GEERT805

6 april 2013

Sorry il was er even tussen uit probleem is opgelost

30 maart 2013

KB2468871

KB2487367

KB2533523

KB2600217

KB2656351

De updates staan wel degelijk als geinstaleerd tussen de updates van ms

30 maart 2013

Hey

de updtars blijven nog steeds terug komen.

29 maart 2013

ComboFix 13-03-28.01 - stefanie 29/03/2013 10:50:45.2.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.2038.1076 [GMT 1:00]

Gestart vanuit: c:\users\stefanie\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\stefanie\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Application Updater

c:\program files\Application Updater\ApplicationUpdater.exe

c:\program files\Application Updater\config.ini

c:\program files\YTD Toolbar

c:\program files\YTD Toolbar\IE\7.0\config.ini

c:\program files\YTD Toolbar\IE\7.0\ytdToolbarIE.dll

c:\program files\YTD Toolbar\Res\amazon.gif

c:\program files\YTD Toolbar\Res\dailymotion.gif

c:\program files\YTD Toolbar\Res\ebay.gif

c:\program files\YTD Toolbar\Res\facebook.gif

c:\program files\YTD Toolbar\Res\googleplus.gif

c:\program files\YTD Toolbar\Res\hulu.gif

c:\program files\YTD Toolbar\Res\icon_settings.gif

c:\program files\YTD Toolbar\Res\Lang\res1031.ini

c:\program files\YTD Toolbar\Res\Lang\res1033.ini

c:\program files\YTD Toolbar\Res\Lang\res1034.ini

c:\program files\YTD Toolbar\Res\Lang\res1036.ini

c:\program files\YTD Toolbar\Res\Lang\res1040.ini

c:\program files\YTD Toolbar\Res\metacafe.gif

c:\program files\YTD Toolbar\Res\radio-close.gif

c:\program files\YTD Toolbar\Res\radio-minimize.gif

c:\program files\YTD Toolbar\Res\radiobeta.gif

c:\program files\YTD Toolbar\Res\search-button-hover.gif

c:\program files\YTD Toolbar\Res\search-button.gif

c:\program files\YTD Toolbar\Res\search-chevron-hover.gif

c:\program files\YTD Toolbar\Res\search-chevron.gif

c:\program files\YTD Toolbar\Res\search_amazon.gif

c:\program files\YTD Toolbar\Res\search_baidu.gif

c:\program files\YTD Toolbar\Res\search_ebay.gif

c:\program files\YTD Toolbar\Res\search_yahoo.gif

c:\program files\YTD Toolbar\Res\search_yandex.gif

c:\program files\YTD Toolbar\Res\search_youtube.gif

c:\program files\YTD Toolbar\Res\twitter.gif

c:\program files\YTD Toolbar\Res\veoh.gif

c:\program files\YTD Toolbar\Res\widgets.xml

c:\program files\YTD Toolbar\Res\youtube.gif

c:\program files\YTD Toolbar\Res\ytd.gif

c:\program files\YTD Toolbar\Res\ytd_logo.gif

c:\program files\YTD Toolbar\Res\ytd_logo_hover.gif

c:\program files\YTD Toolbar\WidgiHelper.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_Application Updater

.

(((((((((((((((((((( Bestanden Gemaakt van 2013-02-28 to 2013-03-29 ))))))))))))))))))))))))))))))

.

2013-03-29 10:24 . 2013-03-29 10:24 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{573363EC-A6A9-4F14-AF99-203D1D89A0DE}\MpKsl79412fe7.sys

2013-03-29 10:20 . 2013-03-29 10:20 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-03-29 09:50 . 2013-03-29 09:50 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{573363EC-A6A9-4F14-AF99-203D1D89A0DE}\MpKsl1a46dfd5.sys

2013-03-29 08:04 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{573363EC-A6A9-4F14-AF99-203D1D89A0DE}\mpengine.dll

2013-03-27 19:37 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-03-25 09:27 . 2013-03-25 09:27 388096 ----a-r- c:\users\stefanie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2013-03-25 09:27 . 2013-03-25 09:27 -------- d-----w- c:\program files\Trend Micro

2013-03-25 09:11 . 2013-03-25 09:11 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-03-25 09:11 . 2013-03-25 09:11 -------- d-----w- c:\program files\Java

2013-03-22 21:12 . 2013-03-22 21:12 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-03-22 21:09 . 2012-08-24 17:05 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2013-03-22 21:09 . 2012-08-24 17:02 369856 ----a-w- c:\windows\system32\drivers\cng.sys

2013-03-22 21:09 . 2012-08-24 16:57 247808 ----a-w- c:\windows\system32\schannel.dll

2013-03-22 21:09 . 2012-08-24 16:56 1039360 ----a-w- c:\windows\system32\lsasrv.dll

2013-03-22 21:08 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-03-22 21:05 . 2012-11-28 18:03 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F763604D-D6BA-406D-9D03-A94D2275ABE8}\gapaengine.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-03-25 09:11 . 2012-07-03 19:40 861088 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-03-25 09:11 . 2012-07-03 19:40 782240 ----a-w- c:\windows\system32\deployJava1.dll

2013-03-13 10:38 . 2012-04-28 19:58 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-03-13 10:38 . 2012-04-28 19:58 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-02-12 04:48 . 2013-03-13 10:56 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-02-12 04:48 . 2013-03-13 10:56 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-01-30 10:53 . 2012-04-28 20:10 232336 ------w- c:\windows\system32\MpSigStub.exe

2013-01-20 14:59 . 2013-01-20 14:59 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2013-01-20 14:59 . 2012-03-20 18:44 100328 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2013-01-05 05:00 . 2013-02-13 18:39 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-01-05 05:00 . 2013-02-13 18:38 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-01-04 04:50 . 2013-02-13 18:38 169984 ----a-w- c:\windows\system32\winsrv.dll

2013-01-04 03:00 . 2013-02-13 18:39 2347008 ----a-w- c:\windows\system32\win32k.sys

2013-01-03 05:05 . 2013-02-13 18:38 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-01-03 05:04 . 2013-02-13 18:38 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2013-02-26 18:36 220632 ----a-w- c:\users\stefanie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2013-02-26 18:36 220632 ----a-w- c:\users\stefanie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2013-02-26 18:36 220632 ----a-w- c:\users\stefanie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\SkyDriveShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

"Spotify"="c:\users\stefanie\AppData\Roaming\Spotify\Spotify.exe" [2012-10-26 7880664]

"Spotify Web Helper"="c:\users\stefanie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-26 1199576]

"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-07-16 975800]

"Facebook Update"="c:\users\stefanie\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-10 138096]

"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-12-21 1090040]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18708224]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-07-16 3524536]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 MpKsl1a46dfd5;MpKsl1a46dfd5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{573363EC-A6A9-4F14-AF99-203D1D89A0DE}\MpKsl1a46dfd5.sys [x]

S1 MpKsl79412fe7;MpKsl79412fe7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{573363EC-A6A9-4F14-AF99-203D1D89A0DE}\MpKsl79412fe7.sys [x]

S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

S3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - MPKSL79412FE7

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc

GPSvcGroup REG_MULTI_SZ GPSvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-03-15 20:29 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2013-03-29 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 10:38]

.

2013-03-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2381401793-2272292330-2518124029-1001Core.job

- c:\users\stefanie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-10 18:51]

.

2013-03-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2381401793-2272292330-2518124029-1001UA.job

- c:\users\stefanie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-10 18:51]

.

2013-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-26 10:37]

.

2013-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-26 10:37]

.

------- Bijkomende Scan -------

.

uStart Page = https://www.google.be/

TCP: DhcpNameServer = 195.130.131.130 195.130.130.2

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-2381401793-2272292330-2518124029-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-2381401793-2272292330-2518124029-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Microsoft Security Client\MsMpEng.exe

c:\windows\system32\taskhost.exe

c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\conhost.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\PC Connectivity Solution\ServiceLayer.exe

c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe

c:\program files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe

c:\windows\system32\DllHost.exe

c:\windows\system32\sppsvc.exe

c:\program files\Internet Explorer\iexplore.exe

.

**************************************************************************

.

Voltooingstijd: 2013-03-29 11:27:50 - machine werd herstart

ComboFix-quarantined-files.txt 2013-03-29 10:27

ComboFix2.txt 2013-03-27 11:26

.

Pre-Run: 167.753.379.840 bytes beschikbaar

Post-Run: 167.594.176.512 bytes beschikbaar

.

- - End Of File - - 4EBD4583C769EAFD97868E3F3675F794

27 maart 2013

ComboFix 13-03-27.01 - stefanie 27/03/2013 12:11:12.1.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.2038.977 [GMT 1:00]

Gestart vanuit: c:\users\stefanie\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\install.exe

c:\program files\BrowserCompanion

c:\program files\BrowserCompanion\BCHelper.exe

c:\program files\BrowserCompanion\blabbers-ch.crx

c:\program files\BrowserCompanion\logo.ico

c:\program files\BrowserCompanion\sqlite3.dll

c:\program files\SavingsApp

c:\program files\SavingsApp\SavingsApp.dll

c:\program files\SavingsApp\SavingsApp.exe

c:\program files\SavingsApp\SavingsApp.ico

c:\program files\SavingsApp\SavingsApp.ini

c:\program files\SavingsApp\SavingsAppGui.exe

c:\program files\SavingsApp\SavingsAppInstaller.log

c:\program files\SavingsApp\Uninstall.exe

c:\users\stefanie\3456062.dll

c:\users\stefanie\3483875.dll

.

(((((((((((((((((((( Bestanden Gemaakt van 2013-02-27 to 2013-03-27 ))))))))))))))))))))))))))))))

.

2013-03-27 11:22 . 2013-03-27 11:22 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-03-27 11:07 . 2013-03-27 11:07 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6417AA7D-EA3F-4B32-9928-C20C8285A6E1}\MpKslb5bf66f2.sys

2013-03-27 09:57 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6417AA7D-EA3F-4B32-9928-C20C8285A6E1}\mpengine.dll

2013-03-26 18:22 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll