpyware.com

2012-08-07 07:16 . 2012-08-07 07:16 -------- d-----w- c:\program files (x86)\Citrix

2012-08-02 14:46 . 2012-08-02 14:46 -------- d-----w- c:\users\Michael\AppData\Roaming\SpeedyPC Software

2012-08-02 14:46 . 2012-08-02 14:46 -------- d-----w- c:\users\Michael\AppData\Roaming\DriverCure

2012-08-02 14:46 . 2012-08-02 15:03 -------- d-----w- c:\programdata\SpeedyPC Software

2012-08-02 07:51 . 2012-08-07 07:56 -------- d-----w- c:\programdata\McAfee

2012-08-02 07:30 . 2012-08-02 07:30 -------- d-----w- c:\programdata\Citrix

2012-08-02 07:29 . 2012-08-02 09:40 -------- d-----w- c:\users\Michael\AppData\Local\Citrix

2012-08-02 06:52 . 2012-06-05 07:37 256904 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys

2012-08-02 06:27 . 2012-08-02 06:27 -------- d-----w- c:\users\Michael\AppData\Roaming\McAfee

2012-07-31 05:58 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{78432234-2B54-4C1C-A764-F1DA14FA081C}\mpengine.dll

2012-07-28 11:30 . 2012-07-28 11:30 -------- d-----w- c:\users\Michael\AppData\Roaming\NVIDIA

2012-07-28 11:13 . 2012-07-28 11:14 -------- d--h--w- c:\windows\msdownld.tmp

2012-07-28 10:58 . 2012-07-28 10:58 -------- d-----w- c:\program files (x86)\Team JPN

2012-07-23 18:02 . 2012-07-23 18:02 -------- d-----w- c:\users\Michael\AppData\Roaming\Anvsoft

2012-07-23 18:02 . 2012-07-23 18:02 -------- d-----w- c:\program files (x86)\Funny Photo Maker

2012-07-21 15:14 . 2012-07-21 15:14 -------- d-----w- c:\program files (x86)\Elaborate Bytes

2012-07-21 15:14 . 2012-07-21 15:14 -------- d--h--w- c:\programdata\Common Files

2012-07-21 10:15 . 2012-07-21 10:15 -------- d-----w- c:\users\Michael\AppData\Local\Garmin

2012-07-21 10:15 . 2012-07-21 10:15 -------- d-----w- c:\users\Michael\AppData\Local\GARMIN_Corp

2012-07-11 21:02 . 2011-12-07 17:32 216064 ----a-w- c:\windows\SysWow64\lagarith.dll

2012-07-11 21:02 . 2011-06-24 14:44 243200 ----a-w- c:\windows\SysWow64\xvidvfw.dll

2012-07-11 21:02 . 2011-06-24 14:28 650752 ----a-w- c:\windows\SysWow64\xvidcore.dll

2012-07-11 21:02 . 2011-12-21 17:14 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm

2012-07-11 21:02 . 2012-07-11 18:00 79872 ----a-w- c:\windows\SysWow64\ff_vfw.dll

2012-07-11 20:58 . 2012-07-15 12:10 -------- d-----w- c:\users\Michael\AppData\Roaming\Realtek

2012-07-10 18:55 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-08 18:40 . 2012-02-12 18:27 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat

2012-08-07 09:28 . 2012-04-14 07:37 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-07 09:28 . 2011-12-02 07:08 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-13 05:55 . 2011-12-09 14:45 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-06-22 05:38 . 2012-06-22 05:38 335784 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2012-06-22 05:36 . 2012-06-22 05:36 752672 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2012-06-09 17:21 . 2011-12-05 16:01 178688 ----a-w- c:\windows\SysWow64\unrar.dll

2012-06-02 22:19 . 2012-06-22 05:51 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-22 05:52 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-22 05:52 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-22 05:52 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-22 05:51 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-22 05:52 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-22 05:51 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 13:19 . 2012-06-22 05:51 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 13:15 . 2012-06-22 05:51 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-05-31 10:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\atapi.sys

.

[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\asyncmac.sys

.

[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\kbdclass.sys

.

[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\ndis.sys

.

[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\ntfs.sys

.

[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\null.sys

.

[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\tcpip.sys

.

[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\tdx.sys

.

[7] 2012-05-04 . A37A39568C8EC9A17D1B7471445B81A8 . 3916656 . . [6.1.7601.21987] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21987_none_6e78bf732bb8d24e\ntoskrnl.exe

[7] 2012-05-04 . 53483A0B2DE3617E832F1DBAF9620F39 . 3913072 . . [6.1.7601.17835] .. c:\windows\erdnt\cache86\ntoskrnl.exe

[7] 2012-05-04 . 53483A0B2DE3617E832F1DBAF9620F39 . 3913072 . . [6.1.7601.17835] .. c:\windows\SysWOW64\ntoskrnl.exe

[7] 2012-05-04 . 53483A0B2DE3617E832F1DBAF9620F39 . 3913072 . . [6.1.7601.17835] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17835_none_6e2331b012747421\ntoskrnl.exe

[7] 2012-03-31 . 28F44480E411C3DDF04B63F6560E6EF4 . 3913072 . . [6.1.7601.17803] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_6e41a0e0125deda0\ntoskrnl.exe

[7] 2012-03-31 . 2E02A17E8965AD671E4987E503AD38B1 . 3916656 . . [6.1.7601.21955] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_6e972ea32ba24bcd\ntoskrnl.exe

[7] 2012-03-06 . 53B4BDEA12A032EEC71E60B6BFF42F37 . 3913072 . . [6.1.7601.17790] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17790_none_6ddd4ed012a99fed\ntoskrnl.exe

[7] 2012-03-06 . 57B7DE30C4E65AD19CA13AC3065EE60B . 3916656 . . [6.1.7601.21936] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21936_none_6eadcec52b912d42\ntoskrnl.exe

[7] 2011-12-02 . FB58ABD5E1F75A2CF713C9DFF0EC0804 . 3912576 . . [6.1.7601.17640] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_6e135c8612811711\ntoskrnl.exe

[7] 2011-12-02 . 90EFDB506F6140EEA9DEE398D9449D86 . 3912576 . . [6.1.7601.21755] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_6e972ad72ba2517f\ntoskrnl.exe

[7] 2011-11-19 . F0F0E99A65F598A1A7720F5111C4DA8F . 3913584 . . [6.1.7601.17727] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7\ntoskrnl.exe

[7] 2011-11-19 . 00B12EA93ED392FBD09F07B63E926647 . 3916656 . . [6.1.7601.21863] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_6e8a5c3d2bac37e9\ntoskrnl.exe

[7] 2010-11-21 . 2088D9994332583EDB3C561DE31EA5AD . 3911040 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntoskrnl.exe

[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\ntoskrnl.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

.

R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-06-22 335784]

R1 SASDIFSV;SASDIFSV;c:\users\Michael\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]

R1 SAS***IL;SAS***IL;c:\users\Michael\AppData\Local\Temp\SAS_SelfExtract\SAS***IL64.SYS [x]

R1 uonluwye;uonluwye;c:\windows\system32\drivers\uonluwye.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update-service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-11 136176]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-06-22 177144]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]

R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-07 250056]

R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]

R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-11 136176]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-09-16 340240]

R3 NETMD760;Net MD;c:\windows\system32\Drivers\NETMD760.sys [x]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [x]

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-06 1255736]

R3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

R4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-17 1999168]

R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-16 380224]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/12/05 17:08];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-15 1166848]

S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]

S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]

S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]

S2 CronService;Cron Service for Prey;c:\program files\Prey\platform\windows\cronsvc.exe [2011-02-15 19968]

S2 DfSdkS;Defragmentation-Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2008-12-17 410976]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-09-23 641832]

S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-09-22 1692480]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-11-23 2118976]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]

S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtuele adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]

S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [x]

S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]

S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]

S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows 7 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [x]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

--- Andere Services/Drivers In Geheugen ---

.

*Deregistered* - da2c1cad348cf36f

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Inhoud van de 'Gedeelde Taken' map

.

2012-08-08 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-07 09:28]

.

2012-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-11 11:15]

.

2012-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-11 11:15]

.

2012-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4175197894-823669262-2136076139-1002Core.job

- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-05 15:06]

.

2012-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4175197894-823669262-2136076139-1002UA.job

- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-05 15:06]

.

2012-07-25 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]

.

2012-08-08 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.be/

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 195.130.131.3 195.130.130.131

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

AddRemove-McAfee Virtual Technician - c:\program files (x86)\McAfee\Supportability\MVT\MVTInstaller.exe

AddRemove-eType - c:\users\Michael\AppData\Roaming\eType\eTypeUninstall.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]

"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\da2c1cad348cf36f]

"ImagePath"="\SystemRoot\System32\Drivers\da2c1cad348cf36f.sys"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-08-08 20:54:01

ComboFix-quarantined-files.txt 2012-08-08 18:54

.

Pre-Run: 460.566.319.104 bytes beschikbaar

Post-Run: 460.614.385.664 bytes beschikbaar

.

- - End Of File - - 8021F94DF42AC0FB746C2C4AE412338A

kweezie wabbit · 10 augustus 2012

Open een nieuw kladblokbestand.

Maak een scriptje

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

C:\bb26a787cc3116d973cbb6db

File::

c:\windows\system32\drivers\uonluwye.sys

Driver::

uonluwye

Registry::

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\da2c1cad348cf36f]

Sla dit bestand op je bureaublad op als CFScript

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht

mswintie · 10 augustus 2012

Ziehier het volgende log-bestandje:

ComboFix 12-08-09.01 - Michael 10/08/2012 7:50.2.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.8086.6463 [GMT 2:00]

Gestart vanuit: c:\users\Michael\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Michael\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\system32\drivers\uonluwye.sys"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\bb26a787cc3116d973cbb6db

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_uonluwye

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-07-10 to 2012-08-10 ))))))))))))))))))))))))))))))

.

2012-08-10 05:54 . 2012-08-10 05:54 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-08-10 05:54 . 2012-08-10 05:54 -------- d-----w- c:\users\Default\AppData\Local\temp