Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Errore Isass.exe

Problemi con i sistemi operativi di casa Microsoft? Questa è la sezione che fa per te!

Errore Isass.exe

Messaggioda duomatic » mar apr 28, 2009 1:28 pm

Salve a tutti da alcuni giorni quando accendo il pc compare questa scritta su
sfondo nero "isass.exe - errore di sistema handle specificato non valido",
Specifico meglio:
Sabato all'accensione il pc si è avviato in modalità provvisoria, ho scelto
"Configurazione sicuramente funzionante" ed il pc si è avviato, Domenica ed
anche oggi è comparsa la scritta come suscritto, clicco Alt-Ctrl-Canc el il
pc si avvia normalmente, il pc è aggiornatissimo ho Norton 2009 ed Ad-Aware,
potete darmi una mano?, grazie a tutti
PS. ho provato a fare ripristino configurazione di sistema ma non funziona,
mi dice impossibile ripristinare anche disabilitando la protezione dei prodotti norton.
Aiutatemi!!!
Avatar utente
duomatic
Aficionado
Aficionado
 
Messaggi: 57
Iscritto il: lun apr 26, 2004 5:41 pm
Località: Sardegna

Re: Errore Isass.exe

Messaggioda ste_95 » mar apr 28, 2009 1:32 pm

Scarica ComboFix , salvandolo sul desktop con un nome di fantasia, ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto inserendolo tra i tag LOG, in questo modo:
Codice: Seleziona tutto
[LOG]qui va inserito il log[/LOG]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: Errore Isass.exe

Messaggioda cosmo » mar apr 28, 2009 1:41 pm

Ciao prova anche a fare una scansione con MalwareByte lo trovi qui
.....::::CoSmO::::......
Avatar utente
cosmo
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 1778
Iscritto il: ven ott 24, 2003 1:29 pm
Località: Sicilia


Re: Errore Isass.exe

Messaggioda duomatic » mar apr 28, 2009 2:56 pm

Invio log combofix

ComboFix 09-04-27.04 - Marco 28/04/2009 15.47.27.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1023.297 [GMT 2:00]
Eseguito da: d:\documents and settings\Marco\Desktop\ComboFix.isass.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\recycler\Desktop.ini
d:\windows\IE4 Error Log.txt

.
((((((((((((((((((((((((( Files Creati Da 2009-05-28 al 2009-4-28 )))))))))))))))))))))))))))))))))))
.

2009-04-28 10:52 . 2009-04-28 10:52 -------- d-----w d:\documents and settings\Marco\Dati applicazioni\GRETECH
2009-04-17 07:21 . 2009-04-23 06:47 15688 ----a-w d:\windows\system32\lsdelete.exe
2009-04-17 06:11 . 2009-04-23 06:47 64160 ----a-w d:\windows\system32\drivers\Lbd.sys
2009-04-17 06:09 . 2009-04-17 06:09 -------- dc-h--w d:\documents and settings\All Users\Dati applicazioni\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-04-17 06:09 . 2009-04-17 06:30 -------- d-----r d:\programmi\Lavasoft
2009-04-17 06:09 . 2009-04-17 06:11 -------- d-----w d:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-04-15 05:55 . 2009-02-06 10:10 227840 -c----w d:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 05:55 . 2009-03-06 14:19 286208 -c----w d:\windows\system32\dllcache\pdh.dll
2009-04-15 05:55 . 2009-02-09 11:22 111104 -c----w d:\windows\system32\dllcache\services.exe
2009-04-15 05:55 . 2009-02-09 10:51 401408 -c----w d:\windows\system32\dllcache\rpcss.dll
2009-04-15 05:55 . 2009-02-09 10:51 473600 -c----w d:\windows\system32\dllcache\fastprox.dll
2009-04-15 05:55 . 2009-02-09 10:51 683520 -c----w d:\windows\system32\dllcache\advapi32.dll
2009-04-15 05:55 . 2009-02-09 10:51 734720 -c----w d:\windows\system32\dllcache\lsasrv.dll
2009-04-15 05:55 . 2009-02-09 10:51 453120 -c----w d:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 05:55 . 2009-02-09 10:51 736256 -c----w d:\windows\system32\dllcache\ntdll.dll
2009-04-15 05:55 . 2008-04-21 21:14 219136 -c----w d:\windows\system32\dllcache\wordpad.exe
2009-04-14 11:37 . 2007-07-02 13:02 996648 ----a-w d:\windows\system32\ShellManager10E2D762.dll
2009-04-14 11:14 . 2009-04-14 11:14 -------- d-----w d:\documents and settings\Marco\Dati applicazioni\CyberLink
2009-04-14 11:11 . 2009-04-14 11:11 -------- d-----w d:\documents and settings\All Users\Dati applicazioni\CyberLink
2009-04-14 11:06 . 2009-04-14 14:28 -------- d-----r d:\programmi\CyberLink
2009-04-10 20:49 . 2009-04-11 06:39 -------- d-----r d:\programmi\APC
2009-04-09 06:08 . 2008-04-13 09:45 60032 -c--a-w d:\windows\system32\dllcache\usbaudio.sys
2009-04-09 06:08 . 2008-04-13 09:45 60032 ----a-w d:\windows\system32\drivers\USBAUDIO.sys
2009-04-09 06:08 . 2008-04-13 09:45 32128 -c--a-w d:\windows\system32\dllcache\usbccgp.sys
2009-04-09 06:08 . 2008-04-13 09:45 32128 ----a-w d:\windows\system32\drivers\usbccgp.sys
2009-04-08 12:45 . 2009-04-14 11:35 -------- d-----w d:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\Ahead
2009-04-08 12:43 . 2009-04-08 16:19 -------- d-----w d:\documents and settings\Marco\Dati applicazioni\Ahead
2009-04-08 12:42 . 2009-04-08 12:42 -------- d-----w d:\documents and settings\All Users\Dati applicazioni\Ahead
2009-04-08 12:40 . 2009-04-08 12:42 -------- d-----w d:\programmi\File comuni\Ahead
2009-04-07 16:47 . 2009-04-07 20:33 -------- d-----w d:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\Nero
2009-04-07 11:36 . 2009-04-07 11:36 -------- d-----w d:\documents and settings\Marco\Dati applicazioni\NeroDCTemplates
2009-04-07 10:29 . 2009-04-08 12:40 -------- d-----w d:\documents and settings\All Users\Dati applicazioni\Nero
2009-03-31 06:41 . 2009-04-02 09:02 2274 ----a-w d:\documents and settings\Marco\Dati applicazioni\SAS7_000.DAT
2009-03-31 06:11 . 2009-03-31 06:11 -------- d-----w d:\documents and settings\Marco\Dati applicazioni\Nuance
2009-03-31 06:06 . 2009-03-31 06:12 -------- d-----w d:\windows\speech
2009-03-31 06:05 . 2009-03-31 06:05 -------- d-sh--w d:\documents and settings\LocalService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-28 10:57 . 2002-09-10 12:00 80268 ----a-w d:\windows\system32\perfc010.dat
2009-04-28 10:57 . 2002-09-10 12:00 481664 ----a-w d:\windows\system32\perfh010.dat
2009-04-28 10:52 . 2008-07-24 15:26 24 ----a-w d:\windows\system32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000002-80651102}.dat
2009-04-28 10:52 . 2008-07-24 15:26 24 ----a-w d:\windows\system32\DVCState-{00000002-00000000-00000001-00001102-00000002-80651102}.dat
2009-04-27 14:29 . 2008-08-09 03:52 -------- d-----r d:\programmi\GRETECH
2009-04-22 08:55 . 2009-02-16 09:39 -------- d-----r d:\programmi\FairUse Wizard 2
2009-04-15 13:36 . 2008-07-24 10:56 74040 ----a-w d:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-04-15 09:55 . 2008-07-24 15:07 -------- d--h--w d:\programmi\InstallShield Installation Information
2009-04-15 09:55 . 2009-02-13 13:03 -------- d-----r d:\programmi\SmartSound Software
2009-04-08 12:40 . 2008-07-25 14:35 -------- d-----r d:\programmi\Nero
2009-04-08 10:42 . 2009-02-09 09:07 486552 ----a-w d:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2009-04-06 13:19 . 2008-07-28 13:23 -------- d-----r d:\programmi\JDirPrinter
2009-04-05 13:35 . 2008-08-04 10:41 -------- d-----r d:\programmi\Java
2009-04-02 10:12 . 2008-07-28 10:28 -------- d-----r d:\programmi\Mp3tag
2009-03-31 06:06 . 2008-08-28 07:11 -------- d-----r d:\programmi\Nuance
2009-03-26 07:26 . 2008-12-17 18:30 -------- d-----r d:\programmi\Symantec
2009-03-26 07:26 . 2008-12-17 18:30 60808 ----a-w d:\windows\system32\S32EVNT1.DLL
2009-03-26 07:26 . 2008-12-17 18:30 124464 ----a-w d:\windows\system32\drivers\SYMEVENT.SYS
2009-03-26 07:26 . 2008-07-24 11:25 805 ----a-w d:\windows\system32\drivers\SYMEVENT.INF
2009-03-26 07:26 . 2008-07-24 11:25 7386 ----a-w d:\windows\system32\drivers\SYMEVENT.CAT
2009-03-20 07:36 . 2009-01-13 07:47 -------- d-----r d:\programmi\Orbitdownloader
2009-03-19 07:34 . 2009-03-19 07:34 0 ----a-w d:\windows\system32\REN2D.tmp
2009-03-19 07:34 . 2009-03-19 07:34 0 ----a-w d:\windows\system32\REN2C.tmp
2009-03-19 07:34 . 2009-03-19 07:34 0 ----a-w d:\windows\system32\REN2B.tmp
2009-03-18 16:23 . 2008-07-24 17:56 -------- d-----w d:\programmi\File comuni\Adobe
2009-03-12 09:03 . 2008-12-17 18:30 36400 ----a-r d:\windows\system32\drivers\SymIM.sys
2009-03-09 03:19 . 2008-11-23 07:10 410984 ----a-w d:\windows\system32\deploytk.dll
2009-03-08 07:38 . 2009-03-06 09:54 -------- d-----r d:\programmi\VS Revo Group
2009-03-08 03:34 . 2002-09-10 12:00 914944 ----a-w d:\windows\system32\wininet.dll
2009-03-08 03:34 . 2002-09-10 12:00 43008 ----a-w d:\windows\system32\licmgr10.dll
2009-03-08 03:33 . 2002-09-10 12:00 18944 ----a-w d:\windows\system32\corpol.dll
2009-03-08 03:33 . 2002-09-10 12:00 420352 ----a-w d:\windows\system32\vbscript.dll
2009-03-08 03:32 . 2002-09-10 12:00 72704 ----a-w d:\windows\system32\admparse.dll
2009-03-08 03:32 . 2002-09-10 12:00 71680 ----a-w d:\windows\system32\iesetup.dll
2009-03-08 03:31 . 2002-09-10 12:00 34816 ----a-w d:\windows\system32\imgutil.dll
2009-03-08 03:31 . 2002-09-10 12:00 48128 ----a-w d:\windows\system32\mshtmler.dll
2009-03-08 03:31 . 2002-09-10 12:00 45568 ----a-w d:\windows\system32\mshta.exe
2009-03-08 03:22 . 2002-09-10 12:00 156160 ----a-w d:\windows\system32\msls31.dll
2009-03-07 17:19 . 2008-12-15 07:41 -------- d-----r d:\programmi\XRECODE
2009-03-07 09:14 . 2009-03-07 09:14 94208 ----a-w d:\windows\system32\btrezxp.dll
2009-03-06 14:19 . 2002-09-10 12:00 286208 ----a-w d:\windows\system32\pdh.dll
2009-03-06 11:42 . 2008-12-15 11:38 -------- d-----r d:\programmi\CDex_150
2009-03-06 11:42 . 2008-07-29 10:33 -------- d-----r d:\programmi\Real Alternative
2009-03-06 11:42 . 2008-07-24 14:49 -------- d-----r d:\programmi\Windows Media Connect 2
2009-03-06 10:17 . 2009-03-05 11:01 -------- d-----r d:\programmi\Microsoft IntelliPoint 5.3
2009-03-06 10:17 . 2009-03-06 10:10 -------- d-----r d:\programmi\Microsoft IntelliPoint
2009-03-02 08:01 . 2008-07-25 13:28 -------- d-----r d:\programmi\eMule
2009-02-26 11:32 . 2009-02-26 11:32 307968 ----a-w d:\windows\system32\TuneUpDefragService.exe
2009-02-21 17:25 . 2009-02-21 17:25 80268 ----a-w d:\windows\system32\prfc0410.dat
2009-02-21 17:25 . 2009-02-21 17:25 481664 ----a-w d:\windows\system32\prfh0410.dat
2009-02-09 14:04 . 2002-09-10 12:00 1846784 ----a-w d:\windows\system32\win32k.sys
2009-02-09 11:23 . 2002-09-09 13:34 2027520 ----a-w d:\windows\system32\ntkrnlpa.exe
2009-02-09 11:22 . 2002-09-10 12:00 2148864 ----a-w d:\windows\system32\ntoskrnl.exe
2009-02-09 11:22 . 2002-09-10 12:00 111104 ----a-w d:\windows\system32\services.exe
2009-02-09 10:51 . 2002-09-10 12:00 734720 ----a-w d:\windows\system32\lsasrv.dll
2009-02-09 10:51 . 2002-09-10 12:00 683520 ----a-w d:\windows\system32\advapi32.dll
2009-02-09 10:51 . 2002-09-10 12:00 401408 ----a-w d:\windows\system32\rpcss.dll
2009-02-09 10:51 . 2002-09-10 12:00 736256 ----a-w d:\windows\system32\ntdll.dll
2009-02-06 10:39 . 2002-09-10 12:00 35328 ----a-w d:\windows\system32\sc.exe
2009-02-04 10:45 . 2008-08-14 06:57 73312 ----a-w d:\windows\system32\drivers\adfs.sys
2009-02-03 19:57 . 2002-09-10 12:00 56832 ----a-w d:\windows\system32\secur32.dll
2008-07-31 08:07 . 2008-07-31 08:07 77 --sh--w d:\programmi\File comuni\Desktop.ini
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Tray Commander"="d:\programmi\Tray Commander\TC.exe" [2004-02-17 586752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MemoREX"="d:\programmi\MemoRex\MemoRexStart.exe" [2003-07-29 332288]
"IntelliPoint"="d:\programmi\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"pdfFactory Pro Dispatcher v2"="d:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2005-07-22 483328]
"ISUSPM Startup"="d:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"SunJavaUpdateSched"="d:\programmi\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"NeroFilterCheck"="d:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe Reader Speed Launcher"="d:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Ad-Watch"="d:\programmi\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-23 516440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

d:\documents and settings\Marco\Menu Avvio\Programmi\Esecuzione automatica\
Dragon NaturallySpeaking.lnk - d:\programmi\Nuance\NaturallySpeaking9\Program\natspeak.exe [2006-12-11 2332264]

d:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
APC UPS Status.lnk - d:\programmi\APC\APC PowerChute Personal Edition\Display.exe [2009-4-10 221247]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^APC UPS Status.lnk]
path=d:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\APC UPS Status.lnk
backup=d:\windows\pss\APC UPS Status.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^BTTray.lnk]
path=d:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\BTTray.lnk
backup=d:\windows\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^Marco^Menu Avvio^Programmi^Esecuzione automatica^Whisper 32.lnk]
path=d:\documents and settings\Marco\Menu Avvio\Programmi\Esecuzione automatica\Whisper 32.lnk
backup=d:\windows\pss\Whisper 32.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PDFProFiltSrv"=2 (0x2)
"ose"=3 (0x3)
"NBService"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"getPlus(R) Helper"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"EPSONStatusAgent2"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"CCALib8"=2 (0x2)
"btwdins"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"APC UPS Service"=2 (0x2)
"AdobeActiveFileMonitor5.0"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MsnMsgr"="d:\programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
"IncrediMail"=d:\programmi\IncrediMail\bin\IncMail.exe /c
"ChristmasTree"=d:\documents and settings\Marco\Desktop\Giochi\Christmas\Christmas.exe
"Google Update"="d:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Jet Detection"=d:\programmi\Creative\SBLive\PROGRAM\ADGJDet.exe
"CTStartup"=d:\programmi\Creative\Splash Screen\CTEaxSpl.EXE /run
"ATICCC"="d:\programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
"pdfFactory Pro Dispatcher v2"="d:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"PDFHook"=d:\programmi\Nuance\PDF Professional 5\pdfpro5hook.exe
"PDF5 Registry Controller"=d:\programmi\Nuance\PDF Professional 5\RegistryController.exe
"SSBkgdUpdate"="d:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"ISUSPM Startup"=d:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ISUSScheduler"="d:\programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
"Nuance PDF Professional 5-reminder"="d:\programmi\Nuance\PDF Professional 5\Ereg\Ereg.exe" -r "d:\documents and settings\All Users\Dati applicazioni\Nuance\PDF Professional 5\Ereg\Ereg.ini"
"UpdReg"=d:\windows\UpdReg.EXE
"AdobeCS4ServiceManager"="d:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"WINDVDPatch"=CTHELPER.EXE
"Adobe Reader Speed Launcher"="d:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"LanguageShortcut"=d:\programmi\CyberLink\PowerDVD\Language\Language.exe
"RemoteControl"=d:\programmi\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"d:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=
"d:\\Programmi\\IncrediMail\\bin\\ImApp.exe"=
"d:\\Programmi\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Lupo PenSuite\\Lupo PenSuite v6.64 Full\\Apps\\uTorrent\\uTorrent.exe"=
"d:\\Programmi\\Orbitdownloader\\orbitdm.exe"=
"d:\\Programmi\\Orbitdownloader\\orbitnet.exe"=
"d:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"d:\\Documents and Settings\\Marco\\Impostazioni locali\\Dati applicazioni\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"d:\\Documents and Settings\\Marco\\Impostazioni locali\\Dati applicazioni\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R2 gupdate1c9869dc3c9ac72;Google Update Service (gupdate1c9869dc3c9ac72);d:\programmi\Google\Update\GoogleUpdate.exe [2009-02-04 133104]
R3 btusbflt;Bluetooth USB Filter;d:\windows\system32\drivers\btusbflt.sys [2007-08-14 37296]
R3 getPlus(R) Helper;getPlus(R) Helper;d:\programmi\NOS\bin\getPlus_HelperSvc.exe [2009-03-03 33176]
R3 RTL8187B;Wireless Network USB Adapter 54g WL-168v1.004;d:\windows\system32\DRIVERS\RTL8187B.sys [2007-07-18 264576]
R4 PDFProFiltSrv;PDFProFiltSrv;d:\programmi\Nuance\PDF Professional 5\PDFProFiltSrv.exe [2008-02-02 144672]
S0 Lbd;Lbd;d:\windows\system32\DRIVERS\Lbd.sys [2009-04-23 64160]
S0 SymEFA;Symantec Extended File Attributes;d:\windows\system32\drivers\NIS\1005000.087\SYMEFA.SYS [2009-03-12 310320]
S1 BHDrvx86;Symantec Heuristics Driver;d:\windows\System32\Drivers\NIS\1005000.087\BHDrvx86.sys [2009-03-12 258608]
S1 ccHP;Symantec Hash Provider;d:\windows\System32\Drivers\NIS\1005000.087\ccHPx86.sys [2009-03-20 482352]
S1 IDSxpx86;IDSxpx86;d:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090420.001\IDSxpx86.sys [2009-01-29 276344]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\programmi\Lavasoft\Ad-Aware\AAWService.exe [2009-04-23 953168]
S2 Norton Internet Security;Norton Internet Security;d:\programmi\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [2009-03-12 115560]
S3 Camdrv30;Philips ToUcam XS;d:\windows\system32\Drivers\camdrv30.sys [2001-08-17 171264]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;d:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-25 101936]


--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - uphcleanhlp

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"d:\windows\system32\rundll32.exe" "d:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"d:\programmi\File comuni\LightScribe\LSRunOnce.exe"
.
Contenuto della cartella 'Scheduled Tasks'

2009-04-17 d:\windows\Tasks\Ad-Aware Update (Weekly).job
- d:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 06:47]

2009-04-28 d:\windows\Tasks\GoogleUpdateTaskMachine.job
- d:\programmi\Google\Update\GoogleUpdate.exe [2009-02-04 07:54]

2009-04-28 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-1614895754-839522115-1004.job
- d:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-11-28 09:13]

2009-04-28 d:\windows\Tasks\User_Feed_Synchronization-{54868672-6EBC-4D45-BE54-1162958DDC58}.job
- d:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

2009-04-28 d:\windows\Tasks\Verifica e correzione automatica.job
- d:\programmi\TuneUp Utilities 2008\OneClickStarter.exe [2008-03-03 10:02]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

Toolbar-Locked - (no file)
HKCU-RunOnce-Shockwave Updater - d:\windows\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103470 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; Koma-Mail Embedded Web Browser from: http://bsalsa.com/; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.tiscali.it
uInternet Settings,ProxyOverride = *.local
DPF: DirectAnimation Java Classes - file://d:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://d:\windows\Java\classes\xmldso.cab
DPF: {7F8B2500-3B5D-474C-B828-C766ECE3AB3C} - hxxp://netphone.tiscali.it/netphone/ocx/mosquito.cab
FF - ProfilePath - d:\documents and settings\Marco\Dati applicazioni\Mozilla\Firefox\Profiles\scttvnry.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.tiscali.it/
FF - component: d:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: d:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: d:\documents and settings\Marco\Dati applicazioni\Mozilla\plugins\npgoogletalk.dll
FF - plugin: d:\documents and settings\Marco\Dati applicazioni\Mozilla\plugins\npPxPlay.dll
FF - plugin: d:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: d:\programmi\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: d:\programmi\Mozilla Firefox\plugins\npyaxmpb.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-28 15:49
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1220945662-1614895754-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{17780481-139F-CD5E-E667-FD5F6542D13C}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oaicdpppnplobglihgfilemkhbipkp"=hex:64,61,70,61,6d,6e,70,66,00,50
"oamjdgellkhkjjbooigmdnfailnmbf"=hex:6b,61,70,61,6e,6e,6b,70,62,6b,62,6f,61,62,
70,63,6d,70,6d,68,68,64,00,00
"nakijajancliajchdifnjhngfhee"=hex:6b,61,70,61,6e,6e,6b,70,62,6b,62,6f,61,62,
70,63,6d,70,6d,68,68,64,00,00
"eaejdfhmge"=hex:66,61,6c,63,6b,6b,67,63,66,6d,6f,6a,00,e3
"cajcba"=hex:6b,62,63,61,6c,6f,63,6c,63,6e,6f,68,61,63,61,65,61,6b,6f,6f,6c,67,
64,62,63,61,6d,61,63,67,70,67,65,6d,6c,6e,6f,69,63,62,65,6f,6f,6b,70,69,65,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,e6,2b,24,10,9a,
26,91,a8,c8,28,51,af,b0,29,a3,98,2d,ae,d0,73,89,03,9d,08,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,8f,77,60,fc,72,
d8,39,a4,71,3b,04,66,8b,46,0d,96,0c,b8,1d,65,18,1c,c3,59,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,b6,c7,8e,2c,e8,
19,c9,f6,25,da,ec,7e,55,20,c9,26,55,de,c4,98,a5,0b,7a,8b,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,cc,20,24,60,65,
91,c7,2e,3e,1e,9e,e0,57,5a,93,61,e0,74,9f,a4,1b,95,5c,77,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,b2,b1,b5,94,7e,
6f,fd,db,cd,44,cd,b9,a6,33,6c,cd,c1,ed,b5,d6,8b,7d,d3,a9,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,eb,11,37,65,be,
e8,97,b9,b0,18,ed,a7,3f,8d,37,a4,0e,da,9d,6e,94,33,af,b6,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,b0,52,b9,69,7a,
96,4d,4c,31,77,e1,ba,b1,f8,68,02,f7,63,a8,90,e7,ea,f5,1c,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,e2,0e,10,e0,c6,
03,93,52,83,6c,56,8b,a0,85,96,ab,bf,3c,41,6d,d9,71,38,e5,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,db,8f,71,6c,67,
d8,a2,77,51,fa,6e,91,28,9e,14,cc,d3,81,26,a7,57,d1,5c,83,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,82,51,b6,58,8a,
1c,b4,2c,b1,cd,45,5a,a8,c4,f8,b9,23,b6,3e,34,ff,06,df,5b,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,78,a2,9c,36,f6,
93,0f,f7,e3,0e,66,d5,eb,bc,2f,6b,ff,a7,09,c5,df,6c,ba,d7,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,f4,2c,f7,39,90,
04,24,74,fa,ea,66,7f,d4,3b,6b,70,ef,5e,73,e2,9c,f0,c0,b2,6c,43,2d,1e,aa,22,\
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(784)
d:\windows\system32\Ati2evxx.dll
d:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Ora fine scansione: 2009-04-28 15.51.45
ComboFix-quarantined-files.txt 2009-04-28 13:51

Pre-Run: 74.702.741.504 byte disponibili
Post-Run: 74.739.544.064 byte disponibili

WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(1)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

375 --- E O F --- 2009-04-15 06:00
Ultima modifica di ba_61 il mar apr 28, 2009 3:21 pm, modificato 1 volta in totale.
Motivazione: Tag Log
Avatar utente
duomatic
Aficionado
Aficionado
 
Messaggi: 57
Iscritto il: lun apr 26, 2004 5:41 pm
Località: Sardegna

Re: Errore Isass.exe

Messaggioda ba_61 » mar apr 28, 2009 3:22 pm

Codice: Seleziona tutto
[log] Testo [/log]
Avatar utente
ba_61
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 6290
Iscritto il: lun gen 10, 2005 11:36 pm

Re: Errore Isass.exe

Messaggioda duomatic » mar apr 28, 2009 4:40 pm

Hai visto il log di combofix?, forse sbaglio qualcosa?
Avatar utente
duomatic
Aficionado
Aficionado
 
Messaggi: 57
Iscritto il: lun apr 26, 2004 5:41 pm
Località: Sardegna

Re: Errore Isass.exe

Messaggioda ba_61 » mar apr 28, 2009 4:45 pm

duomatic ha scritto:Hai visto il log di combofix?, forse sbaglio qualcosa?

L'ho corretto e ti ho postato come inserire i log:

post380083.html#p380083
Avatar utente
ba_61
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 6290
Iscritto il: lun gen 10, 2005 11:36 pm

Re: Errore Isass.exe

Messaggioda duomatic » mar apr 28, 2009 5:32 pm

ComboFix 09-04-27.04 - Marco 28/04/2009 15.47.27.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1023.297 [GMT 2:00]
Eseguito da: d:\documents and settings\Marco\Desktop\ComboFix.isass.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\recycler\Desktop.ini
d:\windows\IE4 Error Log.txt

.
((((((((((((((((((((((((( Files Creati Da 2009-05-28 al 2009-4-28 )))))))))))))))))))))))))))))))))))
.

2009-04-28 10:52 . 2009-04-28 10:52 -------- d-----w d:\documents and settings\Marco\Dati applicazioni\GRETECH
2009-04-17 07:21 . 2009-04-23 06:47 15688 ----a-w d:\windows\system32\lsdelete.exe
2009-04-17 06:11 . 2009-04-23 06:47 64160 ----a-w d:\windows\system32\drivers\Lbd.sys
2009-04-17 06:09 . 2009-04-17 06:09 -------- dc-h--w d:\documents and settings\All Users\Dati applicazioni\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-04-17 06:09 . 2009-04-17 06:30 -------- d-----r d:\programmi\Lavasoft
2009-04-17 06:09 . 2009-04-17 06:11 -------- d-----w d:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-04-15 05:55 . 2009-02-06 10:10 227840 -c----w d:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 05:55 . 2009-03-06 14:19 286208 -c----w d:\windows\system32\dllcache\pdh.dll
2009-04-15 05:55 . 2009-02-09 11:22 111104 -c----w d:\windows\system32\dllcache\services.exe
2009-04-15 05:55 . 2009-02-09 10:51 401408 -c----w d:\windows\system32\dllcache\rpcss.dll
2009-04-15 05:55 . 2009-02-09 10:51 473600 -c----w d:\windows\system32\dllcache\fastprox.dll
2009-04-15 05:55 . 2009-02-09 10:51 683520 -c----w d:\windows\system32\dllcache\advapi32.dll
2009-04-15 05:55 . 2009-02-09 10:51 734720 -c----w d:\windows\system32\dllcache\lsasrv.dll
2009-04-15 05:55 . 2009-02-09 10:51 453120 -c----w d:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 05:55 . 2009-02-09 10:51 736256 -c----w d:\windows\system32\dllcache\ntdll.dll
2009-04-15 05:55 . 2008-04-21 21:14 219136 -c----w d:\windows\system32\dllcache\wordpad.exe
2009-04-14 11:37 . 2007-07-02 13:02 996648 ----a-w d:\windows\system32\ShellManager10E2D762.dll
2009-04-14 11:14 . 2009-04-14 11:14 -------- d-----w d:\documents and settings\Marco\Dati applicazioni\CyberLink
2009-04-14 11:11 . 2009-04-14 11:11 -------- d-----w d:\documents and settings\All Users\Dati applicazioni\CyberLink
2009-04-14 11:06 . 2009-04-14 14:28 -------- d-----r d:\programmi\CyberLink
2009-04-10 20:49 . 2009-04-11 06:39 -------- d-----r d:\programmi\APC
2009-04-09 06:08 . 2008-04-13 09:45 60032 -c--a-w d:\windows\system32\dllcache\usbaudio.sys
2009-04-09 06:08 . 2008-04-13 09:45 60032 ----a-w d:\windows\system32\drivers\USBAUDIO.sys
2009-04-09 06:08 . 2008-04-13 09:45 32128 -c--a-w d:\windows\system32\dllcache\usbccgp.sys
2009-04-09 06:08 . 2008-04-13 09:45 32128 ----a-w d:\windows\system32\drivers\usbccgp.sys
2009-04-08 12:45 . 2009-04-14 11:35 -------- d-----w d:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\Ahead
2009-04-08 12:43 . 2009-04-08 16:19 -------- d-----w d:\documents and settings\Marco\Dati applicazioni\Ahead
2009-04-08 12:42 . 2009-04-08 12:42 -------- d-----w d:\documents and settings\All Users\Dati applicazioni\Ahead
2009-04-08 12:40 . 2009-04-08 12:42 -------- d-----w d:\programmi\File comuni\Ahead
2009-04-07 16:47 . 2009-04-07 20:33 -------- d-----w d:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\Nero
2009-04-07 11:36 . 2009-04-07 11:36 -------- d-----w d:\documents and settings\Marco\Dati applicazioni\NeroDCTemplates
2009-04-07 10:29 . 2009-04-08 12:40 -------- d-----w d:\documents and settings\All Users\Dati applicazioni\Nero
2009-03-31 06:41 . 2009-04-02 09:02 2274 ----a-w d:\documents and settings\Marco\Dati applicazioni\SAS7_000.DAT
2009-03-31 06:11 . 2009-03-31 06:11 -------- d-----w d:\documents and settings\Marco\Dati applicazioni\Nuance
2009-03-31 06:06 . 2009-03-31 06:12 -------- d-----w d:\windows\speech
2009-03-31 06:05 . 2009-03-31 06:05 -------- d-sh--w d:\documents and settings\LocalService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-28 10:57 . 2002-09-10 12:00 80268 ----a-w d:\windows\system32\perfc010.dat
2009-04-28 10:57 . 2002-09-10 12:00 481664 ----a-w d:\windows\system32\perfh010.dat
2009-04-28 10:52 . 2008-07-24 15:26 24 ----a-w d:\windows\system32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000002-80651102}.dat
2009-04-28 10:52 . 2008-07-24 15:26 24 ----a-w d:\windows\system32\DVCState-{00000002-00000000-00000001-00001102-00000002-80651102}.dat
2009-04-27 14:29 . 2008-08-09 03:52 -------- d-----r d:\programmi\GRETECH
2009-04-22 08:55 . 2009-02-16 09:39 -------- d-----r d:\programmi\FairUse Wizard 2
2009-04-15 13:36 . 2008-07-24 10:56 74040 ----a-w d:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-04-15 09:55 . 2008-07-24 15:07 -------- d--h--w d:\programmi\InstallShield Installation Information
2009-04-15 09:55 . 2009-02-13 13:03 -------- d-----r d:\programmi\SmartSound Software
2009-04-08 12:40 . 2008-07-25 14:35 -------- d-----r d:\programmi\Nero
2009-04-08 10:42 . 2009-02-09 09:07 486552 ----a-w d:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2009-04-06 13:19 . 2008-07-28 13:23 -------- d-----r d:\programmi\JDirPrinter
2009-04-05 13:35 . 2008-08-04 10:41 -------- d-----r d:\programmi\Java
2009-04-02 10:12 . 2008-07-28 10:28 -------- d-----r d:\programmi\Mp3tag
2009-03-31 06:06 . 2008-08-28 07:11 -------- d-----r d:\programmi\Nuance
2009-03-26 07:26 . 2008-12-17 18:30 -------- d-----r d:\programmi\Symantec
2009-03-26 07:26 . 2008-12-17 18:30 60808 ----a-w d:\windows\system32\S32EVNT1.DLL
2009-03-26 07:26 . 2008-12-17 18:30 124464 ----a-w d:\windows\system32\drivers\SYMEVENT.SYS
2009-03-26 07:26 . 2008-07-24 11:25 805 ----a-w d:\windows\system32\drivers\SYMEVENT.INF
2009-03-26 07:26 . 2008-07-24 11:25 7386 ----a-w d:\windows\system32\drivers\SYMEVENT.CAT
2009-03-20 07:36 . 2009-01-13 07:47 -------- d-----r d:\programmi\Orbitdownloader
2009-03-19 07:34 . 2009-03-19 07:34 0 ----a-w d:\windows\system32\REN2D.tmp
2009-03-19 07:34 . 2009-03-19 07:34 0 ----a-w d:\windows\system32\REN2C.tmp
2009-03-19 07:34 . 2009-03-19 07:34 0 ----a-w d:\windows\system32\REN2B.tmp
2009-03-18 16:23 . 2008-07-24 17:56 -------- d-----w d:\programmi\File comuni\Adobe
2009-03-12 09:03 . 2008-12-17 18:30 36400 ----a-r d:\windows\system32\drivers\SymIM.sys
2009-03-09 03:19 . 2008-11-23 07:10 410984 ----a-w d:\windows\system32\deploytk.dll
2009-03-08 07:38 . 2009-03-06 09:54 -------- d-----r d:\programmi\VS Revo Group
2009-03-08 03:34 . 2002-09-10 12:00 914944 ----a-w d:\windows\system32\wininet.dll
2009-03-08 03:34 . 2002-09-10 12:00 43008 ----a-w d:\windows\system32\licmgr10.dll
2009-03-08 03:33 . 2002-09-10 12:00 18944 ----a-w d:\windows\system32\corpol.dll
2009-03-08 03:33 . 2002-09-10 12:00 420352 ----a-w d:\windows\system32\vbscript.dll
2009-03-08 03:32 . 2002-09-10 12:00 72704 ----a-w d:\windows\system32\admparse.dll
2009-03-08 03:32 . 2002-09-10 12:00 71680 ----a-w d:\windows\system32\iesetup.dll
2009-03-08 03:31 . 2002-09-10 12:00 34816 ----a-w d:\windows\system32\imgutil.dll
2009-03-08 03:31 . 2002-09-10 12:00 48128 ----a-w d:\windows\system32\mshtmler.dll
2009-03-08 03:31 . 2002-09-10 12:00 45568 ----a-w d:\windows\system32\mshta.exe
2009-03-08 03:22 . 2002-09-10 12:00 156160 ----a-w d:\windows\system32\msls31.dll
2009-03-07 17:19 . 2008-12-15 07:41 -------- d-----r d:\programmi\XRECODE
2009-03-07 09:14 . 2009-03-07 09:14 94208 ----a-w d:\windows\system32\btrezxp.dll
2009-03-06 14:19 . 2002-09-10 12:00 286208 ----a-w d:\windows\system32\pdh.dll
2009-03-06 11:42 . 2008-12-15 11:38 -------- d-----r d:\programmi\CDex_150
2009-03-06 11:42 . 2008-07-29 10:33 -------- d-----r d:\programmi\Real Alternative
2009-03-06 11:42 . 2008-07-24 14:49 -------- d-----r d:\programmi\Windows Media Connect 2
2009-03-06 10:17 . 2009-03-05 11:01 -------- d-----r d:\programmi\Microsoft IntelliPoint 5.3
2009-03-06 10:17 . 2009-03-06 10:10 -------- d-----r d:\programmi\Microsoft IntelliPoint
2009-03-02 08:01 . 2008-07-25 13:28 -------- d-----r d:\programmi\eMule
2009-02-26 11:32 . 2009-02-26 11:32 307968 ----a-w d:\windows\system32\TuneUpDefragService.exe
2009-02-21 17:25 . 2009-02-21 17:25 80268 ----a-w d:\windows\system32\prfc0410.dat
2009-02-21 17:25 . 2009-02-21 17:25 481664 ----a-w d:\windows\system32\prfh0410.dat
2009-02-09 14:04 . 2002-09-10 12:00 1846784 ----a-w d:\windows\system32\win32k.sys
2009-02-09 11:23 . 2002-09-09 13:34 2027520 ----a-w d:\windows\system32\ntkrnlpa.exe
2009-02-09 11:22 . 2002-09-10 12:00 2148864 ----a-w d:\windows\system32\ntoskrnl.exe
2009-02-09 11:22 . 2002-09-10 12:00 111104 ----a-w d:\windows\system32\services.exe
2009-02-09 10:51 . 2002-09-10 12:00 734720 ----a-w d:\windows\system32\lsasrv.dll
2009-02-09 10:51 . 2002-09-10 12:00 683520 ----a-w d:\windows\system32\advapi32.dll
2009-02-09 10:51 . 2002-09-10 12:00 401408 ----a-w d:\windows\system32\rpcss.dll
2009-02-09 10:51 . 2002-09-10 12:00 736256 ----a-w d:\windows\system32\ntdll.dll
2009-02-06 10:39 . 2002-09-10 12:00 35328 ----a-w d:\windows\system32\sc.exe
2009-02-04 10:45 . 2008-08-14 06:57 73312 ----a-w d:\windows\system32\drivers\adfs.sys
2009-02-03 19:57 . 2002-09-10 12:00 56832 ----a-w d:\windows\system32\secur32.dll
2008-07-31 08:07 . 2008-07-31 08:07 77 --sh--w d:\programmi\File comuni\Desktop.ini
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Tray Commander"="d:\programmi\Tray Commander\TC.exe" [2004-02-17 586752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MemoREX"="d:\programmi\MemoRex\MemoRexStart.exe" [2003-07-29 332288]
"IntelliPoint"="d:\programmi\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"pdfFactory Pro Dispatcher v2"="d:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2005-07-22 483328]
"ISUSPM Startup"="d:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"SunJavaUpdateSched"="d:\programmi\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"NeroFilterCheck"="d:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe Reader Speed Launcher"="d:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Ad-Watch"="d:\programmi\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-23 516440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

