Pc lento o si impalla

[patrizio69]

ciao,
ho letto un pò di post e provato a seguire un pò di procedure consigliate ma il problema permane:
il pc si blocca nell'aprire alcune applicazioni o nel passare da un'applicazione all'altra, idem a volte nell'uso dei vari browser, in particolar modo con chrome ed è un pò lento nelle risposte ai comandi, uso windows Xp professional del 2002 con Sp 3 e AVG con licenza
Ho fatto una scansione con MAlvarebytets, questo il rapporto:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Versione database: 7691

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/09/2011 23.37.00
mbam-log-2011-09-10 (23-37-00).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi esaminati: 238543
Tempo impiegato: 56 minuti, 48 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 7
Valori di registro infetti: 0
Voci infette nei dati di registro: 1
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{A3E67DAA-DA01-4da5-98BE-3088B554A11E} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{D95C7240-0282-4c01-93F5-673BCA03DA86} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MSSec (Trojan.Downloader) -> Quarantined and deleted successfully.

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Inte rnet Explorer\control panel\Homepage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)

Ho riavviato ma il problema permane...stavo pensando di utilitazzare combofix come letto in altri post ma prima di fare cavolate aspetto il vostro consiglio

[menatwork]

ciao patrizio69

Ho riavviato ma il problema permane...stavo pensando di utilitazzare combofix come letto in altri post ma prima di fare cavolate aspetto il vostro consiglio

.... e fai bene, combofix e' un tool potente e preciso, ma deve essere usato correttamente altrimenti potrebbe creare dei problemi

scaricalo da qui e mettilo sul desktop

alla richiesta se vuoi installare la recovery console clicca su NO

esegui ComboFix.exe

segui le instruzioni

finita la scansione portati in C:\ e allega nella tua prossima risposta, il contenuto del file di testo Combofix.txt

come usare correttamente combofix

[patrizio69]

ciao ecco cosa ha trovato combo,
avevo disattivato il punto di ripristino dopo aver eseguito malwarebytes, avg e live essential ma non la connessione internet
ComboFix 11-09-11.05 - Mari&Pat 11/09/2011 19.42.45.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3574.2698 [GMT 2:00]
Eseguito da: c:\documents and settings\Mari&Pat\Desktop\ComboFix.exe
AV: AVG Anti-Virus 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
c:\documents and settings\Mari&Pat\Dati applicazioni\inst.exe
c:\windows\ehome\medctrro.exe
c:\windows\IsUn0410.exe
c:\windows\system32\orange-install.ico
c:\windows\system32\system32
c:\windows\system32\system32\cis-2.4.dll
c:\windows\system32\system32\issacapi_bs-2.3.dll
c:\windows\system32\system32\issacapi_pe-2.3.dll
c:\windows\system32\system32\issacapi_se-2.3.dll
c:\windows\system32\system32\MACXMLProto.dll
c:\windows\system32\system32\MaDRM.dll
c:\windows\system32\system32\MaJGUILib.dll
c:\windows\system32\system32\MaJUtilLib.dll
c:\windows\system32\system32\MAMACExtract.dll
c:\windows\system32\system32\MASetupCaller.dll
c:\windows\system32\system32\MASetupCleaner.exe
c:\windows\system32\system32\MaXMLProto.dll
c:\windows\system32\system32\MetaStore2.dll
c:\windows\system32\system32\Microsoft.Synchroniza tion.dll
c:\windows\system32\system32\MK_Lyric.dll
c:\windows\system32\system32\MSCLib.dll
c:\windows\system32\system32\MSFLib.dll
c:\windows\system32\system32\MSLUR71.dll
c:\windows\system32\system32\msvcp60.dll
c:\windows\system32\system32\MTTELECHIP.dll
c:\windows\system32\system32\MTXSYNCICON.dll
c:\windows\system32\system32\muzaf1.dll
c:\windows\system32\system32\muzapp.dll
c:\windows\system32\system32\muzapp.exe
c:\windows\system32\system32\muzdecode.ax
c:\windows\system32\system32\muzeffect.ax
c:\windows\system32\system32\muzmp4sp.ax
c:\windows\system32\system32\muzmpgsp.ax
c:\windows\system32\system32\muzoggsp.ax
c:\windows\system32\system32\muzwmts.dll
c:\windows\system32\system32\psapi.dll
c:\windows\system32\system32\Synchronization2.dll
.
.
((((((((((((((((((((((((( Files Creati Da 2011-08-11 al 2011-09-11 )))))))))))))))))))))))))))))))))))
.
.
2011-09-11 09:21 . 2011-09-11 09:21 28752 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{56028B5E-044B-4CB7-B9FD-6E1EF7D6C872}\MpKsl5db2e977.sys
2011-09-10 22:27 . 2011-09-10 22:27 388096 ----a-r- c:\documents and settings\Mari&Pat\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-10 22:27 . 2011-09-10 22:27 -------- d-----w- c:\programmi\Trend Micro
2011-09-10 21:51 . 2011-08-12 02:44 7152464 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{56028B5E-044B-4CB7-B9FD-6E1EF7D6C872}\mpengine.dll
2011-09-10 20:37 . 2011-09-10 20:37 -------- d-----w- c:\documents and settings\Mari&Pat\Dati applicazioni\Malwarebytes
2011-09-10 20:37 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-10 20:37 . 2011-09-10 20:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2011-09-10 20:37 . 2011-09-10 20:37 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2011-09-10 20:37 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-07 17:22 . 2011-09-07 17:22 -------- d-----w- c:\documents and settings\Mari&Pat\Dati applicazioni\Burraconline
2011-09-03 10:17 . 2011-09-03 10:17 603136 -c----w- c:\windows\system32\dllcache\crypt32.dll
2011-08-23 16:07 . 2011-08-23 16:07 -------- d-----w- c:\programmi\OO Software
2011-08-17 18:23 . 2011-09-07 17:22 -------- d-----w- c:\programmi\Brc
2011-08-17 18:19 . 2011-08-17 18:20 -------- d-----w- C:\29e2b02bf67b915ef918
2011-08-16 05:20 . 2011-08-16 05:20 4892320 ----a-w- c:\programmi\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.

[patrizio69]

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2011-09-03 10:17 . 2006-03-02 12:00 603136 ----a-w- c:\windows\system32\crypt32.dll
2011-08-21 09:20 . 2009-10-19 20:16 1080 -c--a-w- c:\windows\AUTOLNCH.REG
2011-08-16 00:01 . 2011-05-17 18:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-12 02:44 . 2010-11-30 18:28 7152464 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-15 13:29 . 2006-03-02 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-13 03:39 . 2011-08-04 19:02 6881616 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-07-08 14:02 . 2006-03-02 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2009-10-19 19:23 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:30 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:30 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:30 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2006-03-02 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-09-11 17:37 . 2011-05-07 18:50 134104 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-04-22 11:56 2495816 ----a-w- c:\programmi\AVG\AVG10\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-04-22 2495816]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-04-22 2495816]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Dr opboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Mari&Pat\Dati applicazioni\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Dr opboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Mari&Pat\Dati applicazioni\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Dr opboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Mari&Pat\Dati applicazioni\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Dr opboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Mari&Pat\Dati applicazioni\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AVG_TRAY"="c:\programmi\AVG\AVG10\avgtray.exe " [2011-04-18 2334560]
"CanonSolutionMenu"="c:\programmi\Canon\SolutionMe nu\CNSLMAIN.exe" [2007-10-26 652624]
"FLMOFFICE4DMOUSE"="c:\programmi\Trust\3011A WIRELESS OPTICAL DESKSET\Mouse\mouse32a.exe" [2009-10-19 370176]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-13 166912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-13 134656]
"MSC"="c:\programmi\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"OFFICEKB"="c:\programmi\Trust\3011A WIRELESS OPTICAL DESKSET\Keyboard\kbdap32a.EXE" [2009-10-19 396288]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2010-01-13 135680]
"QuickTime Task"="c:\programmi\QuickTime Alternative\qttask.exe" [2009-05-26 413696]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1 \DW\dwtrig20.exe" [2007-02-25 437160]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Badoo Desktop
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"SpybotSD TeaTimer"=c:\programmi\Spybot - Search & Destroy\TeaTimer.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmi\\windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Mari&Pat\\Dati applicazioni\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Programmi\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Programmi\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Programmi\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Programmi\\AVG\\AVG10\\avgam.exe"=
"c:\\Programmi\\AVG\\AVG10\\avgemcx.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Gruppi peer-to-peer Windows
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGI DSEH.sys [22/02/2011 8.13.02 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [16/03/2011 16.03.20 32592]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [01/03/2010 2.10.54 691696]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/01/2011 6.41.46 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [05/04/2011 0.59.56 297168]
R1 MpKsl5db2e977;MpKsl5db2e977;c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{56028B5E-044B-4CB7-B9FD-6E1EF7D6C872}\MpKsl5db2e977.sys [11/09/2011 11.21.52 28752]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\programmi\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16/09/2008 13.03.18 169312]
R2 avgwd;AVG WatchDog;c:\programmi\AVG\AVG10\avgwdsvc.exe [08/02/2011 5.33.42 269520]
R2 Iprip;Listener RIP;c:\windows\System32\svchost.exe -k netsvcs [02/03/2006 14.00.00 14336]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\driv ers\AVGIDSDriver.sys [14/04/2011 21.28.42 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\driv ers\AVGIDSFilter.sys [10/02/2011 7.53.52 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\ AVGIDSShim.sys [10/02/2011 7.53.54 27216]
S1 MpKsl433b00f1;MpKsl433b00f1;\??\c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{D089CAA2-77A2-42B7-B528-89609D1AFC92}\MpKsl433b00f1.sys --> c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{D089CAA2-77A2-42B7-B528-89609D1AFC92}\MpKsl433b00f1.sys [?]
S1 MpKslb3ca09e9;MpKslb3ca09e9;\??\c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{FC425792-3D11-4B22-AC42-4BB0C4617FAE}\MpKslb3ca09e9.sys --> c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{FC425792-3D11-4B22-AC42-4BB0C4617FAE}\MpKslb3ca09e9.sys [?]
S1 MpKsld9d0d1d9;MpKsld9d0d1d9;\??\c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{8641E47F-6F2E-414A-8698-C9170B796E1C}\MpKsld9d0d1d9.sys --> c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{8641E47F-6F2E-414A-8698-C9170B796E1C}\MpKsld9d0d1d9.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\programmi\AVG\AVG10\Ide ntity Protection\Agent\Bin\AVGIDSAgent.exe [18/04/2011 17.39.42 7398752]
S2 ONDA Autorun CDROM Monitor;ONDA Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\onda_mon. exe [23/10/2010 17.02.52 86016]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfil t.sys [20/10/2009 7.21.04 1684736]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\programmi\AVG\AVG10\Toolbar\ToolbarBrok er.exe [01/06/2011 17.11.12 984392]
S3 cpudrv;cpudrv;c:\programmi\SystemRequirementsLab\c pudrv.sys [18/12/2009 11.58.52 11336]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgde rdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys --> c:\windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys --> c:\windows\system32\DRIVERS\ewusbnet.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbE xDisk.Sys [03/01/2011 19.37.58 36640]
S3 huawei_enumerator;huawei_enumerator;c:\windows\sys tem32\DRIVERS\ew_jubusenum.sys --> c:\windows\system32\DRIVERS\ew_jubusenum.sys [?]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [03/01/2011 19.52.06 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [03/01/2011 19.52.06 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [03/01/2011 19.52.06 123648]
S3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\drivers\ss_bserd.sys [03/01/2011 19.52.07 100224]
S3 USB_RNDIS_51;Conitech Modem Router ADSL 2/2+ Combo;c:\windows\system32\drivers\usb8023.sys [02/03/2006 14.00.00 12800]
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - MPKSL5DB2E977
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-776561741-839522115-1003Core.job
- c:\documents and settings\Mari&Pat\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-10-21 16:39]
.
2011-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-776561741-839522115-1003UA.job
- c:\documents and settings\Mari&Pat\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-10-21 16:39]
.
2011-09-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]
.
2011-09-11 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.

[menatwork]

manca piu' di mezzo log, per favore postalo per intero e se possibile allegalo su wikisend

[patrizio69]

------- Scansione supplementare -------
.
uStart Page = hxxp://www.repubblica.it/
IE: {{4B21E152-BA59-4ebf-B522-8C55B265EE1A}
Trusted Zone: edisonenergia.it\www.areaclienti
Trusted Zone: eni.it\www
Trusted Zone: x-pay.it\cartasi
TCP: Interfaces\{23ACBE66-7628-4719-BC81-84522A9C8AC2}: NameServer = 193.70.152.15,193.70.152.25
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\programmi\AVG\AVG10\Toolbar\IEToolbar.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\Mari&Pat\Dati applicazioni\Mozilla\Firefox\Profiles\lrkt7km2.def ault\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.repubblica.it/
FF - prefs.js: keyword.URL - hxxp://badoo.com/startpage/?source=bsb&q=
FF - user.js: capability.policy.policynames - localfilelinks
FF - user.js: capability.policy.localfilelinks.sites - hxxp://speed.travian.ae http://speed2.travian.ae http://s1.travian.ae http://s2.travian.ae http://s3.travian.ae http://s4.travian.ae http://s5.travian.ae http://s6.travian.ae http://s7.travian.ae http://s8.travian.ae http://s9.travian.ae http://s10.travian.ae http://s11.travian.ae http://s12.travian.ae http://s13.travian.ae http://s14.travian.ae http://s15.travian.ae http://s16.travian.ae http://s17.travian.ae http://s18.travian.ae http://s19.travian.ae http://s20.travian.ae http://s21.travian.ae http://s22.travian.ae http://s23.travian.ae http://s24.travian.ae http://s25.travian.ae http://s26.travian.ae http://s27.travian.ae http://s28.travian.ae http://s29.travian.ae http://s30.travian.ae http://s31.travian.ae http://s32.travian.ae http://s33.travian.ae http://s34.travian.ae http://s35.travian.ae http://speed.travian.asia http://speed2.travian.asia http://s1.travian.asia http://s2.travian.asia http://s3.travian.asia http://s4.travian.asia http://s5.travian.asia http://s6.travian.asia http://s7.travian.asia http://s8.travian.asia http://s9.travian.asia http://s10.travian.asia http://speed.travian.ba http://speed2.travian.ba http://s1.travian.ba http://s2.travian.ba http://s3.travian.ba http://s4.travian.ba http://s5.travian.ba http://s6.travian.ba http://s7.travian.ba http://s8.travian.ba http://s9.travian.ba http://s10.travian.ba http://speed.travian.bg http://speed2.travian.bg http://s1.travian.bg http://s2.travian.bg http://s3.travian.bg http://s4.travian.bg http://s5.travian.bg http://s6.travian.bg http://s7.travian.bg http://s8.travian.bg http://s9.travian.bg http://s10.travian.bg http://speed.travian.cl http://speed2.travian.cl http://s1.travian.cl http://s2.travian.cl http://s3.travian.cl http://s4.travian.cl http://s5.travian.cl http://s6.travian.cl http://s7.travian.cl http://s8.travian.cl http://s9.travian.cl http://s10.travian.cl http://speed.travian.cn http://speed2.travian.cn http://s1.travian.cn http://s2.travian.cn http://s3.travian.cn http://s4.travian.cn http://s5.travian.cn http://s6.travian.cn http://s7.travian.cn http://s8.travian.cn http://s9.travian.cn http://s10.travian.cn http://s11.travian.cn http://s12.travian.cn http://s13.travian.cn http://s14.travian.cn http://s15.travian.cn http://s16.travian.cn http://s17.travian.cn http://s18.travian.cn http://s19.travian.cn http://s20.travian.cn http://speed.travian.co.ee http://speed2.travian.co.ee http://s1.travian.co.ee http://s2.travian.co.ee http://s3.travian.co.ee http://s4.travian.co.ee http://s5.travian.co.ee http://s6.travian.co.ee http://s7.travian.co.ee http://s8.travian.co.ee http://s9.travian.co.ee http://s10.travian.co.ee http://s11.travian.co.ee http://s12.travian.co.ee http://s13.travian.co.ee http://s14.travian.co.ee http://s15.travian.co.ee http://s16.travian.co.ee http://s17.travian.co.ee http://s18.travian.co.ee http://s19.travian.co.ee http://s20.travian.co.ee http://speed.travian.co.id http://speed2.travian.co.id http://s1.travian.co.id http://s2.travian.co.id http://s3.travian.co.id http://s4.travian.co.id http://s5.travian.co.id http://s6.travian.co.id http://s7.travian.co.id http://s8.travian.co.id http://s9.travian.co.id http://s10.travian.co.id http://speed.travian.co.il http://speed2.travian.co.il http://s1.travian.co.il http://s2.travian.co.il http://s3.travian.co.il http://s4.travian.co.il http://s5.travian.co.il http://s6.travian.co.il http://s7.travian.co.il http://s8.travian.co.il http://s9.travian.co.il http://s10.travian.co.il http://speed.travian.co.kr http://speed2.travian.co.kr http://s1.travian.co.kr http://s2.travian.co.kr http://s3.travian.co.kr http://s4.travian.co.kr http://s5.travian.co.kr http://s6.travian.co.kr http://s7.travian.co.kr http://s8.travian.co.kr http://s9.travian.co.kr http://s10.travian.co.kr http://speed.travian.co.nz http://speed2.travian.co.nz http://s1.travian.co.nz

[patrizio69]

http://s1.travian.lv http://s2.travian.lv http://s3.travian.lv http://s4.travian.lv http://s5.travian.lv http://s6.travian.lv http://s7.travian.lv http://s8.travian.lv http://s9.travian.lv http://s10.travian.lv http://speed.travian.net http://speed2.travian.net http://s1.travian.net http://s2.travian.net http://s3.travian.net http://s4.travian.net http://s5.travian.net http://s6.travian.net http://s7.travian.net http://s8.travian.net http://s9.travian.net http://s10.travian.net http://speed.travian.nl http://speed2.travian.nl http://s1.travian.nl http://s2.travian.nl http://s3.travian.nl http://s4.travian.nl http://s5.travian.nl http://s6.travian.nl http://s7.travian.nl http://s8.travian.nl http://s9.travian.nl http://s10.travian.nl http://speed.travian.no http://speed2.travian.no http://s1.travian.no http://s2.travian.no http://s3.travian.no http://s4.travian.no http://s5.travian.no http://s6.travian.no http://s7.travian.no http://s8.travian.no http://s9.travian.no http://s10.travian.no http://speed.travian.ph http://speed2.travian.ph http://s1.travian.ph http://s2.travian.ph http://s3.travian.ph http://s4.travian.ph http://s5.travian.ph http://s6.travian.ph http://s7.travian.ph http://s8.travian.ph http://s9.travian.ph http://s10.travian.ph http://speed.travian.pk http://speed2.travian.pk http://s1.travian.pk http://s2.travian.pk http://s3.travian.pk http://s4.travian.pk http://s5.travian.pk http://s6.travian.pk http://s7.travian.pk http://s8.travian.pk http://s9.travian.pk http://s10.travian.pk http://speed.travian.pl http://speed2.travian.pl http://s1.travian.pl http://s2.travian.pl http://s3.travian.pl http://s4.travian.pl http://s5.travian.pl http://s6.travian.pl http://s7.travian.pl http://s8.travian.pl http://s9.travian.pl http://s10.travian.pl http://s11.travian.pl http://s12.travian.pl http://s13.travian.pl http://s14.travian.pl http://s15.travian.pl http://s16.travian.pl http://s17.travian.pl http://s18.travian.pl http://s19.travian.pl http://s20.travian.pl http://speed.travian.pt http://speed2.travian.pt http://s1.travian.pt http://s2.travian.pt http://s3.travian.pt http://s4.travian.pt http://s5.travian.pt http://s6.travian.pt http://s7.travian.pt http://s8.travian.pt http://s9.travian.pt http://s10.travian.pt http://s11.travian.pt http://s12.travian.pt http://s13.travian.pt http://s14.travian.pt http://s15.travian.pt http://s16.travian.pt http://s17.travian.pt http://s18.travian.pt http://s19.travian.pt http://s20.travian.pt http://speed.travian.ro http://speed2.travian.ro http://s1.travian.ro http://s2.travian.ro http://s3.travian.ro http://s4.travian.ro http://s5.travian.ro http://s6.travian.ro http://s7.travian.ro http://s8.travian.ro http://s9.travian.ro http://s10.travian.ro http://speed.travian.rs http://speed2.travian.rs http://s1.travian.rs http://s2.travian.rs http://s3.travian.rs http://s4.travian.rs http://s5.travian.rs http://s6.travian.rs http://s7.travian.rs http://s8.travian.rs http://s9.travian.rs http://s10.travian.rs http://speed.travian.ru http://speed2.travian.ru http://s1.travian.ru http://s2.travian.ru http://s3.travian.ru http://s4.travian.ru http://s5.travian.ru http://s6.travian.ru http://s7.travian.ru http://s8.travian.ru http://s9.travian.ru http://s10.travian.ru http://s11.travian.ru http://s12.travian.ru http://s13.travian.ru http://s14.travian.ru http://s15.travian.ru http://s16.travian.ru http://s17.travian.ru http://s18.travian.ru http://s19.travian.ru http://s20.travian.ru http://speed.travian.se http://speed2.travian.se http://s1.travian.se http://s2.travian.se http://s3.travian.se http://s4.travian.se http://s5.travian.se http://s6.travian.se http://s7.travian.se http://s8.travian.se http://s9.travian.se http://s10.travian.se http://speed.travian.si http://speed2.travian.si http://s1.travian.si http://s2.travian.si http://s3.travian.si http://s4.travian.si http://s5.travian.si http://s6.travian.si http://s7.travian.si http://s8.travian.si http://s9.travian.si http://s10.travian.si http://speed.travian.sk http://speed2.travian.sk http://s1.travian.sk http://s2.travian.sk http://s3.travian.sk http://s4.travian.sk http://s5.travian.sk http://s6.travian.sk http://s7.travian.sk http://s8.travian.sk http://s9.travian.sk http://s10.travian.sk http://speed.travian.us http://speed2.travian.us http://s1.travian.us http://s2.travian.us http://s3.travian.us http://s4.travian.us http://s5.travian.us http://s6.travian.us http://s7.travian.us http://s8.travian.us http://s9.travian.us http://s10.travian.us http://s11.travian.us http://s12.travian.us http://s13.travian.us http://s14.travian.us http://s15.travian.us http://s16.travian.us http://s17.travian.us http://s18.travian.us http://s19.travian.us http://s20.travian.us http://www.travian.at http://speed.travian.at http://speed2.travian.at http://www.travian.de http://speed.travian.de http://speed2.travian.de http://welt1.travian.de http://welt2.travian.de http://welt3.travian.de http://welt4.travian.de http://welt5.travian.de http://welt6.travian.de http://welt7.travian.de http://welt8.travian.de http://welt9.travian.de http://welt10.travian.de http://www.travian.org http://speed.travian.org http://speed2.travian.org
FF - user.js: capability.policy.localfilelinks.checkloaduri.enab led - allAccess
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
AddRemove-HP PrecisionScan LTX - c:\windows\IsUn0410.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-11 19:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
************************************************** ************************
.
Ora fine scansione: 2011-09-11 19:49:10
ComboFix-quarantined-files.txt 2011-09-11 17:49
.
Pre-Run: 420.063.121.408 byte disponibili
Post-Run: 420.083.994.624 byte disponibili
.
- - End Of File - - 8B5E6548A32E5F12F2A2F2D8EB31180C

[patrizio69]

sapere se riesci a collegarli altrimenti trovo modo x ripostare il tutto
grazie e scusami

[menatwork]

vorrei qualche info in piu'

ti colleghi spesso sul sito -> speed.travian.ae ?

...lo hai messo tu Dropbox nella cartella documenti? controllami sul sito virus total la dll solitamente e' un malware

c:\documents and settings\Mari&Pat\Dati applicazioni\Dropbox\bin\DropboxExt.14.dll


ma hai due antivirus installati??

AV: AVG Anti-Virus 2011


AV: Microsoft Security Essentials

[patrizio69]

ciao allora vado su travian.it o com non .ae
si ho 2 antivirus (avg e microsoft essential)
dropbox è un programma che permette di condividere andando poi sul sito (www.dropbox.com), cartelle file ecc
come faccio a controllare la dll che mi chiedi?