Mededeling

Collapse
No announcement yet.

Kan KB2481109: Beveiligingsupdate voor Windows XP niet installeren

Collapse
This topic is closed.
X
X
 
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Kan KB2481109: Beveiligingsupdate voor Windows XP niet installeren

    beste mensen,
    hierna volgen de vereiste logs van
    • MBAM
    • AdwCleaner (komt nog)
    • DDS * (E-Peek)
    • Gmer *


    kunt u mij vertellen waarom ik KB2481109 niet kan installeren? Bedankt.

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 23-2-2015
    Scan Time: 2:03:07
    Logfile:
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.02.20.06
    Rootkit Database: v2015.02.20.01
    License: Premium
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: Konings

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 308333
    Time Elapsed: 14 min, 47 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)


    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.45.2
    Run by Konings at 11:29:00 on 2015-02-19
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.1023.611 [GMT 1:00]
    .
    .
    ============== Running Processes ================
    .
    C:\Documents and Settings\All Users\Application Data\WindowsMangerProtect\ProtectWindowsManager.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Documents and Settings\Konings\Application Data\81231728-1424173084-11DA-A4EF-393EAE2703F8\nsv115.tmp
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Sitecom\Common\RegistryWriter.exe
    C:\WINDOWS\system32\scardsvr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\Konings\Application Data\81231728-1424173084-11DA-A4EF-393EAE2703F8\JOSrv.exe
    C:\Documents and Settings\Konings\Application Data\SoftwareUpdater\SUsrv.exe
    C:\Program Files\EmvSmartCardReader\SmartMON.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\LuckyTab\LuckyTab.exe
    C:\Program Files\mbot_nl_197\mbot_nl_197.exe
    C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    C:\Documents and Settings\Konings\Local Settings\Application Data\mbot_nl_197\upmbot_nl_197.exe
    C:\WINDOWS\system32\ctfmon.exe
    L:\ToolKit\puuwgqru.exe
    C:\Documents and Settings\Konings\Application Data\SoftwareUpdater\SoftwareUpdater.exe
    C:\Documents and Settings\Konings\Application Data\SoftwareUpdater\UpdateNotifier.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.conduit.com/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP9F38F0A4-1B28-4F29-835E-FFEF6D9F735B&SSPV=
    uSearch Bar = hxxp://www.google.nl/ie
    uSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1424169020&from=exp&uid=WDCXWD2000JD-60KLB0_WD-WCAMT132546225462&q={searchTerms}
    uDefault_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1424169020&from=exp&uid=WDCXWD2000JD-60KLB0_WD-WCAMT132546225462
    uDefault_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1424169020&from=exp&uid=WDCXWD2000JD-60KLB0_WD-WCAMT132546225462&q={searchTerms}
    mStart Page = hxxp://istart.webssearches.com/?type=hp&ts=1424169020&from=exp&uid=WDCXWD2000JD-60KLB0_WD-WCAMT132546225462
    mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1424169020&from=exp&uid=WDCXWD2000JD-60KLB0_WD-WCAMT132546225462&q={searchTerms}
    mDefault_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1424169020&from=exp&uid=WDCXWD2000JD-60KLB0_WD-WCAMT132546225462
    mDefault_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1424169020&from=exp&uid=WDCXWD2000JD-60KLB0_WD-WCAMT132546225462&q={searchTerms}
    mSearchAssistant = hxxp://www.google.nl/
    mWinlogon: SFCDisable = dword:-99
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Windows Live Aanmelden - Help: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [AdobeBridge] <no file>
    mRun: [SmartMon] c:\program files\emvsmartcardreader\SmartMON.exe
    mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE -startup
    mRun: [mbot_nl_197] "c:\program files\mbot_nl_197\mbot_nl_197.exe"
    mRun: [upmbot_nl_197.exe] c:\documents and settings\konings\local settings\application data\mbot_nl_197\upmbot_nl_197.exe -runhelper
    mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
    dRun: [VisualTaskTips] c:\program files\utilities\visualtasktips\VisualTaskTips.exe
    dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-Explorer: NoSMConfigurePrograms = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoSMConfigurePrograms = dword:1
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{1A8F087C-653E-4428-AE3F-2BF475946DC0} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{9F9C4E04-9650-44A5-AD1A-356C6059CBDB} : DHCPNameServer = 192.168.0.1
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\40.0.2214.111\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    Hosts: 127.0.0.1 sls.microsoft.com
    Hosts: 127.0.0.1 mpa.one.microsoft.com
    Hosts: 127.0.0.1 genuine.microsoft.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\konings\application data\mozilla\firefox\profiles\dzg5buem.default\
    FF - prefs.js: browser.search.selectedEngine - webssearches
    FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\update\1.3.26.9\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
    FF - plugin: c:\windows\system32\adobe\director\np32dsw_1166636.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_152.dll
    .
    ---- FIREFOX POLICIES ----
    .
    FF - user.js: extensions.shownSelectionUI - true
    .
    .
    .
    .
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amdide1;amdide1;c:\windows\system32\drivers\amdide1.sys [2010-4-27 9096]
    R1 {326e0409-6d74-43cf-a555-02a7d66ba8fc}Gt;{326e0409-6d74-43cf-a555-02a7d66ba8fc}Gt;c:\windows\system32\drivers\{326e0409-6d74-43cf-a555-02a7d66ba8fc}Gt.sys [2015-2-17 55816]
    R1 {4dcee693-8029-40a0-baf9-b51173f024d8}Gt;{4dcee693-8029-40a0-baf9-b51173f024d8}Gt;c:\windows\system32\drivers\{4dcee693-8029-40a0-baf9-b51173f024d8}Gt.sys [2015-2-17 55816]
    R2 gupigiby;Forum Notification;c:\documents and settings\konings\application data\81231728-1424173084-11da-a4ef-393eae2703f8\nsv115.tmp [2015-2-18 223744]
    R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2010-6-6 3712]
    R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\sitecom\common\RegistryWriter.exe [2010-6-6 69632]
    R2 serverjo;JO Service component;c:\documents and settings\konings\application data\81231728-1424173084-11da-a4ef-393eae2703f8\JOSrv.exe [2015-2-17 128000]
    R2 serversu;SU Service component;c:\documents and settings\konings\application data\softwareupdater\SUsrv.exe [2015-2-17 85504]
    R2 WindowsMangerProtect;WindowsMangerProtect Service;c:\documents and settings\all users\application data\windowsmangerprotect\protectwindowsmanager.exe -service --> c:\documents and settings\all users\application data\windowsmangerprotect\ProtectWindowsManager.exe -service [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-4-16 803328]
    S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-15 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
    .
    =============== Created Last 30 ================
    .
    2015-02-19 10:26:20 -------- d-----w- c:\windows\pss
    2015-02-19 10:10:58 -------- d-----w- c:\documents and settings\all users\application data\3222621244
    2015-02-19 10:01:45 -------- d-----w- c:\documents and settings\all users\application data\Nero
    2015-02-17 22:12:51 55816 ----a-w- c:\windows\system32\drivers\{4dcee693-8029-40a0-baf9-b51173f024d8}Gt.sys
    2015-02-17 11:59:59 -------- d-----w- c:\windows\system32\Flash
    2015-02-17 11:56:46 628496 ----a-w- c:\documents and settings\konings\local settings\application data\nsg242.tmp
    2015-02-17 11:56:44 -------- d-sh--w- c:\documents and settings\konings\application data\AnyProtectEx
    2015-02-17 10:53:40 55816 ----a-w- c:\windows\system32\drivers\{326e0409-6d74-43cf-a555-02a7d66ba8fc}Gt.sys
    2015-02-17 10:51:46 -------- d-----w- c:\documents and settings\konings\local settings\application data\Temp
    2015-02-17 10:47:06 -------- d-----w- c:\program files\Network and Internet tools
    2015-02-17 10:46:50 -------- d-----w- c:\program files\IGS
    2015-02-17 10:45:49 -------- d-----w- c:\documents and settings\konings\application data\SoftwareUpdater
    2015-02-17 10:43:06 -------- d-----w- c:\documents and settings\all users\application data\15832705243595660939
    2015-02-17 10:40:48 -------- d-----w- c:\documents and settings\all users\application data\egemgokkcmmodpekaeeblchilejbnapo
    2015-02-17 10:38:04 -------- d-----w- c:\documents and settings\konings\application data\81231728-1424173084-11DA-A4EF-393EAE2703F8
    2015-02-17 10:35:20 -------- d-----w- c:\documents and settings\all users\application data\WindowsMangerProtect
    2015-02-17 10:34:24 -------- d-----w- c:\documents and settings\konings\local settings\application data\mbot_nl_197
    2015-02-17 10:34:03 318616 ----a-w- c:\windows\system32\ColorMedia.dll
    2015-02-17 10:34:01 -------- d-----w- c:\program files\mbot_nl_197
    2015-02-17 10:32:27 -------- d-----w- c:\documents and settings\all users\application data\gofoehmbinmlhjgabldefknngofpeehp
    2015-02-17 10:31:45 -------- d-----w- c:\documents and settings\all users\application data\869b78dd0a6f49f08fdae40c91a846c4
    2015-02-17 10:29:45 -------- d-----w- c:\documents and settings\all users\application data\c7f09c43e9f44ab0b07d47a7eeea0f56
    2015-02-17 10:28:48 -------- d-----w- c:\program files\LuckyTab
    .
    ==================== Find3M ====================
    .
    2014-05-08 13:43:23 0 ----a-w- c:\program files\GUM6F.tmp
    .
    ============= FINISH: 11:30:27,43 ===============



    GMER 2.1.19357 - http://www.gmer.net
    Rootkit quick scan 2015-02-23 13:14:18
    Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 WDC_WD2000JD-60KLB0 rev.08.05J08 186,31GB
    Running: kq9lec37.exe; Driver: C:\DOCUME~1\Konings\LOCALS~1\Temp\pxtdrpow.sys


    ---- System - GMER 2.1 ----

    SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateKey [0xF2E7CAD1]
    SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xF2E7C93C]

    ---- Devices - GMER 2.1 ----

    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys

    ---- EOF - GMER 2.1 ----

  • #2
    Een paar opmerkingen:

    Je werkt met een OS dat niet meer ondersteund wordt: XP

    Dit OS behandelen op malware is hetzelfde als dweilen met de kraan open. Nutteloos dus

    Een paar mogelijkheden opgesomd:

    - Of je koopt een nieuwe pc (ik kan me niet indenken dat een pc die draait op een XP geschikt is voor W 8.1)

    - Of je zet je XP machine offline. Dus niet aan het internet (dus ook niet verbonden met andere pc's via een router die wél op het internet kunnen).

    - Of (en dat is eveneens een mogelijkheid) je zet er Linux op (desnoods met Wine = Windows omgeving).
    Last edited by Emphyrio; 23-02-15, 12:29.
    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

    Comment

    Working...
    X