Elibagla non si scarica

un saluto a tutti....sapete dirmi perchè non risco a scaricare elibagla? grazie

Ciao e benvenuto/a

Se vuoi presentarti al forum qui trovi l'apposita sezione Benvenuto nuovo utente

Per quanto riguarda elibagla se non si avvia, probabilmente sei vittima del bagle...

fai girare Findykill come spiegato QUI e posta il suo log

PS:. Ho modificato un po il titolo per renderlo piu attinente al problema

mi riferivo al fatto che....non riesco ad effettuare il download...

se non riesci a scaricarlo, é probabilmente perché sei infetto, quindi se non disinfetti il tuo sistema, non ci riuscirai in nessun modo....

segui il consiglio che ti ho dato sopra e posta un log findykill

niente da fare neanche dopo aver fatto girare findykill....elibagla non si scarica...

fcmsr, devi seguire i consigli alla lettera, posta il log e con un po di pazienza vedrai che risolviamo

poi in che senso non si scarica? ricevi qualche errore? non succede niente? da dove cerchi di scaricarlo?

ho provato a scaricarlo dal link di questo sito....ma non mi apre la pagina per effettuare il download...

di quale sito?

comunque se non ti decidi a postare il log, non potremo mai sapere se sei infetto o no.... ma sei libero di fai come meglio ritieni

Ciao Fcmsr e benvenuto, segui i consigli che ti ha dato Steve, tranquillo vedrai che risolviamo i tuoi problemi.. Se come poco prima hai detto hai fatto girare findykill,alla radice del disco (cioè c:\) troverai un file dal nome "findykill.txt".. Bene postalo qui sul forum e vedrai che risolviamo..

----------------- FindyKill V4.713 ------------------

* User : USER - PRIVATA-3903A14
* Executed from : C:\Programmi\FindyKill
* Update on 17/01/09 by Chiquitine29
* Start at 18:52:25 the 2009-01-23
* Windows XP - Internet Explorer 7.0.5730.13


((((((((((((((( *** deleting *** ))))))))))))))))))


--------------- [ Active Processes ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe

--------------- [ Infected files / folders ] ----------------


»»»» Supression files in C:


»»»» Supression files in C:\WINDOWS


»»»» Supression files in C:\WINDOWS\Prefetch


»»»» Supression files in C:\WINDOWS\system32


»»»» Supression files in C:\WINDOWS\system32\drivers


»»»» Supression files in C:\Documents and Settings\USER\Dati applicazioni

Deleted ! - "C:\Documents and Settings\USER\Dati applicazioni\drivers\downld"
Deleted ! - "C:\Documents and Settings\USER\Dati applicazioni\drivers"

»»»» Supression files in C:\DOCUME~1\USER\IMPOST~1\Temp


»»»» Supression files in C:\Documents and Settings\USER\Local Settings\Temporary Internet Files\Content.IE5


--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_CURRENT_USER\Software\bisoft

--------------- [ States / Restarting of services ] ----------------



+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2


--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Unit… fissa


+- deleting files :


--------------- [ Registry / Mountpoint2 ] ----------------


-> Not found !


--------------- [ Searching Other Infections ] ----------------

Suspect ! - 1e8dcee42629aacc87cb0e61ec03b88d C:\Programmi\Microsoft Encarta\Microsoft Encarta 2008 - Premium DVD\EDICT.EXE

--------------- [ Searching Cracks / Keygen ] ----------------

C:\Documents and Settings\USER\Desktop\KEYGEN
C:\Documents and Settings\USER\Desktop\cartella\Mercenaries2\Crack
C:\Documents and Settings\USER\Desktop\KEYGEN\install.txt
C:\Documents and Settings\USER\Desktop\KEYGEN\Keygen.exe
C:\Documents and Settings\USER\Recent\Crack.lnk
C:\Documents and Settings\USER\Recent\keygen Nod 32.lnk
C:\Documents and Settings\USER\Recent\Nod 32 2.7 ITA + Crack.lnk


---------------- ! End of report ! ------------------

come presumevo sei infetto dal bagle....

ora fai girare combofix come spiegato qui e postaci il suo log
http://www.steven.altervista.org/files/tools.html#tools1

ComboFix 09-01-21.02 - USER 2009-01-23 23:59:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.2020.1541 [GMT 1:00]
Eseguito da: c:\documents and settings\USER\Desktop\Sicurezza PC\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\USER\Dati applicazioni\drivers\downld
c:\documents and settings\USER\Dati applicazioni\esentutl.exe
c:\documents and settings\USER\Dati applicazioni\PCPrivacyCleaner
c:\documents and settings\USER\Dati applicazioni\PCPrivacyCleaner\Logs\scns.log
c:\documents and settings\USER\Impostazioni locali\Dati applicazioni\iquoccu.dat
c:\documents and settings\USER\Impostazioni locali\Dati applicazioni\iquoccu.exe
c:\documents and settings\USER\Impostazioni locali\Dati applicazioni\iquoccu_nav.dat
c:\documents and settings\USER\Impostazioni locali\Dati applicazioni\iquoccu_navps.dat
c:\programmi\Microsoft Encarta\Microsoft Encarta 2008 - Premium DVD\EDICT.exe
c:\windows\system32\_000110_.tmp.dll
c:\windows\system32\a.bat

.
((((((((((((((((((((((((( Files Creati Da 2008-12-23 al 2009-01-23 )))))))))))))))))))))))))))))))))))
.

2009-01-23 18:58 . 2009-01-24 00:00 <DIR> d--h----- c:\documents and settings\USER\Dati applicazioni\drivers
2009-01-23 16:33 . 2009-01-23 16:33 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2009-01-23 16:33 . 2009-01-23 16:33 <DIR> d-------- c:\documents and settings\USER\Dati applicazioni\Malwarebytes
2009-01-23 16:33 . 2009-01-23 16:33 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-01-23 16:33 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-23 16:33 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-21 19:08 . 2009-01-21 19:08 <DIR> d-------- c:\programmi\ESET
2009-01-19 22:12 . 2005-08-29 15:50 45,475 --a------ c:\windows\system32\drivers\btwhid.sys
2009-01-19 22:12 . 2005-08-29 15:54 19,372 --a------ c:\windows\system32\drivers\frmupgr.sys
2009-01-19 19:44 . 2009-01-19 19:44 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\ESET
2009-01-19 19:27 . 2009-01-23 18:55 <DIR> d-------- c:\programmi\FindyKill
2009-01-19 19:02 . 2009-01-19 19:02 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-01-19 14:59 . 2009-01-19 15:02 <DIR> d-------- c:\programmi\XP Repair Pro
2009-01-19 13:47 . 2009-01-19 14:21 <DIR> d-------- c:\documents and settings\USER\Dati applicazioni\Smart PC Solutions
2009-01-19 13:32 . 2009-01-19 13:45 <DIR> d-------- c:\programmi\Registry Easy
2009-01-19 13:22 . 2009-01-19 13:27 <DIR> d-------- c:\programmi\TuneUp Utilities 2009
2009-01-19 13:22 . 2009-01-19 13:22 <DIR> d-------- c:\documents and settings\USER\Dati applicazioni\TuneUp Software
2009-01-19 13:22 . 2009-01-19 13:22 <DIR> d--hs---- c:\documents and settings\All Users\Dati applicazioni\{55A29068-F2CE-456C-9148-C869879E2357}
2009-01-19 12:50 . 2009-01-19 12:50 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\NortonInstaller
2009-01-18 16:57 . 2009-01-16 09:54 81,920 --a------ c:\windows\system\clipsrv.exe
2009-01-18 16:53 . 2009-01-16 09:54 81,920 --a------ c:\windows\rsvp.exe
2009-01-18 16:35 . 2009-01-16 09:54 81,920 --a------ c:\windows\mqtgsvc.exe
2009-01-18 15:52 . 2009-01-19 13:12 <DIR> d-a------ c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-01-17 23:54 . 2009-01-18 16:15 <DIR> d-------- c:\documents and settings\USER\.housecall6.6
2009-01-17 23:53 . 2009-01-17 23:53 <DIR> d-------- c:\windows\Sun
2009-01-17 23:52 . 2009-01-17 23:52 <DIR> d-------- c:\programmi\Java
2009-01-17 23:52 . 2009-01-17 23:52 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-17 23:52 . 2009-01-17 23:52 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-17 21:10 . 2009-01-17 21:10 <DIR> d-------- c:\documents and settings\USER\Dati applicazioni\AVGTOOLBAR
2009-01-17 20:08 . 2009-01-17 20:08 <DIR> d-------- c:\programmi\File comuni\Symantec Shared
2009-01-17 20:08 . 2009-01-17 20:08 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Symantec
2009-01-17 19:56 . 2009-01-17 19:56 <DIR> d-------- c:\programmi\Symantec
2009-01-15 19:42 . 2009-01-15 19:47 <DIR> d-------- C:\ARCHXP
2009-01-15 19:30 . 2009-01-15 19:30 <DIR> d-------- c:\windows\system32\RNBOSENT
2009-01-15 19:30 . 2008-02-20 18:04 73,728 --a------ c:\windows\system32\drivers\SENTINEL.SYS
2009-01-15 19:30 . 2008-02-20 18:04 49,664 --a------ c:\windows\system32\SNTI386.DLL
2009-01-15 19:30 . 2008-02-20 18:04 20,032 -ra------ c:\windows\system32\drivers\SNTNLUSB.SYS
2009-01-15 19:30 . 2008-02-20 18:04 18,432 --a------ c:\windows\system32\RNBOVDD.DLL
2009-01-15 19:30 . 2008-02-20 18:04 9,949 --------- c:\windows\system32\SENTINEL.HLP
2009-01-15 19:29 . 2009-01-15 19:29 <DIR> d-------- c:\documents and settings\USER\WINDOWS
2009-01-15 19:29 . 1999-03-23 10:12 302,080 --a------ c:\windows\unin0410.exe
2009-01-13 16:15 . 2009-01-13 16:15 <DIR> d-------- c:\documents and settings\USER\Dati applicazioni\Motive
2009-01-04 17:48 . 2009-01-16 09:54 81,920 --a------ c:\windows\sessmgr.exe
2009-01-04 17:48 . 2009-01-16 09:54 81,920 --a------ c:\documents and settings\USER\Dati applicazioni\clipsrv.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-23 21:42 --------- d-----w c:\programmi\lg_fwupdate
2009-01-21 18:00 --------- d-----w c:\programmi\eMule
2009-01-19 21:21 --------- d-----w c:\documents and settings\USER\Dati applicazioni\U3
2009-01-19 15:02 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Avg8
2009-01-17 19:22 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-01-04 15:34 --------- d-----w c:\documents and settings\USER\Dati applicazioni\uTorrent
2008-12-18 17:32 --------- d-----w c:\programmi\THQ
2008-12-18 17:29 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-12-18 07:13 --------- d-----w c:\programmi\NOS
2008-12-18 07:13 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\NOS
2008-12-17 14:24 --------- d-----w c:\programmi\File comuni\Adobe
2008-12-16 14:39 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Motive
2008-12-12 18:02 --------- d-----w c:\documents and settings\USER\Dati applicazioni\Canon
2008-12-10 22:48 --------- d-----w c:\documents and settings\USER\Dati applicazioni\Nseries
2008-12-10 22:10 --------- d-----w c:\programmi\uTorrent
2008-12-09 17:53 --------- d-----w c:\programmi\File comuni\Wise Installation Wizard
2008-12-09 17:53 --------- d-----w c:\programmi\AGEIA Technologies
2008-12-09 15:45 --------- d-----w c:\programmi\City Interactive
2008-12-09 00:44 --------- d-----w c:\programmi\Cenega
2008-12-08 16:17 --------- d-----w c:\programmi\Electronic Arts
2008-12-08 15:36 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-12-08 15:08 --------- d-----w c:\programmi\SureThing Express Labeler
2008-12-08 14:56 279,712 ----a-w c:\windows\system32\drivers\atksgt.sys
2008-12-08 14:56 25,888 ----a-w c:\windows\system32\drivers\lirsgt.sys
2008-12-08 14:38 --------- d-----w c:\programmi\Deep Silver
2008-12-07 00:34 --------- d-----w c:\programmi\Windows Media Connect 2
2008-12-05 17:59 --------- d-----w c:\programmi\File comuni\InstallShield
2008-12-05 17:59 --------- d-----w c:\documents and settings\USER\Dati applicazioni\Leadertech
2008-12-05 17:33 --------- d-----w c:\programmi\EA Sports
2008-12-03 22:59 --------- d-----w c:\programmi\Google
2008-12-03 21:40 --------- d-----w c:\programmi\Motive
2008-12-03 21:40 --------- d-----w c:\programmi\File comuni\Motive
2008-12-03 21:40 --------- d-----w c:\programmi\Common Files
2008-12-03 21:40 --------- d-----w c:\programmi\Alice ti aiuta
2008-12-03 21:39 155,995 ----a-w c:\windows\java\Packages\SIWTVNR1.ZIP
2008-12-03 21:38 --------- d-----w c:\programmi\Telecom Italia
2008-11-30 20:09 --------- d-----w c:\documents and settings\LocalService\Dati applicazioni\CyberLink
2008-11-30 18:22 --------- d-----w c:\documents and settings\USER\Dati applicazioni\CyberLink
2008-11-30 18:22 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\CyberLink
2008-11-30 18:14 --------- d-----w c:\programmi\CyberLink
2008-10-23 12:59 283,648 ----a-w c:\windows\system32\gdi32.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-08 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-26 138008]
"OpwareSE2"="c:\programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"NeroFilterCheck"="c:\programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"Motive SmartBridge"="c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]
"LGODDFU"="c:\programmi\lg_fwupdate\fwupdate.exe" [2008-12-09 548864]
"LanguageShortcut"="c:\programmi\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-26 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-26 162584]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"AliceRE_McciTrayApp"="c:\progra~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\McciTrayApp.exe" [2006-11-21 936960]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"SessMgr"="c:\windows\sessmgr.exe" [2009-01-16 81920]

[HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
"ClipSrv"="c:\docume~1\USER\DATIAP~1\clipsrv.exe" [2009-01-16 81920]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2008-12-03 217088]
BTTray.lnk - c:\programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2005-10-09 610365]
Nokia Nseries PC Suite.lnk - c:\programmi\Nokia\NNPCS\RunLauncher.exe [2008-05-08 943568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.mjpg"= pvmjpg30.dll
"SENTINEL"= snti386.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"c:\\Programmi\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Programmi\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Programmi\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Programmi\\City Interactive\\Code of Honor 2\\RunGameServer.exe"=
"c:\\Programmi\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"c:\\Programmi\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"c:\\Programmi\\uTorrent\\utorrent.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-06-10 34312]
R4 ekrn;Eset Service;c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-06-10 468224]
R4 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [2008-12-03 8192]

Contenuto della cartella 'Scheduled Tasks'

2009-01-23 c:\windows\Tasks\Manutenzione in 1 clic.job
- c:\programmi\TuneUp Utilities 2009\OneClickStarter.exe []

2009-01-19 c:\windows\Tasks\Schedule Task Weekly.job
- c:\programmi\Registry Easy\RE.exe []
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-E08IXLRD_23592562 - c:\programmi\Microsoft Encarta\Microsoft Encarta 2008 - Premium DVD\EDICT.EXE
HKCU-Run-iquoccu - c:\documents and settings\user\impostazioni locali\dati applicazioni\iquoccu.exe
HKCU-Explorer_Run-Esent Utl - c:\docume~1\USER\DATIAP~1\esentutl.exe


.
------- Scansione supplementare -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: c:\programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
IE: Aggiungi all'elenco di stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Anteprima Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: E&sporta in Microsoft Excel
IE: Stampa ad alta velocità Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-24 00:00:52
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1004336348-1770027372-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,a6,85,5d,b9,3b,
bf,88,df,c8,28,51,af,b0,29,a3,98,7f,df,b8,5c,aa,92,41,13,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,7c,c1,92,fb,03,
d5,9c,7b,71,3b,04,66,8b,46,0d,96,36,a1,4f,c8,91,ea,9d,af,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,1f,45,b7,37,04,
15,76,e4,25,da,ec,7e,55,20,c9,26,bb,75,0f,9e,4a,51,1e,0e,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,f0,31,14,f2,cd,
4b,17,f0,3e,1e,9e,e0,57,5a,93,61,76,e7,11,82,1d,d7,a0,0f,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,27,a8,b7,32,22,
12,ff,aa,cd,44,cd,b9,a6,33,6c,cd,59,2d,6e,84,8f,83,1b,06,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,69,59,53,c8,dd,
27,b8,65,b0,18,ed,a7,3f,8d,37,a4,1e,7b,72,d0,8f,2a,71,2a,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,53,70,92,94,c3,
ca,d3,6a,31,77,e1,ba,b1,f8,68,02,16,c2,28,b6,ae,c8,90,eb,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,e9,ba,5f,fc,4b,
ea,cd,48,83,6c,56,8b,a0,85,96,ab,ac,75,e3,66,fc,cb,69,d5,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,2d,f7,13,e9,53,
6e,92,2c,51,fa,6e,91,28,9e,14,cc,a5,10,1c,13,57,2c,71,07,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,d0,80,cc,e8,2d,
5a,3a,1f,b1,cd,45,5a,a8,c4,f8,b9,73,e2,cb,50,af,55,5e,6a,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,29,09,75,7b,62,
21,47,9f,e3,0e,66,d5,eb,bc,2f,6b,c5,31,39,1d,71,66,a2,9a,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,5c,89,22,00,2f,
e8,0c,02,fa,ea,66,7f,d4,3b,6b,70,3b,8d,9a,70,ba,4c,6e,d5,6c,43,2d,1e,aa,22,\
.
Ora fine scansione: 2009-01-24 0:01:45
ComboFix-quarantined-files.txt 2009-01-23 23:01:44

Pre-Run: 444,850,061,312 byte disponibili
Post-Run: 444,864,479,232 byte disponibili

277 --- E O F --- 2008-12-18 23:34:39

da come si presumeva il tuo pc era pieno di malware....

c'è ancora qualcosina da fare, ma dimmi prima come stanno le cose .....

...ancora non riesco a scaricare elibagla...una cosa strana è che circa 20 minuti fà il sistema si è spento e alla nuova accensione è andato in modalità provvisoria....ho fatto un ripristino creato da me ieri dopo la "pulizia" ora sembra andare bene tranne quel piccolo particolare...

hum, se ripristini il sistema, ripristini anche i virus.....

se era andato in modalità provvisoria, bastava riavviare in modalità normale senza ripristino....

comunque fai quanto segue, e nient'altro per ora ( se non si seguono le procedure alla lettera, i tempi di risoluzione aumentano drasticamente)

* Scarica ATF Cleaner
- Avvialo con un doppio click
- clicca sul menu main
- seleziona la casella Select All
- clicca sul pulsante Empty selected
- aspetta l'avviso Done Cleaning.
(se non vuoi eliminare le password togli la spunta)
(se usi opera o firefox,spunta anche le loro sezioni)

* Scarica e installa MalwareBytes Antimalware

aggiornalo, fai uno scan completo del sistema ed elimina quello che trova
Posta il suo log

* Fai anche uno scan online Kaspersky e posta il suo log

Malwarebytes' Anti-Malware 1.33
Versione del database: 1678
Windows 5.1.2600 Service Pack 2

24/01/2009 13.41.21
mbam-log-2009-01-24 (13-41-21).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 122100
Tempo trascorso: 16 minute(s), 26 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 1
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Quarantined and deleted successfully.

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)

Bene malwarebytes ha eliminato anche qualcos'altro, ora posta il log dello scan online di kaspersky così vediamo se c'è qualche altro problema

da dove posso provare a scaricare elibagla? da zonavirus non me lo fa scaricare... non so se dipende da quel sito oppure ho ancora qualche altro problema.... Lo scan con kaspersky non ha riscontrato nulla...nello scan report non mi ha dato nulla...

prova a scaricarlo da qui
http://www.mediafire.com/?jyjkocnm4nm

scusa ma... non lo trovo in questo sito... aiutoooo.. altra cosa...ma smitfraudfix di solito ci vuole molto di più per scaricarlo rispetto agli altri programmi?

eppure é grande la scritta download

clicca qui
http://download122.mediafire.com/3mdjbqjem3mg/jyjkocnm4nm/abc.EXE

EDIT by steve75

Il log di smitfraudfix non lo ha richiesto nessuno, rimosso

Ciao fcmsr cerchiamo un attimo di riepilogare le cose altrimenti non si capisce più nulla.. è buona norma non postare log che non sono stati richiesti,perchè fra l'altro si genera confusione,cmq:

- Sicuro che la scan online con kaspersky non ti ha trovato nulla? Al limite se vuoi puoi rifarlo questa volta salvando il log di fine scansione e postandolo qui (nello scan clicca su my computer)

- Hai effettuato la pulizia con ATF cleaner? (Al limite rieffettuala non fa mai male..)

- Oltre al fatto di non poter scaricare elibagla da quel sito, riscontri ancora altri problemi sul tuo pc? (tipo lentezza eccessiva,pagine di internet che si aprono da sole ecc)

- Posta un log di hijackthis per un controllo usando le seguenti indicazioni clicca qui

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:33:57, on 25/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\PROGRA~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System\clipsrv.exe
C:\DOCUME~1\USER\IMPOST~1\Temp\~tmp\hmunmlcn49a\svchost.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Documents and Settings\USER\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: load=C:\WINDOWS\System\clipsrv.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [egui] "C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [SessMgr] C:\WINDOWS\sessmgr.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [SessMgr] C:\WINDOWS\sessmgr.exe /waitservice
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [ClipSrv] C:\DOCUME~1\USER\DATIAP~1\clipsrv.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [ClipSrv] C:\DOCUME~1\USER\DATIAP~1\clipsrv.exe /waitservice (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1232146977079&h=090c8af3d3c46c9aef31a6896ebb2d21/&filename=jinstall-6u11-windows-i586-jc.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EHttpSrv) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

--
End of file - 8117 bytes

E SCUSATE PER QUEL LOG ABUSIVO...ERRORE MIO... GRAZIE!