Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Scansione con Runscanner

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Scansione con Runscanner

Messaggioda killick » gio nov 27, 2008 3:01 pm

Ciao
Stavo leggendo i vari aricoli nella sezione sicurezza e mi ha particolarmete colpito il programma Runscanner, per cui dopo averlo scaricato ho provato a fare una scansione del pc.
Finita la scansione ho notato che ci sono molti file in rosso con la dicitura Not Found.
Siccome non vorrei fare danni prima di cancellare qualcosa vorrei sottoporvi il log per avere consigli su come mi devo comportare.
Grazie
Aldo

Runscanner logfile http://www.runscanner.net

* = signed file
- = file not found

General info
------------
Computer name : AL-73C10C4592
Creation time : 27/11/2008 14.30.13
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.5730.13
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 3
RunScanner Version : 1.7.0.0
User Language : Italiano (Italia)
User rights : Administrator
Windows folder : C:\WINDOWS

Running processes
-----------------
* C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe (Acronis)
* C:\WINDOWS\System32\alg.exe (Microsoft Corporation)
* C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation)
* C:\WINDOWS\system32\services.exe (Microsoft Corporation)
* C:\WINDOWS\system32\csrss.exe (Microsoft Corporation)
* C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
* C:\Programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe (IObit)
* C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
C:\Programmi\IObit\Advanced WindowsCare V2\MemCleaner.exe (IObit)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
* C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
* C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
* C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)
C:\Programmi\File comuni\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
* C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation)
* C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation)
C:\Programmi\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc.)
* C:\Documents and Settings\Aldo\Desktop\Runscanner\RunScanner.exe (Runscanner.net)
* C:\Programmi\Windows Defender\MsMpEng.exe (Microsoft Corporation)
* C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation)
* C:\Programmi\Windows Defender\MSASCui.exe (Microsoft Corporation)
* c:\windows\System32\smss.exe (Microsoft Corporation)
* C:\Programmi\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)

Unrated items
-------------
002 * C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
002 C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
002 C:\WINDOWS\system32\nwiz.exe
002 * C:\Programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe (IObit)
002 C:\Programmi\IObit\Advanced WindowsCare V2\MemCleaner.exe (IObit)
002 * C:\Programmi\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
003 C:\Programmi\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc.)
010 * C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe (Acronis Scheduler2 Service)
010 * C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Internet Security)
010 C:\Programmi\File comuni\LightScribe\LSSrvc.exe (LightScribeService Direct Disc Labeling Service)
010 C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Display Driver Service)
010 C:\WINDOWS\system32\drivers\pclepci.sys (PCLEPCI)
011 * C:\WINDOWS\system32\drivers\ACEDRV08.sys (ACEDRV08)
011 * C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis Snapshots Manager)
011 * C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis True Image Backup Archive Explorer)
011 * C:\WINDOWS\system32\DRIVERS\tifsfilt.sys (Acronis True Image FS Filter)
011 * C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgio.sys (avgio)
011 * C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (avgntflt)
011 * C:\WINDOWS\system32\DRIVERS\avipbb.sys (avipbb)
011 * C:\WINDOWS\system32\DRIVERS\klim5.sys (Kaspersky Anti-Virus NDIS Filter)
011 * C:\WINDOWS\system32\drivers\klbg.sys (Kaspersky Lab Boot Guard Driver)
011 * C:\WINDOWS\system32\DRIVERS\klif.sys (Kaspersky Lab Driver)
011 * C:\WINDOWS\system32\DRIVERS\klfltdev.sys (Kaspersky Lab KLFltDev)
011 * C:\WINDOWS\system32\drivers\kl1.sys (Kl1)
011 C:\WINDOWS\system32\DRIVERS\rt73.sys (Linksys Home Wireless-G USB Adapter Driver)
011 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (nv)
011 C:\WINDOWS\system32\DRIVERS\MarvinBus.sys (Pinnacle Marvin Bus)
011 C:\WINDOWS\system32\Drivers\PzWDM.sys (PzWDM)
011 C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys (Realtek 10/100 NIC Family NDIS x86 Driver)
011 C:\Programmi\SUPERAntiSpyware\SASDIFSV.SYS (SASDIFSV)
011 C:\Programmi\SUPERAntiSpyware\SASENUM.SYS (SASENUM)
011 C:\Programmi\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL)
011 C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Service for Realtek AC97 Audio (WDM))
011 C:\WINDOWS\System32\Drivers\sptd.sys (sptd)
011 * C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (ssmdrv)
011 C:\WINDOWS\system32\DRIVERS\Vax347b.sys (Vax347b)
011 C:\WINDOWS\System32\Drivers\Vax347s.sys (Vax347s)
011 * c:\windows\System32\Drivers\vaxscsi.sys (vaxscsi)
011 C:\WINDOWS\System32\Drivers\ezplay.sys (VSO Software ezplay)
011 C:\WINDOWS\System32\Drivers\pcouffin.sys (VSO Software pcouffin)
050 C:\Programmi\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}
052 * C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab) {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}
061 * C:\Programmi\Acronis\TrueImageHome\tishell.dll (Acronis) {C539A15A-3AF9-4c92-B771-50CB78F5C751}
061 * C:\Programmi\Acronis\TrueImageHome\tishell.dll (Acronis) {C539A15B-3AF9-4c92-B771-50CB78F5C751}
061 C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll (Alcohol Soft Development Team) {32020A01-506E-484D-A2A8-BE3CF17601C3}
061 C:\WINDOWS\system32\nvshell.dll {1CDB2949-8F65-4355-8456-263E7C208A5D}
061 C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47}
061 C:\PROGRA~1\GLARYU~1\CONTEX~1.DLL (GlarySoft.com) {72923739-5A47-40A3-9895-25AF0DFBB9E4}
061 C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48}
061 C:\Programmi\Avira\AntiVir PersonalEdition Classic\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
061 * C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (Kaspersky Lab) {85E0B171-04FA-11D1-B7DA-00A0C90348D6}
061 C:\Programmi\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
063 C:\WINDOWS\system32\pgdfgsvc.exe (Sysinternals - http://www.sysinternals.com&#41;
067 C:\Programmi\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
067 * C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
070 * C:\WINDOWS\system32\relog_ap.dll (Acronis)
073 GlaryInitialize.job : C:\Programmi\Glary Utilities\initialize.exe (GlarySoft.com)
100 Start Page HKCU : http://www.aiutamici.com
104 C:\WINDOWS\opuc.dll (Microsoft Corporation) {C7DB51B4-BCF7-4923-8874-7F1A0DC92277}
105 Aggiungi al banner Blocco pubblicità : C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
105 E&sporta in Microsoft Excel : res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
170 {fc63f953-fa2b-11dc-a310-0017315b77d1} : lvpwmgh.exe
173 GUID / CLSID not found
173 GUID / CLSID not found
173 GUID / CLSID not found {40966797-8FFE-46C8-9EF8-7003F33CCF0F}
173 * C:\Programmi\Acronis\TrueImageHome\tishell.dll (Acronis)
173 C:\Programmi\EZ Wipe\EZ Wipe.dll {EBDF1F20-C829-0110-8233-0020AF3E97C6}
173 C:\PROGRA~1\GLARYU~1\CONTEX~1.DLL (GlarySoft.com) {72923739-5A47-40A3-9895-25AF0DFBB9E4}
173 * C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ShellEx.dll (Kaspersky Lab) {dd230880-495a-11d1-b064-008048ec2fc5}
173 C:\Programmi\Notepad++\nppcm.dll (Burgaud.com) {120B94B5-2E6A-4F13-94D0-414BCB64FA0F}
173 C:\Programmi\Avira\AntiVir PersonalEdition Classic\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
173 C:\Programmi\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com) SUPERAntiSpyware Context Menu
173 C:\Programmi\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
221 GUID / CLSID not found
221 GUID / CLSID not found
221 GUID / CLSID not found {40966797-8FFE-46C8-9EF8-7003F33CCF0F}
221 * C:\Programmi\Acronis\TrueImageHome\tishell.dll (Acronis)
221 C:\Programmi\EZ Wipe\EZ Wipe.dll {EBDF1F20-C829-0110-8233-0020AF3E97C6}
221 C:\PROGRA~1\GLARYU~1\CONTEX~1.DLL (GlarySoft.com) {72923739-5A47-40A3-9895-25AF0DFBB9E4}
221 * C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ShellEx.dll (Kaspersky Lab) {dd230880-495a-11d1-b064-008048ec2fc5}
221 C:\Programmi\Notepad++\nppcm.dll (Burgaud.com) {120B94B5-2E6A-4F13-94D0-414BCB64FA0F}
221 C:\Programmi\Avira\AntiVir PersonalEdition Classic\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
221 C:\Programmi\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com) SUPERAntiSpyware Context Menu
221 C:\Programmi\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
225 GUID / CLSID not found
225 GUID / CLSID not found
225 * C:\Programmi\Acronis\TrueImageHome\tishell.dll (Acronis)
225 * C:\Programmi\Acronis\TrueImageHome\tishell.dll (Acronis)
225 C:\Programmi\EZ Wipe\EZ Wipe.dll {EBDF1F20-C829-0110-8233-0020AF3E97C6}
225 C:\Programmi\EZ Wipe\EZ Wipe.dll {EBDF1F20-C829-0110-8233-0020AF3E97C6}
225 C:\PROGRA~1\GLARYU~1\CONTEX~1.DLL (GlarySoft.com) {72923739-5A47-40A3-9895-25AF0DFBB9E4}
225 C:\PROGRA~1\GLARYU~1\CONTEX~1.DLL (GlarySoft.com) {72923739-5A47-40A3-9895-25AF0DFBB9E4}
225 * C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ShellEx.dll (Kaspersky Lab) {dd230880-495a-11d1-b064-008048ec2fc5}
225 * C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ShellEx.dll (Kaspersky Lab) {dd230880-495a-11d1-b064-008048ec2fc5}
225 C:\Programmi\Avira\AntiVir PersonalEdition Classic\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
225 C:\Programmi\Avira\AntiVir PersonalEdition Classic\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
225 C:\Programmi\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
225 C:\Programmi\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
227 GUID / CLSID not found
227 C:\Programmi\EZ Wipe\EZ Wipe.dll {EBDF1F20-C829-0110-8233-0020AF3E97C6}
227 C:\Programmi\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com) SUPERAntiSpyware Context Menu
227 C:\Programmi\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
229 C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48}

Missing files
-------------
003 C:\Programmi\RocketDock\RocketDock.exe
011 C:\WINDOWS\system32\drivers\Abiosdsk.sys
011 C:\WINDOWS\system32\drivers\abp480n5.sys
011 C:\WINDOWS\system32\drivers\adpu160m.sys
011 C:\WINDOWS\system32\drivers\Aha154x.sys
011 C:\WINDOWS\system32\drivers\aic78u2.sys
011 C:\WINDOWS\system32\drivers\aic78xx.sys
011 C:\WINDOWS\system32\drivers\AliIde.sys
011 C:\WINDOWS\system32\drivers\alrlhjc9.sys
011 C:\WINDOWS\system32\drivers\amsint.sys
011 C:\WINDOWS\system32\drivers\asc.sys
011 C:\WINDOWS\system32\drivers\asc3350p.sys
011 C:\WINDOWS\system32\drivers\asc3550.sys
011 C:\WINDOWS\system32\drivers\Atdisk.sys
011 C:\WINDOWS\system32\drivers\cd20xrnt.sys
011 C:\WINDOWS\system32\drivers\Changer.sys
011 C:\WINDOWS\system32\drivers\CmdIde.sys
011 C:\WINDOWS\system32\drivers\Cpqarray.sys
011 C:\WINDOWS\system32\drivers\dac2w2k.sys
011 C:\WINDOWS\system32\drivers\dac960nt.sys
011 C:\WINDOWS\system32\drivers\dpti2o.sys
011 C:\WINDOWS\system32\drivers\hpn.sys
011 C:\WINDOWS\system32\drivers\i2omgmt.sys
011 C:\WINDOWS\system32\drivers\i2omp.sys
011 C:\WINDOWS\system32\drivers\ini910u.sys
011 C:\WINDOWS\system32\drivers\IntelIde.sys
011 C:\WINDOWS\system32\drivers\lbrtfdc.sys
011 C:\WINDOWS\system32\drivers\mraid35x.sys
011 C:\WINDOWS\system32\drivers\PCIDump.sys
011 C:\WINDOWS\system32\drivers\PDCOMP.sys
011 C:\WINDOWS\system32\drivers\PDFRAME.sys
011 C:\WINDOWS\system32\drivers\PDRELI.sys
011 C:\WINDOWS\system32\drivers\PDRFRAME.sys
011 C:\WINDOWS\system32\drivers\perc2.sys
011 C:\WINDOWS\system32\drivers\perc2hib.sys
011 C:\WINDOWS\system32\drivers\ql1080.sys
011 C:\WINDOWS\system32\drivers\Ql10wnt.sys
011 C:\WINDOWS\system32\drivers\ql12160.sys
011 C:\WINDOWS\system32\drivers\ql1240.sys
011 C:\WINDOWS\system32\drivers\ql1280.sys
011 C:\WINDOWS\system32\drivers\SABProcEnum.sys
011 C:\WINDOWS\system32\drivers\Simbad.sys
011 C:\WINDOWS\system32\drivers\Sparrow.sys
011 C:\WINDOWS\system32\drivers\sym_hi.sys
011 C:\WINDOWS\system32\drivers\sym_u3.sys
011 C:\WINDOWS\system32\drivers\symc810.sys
011 C:\WINDOWS\system32\drivers\symc8xx.sys
011 C:\WINDOWS\system32\drivers\TosIde.sys
011 C:\WINDOWS\system32\drivers\TSP.sys
011 C:\WINDOWS\system32\drivers\ultra.sys
011 C:\WINDOWS\system32\drivers\ViaIde.sys
011 C:\WINDOWS\system32\drivers\WDICA.sys
061 deskpan.dll
Avatar utente
killick
Senior Member
Senior Member
 
Messaggi: 197
Iscritto il: mar nov 18, 2008 6:21 pm
Località: Guidonia- Città dell'aria

Re: Scansione con Runscanner

Messaggioda crazy.cat » gio nov 27, 2008 3:39 pm

Più che dei not found andrei a cercare questo file
170 {fc63f953-fa2b-11dc-a310-0017315b77d1} : lvpwmgh.exe
e lo analizzerei sul sito www.virustotal.com per vedere di cosa si tratta.
Posta anche un log della scansione di hijackthis.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: Scansione con Runscanner

Messaggioda killick » gio nov 27, 2008 4:23 pm

Riguardo al file " 170 {fc63f953-fa2b-11dc-a310-0017315b77d1} : lvpwmgh.exe " non l'ho trovato da nessuna parte nel pc.
Ho trovato una cartella nel registo, per cui non so come fare per farlo analizzare.
Allego il log di hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.09.12, on 27/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\IObit\Advanced WindowsCare V2\MemCleaner.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Programmi\BillP Studios\WinPatrol\WinPatrol.exe
C:\Documents and Settings\Aldo\Desktop\Programmi Eseguibili\Runscanner\RunScanner.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Aldo\Desktop\Programmi Eseguibili\Hjackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aiutamici.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SmartRAM] C:\Programmi\IObit\Advanced WindowsCare V2\MemCleaner.exe /m
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [SmartDefrag] "C:\Programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [WinPatrol] C:\Programmi\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Programmi\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Defender User Interface] C:\Programmi\Windows Defender\MSASCui.exe
O8 - Extra context menu item: Aggiungi al banner Blocco pubblicità - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statistiche sulla protezione del traffico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7201250000
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5866 bytes
Avatar utente
killick
Senior Member
Senior Member
 
Messaggi: 197
Iscritto il: mar nov 18, 2008 6:21 pm
Località: Guidonia- Città dell'aria


Re: Scansione con Runscanner

Messaggioda killick » ven nov 28, 2008 6:53 pm

Ciao

Non vi dimenticate di me [grazie]
Ciao
Avatar utente
killick
Senior Member
Senior Member
 
Messaggi: 197
Iscritto il: mar nov 18, 2008 6:21 pm
Località: Guidonia- Città dell'aria

Re: Scansione con Runscanner

Messaggioda Amantide » ven nov 28, 2008 8:41 pm

Scarica ComboFix ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: Scansione con Runscanner

Messaggioda killick » lun dic 01, 2008 5:28 pm

Ciao Amantide

Ecco il log di Combo fix. e scusa il ritardo. Ciao

ComboFix 08-11-30.02 - Aldo 2008-12-01 17.16.08.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.556 [GMT 1:00]
Eseguito da: c:\documents and settings\Aldo\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Aldo\Dati applicazioni\.#

.
((((((((((((((((((((((((( Files Creati Da 2008-11-01 al 2008-12-01 )))))))))))))))))))))))))))))))))))
.

2008-11-30 19:10 . 2008-11-30 19:10 <DIR> d-------- c:\programmi\Avira
2008-11-30 19:10 . 2008-11-30 19:10 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Avira
2008-11-30 10:35 . 2008-11-30 16:10 <DIR> d-------- c:\programmi\SpyTheSpy
2008-11-28 10:45 . 2008-11-28 10:45 <DIR> d-------- c:\programmi\Unlocker
2008-11-27 18:37 . 2008-11-27 18:44 <DIR> d-------- c:\programmi\SpywareBlaster
2008-11-27 16:40 . 2008-05-14 16:13 25,992 --a------ c:\windows\system32\pgdfgsvc.exe
2008-11-27 16:39 . 2005-02-09 11:59 14,165 --a------ c:\windows\system32\drivers\Pclepci.sys
2008-11-24 16:12 . 2008-11-24 16:12 <DIR> d-------- C:\Music Label Databases
2008-11-24 16:12 . 2008-11-24 16:12 <DIR> d-------- c:\documents and settings\Aldo\Dati applicazioni\Music Label
2008-11-23 09:17 . 2008-11-23 09:17 <DIR> d-------- c:\programmi\Easy Video Downloader
2008-11-22 06:19 . 2008-11-22 10:48 98,966 --a------ c:\windows\Run32A50.mch
2008-11-22 06:05 . 2008-11-22 10:45 <DIR> d-------- c:\windows\A5W_DATA
2008-11-22 06:05 . 2008-11-22 10:45 35 --a------ c:\windows\A5W.INI
2008-11-22 06:05 . 2008-11-22 10:48 0 --a------ c:\windows\mfont.dat
2008-11-21 11:21 . 2008-11-17 10:13 1,435,272 --a------ c:\windows\system32\Flash8.ocx
2008-11-21 08:17 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-11-21 08:17 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-11-19 14:27 . 2008-11-19 14:31 <DIR> d-------- c:\programmi\Media Catalog Studio
2008-11-17 16:13 . 2008-05-16 14:01 6,582,272 --a------ c:\windows\system32\nvdisps.dll
2008-11-17 16:13 . 2008-05-16 14:01 3,776,512 --a------ c:\windows\system32\nvvitvs.dll
2008-11-17 16:13 . 2008-05-16 14:01 3,391,488 --a------ c:\windows\system32\nvgames.dll
2008-11-17 16:13 . 2008-05-16 14:01 2,629,632 --a------ c:\windows\system32\nvwss.dll
2008-11-17 16:13 . 2008-05-16 14:01 1,257,472 --a------ c:\windows\system32\nvmobls.dll
2008-11-17 16:13 . 2008-05-02 22:46 1,241,088 --a------ c:\windows\system32\nvcuda.dll
2008-11-17 16:13 . 2008-05-16 14:01 188,416 --a------ c:\windows\system32\nvmccss.dll
2008-11-17 16:00 . 2008-07-17 14:40 109,952 --a------ c:\windows\system32\drivers\Rtnicxp.sys
2008-11-16 19:28 . 2005-04-13 12:34 937,984 --a------ c:\windows\system32\drivers\nvmcp.sys
2008-11-16 19:28 . 2005-04-13 12:34 414,464 --a------ c:\windows\system32\drivers\nvapu.sys
2008-11-16 19:28 . 2005-04-13 12:34 66,688 --a------ c:\windows\system32\drivers\nvarm.sys
2008-11-16 19:28 . 2005-04-13 12:34 54,272 --a------ c:\windows\system32\nvopenal.dll
2008-11-16 19:28 . 2005-04-13 12:32 53,376 --a------ c:\windows\system32\drivers\nvax.sys
2008-11-16 19:28 . 2005-04-04 19:00 32,256 --a------ c:\windows\system32\NVCOAD.DLL
2008-11-16 19:28 . 2005-04-13 12:34 30,208 --a------ c:\windows\system32\nvasio.dll
2008-11-16 19:28 . 2005-04-13 12:34 21,504 --a------ c:\windows\system32\OpenAL32.dll
2008-11-16 19:28 . 2005-04-13 12:34 7,680 --a------ c:\windows\system32\nvack.dll
2008-11-16 19:28 . 2005-04-13 12:34 5,120 --a------ c:\windows\system32\ALut.dll
2008-11-16 18:53 . 2008-11-16 18:53 <DIR> d-------- c:\programmi\Innovative Solutions
2008-11-16 18:16 . 2004-09-03 00:00 124,688 --a------ c:\windows\system32\MSWINSCK.OCX
2008-11-16 18:16 . 2007-10-07 11:27 10,752 --a------ c:\windows\system32\aamd532.dll
2008-11-14 11:23 . 2008-11-14 11:23 <DIR> d-------- c:\programmi\MediaMonkey
2008-11-14 10:07 . 2008-11-14 10:07 <DIR> d-------- c:\programmi\MSXML 4.0
2008-11-13 18:49 . 2008-11-13 18:51 <DIR> d-------- c:\programmi\MP3-Juggler
2008-11-13 18:45 . 2008-11-13 18:45 32 --a------ c:\windows\qpg.INI
2008-11-12 14:30 . 2008-09-04 18:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 14:30 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-02 11:03 . 2008-11-04 18:30 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-11-01 18:22 . 2008-11-01 18:22 <DIR> d-------- c:\programmi\Notepad++
2008-11-01 18:14 . 2008-11-01 18:22 <DIR> d-------- c:\documents and settings\Aldo\Dati applicazioni\Notepad++

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-01 16:22 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2008-12-01 16:20 9,877,536 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-01 16:20 82,440 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-01 16:20 6,016 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-12-01 16:20 524,320 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-12-01 07:14 --------- d-----w c:\documents and settings\Aldo\Dati applicazioni\WinPatrol
2008-11-30 18:25 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2008-11-28 15:43 --------- d-----w c:\programmi\SUPERAntiSpyware
2008-11-27 20:31 --------- d-----w c:\documents and settings\Aldo\Dati applicazioni\uTorrent
2008-11-24 15:02 --------- d-----w c:\documents and settings\Aldo\Dati applicazioni\Thinstall
2008-11-23 08:14 --------- d-----w c:\programmi\eMule
2008-11-20 15:56 --------- d-----w c:\programmi\RAR Recovery Toolbox
2008-11-19 13:31 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-11-14 10:40 --------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2008-11-13 17:39 --------- d-----w c:\programmi\Password Manager 2006
2008-11-12 18:27 --------- d-----w c:\documents and settings\Aldo\Dati applicazioni\MahJong Suite
2008-11-12 16:12 --------- d-----w c:\programmi\IObit
2008-11-08 10:20 --------- d-----w c:\programmi\Acoustica CD Label Maker
2008-11-02 10:01 --------- d-----w c:\programmi\bitRipper
2008-10-31 16:34 --------- d-----w c:\programmi\Smart CD Catalog PRO
2008-10-27 17:37 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-10-27 17:37 --------- d-----w c:\documents and settings\Aldo\Dati applicazioni\SUPERAntiSpyware.com
2008-10-27 17:36 --------- d-----w c:\programmi\File comuni\Wise Installation Wizard
2008-10-27 14:43 --------- d-----w c:\programmi\ERUNT_ Per effettuare il backup del registro
2008-10-26 09:16 --------- d-----w c:\programmi\FreeCommander
2008-10-26 09:01 --------- d-----w c:\programmi\Your Uninstaller 2008
2008-10-26 09:01 --------- d-----w c:\programmi\WinAVI Video Converter 9.0
2008-10-26 09:01 --------- d-----w c:\programmi\Glary Utilities
2008-10-24 17:06 --------- d-----w c:\documents and settings\Aldo\Dati applicazioni\U3
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-21 14:48 --------- d-----w c:\programmi\Windows Defender
2008-10-21 14:40 --------- d-----w c:\documents and settings\Aldo\Dati applicazioni\Sereniti
2008-10-21 10:03 --------- d-----w c:\programmi\Ant Movie Catalog
2008-10-17 17:22 --------- d-----w c:\programmi\BillP Studios
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 08:34 96,976 ----a-w c:\windows\system32\drivers\klin.dat
2008-10-15 08:34 87,855 ----a-w c:\windows\system32\drivers\klick.dat
2008-10-15 08:33 --------- d-----w c:\programmi\Kaspersky Lab
2008-10-15 08:30 --------- d-----w c:\programmi\Realtek
2008-10-15 08:30 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\InstallShield
2008-10-12 08:10 --------- d-----w c:\programmi\Genie-Soft
2008-10-12 08:10 --------- d-----w c:\documents and settings\Aldo\Dati applicazioni\Genie-Soft
2008-10-05 16:16 --------- d-----w c:\programmi\Recuva
2008-10-05 15:27 --------- d-----w c:\documents and settings\Aldo\Dati applicazioni\Skype
2008-10-05 15:06 --------- d-----w c:\documents and settings\Aldo\Dati applicazioni\skypePM
2008-10-05 08:56 --------- d-----w c:\programmi\Uniblue
2008-10-01 16:42 --------- d-----w c:\documents and settings\Aldo\Dati applicazioni\BitTorrent
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-29 17:20 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-09-29 17:20 249,856 ------w c:\windows\Setup1.exe
2008-09-29 15:29 60,416 ----a-w c:\windows\ALCFDRTM.EXE
2008-09-18 16:05 65,536 ----a-w c:\windows\IFinst27.exe
2008-09-15 15:24 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-03-12 09:12 32 ----a-w c:\documents and settings\All Users\Dati applicazioni\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Windows Defender User Interface"="c:\programmi\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"Gadwin PrintScreen 2.6"="c:\programmi\Gadwin Systems\PrintScreen\PrintScreen.exe" [2003-07-16 913408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SmartRAM"="c:\programmi\IObit\Advanced WindowsCare V2\MemCleaner.exe" [2007-10-29 662016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 206088]
"WinPatrol"="c:\programmi\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]
"nwiz"="nwiz.exe" [2006-03-09 c:\windows\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoPopUpsOnBoot"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"AcronisTimounterMonitor"=c:\programmi\Acronis\TrueImageHome\TimounterMonitor.exe
"Acronis Scheduler2 Service"="c:\programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
"SoundMan"=SOUNDMAN.EXE
"TrueImageMonitor.exe"=c:\programmi\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R0 nvgts;nvgts;c:\windows\system32\DRIVERS\nvgts.sys [2008-11-17 145952]
R0 PzWDM;PzWDM;c:\windows\system32\Drivers\PzWDM.sys [2008-03-11 15172]
R2 ACEDRV08;ACEDRV08;c:\windows\system32\drivers\ACEDRV08.sys [2008-03-12 108768]
R3 Cap7134;TVFM 503 WDM Video Capture;c:\windows\system32\DRIVERS\Cap7134.sys [2003-01-25 428064]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc63f953-fa2b-11dc-a310-0017315b77d1}]
\Shell\AutoRun\command - lvpwmgh.exe
\Shell\explore\Command - lvpwmgh.exe
\Shell\open\Command - lvpwmgh.exe
.
Contenuto della cartella 'Scheduled Tasks'

2008-12-01 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2008-07-18 10:08]

2008-12-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Supplementare di scansione -------
.
FireFox -: Profile - c:\documents and settings\Aldo\Dati applicazioni\Mozilla\Firefox\Profiles\3rtnhpuw.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.aiutamici.com/
FF -: plugin - c:\programmi\Mozilla Firefox\plugins\npsabffx.dll
FF -: plugin - c:\windows\system32\SuperAdBlocker.com\npsabffx.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-01 17:21:48
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(1104)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(1160)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(3744)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSIT.DLL
c:\programmi\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Windows Defender\MsMpEng.exe
c:\programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\programmi\File comuni\Acronis\Schedule2\schedul2.exe
c:\windows\system32\rundll32.exe
c:\programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
.
**************************************************************************
.
Ora fine scansione: 2008-12-01 17:24:10 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-12-01 16:23:49

Pre-Run: 34.196.643.840 byte disponibili
Post-Run: 34,099,556,352 byte disponibili

238 --- E O F --- 2008-11-28 15:04:51
Avatar utente
killick
Senior Member
Senior Member
 
Messaggi: 197
Iscritto il: mar nov 18, 2008 6:21 pm
Località: Guidonia- Città dell'aria

Re: Scansione con Runscanner

Messaggioda Amantide » lun dic 01, 2008 9:38 pm

Abilita la visualizzazione dei file nascosti e di sistema e controlla il contenuto di tutte le periferiche di archiviazione USB, come pen driver ed hard disk esterni, vedi se al loro interno ce l'hanno questi 2 file lvpwmgh.exe ed autorun.inf.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: Scansione con Runscanner

Messaggioda killick » mar dic 02, 2008 10:35 am

Ciao

Ho tre periferiche di archiviazione USB e sono:
- HD esterno da 320gb. Non c'è nessun files di quelli menzionati.
- Penna USB da 2gb. Anche qui nessun files
- SandDisk Cruzer USB flash Drive ( www.sandisk.com) da 4gb, in questa periferica c'è solo il file " autorun.inf".
Riguardo a questa periferica stavo pensando di formattarla per usarla come back di dati

Ciao
Aldo
Avatar utente
killick
Senior Member
Senior Member
 
Messaggi: 197
Iscritto il: mar nov 18, 2008 6:21 pm
Località: Guidonia- Città dell'aria

Re: Scansione con Runscanner

Messaggioda Amantide » mar dic 02, 2008 1:14 pm

killick ha scritto:
Ho tre periferiche di archiviazione USB e sono:

Qualche lettore mp3/mp4?

Intanto apri il registro di sistema (Start>> Esegui>> regedit) ed elimina questa chiave:

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc63f953-fa2b-11dc-a310-0017315b77d1}
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: Scansione con Runscanner

Messaggioda killick » mar dic 02, 2008 3:12 pm

Ho eliminato la chiave dal registro.
Se per lettori mp3/4 ti riferisci a lettori esterni ti dico di No.
Ho come play per la musica Irfanview e Video Lan.

Se può essere utile ho un masterizzatore esterno della thomson. In pratica ho due lettoeri CD/DVD, uno interno e uno esterno.
Per quanto riguarda la penna SandDisk Cruzer USB flash Drive che come ti dicevo volevo formattare, me lo consigli??

Avrei un'altra domanda da farti che non riguarda quest'argomento, devo aprire un nuovo topic??

Ciao
Avatar utente
killick
Senior Member
Senior Member
 
Messaggi: 197
Iscritto il: mar nov 18, 2008 6:21 pm
Località: Guidonia- Città dell'aria

Re: Scansione con Runscanner

Messaggioda Amantide » mar dic 02, 2008 3:15 pm

killick ha scritto:Per quanto riguarda la penna SandDisk Cruzer USB flash Drive che come ti dicevo volevo formattare, me lo consigli??

Come vuoi, però se non formatti elimina il file autorun.inf

killick ha scritto:Avrei un'altra domanda da farti che non riguarda quest'argomento, devo aprire un nuovo topic??

Si

Sempre abilitando la visualizzazione dei file nascosti e di sistema controlla se il file lvpwmgh.exe si trova in C:\WINDOWS\

Fai anche la scansione con Perlovga Removal Tool.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: Scansione con Runscanner

Messaggioda killick » mar dic 02, 2008 3:50 pm

In C/Windows non c'è nessun file lvpwmgh.exe .

Fatto scansione con Perlovga ecc.... e dopo le congratulazioni ho riavviato e tutto è finito lì. Nessun log.
Avatar utente
killick
Senior Member
Senior Member
 
Messaggi: 197
Iscritto il: mar nov 18, 2008 6:21 pm
Località: Guidonia- Città dell'aria

Re: Scansione con Runscanner

Messaggioda Amantide » mar dic 02, 2008 4:43 pm

killick ha scritto:Fatto scansione con Perlovga ecc.... e dopo le congratulazioni ho riavviato e tutto è finito lì. Nessun log.

Beh, se ti ha fatto le congratulazioni direi che ora puoi essere tranquillo [^]
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: Scansione con Runscanner

Messaggioda killick » mar dic 02, 2008 4:57 pm

Ora si che posso dormire tranquillo. [^]
Ciao e [grazie]
Avatar utente
killick
Senior Member
Senior Member
 
Messaggi: 197
Iscritto il: mar nov 18, 2008 6:21 pm
Località: Guidonia- Città dell'aria


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 3 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising