combilog

[Brownpaperbag]

Hoi

Ik dacht na de defragmentatie het probleem opgelost te hebben maar dit bleek (zeer) tijdelijk. Internet is weer net zo langzaam, zo niet langzamer, dan gisteren. Ik heb een combilogje gemaakt, ik hoop dat iemand mij advies kan geven.

Bvd

Brown

ComboFix 10-06-22.03 - jasp 23/06/2010 12.04.42.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1023.637 [GMT 2:00]

Eseguito da: c:\documents and settings\jasp\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

* Resident AV is active

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Menu Avvio\HP Image Zone .lnk

C:\khq

c:\programmi\Need2Find

c:\programmi\Need2Find\bar\History\search

c:\windows\Fonts\acrsec.fon

c:\windows\system32\AutoRun.inf

c:\windows\system32\winsusrm.dll

.

((((((((((((((((((((((((( Files Creati Da 2010-05-23 al 2010-06-23 )))))))))))))))))))))))))))))))))))

.

2010-06-22 13:33 . 2010-06-22 13:33 -------- d-----w- c:\programmi\Defraggler

2010-06-22 11:33 . 2010-06-22 11:33 -------- d-----w- c:\documents and settings\jasp\Dati applicazioni\Malwarebytes

2010-06-22 11:27 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-22 11:27 . 2010-06-22 11:27 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware

2010-06-22 11:27 . 2010-06-22 11:27 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes

2010-06-22 11:27 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-22 10:49 . 2010-06-22 10:49 388096 ----a-r- c:\documents and settings\jasp\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-06-22 10:49 . 2010-06-22 10:49 -------- d-----w- c:\programmi\Trend Micro

2010-06-12 14:34 . 2010-06-12 14:34 -------- d-----w- c:\programmi\Veetle

2010-06-09 06:10 . 2010-05-06 10:32 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-07 13:42 . 2010-06-07 13:42 -------- d-----w- c:\documents and settings\jasp\Impostazioni locali\Dati applicazioni\Conduit

2010-06-07 13:42 . 2010-06-07 13:48 -------- d-----w- c:\documents and settings\jasp\Impostazioni locali\Dati applicazioni\Softonic-IT

2010-06-07 13:42 . 2010-06-07 13:47 -------- d-----w- c:\programmi\Softonic-IT

2010-06-07 13:42 . 2010-06-07 13:42 -------- d-----w- c:\programmi\Conduit

2010-06-03 13:31 . 2010-06-18 21:12 -------- d-----w- c:\documents and settings\jasp\Shared

2010-06-03 13:30 . 2010-06-03 14:37 -------- d-----w- c:\programmi\Ask.com

2010-06-03 13:29 . 2010-03-18 18:48 52224 ----a-w- c:\documents and settings\jasp\Dati applicazioni\Mozilla\Firefox\Profiles\9a2uyqmz.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\FFExternalAlert.dll

2010-06-03 13:29 . 2010-03-18 18:48 101376 ----a-w- c:\documents and settings\jasp\Dati applicazioni\Mozilla\Firefox\Profiles\9a2uyqmz.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\RadioWMPCore.dll

2010-06-03 08:40 . 2010-06-03 08:40 -------- d-----w- c:\documents and settings\jasp\Dati applicazioni\InstallShield

2010-06-03 08:40 . 2008-01-15 19:50 459520 ----a-w- c:\windows\system32\drivers\Dr71WU.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-23 09:57 . 2006-08-13 15:02 -------- d-----w- c:\documents and settings\jasp\Dati applicazioni\Skype

2010-06-23 09:39 . 2010-01-09 10:34 -------- d-----w- c:\documents and settings\jasp\Dati applicazioni\skypePM

2010-06-23 09:34 . 2001-08-31 11:00 84910 ----a-w- c:\windows\system32\perfc010.dat

2010-06-23 09:34 . 2001-08-31 11:00 491894 ----a-w- c:\windows\system32\perfh010.dat

2010-06-18 18:30 . 2009-12-01 15:56 -------- d-----w- c:\programmi\Mozilla Firefox 3.6 Beta 4

2010-06-17 07:22 . 2007-01-08 10:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy

2010-06-10 08:42 . 2007-08-06 15:17 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help

2010-06-06 12:46 . 2007-04-06 20:08 -------- d-----w- c:\documents and settings\jasp\Dati applicazioni\Azureus

2010-06-06 08:05 . 2008-07-27 12:54 -------- d-----w- c:\programmi\Microsoft Silverlight

2010-06-05 09:36 . 2007-02-04 00:13 -------- d-----w- c:\documents and settings\jasp\Dati applicazioni\AdobeUM

2010-06-03 13:30 . 2006-11-26 09:46 -------- d-----w- c:\programmi\LimeWire

2010-06-03 08:42 . 2010-06-03 08:42 -------- d-----w- c:\programmi\ANI

2010-06-03 08:42 . 2006-08-10 17:50 -------- d--h--w- c:\programmi\InstallShield Installation Information

2010-06-03 08:42 . 2010-06-03 08:42 -------- d-----w- c:\programmi\D-Link

2010-05-06 10:32 . 2004-08-19 13:39 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 08:06 . 2004-08-19 13:31 1851264 ------w- c:\windows\system32\win32k.sys

2010-04-28 08:22 . 2010-04-28 08:22 -------- d-----w- c:\programmi\File comuni\Skype

2010-04-20 05:30 . 2004-08-19 13:37 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-03-30 22:16 . 2010-03-30 22:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-03-30 22:10 . 2010-03-30 22:10 295264 ----a-w- c:\windows\system32\PresentationHost.exe

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\programmi\Skype\\Phone\Skype.exe" [2010-04-06 26102056]

"CTSyncU.exe"="c:\programmi\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-28 700416]

"DAEMON Tools Pro Agent"="c:\programmi\DAEMON Tools Pro\DTProAgent.exe" [2007-09-13 136136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]

"C-Media Mixer"="Mixer.exe" [2002-03-04 1454080]

"SoundMan"="SOUNDMAN.EXE" [2005-07-12 81920]

"MobileConnect"="c:\programmi\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-07-04 2072576]

"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"D-Link AirPlus XtremeG DWL-G122"="c:\programmi\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe" [2008-01-02 1552384]

"ANIWZCS2Service"="c:\programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\

Avvio rapido di HP Image Zone.lnk - c:\programmi\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]

HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Programmi\\LimeWire\\LimeWire.exe"=

"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [11/08/2009 10.30.50 108289]

R2 VMCService;Vodafone Mobile Connect Service;c:\programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [04/07/2008 13.52.18 14336]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24/02/2010 19.01.10 685816]

S2 CRYRZZRJ;CRYRZZRJ;\??\c:\windows\system32\drivers\CRYRZZRJ.sys --> c:\windows\system32\drivers\CRYRZZRJ.sys [?]

S2 qzsqlsnt;qzsqlsnt;\??\c:\windows\system32\drivers\qzsqlsnt.sys --> c:\windows\system32\drivers\qzsqlsnt.sys [?]

S2 xqnrsutk;xqnrsutk;\??\c:\windows\system32\drivers\xqnrsutk.sys --> c:\windows\system32\drivers\xqnrsutk.sys [?]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]

S3 V0060VID;Creative WebCam Live! Ultra;c:\windows\system32\drivers\V0060Vid.sys [13/08/2006 19.10.42 196409]

.

Contenuto della cartella 'Scheduled Tasks'

2010-06-23 c:\windows\Tasks\Google Software Updater.job

- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-05 09:42]

2010-06-23 c:\windows\Tasks\User_Feed_Synchronization-{7627A6BB-20D3-4B33-BF96-0FC7A86FA98D}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]

.

.

------- Scansione supplementare -------

.

uStart Page = hxxp://www.google.it/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\jasp\Dati applicazioni\Mozilla\Firefox\Profiles\9a2uyqmz.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2530241&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Softonic-IT Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2530241&SearchSource=13

FF - component: c:\documents and settings\jasp\Dati applicazioni\Mozilla\Firefox\Profiles\9a2uyqmz.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\jasp\Dati applicazioni\Mozilla\Firefox\Profiles\9a2uyqmz.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\RadioWMPCore.dll

FF - plugin: c:\programmi\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll

FF - plugin: c:\programmi\Veetle\Player\npvlc.dll

FF - plugin: c:\programmi\Veetle\plugins\npVeetle.dll

FF - plugin: c:\programmi\Veetle\VLCBroadcast\npvbp.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.12c:\programmi\Mozilla Firefox 3.6 Beta 4\greprefs\all.js - pref("ui.use_native_colors", true);

c:\programmi\Mozilla Firefox 3.6 Beta 4\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\programmi\Mozilla Firefox 3.6 Beta 4\greprefs\all.js - pref("svg.smil.enabled", false);

c:\programmi\Mozilla Firefox 3.6 Beta 4\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\programmi\Mozilla Firefox 3.6 Beta 4\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\programmi\Mozilla Firefox 3.6 Beta 4\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

- - - - CHIAVI ORFANE RIMOSSE - - - -

Toolbar-{e3393495-8103-46a0-8181-270273eddd60} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{E3393495-8103-46A0-8181-270273EDDD60} - (no file)

MSConfigStartUp-Army Does Locks Deaf - c:\documents and settings\All Users\Dati applicazioni\start seek army does\live flap.exe

MSConfigStartUp-BearShare - c:\programmi\BearShare\BearShare.exe

MSConfigStartUp-Bore extra - c:\docume~1\jasp\DATIAP~1\TICKBI~1\Ace mfcd.exe

AddRemove-HijackThis - g:\utilità\hijackthis\HijackThis.exe

AddRemove-bitsbaitvc - c:\docume~1\jasp\DATIAP~1\TICKBI~1\Ace mfcd.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-06-23 12:09

Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo

Files nascosti: 0

**************************************************************************

.

--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(848)

c:\windows\system32\Ati2evxx.dll

.

Ora fine scansione: 2010-06-23 12:12:07

ComboFix-quarantined-files.txt 2010-06-23 10:11

Pre-Run: 40.100.466.688 byte disponibili

Post-Run: 41.018.277.888 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 960512F9BAF866FDE085104FFB0E7096

[kweezie wabbit]

Ik heb je vorige topic heropend en we zullen daar verder gaan.