 |
 |
|
|
|||||||
|
||||||||
03-25-2008, 07:21 PM
|
#1 (permalink) |
|
New Member
 Join Date: Jul 2004
Location: Farnham
Age: 20
Posts: 16
|
IE and Firefox really slow
Hi,
Since 2 days, my IE and Firefox became really slow. I can't send an email, the page still loading after 15 min. But when I download something, the speed is the usual. So, it has to be the Internet connection or some spam crap I caught. I'm pretty sure it isn't the connection, but I run like 5 scan with many programs and it didn't find anything. I made a scan with highjackthis, here's the log : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:25:27, on 2008-03-25 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {C222E8CF-22A4-4F02-A64C-AFCC6F4F16CF} - (no file) O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -s O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/re...s/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1106009658749 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1135639063531 O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driver...aSmartScan.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab O18 - Filter hijack: text/html - (no CLSID) - (no file) O18 - Filter: text/plain - (no CLSID) - (no file) O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll C:\WINDOWS\system32\guard32.dll O20 - Winlogon Notify: mljgd - C:\WINDOWS\ O20 - Winlogon Notify: rqrpnkj - rqrpnkj.dll (file missing) O20 - Winlogon Notify: vtuuutr - C:\WINDOWS\ O20 - Winlogon Notify: wingsa32 - wingsa32.dll (file missing) O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 7048 bytes
__________________
WoUaLeX |
|
|
|
03-25-2008, 09:06 PM
|
#2 (permalink) |
|
New Member
Join Date: Jul 2004
Location: Farnham
Age: 20
Posts: 16
|
Just realized that in safe mode, the Internet just run as usual, maybe it can help (in fact, I had to post in safe mode, after 20 min of waiting in normal mode for posting this thread)
__________________
WoUaLeX |
|
|
|
|
03-25-2008, 10:16 PM
|
#3 (permalink) |
|
New Member
Join Date: Jul 2004
Location: Farnham
Age: 20
Posts: 16
|
I just finish a scan with SDFix, and it found some trojan crap, here's the report:
SDFix: Version 1.161 Run by Alexandre on 2008-03-25 at 16:41 Microsoft Windows XP [version 5.1.2600] Running From: C:\DOCUME~1\ALEXAN~1\Bureau\SDFix Checking Services : Name: NtmlSvc Path: NtmlSvc - Deleted Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\SYSTEM32\KQDUA.DLL - Deleted C:\WINDOWS\SYSTEM32\NEB47A~1.XML - Deleted C:\WINDOWS\SYSTEM32\NEWJZA~2.XML - Deleted C:\WINDOWS\SYSTEM32\NEWJZA~3.XML - Deleted C:\WINDOWS\SYSTEM32\NEWJZA~4.XML - Deleted C:\WINDOWS\SYSTEM32\NEWJZA~2.XML - Deleted C:\WINDOWS\SYSTEM32\NEWJZA~3.XML - Deleted C:\WINDOWS\hosts - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-25 16:47:46 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwClose scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\Maple 7\\BIN.WNT\\mserver.exe"="C:\\Program Files\\Maple 7\\BIN.WNT\\mserver.exe:*:Enabled:mserver" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : File Backups: - C:\DOCUME~1\ALEXAN~1\Bureau\SDFix\backups\backups. zip Files with Hidden Attributes : Fri 3 Mar 2006 80 ..SHR --- "C:\WINDOWS\system32\57E29F705C.dll" Wed 15 Aug 2007 6,652 ..SH. --- "C:\WINDOWS\system32\dgjlm.tmp" Wed 15 Aug 2007 6,486 ..SH. --- "C:\WINDOWS\system32\dgjlm.bak1" Tue 24 Jul 2007 12,160 ..SH. --- "C:\WINDOWS\system32\ttvwa.tmp" Sat 9 Sep 2006 243,712 A..H. --- "C:\Documents and Settings\Alexandre\Mes documents\Alex.bak" Sat 9 Sep 2006 165,888 A..H. --- "C:\Documents and Settings\Alexandre\Mes documents\Nicole Fournier.bak" Wed 13 Apr 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Wed 28 Dec 2005 400 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.bla.bak" Wed 28 Dec 2005 48 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.sec.bak" Wed 28 Dec 2005 400 ..SH. --- "C:\Documents and Settings\All Users\DRM\v3ks.bla.bak" Wed 24 Jul 2002 42,948 A..H. --- "C:\Documents and Settings\Alexandre\Alexandre\Bureau\JOJ_War3.exe" Wed 24 Jul 2002 57,864 A..H. --- "C:\Documents and Settings\Alexandre\Alexandre\Bureau\JOJ_WorldEdit. exe" Sat 16 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Fri 7 Oct 2005 22,528 ...H. --- "C:\Documents and Settings\Alexandre\Application Data\Microsoft\Word\~WRL0004.tmp" Tue 3 Apr 2007 56,832 ...H. --- "C:\Documents and Settings\Alexandre\Application Data\Microsoft\Word\~WRL0005.tmp" Sun 20 May 2007 77,824 ...H. --- "C:\Documents and Settings\Alexandre\Application Data\Microsoft\Word\~WRL0853.tmp" Sun 20 May 2007 70,144 ...H. --- "C:\Documents and Settings\Alexandre\Application Data\Microsoft\Word\~WRL1251.tmp" Sun 20 May 2007 79,360 ...H. --- "C:\Documents and Settings\Alexandre\Application Data\Microsoft\Word\~WRL1635.tmp" Sun 20 May 2007 81,920 ...H. --- "C:\Documents and Settings\Alexandre\Application Data\Microsoft\Word\~WRL1674.tmp" Thu 2 Feb 2006 244,736 ...H. --- "C:\Documents and Settings\Alexandre\Application Data\Microsoft\Word\~WRL2040.tmp" Sun 20 May 2007 73,216 ...H. --- "C:\Documents and Settings\Alexandre\Application Data\Microsoft\Word\~WRL2879.tmp" Tue 3 Apr 2007 57,856 ...H. --- "C:\Documents and Settings\Alexandre\Application Data\Microsoft\Word\~WRL2957.tmp" Sat 15 Sep 2007 77,312 ...H. --- "C:\Documents and Settings\Alexandre\Application Data\Microsoft\Word\~WRL3369.tmp" Fri 20 Jan 2006 15,616 A..H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll" Thu 19 Aug 2004 4,096 A..H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\USMT\iconlib.dll" Mon 26 Dec 2005 638,976 A..H. --- "C:\Documents and Settings\All Users\Application Data\Sony Corporation\SonicStage\Packages\MtData.bak" Finished! But, the Internet doesn't seem to be correct, it's maybe a little bit faster, but still slow. (After 10 min waiting for the "Post Quick Reply"... I reboot in safe mode and Did A Real QUICK reply). Sorry, it really piss me off.
__________________
WoUaLeX |
|
|
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
