btorrent.exe hellp un virus camuffato

peppecbr · 18-05-2007, 13:28

raga quando avvio l'os il firewall mi avvisa di sto file che cerca di accedere ad internet dalla cartella system32

ho cliccato su un .exe che stava in un file zip e da qui sono iniziati questi avvisi strani , poi se voglio fare la scansione col nod non parte e nenache se voglio aprire il tasck manager sicuro è un virus mi potete aiutare ??

ecco la scansione con hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 13.34.03, on 18/05/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FILECO~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\progra~1\samsung\smarthru\PORTCTRL.EXE
C:\Programmi\DU Meter\DUMeter.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\btorrent.exe
C:\Programmi\Ray Adams\ATI Tray Tools\atitray.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\PeerGuardian2\pg2.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Programmi\Vista Start Menu\VistaStartMenu.exe
C:\Programmi\GetRight\getright.exe
C:\Programmi\Launchy\Launchy.exe
C:\Programmi\SpeedFan\speedfan.exe
C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
C:\Programmi\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Programmi\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
G:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Agnitum\Outpost Firewall\outpost.exe
C:\Programmi\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.2uid.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://2uid.info
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {8A4E1972-8F42-4B50-AA71-29DCA9F336BC} - (no file)
O1 - Hosts: 127.255.255.255 www.getright.com
O1 - Hosts: 127.255.255.255 pro.getright.com
O1 - Hosts: 127.255.255.255 www.headlightinc.com
O1 - Hosts: 127.255.255.255 www.get-right.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: XBTB06829 - {1D09A743-00ED-4713-BCC4-32D590D1087A} - C:\Programmi\Toolbar\like_googlenew1.1a.dll (file missing)
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programmi\GetRight\xx2gr.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programmi\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programmi\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Procesor Driver - {25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} - C:\Programmi\Toolbar\like_googlenew1.1a.dll (file missing)
O4 - HKLM\..\Run: [Outpost Firewall] C:\Programmi\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Programmi\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [IAAnotif] "C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [GW Port Controller] c:\progra~1\samsung\smarthru\PORTCTRL.EXE
O4 - HKLM\..\Run: [DU Meter] C:\Programmi\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [ATI Video Driver Control] btorrent.exe
O4 - HKLM\..\RunServices: [ATI Video Driver Control] btorrent.exe
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Programmi\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Programmi\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Programmi\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Programmi\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [ATI Video Driver Control] btorrent.exe
O4 - HKCU\..\RunServices: [ATI Video Driver Control] btorrent.exe
O4 - Startup: SpeedFan.lnk = C:\Programmi\SpeedFan\speedfan.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Programmi\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Programmi\GetRight\getright.exe
O4 - Global Startup: Launchy.lnk = C:\Programmi\Launchy\Launchy.exe
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Compila Modulo - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Download with GetRight Pro - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Programmi\GetRight\GRbrowse.htm
O8 - Extra context menu item: Personalizza - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RF Barra strumenti - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Salva Moduli - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Compila - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Compila Modulo - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Salva - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Salva Moduli - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF Barra strumenti - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programmi\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\FILECO~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - G:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Programmi\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PD Command Center (PDConsole) - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDConsole.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - G:\Programmi\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - G:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)

wizard1993 · 18-05-2007, 14:33

intanto fixa questi
O4 - HKCU\..\RunServices: [ATI Video Driver Control] btorrent.exe
O4 - HKCU\..\Run: [ATI Video Driver Control] btorrent.exe
O4 - HKLM\..\RunServices: [ATI Video Driver Control] btorrent.exe
O4 - HKLM\..\Run: [ATI Video Driver Control] btorrent.exe

riavvia e fai una scan on line con bitdefeder e panda con system restore disabilitato

peppecbr · 18-05-2007, 16:16

ok tolti riavviato , adesso funziona sia il task manager che Outpost Security Suite Pro 2007 e mi ha rilevato un trojan

posso fare altro? la scansione online la sta facendo , potevo farla anche con il nod? che poi io mi chiedo era attivo il nod e non ha rilevato nulla... appena posso installa kaspersky versione 7.0 beta

wizard1993 · 18-05-2007, 18:08

Quote:

Originariamente inviato da peppecbr

ok tolti riavviato , adesso funziona sia il task manager che Outpost Security Suite Pro 2007 e mi ha rilevato un trojan

posso fare altro? la scansione online la sta facendo , potevo farla anche con il nod? che poi io mi chiedo era attivo il nod e non ha rilevato nulla... appena posso installa kaspersky versione 7.0 beta

anche io uso la beta 7 del kasper; meti tutte le impostazioni al massimo, aggiornalo e dagli una scansione in modalità provvisoria

peppecbr · 20-05-2007, 09:48

Quote:

Originariamente inviato da wizard1993

anche io uso la beta 7 del kasper; meti tutte le impostazioni al massimo, aggiornalo e dagli una scansione in modalità provvisoria

fatto ho messo l'ultima beta di kav uscita ieri la 118..

tuttlo liscio non ha trovato nulla grazie di cuore

18-05-2007, 13:28	#1
peppecbr Senior Member Iscritto dal: Nov 2003 Città: Udine Messaggi: 11337	btorrent.exe hellp un virus camuffato raga quando avvio l'os il firewall mi avvisa di sto file che cerca di accedere ad internet dalla cartella system32 ho cliccato su un .exe che stava in un file zip e da qui sono iniziati questi avvisi strani , poi se voglio fare la scansione col nod non parte e nenache se voglio aprire il tasck manager sicuro è un virus mi potete aiutare ?? ecco la scansione con hijackthis Logfile of HijackThis v1.99.1 Scan saved at 13.34.03, on 18/05/07 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\FILECO~1\Stardock\SDMCP.exe C:\WINDOWS\Explorer.EXE C:\Programmi\Eset\nod32kui.exe C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Programmi\Analog Devices\SoundMAX\Smax4.exe C:\progra~1\samsung\smarthru\PORTCTRL.EXE C:\Programmi\DU Meter\DUMeter.exe C:\Programmi\Unlocker\UnlockerAssistant.exe C:\Programmi\Analog Devices\Core\smax4pnp.exe C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe C:\WINDOWS\system32\btorrent.exe C:\Programmi\Ray Adams\ATI Tray Tools\atitray.exe C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe C:\Programmi\PeerGuardian2\pg2.exe C:\Programmi\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Programmi\Vista Start Menu\VistaStartMenu.exe C:\Programmi\GetRight\getright.exe C:\Programmi\Launchy\Launchy.exe C:\Programmi\SpeedFan\speedfan.exe C:\Programmi\Stardock\ObjectDock\ObjectDock.exe C:\Programmi\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe C:\Programmi\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe C:\PROGRA~1\CACHEM~1\CachemanXP.exe C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe G:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\Programmi\Eset\nod32krn.exe C:\Programmi\Agnitum\Outpost Firewall\outpost.exe C:\Programmi\Raxco\PerfectDisk\PDAgent.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe C:\Programmi\Raxco\PerfectDisk\PDEngine.exe C:\Programmi\MSN Messenger\usnsvc.exe C:\Programmi\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrator\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.2uid.info/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://2uid.info R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - URLSearchHook: (no name) - {8A4E1972-8F42-4B50-AA71-29DCA9F336BC} - (no file) O1 - Hosts: 127.255.255.255 www.getright.com O1 - Hosts: 127.255.255.255 pro.getright.com O1 - Hosts: 127.255.255.255 www.headlightinc.com O1 - Hosts: 127.255.255.255 www.get-right.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: XBTB06829 - {1D09A743-00ED-4713-BCC4-32D590D1087A} - C:\Programmi\Toolbar\like_googlenew1.1a.dll (file missing) O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programmi\GetRight\xx2gr.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programmi\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programmi\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll O3 - Toolbar: Procesor Driver - {25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} - C:\Programmi\Toolbar\like_googlenew1.1a.dll (file missing) O4 - HKLM\..\Run: [Outpost Firewall] C:\Programmi\Agnitum\Outpost Firewall\outpost.exe /waitservice O4 - HKLM\..\Run: [OutpostFeedBack] C:\Programmi\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [IAAnotif] "C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [GW Port Controller] c:\progra~1\samsung\smarthru\PORTCTRL.EXE O4 - HKLM\..\Run: [DU Meter] C:\Programmi\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe" -H O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [ATI Video Driver Control] btorrent.exe O4 - HKLM\..\RunServices: [ATI Video Driver Control] btorrent.exe O4 - HKCU\..\Run: [AtiTrayTools] "C:\Programmi\Ray Adams\ATI Tray Tools\atitray.exe" O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [PeerGuardian] C:\Programmi\PeerGuardian2\pg2.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RoboForm] "C:\Programmi\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [VistaStartMenu] "C:\Programmi\Vista Start Menu\VistaStartMenu.exe" O4 - HKCU\..\Run: [ATI Video Driver Control] btorrent.exe O4 - HKCU\..\RunServices: [ATI Video Driver Control] btorrent.exe O4 - Startup: SpeedFan.lnk = C:\Programmi\SpeedFan\speedfan.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Programmi\Stardock\ObjectDock\ObjectDock.exe O4 - Startup: Yahoo! Widget Engine.lnk = C:\Programmi\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Programmi\GetRight\getright.exe O4 - Global Startup: Launchy.lnk = C:\Programmi\Launchy\Launchy.exe O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Compila Modulo - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Download with GetRight Pro - C:\Programmi\GetRight\GRdownload.htm O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Programmi\GetRight\GRbrowse.htm O8 - Extra context menu item: Personalizza - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: RF Barra strumenti - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Salva Moduli - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Compila - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Compila Modulo - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Salva - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Salva Moduli - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RF Barra strumenti - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programmi\Yahoo!\Common\Yinsthelper.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\FILECO~1\Stardock\mcpstub.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\PROGRA~1\CACHEM~1\CachemanXP.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: MSSQL$PINNACLESYS - Unknown owner - G:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing) O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Programmi\Agnitum\Outpost Firewall\outpost.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PD Command Center (PDConsole) - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDConsole.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDEngine.exe O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - G:\Programmi\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - G:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing) __________________ Sharkoon TG5 RGB ; ryzen 2600+ ; AIO Cryorig A80 ; msi x470 gaming plus ; corsair 8x2 ddr4 3000 mhz ; sapphire radeon rx 580 nitro+ ; corsair rm850i Ultima modifica di peppecbr : 18-05-2007 alle 13:31.

18-05-2007, 14:33	#2
wizard1993 Senior Member Iscritto dal: Apr 2006 Messaggi: 22462	intanto fixa questi O4 - HKCU\..\RunServices: [ATI Video Driver Control] btorrent.exe O4 - HKCU\..\Run: [ATI Video Driver Control] btorrent.exe O4 - HKLM\..\RunServices: [ATI Video Driver Control] btorrent.exe O4 - HKLM\..\Run: [ATI Video Driver Control] btorrent.exe riavvia e fai una scan on line con bitdefeder e panda con system restore disabilitato __________________ amd a64x2 4400+ sk939;asus a8n-sli; 2x1gb ddr400; x850 crossfire; 2 x western digital abys 320gb\|\| asus g1 Se striscia fulmina, se svolazza l'ammazza

18-05-2007, 16:16	#3
peppecbr Senior Member Iscritto dal: Nov 2003 Città: Udine Messaggi: 11337	ok tolti riavviato , adesso funziona sia il task manager che Outpost Security Suite Pro 2007 e mi ha rilevato un trojan posso fare altro? la scansione online la sta facendo , potevo farla anche con il nod? che poi io mi chiedo era attivo il nod e non ha rilevato nulla... appena posso installa kaspersky versione 7.0 beta __________________ Sharkoon TG5 RGB ; ryzen 2600+ ; AIO Cryorig A80 ; msi x470 gaming plus ; corsair 8x2 ddr4 3000 mhz ; sapphire radeon rx 580 nitro+ ; corsair rm850i

Strumenti
Mostra una versione stampabile Invia questa pagina per email