Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

C:\Users\User\AppData\Roaming\izyew.dll modulo non trovato

Risolvi qui i tuoi problemi legati a Windows '95, '98, ME, NT, 2000, XP, 2003, Vista...

Moderatori: -> EleKtrA <-, antoo69

C:\Users\User\AppData\Roaming\izyew.dll modulo non trovato

Postdi plutarco2009 » 01/06/09 21:38

Anzitutto ciao a tutto il forum e grazie per l'ospitalità.
Ad ogni avvio di Windows Vista purtroppo mi compare una finestra di errore che mi dice che non si riesce a trovare C:\Users\User\AppData\Roaming\izyew.dll Cosa può essere?
Se qualcuno/a potesse aiutarmi gli sarei molto grato. Intanto posto il log di hijackthis:

Codice: Seleziona tutto
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.29.50, on 01/06/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\ehome\ehmsas.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [kxtyqau] rundll32.exe "C:\Users\User\AppData\Roaming\izyew.dll",nsugqh
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{EAAEF5A7-EF8F-4C3D-B285-BC0C36E6FA91}: NameServer = 212.48.4.15 62.211.69.150
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7322 bytes
plutarco2009
Newbie
 
Post: 2
Iscritto il: 01/06/09 14:53

Sponsor
 

Re: C:\Users\User\AppData\Roaming\izyew.dll modulo non trovato

Postdi -> EleKtrA <- » 02/06/09 08:17

Ciao plutarco20009, benvenuto.

Nel log è presente un'infezione che possiamo trattare fixando la voce con hijackthis e poi eseguiendo combofix per individuare i residui.

- Tasto destro su Hijackthis, esegui come amministratore
Clicca su "do a system scan only"
Metti la spunta a queste voci e clicca su "fix checked"

O4 - HKCU\..\Run: [kxtyqau] rundll32.exe "C:\Users\User\AppData\Roaming\izyew.dll",nsugqh

- Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Tasto destro sull'exe, esegui come amministratore
(non installare la recovery console)
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.

- Sono ancora presenti riferimenti a Norton,
scarica ed esegui questo tool come amministratore (tasto destro esegui)
http://service1.symantec.com/support/in ... 7160511924
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50

Re: C:\Users\User\AppData\Roaming\izyew.dll modulo non trovato

Postdi plutarco2009 » 02/06/09 15:55

Grazie mille, gentilissima. Ora sembra tutto ok!
Codice: Seleziona tutto
ComboFix 09-05-31.06 - User 02/06/2009 16.41.24.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.39.1040.18.2045.1188 [GMT 2:00]
Eseguito da: E:\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\QUAD Utilities
c:\program files\QUAD Utilities\QUAD Registry Cleaner\Vista Scheduler.dll
c:\windows\Fonts\BILANCIA.TTF
c:\windows\system32\E95THK16.EXE
c:\windows\system32\encapi32.dll

.
(((((((((((((((((((((((((   Files Creati Da 2009-05-02 al 2009-06-02  )))))))))))))))))))))))))))))))))))
.

2009-06-02 14:45 . 2009-06-02 14:45   --------   d-----w-   c:\users\User\AppData\Local\temp
2009-06-02 14:13 . 2009-06-02 14:13   --------   d-----w-   c:\programdata\NortonInstaller
2009-06-02 12:14 . 2009-06-02 12:14   --------   d-----w-   c:\program files\Altri programmi
2009-06-01 14:49 . 2009-06-01 14:49   --------   d-----w-   c:\program files\Trend Micro
2009-05-30 21:55 . 2009-05-30 21:55   --------   d-----w-   c:\users\User\AppData\Roaming\Malwarebytes
2009-05-30 21:55 . 2009-05-26 11:20   40160   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-30 21:55 . 2009-05-30 21:55   --------   d-----w-   c:\programdata\Malwarebytes
2009-05-30 21:55 . 2009-05-30 21:55   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-05-30 21:55 . 2009-05-26 11:19   19096   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-05-20 16:11 . 2009-05-16 20:01   1437464   ----a-w-   c:\programdata\Avg8\update\backup\avgupd.dll
2009-05-20 16:11 . 2009-05-16 20:01   755992   ----a-w-   c:\programdata\Avg8\update\backup\avginet.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-02 14:24 . 2009-04-16 19:49   1   ----a-w-   c:\users\User\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-02 14:22 . 2006-11-06 01:52   662846   ----a-w-   c:\windows\system32\perfh010.dat
2009-06-02 14:22 . 2006-11-06 01:52   120326   ----a-w-   c:\windows\system32\perfc010.dat
2009-06-02 13:30 . 2007-09-15 16:11   12978   ----a-w-   c:\users\User\AppData\Roaming\nvModes.dat
.

(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-14 411768]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2006-12-14 493688]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2006-12-11 530552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2006-12-15 577536]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2006-12-13 554640]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-10-29 102400]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-07 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-07 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-07 81920]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-20 1947928]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-11-07 3772416]
"NDSTray.exe"="NDSTray.exe" [BU]

c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-11-25 2134016]
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2008-6-23 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A251D320-8DC4-4943-9CBA-0477EC88A926}"= UDP:c:\program files\Grisoft\AVG Free\avginet.exe:avginet.exe
"{2687BD2F-D338-4697-9399-D2BF8B8BA743}"= TCP:c:\program files\Grisoft\AVG Free\avginet.exe:avginet.exe
"{AB95973D-FAE1-4B1F-8078-909DB1AF0669}"= UDP:c:\program files\Grisoft\AVG Free\avgamsvr.exe:avgamsvr.exe
"{7E21990B-2F11-4C45-8E54-46B171177C4F}"= TCP:c:\program files\Grisoft\AVG Free\avgamsvr.exe:avgamsvr.exe
"{454BD734-52B0-4D3D-B6A0-417B16877FC5}"= UDP:c:\program files\Grisoft\AVG Free\avgcc.exe:avgcc.exe
"{2F371848-7716-48D0-BB51-03AEDA5059B9}"= TCP:c:\program files\Grisoft\AVG Free\avgcc.exe:avgcc.exe
"TCP Query User{82781697-CD52-473F-8501-4362912F8CBD}c:\\program files\\ws_ftp\\ws_ftp95.exe"= UDP:c:\program files\ws_ftp\ws_ftp95.exe:WS_FTP 95
"UDP Query User{D2420A45-CE2F-4812-9E0B-811C9053FFC2}c:\\program files\\ws_ftp\\ws_ftp95.exe"= TCP:c:\program files\ws_ftp\ws_ftp95.exe:WS_FTP 95
"TCP Query User{3EB4B33D-C69C-4432-B3FD-297B4A32E6EF}c:\\program files\\emule\\emule.exe"= Disabled:UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{39659907-7A8D-4211-B925-DB277539F97B}c:\\program files\\emule\\emule.exe"= Disabled:TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{BFBAC5A2-7FB5-4963-8261-4E259562EC4D}c:\\program files\\ws_ftp\\ws_ftp95.exe"= UDP:c:\program files\ws_ftp\ws_ftp95.exe:WS_FTP 95
"UDP Query User{66CB1B12-99C1-4449-9B5D-BFB3577F2788}c:\\program files\\ws_ftp\\ws_ftp95.exe"= TCP:c:\program files\ws_ftp\ws_ftp95.exe:WS_FTP 95
"{7446D682-A04A-47EC-B007-7BDD063D4BDB}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{189FB71B-A286-4FB5-85E5-392DB78CAC15}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{A9BC99CE-052F-40A0-A3F8-3A95333155C1}"= UDP:c:\users\User\AppData\Local\Temp\7zSA2C6.tmp\SymNRT.exe:Norton Removal Tool
"{5D3F2DDC-4894-4A9E-BBC4-312BC5D05C0A}"= TCP:c:\users\User\AppData\Local\Temp\7zSA2C6.tmp\SymNRT.exe:Norton Removal Tool

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [17/01/2009 19.03.28 325896]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [05/02/2009 23.44.47 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [17/01/2009 19.02.52 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [17/01/2009 19.02.50 298776]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [16/12/2006 9.33.02 7168]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17/11/2008 16.40.22 3668480]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-06-01 c:\windows\Tasks\User_Feed_Synchronization-{D9B30BB4-63C0-47D4-A444-A174F9308500}.job
- c:\windows\system32\msfeedssync.exe [2009-05-20 11:31]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
SafeBoot-procexp90.Sys


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-02 16:45
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2009-06-02 16.47.39
ComboFix-quarantined-files.txt  2009-06-02 14:47

Pre-Run: 31.938.564.096 byte disponibili
Post-Run: 32.146.640.896 byte disponibili

149   --- E O F ---   2009-06-02 13:45
plutarco2009
Newbie
 
Post: 2
Iscritto il: 01/06/09 14:53


Torna a Sistemi Operativi Windows


Topic correlati a "C:\Users\User\AppData\Roaming\izyew.dll modulo non trovato":

Nuovo user
Autore: djbrake1977
Forum: Forum off-topic
Risposte: 0

Chi c’è in linea

Visitano il forum: Nessuno e 6 ospiti