Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
Pagine pubblicitarie si aprono da sole
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
FaFa86
Eroe
Eroe


Registrato: 27/06/07 12:25
Messaggi: 57
MessaggioInviato: 27 Apr 2008 19:44    Oggetto: Pagine pubblicitarie si aprono da sole Rispondi citando
Aiuto...cosa devo fare?
Si aprono pagine pubblicitarie da sole quando apro IE e inoltre si è rallentato l'avvio (di ie sempre)
Uso Avast da febbraio.
Top
Profilo Invia messaggio privato
FaFa86
Eroe
Eroe


Registrato: 27/06/07 12:25
Messaggi: 57
MessaggioInviato: 27 Apr 2008 19:52    Oggetto: Rispondi citando
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 19.49.37, on 27/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\pf3p3u6zlo.exe
C:\Programmi\Java\jre1.6.0_06\bin\jusched.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Mazzella\Documenti\Programmi\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virgilio.alice.it/index.html
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11F61896-1AA7-49E2-9206-FC4756555230} - C:\WINDOWS\system32\CddbCddap.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {D2F3BDF6-A745-401F-9989-02CAA90D77B0} - c:\windows\system32\ddrawf.dll
O2 - BHO: Gamburg provider - {D8E11460-0D64-4a20-BED9-BA68BED58342} - wirpc.dll (file missing)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [pf3p3u6zlo] C:\WINDOWS\system32\pf3p3u6zlo.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [pf3p3u6zlo] C:\WINDOWS\system32\pf3p3u6zlo.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://pastaeteritemi.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4351170D-2D78-411A-99A4-CEFA88ED54B1}: NameServer = 85.37.17.11 85.38.28.69
O17 - HKLM\System\CS1\Services\Tcpip\..\{4351170D-2D78-411A-99A4-CEFA88ED54B1}: NameServer = 85.37.17.11 85.38.28.69
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: vjigpuvy - C:\WINDOWS\SYSTEM32\ddrawf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Accesso pannello remoto (apanr) - Unknown owner - C:\WINDOWS\Downlo~1\lfgjvq2\b3w9gj.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 4377 bytes
Top
Profilo Invia messaggio privato
daysleeper
Semidio
Semidio


Registrato: 25/04/08 00:01
Messaggi: 371
MessaggioInviato: 27 Apr 2008 20:21    Oggetto: Rispondi citando
-C:\WINDOWS\system32\pf3p3u6zlo.exe
-O2 - BHO: (no name) - {11F61896-1AA7-49E2-9206-FC4756555230} - C:\WINDOWS\system32\CddbCddap.dll
-O2 - BHO: (no name) - {D2F3BDF6-A745-401F-9989-02CAA90D77B0} - c:\windows\system32\ddrawf.dll
-O2 - BHO: Gamburg provider - {D8E11460-0D64-4a20-BED9-BA68BED58342} - wirpc.dll (file missing)
-O4 - HKLM\..\Run: [pf3p3u6zlo] C:\WINDOWS\system32\pf3p3u6zlo.exe
-O4 - HKCU\..\Run: [pf3p3u6zlo] C:\WINDOWS\system32\pf3p3u6zlo.exe
-O20 - Winlogon Notify: vjigpuvy - C:\WINDOWS\SYSTEM32\ddrawf.dll

tutti questi andrebbero fixati,al termine posta un nuovo log,grazie
ciao
Top
Profilo Invia messaggio privato
FaFa86
Eroe
Eroe


Registrato: 27/06/07 12:25
Messaggi: 57
MessaggioInviato: 27 Apr 2008 20:42    Oggetto: Rispondi citando
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20.40.42, on 27/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Java\jre1.6.0_06\bin\jusched.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Mazzella\Documenti\Programmi\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virgilio.alice.it/index.html
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11F61896-1AA7-49E2-9206-FC4756555230} - C:\WINDOWS\system32\CddbCddap.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {D2F3BDF6-A745-401F-9989-02CAA90D77B0} - c:\windows\system32\ddrawf.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_06\bin\jusched.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://pastaeteritemi.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: vjigpuvy - C:\WINDOWS\SYSTEM32\ddrawf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Accesso pannello remoto (apanr) - Unknown owner - C:\WINDOWS\Downlo~1\lfgjvq2\b3w9gj.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 3948 bytes
Top
Profilo Invia messaggio privato
FaFa86
Eroe
Eroe


