ciao FrancescoFDAC,
ecco il report di combofix.
Ho dovuto collegarmi come amministrattore per lanciare il tutto. Spero nn sia un problema.
Quando sono collegata "normalmente" mi compaiono i "Trojan.Gen"; invece quando sono come amministrattore, mi vengono i "BloodHound.MalPE".
ComboFix 11-10-20.05 - cpr-dea-admin 20/10/2011 18.48.48.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3582.2590 [GMT 2:00]
Eseguito da: c:\documents and settings\cpr-dea-admin\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\cpr-dea-admin\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
FILE ::
"c:\documents and settings\Christine\Impostazioni locali\Dati applicazioni\WavXMapDrive.bat"
"c:\documents and settings\cpr-dea-admin\Impostazioni locali\Dati applicazioni\WavXMapDrive.bat"
"c:\programmi\Broadcom\ASFIPMon\AsfIpMon.exe"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\bin
c:\bin\Connex_Main.exe
c:\bin\Desibco_loop.exe
c:\bin\L_S_MULTIFUELS_profili.exe
c:\bin\Scamas_new.exe
C:\Carna
c:\carna\Job\BRSud3_P2\Data\BRSud3_P2.ASH
c:\carna\Job\BRSud3_P2\Data\BRSud3_P2.CHAR005
c:\carna\Job\BRSud3_P2\Data\BRSud3_P2.CHAR015
c:\carna\Job\BRSud3_P2\Data\BRSud3_P2.CHAR035
c:\carna\Job\BRSud3_P2\Data\BRSud3_P2.CHAR075
c:\carna\Job\BRSud3_P2\Data\BRSud3_P2.CHAR150
c:\carna\Job\BRSud3_P2\Data\BRSud3_P2.CHAR250
c:\carna\Job\BRSud3_P2\Data\BRSud3_P2.CO
c:\carna\Job\BRSud3_P2\Data\BRSud3_P2.CO2
c:\carna\Job\BRSud3_P2\Data\BRSud3_P2.COAL
c:\carna\Job\BRSud3_P2\Data\BRSud3_P2.esc
c:\carna\Job\BRSud3_P2\Data\BRSud3_P2.H
c:\carna\Job\BRSud3_P2\Data\BRSud3_P2.H2
c:\carna\Job\BRSud3_P2\Data\BRSud3_P2.H2O
c:\carna\Job\BRSud3_P2\Data\BRSud3_P2.METANO
c:\carna\Job\BRSud3_P2\Data\BRSud3_P2.n2
c:\carna\Job\BRSud3_P2\Data\BRSud3_P2.O
c:\carna\Job\BRSud3_P2\Data\BRSud3_P2.O2
c:\carna\Job\BRSud3_P2\Data\BRSud3_P2.OH
c:\carna\Job\BRSud3_P2\Data\BRSud3_P2.ro
c:\carna\Job\BRSud3_P2\Data\BRSud3_P2.STE
c:\carna\Job\BRSud3_P2\Data\BRSud3_P2.TAR
c:\carna\Job\BRSud3_P2\Data\BRSud3_P2.temp
c:\carna\Job\BRSud3_P2\Data\Connex_BRSud_P2_500.inp
c:\carna\Job\BRSud3_P2\Data\Connex_BRSud_P2_500.out
c:\carna\Job\BRSud3_P2\Data\Connex_BRSud_P2_500_pippo.out
c:\carna\Job\BRSud3_P2\Data\Connex_FUS3_G01_500.inp
c:\carna\Job\BRSud3_P2\Data\Connex_FUS3_G01_500_modif.inp
c:\carna\Job\BRSud3_P2\Data\CONNEX_MULTIFUELS_base.BAT
c:\carna\Job\BRSud3_P2\Data\ipse.dat
c:\carna\Job\BRSud3_P2\Data\l_s_MULTIFUELS.bat
c:\carna\Job\BRSud3_P2\Data\l_s_MULTIFUELS.inp
c:\carna\Job\BRSud3_P2\Data\l_s_MULTIFuelS.out
c:\carna\Job\BRSud3_P2\Data\pippo.out
c:\carna\Job\BRSud3_P2\Data\Scamas_new.bat
c:\carna\Job\BRSud3_P2\Data\Scamas_new.inp
c:\carna\Job\BRSud3_P2\Data\ste_media_Z.dat
c:\carna\Job\BRSud3_P2\Data\STECH.dat
c:\carna\Job\FUS3_G01\Data\Connex_FUS3_G01_1500_Mesh.out
c:\carna\Job\FUS3_G01\Data\Connex_FUS3_G01_1500_pippo.out
c:\carna\Job\FUS3_G01\Data\Connex_FUS3_G01_500.inp
c:\carna\Job\FUS3_G01\Data\Connex_FUS3_G01_500.out
c:\carna\Job\FUS3_G01\Data\Connex_FUS3_G01_500_modif.inp
c:\carna\Job\FUS3_G01\Data\CONNEX_MULTIFUELS_base.BAT
c:\carna\Job\FUS3_G01\Data\FUS3_G01.#classe_new
c:\carna\Job\FUS3_G01\Data\FUS3_G01.CO
c:\carna\Job\FUS3_G01\Data\FUS3_G01.CO2
c:\carna\Job\FUS3_G01\Data\FUS3_G01.esc
c:\carna\Job\FUS3_G01\Data\FUS3_G01.H
c:\carna\Job\FUS3_G01\Data\FUS3_G01.H2
c:\carna\Job\FUS3_G01\Data\FUS3_G01.H2O
c:\carna\Job\FUS3_G01\Data\FUS3_G01.indmix_new
c:\carna\Job\FUS3_G01\Data\FUS3_G01.METANO
c:\carna\Job\FUS3_G01\Data\FUS3_G01.N2
c:\carna\Job\FUS3_G01\Data\FUS3_G01.O
c:\carna\Job\FUS3_G01\Data\FUS3_G01.O2
c:\carna\Job\FUS3_G01\Data\FUS3_G01.OH
c:\carna\Job\FUS3_G01\Data\FUS3_G01.port_s
c:\carna\Job\FUS3_G01\Data\FUS3_G01.ro
c:\carna\Job\FUS3_G01\Data\FUS3_G01.SA_ASH
c:\carna\Job\FUS3_G01\Data\FUS3_G01.SA_CHAR001
c:\carna\Job\FUS3_G01\Data\FUS3_G01.SA_CHAR005
c:\carna\Job\FUS3_G01\Data\FUS3_G01.SA_CHAR010
c:\carna\Job\FUS3_G01\Data\FUS3_G01.SA_CHAR016
c:\carna\Job\FUS3_G01\Data\FUS3_G01.SA_CHAR024
c:\carna\Job\FUS3_G01\Data\FUS3_G01.SA_CHAR033
c:\carna\Job\FUS3_G01\Data\FUS3_G01.SA_CHAR044
c:\carna\Job\FUS3_G01\Data\FUS3_G01.SA_CHAR060
c:\carna\Job\FUS3_G01\Data\FUS3_G01.SA_CHAR085
c:\carna\Job\FUS3_G01\Data\FUS3_G01.SA_CHAR123
c:\carna\Job\FUS3_G01\Data\FUS3_G01.SA_CHAR177
c:\carna\Job\FUS3_G01\Data\FUS3_G01.SA_CHAR262
c:\carna\Job\FUS3_G01\Data\FUS3_G01.SA_COAL
c:\carna\Job\FUS3_G01\Data\FUS3_G01.sd_new
c:\carna\Job\FUS3_G01\Data\FUS3_G01.sr_new
c:\carna\Job\FUS3_G01\Data\FUS3_G01.STE
c:\carna\Job\FUS3_G01\Data\FUS3_G01.TAR
c:\carna\Job\FUS3_G01\Data\FUS3_G01.temp
c:\carna\Job\FUS3_G01\Data\FUS3_G01.temp_new
c:\carna\Job\FUS3_G01\Data\FUS3_G01.volume_new
c:\carna\Job\FUS3_G01\Data\indmix_glob.dat
c:\carna\Job\FUS3_G01\Data\ipse.dat
c:\carna\Job\FUS3_G01\Data\l_s_MULTIFUELS.bat
c:\carna\Job\FUS3_G01\Data\l_s_MULTIFUELS.inp
c:\carna\Job\FUS3_G01\Data\l_s_MULTIFuelS.out
c:\carna\Job\FUS3_G01\Data\pippo.out
c:\carna\Job\FUS3_G01\Data\r1.dat
c:\carna\Job\FUS3_G01\Data\r10.dat
c:\carna\Job\FUS3_G01\Data\r100.dat
c:\carna\Job\FUS3_G01\Data\r101.dat
c:\carna\Job\FUS3_G01\Data\r102.dat
c:\carna\Job\FUS3_G01\Data\r103.dat
c:\carna\Job\FUS3_G01\Data\r104.dat
c:\carna\Job\FUS3_G01\Data\r105.dat
c:\carna\Job\FUS3_G01\Data\r106.dat
c:\carna\Job\FUS3_G01\Data\r107.dat
c:\carna\Job\FUS3_G01\Data\r108.dat
c:\carna\Job\FUS3_G01\Data\r109.dat
c:\carna\Job\FUS3_G01\Data\r11.dat
c:\carna\Job\FUS3_G01\Data\r110.dat
c:\carna\Job\FUS3_G01\Data\r111.dat
c:\carna\Job\FUS3_G01\Data\r112.dat
c:\carna\Job\FUS3_G01\Data\r113.dat
c:\carna\Job\FUS3_G01\Data\r114.dat
c:\carna\Job\FUS3_G01\Data\r115.dat
c:\carna\Job\FUS3_G01\Data\r116.dat
c:\carna\Job\FUS3_G01\Data\r117.dat
c:\carna\Job\FUS3_G01\Data\r118.dat
c:\carna\Job\FUS3_G01\Data\r119.dat
c:\carna\Job\FUS3_G01\Data\r12.dat
c:\carna\Job\FUS3_G01\Data\r120.dat
c:\carna\Job\FUS3_G01\Data\r121.dat
c:\carna\Job\FUS3_G01\Data\r122.dat
c:\carna\Job\FUS3_G01\Data\r123.dat
c:\carna\Job\FUS3_G01\Data\r124.dat
c:\carna\Job\FUS3_G01\Data\r125.dat
c:\carna\Job\FUS3_G01\Data\r126.dat
c:\carna\Job\FUS3_G01\Data\r127.dat
c:\carna\Job\FUS3_G01\Data\r128.dat
c:\carna\Job\FUS3_G01\Data\r129.dat
c:\carna\Job\FUS3_G01\Data\r13.dat
c:\carna\Job\FUS3_G01\Data\r130.dat
c:\carna\Job\FUS3_G01\Data\r131.dat
c:\carna\Job\FUS3_G01\Data\r132.dat
c:\carna\Job\FUS3_G01\Data\r133.dat
c:\carna\Job\FUS3_G01\Data\r134.dat
c:\carna\Job\FUS3_G01\Data\r135.dat
c:\carna\Job\FUS3_G01\Data\r136.dat
c:\carna\Job\FUS3_G01\Data\r137.dat
c:\carna\Job\FUS3_G01\Data\r138.dat
c:\carna\Job\FUS3_G01\Data\r139.dat
c:\carna\Job\FUS3_G01\Data\r14.dat
c:\carna\Job\FUS3_G01\Data\r140.dat
c:\carna\Job\FUS3_G01\Data\r141.dat
c:\carna\Job\FUS3_G01\Data\r142.dat
c:\carna\Job\FUS3_G01\Data\r143.dat
c:\carna\Job\FUS3_G01\Data\r144.dat
c:\carna\Job\FUS3_G01\Data\r145.dat
c:\carna\Job\FUS3_G01\Data\r146.dat
c:\carna\Job\FUS3_G01\Data\r147.dat
c:\carna\Job\FUS3_G01\Data\r148.dat
c:\carna\Job\FUS3_G01\Data\r149.dat
c:\carna\Job\FUS3_G01\Data\r15.dat
c:\carna\Job\FUS3_G01\Data\r150.dat
c:\carna\Job\FUS3_G01\Data\r151.dat
c:\carna\Job\FUS3_G01\Data\r152.dat
c:\carna\Job\FUS3_G01\Data\r153.dat
c:\carna\Job\FUS3_G01\Data\r154.dat
c:\carna\Job\FUS3_G01\Data\r155.dat
c:\carna\Job\FUS3_G01\Data\r156.dat
c:\carna\Job\FUS3_G01\Data\r157.dat
c:\carna\Job\FUS3_G01\Data\r158.dat
c:\carna\Job\FUS3_G01\Data\r159.dat
c:\carna\Job\FUS3_G01\Data\r16.dat
c:\carna\Job\FUS3_G01\Data\r160.dat
c:\carna\Job\FUS3_G01\Data\r161.dat
c:\carna\Job\FUS3_G01\Data\r162.dat
c:\carna\Job\FUS3_G01\Data\r163.dat
c:\carna\Job\FUS3_G01\Data\r164.dat
c:\carna\Job\FUS3_G01\Data\r165.dat
c:\carna\Job\FUS3_G01\Data\r166.dat
c:\carna\Job\FUS3_G01\Data\r167.dat
c:\carna\Job\FUS3_G01\Data\r168.dat
c:\carna\Job\FUS3_G01\Data\r169.dat
c:\carna\Job\FUS3_G01\Data\r17.dat
c:\carna\Job\FUS3_G01\Data\r170.dat
c:\carna\Job\FUS3_G01\Data\r171.dat
c:\carna\Job\FUS3_G01\Data\r172.dat
c:\carna\Job\FUS3_G01\Data\r173.dat
c:\carna\Job\FUS3_G01\Data\r174.dat
c:\carna\Job\FUS3_G01\Data\r175.dat
c:\carna\Job\FUS3_G01\Data\r176.dat
c:\carna\Job\FUS3_G01\Data\r177.dat
c:\carna\Job\FUS3_G01\Data\r178.dat
c:\carna\Job\FUS3_G01\Data\r179.dat
c:\carna\Job\FUS3_G01\Data\r18.dat
c:\carna\Job\FUS3_G01\Data\r180.dat
c:\carna\Job\FUS3_G01\Data\r181.dat
c:\carna\Job\FUS3_G01\Data\r182.dat
c:\carna\Job\FUS3_G01\Data\r183.dat
c:\carna\Job\FUS3_G01\Data\r184.dat
c:\carna\Job\FUS3_G01\Data\r185.dat
c:\carna\Job\FUS3_G01\Data\r186.dat
c:\carna\Job\FUS3_G01\Data\r187.dat
c:\carna\Job\FUS3_G01\Data\r188.dat
c:\carna\Job\FUS3_G01\Data\r189.dat
c:\carna\Job\FUS3_G01\Data\r19.dat
c:\carna\Job\FUS3_G01\Data\r190.dat
c:\carna\Job\FUS3_G01\Data\r191.dat
c:\carna\Job\FUS3_G01\Data\r192.dat
c:\carna\Job\FUS3_G01\Data\r193.dat
c:\carna\Job\FUS3_G01\Data\r194.dat
c:\carna\Job\FUS3_G01\Data\r195.dat
c:\carna\Job\FUS3_G01\Data\r196.dat
c:\carna\Job\FUS3_G01\Data\r197.dat
c:\carna\Job\FUS3_G01\Data\r198.dat
c:\carna\Job\FUS3_G01\Data\r199.dat
c:\carna\Job\FUS3_G01\Data\r2.dat
c:\carna\Job\FUS3_G01\Data\r20.dat
c:\carna\Job\FUS3_G01\Data\r200.dat
c:\carna\Job\FUS3_G01\Data\r201.dat
c:\carna\Job\FUS3_G01\Data\r202.dat
c:\carna\Job\FUS3_G01\Data\r203.dat
c:\carna\Job\FUS3_G01\Data\r204.dat
c:\carna\Job\FUS3_G01\Data\r205.dat
c:\carna\Job\FUS3_G01\Data\r206.dat
c:\carna\Job\FUS3_G01\Data\r207.dat
c:\carna\Job\FUS3_G01\Data\r208.dat
c:\carna\Job\FUS3_G01\Data\r209.dat
c:\carna\Job\FUS3_G01\Data\r21.dat
c:\carna\Job\FUS3_G01\Data\r210.dat
c:\carna\Job\FUS3_G01\Data\r211.dat
c:\carna\Job\FUS3_G01\Data\r212.dat
c:\carna\Job\FUS3_G01\Data\r213.dat
c:\carna\Job\FUS3_G01\Data\r214.dat
c:\carna\Job\FUS3_G01\Data\r215.dat
c:\carna\Job\FUS3_G01\Data\r216.dat
c:\carna\Job\FUS3_G01\Data\r217.dat
c:\carna\Job\FUS3_G01\Data\r218.dat
c:\carna\Job\FUS3_G01\Data\r219.dat
c:\carna\Job\FUS3_G01\Data\r22.dat
c:\carna\Job\FUS3_G01\Data\r220.dat
c:\carna\Job\FUS3_G01\Data\r221.dat
c:\carna\Job\FUS3_G01\Data\r222.dat
c:\carna\Job\FUS3_G01\Data\r223.dat
c:\carna\Job\FUS3_G01\Data\r224.dat
c:\carna\Job\FUS3_G01\Data\r225.dat
c:\carna\Job\FUS3_G01\Data\r226.dat
c:\carna\Job\FUS3_G01\Data\r227.dat
c:\carna\Job\FUS3_G01\Data\r228.dat
c:\carna\Job\FUS3_G01\Data\r229.dat
c:\carna\Job\FUS3_G01\Data\r23.dat
c:\carna\Job\FUS3_G01\Data\r230.dat
c:\carna\Job\FUS3_G01\Data\r231.dat
c:\carna\Job\FUS3_G01\Data\r232.dat
c:\carna\Job\FUS3_G01\Data\r233.dat
c:\carna\Job\FUS3_G01\Data\r234.dat
c:\carna\Job\FUS3_G01\Data\r235.dat
c:\carna\Job\FUS3_G01\Data\r236.dat
c:\carna\Job\FUS3_G01\Data\r237.dat
c:\carna\Job\FUS3_G01\Data\r238.dat
c:\carna\Job\FUS3_G01\Data\r239.dat
c:\carna\Job\FUS3_G01\Data\r24.dat
c:\carna\Job\FUS3_G01\Data\r240.dat
c:\carna\Job\FUS3_G01\Data\r241.dat
c:\carna\Job\FUS3_G01\Data\r242.dat
c:\carna\Job\FUS3_G01\Data\r243.dat
c:\carna\Job\FUS3_G01\Data\r244.dat
c:\carna\Job\FUS3_G01\Data\r245.dat
c:\carna\Job\FUS3_G01\Data\r246.dat
c:\carna\Job\FUS3_G01\Data\r247.dat
c:\carna\Job\FUS3_G01\Data\r248.dat
c:\carna\Job\FUS3_G01\Data\r249.dat
c:\carna\Job\FUS3_G01\Data\r25.dat
c:\carna\Job\FUS3_G01\Data\r250.dat
c:\carna\Job\FUS3_G01\Data\r251.dat
c:\carna\Job\FUS3_G01\Data\r252.dat
c:\carna\Job\FUS3_G01\Data\r253.dat
c:\carna\Job\FUS3_G01\Data\r254.dat
c:\carna\Job\FUS3_G01\Data\r255.dat
c:\carna\Job\FUS3_G01\Data\r256.dat
c:\carna\Job\FUS3_G01\Data\r257.dat
c:\carna\Job\FUS3_G01\Data\r258.dat
c:\carna\Job\FUS3_G01\Data\r259.dat
c:\carna\Job\FUS3_G01\Data\r26.dat
c:\carna\Job\FUS3_G01\Data\r260.dat
c:\carna\Job\FUS3_G01\Data\r261.dat
c:\carna\Job\FUS3_G01\Data\r262.dat
c:\carna\Job\FUS3_G01\Data\r263.dat
c:\carna\Job\FUS3_G01\Data\r264.dat
c:\carna\Job\FUS3_G01\Data\r265.dat
c:\carna\Job\FUS3_G01\Data\r266.dat
c:\carna\Job\FUS3_G01\Data\r267.dat
c:\carna\Job\FUS3_G01\Data\r268.dat
c:\carna\Job\FUS3_G01\Data\r269.dat
c:\carna\Job\FUS3_G01\Data\r27.dat
c:\carna\Job\FUS3_G01\Data\r270.dat
c:\carna\Job\FUS3_G01\Data\r271.dat
c:\carna\Job\FUS3_G01\Data\r272.dat
c:\carna\Job\FUS3_G01\Data\r273.dat
c:\carna\Job\FUS3_G01\Data\r274.dat
c:\carna\Job\FUS3_G01\Data\r275.dat
c:\carna\Job\FUS3_G01\Data\r276.dat
c:\carna\Job\FUS3_G01\Data\r277.dat
c:\carna\Job\FUS3_G01\Data\r278.dat
c:\carna\Job\FUS3_G01\Data\r279.dat
c:\carna\Job\FUS3_G01\Data\r28.dat
c:\carna\Job\FUS3_G01\Data\r280.dat
c:\carna\Job\FUS3_G01\Data\r281.dat
c:\carna\Job\FUS3_G01\Data\r282.dat
c:\carna\Job\FUS3_G01\Data\r283.dat
c:\carna\Job\FUS3_G01\Data\r284.dat
c:\carna\Job\FUS3_G01\Data\r285.dat
c:\carna\Job\FUS3_G01\Data\r286.dat
c:\carna\Job\FUS3_G01\Data\r287.dat
c:\carna\Job\FUS3_G01\Data\r288.dat
c:\carna\Job\FUS3_G01\Data\r289.dat
c:\carna\Job\FUS3_G01\Data\r29.dat
c:\carna\Job\FUS3_G01\Data\r290.dat
c:\carna\Job\FUS3_G01\Data\r291.dat
c:\carna\Job\FUS3_G01\Data\r292.dat
c:\carna\Job\FUS3_G01\Data\r293.dat
c:\carna\Job\FUS3_G01\Data\r294.dat
c:\carna\Job\FUS3_G01\Data\r295.dat
c:\carna\Job\FUS3_G01\Data\r296.dat
c:\carna\Job\FUS3_G01\Data\r297.dat
c:\carna\Job\FUS3_G01\Data\r298.dat
c:\carna\Job\FUS3_G01\Data\r299.dat
c:\carna\Job\FUS3_G01\Data\r3.dat
c:\carna\Job\FUS3_G01\Data\r30.dat
c:\carna\Job\FUS3_G01\Data\r300.dat
c:\carna\Job\FUS3_G01\Data\r301.dat
c:\carna\Job\FUS3_G01\Data\r302.dat
c:\carna\Job\FUS3_G01\Data\r303.dat
c:\carna\Job\FUS3_G01\Data\r304.dat
c:\carna\Job\FUS3_G01\Data\r305.dat
c:\carna\Job\FUS3_G01\Data\r306.dat
c:\carna\Job\FUS3_G01\Data\r307.dat
c:\carna\Job\FUS3_G01\Data\r308.dat
c:\carna\Job\FUS3_G01\Data\r309.dat
c:\carna\Job\FUS3_G01\Data\r31.dat
c:\carna\Job\FUS3_G01\Data\r310.dat
c:\carna\Job\FUS3_G01\Data\r311.dat
c:\carna\Job\FUS3_G01\Data\r312.dat
c:\carna\Job\FUS3_G01\Data\r313.dat
c:\carna\Job\FUS3_G01\Data\r314.dat
c:\carna\Job\FUS3_G01\Data\r315.dat
c:\carna\Job\FUS3_G01\Data\r316.dat
c:\carna\Job\FUS3_G01\Data\r317.dat
c:\carna\Job\FUS3_G01\Data\r318.dat
c:\carna\Job\FUS3_G01\Data\r319.dat
c:\carna\Job\FUS3_G01\Data\r32.dat
c:\carna\Job\FUS3_G01\Data\r320.dat
c:\carna\Job\FUS3_G01\Data\r321.dat
c:\carna\Job\FUS3_G01\Data\r322.dat
c:\carna\Job\FUS3_G01\Data\r323.dat
c:\carna\Job\FUS3_G01\Data\r324.dat
c:\carna\Job\FUS3_G01\Data\r325.dat
c:\carna\Job\FUS3_G01\Data\r326.dat
c:\carna\Job\FUS3_G01\Data\r327.dat
c:\carna\Job\FUS3_G01\Data\r328.dat
c:\carna\Job\FUS3_G01\Data\r329.dat
c:\carna\Job\FUS3_G01\Data\r33.dat
c:\carna\Job\FUS3_G01\Data\r330.dat
c:\carna\Job\FUS3_G01\Data\r331.dat
c:\carna\Job\FUS3_G01\Data\r332.dat
c:\carna\Job\FUS3_G01\Data\r333.dat
c:\carna\Job\FUS3_G01\Data\r334.dat
c:\carna\Job\FUS3_G01\Data\r335.dat
c:\carna\Job\FUS3_G01\Data\r336.dat
c:\carna\Job\FUS3_G01\Data\r337.dat
c:\carna\Job\FUS3_G01\Data\r338.dat
c:\carna\Job\FUS3_G01\Data\r339.dat
c:\carna\Job\FUS3_G01\Data\r34.dat
c:\carna\Job\FUS3_G01\Data\r340.dat
c:\carna\Job\FUS3_G01\Data\r341.dat
c:\carna\Job\FUS3_G01\Data\r342.dat
c:\carna\Job\FUS3_G01\Data\r343.dat
c:\carna\Job\FUS3_G01\Data\r344.dat
c:\carna\Job\FUS3_G01\Data\r345.dat
c:\carna\Job\FUS3_G01\Data\r346.dat
c:\carna\Job\FUS3_G01\Data\r347.dat
c:\carna\Job\FUS3_G01\Data\r348.dat
c:\carna\Job\FUS3_G01\Data\r349.dat
c:\carna\Job\FUS3_G01\Data\r35.dat
c:\carna\Job\FUS3_G01\Data\r350.dat
c:\carna\Job\FUS3_G01\Data\r351.dat
c:\carna\Job\FUS3_G01\Data\r352.dat
c:\carna\Job\FUS3_G01\Data\r353.dat
c:\carna\Job\FUS3_G01\Data\r354.dat
c:\carna\Job\FUS3_G01\Data\r355.dat
c:\carna\Job\FUS3_G01\Data\r356.dat
c:\carna\Job\FUS3_G01\Data\r357.dat
c:\carna\Job\FUS3_G01\Data\r358.dat
c:\carna\Job\FUS3_G01\Data\r359.dat
c:\carna\Job\FUS3_G01\Data\r36.dat
c:\carna\Job\FUS3_G01\Data\r360.dat
c:\carna\Job\FUS3_G01\Data\r361.dat
c:\carna\Job\FUS3_G01\Data\r362.dat
c:\carna\Job\FUS3_G01\Data\r363.dat
c:\carna\Job\FUS3_G01\Data\r364.dat
c:\carna\Job\FUS3_G01\Data\r365.dat
c:\carna\Job\FUS3_G01\Data\r366.dat
c:\carna\Job\FUS3_G01\Data\r367.dat
c:\carna\Job\FUS3_G01\Data\r368.dat
c:\carna\Job\FUS3_G01\Data\r369.dat
c:\carna\Job\FUS3_G01\Data\r37.dat
c:\carna\Job\FUS3_G01\Data\r370.dat
c:\carna\Job\FUS3_G01\Data\r371.dat
c:\carna\Job\FUS3_G01\Data\r372.dat
c:\carna\Job\FUS3_G01\Data\r373.dat
c:\carna\Job\FUS3_G01\Data\r374.dat
c:\carna\Job\FUS3_G01\Data\r375.dat
c:\carna\Job\FUS3_G01\Data\r376.dat
c:\carna\Job\FUS3_G01\Data\r377.dat
c:\carna\Job\FUS3_G01\Data\r378.dat
c:\carna\Job\FUS3_G01\Data\r379.dat
c:\carna\Job\FUS3_G01\Data\r38.dat
c:\carna\Job\FUS3_G01\Data\r380.dat
c:\carna\Job\FUS3_G01\Data\r381.dat
c:\carna\Job\FUS3_G01\Data\r382.dat
c:\carna\Job\FUS3_G01\Data\r383.dat
c:\carna\Job\FUS3_G01\Data\r384.dat
c:\carna\Job\FUS3_G01\Data\r385.dat
c:\carna\Job\FUS3_G01\Data\r386.dat
c:\carna\Job\FUS3_G01\Data\r387.dat
c:\carna\Job\FUS3_G01\Data\r388.dat
c:\carna\Job\FUS3_G01\Data\r389.dat
c:\carna\Job\FUS3_G01\Data\r39.dat
c:\carna\Job\FUS3_G01\Data\r390.dat
c:\carna\Job\FUS3_G01\Data\r391.dat
c:\carna\Job\FUS3_G01\Data\r392.dat
c:\carna\Job\FUS3_G01\Data\r393.dat
c:\carna\Job\FUS3_G01\Data\r394.dat
c:\carna\Job\FUS3_G01\Data\r395.dat
c:\carna\Job\FUS3_G01\Data\r396.dat
c:\carna\Job\FUS3_G01\Data\r397.dat
c:\carna\Job\FUS3_G01\Data\r398.dat
c:\carna\Job\FUS3_G01\Data\r399.dat
c:\carna\Job\FUS3_G01\Data\r4.dat
c:\carna\Job\FUS3_G01\Data\r40.dat
c:\carna\Job\FUS3_G01\Data\r400.dat
c:\carna\Job\FUS3_G01\Data\r401.dat
c:\carna\Job\FUS3_G01\Data\r402.dat
c:\carna\Job\FUS3_G01\Data\r403.dat
c:\carna\Job\FUS3_G01\Data\r404.dat
c:\carna\Job\FUS3_G01\Data\r405.dat
c:\carna\Job\FUS3_G01\Data\r406.dat
c:\carna\Job\FUS3_G01\Data\r407.dat
c:\carna\Job\FUS3_G01\Data\r408.dat
c:\carna\Job\FUS3_G01\Data\r409.dat
c:\carna\Job\FUS3_G01\Data\r41.dat
c:\carna\Job\FUS3_G01\Data\r410.dat
c:\carna\Job\FUS3_G01\Data\r411.dat
c:\carna\Job\FUS3_G01\Data\r412.dat
c:\carna\Job\FUS3_G01\Data\r413.dat
c:\carna\Job\FUS3_G01\Data\r414.dat
c:\carna\Job\FUS3_G01\Data\r415.dat
c:\carna\Job\FUS3_G01\Data\r416.dat
c:\carna\Job\FUS3_G01\Data\r417.dat
c:\carna\Job\FUS3_G01\Data\r418.dat
c:\carna\Job\FUS3_G01\Data\r419.dat
c:\carna\Job\FUS3_G01\Data\r42.dat
c:\carna\Job\FUS3_G01\Data\r420.dat
c:\carna\Job\FUS3_G01\Data\r421.dat
c:\carna\Job\FUS3_G01\Data\r422.dat
c:\carna\Job\FUS3_G01\Data\r423.dat
c:\carna\Job\FUS3_G01\Data\r424.dat
c:\carna\Job\FUS3_G01\Data\r425.dat
c:\carna\Job\FUS3_G01\Data\r426.dat
c:\carna\Job\FUS3_G01\Data\r427.dat
c:\carna\Job\FUS3_G01\Data\r428.dat
c:\carna\Job\FUS3_G01\Data\r429.dat
c:\carna\Job\FUS3_G01\Data\r43.dat
c:\carna\Job\FUS3_G01\Data\r430.dat
c:\carna\Job\FUS3_G01\Data\r431.dat
c:\carna\Job\FUS3_G01\Data\r432.dat
c:\carna\Job\FUS3_G01\Data\r433.dat
c:\carna\Job\FUS3_G01\Data\r434.dat
c:\carna\Job\FUS3_G01\Data\r435.dat
c:\carna\Job\FUS3_G01\Data\r436.dat
c:\carna\Job\FUS3_G01\Data\r437.dat
c:\carna\Job\FUS3_G01\Data\r438.dat
c:\carna\Job\FUS3_G01\Data\r439.dat
c:\carna\Job\FUS3_G01\Data\r44.dat
c:\carna\Job\FUS3_G01\Data\r440.dat
c:\carna\Job\FUS3_G01\Data\r441.dat
c:\carna\Job\FUS3_G01\Data\r442.dat
c:\carna\Job\FUS3_G01\Data\r443.dat
c:\carna\Job\FUS3_G01\Data\r444.dat
c:\carna\Job\FUS3_G01\Data\r445.dat
c:\carna\Job\FUS3_G01\Data\r446.dat
c:\carna\Job\FUS3_G01\Data\r447.dat
c:\carna\Job\FUS3_G01\Data\r448.dat
c:\carna\Job\FUS3_G01\Data\r449.dat
c:\carna\Job\FUS3_G01\Data\r45.dat
c:\carna\Job\FUS3_G01\Data\r450.dat
c:\carna\Job\FUS3_G01\Data\r451.dat
c:\carna\Job\FUS3_G01\Data\r452.dat
c:\carna\Job\FUS3_G01\Data\r453.dat
c:\carna\Job\FUS3_G01\Data\r454.dat
c:\carna\Job\FUS3_G01\Data\r455.dat
c:\carna\Job\FUS3_G01\Data\r456.dat
c:\carna\Job\FUS3_G01\Data\r457.dat
c:\carna\Job\FUS3_G01\Data\r458.dat
c:\carna\Job\FUS3_G01\Data\r459.dat
c:\carna\Job\FUS3_G01\Data\r46.dat
c:\carna\Job\FUS3_G01\Data\r460.dat
c:\carna\Job\FUS3_G01\Data\r461.dat
c:\carna\Job\FUS3_G01\Data\r462.dat
c:\carna\Job\FUS3_G01\Data\r463.dat
c:\carna\Job\FUS3_G01\Data\r464.dat
c:\carna\Job\FUS3_G01\Data\r465.dat
c:\carna\Job\FUS3_G01\Data\r466.dat
c:\carna\Job\FUS3_G01\Data\r467.dat
c:\carna\Job\FUS3_G01\Data\r468.dat
c:\carna\Job\FUS3_G01\Data\r469.dat
c:\carna\Job\FUS3_G01\Data\r47.dat
c:\carna\Job\FUS3_G01\Data\r470.dat
c:\carna\Job\FUS3_G01\Data\r471.dat
c:\carna\Job\FUS3_G01\Data\r472.dat
c:\carna\Job\FUS3_G01\Data\r473.dat
c:\carna\Job\FUS3_G01\Data\r474.dat
c:\carna\Job\FUS3_G01\Data\r475.dat
c:\carna\Job\FUS3_G01\Data\r476.dat
c:\carna\Job\FUS3_G01\Data\r477.dat
c:\carna\Job\FUS3_G01\Data\r478.dat
c:\carna\Job\FUS3_G01\Data\r479.dat
c:\carna\Job\FUS3_G01\Data\r48.dat
c:\carna\Job\FUS3_G01\Data\r480.dat
c:\carna\Job\FUS3_G01\Data\r481.dat
c:\carna\Job\FUS3_G01\Data\r482.dat
c:\carna\Job\FUS3_G01\Data\r483.dat
c:\carna\Job\FUS3_G01\Data\r484.dat
c:\carna\Job\FUS3_G01\Data\r485.dat
c:\carna\Job\FUS3_G01\Data\r486.dat
c:\carna\Job\FUS3_G01\Data\r487.dat
c:\carna\Job\FUS3_G01\Data\r488.dat
c:\carna\Job\FUS3_G01\Data\r489.dat
c:\carna\Job\FUS3_G01\Data\r49.dat
c:\carna\Job\FUS3_G01\Data\r490.dat
c:\carna\Job\FUS3_G01\Data\r491.dat
c:\carna\Job\FUS3_G01\Data\r492.dat
c:\carna\Job\FUS3_G01\Data\r493.dat
c:\carna\Job\FUS3_G01\Data\r494.dat
c:\carna\Job\FUS3_G01\Data\r495.dat
c:\carna\Job\FUS3_G01\Data\r496.dat
c:\carna\Job\FUS3_G01\Data\r497.dat
c:\carna\Job\FUS3_G01\Data\r498.dat
c:\carna\Job\FUS3_G01\Data\r499.dat
c:\carna\Job\FUS3_G01\Data\r5.dat
c:\carna\Job\FUS3_G01\Data\r50.dat
c:\carna\Job\FUS3_G01\Data\r500.dat
c:\carna\Job\FUS3_G01\Data\r51.dat
c:\carna\Job\FUS3_G01\Data\r52.dat
c:\carna\Job\FUS3_G01\Data\r53.dat
c:\carna\Job\FUS3_G01\Data\r54.dat
c:\carna\Job\FUS3_G01\Data\r55.dat
c:\carna\Job\FUS3_G01\Data\r56.dat
c:\carna\Job\FUS3_G01\Data\r57.dat
c:\carna\Job\FUS3_G01\Data\r58.dat
c:\carna\Job\FUS3_G01\Data\r59.dat
c:\carna\Job\FUS3_G01\Data\r6.dat
c:\carna\Job\FUS3_G01\Data\r60.dat
c:\carna\Job\FUS3_G01\Data\r61.dat
c:\carna\Job\FUS3_G01\Data\r62.dat
c:\carna\Job\FUS3_G01\Data\r63.dat
c:\carna\Job\FUS3_G01\Data\r64.dat
c:\carna\Job\FUS3_G01\Data\r65.dat
c:\carna\Job\FUS3_G01\Data\r66.dat
c:\carna\Job\FUS3_G01\Data\r67.dat
c:\carna\Job\FUS3_G01\Data\r68.dat
c:\carna\Job\FUS3_G01\Data\r69.dat
c:\carna\Job\FUS3_G01\Data\r7.dat
c:\carna\Job\FUS3_G01\Data\r70.dat
c:\carna\Job\FUS3_G01\Data\r71.dat
c:\carna\Job\FUS3_G01\Data\r72.dat
c:\carna\Job\FUS3_G01\Data\r73.dat
c:\carna\Job\FUS3_G01\Data\r74.dat
c:\carna\Job\FUS3_G01\Data\r75.dat
c:\carna\Job\FUS3_G01\Data\r76.dat
c:\carna\Job\FUS3_G01\Data\r77.dat
c:\carna\Job\FUS3_G01\Data\r78.dat
c:\carna\Job\FUS3_G01\Data\r79.dat
c:\carna\Job\FUS3_G01\Data\r8.dat
c:\carna\Job\FUS3_G01\Data\r80.dat
c:\carna\Job\FUS3_G01\Data\r81.dat
c:\carna\Job\FUS3_G01\Data\r82.dat
c:\carna\Job\FUS3_G01\Data\r83.dat
c:\carna\Job\FUS3_G01\Data\r84.dat
c:\carna\Job\FUS3_G01\Data\r85.dat
c:\carna\Job\FUS3_G01\Data\r86.dat
c:\carna\Job\FUS3_G01\Data\r87.dat
c:\carna\Job\FUS3_G01\Data\r88.dat
c:\carna\Job\FUS3_G01\Data\r89.dat
c:\carna\Job\FUS3_G01\Data\r9.dat
c:\carna\Job\FUS3_G01\Data\r90.dat
c:\carna\Job\FUS3_G01\Data\r91.dat
c:\carna\Job\FUS3_G01\Data\r92.dat
c:\carna\Job\FUS3_G01\Data\r93.dat
c:\carna\Job\FUS3_G01\Data\r94.dat
c:\carna\Job\FUS3_G01\Data\r95.dat
c:\carna\Job\FUS3_G01\Data\r96.dat
c:\carna\Job\FUS3_G01\Data\r97.dat
c:\carna\Job\FUS3_G01\Data\r98.dat
c:\carna\Job\FUS3_G01\Data\r99.dat
c:\carna\Job\FUS3_G01\Data\RC_Mesh.out
c:\carna\Job\FUS3_G01\Data\Scamas_new.bat
c:\carna\Job\FUS3_G01\Data\Scamas_new.inp
c:\carna\Job\FUS3_G01\Data\Sintesi.dat
c:\carna\Job\FUS3_G01\Data\ste_media_Z.dat
c:\carna\Job\FUS3_G01\Data\STECH.dat
c:\carna\Job\FUS3_G01\Data\toto\FUS3_G01.vel
c:\carna\Job\FUS3_G01\Data\toto\invio.txt
c:\documents and settings\Christine\Impostazioni locali\Dati applicazioni\WavXMapDrive.bat
C:\found.000
c:\found.000\file0000.chk
c:\found.000\file0001.chk
c:\found.000\file0002.chk
c:\found.000\file0003.chk
c:\found.000\file0004.chk
c:\found.000\file0005.chk
c:\found.000\file0006.chk
c:\found.000\file0007.chk
C:\kin
c:\kin\Pyro_kin_0105.BIN
c:\programmi\Broadcom\ASFIPMon\AsfIpMon.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\documents and settings\cpr-dea-admin\Impostazioni locali\Dati applicazioni\WavXMapDrive.bat . . . . Eliminazione Fallita
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ASFIPMON
-------\Service_ASFIPmon
-------\Service_cerc6
.
.
((((((((((((((((((((((((( Files Creati Da 2011-09-20 al 2011-10-20 )))))))))))))))))))))))))))))))))))
.
.
2011-10-20 17:07 . 2011-10-20 17:07 0 ----a-w- c:\documents and settings\cpr-dea-admin\Impostazioni locali\Dati applicazioni\WavXMapDrive.bat
2011-10-19 13:47 . 2011-10-19 13:47 388096 ----a-r- c:\documents and settings\Christine\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-19 13:46 . 2011-10-19 13:46 388096 ----a-r- c:\documents and settings\cpr-dea-admin\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-19 13:46 . 2011-10-19 13:46 -------- d-----w- c:\programmi\Trend Micro
2011-10-18 17:43 . 2011-10-18 17:43 -------- d-----w- c:\documents and settings\cpr-dea-admin\Dati applicazioni\Malwarebytes
2011-10-18 15:13 . 2011-10-18 15:13 -------- d-----w- c:\documents and settings\Christine\Dati applicazioni\Malwarebytes
2011-10-18 14:36 . 2011-10-18 14:36 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2011-10-18 14:36 . 2011-10-18 14:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2011-10-18 14:36 . 2011-10-18 14:36 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2011-10-18 14:36 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-18 13:53 . 2011-10-18 13:53 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Mozilla
2011-10-18 11:49 . 2011-10-18 11:49 -------- d-----w- c:\programmi\CCleaner
2011-10-18 07:40 . 2011-10-18 07:57 -------- d-----w- C:\FUS3_G01
2011-10-17 11:34 . 2011-10-17 11:34 -------- d-s---w- c:\documents and settings\Christine\UserData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-22 07:25 . 2011-08-22 07:25 371272 ----a-r- c:\documents and settings\Christine\Dati applicazioni\Microsoft\Installer\{AA59DDE4-B672-4621-A016-4C248204957A}\SkypeIcon.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-20_11.49.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-20 17:07 . 2011-10-20 17:07 16384 c:\windows\Temp\Perflib_Perfdata_bc.dat
+ 2010-01-18 16:07 . 2011-10-20 17:07 465625 c:\windows\system32\nvModes.dat
- 2010-01-18 16:07 . 2011-10-20 11:48 465625 c:\windows\system32\nvModes.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-02-18 13:10 40960 ----a-w- c:\programmi\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-02-18 13:10 40960 ----a-w- c:\programmi\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-21 13594624]
"nwiz"="nwiz.exe" [2008-11-21 1657376]
"NVHotkey"="nvHotkey.dll" [2008-11-21 90112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-21 86016]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-10-07 2498560]
"SigmatelSysTrayApp"="c:\programmi\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"Apoint"="c:\programmi\DellTPad\Apoint.exe" [2007-07-02 159744]
"ChangeTPMAuth"="c:\programmi\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-02-26 184320]
"WavXMgr"="c:\programmi\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2009-03-06 145408]
"SecureUpgrade"="c:\programmi\Wave Systems Corp\SecureUpgrade.exe" [2009-03-06 656696]
"EmbassySecurityCheck"="c:\programmi\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2009-03-06 95544]
"ccApp"="c:\programmi\File comuni\Symantec Shared\ccApp.exe" [2005-04-18 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-05-25 85088]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"dellsupportcenter"="c:\programmi\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"LogitechQuickCamRibbon"="c:\programmi\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"TomcatStartup 2.5"="c:\programmi\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-11-12 245760]
.
c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\
Logitech . Registrazione prodotti.lnk - c:\programmi\Logitech\Logitech WebCam Software\eReg.exe [2008-11-7 517384]
.
c:\documents and settings\cpr-dea-admin\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 1.1.3.lnk - c:\programmi\OpenOffice.org1.1.3\program\quickstart.exe [2004-9-10 61440]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio rapido di HP Image Zone.lnk - c:\programmi\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
Bluetooth Manager.lnk - c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-11 2150400]
Digital Line Detect.lnk - c:\programmi\Digital Line Detect\DLG.exe [2010-1-18 50688]
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 SafDskNT;SafeHouse;c:\windows\system32\drivers\SafDskNT.sys [05/03/2009 1.03.14 77824]
R2 HumDisplayServer;Hummingbird Exceed Display Management;c:\programmi\Hummingbird\Connectivity\9.00\Exceed\HumDisplayServer.exe [24/07/2003 0.19.51 53248]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [02/11/2006 13.32.32 97536]
S3 SavRoam;SAVRoam;c:\programmi\Symantec AntiVirus\SavRoam.exe [25/05/2005 10.13.00 127072]
.
--- Altri Servizi/Drivers In Memoria ---
.
*Deregistered* - EraserUtilDrv11113
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-861567501-1801674531-1004Core.job
- c:\documents and settings\Christine\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-07-29 18:34]
.
2011-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-861567501-1801674531-1004UA.job
- c:\documents and settings\Christine\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-07-29 18:34]
.
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyOverride = <local>
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\cpr-dea-admin\Dati applicazioni\Mozilla\Firefox\Profiles\ptp0qnvu.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter:
jqs@sun.com - c:\programmi\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-10-20 19:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(3776)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSIT.DLL
c:\programmi\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\windows\system32\msvdm.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\Symantec Shared\ccSetMgr.exe
c:\programmi\File comuni\Symantec Shared\ccEvtMgr.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\System32\SCardSvr.exe
c:\programmi\Symantec AntiVirus\DefWatch.exe
c:\windows\system32\Hummingbird\Connectivity\9.00\Inetd\inetd32.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\programmi\Dell Support Center\bin\sprtsvc.exe
c:\programmi\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
c:\programmi\Symantec AntiVirus\Rtvscan.exe
c:\programmi\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\programmi\DellTPad\ApMsgFwd.exe
c:\programmi\DellTPad\HidFind.exe
c:\programmi\DellTPad\Apntex.exe
c:\programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
c:\programmi\OpenOffice.org1.1.3\program\soffice.exe
c:\progra~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\programmi\HP\Digital Imaging\bin\hpqgalry.exe
c:\programmi\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2011-10-20 19:12:31 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-10-20 17:12
ComboFix2.txt 2011-10-20 12:09
ComboFix3.txt 2011-10-20 11:53
.
Pre-Run: 5'636'608'000 byte disponibili
Post-Run: 5'588'389'888 byte disponibili
.
- - End Of File - - 7AF992ED08109E0C6A5DB4ACA8F9AC50