qualcuno che mi aiuti

[romik]

ciao a tutti,ho bisogno di aiuto,non so a chi rivolgermi,ho sicuramente preso un virus e mi va tutto a rilento,faccio fatica a muovere il mouse,mi fa attendere parecchio prima di completare un comando,aprire una pagina,cliccare,navigare,anche aprire una cartella,non ho installato niente oggi,e ho visitato semplicemente il sito dei driver olidata,per un'altro pc,ho visistato lo stesso sito anche con un'altro pc,e non mi ha dato questo problema,quindi credo sia un virus,o malware o *****n preso solo su questo pc fisso,è un xp ho provato a fare una scansione con combofix che ho usato oggi per la prima volta e mi ha dato un file txt,cè qualcuno gentilmente che può chiarirmi cosa signifca tutto questo scritto,se devo eliminare qualcosa,se ha trovato un trojan o cos'altro?
Forse non scrivo nel posto adatto,e chiedo scusa in anticipo,ho già fatto fatica a poter iscrivermi e trovare un sito dove poter esporrre il mio problema e trovare qualcuno che possa darmi una soluzione al più presto,dato che lavoro con il pc.grazie mille a chi mi risponderà..



ComboFix 11-10-03.01 - Marcello 03/10/2011 22.59.22.1.1 - x86
Eseguito da: c:\documents and settings\Marcello\Desktop\ComboFix.exe
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Marcello\karplayer.tmp
c:\documents and settings\Marcello\lame_enc_en.dll
c:\documents and settings\Marcello\lametritonus_en.dll
c:\documents and settings\Marcello\WINDOWS
c:\programmi\IEToolbar
c:\programmi\IEToolbar\inst.bat
c:\programmi\IEToolbar\like_dogpile.inf
c:\programmi\RegistrySmart
c:\programmi\RegistrySmart\Log\log_2008_02_11_00_50_33.eklog
c:\programmi\RegistrySmart\Registry Backups\2008-01-29_17-24-00.reg
c:\windows\IsUn0410.exe
c:\windows\msvrc20.dll
c:\windows\system32\Bass.dll
D:\AUTORUN.INF
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_XPROTECTOR
-------\Service_XPROTECTOR
.
.
((((((((((((((((((((((((( Files Creati Da 2011-09-03 al 2011-10-03 )))))))))))))))))))))))))))))))))))
.
.
2011-10-03 20:28 . 2011-10-03 20:30 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-03 20:28 . 2011-10-03 20:28 -------- d-----w- c:\documents and settings\Marcello\Dati applicazioni\Malwarebytes
2011-10-03 20:27 . 2011-10-03 20:27 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2011-10-03 20:26 . 2011-10-03 20:27 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2011-10-03 20:26 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-24 18:34 . 2011-09-24 18:34 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\rkfree
2011-09-24 18:34 . 2011-09-24 18:34 -------- d-----w- c:\programmi\RKFree
2011-09-19 19:06 . 2011-09-19 19:06 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Web Installer
2011-09-18 20:53 . 2011-09-18 20:53 -------- d-----w- c:\programmi\Photo Collage Creator
2011-09-18 15:54 . 2011-09-18 15:54 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AVS4YOU
2011-09-18 15:54 . 2011-09-18 15:54 -------- d-----w- c:\documents and settings\Marcello\Dati applicazioni\AVS4YOU
2011-09-18 15:49 . 2010-11-19 07:47 10833920 ----a-w- c:\windows\system32\libmfxsw32.dll
2011-09-18 15:49 . 2010-11-19 07:47 10915840 ----a-w- c:\windows\system32\libmfxhw32.dll
2011-09-18 15:48 . 2011-09-18 15:51 -------- d-----w- c:\programmi\File comuni\AVSMedia
2011-09-18 15:48 . 2011-09-18 15:48 -------- d-----w- c:\windows\system32\drivers\umdf
2011-09-18 15:46 . 2011-09-18 15:51 -------- d-----w- c:\programmi\AVS4YOU
2011-09-18 15:46 . 2010-06-22 07:43 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2011-09-18 15:46 . 2010-06-22 07:43 24576 ----a-w- c:\windows\system32\msxml3a.dll
2011-09-16 11:20 . 2011-09-16 11:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Boss Media
2011-09-16 11:20 . 2011-09-16 11:20 -------- d-----w- c:\documents and settings\Marcello\Impostazioni locali\Dati applicazioni\Boss Media
2011-09-16 11:19 . 2011-09-16 11:19 -------- d-----w- C:\Casino
2011-09-16 11:18 . 2011-09-16 11:23 -------- d-----w- c:\programmi\Poker Club by Lottomatica
2011-09-15 12:37 . 2011-09-15 12:37 -------- d-----w- c:\programmi\Driver-Soft
2011-09-13 10:09 . 2011-09-13 10:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-12 14:04 . 2011-09-30 14:18 -------- d-----w- c:\documents and settings\Marcello\Tracing
2011-09-12 14:03 . 2011-09-13 10:08 -------- d-----w- c:\windows\SxsCaPendDel
2011-09-12 14:03 . 2011-09-12 14:03 -------- d-----w- c:\programmi\Microsoft
2011-09-12 14:02 . 2011-09-12 14:02 -------- d-----w- c:\programmi\Windows Live SkyDrive
2011-09-12 14:00 . 2011-09-12 14:00 -------- d-----w- c:\programmi\File comuni\Windows Live
2011-09-12 13:52 . 2011-09-12 13:52 -------- d-----w- c:\programmi\DsNET Corp
2011-09-12 13:15 . 2011-09-12 13:22 -------- d-----w- c:\documents and settings\Marcello\Impostazioni locali\Dati applicazioni\Deployment
2011-09-12 13:14 . 2011-05-04 02:52 476904 ----a-w- c:\programmi\Mozilla Firefox\plugins\npdeployJava1.dll
2011-09-12 13:14 . 2011-05-04 02:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 21:12 . 2008-11-16 11:27 27 ----a-w- c:\windows\system32\drivers\etc\hosts.tmp
2011-09-12 13:15 . 2008-12-17 17:26 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2007-11-09 11:08 . 1998-06-05 08:28 57344 -c--a-w- c:\programmi\temp.dll
2002-12-23 21:06 . 2002-12-23 21:06 115 -c--a-w- c:\programmi\PiCoDialogFix.reg
1998-06-05 08:28 . 1998-06-05 08:28 57344 -c--a-w- c:\programmi\photo30.dll
1998-03-05 16:50 . 1998-03-05 16:50 49152 -c--a-w- c:\programmi\photo304.dll
2008-04-07 08:27 . 2008-05-14 15:17 67696 ----a-w- c:\programmi\mozilla firefox\components\jar50.dll
2008-04-07 08:27 . 2008-05-14 15:17 54376 ----a-w- c:\programmi\mozilla firefox\components\jsd3250.dll
2008-04-07 08:27 . 2008-05-14 15:17 34952 ----a-w- c:\programmi\mozilla firefox\components\myspell.dll
2008-04-07 08:27 . 2008-05-14 15:17 46720 ----a-w- c:\programmi\mozilla firefox\components\spellchk.dll
2008-04-07 08:27 . 2008-05-14 15:17 172144 ----a-w- c:\programmi\mozilla firefox\components\xpinstal.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2008-08-20 22:03 1780248 ----a-w- c:\programmi\myBabylon_English\tbmyBa.dll
.

 

[romik]

problema trojan forse..

per motivi di testo troppo lungo ho diviso il resto del file qui..



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\programmi\myBabylon_English\tbmyBa.dll" [2008-08-20 1780248]
.
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\programmi\myBabylon_English\tbmyBa.dll" [2008-08-20 1780248]
.
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-21 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis*True*Image Monitor"="c:\programmi\Acronis\TrueImage\TrueImageMonitor.exe" [2005-04-21 417846]
"Acronis Scheduler2 Service"="c:\programmi\File comuni\Acronis\Schedule2\schedhlp.exe" [2005-04-21 61440]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 110592]
"SoundFusion"="hercplgs.cpl" [2002-12-20 453120]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2005-11-21 155648]
"zSPGuard"="c:\programmi\pjw\spguard\spguard.exe" [2004-06-21 737280]
"avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2011-04-08 254696]
"rkfree"="c:\programmi\RKFree\rkfree.exe" [2011-09-24 65024]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
.
c:\documents and settings\Marcello\Menu Avvio\Programmi\Esecuzione automatica\
SpeedFan.lnk - c:\programmi\SpeedFan\speedfan.exe [2005-4-13 2360320]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Ralink Wireless Utility.lnk - c:\programmi\RALINK\Common\RaUI.exe [2008-12-17 663552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\eMule\\emule.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [06/12/2005 17.11.18 35328]
R2 Asapi;Asapi;c:\windows\system32\drivers\ASAPI.SYS [02/06/2005 10.00.52 10240]
R2 ppsio;PrmxPPDev;c:\windows\system32\drivers\PPSIO.SYS [20/04/2005 20.13.34 22688]
R3 hercspud;Hercules (R) WDM Audio Driver;c:\windows\system32\drivers\hercspud.sys [24/10/2006 19.13.37 135936]
R3 hercwdm;Hercules (R) WDM Interface Driver;c:\windows\system32\drivers\hercwdm.sys [24/10/2006 19.13.37 466688]
R3 uscbs109;uscbs109;c:\windows\system32\drivers\uscbs109.sys [22/03/2005 8672]
R3 uscsc109;uscsc109;c:\windows\system32\drivers\uscsc109.sys [22/03/2005 102336]
S2 a2AntiDialer;a-squared Anti-Dialer Service;"c:\programmi\a-squared Anti-Dialer\a2service.exe" --> c:\programmi\a-squared Anti-Dialer\a2service.exe [?]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [05/05/2006 18.41.28 223128]
S4 Iprip;Listener RIP;c:\windows\System32\svchost.exe -k netsvcs [19/08/2004 15.39.46 14336]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [05/05/2006 18.38.50 643072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-10-03 c:\windows\Tasks\1-Click Maintenance.job
- c:\programmi\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-21 13:35]
.
2011-10-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-2147001463-682003330-1003Core.job
- c:\documents and settings\Marcello\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-09-12 13:22]
.
2011-10-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-2147001463-682003330-1003UA.job
- c:\documents and settings\Marcello\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-09-12 13:22]
.
2011-10-03 c:\windows\Tasks\Verifica e correzione automatica.job
- c:\programmi\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-21 13:35]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://google.it
uInternet Settings,ProxyServer = localhost:8...
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: vlsp.dll
Trusted Zone: dizzler.com\www
TCP: Interfaces\{F29B0265-BEED-4CA7-936A-F3391C3C58A9}: NameServer = 213....
.--.--,213.---.--.--
DPF: {00330010-0000-0000-0000-000020160010} - hxxp://207............/ABoxInst_int25.exe
FF - ProfilePath - c:\documents and settings\Marcello\Dati applicazioni\Mozilla\Firefox\Profiles\g7t95l8h.default\
FF - prefs.js: browser.startup.homepage - chrome://ietab/content/reloaded.html?url=hxxp://it.msn.com/
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 8...
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 9...
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.ssl_port - 8...
FF - prefs.js: network.proxy.type - 1
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
AddRemove-VFXMask - c:\windows\unvise32.exe \VFXMask\uninstal.log
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-10-03 23:12
Windows 5.1.2600 Service Pack 2 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
rkfree = c:\programmi\RKFree\rkfree.exe /b??@?????????????????$?????$??????????h????????????@???????????????????????@?$?????????@??????????????????0?????????????????????????????????4?????????<>??p???????????????????????p?????p??????X??????????(?????????????????????????
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1644)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmi\Microsoft Office\Office10\msohev.dll
c:\windows\system32\browselc.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\windows\system32\ODBC32.dll
c:\programmi\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\programmi\Illustrate\dBpowerAMP\dBShell.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\File comuni\Acronis\Schedule2\schedul2.exe
c:\programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\fxssvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2011-10-03 23:18:24 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-10-03 21:18
.
Pre-Run: 1.577.951.232 byte disponibili
Post-Run: 1.516.457.984 byte disponibili
.
- - End Of File - - 6FDE1DFAE54C19500EA4FB5CFB02BECF

 

[giammy98]

non ho proprio idea !!!....:cav:
ma che sistema operativo hai ?? windows 7 ???