YuYu

it's not there anymore!!! yontoo !!! in my list of applications you removed it!!!!

ok, i coudn't wait that's the log i've got after cleaning and rebooting: # AdwCleaner v2.303 - Logfile creato il 09/06/2013 alle 00:32:05 # Aggiornamento 08/06/2013 by Xplode # Sistema Operativo : Windows Vista Home Premium Service Pack 2 (32 bits) # Utente : Giulia - PC-GIULIA # Modalità Avvio : Modalità Normale # Eseguito da : C:\Users\Giulia\Downloads\adwcleaner (3).exe # Opzioni [Elimina] ***** [servizi] ***** Fermato & Eliminato : Yontoo Desktop Updater ***** [File / Cartelle] ***** Cartella Eliminato : C:\Program Files\Conduit Cartella Eliminato : C:\Program Files\GamesBar Cartella Eliminato : C:\Program Files\Yontoo Cartella Eliminato : C:\ProgramData\GamesBar Cartella Eliminato : C:\ProgramData\Tarma Installer Cartella Eliminato : C:\Users\Giulia\AppData\Local\Conduit Cartella Eliminato : C:\Users\Giulia\AppData\Local\Ilivid Cartella Eliminato : C:\Users\Giulia\AppData\Local\PackageAware Cartella Eliminato : C:\Users\Giulia\AppData\Local\SwvUpdater Cartella Eliminato : C:\Users\Giulia\AppData\LocalLow\Conduit Cartella Eliminato : C:\Users\Giulia\AppData\Roaming\iWin Cartella Eliminato : C:\Users\Giulia\AppData\Roaming\Yontoo Cartella Eliminato : C:\Windows\Installer\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} File Eliminato : C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.url File Eliminato : C:\Windows\system32\roboot.exe ***** [Registro] ***** Chiave Eliminata : HKCU\Software\Alexa Internet Chiave Eliminata : HKCU\Software\AppDataLow\Software\AVG Security Toolbar Chiave Eliminata : HKCU\Software\AppDataLow\Software\Conduit Chiave Eliminata : HKCU\Software\Conduit Chiave Eliminata : HKCU\Software\Imesh Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Chiave Eliminata : HKCU\Software\YahooPartnerToolbar Chiave Eliminata : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB Chiave Eliminata : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB.1 Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{1F02FB61-2BE5-4C16-8199-AEAA16EB0342} Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4} Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7} Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179} Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{E57091A7-B5F0-4C42-9329-72ED3E59ED31} Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar.CT2306678 Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar.CT2440453 Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar.CT2576279 Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967} Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{DA9FC525-41ED-4C00-B046-946DA7CDD305} Chiave Eliminata : HKLM\SOFTWARE\Classes\YontooIEClient.Api Chiave Eliminata : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1 Chiave Eliminata : HKLM\SOFTWARE\Classes\YontooIEClient.Layers Chiave Eliminata : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1 Chiave Eliminata : HKLM\Software\Conduit Chiave Eliminata : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57091A7-B5F0-4C42-9329-72ED3E59ED31} Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Chiave Eliminata : HKLM\Software\Tarma Installer Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Valore Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] ***** [browser Internet] ***** -\\ Internet Explorer v7.0.6002.18005 [OK] Registro Pulito. -\\ Google Chrome v27.0.1453.110 File : C:\Users\Giulia\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File Pulito. -\\ Opera v [impossibile rilevare la versione] File : C:\Users\Giulia\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File Pulito. ************************* AdwCleaner[R1].txt - [5713 octets] - [09/06/2013 00:18:30] AdwCleaner[s1].txt - [5782 octets] - [09/06/2013 00:32:05] ########## EOF - C:\AdwCleaner[s1].txt - [5842 octets] ##########

Hi MrCharlie, This is what i get, now i go to sleep... # AdwCleaner v2.303 - Logfile creato il 09/06/2013 alle 00:18:30 # Aggiornamento 08/06/2013 by Xplode # Sistema Operativo : Windows Vista Home Premium Service Pack 2 (32 bits) # Utente : Giulia - PC-GIULIA # Modalità Avvio : Modalità Normale # Eseguito da : C:\Users\Giulia\Downloads\adwcleaner (3).exe # Opzioni [Cerca] ***** [servizi] ***** Trovato : Yontoo Desktop Updater ***** [File / Cartelle] ***** Cartella Trovato : C:\Program Files\Conduit Cartella Trovato : C:\Program Files\GamesBar Cartella Trovato : C:\Program Files\Yontoo Cartella Trovato : C:\ProgramData\GamesBar Cartella Trovato : C:\ProgramData\Tarma Installer Cartella Trovato : C:\Users\Giulia\AppData\Local\Conduit Cartella Trovato : C:\Users\Giulia\AppData\Local\Ilivid Cartella Trovato : C:\Users\Giulia\AppData\Local\PackageAware Cartella Trovato : C:\Users\Giulia\AppData\Local\SwvUpdater Cartella Trovato : C:\Users\Giulia\AppData\LocalLow\Conduit Cartella Trovato : C:\Users\Giulia\AppData\Roaming\iWin Cartella Trovato : C:\Users\Giulia\AppData\Roaming\Yontoo Cartella Trovato : C:\Windows\Installer\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} File Trovato : C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.url File Trovato : C:\Windows\system32\roboot.exe ***** [Registro] ***** Chiave Trovata : HKCU\Software\Alexa Internet Chiave Trovata : HKCU\Software\AppDataLow\Software\AVG Security Toolbar Chiave Trovata : HKCU\Software\AppDataLow\Software\Conduit Chiave Trovata : HKCU\Software\Conduit Chiave Trovata : HKCU\Software\Imesh Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Chiave Trovata : HKCU\Software\YahooPartnerToolbar Chiave Trovata : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB Chiave Trovata : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB.1 Chiave Trovata : HKLM\SOFTWARE\Classes\AppID\{1F02FB61-2BE5-4C16-8199-AEAA16EB0342} Chiave Trovata : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Chiave Trovata : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Chiave Trovata : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Chiave Trovata : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Chiave Trovata : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Chiave Trovata : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4} Chiave Trovata : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Chiave Trovata : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7} Chiave Trovata : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179} Chiave Trovata : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Chiave Trovata : HKLM\SOFTWARE\Classes\CLSID\{E57091A7-B5F0-4C42-9329-72ED3E59ED31} Chiave Trovata : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Chiave Trovata : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Chiave Trovata : HKLM\SOFTWARE\Classes\Toolbar.CT2306678 Chiave Trovata : HKLM\SOFTWARE\Classes\Toolbar.CT2440453 Chiave Trovata : HKLM\SOFTWARE\Classes\Toolbar.CT2576279 Chiave Trovata : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967} Chiave Trovata : HKLM\SOFTWARE\Classes\TypeLib\{DA9FC525-41ED-4C00-B046-946DA7CDD305} Chiave Trovata : HKLM\SOFTWARE\Classes\YontooIEClient.Api Chiave Trovata : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1 Chiave Trovata : HKLM\SOFTWARE\Classes\YontooIEClient.Layers Chiave Trovata : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1 Chiave Trovata : HKLM\Software\Conduit Chiave Trovata : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc Chiave Trovata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57091A7-B5F0-4C42-9329-72ED3E59ED31} Chiave Trovata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Chiave Trovata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Chiave Trovata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Chiave Trovata : HKLM\Software\Tarma Installer Valore Trovata : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Valore Trovata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] ***** [browser Internet] ***** -\\ Internet Explorer v7.0.6002.18005 [OK] Registro Pulito. -\\ Google Chrome v27.0.1453.110 File : C:\Users\Giulia\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File Pulito. -\\ Opera v [impossibile rilevare la versione] File : C:\Users\Giulia\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File Pulito. ************************* AdwCleaner[R1].txt - [5584 octets] - [09/06/2013 00:18:30] ########## EOF - C:\AdwCleaner[R1].txt - [5644 octets] ##########

Hi, I've got a problem with yontoo, i see that it's in my list of application but i cannot remove it, when i try to uninstall it i get an error. I've already scanned my laptop with malwarebytes and it detected quite some stuff that i have removed, but i'm not sure that only yontoo is still there. I'm now running microsoft security scanner again and waiting for the results but i can see already that there's something malicious. I've scanned my laptop with dds and that's what i get: I'm really thinking that i should make a back up and format Thanks! DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_39 Run by Giulia at 19:50:40 on 2013-06-08 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.3070.1304 [GMT 2:00] . AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\SLsvc.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Acer\ALaunch\ALaunchSvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe C:\Acer\Empowering Technology\eNet\eNet Service.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Acer\Mobility Center\MobilityService.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Acer\Acer VCM\RS_Service.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Acer\Empowering Technology\ePower\ePowerSvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Yontoo\Y2Desktop.Updater.exe C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe C:\Windows\system32\wbem\unsecapp.exe c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\wuauclt.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe C:\Acer\Empowering Technology\eAudio\eAudio.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\System32\rundll32.exe C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe C:\Program Files\MarkAny\ContentSafer\MaAgent.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Real\RealPlayer\Update\realsched.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Acer\Acer VCM\AcerVCM.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Users\Giulia\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Acer\Acer VCM\acp2HID.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Giulia\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\mcbuilder.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k WindowsMobile . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.nl/ uSearch Bar = Preserve uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://it.intl.acer.yahoo.com mDefault_Page_URL = hxxp://it.intl.acer.yahoo.com uProxyOverride = local;*.local BHO: Yahoo! Toolbar Helper: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - <orphaned> BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\windows\system32\eDStoolbar.dll TB: Yahoo! Toolbar con blocco Pop-Up: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe uRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [eMuleAutoStart] c:\program files\emule\emule.exe -AutoStart uRun: [Google Update] "c:\users\giulia\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe mRun: [eAudio] "c:\acer\empowering technology\eaudio\eAudio.exe" mRun: [Acer Tour] <no file> StartupFolder: c:\users\giulia\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {0D876D18-13BD-4D80-B946-F4714200F528} - hxxp://chiamagratis.abbeyphone.com/gui/usr/cab/ChiamagratisXVOW.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 192.168.2.254 195.241.77.55 195.241.77.58 TCP: Interfaces\{94855534-3589-4CF9-B477-24660C1520A9} : DHCPNameServer = 192.168.2.254 195.241.77.55 195.241.77.58 TCP: Interfaces\{EB8FB831-B860-458F-B493-F20FFD3F74F4} : DHCPNameServer = 192.168.0.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll SEH: ShellHook Class - {88485281-8b4b-4f8d-9ede-82e29a064277} - c:\program files\markany\contentsafer\MACSMANAGER.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.110\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296] R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\play movie\000.fcl [2008-3-24 41456] R2 ALaunchService;ALaunch Service;c:\acer\alaunch\ALaunchSvc.exe [2007-12-21 50688] R2 FontCache;Servizio cache tipi di carattere Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-27 21504] R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-1-20 100328] R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2008-3-24 233472] R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-5-14 3289208] R2 Yontoo Desktop Updater;Yontoo Desktop Updater;c:\program files\yontoo\Y2Desktop.Updater.exe [2013-3-29 23552] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-12-21 179712] R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480] R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232] R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-12-21 43008] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384] S3 A310;AVerMedia A310 DVB-T;c:\windows\system32\drivers\AVerA310USB.sys [2007-12-21 26368] S3 BDASwCap;AVerMedia A310 BDA DVBT Capture Device;c:\windows\system32\drivers\AVerA310Cap.sys [2007-12-21 42240] S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-26 39272] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040] . =============== Created Last 30 ================ . 2013-06-08 13:34:53 724464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{af0b6630-36af-490e-8779-3226696f24e2}\gapaengine.dll 2013-06-08 13:34:36 7016152 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{316e11ab-b2f4-4916-aa33-215256c88f8c}\mpengine.dll 2013-06-08 13:31:54 -------- d-----w- c:\program files\Microsoft Security Client 2013-06-08 06:30:45 -------- d-----w- c:\users\giulia\appdata\roaming\Malwarebytes 2013-06-08 06:30:14 -------- d-----w- c:\programdata\Malwarebytes 2013-06-08 06:26:58 -------- d-----w- c:\users\giulia\appdata\local\ElevatedDiagnostics 2013-05-30 20:09:19 221568 ----a-w- c:\windows\system32\drivers\netio.sys 2013-05-28 15:54:09 7016152 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5a3a39bb-4751-45af-8a0f-e7df7b90b3a3}\mpengine.dll 2013-05-18 15:49:41 -------- d-----w- c:\users\giulia\appdata\local\Nokia 2013-05-18 15:49:18 -------- d-----w- c:\programdata\NokiaMusic 2013-05-18 15:35:38 -------- d-----w- c:\program files\common files\PCSuite 2013-05-18 15:35:27 -------- d-----w- c:\program files\common files\Nokia 2013-05-18 15:34:01 19072 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys 2013-05-18 15:32:03 -------- d-----w- c:\program files\PC Connectivity Solution 2013-05-18 15:23:11 -------- d-----w- c:\programdata\NokiaInstallerCache 2013-05-18 15:23:11 -------- d-----w- c:\program files\Nokia 2013-05-15 16:57:51 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-05-15 16:57:51 37376 ----a-w- c:\windows\system32\cdd.dll 2013-05-15 16:57:29 2049024 ----a-w- c:\windows\system32\win32k.sys 2013-05-14 11:31:10 6128760 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll 2013-05-14 11:31:10 6128760 ----a-w- c:\program files\mozilla firefox\browser\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll . ==================== Find3M ==================== . 2013-05-15 17:38:18 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-05-15 17:38:18 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-03-11 13:25:50 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-03-11 13:25:50 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe . ============= FINISH: 19.52.47,83 ===============