Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Avviso persistente di windows

Problemi con i sistemi operativi di casa Microsoft? Questa è la sezione che fa per te!

Avviso persistente di windows

Messaggioda _Xander_ » gio set 10, 2009 12:28 pm

Da qualche mese a questa parte, in qualunque momento durante la navigazione web (non con internet explorer 8) mi appare l'avviso "internet explorer ha smesso di funzionare". Il sistema operativo è windows vista home premium aggiornato con gli ultimi updates. L'avviso sta diventando ormai parecchio fastidioso, qualcun'altro che ha avuto questo problema e che l'ha risolto?Qualche suggerimento?
Nulla è reale, tutto è lecito
Avatar utente
_Xander_
Senior Member
Senior Member
 
Messaggi: 346
Iscritto il: mer apr 16, 2008 6:05 pm
Località: Arkham Asylum

Re: Avviso persistente di windows

Messaggioda crazy.cat » gio set 10, 2009 2:51 pm

quindi stavi navigando con firefox o opera e segnalava che era Ie ad andare in errore?

Prova a fare una scansione con combofix e vediamo cosa ne esce fuori, posta il suo log.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: Avviso persistente di windows

Messaggioda _Xander_ » ven set 11, 2009 12:55 pm

Ecco il log di combofix :


boFix 09-09-09.09 - Caterina 10/09/2009 20.24.27.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.39.1040.18.1021.305 [GMT 2:00]
Eseguito da: c:\users\Caterina\Alessandro\ComboFix.exe
SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\8957c.msi

.
((((((((((((((((((((((((( Files Creati Da 2009-08-10 al 2009-09-10 )))))))))))))))))))))))))))))))))))
.

2009-09-10 18:32 . 2009-09-10 18:32 -------- d-----w- c:\users\Caterina\AppData\Local\temp
2009-09-10 18:32 . 2009-09-10 18:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-10 18:32 . 2009-09-10 18:32 -------- d-----w- c:\users\Xander\AppData\Local\temp
2009-09-10 18:32 . 2009-09-10 18:32 -------- d-----w- c:\users\Alessandro\AppData\Local\temp
2009-09-10 18:32 . 2009-09-10 18:32 -------- d-----w- c:\users\Alessandro.PC-Caterina\AppData\Local\temp
2009-09-10 08:43 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-10 08:43 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-10 08:43 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-10 08:43 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-10 08:41 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-10 08:41 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-10 08:41 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-10 08:41 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-10 08:41 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-10 08:41 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-10 08:41 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-10 08:41 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-10 08:41 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-10 08:41 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-10 08:13 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-02 21:47 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-02 21:46 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 15:46 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-18 15:33 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-18 15:33 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-18 15:33 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-18 15:32 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-18 15:32 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-18 15:32 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-18 15:32 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-18 15:32 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-10 18:07 . 2008-09-23 11:12 -------- d-----w- c:\programdata\NOS
2009-09-10 18:03 . 2007-04-28 17:08 12 ----a-w- c:\windows\bthservsdp.dat
2009-09-10 11:59 . 2008-04-17 15:13 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-10 11:38 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-23 15:38 . 2007-03-28 14:35 -------- d-----w- c:\users\Caterina\AppData\Roaming\OpenOffice.org2
2009-08-23 15:37 . 2006-11-06 01:52 662846 ----a-w- c:\windows\system32\perfh010.dat
2009-08-23 15:37 . 2006-11-06 01:52 120326 ----a-w- c:\windows\system32\perfc010.dat
2009-07-26 09:06 . 2009-07-26 09:06 -------- d-----w- c:\programdata\Long slow road itch
2009-07-26 09:06 . 2009-07-26 09:06 -------- d-----w- c:\programdata\SETTINGS POP TIME
2009-07-26 09:05 . 2009-07-26 09:05 -------- d-----w- c:\program files\Circle Deveopement
2009-07-26 09:05 . 2007-03-27 22:31 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-07 14:44 . 2009-04-16 17:38 3061792 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-15 15:24 . 2009-07-20 12:08 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-20 12:08 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-20 12:08 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-20 12:08 289792 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"?????????"="??????????????e" [?]
"Nurb Four"="c:\programdata\Great 16 16.ifiuisg" [X]
"ROAD ITCH AMOK PING"="c:\programdata\dvd setup mess.jjmjlu6" [X]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2006-12-07 483328]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-22 185896]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-28 244512]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-12-01 4186112]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\eNetHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6007E185-6FA7-41DE-A4C1-87031D2460DA}"= UDP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{0DB0F79B-ED8B-46F6-AE0D-BF96D6155FF9}"= TCP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{1607A58E-78D1-4C2E-A494-E9A2C99B1BE3}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{EE4F3998-B944-45DB-95A5-D8468A2D9F07}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{54ED7752-78FE-4443-A188-A0E1358A5254}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{ACB059BE-42A9-4806-8DF2-F292AFB1E0A0}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{FEC99AFD-EA8C-4A33-983C-A84F9BC44AF5}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{1A00FE06-2BDE-4A22-A6CA-D8AE623416FE}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{4DFBBA13-054F-4A99-A67E-5EAF4BF97200}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{8BCC34C0-1817-4FC0-B600-339E4BC7C59C}"= UDP:c:\program files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe:Ad-Aware 2007
"{20FE6BAC-DCF0-421A-AED9-A8EEB5F13F29}"= TCP:c:\program files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe:Ad-Aware 2007
"{3B254BA5-FE7C-4F23-9C78-26916D420F85}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{3BEC5129-630A-4016-B94D-BE7A7481F922}c:\\program files\\itunes\\itunes.exe"= UDP:c:\program files\itunes\itunes.exe:iTunes
"UDP Query User{22CDFDE3-A95F-4385-BD62-A78F3F5C2CAE}c:\\program files\\itunes\\itunes.exe"= TCP:c:\program files\itunes\itunes.exe:iTunes
"{FFE870A7-7543-4EDA-906F-D12589923917}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{CF9A50B2-8736-4B8C-87DE-FA813887B59E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{B831175C-37BB-4A0A-B012-4E4464065CB3}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{54C03F67-5E02-46F0-98DC-49EC9C35BD64}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{CF523663-9134-4DFD-822D-1887E74C24DE}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{D2F8096D-5992-407F-BA5A-FE707A211604}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption

R3 b57nd60x;%SvcDispName%;c:\windows\System32\drivers\b57nd60x.sys [03/06/2008 11.23.34 179712]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\System32\drivers\lv321av.sys [23/09/2008 20.16.44 847392]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17/11/2008 8.40.22 3668480]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\System32\drivers\smscirda.sys [25/04/2007 14.32.42 31232]
S2 gupdate1c9b614e4c763e2;Servizio di Google Update (gupdate1c9b614e4c763e2);c:\program files\Google\Update\GoogleUpdate.exe [05/04/2009 19.35.19 133104]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [03/06/2008 11.21.19 21504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {D2DB751E-59BD-413E-2ED0-00AE16C567E4} /qb
.
Contenuto della cartella 'Scheduled Tasks'

2009-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-05 17:35]

2009-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-05 17:35]

2009-09-10 c:\windows\Tasks\User_Feed_Synchronization-{AA8F071B-9E8D-409B-AFBB-5AEA805622D0}.job
- c:\windows\system32\msfeedssync.exe [2009-05-12 11:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.libero.it/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://it.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://it.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {CE21037E-F121-4AFD-BCD8-FB9C566CBDC1} = 213.230.129.10 213.230.155.10
FF - ProfilePath - c:\users\Caterina\AppData\Roaming\Mozilla\Firefox\Profiles\k87vw8ev.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/ig?hl=it
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJPI150_07.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPOJI610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-avgnt - c:\program files\AntiVir PersonalEdition Classic\avgnt.exe
HKLM-Run-SetPanel - (no file)
HKLM-Run-eRecoveryService - (no file)
HKLM-RunOnce-Uninstall Adobe Download Manager - c:\users\Caterina\AppData\Local\Temp\nos_uninstall_Adobe.dll
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-10 20:32
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\eNetHook.dll

- - - - - - - > 'lsass.exe'(672)
c:\windows\system32\eNetHook.dll
.
Ora fine scansione: 2009-09-10 20.36.26
ComboFix-quarantined-files.txt 2009-09-10 18:36

Pre-Run: 23.001.849.856 byte disponibili
Post-Run: 22.900.359.168 byte disponibili

255 --- E O F --- 2009-09-10 18:10
Ultima modifica di ba_61 il ven set 11, 2009 1:49 pm, modificato 1 volta in totale.
Motivazione: Tag Log
Nulla è reale, tutto è lecito
Avatar utente
_Xander_
Senior Member
Senior Member
 
Messaggi: 346
Iscritto il: mer apr 16, 2008 6:05 pm
Località: Arkham Asylum

Re: Avviso persistente di windows

Messaggioda crazy.cat » ven set 11, 2009 1:54 pm

Non mi hai risposto...
crazy.cat ha scritto:quindi stavi navigando con firefox o opera e segnalava che era Ie ad andare in errore?


Si vedono alcuni nomi strani, hai idea di cosa siano queste cartelle?
c:\programdata\Long slow road itch
c:\programdata\SETTINGS POP TIME

Prova a fare una scansione con malwarebytes (per cominciare)
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: Avviso persistente di windows

Messaggioda _Xander_ » dom set 13, 2009 8:24 pm

crazy.cat ha scritto:Non mi hai risposto...
crazy.cat ha scritto:quindi stavi navigando con firefox o opera e segnalava che era Ie ad andare in errore?


Scusa, comunque si...io navigo con firefox e mi segna che internet explorer ha smesso di funzionare.


Si vedono alcuni nomi strani, hai idea di cosa siano queste cartelle?
c:\programdata\Long slow road itch
c:\programdata\SETTINGS POP TIME

Prova a fare una scansione con malwarebytes (per cominciare)


Non ho idea di che cosa siano quelle cartelle purtroppo, farò scansione appena posso e vi farò sapere, grazie per i suggerimenti
Nulla è reale, tutto è lecito
Avatar utente
_Xander_
Senior Member
Senior Member
 
Messaggi: 346
Iscritto il: mer apr 16, 2008 6:05 pm
Località: Arkham Asylum


Torna a Sistema Operativo

Chi c’è in linea

Visitano il forum: Nessuno e 12 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising