Hijackthis log, help aub!

[Brownpaperbag]

Hoi,

Mijn internet in van de ene op de andere dag heel traag geworden. Ik heb een hijackthis log hieronder gekopieerd, ik hoop dat iemand mij kan helpen. Alvast bedankt voor de moeite!

Brown

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12.53.08, on 22/06/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programmi\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Programmi\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Programmi\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

C:\Programmi\Canon\CAL\CALMAIN.exe

C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\WINDOWS\Mixer.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe

C:\Programmi\Avira\AntiVir Desktop\avgnt.exe

C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe

C:\Programmi\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe

C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Programmi\Messenger\msmsgs.exe

C:\Programmi\Skype\Phone\Skype.exe

C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe

C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe

C:\Programmi\Skype\Plugin Manager\skypePM.exe

C:\Programmi\Internet Explorer\iexplore.exe

C:\Programmi\Internet Explorer\iexplore.exe

C:\Programmi\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\msiexec.exe

C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

R3 - URLSearchHook: Softonic-IT Toolbar - {e3393495-8103-46a0-8181-270273eddd60} - C:\Programmi\Softonic-IT\tbSof1.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Softonic-IT Toolbar - {e3393495-8103-46a0-8181-270273eddd60} - C:\Programmi\Softonic-IT\tbSof1.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O3 - Toolbar: Softonic-IT Toolbar - {e3393495-8103-46a0-8181-270273eddd60} - C:\Programmi\Softonic-IT\tbSof1.dll

O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent

O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [D-Link AirPlus XtremeG DWL-G122] C:\Programmi\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Programmi\Skype\\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Programmi\DAEMON Tools Pro\DTProAgent.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1231621140458&h=8783d5352115eaa364cca51dff2e03e2/&filename=jinstall-6u11-windows-i586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

O24 - Desktop Component 0: (no name) - http://www.gabrielrolt.com/images/anoek_steketee_frontstage_20042006_untitled_8_kodak_endura_print_70_x_70_cm_edition10_110_x110_cm_edition_6__detail.jpeg

O24 - Desktop Component 1: (no name) - http://upload.wikimedia.org/wikipedia/commons/3/35/Arthur_Rimbaud_01.PNG

[kape]

Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator" of "Uitvoeren als administrator". Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:

R3 - URLSearchHook: Softonic-IT Toolbar - {e3393495-8103-46a0-8181-270273eddd60} - C:\Programmi\Softonic-IT\tbSof1.dll

O2 - BHO: Softonic-IT Toolbar - {e3393495-8103-46a0-8181-270273eddd60} - C:\Programmi\Softonic-IT\tbSof1.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O3 - Toolbar: Softonic-IT Toolbar - {e3393495-8103-46a0-8181-270273eddd60} - C:\Programmi\Softonic-IT\tbSof1.dll

O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513

O24 - Desktop Component 0: (no name) - http://www.gabrielrolt.com/images/an...6__detail.jpeg

O24 - Desktop Component 1: (no name) - http://upload.wikimedia.org/wikipedi...Rimbaud_01.PNG

Klik op 'Fix checked' om de items te verwijderen.

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

[Brownpaperbag]

Hoi Kape

Hartelijk bedankt voor het snelle antwoord! Ik heb bovenstaande uitgevoerd, zie hieronder de logjes:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Versione database: 4223

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

22/06/2010 13.47.36

mbam-log-2010-06-22 (13-47-36).txt

Tipo di scansione: Scansione veloce

Elementi esaminati: 139955

Tempo trascorso: 8 minuti, 13 secondi

Processi infetti in memoria: 0

Moduli di memoria infetti: 0

Chiavi di registro infette: 2

Valori di registro infetti: 0

Voci infette nei dati di registro: 3

Cartelle infette: 2

File infetti: 7

Processi infetti in memoria:

(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:

(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:

HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DRM\amty (Worm.Autorun) -> Quarantined and deleted successfully.

Valori di registro infetti:

(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Cartelle infette:

C:\Programmi\RXToolBar (Adware.RXToolbar) -> Quarantined and deleted successfully.

C:\Programmi\Torrent101 (Trojan.Swizzor) -> Quarantined and deleted successfully.

File infetti:

C:\Programmi\Torrent101\SkinCrafterDll.dll (Trojan.Swizzor) -> Quarantined and deleted successfully.

C:\Programmi\Torrent101\Torrent101.exe (Trojan.Swizzor) -> Quarantined and deleted successfully.

C:\Programmi\Torrent101\Torrent101.TRC (Trojan.Swizzor) -> Quarantined and deleted successfully.

C:\Programmi\Torrent101\Torrent101_1.TRC (Trojan.Swizzor) -> Quarantined and deleted successfully.

C:\Programmi\Torrent101\Torrent101_2.TRC (Trojan.Swizzor) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.

En de nieuwe Hijack:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13.56.27, on 22/06/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programmi\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\Mixer.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe

C:\Programmi\Avira\AntiVir Desktop\avgnt.exe

C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe

C:\Programmi\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe

C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Programmi\Messenger\msmsgs.exe

C:\Programmi\Skype\Phone\Skype.exe

C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe

C:\Programmi\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Programmi\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programmi\Canon\CAL\CALMAIN.exe

C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Programmi\Skype\Plugin Manager\skypePM.exe

C:\Programmi\Internet Explorer\iexplore.exe

C:\Programmi\Internet Explorer\iexplore.exe

C:\Programmi\Microsoft Office\Office12\WINWORD.EXE

C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: (no name) - {e3393495-8103-46a0-8181-270273eddd60} - (no file)

O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent

O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [D-Link AirPlus XtremeG DWL-G122] C:\Programmi\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Programmi\Skype\\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Programmi\DAEMON Tools Pro\DTProAgent.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1231621140458&h=8783d5352115eaa364cca51dff2e03e2/&filename=jinstall-6u11-windows-i586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

--

End of file - 9138 bytes

Nogmaals bedankt voor de assistentie!

Brown

[kape]

Malwarebytes heeft flink wat malware verwijderd en logje HijackTHis ziet er goed uit. Hoe staat het nu met de snelheid (of traagheid) ?

[Brownpaperbag]

Hoi Kape,

Helaas is internet nog net zo langzaam, enig idee waaraan dat zou kunnen liggen, is er nog iets anders dat ik kan proberen?

Brown

[kape]

Download Combofix naar je Bureaublad.

Lees hier meer over correct gebruik van Combofix.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

• 
  Dubbelklik op Combofix.exe om het te starten.
  Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
  Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
  Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
  Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
  Klik na afloop terug op Ja om het scannen op malware te starten.
  Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
  

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord.

[Brownpaperbag]

Hoi Kape,

Ik ben op dit moment de computer aan het defragmenteren, dat duurt lang. Ik zal daarna bovenstaande uitvoeren en een log plaatsen,

Bedankt

brown

[Brownpaperbag]

Hoi Kape,

Na het defragmenteren is mn computer weer op oude snelheid! Ben blij dat het opgelost is, combofix bewaar ik voor eventuele andere barre tijden! Nogmaals ontzettend bedankt,

Brown

[kape]

Dan zetten we Combofix inderdaad beter in de ijskast ... en sluiten we dit onderwerp af

[Brownpaperbag]

Hoi

Ik dacht na de defragmentatie het probleem opgelost te hebben maar dit bleek (zeer) tijdelijk. Internet is weer net zo langzaam, zo niet langzamer, dan gisteren. Ik heb een combilogje gemaakt, ik hoop dat iemand mij advies kan geven.

Bvd

Brown

ComboFix 10-06-22.03 - jasp 23/06/2010 12.04.42.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1023.637 [GMT 2:00]

Eseguito da: c:\documents and settings\jasp\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

* Resident AV is active

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Menu Avvio\HP Image Zone .lnk

C:\khq

c:\programmi\Need2Find

c:\programmi\Need2Find\bar\History\search

c:\windows\Fonts\acrsec.fon

c:\windows\system32\AutoRun.inf

c:\windows\system32\winsusrm.dll

.

((((((((((((((((((((((((( Files Creati Da 2010-05-23 al 2010-06-23 )))))))))))))))))))))))))))))))))))

.

2010-06-22 13:33 . 2010-06-22 13:33 -------- d-----w- c:\programmi\Defraggler

2010-06-22 11:33 . 2010-06-22 11:33 -------- d-----w- c:\documents and settings\jasp\Dati applicazioni\Malwarebytes

2010-06-22 11:27 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-22 11:27 . 2010-06-22 11:27 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware

2010-06-22 11:27 . 2010-06-22 11:27 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes

2010-06-22 11:27 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-22 10:49 . 2010-06-22 10:49 388096 ----a-r- c:\documents and settings\jasp\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-06-22 10:49 . 2010-06-22 10:49 -------- d-----w- c:\programmi\Trend Micro

2010-06-12 14:34 . 2010-06-12 14:34 -------- d-----w- c:\programmi\Veetle

2010-06-09 06:10 . 2010-05-06 10:32 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-07 13:42 . 2010-06-07 13:42 -------- d-----w- c:\documents and settings\jasp\Impostazioni locali\Dati applicazioni\Conduit

2010-06-07 13:42 . 2010-06-07 13:48 -------- d-----w- c:\documents and settings\jasp\Impostazioni locali\Dati applicazioni\Softonic-IT

2010-06-07 13:42 . 2010-06-07 13:47 -------- d-----w- c:\programmi\Softonic-IT

2010-06-07 13:42 . 2010-06-07 13:42 -------- d-----w- c:\programmi\Conduit

2010-06-03 13:31 . 2010-06-18 21:12 -------- d-----w- c:\documents and settings\jasp\Shared

2010-06-03 13:30 . 2010-06-03 14:37 -------- d-----w- c:\programmi\Ask.com

2010-06-03 13:29 . 2010-03-18 18:48 52224 ----a-w- c:\documents and settings\jasp\Dati applicazioni\Mozilla\Firefox\Profiles\9a2uyqmz.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\FFExternalAlert.dll

2010-06-03 13:29 . 2010-03-18 18:48 101376 ----a-w- c:\documents and settings\jasp\Dati applicazioni\Mozilla\Firefox\Profiles\9a2uyqmz.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\RadioWMPCore.dll

2010-06-03 08:40 . 2010-06-03 08:40 -------- d-----w- c:\documents and settings\jasp\Dati applicazioni\InstallShield

2010-06-03 08:40 . 2008-01-15 19:50 459520 ----a-w- c:\windows\system32\drivers\Dr71WU.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-23 09:57 . 2006-08-13 15:02 -------- d-----w- c:\documents and settings\jasp\Dati applicazioni\Skype

2010-06-23 09:39 . 2010-01-09 10:34 -------- d-----w- c:\documents and settings\jasp\Dati applicazioni\skypePM

2010-06-23 09:34 . 2001-08-31 11:00 84910 ----a-w- c:\windows\system32\perfc010.dat

2010-06-23 09:34 . 2001-08-31 11:00 491894 ----a-w- c:\windows\system32\perfh010.dat

2010-06-18 18:30 . 2009-12-01 15:56 -------- d-----w- c:\programmi\Mozilla Firefox 3.6 Beta 4

2010-06-17 07:22 . 2007-01-08 10:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy

2010-06-10 08:42 . 2007-08-06 15:17 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help

2010-06-06 12:46 . 2007-04-06 20:08 -------- d-----w- c:\documents and settings\jasp\Dati applicazioni\Azureus

2010-06-06 08:05 . 2008-07-27 12:54 -------- d-----w- c:\programmi\Microsoft Silverlight

2010-06-05 09:36 . 2007-02-04 00:13 -------- d-----w- c:\documents and settings\jasp\Dati applicazioni\AdobeUM

2010-06-03 13:30 . 2006-11-26 09:46 -------- d-----w- c:\programmi\LimeWire

2010-06-03 08:42 . 2010-06-03 08:42 -------- d-----w- c:\programmi\ANI

2010-06-03 08:42 . 2006-08-10 17:50 -------- d--h--w- c:\programmi\InstallShield Installation Information

2010-06-03 08:42 . 2010-06-03 08:42 -------- d-----w- c:\programmi\D-Link

2010-05-06 10:32 . 2004-08-19 13:39 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 08:06 . 2004-08-19 13:31 1851264 ------w- c:\windows\system32\win32k.sys

2010-04-28 08:22 . 2010-04-28 08:22 -------- d-----w- c:\programmi\File comuni\Skype

2010-04-20 05:30 . 2004-08-19 13:37 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-03-30 22:16 . 2010-03-30 22:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-03-30 22:10 . 2010-03-30 22:10 295264 ----a-w- c:\windows\system32\PresentationHost.exe

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\programmi\Skype\\Phone\Skype.exe" [2010-04-06 26102056]

"CTSyncU.exe"="c:\programmi\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-28 700416]

"DAEMON Tools Pro Agent"="c:\programmi\DAEMON Tools Pro\DTProAgent.exe" [2007-09-13 136136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]

"C-Media Mixer"="Mixer.exe" [2002-03-04 1454080]

"SoundMan"="SOUNDMAN.EXE" [2005-07-12 81920]

"MobileConnect"="c:\programmi\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-07-04 2072576]

"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"D-Link AirPlus XtremeG DWL-G122"="c:\programmi\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe" [2008-01-02 1552384]

"ANIWZCS2Service"="c:\programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\

Avvio rapido di HP Image Zone.lnk - c:\programmi\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]

HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Programmi\\LimeWire\\LimeWire.exe"=

"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [11/08/2009 10.30.50 108289]

R2 VMCService;Vodafone Mobile Connect Service;c:\programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [04/07/2008 13.52.18 14336]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24/02/2010 19.01.10 685816]

S2 CRYRZZRJ;CRYRZZRJ;\??\c:\windows\system32\drivers\CRYRZZRJ.sys --> c:\windows\system32\drivers\CRYRZZRJ.sys [?]

S2 qzsqlsnt;qzsqlsnt;\??\c:\windows\system32\drivers\qzsqlsnt.sys --> c:\windows\system32\drivers\qzsqlsnt.sys [?]

S2 xqnrsutk;xqnrsutk;\??\c:\windows\system32\drivers\xqnrsutk.sys --> c:\windows\system32\drivers\xqnrsutk.sys [?]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]

S3 V0060VID;Creative WebCam Live! Ultra;c:\windows\system32\drivers\V0060Vid.sys [13/08/2006 19.10.42 196409]

.

Contenuto della cartella 'Scheduled Tasks'

2010-06-23 c:\windows\Tasks\Google Software Updater.job

- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-05 09:42]

2010-06-23 c:\windows\Tasks\User_Feed_Synchronization-{7627A6BB-20D3-4B33-BF96-0FC7A86FA98D}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]

.

.

------- Scansione supplementare -------

.

uStart Page = hxxp://www.google.it/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\jasp\Dati applicazioni\Mozilla\Firefox\Profiles\9a2uyqmz.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2530241&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Softonic-IT Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2530241&SearchSource=13

FF - component: c:\documents and settings\jasp\Dati applicazioni\Mozilla\Firefox\Profiles\9a2uyqmz.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\jasp\Dati applicazioni\Mozilla\Firefox\Profiles\9a2uyqmz.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\RadioWMPCore.dll

FF - plugin: c:\programmi\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll

FF - plugin: c:\programmi\Veetle\Player\npvlc.dll

FF - plugin: c:\programmi\Veetle\plugins\npVeetle.dll

FF - plugin: c:\programmi\Veetle\VLCBroadcast\npvbp.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.12c:\programmi\Mozilla Firefox 3.6 Beta 4\greprefs\all.js - pref("ui.use_native_colors", true);

c:\programmi\Mozilla Firefox 3.6 Beta 4\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\programmi\Mozilla Firefox 3.6 Beta 4\greprefs\all.js - pref("svg.smil.enabled", false);

c:\programmi\Mozilla Firefox 3.6 Beta 4\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\programmi\Mozilla Firefox 3.6 Beta 4\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\programmi\Mozilla Firefox 3.6 Beta 4\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

- - - - CHIAVI ORFANE RIMOSSE - - - -

Toolbar-{e3393495-8103-46a0-8181-270273eddd60} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{E3393495-8103-46A0-8181-270273EDDD60} - (no file)

MSConfigStartUp-Army Does Locks Deaf - c:\documents and settings\All Users\Dati applicazioni\start seek army does\live flap.exe

MSConfigStartUp-BearShare - c:\programmi\BearShare\BearShare.exe

MSConfigStartUp-Bore extra - c:\docume~1\jasp\DATIAP~1\TICKBI~1\Ace mfcd.exe

AddRemove-HijackThis - g:\utilità\hijackthis\HijackThis.exe

AddRemove-bitsbaitvc - c:\docume~1\jasp\DATIAP~1\TICKBI~1\Ace mfcd.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-06-23 12:09

Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo

Files nascosti: 0

**************************************************************************

.

--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(848)

c:\windows\system32\Ati2evxx.dll

.

Ora fine scansione: 2010-06-23 12:12:07

ComboFix-quarantined-files.txt 2010-06-23 10:11

Pre-Run: 40.100.466.688 byte disponibili

Post-Run: 41.018.277.888 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 960512F9BAF866FDE085104FFB0E7096