Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

CONTROLLO LOG hijackthis. AIUTO!!

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

CONTROLLO LOG hijackthis. AIUTO!!

Messaggioda ARIETE72 » mar ago 18, 2009 2:12 pm

ciao,
potete darmi un controllo al log?
Io l'ho fatto controllandolo sul sito di supporto Hijack, ma mi dice che è tutto regolARE...CI CREDO POCO!
Infatti continuano ad aprirsi siti di ebay, lastminute ecc ecc da soli....
avira e superantispyware non hanno rilevato niente...aiutatemiii..

Grazie

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.13.34, on 18/08/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Users\Happy Family\AppData\Local\cfvspeb.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Users\HAPPYF~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Acer\Acer VCM\acp2HID.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\HAPPYF~1\AppData\Local\Temp\Rar$EX00.716\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_5930
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_5930
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [cfvspeb] "c:\users\happy family\appdata\local\cfvspeb.exe" cfvspeb
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Selezione intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Partner Service - Google Inc. - c:\programdata\partner\partner.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe

--
End of file - 11961 bytes
Mai contraddire una donna..Prima o poi lo farà da sola..
Avatar utente
ARIETE72
Senior Member
Senior Member
 
Messaggi: 449
Iscritto il: mar mar 07, 2006 4:24 pm
Località: milano

Re: CONTROLLO LOG hijackthis. AIUTO!!

Messaggioda crazy.cat » mar ago 18, 2009 2:35 pm

E' lui il colpevole
O4 - HKCU\..\Run: [cfvspeb] "c:\users\happy family\appdata\local\cfvspeb.exe" cfvspeb
fai una scansione con combofix e vedrai che sparisce.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: CONTROLLO LOG hijackthis. AIUTO!!

Messaggioda ARIETE72 » mar ago 18, 2009 2:58 pm

grazie Crazy..

ma esiste un modo per imparare ad usare e ad individure alla grande i " colpevoli " come fai tu?
ora faccio scansione e poi ti dico
ciao Mitico!
Mai contraddire una donna..Prima o poi lo farà da sola..
Avatar utente
ARIETE72
Senior Member
Senior Member
 
Messaggi: 449
Iscritto il: mar mar 07, 2006 4:24 pm
Località: milano


Re: CONTROLLO LOG hijackthis. AIUTO!!

Messaggioda crazy.cat » mar ago 18, 2009 3:17 pm

ARIETE72 ha scritto:ma esiste un modo per imparare ad usare e ad individure alla grande i " colpevoli "?

Tanti anni di esperienza e google.

Posta poi il log di combofix comunque.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: CONTROLLO LOG hijackthis. AIUTO!!

Messaggioda ARIETE72 » mar ago 18, 2009 3:35 pm

in che sengo google? in che modo insegna ad usarlo?
nelle guide intendi?
hai un link di riferimento?
questo è il post di combo

Grazie


ComboFix 09-08-10.06 - Happy Family 18/08/2009 16.22.53.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.3066.1810 [GMT 2:00]
Eseguito da: F:\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Happy Family\AppData\Local\cciigmi.dat
c:\users\Happy Family\AppData\Local\cciigmi_nav.dat
c:\users\Happy Family\AppData\Local\cciigmi_navps.dat
c:\users\Happy Family\AppData\Local\cfvspeb.dat
c:\users\Happy Family\AppData\Local\cfvspeb.exe
c:\users\Happy Family\AppData\Local\cfvspeb_nav.dat
c:\users\Happy Family\AppData\Local\cfvspeb_navps.dat
c:\windows\Installer\15246b.msi
c:\windows\Installer\18dc49.msi
F:\install.exe


.
((((((((((((((((((((((((( Files Creati Da 2009-07-18 al 2009-08-18 )))))))))))))))))))))))))))))))))))
.

2009-08-18 14:29 . 2009-08-18 14:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-18 13:53 . 2009-08-18 13:53 404737 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.exe
2009-08-18 13:53 . 2009-07-14 07:09 345345 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.dll
2009-08-18 13:53 . 2009-04-17 15:19 85761 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updaterc.dll
2009-08-18 13:53 . 2009-02-17 13:19 79105 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updext.dll
2009-08-18 13:53 . 2008-10-20 06:38 126721 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\scewxmlw.dll
2009-08-18 13:02 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-18 13:02 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-18 13:02 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-18 13:02 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-18 13:02 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-18 13:02 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-18 13:02 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-18 13:02 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-16 17:37 . 2009-08-16 17:37 -------- d-----w- c:\users\Happy Family\AppData\Roaming\skypePM
2009-08-16 17:34 . 2009-08-16 17:55 -------- d-----w- c:\programdata\Skype
2009-08-16 12:10 . 2009-07-17 13:54 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-16 12:10 . 2009-06-10 11:42 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-16 12:10 . 2009-06-04 12:07 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-16 12:10 . 2009-06-10 11:38 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-16 12:10 . 2009-07-15 12:39 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-16 12:10 . 2009-07-15 12:39 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-16 12:10 . 2009-07-15 12:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-16 12:10 . 2009-07-15 12:40 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-29 14:06 . 2009-07-29 14:06 -------- d-----w- c:\program files\TVAnts
2009-07-26 21:58 . 2009-08-18 14:13 97 ----a-w- c:\users\Happy Family\AppData\Local\cfvspeb.bat
2009-07-26 20:59 . 2009-07-26 20:59 -------- d-----w- c:\users\Happy Family\AppData\Roaming\TVU networks
2009-07-26 20:59 . 2009-07-26 20:59 -------- d-----w- c:\programdata\TVU networks
2009-07-26 20:59 . 2009-07-27 13:24 -------- d-----w- c:\program files\TVUPlayer
2009-07-22 15:30 . 2009-07-22 15:30 -------- d-----w- c:\windows\system32\ca-ES
2009-07-22 15:30 . 2009-07-22 15:30 -------- d-----w- c:\windows\system32\eu-ES
2009-07-22 15:30 . 2009-07-22 15:30 -------- d-----w- c:\windows\system32\vi-VN
2009-07-22 15:26 . 2009-07-22 15:26 -------- d-----w- c:\windows\system32\SPReview
2009-07-22 15:12 . 2009-04-10 21:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2009-07-22 15:12 . 2009-04-10 21:27 57856 ----a-w- c:\windows\system32\compcln.exe
2009-07-22 15:07 . 2009-04-10 21:28 67584 ----a-w- c:\windows\system32\regapi.dll
2009-07-22 15:04 . 2009-07-22 15:04 -------- d-----w- c:\windows\system32\EventProviders
2009-07-22 12:51 . 2009-07-22 12:51 680 ----a-w- c:\users\Happy Family\AppData\Local\d3d9caps.dat
2009-07-21 18:34 . 2009-07-27 13:29 -------- d-----w- c:\users\Happy Family\AppData\Roaming\IObit
2009-07-21 14:33 . 2009-07-21 18:34 -------- d-----w- c:\program files\IObit
2009-07-20 16:39 . 2009-07-20 16:39 -------- d-----w- c:\users\Happy Family\AppData\Roaming\Media Player Classic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-18 14:35 . 2009-06-25 20:24 60100640 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-18 14:30 . 2009-06-25 20:24 705896 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-18 14:16 . 2008-05-08 06:57 662846 ----a-w- c:\windows\system32\perfh010.dat
2009-08-18 14:16 . 2008-05-08 06:57 120326 ----a-w- c:\windows\system32\perfc010.dat
2009-08-18 14:13 . 2009-06-26 21:14 117760 ----a-w- c:\users\Happy Family\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-18 13:57 . 2009-06-25 17:57 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-17 18:46 . 2009-06-27 07:23 1 ----a-w- c:\users\Happy Family\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-08-17 18:24 . 2009-07-29 14:00 28504 ----a-w- c:\programdata\nvModes.dat
2009-08-17 14:22 . 2009-06-25 20:26 -------- d-----w- c:\programdata\is-OHA4F
2009-08-16 18:37 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-16 17:37 . 2009-08-16 17:37 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-08-16 12:25 . 2009-06-27 07:19 -------- d-----w- c:\program files\Java
2009-08-16 12:06 . 2009-06-26 21:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-27 13:28 . 2008-05-07 21:11 -------- d-----w- c:\program files\Microsoft Works
2009-07-27 13:24 . 2009-06-25 18:14 -------- d-----w- c:\programdata\HDD Thermometer
2009-07-27 05:46 . 2009-07-13 19:34 -------- d-----w- c:\users\Happy Family\AppData\Roaming\live-player
2009-07-25 03:23 . 2009-06-27 07:19 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-22 17:00 . 2009-06-25 17:18 -------- d-----w- c:\programdata\NVIDIA
2009-07-22 15:31 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-07-22 15:31 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-07-22 15:31 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-07-22 15:31 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-07-22 15:31 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-22 15:31 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-07-22 15:30 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-22 15:24 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-07-21 21:52 . 2009-07-29 14:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 14:00 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 14:00 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 14:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-21 16:22 . 2009-06-25 19:07 -------- d-----w- c:\programdata\Partner
2009-07-21 14:59 . 2009-06-27 07:12 -------- d-----w- c:\users\Happy Family\AppData\Roaming\TeraCopy
2009-07-15 16:52 . 2009-07-15 16:52 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-07-15 13:27 . 2009-06-25 17:18 75456 ----a-w- c:\users\Happy Family\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-15 13:18 . 2008-05-07 21:10 -------- d-----w- c:\programdata\Microsoft Help
2009-07-15 06:24 . 2009-07-13 19:34 97 ----a-w- c:\users\Happy Family\AppData\Local\cciigmi.bat
2009-07-14 15:46 . 2009-06-27 10:22 -------- d-----w- c:\users\Happy Family\AppData\Roaming\dvdcss
2009-07-14 14:00 . 2009-07-14 14:00 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-07-13 19:55 . 2009-07-13 19:55 5430 ----a-r- c:\users\Happy Family\AppData\Roaming\Microsoft\Installer\{0FD95BFA-44E8-4AD5-954E-3407ADD55B06}\_E8C2EED12CBD54698B3A54.exe
2009-07-13 19:55 . 2009-07-13 19:55 5430 ----a-r- c:\users\Happy Family\AppData\Roaming\Microsoft\Installer\{0FD95BFA-44E8-4AD5-954E-3407ADD55B06}\_6FEFF9B68218417F98F549.exe
2009-07-13 19:55 . 2009-07-13 19:55 5430 ----a-r- c:\users\Happy Family\AppData\Roaming\Microsoft\Installer\{0FD95BFA-44E8-4AD5-954E-3407ADD55B06}\_6B7D9734814072B95063C9.exe
2009-07-13 19:45 . 2009-07-13 19:45 -------- d-----w- c:\program files\SopCast
2009-07-09 13:35 . 2009-07-09 13:35 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-09 13:33 . 2009-07-09 13:33 -------- d-----w- c:\program files\Common Files\Windows Live
2009-07-08 20:56 . 2009-07-08 20:56 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-07-08 16:05 . 2009-07-08 16:05 167376 ----a-w- c:\users\Happy Family\AppData\Roaming\Mozilla\Firefox\Profiles\60xn85yq.default\FlashGot.exe
2009-07-06 00:24 . 2009-07-06 00:22 117830 ----a-w- c:\windows\hpqins00.dat
2009-06-27 14:10 . 2009-06-27 13:39 168046 ----a-w- c:\windows\hpoins27.dat
2009-06-27 14:00 . 2009-06-27 14:00 -------- d-----w- c:\programdata\HP Product Assistant
2009-06-27 14:00 . 2009-06-27 13:05 -------- d-----w- c:\programdata\HP
2009-06-27 13:59 . 2009-06-27 13:59 -------- d-----w- c:\program files\Hewlett-Packard
2009-06-27 13:59 . 2009-06-27 13:59 -------- d-----w- c:\program files\Common Files\HP
2009-06-27 13:22 . 2009-06-27 13:22 -------- d-----w- c:\programdata\HPSSUPPLY
2009-06-27 13:17 . 2009-06-27 13:17 -------- d-----w- c:\users\Happy Family\AppData\Roaming\HP
2009-06-27 13:15 . 2009-06-27 13:15 -------- d-----w- c:\programdata\WEBREG
2009-06-27 13:14 . 2009-06-27 13:14 -------- d-----w- c:\programdata\Hewlett-Packard
2009-06-27 13:12 . 2009-06-27 13:12 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-06-27 13:10 . 2009-06-27 13:06 -------- d-----w- c:\program files\HP
2009-06-27 13:09 . 2009-06-27 13:09 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-06-27 07:22 . 2009-06-27 07:22 -------- d-----w- c:\users\Happy Family\AppData\Roaming\OpenOffice.org
2009-06-27 07:20 . 2009-06-27 07:20 -------- d-----w- c:\program files\JRE
2009-06-27 07:20 . 2009-06-27 07:20 -------- d-----w- c:\program files\OpenOffice.org 3
2009-06-27 07:17 . 2009-06-25 18:14 -------- d-----w- c:\users\Happy Family\AppData\Roaming\HDD Thermometer
2009-06-27 07:13 . 2009-06-27 07:13 -------- d-----w- c:\program files\WinISO
2009-06-27 07:12 . 2009-06-27 07:12 -------- d-----w- c:\program files\TeraCopy
2009-06-26 21:40 . 2009-06-26 21:40 -------- d-----w- c:\programdata\eMule AdunanzA
2009-06-26 21:40 . 2009-06-26 21:39 -------- d-----w- c:\program files\eMule AdunanzA
2009-06-26 21:27 . 2008-05-07 21:08 -------- d-----w- c:\programdata\McAfee
2009-06-26 21:24 . 2008-05-07 21:09 -------- d-----w- c:\programdata\SiteAdvisor
2009-06-26 21:14 . 2009-06-26 21:14 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-06-26 21:13 . 2009-06-26 21:13 -------- d-----w- c:\users\Happy Family\AppData\Roaming\SUPERAntiSpyware.com
2009-06-26 21:12 . 2009-06-26 21:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-26 02:41 . 2009-06-26 02:41 6656 ----a-w- c:\windows\system32\kbd106n.dll
2009-06-25 22:12 . 2009-06-25 22:12 -------- d-----w- c:\program files\MSXML 4.0
2009-06-25 22:08 . 2009-06-25 22:08 -------- d-----w- c:\programdata\LightScribe
2009-06-25 22:00 . 2009-06-25 21:58 -------- d-----w- c:\program files\The KMPlayer
2009-06-25 21:58 . 2009-06-25 21:58 -------- d-----w- c:\users\Happy Family\AppData\Roaming\vlc
2009-06-25 21:53 . 2009-06-25 21:53 -------- d-----w- c:\program files\VideoLAN
2009-06-25 21:45 . 2009-06-25 20:56 -------- d-----w- c:\program files\Common Files\Nero
2009-06-25 21:43 . 2009-06-25 20:56 -------- d-----w- c:\programdata\Nero
2009-06-25 21:43 . 2009-06-25 21:43 -------- d-----w- c:\program files\Nero
2009-06-25 20:59 . 2009-06-25 20:59 -------- d-----w- c:\users\Happy Family\AppData\Roaming\Nero
2009-06-25 20:20 . 2009-06-25 20:20 -------- d-----w- c:\program files\CCleaner
2009-06-25 20:03 . 2009-06-25 20:02 -------- d-----w- c:\program files\VS Revo Group
2009-06-25 19:08 . 2009-06-25 19:06 -------- d-----w- c:\program files\Google
2009-06-25 19:07 . 2009-06-25 19:07 110576 ----a-w- c:\programdata\Partner\partner.exe
2009-06-25 19:05 . 2008-05-07 21:28 -------- d-----w- c:\program files\Acer
2009-06-25 18:16 . 2008-05-07 21:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-25 18:15 . 2009-06-25 18:15 -------- d-----w- c:\program files\Acer Inc
2009-06-25 18:15 . 2009-06-25 18:10 -------- d-----w- c:\program files\Acer Arcade Deluxe
2009-06-25 18:13 . 2008-05-07 21:29 -------- d-----w- c:\programdata\CyberLink
2009-06-25 18:03 . 2009-06-25 18:03 -------- d-----w- c:\programdata\eSobi
2009-06-25 18:03 . 2009-06-25 18:03 -------- d-----w- c:\program files\eSobi
2009-06-25 17:57 . 2009-06-25 17:57 -------- d-----w- c:\programdata\Avira
2009-06-25 17:57 . 2009-06-25 17:57 -------- d-----w- c:\program files\Avira
2009-06-25 17:54 . 2009-06-25 17:54 -------- d-----w- c:\program files\Launch Manager
2009-06-25 17:53 . 2009-06-25 17:53 118784 ----a-w- c:\windows\system32\VMC3KAPI.dll
2009-06-25 17:53 . 2009-06-25 17:53 114688 ----a-w- c:\windows\system32\VCryptAPI.dll
2009-06-25 17:53 . 2009-06-25 17:53 23040 ----a-w- c:\windows\system32\ShlCmd.exe
2009-06-25 17:53 . 2009-06-25 17:53 5632 ----a-w- c:\windows\system32\biologon.dll
2009-06-25 19:07 . 2009-06-25 19:07 123392 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-18_14.11.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-08-18 14:13 55562 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-08-18 14:13 89860 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:05 . 2009-08-18 13:24 89860 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-06-25 17:06 . 2009-08-18 14:32 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-06-25 17:06 . 2009-08-18 14:10 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-06-25 17:06 . 2009-08-18 14:32 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-25 17:06 . 2009-08-18 14:10 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-25 17:06 . 2009-08-18 14:10 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-25 17:06 . 2009-08-18 14:32 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-15 13:08 . 2009-07-15 13:08 30720 c:\windows\Installer\bb225.msi
+ 2009-07-06 00:21 . 2009-07-06 00:21 65024 c:\windows\Installer\958a3.msi
+ 2009-06-25 17:18 . 2009-08-18 14:13 6328 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3792130533-4105100560-3462664888-1000_UserData.bin
+ 2009-08-18 14:31 . 2009-08-18 14:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-08-18 14:09 . 2009-08-18 14:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-08-18 14:31 . 2009-08-18 14:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-08-18 14:09 . 2009-08-18 14:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-08-18 14:16 587178 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-08-18 14:16 101250 c:\windows\System32\perfc009.dat
+ 2008-07-29 21:44 . 2008-07-29 21:44 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2008-07-31 02:25 . 2008-07-31 02:25 442880 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - ita\vs_setup.msi
+ 2009-06-27 14:10 . 2009-06-27 14:10 324608 c:\windows\Installer\f84ce.msi
+ 2009-06-27 14:09 . 2009-06-27 14:09 305152 c:\windows\Installer\f84c6.msi
+ 2009-06-27 14:09 . 2009-06-27 14:09 635392 c:\windows\Installer\f84bf.msi
+ 2009-06-27 14:05 . 2009-06-27 14:05 312320 c:\windows\Installer\f84b8.msi
+ 2009-06-27 14:04 . 2009-06-27 14:04 510976 c:\windows\Installer\f84b1.msi
+ 2009-06-27 14:04 . 2009-06-27 14:04 988160 c:\windows\Installer\f84aa.msi
+ 2009-06-27 14:03 . 2009-06-27 14:03 596480 c:\windows\Installer\f8495.msi
+ 2009-06-27 14:03 . 2009-06-27 14:03 121344 c:\windows\Installer\f8489.msi
+ 2009-06-27 14:02 . 2009-06-27 14:02 472576 c:\windows\Installer\f8482.msi
+ 2009-06-27 14:01 . 2009-06-27 14:01 647680 c:\windows\Installer\f8460.msi
+ 2009-06-27 14:01 . 2009-06-27 14:01 121344 c:\windows\Installer\f8452.msi
+ 2009-06-27 14:01 . 2009-06-27 14:01 367616 c:\windows\Installer\f844b.msi
+ 2009-06-27 14:00 . 2009-06-27 14:00 748544 c:\windows\Installer\f8444.msi
+ 2009-06-27 14:00 . 2009-06-27 14:00 634880 c:\windows\Installer\f8434.msi
+ 2009-06-27 14:00 . 2009-06-27 14:00 121344 c:\windows\Installer\f842d.msi
+ 2009-06-27 13:59 . 2009-06-27 13:59 795648 c:\windows\Installer\f8426.msi
+ 2009-06-27 13:59 . 2009-06-27 13:59 321024 c:\windows\Installer\f841b.msi
+ 2009-06-27 13:59 . 2009-06-27 13:59 591360 c:\windows\Installer\f8414.msi
+ 2009-06-27 13:59 . 2009-06-27 13:59 519680 c:\windows\Installer\f840d.msi
+ 2009-06-27 13:58 . 2009-06-27 13:58 432640 c:\windows\Installer\f8406.msi
+ 2009-06-27 13:58 . 2009-06-27 13:58 326144 c:\windows\Installer\f83fb.msi
+ 2009-06-27 13:58 . 2009-06-27 13:58 501248 c:\windows\Installer\f83f4.msi
+ 2009-07-15 13:11 . 2009-07-15 13:11 438784 c:\windows\Installer\e375b.msi
+ 2009-07-06 00:24 . 2009-07-06 00:24 444416 c:\windows\Installer\9590a.msi
+ 2009-07-06 00:24 . 2009-07-06 00:24 613376 c:\windows\Installer\958fe.msi
+ 2009-07-06 00:23 . 2009-07-06 00:23 550912 c:\windows\Installer\958c6.msi
+ 2009-06-25 22:12 . 2009-06-25 22:12 432640 c:\windows\Installer\8be17.msi
+ 2008-05-07 21:10 . 2008-05-07 21:10 503296 c:\windows\Installer\8376e.msi
+ 2008-05-07 21:10 . 2008-05-07 21:10 506880 c:\windows\Installer\83768.msi
+ 2008-05-07 21:10 . 2008-05-07 21:10 516608 c:\windows\Installer\83761.msi
+ 2008-05-07 21:10 . 2008-05-07 21:10 513536 c:\windows\Installer\8375a.msi
+ 2008-05-07 21:10 . 2008-05-07 21:10 512512 c:\windows\Installer\83753.msi
+ 2009-06-27 13:12 . 2009-06-27 13:12 375808 c:\windows\Installer\5f97b.msi
+ 2009-06-27 13:11 . 2009-06-27 13:11 691712 c:\windows\Installer\5f973.msi
+ 2009-05-26 16:53 . 2009-05-26 16:53 579072 c:\windows\Installer\5d530.msp
+ 2009-06-25 20:32 . 2009-06-25 20:32 100352 c:\windows\Installer\5a66b5.msi
+ 2009-07-09 13:35 . 2009-07-09 13:35 140288 c:\windows\Installer\28b851.msi
+ 2009-07-09 13:35 . 2009-07-09 13:35 202752 c:\windows\Installer\28b84a.msi
+ 2009-07-09 13:35 . 2009-07-09 13:35 301056 c:\windows\Installer\28b82e.msi
+ 2009-03-20 09:48 . 2009-03-20 09:48 183808 c:\windows\Installer\24f458d.msp
+ 2009-07-13 19:55 . 2009-07-13 19:55 345088 c:\windows\Installer\1be4f82.msi
+ 2007-10-15 11:25 . 2007-10-15 11:25 324608 c:\windows\Installer\19eeb.msp
+ 2008-12-13 07:58 . 2008-12-13 07:58 754688 c:\windows\Installer\18dc62.msp
+ 2009-06-25 18:21 . 2009-06-25 18:21 648192 c:\windows\Installer\18dc56.msi
+ 2009-06-25 17:53 . 2009-06-25 17:53 228352 c:\windows\Installer\18dc38.msi
+ 2009-06-25 17:52 . 2009-06-25 17:52 515072 c:\windows\Installer\18dc31.msi
+ 2009-07-29 14:17 . 2009-07-29 14:17 195584 c:\windows\Installer\168c74.msi
+ 2009-07-29 14:17 . 2009-07-29 14:17 248832 c:\windows\Installer\168c6d.msi
+ 2008-05-07 21:25 . 2008-05-07 21:25 997376 c:\windows\Installer\15245d.msi
+ 2008-04-30 07:20 . 2008-04-30 07:20 331264 c:\windows\Installer\142af.msi
+ 2009-08-18 14:30 . 2009-08-18 14:30 208896 c:\windows\ERDNT\subs\Users\00000002\NTUSER.DAT
+ 2009-08-18 14:30 . 2009-08-18 14:30 212992 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2008-04-30 08:09 . 2007-03-09 04:43 3551744 c:\windows\System32\oem\AcroRead.msi
+ 2007-01-17 10:24 . 2007-01-17 10:24 2830336 c:\windows\System32\LS_HSI.msi
+ 2009-06-27 07:21 . 2009-06-27 07:21 9816064 c:\windows\Installer\f764f.msi
+ 2009-06-27 07:19 . 2009-06-27 07:19 1633792 c:\windows\Installer\f764b.msi
+ 2009-06-27 07:15 . 2009-06-27 07:15 3604992 c:\windows\Installer\f7644.msi
+ 2009-04-04 15:10 . 2009-04-04 15:10 3262464 c:\windows\Installer\e389d.msp
+ 2009-04-04 15:10 . 2009-04-04 15:10 1282560 c:\windows\Installer\e3893.msp
+ 2009-04-04 15:10 . 2009-04-04 15:10 9926144 c:\windows\Installer\e388a.msp
+ 2009-06-25 19:08 . 2009-06-25 19:08 1139200 c:\windows\Installer\d3e4d.msi
+ 2009-07-06 00:25 . 2009-07-06 00:25 1894400 c:\windows\Installer\95925.msi
+ 2009-06-25 17:17 . 2009-06-25 17:17 1634816 c:\windows\Installer\8962b.msi
+ 2008-05-07 21:13 . 2008-05-07 21:13 1046016 c:\windows\Installer\837ac.msi
+ 2008-05-07 21:13 . 2008-05-07 21:13 4461568 c:\windows\Installer\837a6.msi
+ 2007-03-22 13:46 . 2007-03-22 13:46 2047488 c:\windows\Installer\837a0.msp
+ 2007-03-22 13:46 . 2007-03-22 13:46 8198656 c:\windows\Installer\8378e.msp
+ 2008-05-07 21:11 . 2008-05-07 21:11 9613312 c:\windows\Installer\8377c.msi
+ 2008-05-07 21:10 . 2008-05-07 21:10 1656320 c:\windows\Installer\83775.msi
+ 2008-05-07 21:10 . 2008-05-07 21:10 1644544 c:\windows\Installer\8374d.msi
+ 2008-05-07 21:10 . 2008-05-07 21:10 1644032 c:\windows\Installer\83746.msi
+ 2008-05-07 21:10 . 2008-05-07 21:10 1753088 c:\windows\Installer\83740.msi
+ 2008-05-07 21:10 . 2008-05-07 21:10 2417152 c:\windows\Installer\8373a.msi
+ 2009-06-26 21:13 . 2009-06-26 21:13 1516544 c:\windows\Installer\5eed3.msi
+ 2009-05-04 05:46 . 2009-05-04 05:46 8299008 c:\windows\Installer\5d5c9.msp
+ 2009-04-14 02:22 . 2009-04-14 02:22 7227392 c:\windows\Installer\5d5b5.msp
+ 2009-05-04 05:47 . 2009-05-04 05:47 9124864 c:\windows\Installer\5d5ac.msp
+ 2009-04-24 10:30 . 2009-04-24 10:30 2583552 c:\windows\Installer\5d598.msp
+ 2009-04-22 13:18 . 2009-04-22 13:18 4869632 c:\windows\Installer\5d584.msp
+ 2009-04-14 01:47 . 2009-04-14 01:47 7244800 c:\windows\Installer\5d569.msp
+ 2009-02-25 17:08 . 2009-02-25 17:08 8311808 c:\windows\Installer\5d560.msp
+ 2009-04-24 10:28 . 2009-04-24 10:28 4450816 c:\windows\Installer\5d54e.msp
+ 2009-04-24 10:29 . 2009-04-24 10:29 9013760 c:\windows\Installer\5d51d.msp
+ 2007-10-15 11:24 . 2007-10-15 11:24 1536512 c:\windows\Installer\19ef4.msp
+ 2007-10-15 11:25 . 2007-10-15 11:25 5749760 c:\windows\Installer\19ee4.msp
+ 2007-10-15 11:25 . 2007-10-15 11:25 6205440 c:\windows\Installer\19edb.msp
+ 2008-02-15 08:54 . 2008-02-15 08:54 9736192 c:\windows\Installer\19ebd.msp
+ 2009-06-25 18:12 . 2009-06-25 18:12 4564480 c:\windows\Installer\18dc4f.msi
+ 2009-06-25 18:03 . 2009-06-25 18:03 1321984 c:\windows\Installer\18dc45.msi
+ 2009-06-25 17:56 . 2009-06-25 17:56 8373248 c:\windows\Installer\18dc40.msi
+ 2008-05-07 21:27 . 2008-05-07 21:27 5604864 c:\windows\Installer\152467.msi
+ 2008-05-07 21:25 . 2008-05-07 21:25 2674688 c:\windows\Installer\152462.msi
+ 2008-05-07 21:25 . 2008-05-07 21:25 2836480 c:\windows\Installer\152456.msi
+ 2008-04-30 07:25 . 2008-04-30 07:25 3547648 c:\windows\Installer\142b5.msi
+ 2009-06-25 21:45 . 2009-06-25 21:45 7772160 c:\windows\Installer\1260f8.msi
+ 2009-08-18 14:30 . 2009-08-18 14:30 2543616 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
+ 2009-08-18 14:30 . 2009-08-18 14:30 2121728 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
+ 2009-06-25 17:52 . 2009-06-25 17:52 2319872 c:\windows\Downloaded Installations\{4A950ED3-4763-44A0-910A-B2BA5F2D5CA9}\atmininstall.msi
+ 2009-04-04 15:09 . 2009-04-04 15:09 10874880 c:\windows\Installer\e387e.msp
+ 2009-04-04 07:03 . 2009-04-04 07:03 20161536 c:\windows\Installer\e377a.msp
+ 2009-04-04 07:01 . 2009-04-04 07:01 14048256 c:\windows\Installer\e3770.msp
+ 2009-04-14 02:57 . 2009-04-14 02:57 10880512 c:\windows\Installer\5d539.msp
+ 2007-10-15 11:24 . 2007-10-15 11:24 12251136 c:\windows\Installer\19f07.msp
+ 2007-10-15 11:24 . 2007-10-15 11:24 21604864 c:\windows\Installer\19ec5.msp
+ 2009-04-04 15:08 . 2009-04-04 15:08 343058432 c:\windows\Installer\e3872.msp
+ 2007-10-15 11:24 . 2007-10-15 11:24 229852160 c:\windows\Installer\19f9f.msp
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-16 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-19 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-19 92704]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2009-06-25 3667968]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-25 809480]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-30 397312]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-04-10 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-04-10 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-04-18 167936]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-06-25 24064]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-25 6111232]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-11-21 1826816]

c:\users\Happy Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-6-25 1216512]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2009-06-25 17:53 3110912 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):d6,5d,fb,86,e2,0a,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EDD33C57-C9CF-452D-AF8F-BF917549F62B}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DF21046C-0A25-4FAF-A1BF-517BEF5405D8}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DC808DF1-C040-4E29-A5B1-73952534C8BA}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{0D51BA99-356E-4B7A-9E65-987ED78BA285}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{E7396943-4CE5-42E3-A7EA-71FF51C54DCF}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{8D0247B6-B148-4E39-870B-8FF98EEBC8C8}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{A38B6703-8CFB-464A-BA28-0C7599718CD6}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{F0599F67-0601-4D3D-A86A-E4681DE023BA}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{8CE8F528-1E9F-4430-AD9B-10259617BCBD}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{0ACCB565-A618-48A6-8B31-A3F25F2A0B2A}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM
"{3035819F-412F-4151-A50B-15575108C9AD}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{9AFD42F4-BB88-4A78-ABD0-0007FB0B1972}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie
"{2B1F9693-6F70-48AC-BAD1-629DA4289A40}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program
"{D645AA5E-4285-4DDB-ADD6-EE5B6DE96ABE}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia
"TCP Query User{CD474E74-ABC5-4B94-802B-9ADDBF38F36D}c:\\program files\\emule adunanza\\emule_adnza.exe"= UDP:c:\program files\emule adunanza\emule_adnza.exe:eMule
"UDP Query User{0E5E1D55-E396-4517-95C8-CBB0D39FFC56}c:\\program files\\emule adunanza\\emule_adnza.exe"= TCP:c:\program files\emule adunanza\emule_adnza.exe:eMule
"{5FCABD74-A0A9-4365-97C5-3CB255695903}"= UDP:c:\program files\eMule AdunanzA\LinkCreator.exe:LinkCreator
"{751C7890-959A-4BCD-8BE3-66F99F4ACAFF}"= TCP:c:\program files\eMule AdunanzA\LinkCreator.exe:LinkCreator
"{2D604E5E-4AE4-4FCD-9646-7705B5E2FBBC}"= UDP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{8F4C24F0-0E12-4F00-86C3-F1087F6138AB}"= TCP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{3E8F9250-B26D-4D3C-9AE0-199443405350}"= UDP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{B6555C4B-20A6-4656-B63E-F69068B386B2}"= TCP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{4AEFA42F-1BCA-4C63-B02C-BE57D262D70A}"= UDP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{17D913B0-D8D2-4920-867E-E04801FBF08F}"= TCP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{8E926176-1E91-4AFD-8247-7CB958459B28}"= UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{4408BBBB-ED23-4C61-B183-45943F656673}"= TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{890E0B18-0CFF-4AD1-AF2B-7F9FC7F66687}"= UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{5115C74B-C79C-4E0D-92FB-5B54D28FA4A1}"= TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{1DF7D62D-FB8F-48C3-8A1A-C3AD67B3ABAD}"= UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{1CA1354C-7FA1-4955-B11A-4FEFE90F8210}"= TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{5C944F2D-DCCD-4FE6-9F3C-D1D0D3360F3F}"= UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{FE1F5331-0792-4ED9-A30B-E2FF380A6505}"= TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"TCP Query User{702BE16A-E2C9-4014-9DF6-F05F91D6950B}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{80ACE61E-84BE-4256-A4F5-9D4E931D023F}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{D6755A69-4576-49B8-899E-84C375B08506}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{5807955A-7606-42EB-A125-33B0671DD9CF}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{E4E02B91-7D19-43D3-9480-42E80DC3D4BE}f:\\internettv.exe"= UDP:F:\internettv.exe:Readon TV Movie Radio Player
"UDP Query User{496B4180-6447-44AF-9144-3E8CB9F438CA}f:\\internettv.exe"= TCP:F:\internettv.exe:Readon TV Movie Radio Player
"TCP Query User{E7EBFC4F-0A1F-4DBA-B67F-FE8F6C88DDF8}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{9628F199-A709-43B4-A095-AC57D9925AF0}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"TCP Query User{997C0E8B-42A8-4F62-A28C-5F255BED05A3}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{F53C8B34-BA0C-43C3-8618-4C280C200628}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\System32\drivers\AlfaFF.sys [25/06/2009 19.53.10 43184]
R1 is-OHA4Fdrv;is-OHA4Fdrv;c:\windows\System32\drivers\10565681.sys [25/06/2009 22.24.52 148496]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/06/2009 11.01.40 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/06/2009 11.01.40 74480]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [25/06/2009 20.13.07 61424]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [03/03/2008 13.11.14 16384]
R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [25/06/2009 20.14.54 81504]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [07/05/2008 23.28.16 24576]
R2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [25/06/2009 19.53.17 3517440]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [06/04/2008 22.42.24 50424]
R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [25/06/2009 20.14.59 122368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [04/04/2008 3.03.14 131072]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [25/06/2009 19.51.15 233472]
R3 NETw5v32;Driver scheda Intel(R) Wireless WiFi Link per Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [26/06/2009 4.39.50 3658752]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [26/06/2009 4.39.04 44064]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [21/01/2008 4.23.20 179712]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [25/06/2009 21.06.39 24064]
S3 Partner Service;Partner Service;c:\programdata\Partner\partner.exe [25/06/2009 21.07.39 110576]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/06/2009 11.01.42 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-08-18 c:\windows\Tasks\User_Feed_Synchronization-{0DBE58FD-B487-4991-9EBA-16B4398246B8}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... spire_5930
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... spire_5930
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Happy Family\AppData\Roaming\Mozilla\Firefox\Profiles\60xn85yq.default\
FF - prefs.js: browser.startup.homepage - http://www.sportmediaset.it
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: f:\picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-18 16:33
Windows 6.0.6002 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


c:\users\HAPPYF~1\AppData\Local\Temp\catchme.dll 53248 bytes executable
c:\windows\TEMP\TMP0000002E12ECA814BA6F28BA 524288 bytes executable

Scansione completata con successo
Files nascosti: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'Explorer.exe'(3644)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\System32\IoctlSvc.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\conime.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Ora fine scansione: 2009-08-18 16.38.15 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-08-18 14:38
ComboFix2.txt 2009-08-18 14:15

Pre-Run: 107.878.608.896 byte disponibili
Post-Run: 107.578.101.760 byte disponibili

541 --- E O F --- 2009-08-18 13:04
Mai contraddire una donna..Prima o poi lo farà da sola..
Avatar utente
ARIETE72
Senior Member
Senior Member
 
Messaggi: 449
Iscritto il: mar mar 07, 2006 4:24 pm
Località: milano

Re: CONTROLLO LOG hijackthis. AIUTO!!

Messaggioda ARIETE72 » mar ago 18, 2009 3:41 pm

p.s

è normale che avira nn si apra!?
c'è sulla bar uno scudo con una x bianca che mi manda al max al centro sicurezza pc ma se clikko attiva avira non accade nulla
:-(
che succede!?
Mai contraddire una donna..Prima o poi lo farà da sola..
Avatar utente
ARIETE72
Senior Member
Senior Member
 
Messaggi: 449
Iscritto il: mar mar 07, 2006 4:24 pm
Località: milano

Re: CONTROLLO LOG hijackthis. AIUTO!!

Messaggioda crazy.cat » mar ago 18, 2009 3:50 pm

ARIETE72 ha scritto:è normale che avira nn si apra!??

No.
Prova a riavviare il pc e al massimo reinstallalo.
Strano perché combofix ha tolto varie cose ma avira non è stata toccata.


ARIETE72 ha scritto:in che sengo google? in che modo insegna ad usarlo?

Inserisci il nome del file sospetto su google e poi vedi i risultati che escono.
Se non viene trovato o ci sono risultati bassi, sai (quasi sicuramente) che è un malware.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: CONTROLLO LOG hijackthis. AIUTO!!

Messaggioda ARIETE72 » mar ago 18, 2009 3:53 pm

risolto con avira..ho riattivato..
avira continua con il pip up "rilevato virus: TR/Lipler.GB" che puntualmente blocco, ma poi ricompare...
centra qualcosa con il problema che ho?
Mai contraddire una donna..Prima o poi lo farà da sola..
Avatar utente
ARIETE72
Senior Member
Senior Member
 
Messaggi: 449
Iscritto il: mar mar 07, 2006 4:24 pm
Località: milano

Re: CONTROLLO LOG hijackthis. AIUTO!!

Messaggioda ARIETE72 » mar ago 18, 2009 3:55 pm

Caro Crazy, il problema è scovare il file sospetto come sai fare bene tu..
:-)
attendo il da farsi per il virus che trova avira
grazie
Mai contraddire una donna..Prima o poi lo farà da sola..
Avatar utente
ARIETE72
Senior Member
Senior Member
 
Messaggi: 449
Iscritto il: mar mar 07, 2006 4:24 pm
Località: milano

Re: CONTROLLO LOG hijackthis. AIUTO!!

Messaggioda crazy.cat » mar ago 18, 2009 5:14 pm

Dove rileva il virus avira?
Invece di bloccarlo prova ad eliminarlo e riavvia subito il pc e poi vedi se ricompare.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: CONTROLLO LOG hijackthis. AIUTO!!

Messaggioda ARIETE72 » mar ago 18, 2009 6:55 pm

ecco cosa rileva avira guard : è in "F" ( il mio disco esterno )

Nel file 'F:\Live-Player_setup(2).exe'
è stato rilevato un virus o programma indesiderato 'TR/Lipler.GB' [trojan].
Azione eseguita: Nega accesso

ora anziche' negare accesso ho scelto "elimina".
Provo anche a cancellare il .exe del programma
ti faccio sapere
grazie ancora!
Mai contraddire una donna..Prima o poi lo farà da sola..
Avatar utente
ARIETE72
Senior Member
Senior Member
 
Messaggi: 449
Iscritto il: mar mar 07, 2006 4:24 pm
Località: milano

Re: CONTROLLO LOG hijackthis. AIUTO!!

Messaggioda ARIETE72 » mar ago 18, 2009 7:00 pm

ma in F non lo trovo questo programma....per cancellarlo
sigh..
Mai contraddire una donna..Prima o poi lo farà da sola..
Avatar utente
ARIETE72
Senior Member
Senior Member
 
Messaggi: 449
Iscritto il: mar mar 07, 2006 4:24 pm
Località: milano

Re: CONTROLLO LOG hijackthis. AIUTO!!

Messaggioda ste_95 » mar ago 18, 2009 8:09 pm

Avendo scelto di eliminare il file con Antivir, è giusto che non lo trovi più a mano. [;)]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: CONTROLLO LOG hijackthis. AIUTO!!

Messaggioda ARIETE72 » mer ago 19, 2009 6:49 am

hai ragione Ste...
il problema infatti non si presenta piu'..
grazie ad entrambi!!
ciao!
Mai contraddire una donna..Prima o poi lo farà da sola..
Avatar utente
ARIETE72
Senior Member
Senior Member
 
Messaggi: 449
Iscritto il: mar mar 07, 2006 4:24 pm
Località: milano


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 6 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising