Jump to content

YuYu

Members
 View Profile  See their activity

  • Posts

    4

  • Joined

  • Last visited

 Content Type 

Posts posted by YuYu

    I cannot uninstall Yontoo

    in Resolved Malware Removal Logs

    Posted

    ok, i coudn't wait :) that's the log i've got after cleaning and rebooting:

    # AdwCleaner v2.303 - Logfile creato il 09/06/2013 alle 00:32:05

    # Aggiornamento 08/06/2013 by Xplode

    # Sistema Operativo : Windows Vista Home Premium Service Pack 2 (32 bits)

    # Utente : Giulia - PC-GIULIA

    # Modalità Avvio : Modalità Normale

    # Eseguito da : C:\Users\Giulia\Downloads\adwcleaner (3).exe

    # Opzioni [Elimina]

    ***** [servizi] *****

    Fermato & Eliminato : Yontoo Desktop Updater

    ***** [File / Cartelle] *****

    Cartella Eliminato : C:\Program Files\Conduit

    Cartella Eliminato : C:\Program Files\GamesBar

    Cartella Eliminato : C:\Program Files\Yontoo

    Cartella Eliminato : C:\ProgramData\GamesBar

    Cartella Eliminato : C:\ProgramData\Tarma Installer

    Cartella Eliminato : C:\Users\Giulia\AppData\Local\Conduit

    Cartella Eliminato : C:\Users\Giulia\AppData\Local\Ilivid

    Cartella Eliminato : C:\Users\Giulia\AppData\Local\PackageAware

    Cartella Eliminato : C:\Users\Giulia\AppData\Local\SwvUpdater

    Cartella Eliminato : C:\Users\Giulia\AppData\LocalLow\Conduit

    Cartella Eliminato : C:\Users\Giulia\AppData\Roaming\iWin

    Cartella Eliminato : C:\Users\Giulia\AppData\Roaming\Yontoo

    Cartella Eliminato : C:\Windows\Installer\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}

    File Eliminato : C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.url

    File Eliminato : C:\Windows\system32\roboot.exe

    ***** [Registro] *****

    Chiave Eliminata : HKCU\Software\Alexa Internet

    Chiave Eliminata : HKCU\Software\AppDataLow\Software\AVG Security Toolbar

    Chiave Eliminata : HKCU\Software\AppDataLow\Software\Conduit

    Chiave Eliminata : HKCU\Software\Conduit

    Chiave Eliminata : HKCU\Software\Imesh

    Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}

    Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

    Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

    Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

    Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

    Chiave Eliminata : HKCU\Software\YahooPartnerToolbar

    Chiave Eliminata : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB

    Chiave Eliminata : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB.1

    Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{1F02FB61-2BE5-4C16-8199-AEAA16EB0342}

    Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

    Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

    Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

    Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

    Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

    Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}

    Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

    Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}

    Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}

    Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

    Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}

    Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

    Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

    Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

    Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

    Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar.CT2306678

    Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar.CT2440453

    Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar.CT2576279

    Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}

    Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{DA9FC525-41ED-4C00-B046-946DA7CDD305}

    Chiave Eliminata : HKLM\SOFTWARE\Classes\YontooIEClient.Api

    Chiave Eliminata : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1

    Chiave Eliminata : HKLM\SOFTWARE\Classes\YontooIEClient.Layers

    Chiave Eliminata : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1

    Chiave Eliminata : HKLM\Software\Conduit

    Chiave Eliminata : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

    Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}

    Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

    Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

    Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

    Chiave Eliminata : HKLM\Software\Tarma Installer

    Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

    Valore Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

    ***** [browser Internet] *****

    -\\ Internet Explorer v7.0.6002.18005

    [OK] Registro Pulito.

    -\\ Google Chrome v27.0.1453.110

    File : C:\Users\Giulia\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File Pulito.

    -\\ Opera v [impossibile rilevare la versione]

    File : C:\Users\Giulia\AppData\Roaming\Opera\Opera\operaprefs.ini

    [OK] File Pulito.

    *************************

    AdwCleaner[R1].txt - [5713 octets] - [09/06/2013 00:18:30]

    AdwCleaner[s1].txt - [5782 octets] - [09/06/2013 00:32:05]

    ########## EOF - C:\AdwCleaner[s1].txt - [5842 octets] ##########

    I cannot uninstall Yontoo

    in Resolved Malware Removal Logs

    Posted

    Hi MrCharlie,

    This is what i get, now i go to sleep...

    # AdwCleaner v2.303 - Logfile creato il 09/06/2013 alle 00:18:30

    # Aggiornamento 08/06/2013 by Xplode

    # Sistema Operativo : Windows Vista Home Premium Service Pack 2 (32 bits)

    # Utente : Giulia - PC-GIULIA

    # Modalità Avvio : Modalità Normale

    # Eseguito da : C:\Users\Giulia\Downloads\adwcleaner (3).exe

    # Opzioni [Cerca]

    ***** [servizi] *****

    Trovato : Yontoo Desktop Updater

    ***** [File / Cartelle] *****

    Cartella Trovato : C:\Program Files\Conduit

    Cartella Trovato : C:\Program Files\GamesBar

    Cartella Trovato : C:\Program Files\Yontoo

    Cartella Trovato : C:\ProgramData\GamesBar

    Cartella Trovato : C:\ProgramData\Tarma Installer

    Cartella Trovato : C:\Users\Giulia\AppData\Local\Conduit

    Cartella Trovato : C:\Users\Giulia\AppData\Local\Ilivid

    Cartella Trovato : C:\Users\Giulia\AppData\Local\PackageAware

    Cartella Trovato : C:\Users\Giulia\AppData\Local\SwvUpdater

    Cartella Trovato : C:\Users\Giulia\AppData\LocalLow\Conduit

    Cartella Trovato : C:\Users\Giulia\AppData\Roaming\iWin

    Cartella Trovato : C:\Users\Giulia\AppData\Roaming\Yontoo

    Cartella Trovato : C:\Windows\Installer\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}

    File Trovato : C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.url

    File Trovato : C:\Windows\system32\roboot.exe

    ***** [Registro] *****

    Chiave Trovata : HKCU\Software\Alexa Internet

    Chiave Trovata : HKCU\Software\AppDataLow\Software\AVG Security Toolbar

    Chiave Trovata : HKCU\Software\AppDataLow\Software\Conduit

    Chiave Trovata : HKCU\Software\Conduit

    Chiave Trovata : HKCU\Software\Imesh

    Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}

    Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

    Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

    Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

    Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

    Chiave Trovata : HKCU\Software\YahooPartnerToolbar

    Chiave Trovata : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB

    Chiave Trovata : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB.1

    Chiave Trovata : HKLM\SOFTWARE\Classes\AppID\{1F02FB61-2BE5-4C16-8199-AEAA16EB0342}

    Chiave Trovata : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

    Chiave Trovata : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

    Chiave Trovata : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

    Chiave Trovata : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

    Chiave Trovata : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

    Chiave Trovata : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}

    Chiave Trovata : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

    Chiave Trovata : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}

    Chiave Trovata : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}

    Chiave Trovata : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

    Chiave Trovata : HKLM\SOFTWARE\Classes\CLSID\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}

    Chiave Trovata : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

    Chiave Trovata : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

    Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

    Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

    Chiave Trovata : HKLM\SOFTWARE\Classes\Toolbar.CT2306678

    Chiave Trovata : HKLM\SOFTWARE\Classes\Toolbar.CT2440453

    Chiave Trovata : HKLM\SOFTWARE\Classes\Toolbar.CT2576279

    Chiave Trovata : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}

    Chiave Trovata : HKLM\SOFTWARE\Classes\TypeLib\{DA9FC525-41ED-4C00-B046-946DA7CDD305}

    Chiave Trovata : HKLM\SOFTWARE\Classes\YontooIEClient.Api

    Chiave Trovata : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1

    Chiave Trovata : HKLM\SOFTWARE\Classes\YontooIEClient.Layers

    Chiave Trovata : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1

    Chiave Trovata : HKLM\Software\Conduit

    Chiave Trovata : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

    Chiave Trovata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}

    Chiave Trovata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

    Chiave Trovata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

    Chiave Trovata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

    Chiave Trovata : HKLM\Software\Tarma Installer

    Valore Trovata : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

    Valore Trovata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

    ***** [browser Internet] *****

    -\\ Internet Explorer v7.0.6002.18005

    [OK] Registro Pulito.

    -\\ Google Chrome v27.0.1453.110

    File : C:\Users\Giulia\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File Pulito.

    -\\ Opera v [impossibile rilevare la versione]

    File : C:\Users\Giulia\AppData\Roaming\Opera\Opera\operaprefs.ini

    [OK] File Pulito.

    *************************

    AdwCleaner[R1].txt - [5584 octets] - [09/06/2013 00:18:30]

    ########## EOF - C:\AdwCleaner[R1].txt - [5644 octets] ##########

    I cannot uninstall Yontoo

    in Resolved Malware Removal Logs

    Posted

    Hi,

    I've got a problem with yontoo, i see that it's in my list of application but i cannot remove it, when i try to uninstall it i get an error.

    I've already scanned my laptop with malwarebytes and it detected quite some stuff that i have removed, but i'm not sure that only yontoo is still there.

    I'm now running microsoft security scanner again and waiting for the results but i can see already that there's something malicious.

    I've scanned my laptop with dds and that's what i get:

    I'm really thinking that i should make a back up and format

    Thanks!

    DDS (Ver_2012-11-20.01) - NTFS_x86

    Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_39

    Run by Giulia at 19:50:40 on 2013-06-08

    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.3070.1304 [GMT 2:00]

    .

    AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

    .

    ============== Running Processes ================

    .

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\lsm.exe

    c:\Program Files\Microsoft Security Client\MsMpEng.exe

    C:\Windows\system32\SLsvc.exe

    C:\Windows\servicing\TrustedInstaller.exe

    C:\Windows\system32\WLANExt.exe

    C:\Windows\System32\spoolsv.exe

    C:\Acer\ALaunch\ALaunchSvc.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

    C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

    C:\Acer\Empowering Technology\eNet\eNet Service.exe

    C:\Program Files\Intel\WiFi\bin\EvtEng.exe

    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

    C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    C:\Acer\Mobility Center\MobilityService.exe

    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

    C:\Program Files\CyberLink\Shared Files\RichVideo.exe

    C:\Program Files\Acer\Acer VCM\RS_Service.exe

    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

    C:\Windows\system32\SearchIndexer.exe

    C:\Windows\system32\DRIVERS\xaudio.exe

    C:\Program Files\Yontoo\Y2Desktop.Updater.exe

    C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

    C:\Windows\system32\wbem\unsecapp.exe

    c:\Program Files\Microsoft Security Client\NisSrv.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Windows\system32\taskeng.exe

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Windows\system32\wuauclt.exe

    C:\Program Files\Synaptics\SynTP\SynTPStart.exe

    C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe

    C:\Acer\Empowering Technology\eAudio\eAudio.exe

    C:\Windows\RtHDVCpl.exe

    C:\Program Files\Launch Manager\QtZgAcer.EXE

    C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe

    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

    C:\Windows\System32\rundll32.exe

    C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

    C:\Program Files\MarkAny\ContentSafer\MaAgent.exe

    C:\Windows\WindowsMobile\wmdSync.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\DivX\DivX Update\DivXUpdate.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\Program Files\Real\RealPlayer\Update\realsched.exe

    C:\Program Files\Microsoft Security Client\msseces.exe

    C:\Program Files\Windows Sidebar\sidebar.exe

    C:\Windows\ehome\ehtray.exe

    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    C:\Program Files\Windows Media Player\wmpnscfg.exe

    C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

    C:\Program Files\Acer\Acer VCM\AcerVCM.exe

    C:\Program Files\OpenOffice.org 3\program\soffice.exe

    C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE

    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE

    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

    C:\Windows\System32\rundll32.exe

    C:\Windows\ehome\ehmsas.exe

    C:\Program Files\OpenOffice.org 3\program\soffice.bin

    C:\Users\Giulia\AppData\Local\Temp\RtkBtMnt.exe

    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    C:\Program Files\Acer\Acer VCM\acp2HID.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

    C:\Program Files\Google\Chrome\Application\chrome.exe

    C:\Program Files\Google\Chrome\Application\chrome.exe

    C:\Program Files\Google\Chrome\Application\chrome.exe

    C:\Program Files\Google\Chrome\Application\chrome.exe

    C:\Users\Giulia\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

    C:\Program Files\Google\Chrome\Application\chrome.exe

    C:\Windows\system32\mcbuilder.exe

    C:\Program Files\Google\Chrome\Application\chrome.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k rpcss

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k GPSvcGroup

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Windows\System32\svchost.exe -k WerSvcGroup

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Windows\system32\svchost.exe -k WindowsMobile

    .

    ============== Pseudo HJT Report ===============

    .

    uStart Page = hxxp://www.google.nl/

    uSearch Bar = Preserve

    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

    mStart Page = hxxp://it.intl.acer.yahoo.com

    mDefault_Page_URL = hxxp://it.intl.acer.yahoo.com

    uProxyOverride = local;*.local

    BHO: Yahoo! Toolbar Helper: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

    BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

    BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll

    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll

    BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - <orphaned>

    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

    BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

    BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

    TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\windows\system32\eDStoolbar.dll

    TB: Yahoo! Toolbar con blocco Pop-Up: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

    uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe

    uRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe

    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

    uRun: [eMuleAutoStart] c:\program files\emule\emule.exe -AutoStart

    uRun: [Google Update] "c:\users\giulia\appdata\local\google\update\GoogleUpdate.exe" /c

    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

    uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray

    mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide

    mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe

    mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe

    mRun: [eAudio] "c:\acer\empowering technology\eaudio\eAudio.exe"

    mRun: [Acer Tour] <no file>

    StartupFolder: c:\users\giulia\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe

    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe

    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

    mPolicies-System: EnableUIADesktopToggle = dword:0

    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

    DPF: {0D876D18-13BD-4D80-B946-F4714200F528} - hxxp://chiamagratis.abbeyphone.com/gui/usr/cab/ChiamagratisXVOW.cab

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab

    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    TCP: NameServer = 192.168.2.254 195.241.77.55 195.241.77.58

    TCP: Interfaces\{94855534-3589-4CF9-B477-24660C1520A9} : DHCPNameServer = 192.168.2.254 195.241.77.55 195.241.77.58

    TCP: Interfaces\{EB8FB831-B860-458F-B493-F20FFD3F74F4} : DHCPNameServer = 192.168.0.1

    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

    SEH: ShellHook Class - {88485281-8b4b-4f8d-9ede-82e29a064277} - c:\program files\markany\contentsafer\MACSMANAGER.dll

    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.110\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

    .

    ============= SERVICES / DRIVERS ===============

    .

    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]

    R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\play movie\000.fcl [2008-3-24 41456]

    R2 ALaunchService;ALaunch Service;c:\acer\alaunch\ALaunchSvc.exe [2007-12-21 50688]

    R2 FontCache;Servizio cache tipi di carattere Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-27 21504]

    R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-1-20 100328]

    R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2008-3-24 233472]

    R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-5-14 3289208]

    R2 Yontoo Desktop Updater;Yontoo Desktop Updater;c:\program files\yontoo\Y2Desktop.Updater.exe [2013-3-29 23552]

    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-12-21 179712]

    R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]

    R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]

    R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-12-21 43008]

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]

    S3 A310;AVerMedia A310 DVB-T;c:\windows\system32\drivers\AVerA310USB.sys [2007-12-21 26368]

    S3 BDASwCap;AVerMedia A310 BDA DVBT Capture Device;c:\windows\system32\drivers\AVerA310Cap.sys [2007-12-21 42240]

    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-26 39272]

    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]

    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

    .

    =============== Created Last 30 ================

    .

    2013-06-08 13:34:53 724464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{af0b6630-36af-490e-8779-3226696f24e2}\gapaengine.dll

    2013-06-08 13:34:36 7016152 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{316e11ab-b2f4-4916-aa33-215256c88f8c}\mpengine.dll

    2013-06-08 13:31:54 -------- d-----w- c:\program files\Microsoft Security Client

    2013-06-08 06:30:45 -------- d-----w- c:\users\giulia\appdata\roaming\Malwarebytes

    2013-06-08 06:30:14 -------- d-----w- c:\programdata\Malwarebytes

    2013-06-08 06:26:58 -------- d-----w- c:\users\giulia\appdata\local\ElevatedDiagnostics

    2013-05-30 20:09:19 221568 ----a-w- c:\windows\system32\drivers\netio.sys

    2013-05-28 15:54:09 7016152 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5a3a39bb-4751-45af-8a0f-e7df7b90b3a3}\mpengine.dll

    2013-05-18 15:49:41 -------- d-----w- c:\users\giulia\appdata\local\Nokia

    2013-05-18 15:49:18 -------- d-----w- c:\programdata\NokiaMusic

    2013-05-18 15:35:38 -------- d-----w- c:\program files\common files\PCSuite

    2013-05-18 15:35:27 -------- d-----w- c:\program files\common files\Nokia

    2013-05-18 15:34:01 19072 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys

    2013-05-18 15:32:03 -------- d-----w- c:\program files\PC Connectivity Solution

    2013-05-18 15:23:11 -------- d-----w- c:\programdata\NokiaInstallerCache

    2013-05-18 15:23:11 -------- d-----w- c:\program files\Nokia

    2013-05-15 16:57:51 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

    2013-05-15 16:57:51 37376 ----a-w- c:\windows\system32\cdd.dll

    2013-05-15 16:57:29 2049024 ----a-w- c:\windows\system32\win32k.sys

    2013-05-14 11:31:10 6128760 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll

    2013-05-14 11:31:10 6128760 ----a-w- c:\program files\mozilla firefox\browser\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll

    .

    ==================== Find3M ====================

    .

    2013-05-15 17:38:18 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

    2013-05-15 17:38:18 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

    2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe

    2013-03-11 13:25:50 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe

    2013-03-11 13:25:50 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe

    .

    ============= FINISH: 19.52.47,83 ===============

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.