d:\documents and settings\Marco\Menu Avvio\Programmi\Esecuzione automatica\
Dragon NaturallySpeaking.lnk - d:\programmi\Nuance\NaturallySpeaking9\Program\natspeak.exe [2006-12-11 2332264]

d:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
APC UPS Status.lnk - d:\programmi\APC\APC PowerChute Personal Edition\Display.exe [2009-4-10 221247]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^APC UPS Status.lnk]
path=d:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\APC UPS Status.lnk
backup=d:\windows\pss\APC UPS Status.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^BTTray.lnk]
path=d:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\BTTray.lnk
backup=d:\windows\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^Marco^Menu Avvio^Programmi^Esecuzione automatica^Whisper 32.lnk]
path=d:\documents and settings\Marco\Menu Avvio\Programmi\Esecuzione automatica\Whisper 32.lnk
backup=d:\windows\pss\Whisper 32.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PDFProFiltSrv"=2 (0x2)
"ose"=3 (0x3)
"NBService"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"getPlus(R) Helper"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"EPSONStatusAgent2"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"CCALib8"=2 (0x2)
"btwdins"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"APC UPS Service"=2 (0x2)
"AdobeActiveFileMonitor5.0"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MsnMsgr"="d:\programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
"IncrediMail"=d:\programmi\IncrediMail\bin\IncMail.exe /c
"ChristmasTree"=d:\documents and settings\Marco\Desktop\Giochi\Christmas\Christmas.exe
"Google Update"="d:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Jet Detection"=d:\programmi\Creative\SBLive\PROGRAM\ADGJDet.exe
"CTStartup"=d:\programmi\Creative\Splash Screen\CTEaxSpl.EXE /run
"ATICCC"="d:\programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
"pdfFactory Pro Dispatcher v2"="d:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"PDFHook"=d:\programmi\Nuance\PDF Professional 5\pdfpro5hook.exe
"PDF5 Registry Controller"=d:\programmi\Nuance\PDF Professional 5\RegistryController.exe
"SSBkgdUpdate"="d:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"ISUSPM Startup"=d:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ISUSScheduler"="d:\programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
"Nuance PDF Professional 5-reminder"="d:\programmi\Nuance\PDF Professional 5\Ereg\Ereg.exe" -r "d:\documents and settings\All Users\Dati applicazioni\Nuance\PDF Professional 5\Ereg\Ereg.ini"
"UpdReg"=d:\windows\UpdReg.EXE
"AdobeCS4ServiceManager"="d:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"WINDVDPatch"=CTHELPER.EXE
"Adobe Reader Speed Launcher"="d:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"LanguageShortcut"=d:\programmi\CyberLink\PowerDVD\Language\Language.exe
"RemoteControl"=d:\programmi\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"d:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=
"d:\\Programmi\\IncrediMail\\bin\\ImApp.exe"=
"d:\\Programmi\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Lupo PenSuite\\Lupo PenSuite v6.64 Full\\Apps\\uTorrent\\uTorrent.exe"=
"d:\\Programmi\\Orbitdownloader\\orbitdm.exe"=
"d:\\Programmi\\Orbitdownloader\\orbitnet.exe"=
"d:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"d:\\Documents and Settings\\Marco\\Impostazioni locali\\Dati applicazioni\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"d:\\Documents and Settings\\Marco\\Impostazioni locali\\Dati applicazioni\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R2 gupdate1c9869dc3c9ac72;Google Update Service (gupdate1c9869dc3c9ac72);d:\programmi\Google\Update\GoogleUpdate.exe [2009-02-04 133104]
R3 btusbflt;Bluetooth USB Filter;d:\windows\system32\drivers\btusbflt.sys [2007-08-14 37296]
R3 getPlus(R) Helper;getPlus(R) Helper;d:\programmi\NOS\bin\getPlus_HelperSvc.exe [2009-03-03 33176]
R3 RTL8187B;Wireless Network USB Adapter 54g WL-168v1.004;d:\windows\system32\DRIVERS\RTL8187B.sys [2007-07-18 264576]
R4 PDFProFiltSrv;PDFProFiltSrv;d:\programmi\Nuance\PDF Professional 5\PDFProFiltSrv.exe [2008-02-02 144672]
S0 Lbd;Lbd;d:\windows\system32\DRIVERS\Lbd.sys [2009-04-23 64160]
S0 SymEFA;Symantec Extended File Attributes;d:\windows\system32\drivers\NIS\1005000.087\SYMEFA.SYS [2009-03-12 310320]
S1 BHDrvx86;Symantec Heuristics Driver;d:\windows\System32\Drivers\NIS\1005000.087\BHDrvx86.sys [2009-03-12 258608]
S1 ccHP;Symantec Hash Provider;d:\windows\System32\Drivers\NIS\1005000.087\ccHPx86.sys [2009-03-20 482352]
S1 IDSxpx86;IDSxpx86;d:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090420.001\IDSxpx86.sys [2009-01-29 276344]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\programmi\Lavasoft\Ad-Aware\AAWService.exe [2009-04-23 953168]
S2 Norton Internet Security;Norton Internet Security;d:\programmi\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [2009-03-12 115560]
S3 Camdrv30;Philips ToUcam XS;d:\windows\system32\Drivers\camdrv30.sys [2001-08-17 171264]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;d:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-25 101936]


--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - uphcleanhlp

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"d:\windows\system32\rundll32.exe" "d:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"d:\programmi\File comuni\LightScribe\LSRunOnce.exe"
.
Contenuto della cartella 'Scheduled Tasks'

2009-04-17 d:\windows\Tasks\Ad-Aware Update (Weekly).job
- d:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 06:47]

2009-04-28 d:\windows\Tasks\GoogleUpdateTaskMachine.job
- d:\programmi\Google\Update\GoogleUpdate.exe [2009-02-04 07:54]

2009-04-28 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-1614895754-839522115-1004.job
- d:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-11-28 09:13]

2009-04-28 d:\windows\Tasks\User_Feed_Synchronization-{54868672-6EBC-4D45-BE54-1162958DDC58}.job
- d:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

2009-04-28 d:\windows\Tasks\Verifica e correzione automatica.job
- d:\programmi\TuneUp Utilities 2008\OneClickStarter.exe [2008-03-03 10:02]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

Toolbar-Locked - (no file)
HKCU-RunOnce-Shockwave Updater - d:\windows\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103470 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; Koma-Mail Embedded Web Browser from: http://bsalsa.com/; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.tiscali.it
uInternet Settings,ProxyOverride = *.local
DPF: DirectAnimation Java Classes - file://d:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://d:\windows\Java\classes\xmldso.cab
DPF: {7F8B2500-3B5D-474C-B828-C766ECE3AB3C} - hxxp://netphone.tiscali.it/netphone/ocx/mosquito.cab
FF - ProfilePath - d:\documents and settings\Marco\Dati applicazioni\Mozilla\Firefox\Profiles\scttvnry.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.tiscali.it/
FF - component: d:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: d:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: d:\documents and settings\Marco\Dati applicazioni\Mozilla\plugins\npgoogletalk.dll
FF - plugin: d:\documents and settings\Marco\Dati applicazioni\Mozilla\plugins\npPxPlay.dll
FF - plugin: d:\documents and settings\Marco\Impostazioni locali\Dati applicazioni\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: d:\programmi\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: d:\programmi\Mozilla Firefox\plugins\npyaxmpb.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-28 15:49
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1220945662-1614895754-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{17780481-139F-CD5E-E667-FD5F6542D13C}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oaicdpppnplobglihgfilemkhbipkp"=hex:64,61,70,61,6d,6e,70,66,00,50
"oamjdgellkhkjjbooigmdnfailnmbf"=hex:6b,61,70,61,6e,6e,6b,70,62,6b,62,6f,61,62,
70,63,6d,70,6d,68,68,64,00,00
"nakijajancliajchdifnjhngfhee"=hex:6b,61,70,61,6e,6e,6b,70,62,6b,62,6f,61,62,
70,63,6d,70,6d,68,68,64,00,00
"eaejdfhmge"=hex:66,61,6c,63,6b,6b,67,63,66,6d,6f,6a,00,e3
"cajcba"=hex:6b,62,63,61,6c,6f,63,6c,63,6e,6f,68,61,63,61,65,61,6b,6f,6f,6c,67,
64,62,63,61,6d,61,63,67,70,67,65,6d,6c,6e,6f,69,63,62,65,6f,6f,6b,70,69,65,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,e6,2b,24,10,9a,
26,91,a8,c8,28,51,af,b0,29,a3,98,2d,ae,d0,73,89,03,9d,08,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,8f,77,60,fc,72,
d8,39,a4,71,3b,04,66,8b,46,0d,96,0c,b8,1d,65,18,1c,c3,59,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,b6,c7,8e,2c,e8,
19,c9,f6,25,da,ec,7e,55,20,c9,26,55,de,c4,98,a5,0b,7a,8b,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,cc,20,24,60,65,
91,c7,2e,3e,1e,9e,e0,57,5a,93,61,e0,74,9f,a4,1b,95,5c,77,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,b2,b1,b5,94,7e,
6f,fd,db,cd,44,cd,b9,a6,33,6c,cd,c1,ed,b5,d6,8b,7d,d3,a9,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,eb,11,37,65,be,
e8,97,b9,b0,18,ed,a7,3f,8d,37,a4,0e,da,9d,6e,94,33,af,b6,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,b0,52,b9,69,7a,
96,4d,4c,31,77,e1,ba,b1,f8,68,02,f7,63,a8,90,e7,ea,f5,1c,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,e2,0e,10,e0,c6,
03,93,52,83,6c,56,8b,a0,85,96,ab,bf,3c,41,6d,d9,71,38,e5,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,db,8f,71,6c,67,
d8,a2,77,51,fa,6e,91,28,9e,14,cc,d3,81,26,a7,57,d1,5c,83,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,82,51,b6,58,8a,
1c,b4,2c,b1,cd,45,5a,a8,c4,f8,b9,23,b6,3e,34,ff,06,df,5b,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,78,a2,9c,36,f6,
93,0f,f7,e3,0e,66,d5,eb,bc,2f,6b,ff,a7,09,c5,df,6c,ba,d7,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,f4,2c,f7,39,90,
04,24,74,fa,ea,66,7f,d4,3b,6b,70,ef,5e,73,e2,9c,f0,c0,b2,6c,43,2d,1e,aa,22,\
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(784)
d:\windows\system32\Ati2evxx.dll
d:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Ora fine scansione: 2009-04-28 15.51.45
ComboFix-quarantined-files.txt 2009-04-28 13:51

Pre-Run: 74.702.741.504 byte disponibili
Post-Run: 74.739.544.064 byte disponibili

WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(1)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

375 --- E O F --- 2009-04-15 06:00
Avatar utente
duomatic
Aficionado
Aficionado
 
Messaggi: 57
Iscritto il: lun apr 26, 2004 5:41 pm
Località: Sardegna


Torna a Sistema Operativo

Chi c’è in linea

Visitano il forum: Nessuno e 4 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising