Situazione urgente vi prego aiutatemi

[Khaver89]

Ebbene si.
Oggi 3 format (1 veloce e 2 profondi)
il virus non se ne va...non chiedetemi come sia possibile, sono il primo a esserci rimasto di merda!
(probabilmente il virus si è annidato anche nell'altra partizione del mio disco che NON posso formattare)

Ora seriamente sono in una situazione di merda quindi Vi prego se avete qualche competenza aiutatemi.

Praticamente ogni volta che mi collego a internet Nod mi apre quese finestre di allerta, il problema è che non cancella una sega nemmeno con un analisi profonda...

Ecco le finestre nella sequenza in cui appaiono

Spoiler:

Spoiler:

Spoiler:

Spoiler:

Spoiler:

Spoiler:

[juninho85]

allora....log di
1)hijackthis
2)gmer
3)findawf

[Khaver89]

Quote:

Originariamente inviato da juninho85

allora....log di
1)hijackthis
2)gmer
3)findawf

faccio subito quello di hijack e gmer

[Khaver89]

Log di Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.24.06, on 26/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Programmi\Bonjour\mDNSResponder.exe
D:\Programmi\Jetico\Jetico Personal Firewall\fwsrv.exe
D:\Programmi\Eset\nod32kui.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Programmi\Sitecom Wireless Network Card Setup\RtWLan.exe
D:\Programmi\Jetico\Jetico Personal Firewall\jpfsrv.exe
D:\Programmi\Eset\nod32krn.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Programmi\DAEMON Tools Pro\DTPro.exe
D:\Programmi\DAEMON Tools Pro\DTProAgent.exe
D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
D:\Programmi\Mozilla Firefox\firefox.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\SoftwareDistribution\Download\Install\Windows-KB890830-V1.34.exe
d:\0ec678cb9a873c74f283c4705440f4\mrtstub.exe
D:\WINDOWS\system32\MRT.exe
D:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Winsock2 driver] KNBE.EXE
O4 - HKLM\..\Run: [JeticoPFStartup] "D:\Programmi\Jetico\Jetico Personal Firewall\fwsrv.exe"
O4 - HKLM\..\Run: [nod32kui] "D:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "D:\Programmi\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [PeerGuardian] D:\Programmi\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Sitecom Wireless Utility.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DE618C0-5849-43A0-A9DC-56D4309816FD}: NameServer = 212.216.112.112,212.216.172.62
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DE618C0-5849-43A0-A9DC-56D4309816FD}: NameServer = 212.216.112.112,212.216.172.62
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Jetico Personal Firewall server - Jetico, Inc. - D:\Programmi\Jetico\Jetico Personal Firewall\jpfsrv.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Programmi\Eset\nod32krn.exe

--
End of file - 3736 bytes



_______________________________________________________________________________________________________________
_______________________________________________________________________________________________________________

Mi spieghereste come fare i log degli altri 2 programmi???

[juninho85]

riavvia il pc e rifallo

[Riverside]

E riedita il post dove hai messo gli screenshot, togliendoli: danno solo fastidio in fase di lettura del post

[juninho85]

Quote:

Originariamente inviato da Riverside

E riedita il post dove hai messo gli screenshot, togliendoli: danno solo fastidio in fase di lettura del post

ancor meglio se usa il thumbnail

[Khaver89]

Quote:

Originariamente inviato da juninho85

ancor meglio se usa il thumbnail

nella fretta non c'ho pensato

xdonatemi ç_ç

ho rifatto il log





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.50.43, on 26/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\savedump.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Programmi\Jetico\Jetico Personal Firewall\fwsrv.exe
D:\Programmi\Eset\nod32kui.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Programmi\DAEMON Tools Pro\DTProAgent.exe
D:\Programmi\PeerGuardian2\pg2.exe
D:\Programmi\Sitecom Wireless Network Card Setup\RtWLan.exe
D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
D:\Programmi\Jetico\Jetico Personal Firewall\jpfsrv.exe
D:\Programmi\Eset\nod32krn.exe
D:\WINDOWS\System32\alg.exe
D:\Programmi\Spyware Doctor\svcntaux.exe
D:\WINDOWS\System32\svchost.exe
D:\Programmi\Spyware Doctor\swdsvc.exe
D:\Programmi\Spyware Doctor\SDTrayApp.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Programmi\Spyware Doctor\Update.exe
D:\WINDOWS\System32\wbem\wmiprvse.exe
D:\Programmi\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\System32\wbem\wmiprvse.exe
D:\Programmi\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Winsock2 driver] KNBE.EXE
O4 - HKLM\..\Run: [JeticoPFStartup] "D:\Programmi\Jetico\Jetico Personal Firewall\fwsrv.exe"
O4 - HKLM\..\Run: [nod32kui] "D:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SDTray] "D:\Programmi\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "D:\Programmi\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [PeerGuardian] D:\Programmi\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Sitecom Wireless Utility.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DE618C0-5849-43A0-A9DC-56D4309816FD}: NameServer = 212.216.112.112,212.216.172.62
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DE618C0-5849-43A0-A9DC-56D4309816FD}: NameServer = 212.216.112.112,212.216.172.62
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Jetico Personal Firewall server - Jetico, Inc. - D:\Programmi\Jetico\Jetico Personal Firewall\jpfsrv.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Programmi\Eset\nod32krn.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Programmi\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Programmi\Spyware Doctor\swdsvc.exe

--
End of file - 4433 bytes