Brownpaperbag

Hoi Ik dacht na de defragmentatie het probleem opgelost te hebben maar dit bleek (zeer) tijdelijk. Internet is weer net zo langzaam, zo niet langzamer, dan gisteren. Ik heb een combilogje gemaakt, ik hoop dat iemand mij advies kan geven. Bvd Brown ComboFix 10-06-22.03 - jasp 23/06/2010 12.04.42.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1023.637 [GMT 2:00] Eseguito da: c:\documents and settings\jasp\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} * Resident AV is active . ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Menu Avvio\HP Image Zone .lnk C:\khq c:\programmi\Need2Find c:\programmi\Need2Find\bar\History\search c:\windows\Fonts\acrsec.fon c:\windows\system32\AutoRun.inf c:\windows\system32\winsusrm.dll . ((((((((((((((((((((((((( Files Creati Da 2010-05-23 al 2010-06-23 ))))))))))))))))))))))))))))))))))) . 2010-06-22 13:33 . 2010-06-22 13:33 -------- d-----w- c:\programmi\Defraggler 2010-06-22 11:33 . 2010-06-22 11:33 -------- d-----w- c:\documents and settings\jasp\Dati applicazioni\Malwarebytes 2010-06-22 11:27 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-22 11:27 . 2010-06-22 11:27 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware 2010-06-22 11:27 . 2010-06-22 11:27 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes 2010-06-22 11:27 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-22 10:49 . 2010-06-22 10:49 388096 ----a-r- c:\documents and settings\jasp\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-06-22 10:49 . 2010-06-22 10:49 -------- d-----w- c:\programmi\Trend Micro 2010-06-12 14:34 . 2010-06-12 14:34 -------- d-----w- c:\programmi\Veetle 2010-06-09 06:10 . 2010-05-06 10:32 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-06-07 13:42 . 2010-06-07 13:42 -------- d-----w- c:\documents and settings\jasp\Impostazioni locali\Dati applicazioni\Conduit 2010-06-07 13:42 . 2010-06-07 13:48 -------- d-----w- c:\documents and settings\jasp\Impostazioni locali\Dati applicazioni\Softonic-IT 2010-06-07 13:42 . 2010-06-07 13:47 -------- d-----w- c:\programmi\Softonic-IT 2010-06-07 13:42 . 2010-06-07 13:42 -------- d-----w- c:\programmi\Conduit 2010-06-03 13:31 . 2010-06-18 21:12 -------- d-----w- c:\documents and settings\jasp\Shared 2010-06-03 13:30 . 2010-06-03 14:37 -------- d-----w- c:\programmi\Ask.com 2010-06-03 13:29 . 2010-03-18 18:48 52224 ----a-w- c:\documents and settings\jasp\Dati applicazioni\Mozilla\Firefox\Profiles\9a2uyqmz.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\FFExternalAlert.dll 2010-06-03 13:29 . 2010-03-18 18:48 101376 ----a-w- c:\documents and settings\jasp\Dati applicazioni\Mozilla\Firefox\Profiles\9a2uyqmz.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\RadioWMPCore.dll 2010-06-03 08:40 . 2010-06-03 08:40 -------- d-----w- c:\documents and settings\jasp\Dati applicazioni\InstallShield 2010-06-03 08:40 . 2008-01-15 19:50 459520 ----a-w- c:\windows\system32\drivers\Dr71WU.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-23 09:57 . 2006-08-13 15:02 -------- d-----w- c:\documents and settings\jasp\Dati applicazioni\Skype 2010-06-23 09:39 . 2010-01-09 10:34 -------- d-----w- c:\documents and settings\jasp\Dati applicazioni\skypePM 2010-06-23 09:34 . 2001-08-31 11:00 84910 ----a-w- c:\windows\system32\perfc010.dat 2010-06-23 09:34 . 2001-08-31 11:00 491894 ----a-w- c:\windows\system32\perfh010.dat 2010-06-18 18:30 . 2009-12-01 15:56 -------- d-----w- c:\programmi\Mozilla Firefox 3.6 Beta 4 2010-06-17 07:22 . 2007-01-08 10:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy 2010-06-10 08:42 . 2007-08-06 15:17 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help 2010-06-06 12:46 . 2007-04-06 20:08 -------- d-----w- c:\documents and settings\jasp\Dati applicazioni\Azureus 2010-06-06 08:05 . 2008-07-27 12:54 -------- d-----w- c:\programmi\Microsoft Silverlight 2010-06-05 09:36 . 2007-02-04 00:13 -------- d-----w- c:\documents and settings\jasp\Dati applicazioni\AdobeUM 2010-06-03 13:30 . 2006-11-26 09:46 -------- d-----w- c:\programmi\LimeWire 2010-06-03 08:42 . 2010-06-03 08:42 -------- d-----w- c:\programmi\ANI 2010-06-03 08:42 . 2006-08-10 17:50 -------- d--h--w- c:\programmi\InstallShield Installation Information 2010-06-03 08:42 . 2010-06-03 08:42 -------- d-----w- c:\programmi\D-Link 2010-05-06 10:32 . 2004-08-19 13:39 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 08:06 . 2004-08-19 13:31 1851264 ------w- c:\windows\system32\win32k.sys 2010-04-28 08:22 . 2010-04-28 08:22 -------- d-----w- c:\programmi\File comuni\Skype 2010-04-20 05:30 . 2004-08-19 13:37 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-03-30 22:16 . 2010-03-30 22:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2010-03-30 22:10 . 2010-03-30 22:10 295264 ----a-w- c:\windows\system32\PresentationHost.exe . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\programmi\Skype\\Phone\Skype.exe" [2010-04-06 26102056] "CTSyncU.exe"="c:\programmi\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-28 700416] "DAEMON Tools Pro Agent"="c:\programmi\DAEMON Tools Pro\DTProAgent.exe" [2007-09-13 136136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064] "C-Media Mixer"="Mixer.exe" [2002-03-04 1454080] "SoundMan"="SOUNDMAN.EXE" [2005-07-12 81920] "MobileConnect"="c:\programmi\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-07-04 2072576] "avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "D-Link AirPlus XtremeG DWL-G122"="c:\programmi\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe" [2008-01-02 1552384] "ANIWZCS2Service"="c:\programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\ Avvio rapido di HP Image Zone.lnk - c:\programmi\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728] HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Programmi\\LimeWire\\LimeWire.exe"= "c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Programmi\\Skype\\Phone\\Skype.exe"= R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [11/08/2009 10.30.50 108289] R2 VMCService;Vodafone Mobile Connect Service;c:\programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [04/07/2008 13.52.18 14336] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24/02/2010 19.01.10 685816] S2 CRYRZZRJ;CRYRZZRJ;\??\c:\windows\system32\drivers\CRYRZZRJ.sys --> c:\windows\system32\drivers\CRYRZZRJ.sys [?] S2 qzsqlsnt;qzsqlsnt;\??\c:\windows\system32\drivers\qzsqlsnt.sys --> c:\windows\system32\drivers\qzsqlsnt.sys [?] S2 xqnrsutk;xqnrsutk;\??\c:\windows\system32\drivers\xqnrsutk.sys --> c:\windows\system32\drivers\xqnrsutk.sys [?] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?] S3 V0060VID;Creative WebCam Live! Ultra;c:\windows\system32\drivers\V0060Vid.sys [13/08/2006 19.10.42 196409] . Contenuto della cartella 'Scheduled Tasks' 2010-06-23 c:\windows\Tasks\Google Software Updater.job - c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-05 09:42] 2010-06-23 c:\windows\Tasks\User_Feed_Synchronization-{7627A6BB-20D3-4B33-BF96-0FC7A86FA98D}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 02:31] . . ------- Scansione supplementare ------- . uStart Page = hxxp://www.google.it/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\jasp\Dati applicazioni\Mozilla\Firefox\Profiles\9a2uyqmz.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2530241&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Softonic-IT Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2530241&SearchSource=13 FF - component: c:\documents and settings\jasp\Dati applicazioni\Mozilla\Firefox\Profiles\9a2uyqmz.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\FFExternalAlert.dll FF - component: c:\documents and settings\jasp\Dati applicazioni\Mozilla\Firefox\Profiles\9a2uyqmz.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\RadioWMPCore.dll FF - plugin: c:\programmi\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll FF - plugin: c:\programmi\Veetle\Player\npvlc.dll FF - plugin: c:\programmi\Veetle\plugins\npVeetle.dll FF - plugin: c:\programmi\Veetle\VLCBroadcast\npvbp.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.12c:\programmi\Mozilla Firefox 3.6 Beta 4\greprefs\all.js - pref("ui.use_native_colors", true); c:\programmi\Mozilla Firefox 3.6 Beta 4\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\programmi\Mozilla Firefox 3.6 Beta 4\greprefs\all.js - pref("svg.smil.enabled", false); c:\programmi\Mozilla Firefox 3.6 Beta 4\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\programmi\Mozilla Firefox 3.6 Beta 4\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\programmi\Mozilla Firefox 3.6 Beta 4\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - CHIAVI ORFANE RIMOSSE - - - - Toolbar-{e3393495-8103-46a0-8181-270273eddd60} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{E3393495-8103-46A0-8181-270273EDDD60} - (no file) MSConfigStartUp-Army Does Locks Deaf - c:\documents and settings\All Users\Dati applicazioni\start seek army does\live flap.exe MSConfigStartUp-BearShare - c:\programmi\BearShare\BearShare.exe MSConfigStartUp-Bore extra - c:\docume~1\jasp\DATIAP~1\TICKBI~1\Ace mfcd.exe AddRemove-HijackThis - g:\utilità\hijackthis\HijackThis.exe AddRemove-bitsbaitvc - c:\docume~1\jasp\DATIAP~1\TICKBI~1\Ace mfcd.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-06-23 12:09 Windows 5.1.2600 Service Pack 3 NTFS scansione processi nascosti ... scansione entrate autostart nascoste ... Scansione files nascosti ... Scansione completata con successo Files nascosti: 0 ************************************************************************** . --------------------- Dlls caricate dai processi in esecuzione --------------------- - - - - - - - > 'winlogon.exe'(848) c:\windows\system32\Ati2evxx.dll . Ora fine scansione: 2010-06-23 12:12:07 ComboFix-quarantined-files.txt 2010-06-23 10:11 Pre-Run: 40.100.466.688 byte disponibili Post-Run: 41.018.277.888 byte disponibili WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 960512F9BAF866FDE085104FFB0E7096

Hoi Ik dacht na de defragmentatie het probleem opgelost te hebben maar dit bleek (zeer) tijdelijk. Internet is weer net zo langzaam, zo niet langzamer, dan gisteren. Ik heb een combilogje gemaakt, ik hoop dat iemand mij advies kan geven. Bvd Brown ComboFix 10-06-22.03 - jasp 23/06/2010 12.04.42.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1023.637 [GMT 2:00] Eseguito da: c:\documents and settings\jasp\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} * Resident AV is active . ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Menu Avvio\HP Image Zone .lnk C:\khq c:\programmi\Need2Find c:\programmi\Need2Find\bar\History\search c:\windows\Fonts\acrsec.fon c:\windows\system32\AutoRun.inf c:\windows\system32\winsusrm.dll . ((((((((((((((((((((((((( Files Creati Da 2010-05-23 al 2010-06-23 ))))))))))))))))))))))))))))))))))) . 2010-06-22 13:33 . 2010-06-22 13:33 -------- d-----w- c:\programmi\Defraggler 2010-06-22 11:33 . 2010-06-22 11:33 -------- d-----w- c:\documents and settings\jasp\Dati applicazioni\Malwarebytes 2010-06-22 11:27 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-22 11:27 . 2010-06-22 11:27 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware 2010-06-22 11:27 . 2010-06-22 11:27 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes 2010-06-22 11:27 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-22 10:49 . 2010-06-22 10:49 388096 ----a-r- c:\documents and settings\jasp\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-06-22 10:49 . 2010-06-22 10:49 -------- d-----w- c:\programmi\Trend Micro 2010-06-12 14:34 . 2010-06-12 14:34 -------- d-----w- c:\programmi\Veetle 2010-06-09 06:10 . 2010-05-06 10:32 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-06-07 13:42 . 2010-06-07 13:42 -------- d-----w- c:\documents and settings\jasp\Impostazioni locali\Dati applicazioni\Conduit 2010-06-07 13:42 . 2010-06-07 13:48 -------- d-----w- c:\documents and settings\jasp\Impostazioni locali\Dati applicazioni\Softonic-IT 2010-06-07 13:42 . 2010-06-07 13:47 -------- d-----w- c:\programmi\Softonic-IT 2010-06-07 13:42 . 2010-06-07 13:42 -------- d-----w- c:\programmi\Conduit 2010-06-03 13:31 . 2010-06-18 21:12 -------- d-----w- c:\documents and settings\jasp\Shared 2010-06-03 13:30 . 2010-06-03 14:37 -------- d-----w- c:\programmi\Ask.com 2010-06-03 13:29 . 2010-03-18 18:48 52224 ----a-w- c:\documents and settings\jasp\Dati applicazioni\Mozilla\Firefox\Profiles\9a2uyqmz.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\FFExternalAlert.dll 2010-06-03 13:29 . 2010-03-18 18:48 101376 ----a-w- c:\documents and settings\jasp\Dati applicazioni\Mozilla\Firefox\Profiles\9a2uyqmz.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\RadioWMPCore.dll 2010-06-03 08:40 . 2010-06-03 08:40 -------- d-----w- c:\documents and settings\jasp\Dati applicazioni\InstallShield 2010-06-03 08:40 . 2008-01-15 19:50 459520 ----a-w- c:\windows\system32\drivers\Dr71WU.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-23 09:57 . 2006-08-13 15:02 -------- d-----w- c:\documents and settings\jasp\Dati applicazioni\Skype 2010-06-23 09:39 . 2010-01-09 10:34 -------- d-----w- c:\documents and settings\jasp\Dati applicazioni\skypePM 2010-06-23 09:34 . 2001-08-31 11:00 84910 ----a-w- c:\windows\system32\perfc010.dat 2010-06-23 09:34 . 2001-08-31 11:00 491894 ----a-w- c:\windows\system32\perfh010.dat 2010-06-18 18:30 . 2009-12-01 15:56 -------- d-----w- c:\programmi\Mozilla Firefox 3.6 Beta 4 2010-06-17 07:22 . 2007-01-08 10:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy 2010-06-10 08:42 . 2007-08-06 15:17 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help 2010-06-06 12:46 . 2007-04-06 20:08 -------- d-----w- c:\documents and settings\jasp\Dati applicazioni\Azureus 2010-06-06 08:05 . 2008-07-27 12:54 -------- d-----w- c:\programmi\Microsoft Silverlight 2010-06-05 09:36 . 2007-02-04 00:13 -------- d-----w- c:\documents and settings\jasp\Dati applicazioni\AdobeUM 2010-06-03 13:30 . 2006-11-26 09:46 -------- d-----w- c:\programmi\LimeWire 2010-06-03 08:42 . 2010-06-03 08:42 -------- d-----w- c:\programmi\ANI 2010-06-03 08:42 . 2006-08-10 17:50 -------- d--h--w- c:\programmi\InstallShield Installation Information 2010-06-03 08:42 . 2010-06-03 08:42 -------- d-----w- c:\programmi\D-Link 2010-05-06 10:32 . 2004-08-19 13:39 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 08:06 . 2004-08-19 13:31 1851264 ------w- c:\windows\system32\win32k.sys 2010-04-28 08:22 . 2010-04-28 08:22 -------- d-----w- c:\programmi\File comuni\Skype 2010-04-20 05:30 . 2004-08-19 13:37 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-03-30 22:16 . 2010-03-30 22:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2010-03-30 22:10 . 2010-03-30 22:10 295264 ----a-w- c:\windows\system32\PresentationHost.exe . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\programmi\Skype\\Phone\Skype.exe" [2010-04-06 26102056] "CTSyncU.exe"="c:\programmi\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-28 700416] "DAEMON Tools Pro Agent"="c:\programmi\DAEMON Tools Pro\DTProAgent.exe" [2007-09-13 136136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064] "C-Media Mixer"="Mixer.exe" [2002-03-04 1454080] "SoundMan"="SOUNDMAN.EXE" [2005-07-12 81920] "MobileConnect"="c:\programmi\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-07-04 2072576] "avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "D-Link AirPlus XtremeG DWL-G122"="c:\programmi\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe" [2008-01-02 1552384] "ANIWZCS2Service"="c:\programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\ Avvio rapido di HP Image Zone.lnk - c:\programmi\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728] HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Programmi\\LimeWire\\LimeWire.exe"= "c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Programmi\\Skype\\Phone\\Skype.exe"= R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [11/08/2009 10.30.50 108289] R2 VMCService;Vodafone Mobile Connect Service;c:\programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [04/07/2008 13.52.18 14336] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24/02/2010 19.01.10 685816] S2 CRYRZZRJ;CRYRZZRJ;\??\c:\windows\system32\drivers\CRYRZZRJ.sys --> c:\windows\system32\drivers\CRYRZZRJ.sys [?] S2 qzsqlsnt;qzsqlsnt;\??\c:\windows\system32\drivers\qzsqlsnt.sys --> c:\windows\system32\drivers\qzsqlsnt.sys [?] S2 xqnrsutk;xqnrsutk;\??\c:\windows\system32\drivers\xqnrsutk.sys --> c:\windows\system32\drivers\xqnrsutk.sys [?] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?] S3 V0060VID;Creative WebCam Live! Ultra;c:\windows\system32\drivers\V0060Vid.sys [13/08/2006 19.10.42 196409] . Contenuto della cartella 'Scheduled Tasks' 2010-06-23 c:\windows\Tasks\Google Software Updater.job - c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-05 09:42] 2010-06-23 c:\windows\Tasks\User_Feed_Synchronization-{7627A6BB-20D3-4B33-BF96-0FC7A86FA98D}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 02:31] . . ------- Scansione supplementare ------- . uStart Page = hxxp://www.google.it/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\jasp\Dati applicazioni\Mozilla\Firefox\Profiles\9a2uyqmz.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2530241&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Softonic-IT Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2530241&SearchSource=13 FF - component: c:\documents and settings\jasp\Dati applicazioni\Mozilla\Firefox\Profiles\9a2uyqmz.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\FFExternalAlert.dll FF - component: c:\documents and settings\jasp\Dati applicazioni\Mozilla\Firefox\Profiles\9a2uyqmz.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\RadioWMPCore.dll FF - plugin: c:\programmi\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll FF - plugin: c:\programmi\Veetle\Player\npvlc.dll FF - plugin: c:\programmi\Veetle\plugins\npVeetle.dll FF - plugin: c:\programmi\Veetle\VLCBroadcast\npvbp.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.12c:\programmi\Mozilla Firefox 3.6 Beta 4\greprefs\all.js - pref("ui.use_native_colors", true); c:\programmi\Mozilla Firefox 3.6 Beta 4\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\programmi\Mozilla Firefox 3.6 Beta 4\greprefs\all.js - pref("svg.smil.enabled", false); c:\programmi\Mozilla Firefox 3.6 Beta 4\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\programmi\Mozilla Firefox 3.6 Beta 4\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\programmi\Mozilla Firefox 3.6 Beta 4\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - CHIAVI ORFANE RIMOSSE - - - - Toolbar-{e3393495-8103-46a0-8181-270273eddd60} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{E3393495-8103-46A0-8181-270273EDDD60} - (no file) MSConfigStartUp-Army Does Locks Deaf - c:\documents and settings\All Users\Dati applicazioni\start seek army does\live flap.exe MSConfigStartUp-BearShare - c:\programmi\BearShare\BearShare.exe MSConfigStartUp-Bore extra - c:\docume~1\jasp\DATIAP~1\TICKBI~1\Ace mfcd.exe AddRemove-HijackThis - g:\utilità\hijackthis\HijackThis.exe AddRemove-bitsbaitvc - c:\docume~1\jasp\DATIAP~1\TICKBI~1\Ace mfcd.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-06-23 12:09 Windows 5.1.2600 Service Pack 3 NTFS scansione processi nascosti ... scansione entrate autostart nascoste ... Scansione files nascosti ... Scansione completata con successo Files nascosti: 0 ************************************************************************** . --------------------- Dlls caricate dai processi in esecuzione --------------------- - - - - - - - > 'winlogon.exe'(848) c:\windows\system32\Ati2evxx.dll . Ora fine scansione: 2010-06-23 12:12:07 ComboFix-quarantined-files.txt 2010-06-23 10:11 Pre-Run: 40.100.466.688 byte disponibili Post-Run: 41.018.277.888 byte disponibili WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 960512F9BAF866FDE085104FFB0E7096

Hoi Kape, Na het defragmenteren is mn computer weer op oude snelheid! Ben blij dat het opgelost is, combofix bewaar ik voor eventuele andere barre tijden! Nogmaals ontzettend bedankt, Brown

Hoi Kape, Ik ben op dit moment de computer aan het defragmenteren, dat duurt lang. Ik zal daarna bovenstaande uitvoeren en een log plaatsen, Bedankt brown

Hoi Kape, Helaas is internet nog net zo langzaam, enig idee waaraan dat zou kunnen liggen, is er nog iets anders dat ik kan proberen? Brown

Hoi Kape Hartelijk bedankt voor het snelle antwoord! Ik heb bovenstaande uitgevoerd, zie hieronder de logjes: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Versione database: 4223 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 22/06/2010 13.47.36 mbam-log-2010-06-22 (13-47-36).txt Tipo di scansione: Scansione veloce Elementi esaminati: 139955 Tempo trascorso: 8 minuti, 13 secondi Processi infetti in memoria: 0 Moduli di memoria infetti: 0 Chiavi di registro infette: 2 Valori di registro infetti: 0 Voci infette nei dati di registro: 3 Cartelle infette: 2 File infetti: 7 Processi infetti in memoria: (Non sono stati rilevati elementi nocivi) Moduli di memoria infetti: (Non sono stati rilevati elementi nocivi) Chiavi di registro infette: HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DRM\amty (Worm.Autorun) -> Quarantined and deleted successfully. Valori di registro infetti: (Non sono stati rilevati elementi nocivi) Voci infette nei dati di registro: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Cartelle infette: C:\Programmi\RXToolBar (Adware.RXToolbar) -> Quarantined and deleted successfully. C:\Programmi\Torrent101 (Trojan.Swizzor) -> Quarantined and deleted successfully. File infetti: C:\Programmi\Torrent101\SkinCrafterDll.dll (Trojan.Swizzor) -> Quarantined and deleted successfully. C:\Programmi\Torrent101\Torrent101.exe (Trojan.Swizzor) -> Quarantined and deleted successfully. C:\Programmi\Torrent101\Torrent101.TRC (Trojan.Swizzor) -> Quarantined and deleted successfully. C:\Programmi\Torrent101\Torrent101_1.TRC (Trojan.Swizzor) -> Quarantined and deleted successfully. C:\Programmi\Torrent101\Torrent101_2.TRC (Trojan.Swizzor) -> Quarantined and deleted successfully. C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully. En de nieuwe Hijack: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13.56.27, on 22/06/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\Mixer.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe C:\Programmi\Avira\AntiVir Desktop\avgnt.exe C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe C:\Programmi\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Programmi\Messenger\msmsgs.exe C:\Programmi\Skype\Phone\Skype.exe C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe C:\Programmi\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Programmi\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe C:\WINDOWS\system32\wuauclt.exe C:\Programmi\Canon\CAL\CALMAIN.exe C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe C:\WINDOWS\system32\wscntfy.exe C:\Programmi\Skype\Plugin Manager\skypePM.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\Microsoft Office\Office12\WINWORD.EXE C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {e3393495-8103-46a0-8181-270273eddd60} - (no file) O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [D-Link AirPlus XtremeG DWL-G122] C:\Programmi\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [skype] "C:\Programmi\Skype\\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Programmi\DAEMON Tools Pro\DTProAgent.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1231621140458&h=8783d5352115eaa364cca51dff2e03e2/&filename=jinstall-6u11-windows-i586-jc.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- End of file - 9138 bytes Nogmaals bedankt voor de assistentie! Brown

Hoi, Mijn internet in van de ene op de andere dag heel traag geworden. Ik heb een hijackthis log hieronder gekopieerd, ik hoop dat iemand mij kan helpen. Alvast bedankt voor de moeite! Brown Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12.53.08, on 22/06/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programmi\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Programmi\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe C:\Programmi\Canon\CAL\CALMAIN.exe C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\Mixer.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe C:\Programmi\Avira\AntiVir Desktop\avgnt.exe C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe C:\Programmi\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Programmi\Messenger\msmsgs.exe C:\Programmi\Skype\Phone\Skype.exe C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe C:\Programmi\Skype\Plugin Manager\skypePM.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\Internet Explorer\iexplore.exe C:\WINDOWS\system32\msiexec.exe C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - URLSearchHook: Softonic-IT Toolbar - {e3393495-8103-46a0-8181-270273eddd60} - C:\Programmi\Softonic-IT\tbSof1.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll O2 - BHO: Softonic-IT Toolbar - {e3393495-8103-46a0-8181-270273eddd60} - C:\Programmi\Softonic-IT\tbSof1.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: Softonic-IT Toolbar - {e3393495-8103-46a0-8181-270273eddd60} - C:\Programmi\Softonic-IT\tbSof1.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513 O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [D-Link AirPlus XtremeG DWL-G122] C:\Programmi\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [skype] "C:\Programmi\Skype\\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Programmi\DAEMON Tools Pro\DTProAgent.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1231621140458&h=8783d5352115eaa364cca51dff2e03e2/&filename=jinstall-6u11-windows-i586-jc.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe O24 - Desktop Component 0: (no name) - http://www.gabrielrolt.com/images/anoek_steketee_frontstage_20042006_untitled_8_kodak_endura_print_70_x_70_cm_edition10_110_x110_cm_edition_6__detail.jpeg O24 - Desktop Component 1: (no name) - http://upload.wikimedia.org/wikipedia/commons/3/35/Arthur_Rimbaud_01.PNG