PDA

Visualizza versione completa : FORSE GROMOZON?


wind13052003
12-04-2007, 17.48.10
Non riesco ad aprire ccleaner, antidialer(della digisoft),hijackthis,come antivirus ho avast(non mi ha rilevato virus) appena clicco sull'icona(dei programmi citati) la barra strumenti sparisce, appare per pochi secondi il programma scelto poi va via che virus ho?(s.o. xp s.p.2)GRAZIE

Perusar
12-04-2007, 17.53.35
chissā... in caso guarda qui (http://www.wintricks.it/manuali/gromozon.html)

certo un log di hijackthis ci vorrebbe...

wind13052003
12-04-2007, 19.00.46
E simile a hijackthis

1 parte
Logfile of HiJackFree v2.1
Scan saved at 16:50:50, on 12/04/2007
Platform: Windows XP Service Pack 2 (Windows NT 5.1.2600)
MSIE: Internet Explorer v 6.0 Service Pack 2 (6.0.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\TIMTUR~1\N100EM~1.EXE
C:\Programmi\Web Accelerator\slipcore.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\TIMTUR~1\TIM Turbo Manager.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\a-squared HiJackFree\a2hijackfree.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=IT&range=AD&phase=6&key=SEARCH
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programmi\Orbitdownloader\orbitcth.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Programmi\Web Accelerator\PBHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: - {7E853D72-626A-48EC-A868-BA8D5E23E045} -
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Programmi\Web Accelerator\components\NOWImaging.dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PC98Monitor] "C:\PROGRA~1\TIMTUR~1\N100EM~1.EXE"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SlipStream] "C:\Programmi\Web Accelerator\slipcore.exe"
O8 - Extra context menu item: &Download all by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: &Download by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download selected by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/204

wind13052003
12-04-2007, 19.05.33
2 parte
O23 - Service: Avvisi - C:\WINDOWS\System32\svchost.exe
O23 - Service: Servizio Gateway di livello applicazione - C:\WINDOWS\System32\alg.exe
O23 - Service: Gestione applicazione - C:\WINDOWS\system32\svchost.exe
O23 - Service: Audio Windows - C:\WINDOWS\System32\svchost.exe
O23 - Service: avast! Antivirus - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Servizio trasferimento intelligente in background - C:\WINDOWS\System32\svchost.exe
O23 - Service: Browser di computer - C:\WINDOWS\System32\svchost.exe
O23 - Service: Servizio di indicizzazione - C:\WINDOWS\system32\cisvc.exe
O23 - Service: ClipBook - C:\WINDOWS\system32\clipsrv.exe
O23 - Service: Applicazione di sistema COM+ - C:\WINDOWS\System32\dllhost.exe
O23 - Service: Servizi di crittografia - C:\WINDOWS\system32\svchost.exe
O23 - Service: Utilitā di avvio processo server DCOM - C:\WINDOWS\system32\svchost
O23 - Service: Client DHCP - C:\WINDOWS\System32\svchost.exe
O23 - Service: Servizio amministrativo di Gestione disco logico - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Gestione dischi logici - C:\WINDOWS\System32\svchost.exe
O23 - Service: Client DNS - C:\WINDOWS\System32\svchost.exe
O23 - Service: Servizio di segnalazione errori - C:\WINDOWS\System32\svchost.exe
O23 - Service: Registro eventi - C:\WINDOWS\system32\services.exe
O23 - Service: Sistema di eventi COM+ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Compatibilitā di Cambio rapido utente - C:\WINDOWS\System32\svchost.exe
O23 - Service: Guida in linea e supporto tecnico - C:\WINDOWS\System32\svchost.exe
O23 - Service: HID Input Service - C:\WINDOWS\System32\svchost.exe
O23 - Service: SSL HTTP - C:\WINDOWS\System32\svchost.exe
O23 - Service: Servizio COM di masterizzazione CD IMAPI - C:\WINDOWS\System32\imapi.exe
O23 - Service: Server - C:\WINDOWS\System32\svchost.exe
O23 - Service: Workstation - C:\WINDOWS\System32\svchost.exe
O23 - Service: Helper NetBIOS di TCP/IP - C:\WINDOWS\System32\svchost.exe
O23 - Service: Machine Debug Manager - C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
O23 - Service: Messenger - C:\WINDOWS\System32\svchost.exe
O23 - Service: Condivisione desktop remoto di NetMeeting - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Distributed Transaction Coordinator - C:\WINDOWS\System32\msdtc.exe
O23 - Service: Windows Installer - C:\WINDOWS\System32\msiexec.exe
O23 - Service: DDE di rete - C:\WINDOWS\system32\netdde.exe
O23 - Service: DDE DSDM di rete - C:\WINDOWS\system32\netdde.exe
O23 - Service: Accesso rete - C:\WINDOWS\System32\lsass.exe
O23 - Service: Connessioni di rete - C:\WINDOWS\System32\svchost.exe
O23 - Service: NLA (Network Location Awareness) - C:\WINDOWS\System32\svchost.exe
O23 - Service: Provider supporto protezione LM NT - C:\WINDOWS\System32\lsass.exe
O23 - Service: Archivi rimovibili - C:\WINDOWS\system32\svchost.exe
O23 - Service: NVIDIA Display Driver Service - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Plug and Play - C:\WINDOWS\system32\services.exe
O23 - Service: Servizi IPSEC - C:\WINDOWS\System32\lsass.exe
O23 - Service: Archiviazione protetta - C:\WINDOWS\system32\lsass.exe
O23 - Service: Auto Connection Manager di Accesso remoto - C:\WINDOWS\System32\svchost.exe
O23 - Service: Connection Manager di Accesso remoto - C:\WINDOWS\System32\svchost.exe
O23 - Service: Gestione sessione di assistenza mediante desktop remoto - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Routing e Accesso remoto - C:\WINDOWS\System32\svchost.exe
O23 - Service: RPC Locator - C:\WINDOWS\System32\locator.exe
O23 - Service: RPC (Remote Procedure Call) - C:\WINDOWS\system32\svchost
O23 - Service: QoS RSVP - C:\WINDOWS\System32\rsvp.exe
O23 - Service: Gestione account di protezione (SAM) - C:\WINDOWS\system32\lsass.exe
O23 - Service: smart card - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Utilitā di pianificazione - C:\WINDOWS\System32\svchost.exe
O23 - Service: Accesso secondario - C:\WINDOWS\System32\svchost.exe
O23 - Service: Notifica eventi di sistema - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Firewall / Condivisione connessione Internet (ICS) - C:\WINDOWS\System32\svchost.exe
O23 - Service: Rilevamento hardware shell - C:\WINDOWS\System32\svchost.exe
O23 - Service: SmartLinkService - slserv.exe
O23 - Service: Spooler di stampa - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: Servizio Ripristino configurazione di sistema - C:\WINDOWS\System32\svchost.exe
O23 - Service: Servizio di rilevamento SSDP - C:\WINDOWS\System32\svchost.exe
O23 - Service: Acquisizione di immagini di Windows (WIA) - C:\WINDOWS\System32\svchost.exe
O23 - Service: MS Software Shadow Copy Provider - C:\WINDOWS\System32\dllhost.exe
O23 - Service: Avvisi e registri di prestazioni - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telefonia - C:\WINDOWS\System32\svchost.exe
O23 - Service: Servizi terminal - C:\WINDOWS\System32\svchost
O23 - Service: Temi - C:\WINDOWS\System32\svchost.exe
O23 - Service: Manutenzione collegamenti distribuiti client - C:\WINDOWS\system32\svchost.exe
O23 - Service: Host di periferiche Plug and Play universali - C:\WINDOWS\System32\svchost.exe
O23 - Service: Gruppo di continuitā - C:\WINDOWS\System32\ups.exe
O23 - Service: Servizio Messenger Sharing Folders USN Journal Reader - C:\Programmi\MSN Messenger\usnsvc.exe
O23 - Service: Copia replicata del volume - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Ora di Windows - C:\WINDOWS\System32\svchost.exe
O23 - Service: WebClient - C:\WINDOWS\System32\svchost.exe
O23 - Service: Strumentazione gestione Windows - C:\WINDOWS\system32\svchost.exe
O23 - Service: Servizio Numero di serie per dispositivi multimediali portatili - C:\WINDOWS\System32\svchost.exe
O23 - Service: Scheda WMI Performance - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Servizio di condivisione in rete Windows Media Player - C:\Programmi\Windows Media Player\WMPNetwk.exe
O23 - Service: Centro sicurezza PC - C:\WINDOWS\System32\svchost.exe
O23 - Service: Aggiornamenti automatici - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework - C:\WINDOWS\system32\svchost.exe
O23 - Service: Zero Configuration reti senza fili - C:\WINDOWS\System32\svchost.exe
O23 - Service: Servizio Provisioning di rete - C:\WINDOWS\System32\svchost.exe

Perusar
12-04-2007, 19.13.22
io fixerei

O2 - BHO: - {7E853D72-626A-48EC-A868-BA8D5E23E045} -
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-b...se=6&key=SEARCH

il resto sembra normale

poi, guarda anche quello che si č detto qui (http://forum.wintricks.it/showthread.php?t=115260&highlight=Gromozon)

wind13052003
12-04-2007, 22.01.54
Packard bell e la marca del computer faccio lo stesso?