hai ragione, effettivamente non funziona (è stato rimosso).
Non appena posso ti carico il mio..
continua con la procedura.
aiao
hai ragione, effettivamente non funziona (è stato rimosso).
Non appena posso ti carico il mio..
continua con la procedura.
aiao
...
:x:_::_:*:_::_: )(:_:*:_:*:__::_:°FM°:_: )(:_:*:_:x:___
ecco fatto, mi sono fermata a Hijackthis perchè questi due non ci sono:
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKCU\..\Run: [MicrosoftUpdate] C:\Documents and Settings\utente\Dati applicazioni\taskeng.exe
e per questi:
O17 - HKLM\System\CCS\Services\Tcpip\..\{B10D4ECC-0E1F-4F5E-900E-68A01027F33D}: NameServer = 85.255.112.202,85.255.112.190
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.202,85.255.112.190
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.112.202,85.255.112.190
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.202,85.255.112.190
mi son dimenticata di dirti che ho un router, cambia qualcosa o li elimino?
inoltre nel file da salvare come fix.reg finisce con un ; ho copiato anche quello giusto o no?
Intanto grazie, son riuscita a connettermi, non oso a provare ad aprire un'altra pagina perchè rimane li bianca con la clessidra e si impianta tutto, non funziona più nulla e devo riavviare.
cortesemente, posta un nuovo rapporto di systemscan e il rapporto di avenger (c:\avenger.txt)
...
:x:_::_:*:_::_: )(:_:*:_:*:__::_:°FM°:_: )(:_:*:_:x:___
ecco il rapporto di avenger
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Service s\kafqcfcl
*******************
Script file located at: \??\C:\WINDOWS\sxfandxk.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Folder C:\DOCUME~1\utente\IMPOST~1\Temp\rtp41.tmp.dir deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD61.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\mu9vuwcd.out deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD60.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\mu9vuwcd.dll deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\mu9vuwcd.err deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\mu9vuwcd.0.cs deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\mu9vuwcd.cmdline deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD5F.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\GammaMov.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD5E.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD5D.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD5C.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD5B.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD5A.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD59.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD58.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD57.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD56.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD55.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD54.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\ubiAD.tmp.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD53.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD52.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD51.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\IMT5C.xml deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\IMT5D.xml deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\IMT5E.xml deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD50.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD4F.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD4E.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD4D.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\ubiAF.tmp.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD4C.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD4B.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD4A.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD49.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD48.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD47.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD46.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD45.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD44.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\temp.ani deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD43.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD42.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD41.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD40.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD3F.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD3E.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD3D.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD3C.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD3B.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD3A.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD39.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD36.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD35.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD33.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD34.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD32.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD31.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD30.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD2F.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD2E.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD2D.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\update$0$.avi deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD2C.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\roadtripsit.bmp deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD2B.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD2A.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD62.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD29.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD28.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\EAD27.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\wfbudo-3.out deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\wfbudo-3.err deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\wfbudo-3.0.cs deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\wfbudo-3.dll deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\wfbudo-3.cmdline deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\IMTC.xml deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\IMTD.xml deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\IMTB.xml deleted successfully.
File C:\WINDOWS\Sysvxd.exe deleted successfully.
File C:\WINDOWS\system32\drivers\svchost.exe deleted successfully.
File C:\Documents and Settings\utente\Dati applicazioni\taskeng.exe deleted successfully.
File C:\Documents and Settings\utente\Dati applicazioni\fSAw0BYJat.gif deleted successfully.
File C:\Documents and Settings\utente\Dati applicazioni\fSAw0BYJby.gif deleted successfully.
File C:\Documents and Settings\utente\Dati applicazioni\fSAw0BYJzn.gif deleted successfully.
File C:\Documents and Settings\utente\Dati applicazioni\pdinstall.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\system\controlset001\services\n ngftvhvxiwj deleted successfully.
Registry key HKEY_LOCAL_MACHINE\system\controlset002\services\n ngftvhvxiwj not found!
Deletion of registry key HKEY_LOCAL_MACHINE\system\controlset002\services\n ngftvhvxiwj failed!
Could not process line:
HKEY_LOCAL_MACHINE\system\controlset002\services\n ngftvhvxiwj
Status: 0xc0000034
Registry key HKEY_LOCAL_MACHINE\system\controlset003\services\n ngftvhvxiwj not found!
Deletion of registry key HKEY_LOCAL_MACHINE\system\controlset003\services\n ngftvhvxiwj failed!
Could not process line:
HKEY_LOCAL_MACHINE\system\controlset003\services\n ngftvhvxiwj
Status: 0xc0000034
Registry key HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\nngftvhvxiwj not found!
Deletion of registry key HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\nngftvhvxiwj failed!
Could not process line:
HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\nngftvhvxiwj
Status: 0xc0000034
Program C:\Documents and Settings\utente\Desktop\sys83830.exe successfully set up to run once on reboot.
Completed script processing.
*******************
Finished! Terminate.
l'altro lo carico su megaupload
ecco il link
http://www.megaupload.com/?d=I1QS7IXW
scusa per il ritardo..
Da Risorse del computer (o qualsiasi altra cartella) clicca su strumenti -> opzioni cartella -> visualizzazione
-> spunta: visualizza cartelle e file nascosti
-> togli la spunta a: nascondi i file protetti di sistema
-> togli la spunta a: nascondi le estensioni per i tipi di file conosciuti
apri I:\ (non so se è una partizione è un dispositivo esterno, usb)
elimina i file:
I:\autorun.inf
e, se presente, usbassist.exe
Svuota il cestino
Scollega l'unita'
riesegui systemscan, stavolta copia/incolla questo script:
post un nuovo systemscanfiles to delete:
C:\DOCUME~1\utente\IMPOST~1\Temp\409.exe
C:\DOCUME~1\utente\IMPOST~1\Temp\446.exe
C:\DOCUME~1\utente\IMPOST~1\Temp\146.exe
C:\DOCUME~1\utente\IMPOST~1\Temp\fla1E.tmp
C:\DOCUME~1\utente\IMPOST~1\Temp\fla1D.tmp
C:\DOCUME~1\utente\IMPOST~1\Temp\fla1C.tmp
C:\DOCUME~1\utente\IMPOST~1\Temp\891.exe
C:\DOCUME~1\utente\IMPOST~1\Temp\139.exe
C:\DOCUME~1\utente\IMPOST~1\Temp\844.exe
C:\DOCUME~1\utente\IMPOST~1\Temp\805.exe
C:\DOCUME~1\utente\IMPOST~1\Temp\flaC.tmp
C:\DOCUME~1\utente\IMPOST~1\Temp\flaB.tmp
C:\DOCUME~1\utente\IMPOST~1\Temp\217.exe
C:\DOCUME~1\utente\IMPOST~1\Temp\755.exe
C:\DOCUME~1\utente\IMPOST~1\Temp\fla11.tmp
C:\DOCUME~1\utente\IMPOST~1\Temp\800.exe
C:\DOCUME~1\utente\IMPOST~1\Temp\020.exe
C:\DOCUME~1\utente\IMPOST~1\Temp\295.exe
I:\autorun.inf
C:\Documents and Settings\utente\Dati applicazioni\taskeng.exe
C:\RECYCLER\usbassist.exe
...
:x:_::_:*:_::_: )(:_:*:_:*:__::_:°FM°:_: )(:_:*:_:x:___
Buon ferragosto e altroche scusarti per il ritardo, io ti ringrazio per essere qui
Questo è il risultato dopo aver cancellato i file indicati:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Service s\rjggugiw
*******************
Script file located at: \??\C:\WINDOWS\system32\btumubbg.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\DOCUME~1\utente\IMPOST~1\Temp\409.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\446.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\146.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\fla1E.tmp deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\fla1D.tmp deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\fla1C.tmp deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\891.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\139.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\844.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\805.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\flaC.tmp deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\flaB.tmp deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\217.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\755.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\fla11.tmp deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\800.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\020.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\295.exe deleted successfully.
Could not open file I:\autorun.inf for deletion
Deletion of file I:\autorun.inf failed!
Could not process line:
I:\autorun.inf
Status: 0xc000003a
File C:\Documents and Settings\utente\Dati applicazioni\taskeng.exe deleted successfully.
File C:\RECYCLER\usbassist.exe not found!
Deletion of file C:\RECYCLER\usbassist.exe failed!
Could not process line:
C:\RECYCLER\usbassist.exe
Status: 0xc0000034
Program C:\Documents and Settings\utente\Desktop\sys83830.exe successfully set up to run once on reboot.
Completed script processing.
*******************
Finished! Terminate.
E qui la nuova scansione fatta subito dopo:
http://www.megaupload.com/?d=Z6QDO45P
ciao
lo controllo e ti faccio sapere..
intanto.. hai svuotato il cestino..?
...
:x:_::_:*:_::_: )(:_:*:_:*:__::_:°FM°:_: )(:_:*:_:x:___
si certo ho eseguito para para quello che mi hai detto.
Un'altra cosa, il task manager mi si apre ma è sparita la schermata intorno, quella blu per intenderci dove posso cliccare le varie opzioni, processi applicazioni e più sotto file ecc...., non riesco a ripristinarla in nessuna maniera, hai qualche dritta?
Devi cliccare piu di una volta sul bordo esterno !Originariamente inviato da Liuba
Un'altra cosa, il task manager mi si apre ma è sparita la schermata intorno, quella blu per intenderci dove posso cliccare le varie opzioni, processi applicazioni e più sotto file ecc...., non riesco a ripristinarla in nessuna maniera, hai qualche dritta?
Se lo vedi cosi :
clicca nel punto segnato in rosso
Permessi di invio
Rispondi quotando