Registrato: 27/06/07 12:25
Messaggi: 57
MessaggioInviato: 27 Apr 2008 20:45    Oggetto: Rispondi citando
cosa c'è ancora da eliminare?
è possibile che hijackthis nn elimini qualcosa?
dice che devo chiudere IE per eliminare alcuni dll.....l'ho fatto ma niente
ti parlo dei BHO........
-O2 - BHO: (no name) - {11F61896-1AA7-49E2-9206-FC4756555230} - C:\WINDOWS\system32\CddbCddap.dll
-O2 - BHO: (no name) - {D2F3BDF6-A745-401F-9989-02CAA90D77B0} - c:\windows\system32\ddrawf.dll

Manualmente nn riesco a mandarli via Sad

Grazie per la risp
Top
Profilo Invia messaggio privato
daysleeper
Semidio
Semidio


Registrato: 25/04/08 00:01
Messaggi: 371
MessaggioInviato: 27 Apr 2008 21:10    Oggetto: Rispondi citando
scarica questo e scompattalo in una cartella dedicata:

http://www.malwarebytes.org/FA_Portable.zip

avvia il programma e metti la spunta sulla quarta casella("delete file"),trascina i due file incriminati all'interno del riquadro e clicca su "execute"

abilita la visualizzazione dei file nascosti di win prima.posta un nuovo log,se non vanno via usiamo avenger al limite.
Top
Profilo Invia messaggio privato
FaFa86
Eroe
Eroe


Registrato: 27/06/07 12:25
Messaggi: 57
MessaggioInviato: 27 Apr 2008 21:26    Oggetto: Rispondi citando
"the file could not be deleted"
Sad
ho rifatto hijack this...

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21.25.01, on 27/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmi\Java\jre1.6.0_06\bin\jusched.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mazzella\Documenti\Programmi\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programmi\Alwil Software\Avast4\setup\avast.setup

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virgilio.alice.it/index.html
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11F61896-1AA7-49E2-9206-FC4756555230} - C:\WINDOWS\system32\CddbCddap.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {D2F3BDF6-A745-401F-9989-02CAA90D77B0} - c:\windows\system32\ddrawf.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://pastaeteritemi.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4351170D-2D78-411A-99A4-CEFA88ED54B1}: NameServer = 85.37.17.11 85.38.28.69
O17 - HKLM\System\CS1\Services\Tcpip\..\{4351170D-2D78-411A-99A4-CEFA88ED54B1}: NameServer = 85.37.17.11 85.38.28.69
O17 - HKLM\System\CS2\Services\Tcpip\..\{4351170D-2D78-411A-99A4-CEFA88ED54B1}: NameServer = 85.37.17.11 85.38.28.69
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: vjigpuvy - C:\WINDOWS\SYSTEM32\ddrawf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Accesso pannello remoto (apanr) - Unknown owner - C:\WINDOWS\Downlo~1\lfgjvq2\b3w9gj.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 4523 bytes
Top
Profilo Invia messaggio privato
daysleeper
Semidio
Semidio


Registrato: 25/04/08 00:01
Messaggi: 371
MessaggioInviato: 27 Apr 2008 21:51    Oggetto: Rispondi citando
http://swandog46.geekstogo.com/avenger2/download.php
scarica avenger,scompattalo in una cartella dedicata,nel box bianco inserisci questo script:

Files to delete:
C:\windows\system32\ddrawf.dll
C:\WINDOWS\system32\CddbCddap.dll


quindi clicca su execute,il pc dovrebbe riavviarsi,se non fosse cosi riavvia tu.Al riavvio dovrebbe apparirti il log di avenger se non fosse cosi lo cerchi o dentro la cartella di avenger oppure in C:\

posta il log di avenger e quello di hajkthis
Top
Profilo Invia messaggio privato
FaFa86
Eroe
Eroe


Registrato: 27/06/07 12:25
Messaggi: 57
MessaggioInviato: 27 Apr 2008 22:25    Oggetto: Rispondi citando
Sad Sad

"error:Invalid script.A valid script must begin with a command directive.
Aborting execution!"

Esce scritto questo quando premo "execute"....
Ho fatto tutto come dicevi tu eppure...
Top
Profilo Invia messaggio privato
daysleeper
Semidio
Semidio


Registrato: 25/04/08 00:01
Messaggi: 371
MessaggioInviato: 27 Apr 2008 22:41    Oggetto: Rispondi citando
è un genere di errore che capita spesso con la nuova versione di avenger.In questo caso prova a cancellare e riscrivere lo script e poi a rieseguirlo.
Top
Profilo Invia messaggio privato
FaFa86
Eroe
Eroe


Registrato: 27/06/07 12:25
Messaggi: 57
MessaggioInviato: 27 Apr 2008 22:47    Oggetto: Rispondi citando
l'ho fatto mille volte....

niente!
Top
Profilo Invia messaggio privato
FaFa86
Eroe
Eroe


Registrato: 27/06/07 12:25
Messaggi: 57
MessaggioInviato: 27 Apr 2008 22:59    Oggetto: Rispondi citando
ok ci sono riuscito SmileSmile

ecco il rapporto che è uscito dopo che si è riavviato il pc:

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Sun Apr 27 22:17:34 2008

22:17:34: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Sun Apr 27 22:17:44 2008

22:17:44: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Sun Apr 27 22:18:02 2008

22:18:02: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Sun Apr 27 22:18:19 2008

22:18:19: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Sun Apr 27 22:18:52 2008

22:18:52: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!
Top
Profilo Invia messaggio privato
FaFa86
Eroe
Eroe


Registrato: 27/06/07 12:25
Messaggi: 57
MessaggioInviato: 27 Apr 2008 23:02    Oggetto: Rispondi citando
e questo è l'ultimo hijackthis

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 23.01.40, on 27/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Java\jre1.6.0_06\bin\jusched.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mazzella\Documenti\Programmi\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virgilio.alice.it/index.html
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11F61896-1AA7-49E2-9206-FC4756555230} - C:\WINDOWS\system32\CddbCddap.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {D2F3BDF6-A745-401F-9989-02CAA90D77B0} - c:\windows\system32\ddrawf.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://pastaeteritemi.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4351170D-2D78-411A-99A4-CEFA88ED54B1}: NameServer = 85.37.17.11 85.38.28.69
O17 - HKLM\System\CS1\Services\Tcpip\..\{4351170D-2D78-411A-99A4-CEFA88ED54B1}: NameServer = 85.37.17.11 85.38.28.69
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: vjigpuvy - C:\WINDOWS\SYSTEM32\ddrawf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Accesso pannello remoto (apanr) - Unknown owner - C:\WINDOWS\Downlo~1\lfgjvq2\b3w9gj.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 4266 bytes
Top
Profilo Invia messaggio privato
daysleeper
Semidio
Semidio


Registrato: 25/04/08 00:01
Messaggi: 371
MessaggioInviato: 27 Apr 2008 23:11    Oggetto: Rispondi citando
fai cosi:
scompatta avenger in c:\ in una sua cartella dedicata,avvialo clicca su ok,inserisci questo script all'interno del box bianco:

files to delete:
C:\windows\system32\ddrawf.dll
C:\WINDOWS\system32\CddbCddap.dll


incolla tutto quello in grassetto,poi clicca su execute,il pc dovrebbe riavviarsi da solo se così non fosse, riavvialo manualmente.
Al riavvio del sistema verrà visualizzato il log in c:\avenger.txt e lo posti qui
dopodichè log hijackthis

stavolta dovremo farcela Wink
Top
Profilo Invia messaggio privato
FaFa86
Eroe
Eroe


Registrato: 27/06/07 12:25
Messaggi: 57
MessaggioInviato: 27 Apr 2008 23:26    Oggetto: Rispondi citando
Aiuto..............................

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Sun Apr 27 23:19:02 2008

23:19:02: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Sun Apr 27 23:19:06 2008

23:19:06: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Sun Apr 27 23:19:10 2008

23:19:10: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Sun Apr 27 23:19:38 2008

23:19:38: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Sun Apr 27 23:19:42 2008

23:19:42: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: could not open file "C:\windows\system32\ddrawf.dll"
Deletion of file "C:\windows\system32\ddrawf.dll" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)


Error: could not open file "C:\WINDOWS\system32\CddbCddap.dll"
Deletion of file "C:\WINDOWS\system32\CddbCddap.dll" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)


Completed script processing.

*******************

Finished! Terminate.
Top
Profilo Invia messaggio privato
FaFa86
Eroe
Eroe


Registrato: 27/06/07 12:25
Messaggi: 57
MessaggioInviato: 27 Apr 2008 23:27    Oggetto: Rispondi citando
e ecco hijackthis che dice....

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 23.27.10, on 27/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmi\Java\jre1.6.0_06\bin\jusched.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mazzella\Documenti\Programmi\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virgilio.alice.it/index.html
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11F61896-1AA7-49E2-9206-FC4756555230} - C:\WINDOWS\system32\CddbCddap.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {D2F3BDF6-A745-401F-9989-02CAA90D77B0} - c:\windows\system32\ddrawf.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://pastaeteritemi.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4351170D-2D78-411A-99A4-CEFA88ED54B1}: NameServer = 85.37.17.11 85.38.28.69
O17 - HKLM\System\CS1\Services\Tcpip\..\{4351170D-2D78-411A-99A4-CEFA88ED54B1}: NameServer = 85.37.17.11 85.38.28.69
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: vjigpuvy - C:\WINDOWS\SYSTEM32\ddrawf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Accesso pannello remoto (apanr) - Unknown owner - C:\WINDOWS\Downlo~1\lfgjvq2\b3w9gj.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 4351 bytes
Top
Profilo Invia messaggio privato
FaFa86
Eroe
Eroe


Registrato: 27/06/07 12:25
Messaggi: 57
MessaggioInviato: 27 Apr 2008 23:53    Oggetto: Rispondi citando
è tardi vado a nanna....qualora dovessi rispondermi leggo domani
cmq GRAZIE MILLE!!!!!!GENTILISSIMO
ciao
Top
Profilo Invia messaggio privato
chemicalbit
Dio maturo
Dio maturo


Registrato: 01/04/05 18:59
Messaggi: 18597
Residenza: Milano
MessaggioInviato: 28 Apr 2008 00:15    Oggetto: Rispondi citando
Prova a fare una scansione con HijackThis da modalità provvisoria (vedi qui, seconda parte).

ci sono
-O2 - BHO: (no name) - {11F61896-1AA7-49E2-9206-FC4756555230} - C:\WINDOWS\system32\CddbCddap.dll
-O2 - BHO: (no name) - {D2F3BDF6-A745-401F-9989-02CAA90D77B0} - c:\windows\system32\ddrawf.dll

Se sì, fixale da modalità provvisoria.


p.s. con che antivirus, antispyware, ecc. hai fatto scansioni fino ad ora?
Top
Profilo Invia messaggio privato
chemicalbit
Dio maturo
Dio maturo


Registrato: 01/04/05 18:59
Messaggi: 18597
Residenza: Milano
MessaggioInviato: 28 Apr 2008 11:30    Oggetto: Rispondi citando
Due note, poi vediamo come procedere

1) Ma una discussione come questa non dovrebbe stare in Pronto Soccorso Virus?
( bdoriano, Sante62 Whistle potete spostarla?)

2) Che cosa impedisce la cancellazione normale con HijackThis?
Piano e cautela a cancellare con le maniere più o meno forti (FileASSASSIN e The Avenger) se non si è ancora capito perché e cosa li blocca.

---------

Top
Profilo Invia messaggio privato
FaFa86
Eroe
Eroe


Registrato: 27/06/07 12:25
Messaggi: 57
MessaggioInviato: 28 Apr 2008 14:13    Oggetto: Rispondi
NFix_2008-04-28_13-15-28.log

mi sa che nemmeno sti 3 programmi ci so riusciti a ammazzare sto coso....
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Vai a 1, 2  Successivo
Pagina 1 di 2

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi