View Full Version : Situazione urgente vi prego aiutatemi
Khaver89
26-10-2007, 17:18
Ebbene si.
Oggi 3 format (1 veloce e 2 profondi)
il virus non se ne va...non chiedetemi come sia possibile, sono il primo a esserci rimasto di merda!
(probabilmente il virus si è annidato anche nell'altra partizione del mio disco che NON posso formattare)
Ora seriamente sono in una situazione di merda quindi Vi prego se avete qualche competenza aiutatemi.
Praticamente ogni volta che mi collego a internet Nod mi apre quese finestre di allerta, il problema è che non cancella una sega nemmeno con un analisi profonda...
Ecco le finestre nella sequenza in cui appaiono
http://img508.imageshack.us/img508/9763/senzatitolo1tt2.jpg
http://img89.imageshack.us/img89/6695/senzatitolo2xr0.jpg
http://img508.imageshack.us/img508/8326/senzatitolo3qe8.jpg
http://img89.imageshack.us/img89/1445/senzatitolo4td4.jpg
http://img89.imageshack.us/img89/9883/senzatitolo5ix7.jpg
http://img515.imageshack.us/img515/6061/senzatitolo6jw5.jpg
juninho85
26-10-2007, 17:20
allora....log di
1)hijackthis
2)gmer
3)findawf
Khaver89
26-10-2007, 17:21
allora....log di
1)hijackthis
2)gmer
3)findawf
faccio subito quello di hijack e gmer
Khaver89
26-10-2007, 17:30
Log di Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.24.06, on 26/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Programmi\Bonjour\mDNSResponder.exe
D:\Programmi\Jetico\Jetico Personal Firewall\fwsrv.exe
D:\Programmi\Eset\nod32kui.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Programmi\Sitecom Wireless Network Card Setup\RtWLan.exe
D:\Programmi\Jetico\Jetico Personal Firewall\jpfsrv.exe
D:\Programmi\Eset\nod32krn.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Programmi\DAEMON Tools Pro\DTPro.exe
D:\Programmi\DAEMON Tools Pro\DTProAgent.exe
D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
D:\Programmi\Mozilla Firefox\firefox.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\SoftwareDistribution\Download\Install\Windows-KB890830-V1.34.exe
d:\0ec678cb9a873c74f283c4705440f4\mrtstub.exe
D:\WINDOWS\system32\MRT.exe
D:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Winsock2 driver] KNBE.EXE
O4 - HKLM\..\Run: [JeticoPFStartup] "D:\Programmi\Jetico\Jetico Personal Firewall\fwsrv.exe"
O4 - HKLM\..\Run: [nod32kui] "D:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "D:\Programmi\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [PeerGuardian] D:\Programmi\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Sitecom Wireless Utility.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DE618C0-5849-43A0-A9DC-56D4309816FD}: NameServer = 212.216.112.112,212.216.172.62
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DE618C0-5849-43A0-A9DC-56D4309816FD}: NameServer = 212.216.112.112,212.216.172.62
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Jetico Personal Firewall server - Jetico, Inc. - D:\Programmi\Jetico\Jetico Personal Firewall\jpfsrv.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Programmi\Eset\nod32krn.exe
--
End of file - 3736 bytes
_______________________________________________________________________________________________________________
_______________________________________________________________________________________________________________
Mi spieghereste come fare i log degli altri 2 programmi???
juninho85
26-10-2007, 17:36
riavvia il pc e rifallo
Riverside
26-10-2007, 17:38
E riedita il post dove hai messo gli screenshot, togliendoli: danno solo fastidio in fase di lettura del post :mad:
juninho85
26-10-2007, 17:45
E riedita il post dove hai messo gli screenshot, togliendoli: danno solo fastidio in fase di lettura del post :mad:
ancor meglio se usa il thumbnail
Khaver89
26-10-2007, 17:51
ancor meglio se usa il thumbnail
nella fretta non c'ho pensato
xdonatemi ç_ç
ho rifatto il log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.50.43, on 26/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\savedump.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Programmi\Jetico\Jetico Personal Firewall\fwsrv.exe
D:\Programmi\Eset\nod32kui.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Programmi\DAEMON Tools Pro\DTProAgent.exe
D:\Programmi\PeerGuardian2\pg2.exe
D:\Programmi\Sitecom Wireless Network Card Setup\RtWLan.exe
D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
D:\Programmi\Jetico\Jetico Personal Firewall\jpfsrv.exe
D:\Programmi\Eset\nod32krn.exe
D:\WINDOWS\System32\alg.exe
D:\Programmi\Spyware Doctor\svcntaux.exe
D:\WINDOWS\System32\svchost.exe
D:\Programmi\Spyware Doctor\swdsvc.exe
D:\Programmi\Spyware Doctor\SDTrayApp.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Programmi\Spyware Doctor\Update.exe
D:\WINDOWS\System32\wbem\wmiprvse.exe
D:\Programmi\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\System32\wbem\wmiprvse.exe
D:\Programmi\Mozilla Firefox\firefox.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Winsock2 driver] KNBE.EXE
O4 - HKLM\..\Run: [JeticoPFStartup] "D:\Programmi\Jetico\Jetico Personal Firewall\fwsrv.exe"
O4 - HKLM\..\Run: [nod32kui] "D:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SDTray] "D:\Programmi\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "D:\Programmi\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [PeerGuardian] D:\Programmi\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Sitecom Wireless Utility.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DE618C0-5849-43A0-A9DC-56D4309816FD}: NameServer = 212.216.112.112,212.216.172.62
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DE618C0-5849-43A0-A9DC-56D4309816FD}: NameServer = 212.216.112.112,212.216.172.62
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Jetico Personal Firewall server - Jetico, Inc. - D:\Programmi\Jetico\Jetico Personal Firewall\jpfsrv.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Programmi\Eset\nod32krn.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Programmi\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Programmi\Spyware Doctor\swdsvc.exe
--
End of file - 4433 bytes
vBulletin® v3.6.4, Copyright ©2000-2025, Jelsoft Enterprises Ltd.