HD is ok.Ik heb ComboFix eens laten draaien.Na herstart vecht de pc nog voor zijn leven.Het bureaublad is nu wel een oude foto,mij onbekend,oud geklede dame op stenen zitbank.Evtl een log:
ComboFix 13-12-17.02 - he 18/12/2013 14:41:50.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.479.215 [GMT 1:00]
Gestart vanuit: e:\herman\Mijn documenten\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\he\Application Data\SwvUpdater
c:\documents and settings\he\Application Data\SwvUpdater\status.cfg
c:\documents and settings\he\Application Data\SwvUpdater\Updater.xml
c:\documents and settings\he\WINDOWS
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf
c:\windows\IsUn0413.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2013-11-18 to 2013-12-18 ))))))))))))))))))))))))))))))
.
.
2013-12-18 10:25 . 2013-12-18 10:25 -------- d-----w- c:\documents and settings\he\Application Data\DriverCure
2013-12-18 10:18 . 2013-12-18 10:18 -------- d-----w- c:\documents and settings\he\Application Data\spotmau
2013-12-18 10:18 . 2013-12-18 12:54 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp360
2013-12-18 10:18 . 2013-12-18 10:18 -------- d-----w- c:\program files\Wondershare
2013-12-14 13:44 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2013-12-11 09:00 . 2013-12-11 09:00 -------- d-----w- c:\program files\HD Tune
2013-12-09 08:27 . 2001-08-17 20:47 6272 -c--a-w- c:\windows\system32\dllcache\apmbatt.sys
2013-12-09 08:27 . 2002-08-28 21:59 36224 -c--a-w- c:\windows\system32\dllcache\an983.sys
2013-12-09 08:27 . 2001-08-17 20:52 12032 -c--a-w- c:\windows\system32\dllcache\amsint.sys
2013-12-09 08:27 . 2001-08-17 20:51 5248 -c--a-w- c:\windows\system32\dllcache\aliide.sys
2013-12-09 08:27 . 2001-08-17 20:49 26624 -c--a-w- c:\windows\system32\dllcache\alifir.sys
2013-12-09 08:27 . 2001-08-17 19:11 16969 -c--a-w- c:\windows\system32\dllcache\amb8002.sys
2013-12-09 08:27 . 2001-08-17 21:07 56960 -c--a-w- c:\windows\system32\dllcache\aic78xx.sys
2013-12-09 08:27 . 2001-08-17 19:11 27678 -c--a-w- c:\windows\system32\dllcache\ali5261.sys
2013-12-09 08:27 . 2001-08-17 21:07 55168 -c--a-w- c:\windows\system32\dllcache\aic78u2.sys
2013-12-09 08:27 . 2001-08-17 20:52 12800 -c--a-w- c:\windows\system32\dllcache\aha154x.sys
2013-12-09 08:25 . 2001-09-06 20:26 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2013-12-08 13:58 . 2013-12-08 13:58 -------- d-----w- c:\documents and settings\he\.android
2013-12-08 13:58 . 2013-12-09 08:24 -------- d-----w- c:\documents and settings\he\Local Settings\Application Data\cache
2013-12-08 13:57 . 2013-12-18 12:59 -------- d-----w- c:\documents and settings\he\Application Data\newnext.me
2013-12-08 13:57 . 2013-12-08 13:57 -------- d-----w- c:\documents and settings\he\Local Settings\Application Data\genienext
2013-12-08 13:57 . 2013-12-11 08:53 -------- d-----w- c:\documents and settings\he\Local Settings\Application Data\Mobogenie
2013-12-08 13:54 . 2013-12-11 08:53 -------- d-----w- c:\program files\Mobogenie
2013-12-08 13:54 . 2013-12-11 08:36 -------- d-----w- c:\program files\Bizzybolt
2013-12-08 11:18 . 2013-12-11 11:04 -------- d--h--r- c:\documents and settings\he\Onlangs geopend
2013-12-08 11:13 . 2013-12-08 13:09 -------- d-----w- c:\program files\VS Revo Group
2013-12-08 11:02 . 2013-12-08 11:02 -------- d-----w- c:\windows\ERUNT
2013-12-07 14:42 . 2013-12-07 14:42 388096 ----a-r- c:\documents and settings\he\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-12-07 14:42 . 2013-12-07 14:42 -------- d-----w- c:\program files\Trend Micro
2013-12-07 14:00 . 2013-12-07 14:00 -------- d-----w- c:\documents and settings\All Users\Application Data\CDB
2013-12-07 13:21 . 2013-12-07 13:20 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-12-07 13:20 . 2013-12-07 13:20 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-12-04 09:58 . 2013-12-04 09:58 -------- d-----w- c:\documents and settings\he\Application Data\ParetoLogic
2013-12-04 09:58 . 2013-12-18 10:32 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2013-12-01 15:31 . 2013-12-01 15:31 -------- d-----w- c:\documents and settings\he\Application Data\Avira
2013-12-01 15:24 . 2013-12-18 09:15 90400 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-12-01 15:24 . 2013-12-18 09:15 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-12-01 15:24 . 2013-12-18 09:15 137208 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-12-01 15:24 . 2013-12-01 15:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2013-12-01 15:24 . 2013-12-01 15:24 -------- d-----w- c:\program files\Avira
2013-11-24 16:24 . 2008-04-14 17:02 16439 -c--a-w- c:\windows\system32\dllcache\admin.exe
2013-11-24 16:17 . 2013-11-24 16:17 -------- d-----w- c:\program files\DLLSuite
2013-11-24 16:08 . 2013-11-24 16:08 -------- d-----w- c:\windows\TempC8523F40-9DFB-BDD4-036B-3929352AC6E4-Signatures
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2013-12-07 14:21 . 2012-09-30 08:43 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-07 14:21 . 2012-09-30 08:43 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-19 02:33 . 2013-08-19 08:25 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-13 03:00 . 2003-04-08 12:00 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38 . 2004-03-06 02:19 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:36 . 2008-05-05 06:25 7680 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:51 . 2003-04-08 12:00 1879168 ----a-w- c:\windows\system32\win32k.sys
2013-10-29 07:45 . 2006-06-23 11:29 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 07:45 . 2003-04-08 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-29 07:45 . 2003-04-08 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-10-29 07:45 . 2003-04-08 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 00:48 . 2004-08-04 07:55 385024 ----a-w- c:\windows\system32\html.iec
2013-10-23 23:45 . 2003-04-08 12:00 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-10-12 15:57 . 2006-05-14 09:29 279040 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:13 . 2003-04-08 12:00 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 11:00 . 2002-09-23 13:11 606720 ----a-w- c:\windows\system32\crypt32.dll
2012-05-10 16:21 . 2012-05-10 16:16 3993600 ----a-w- c:\program files\GUT27.tmp
1997-07-21 17:30 1045776 --sha-w- c:\windows\system32\Msjet35.dll
1997-06-23 01:00 123664 --sha-w- c:\windows\system32\Msjint35.dll
1997-06-23 10:06 24848 --sha-w- c:\windows\system32\Msjter35.dll
1997-06-23 10:06 252176 --sha-w- c:\windows\system32\Msrd2x35.dll
1997-06-23 10:06 287504 --sha-w- c:\windows\system32\Msxbse35.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe" [2007-03-14 67128]
"NextLive"="c:\documents and settings\he\Application Data\newnext.me\nengine.dll" [2013-11-14 1283584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-02 4640768]
"nwiz"="nwiz.exe" [2003-05-02 323584]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 19968]
"LVCOMSX"="c:\windows\System32\LVCOMSX.EXE" [2004-02-25 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-02-25 454656]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-02-25 212992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-04-11 1085440]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-12-18 683576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 DiMaint;Eicon Maintenance-stuurprogramma;c:\windows\system32\drivers\disdn\d imaint.sys [23/11/2003 17:26 91305]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.s ys [1/12/2013 16:24 37352]
R2 AntiVirSchedulerService;Avira Planner;c:\program files\Avira\AntiVir Desktop\sched.exe [1/12/2013 16:24 440376]
R2 DiCapi;Eicon CAPI 2.0-stuurprogramma;c:\windows\system32\drivers\disdn\c api20.sys [23/11/2003 17:26 164923]
R3 DiWan;Eicon-stuurprogramma voor DIVA PnP-kaarten;c:\windows\system32\drivers\disdn\Diwan.sy s [23/11/2003 17:26 952007]
S1 MpKsl18cc2777;MpKsl18cc2777;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE94524D-356D-40A0-810C-D0C75062828A}\MpKsl18cc2777.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE94524D-356D-40A0-810C-D0C75062828A}\MpKsl18cc2777.sys [?]
S2 PIEUsb;Single Frame Film Scanner;c:\windows\system32\drivers\usbscan.sys [22/09/2004 14:48 14976]
S2 Update Bizzybolt;Update Bizzybolt;"c:\program files\Bizzybolt\updateBizzybolt.exe" --> c:\program files\Bizzybolt\updateBizzybolt.exe [?]
S2 Util Bizzybolt;Util Bizzybolt;"c:\program files\Bizzybolt\bin\utilBizzybolt.exe" --> c:\program files\Bizzybolt\bin\utilBizzybolt.exe [?]
S3 cpuz134;cpuz134;\??\c:\docume~1\he\LOCALS~1\Temp\c puz134\cpuz134_x32.sys --> c:\docume~1\he\LOCALS~1\Temp\cpuz134\cpuz134_x32.s ys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-07 13:00 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Insta ller\chrmstp.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2013-12-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\System32\Macromed\Flash\FlashPlayerUpda teService.exe [2012-09-30 14:21]
.
2013-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ceeb7 5b1a48bd8.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-08-19 11:39]
.
2013-12-18 c:\windows\Tasks\User_Feed_Synchronization-{4E4FBA21-4B44-4C50-980A-0CDB75E6D2B5}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://
www.google.com/
uSearchMigratedDefaultUrl = hxxp://
www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;localhost
TCP: DhcpNameServer = 195.130.131.4 195.130.130.132
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\he\Application Data\Mozilla\Firefox\Profiles\0c6gqmtq.default\
FF - ExtSQL: 2013-10-19 11:14; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
------- Bestandsassociaties -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{41564952-412D-5637-00A7-7A786E7484D7} - (no file)
HKLM-Run-mobilegeni daemon - c:\program files\Mobogenie\DaemonProcess.exe
HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
AddRemove-Adobe Photoshop Elements 2.0 - c:\windows\ISUN0413.EXE
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2013-12-18 14:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
mobilegeni daemon = c:\program files\Mobogenie\DaemonProcess.exe????????????????? ?????????????????????????????????????????????????? ??????????????????
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il32_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Voltooingstijd: 2013-12-18 14:53:32
ComboFix-quarantined-files.txt 2013-12-18 13:53
.
Pre-Run: 5.528.768.512 bytes beschikbaar
Post-Run: 6.301.802.496 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 66C6A039177C76FA34149D15F5E865AA
3051207086651214E435112E51817DC5