hoe kan ik Babylon en linkury verwijderen?

[Boem]

De computer is nu supertraag geworden. Hij geeft ook vaak een melding dat je gegeens via een onbeveiligde website bekeken gaan worden. Ben nu bezig met eset te scannen. Heeft tot nu toe al 3 infiltraties gevonden. Ben benieuwd wat er uitkomt. Ik zal het wel laten weten.

[kweezie wabbit]

Verwijder onderstaande vetgedrukt mappen

c:\documents and settings\Camilè\Application Data\PriceGong

c:\documents and settings\Camilè\Local Settings\Application Data\Conduit

Dit zijn verborgen mappen; je moet ze zichtbaar maken via de mapopties.

[Boem]

ok, dat heb ik gedaan. Maar ik krijg nog steeds iedere keer een melding als ik naar een pagina ga. Waar komt die melding vandaan?

BEVEILIGINGSWAARSCHUWING

U gaat pagina´s via een beveiligde verbinding weergeven.

De informatie die u met deze website uitwisselt, kan door niemand anders op internet worden bekeken.

Als ik dan weer naar een andere pagina ga, dan geeft ie hetzelfde aan alleen dan is het een onbeveiligde verbinding.

Verder is pc ontzettend traag geworden.

[kweezie wabbit]

Die melding komt van de beveiligingsinstellingen van de browser.

Als ik het goed heb, gebruik je internet explorer.

Open internet explorer

Ga naar extra - inernet opties en open de tab geavanceerd.

Scroll door de lijst tot je bij beveiliging komt.

Zoek dan de optie waarschuwen bij wisselen tussen beveiligde en niet beveiligde mode (warn if changing between secure and not secure mode) en vink deze uit.

Sluit de internet opties met de knop OK.

Heeft ESET nog wat gevonden?

Plaats ook eens een nieuw hijackthis logje.

[Boem]

eset had wel wat gevonden. Kan log er niet van laten zien. Had er een jpeg bestand van gemakt, maar die kan je hier niet plaatsen.

Hieronder een nieuwe hijack log.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:14:34, on 21-3-2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\malware\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\All Users\Application Data\tmt\ct0.exe

C:\Documents and Settings\All Users\Application Data\tmt\ct31.exe

C:\Program Files\Timeslot\tmt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\123webhost\FTP en uploaden\WsftpCOMHelper.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl - alles op een rijtje! (ook op mobiel)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: LinkAirBrowserHelper HistoryTriggerBHO - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Documents and Settings\Daphne\Mijn documenten\lg pc suite de echte\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [aaservice] "C:\Program Files/Timeslot/servicets.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [Magnify] Magnify.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [Magnify] Magnify.exe (User 'Default user')

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v911/Navigram.cab

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.opentopia.com/support/activex/AxisCamControl.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: AG Core Services (AGCoreService) - AG Interactive - C:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Google Updateservice (gupdate1c9ff3c93ad5260) (gupdate1c9ff3c93ad5260) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\malware\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--

End of file - 9070 bytes

[kweezie wabbit]

Niks abnormaal in dit logje.

Kan je combofix nog eens uitvoeren en het logje plaatsen.

Download en installeer Speccy.

Tijdens de installatie heb je nu de mogelijkheid om Nederlands als taal te selecteren.

Start nu het programma en er zal een overzicht gemaakt worden van je hardware.

Als dit gereed is selecteer je bovenaan " Bestand - Publiceer Snapshot " en vervolgens bevestig je die keuze met " Ja ".

In het venster dat nu opent krijg je een link te zien, kopieer nu die link en plak die in je volgende bericht.

Wil je in woord en beeld zien hoe je een logje van Speccy maakt en plaatst kun je dat Hier lezen.

Ook Dit (KLIK) filmpje laat zien hoe je een Speccy-logje kan plakken in je antwoord.

Na het plaatsen van je logje wordt dit door een expert nagekeken.

[Boem]

http://speccy.piriform.com/results/i4grWWXI18Y1MQP7B8hnWwk

combofix komt eraan

[Boem]

En hier het logje van combofix

Is het trouwens normaal dat de cpu 60 graden is?

ComboFix 12-03-17.01 - Daphne 22-03-2012 9:37.4.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1015.473 [GMT 1:00]

Gestart vanuit: c:\program files\ComboFix\ComboFix.exe

AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-02-22 to 2012-03-22 ))))))))))))))))))))))))))))))

.

.

2012-03-22 08:21 . 2012-03-22 08:29 -------- d-----w- c:\program files\speccy

2012-03-21 08:00 . 2012-03-21 15:53 -------- d--h--r- c:\documents and settings\Daphne\Onlangs geopend

2012-03-21 06:22 . 2012-03-21 06:24 1409 ----a-w- c:\windows\QTFont.for

2012-03-18 13:27 . 2012-03-18 13:27 -------- d-----w- c:\program files\ComboFix

2012-03-18 12:49 . 2012-03-18 12:49 -------- d-----w- c:\documents and settings\Administrator

2012-03-17 10:58 . 2012-03-17 13:24 -------- d-----w- c:\documents and settings\Camilè\Local Settings\Application Data\Freecorder

2012-03-16 21:56 . 2012-03-16 21:56 -------- d-----w- c:\documents and settings\Daphne\Local Settings\Application Data\LG Electronics

2012-03-16 18:59 . 2012-03-16 19:04 -------- d-----w- c:\documents and settings\Daphne\Local Settings\Application Data\Freecorder

2012-03-16 18:59 . 2012-03-16 18:59 -------- d-----w- c:\program files\Freecorder

2012-03-16 18:59 . 2012-03-16 18:59 -------- d-----w- c:\documents and settings\Daphne\Local Settings\Application Data\FLVService

2012-03-16 18:26 . 2012-03-16 18:26 -------- d-----w- c:\documents and settings\Daphne\Application Data\AVS4YOU

2012-03-16 18:22 . 2011-09-16 15:05 11137024 ----a-w- c:\windows\system32\libmfxsw32.dll

2012-03-16 18:22 . 2012-03-16 18:24 -------- d-----w- c:\program files\Common Files\AVSMedia

2012-03-16 18:22 . 2011-08-22 15:33 1700352 ----a-w- c:\windows\system32\GdiPlus.dll

2012-03-16 18:22 . 2012-03-16 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU

2012-03-16 18:22 . 2012-03-16 18:24 -------- d-----w- c:\program files\AVS4YOU

2012-03-16 18:18 . 2012-03-16 18:21 -------- d-----w- c:\program files\avs video converter

2012-03-16 09:25 . 2012-03-21 16:13 -------- d-----w- c:\program files\hijack this

2012-03-16 08:47 . 2012-03-16 08:47 -------- d-----w- c:\documents and settings\Daphne\Application Data\Malwarebytes

2012-03-16 08:46 . 2012-03-16 08:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-03-16 08:46 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-16 08:45 . 2012-03-16 08:46 -------- d-----w- c:\program files\malware

2012-03-15 22:21 . 2012-03-15 22:21 12872 ----a-w- c:\windows\system32\bootdelete.exe

2012-03-15 22:11 . 2012-03-15 22:11 -------- d-----w- c:\program files\HitmanPro

2012-03-15 22:10 . 2012-03-15 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro

2012-03-15 22:10 . 2012-03-15 22:10 -------- d-----w- c:\program files\hitman pro

2012-03-15 16:31 . 2012-03-15 16:31 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)

2012-03-15 16:31 . 2012-03-15 16:31 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)

2012-03-15 16:29 . 2012-03-21 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2012-03-15 16:29 . 2012-03-15 16:36 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-03-15 10:13 . 2012-03-15 16:09 -------- d-----w- c:\program files\Image Grabber II

2012-03-15 10:01 . 2012-03-15 10:01 -------- d-----w- c:\program files\image grabber 2

2012-03-13 20:31 . 2012-03-13 20:31 -------- d-----w- C:\ifx

2012-03-13 20:27 . 2012-03-14 11:26 -------- d-----w- C:\LG_USB

2012-03-13 20:25 . 2011-05-10 12:37 655872 ----a-w- c:\windows\system32\msvcr90.dll

2012-03-13 20:25 . 2011-05-10 12:37 568832 ----a-w- c:\windows\system32\msvcp90.dll

2012-03-13 20:25 . 2011-05-10 12:37 224768 ----a-w- c:\windows\system32\msvcm90.dll

2012-03-13 20:25 . 2005-10-04 00:39 44544 ----a-w- c:\windows\system32\msxml4a.dll

2012-03-13 20:25 . 2006-05-04 07:33 53248 ----a-w- c:\windows\system32\CommonDL.dll

2012-03-13 20:25 . 2012-03-14 11:24 -------- d-----w- c:\documents and settings\All Users\Application Data\LGMOBILEAX

2012-03-13 19:56 . 2004-04-18 22:42 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll

2012-03-13 19:56 . 2004-04-18 22:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll

2012-03-13 19:56 . 2004-04-18 22:39 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll

2012-03-13 19:56 . 2004-04-18 22:39 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll

2012-03-13 19:56 . 2004-04-18 22:39 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe

2012-03-13 19:56 . 2012-03-13 19:56 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll

2012-03-13 19:56 . 2012-03-13 19:56 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-29 11:07 . 2011-06-03 08:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-03 09:57 . 2004-08-04 12:00 1860224 ----a-w- c:\windows\system32\win32k.sys

2012-01-11 19:07 . 2012-02-15 13:21 3072 ------w- c:\windows\system32\iacenc.dll

2012-01-09 16:20 . 2008-01-07 14:14 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-03 20:59 . 2011-06-03 20:58 9344296 ----a-w- c:\program files\albelli7_NL.exe

2011-06-02 22:27 . 2011-06-02 22:25 91864240 ----a-w- c:\program files\Nokia_Ovi_Suite_webinstaller_ALL.exe

2010-05-13 15:41 . 2010-05-13 15:41 4614113 ----a-w- c:\program files\SetupImgBurn_2.5.1.0.exe

2010-01-26 09:11 . 2010-11-14 15:45 444283 -c--a-w- c:\program files\Common Files\WinPcapNmap.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 16264192]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360]

"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-04-23 188416]

"aaservice"="C:\Program Files/Timeslot/servicets.exe" [2007-09-06 397312]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-10 77824]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Magnify"="Magnify.exe" [2008-04-14 73216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-29 19:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2007-03-22 14:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]

2009-07-27 02:10 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]

2009-03-18 01:40 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

2012-01-13 13:53 460872 ----a-w- c:\program files\malware\Malwarebytes' Anti-Malware\mbamgui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSU_agent]

2011-10-19 13:53 190768 ----a-w- c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]

2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2008-02-10 20:49 77824 ----a-w- c:\program files\QuickTime\qttask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 09:44 248552 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2011-11-30 08:47 296056 ----a-w- c:\program files\Real\realplayer\Update\realsched.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"CTFMON.EXE"=c:\windows\system32\ctfmon.exe

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

"Persistence"=c:\windows\system32\igfxpers.exe

"HotKeysCmds"=c:\windows\system32\hkcmd.exe

"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe

"Alcmtr"=ALCMTR.EXE

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" -osboot

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\Google\\Google Earth Pro\\googleearth.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"35126:TCP"= 35126:TCP:utorrent2

"47979:TCP"= 47979:TCP:Utorrent 3

.

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11-9-2009 6:23 108792]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [11-9-2009 6:26 96408]

R2 AGCoreService;AG Core Services;c:\program files\AGI\core\4.2.0.10754\AGCoreService.exe [20-3-2011 19:42 20480]

R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [18-7-2009 23:03 75272]

R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11-9-2009 6:24 735960]

R2 MBAMService;MBAMService;c:\program files\malware\Malwarebytes' Anti-Malware\mbamservice.exe [16-3-2012 9:46 652360]

R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [27-1-2010 3:09 50704]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24-6-2010 15:41 92008]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [31-5-2011 17:01 1052480]

R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29-9-2009 8:11 12160]

R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29-9-2009 8:11 10496]

R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29-9-2009 8:11 12928]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [16-3-2012 9:46 20464]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25-2-2010 10:18 10064]

S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [18-7-2009 23:03 96520]

S2 gupdate1c9ff3c93ad5260;Google Updateservice (gupdate1c9ff3c93ad5260);c:\program files\Google\Update\GoogleUpdate.exe [7-7-2009 20:53 133104]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7-7-2009 20:53 133104]

S3 MemStPCI;Sony PCI Memory Stick-controller (PCI);c:\windows\system32\drivers\MemStPCI.SYS [2-10-2010 23:37 26112]

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - CPUZ135

*Deregistered* - cpuz135

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Inhoud van de 'Gedeelde Taken' map

.

2012-03-16 c:\windows\Tasks\Automatisch onderhoud.job

- c:\program files\TuneUp Utilities 2010\OneClickStarter.exe [2011-05-31 16:05]

.

2012-03-22 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-07 13:51]

.

2012-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-07 19:52]

.

2012-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-07 19:52]

.

2012-03-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1957994488-839522115-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14]

.

2012-03-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1957994488-839522115-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14]

.

2012-03-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1957994488-839522115-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14]

.

2012-03-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1957994488-839522115-1007.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14]

.

2012-03-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1957994488-839522115-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14]

.

2012-03-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1957994488-839522115-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14]

.

2012-03-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1957994488-839522115-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14]

.

2012-03-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1957994488-839522115-1007.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14]

.

.

------- Bijkomende Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.startpagina.nl/

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-03-22 09:46

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'explorer.exe'(2376)

c:\program files\Timeslot\dwlgina2.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Voltooingstijd: 2012-03-22 09:49:13

ComboFix-quarantined-files.txt 2012-03-22 08:49

ComboFix2.txt 2012-03-20 15:32

ComboFix3.txt 2012-03-20 15:18

ComboFix4.txt 2012-03-18 13:50

.

Pre-Run: 31.162.527.744 bytes beschikbaar

Post-Run: 31.166.611.456 bytes beschikbaar

.

- - End Of File - - F545F7D074935EE6A400E07DB3872DA1

[kweezie wabbit]

De temperaturen zijn inderdaad aan de hoge kant.

Te hoge temperaturen van een PC / laptop worden meestal veroorzaakt door een te hoog stofgehalte.

Om dit op een veilige manier te verwijderen verwijzen we graag naar deze zeer duidelijke uitleg.

Neem de tips grondig door en doe het nodige om je systeem stofvrij te (laten) maken…nadien kan je ons dan de nieuwe resultaten van Speccy bezorgen.

[kweezie wabbit]

Ga naar start - uitvoeren, typ regedit en klik OK.

Blader naar de sleutel HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem

Klik met recht op LocalSystem en kies voor exporteren.

Geef de lokatie op waar je het bestand wil opslaan en als bestandsnaam geef je bvb LocalSystem op als bestandstype kies je voor tesktbestand (*.txt)

Het tekstbestand zal te groot zijn om als bijlage toe te voegen en dus zal je er een zip bestand moeten van maken.

Voeg dit zip bestand toe als bijlage aan een volgend bericht.