Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

AIUTO non ne posso più con w32/Patched.UA

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

AIUTO non ne posso più con w32/Patched.UA

Postdi tanya70 » 23/10/12 10:38

Salve sono nuova di questo forum e lo trovo di grande aiuto per quelli inesperti come me,spero di essere nella sezione giusta, premetto che prima di chiedervi aiuto ho letto le varie problematiche sul virus w32 ho seguito quanto avete già detto ma non sono riuscita a risolvere il problema. Ho fatto girare combofix ma come ho letto in un altro post nel momento che sono passata a BlitzBlank non sapevo cosa scrivere. Avira continua a ritrovare questa w32 solo che ho notato che a me dice /Patched.UA e non .UB come nella maggior parte che ha già chiesto aiuto. Spero possiate darmi una mano anche perchè il pc è lentissimo per scrivere questo messaggio ho impiegato mezza giornata per la troppa lentezza esasperante davvero. Vi prego se potete parlate come a una bambina per far capire cosa fare e dove mettere la mani.
Grazie in anticipo
ComboFix 12-10-22.02 - Tonia 22/10/2012 20:59:29.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.3558.2658 [GMT 2:00]
Eseguito da: c:\users\Tonia\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Creati Da 2012-09-22 al 2012-10-22 )))))))))))))))))))))))))))))))))))
.
.
2012-10-22 19:14 . 2012-10-22 19:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-22 19:11 . 2012-10-22 19:11 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0C3429E0-162B-4F72-B646-8C028DBA56D1}\offreg.dll
2012-10-22 17:43 . 2012-10-22 17:43 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-10-22 15:25 . 2012-10-22 15:25 -------- d-----w- c:\programdata\AVS4YOU
2012-10-22 15:25 . 2012-10-22 15:25 -------- d-----w- c:\users\Tonia\AppData\Roaming\AVS4YOU
2012-10-22 15:24 . 2012-10-22 17:53 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia
2012-10-22 15:24 . 2011-06-23 11:25 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll
2012-10-22 15:24 . 2012-10-22 17:54 -------- d-----w- c:\program files (x86)\AVS4YOU
2012-10-20 07:38 . 2012-10-22 17:53 -------- d-----w- c:\users\Tonia\AppData\Roaming\Hazaud
2012-10-20 07:38 . 2012-10-20 07:38 -------- d-----w- c:\users\Tonia\AppData\Roaming\Ryho
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-19 10:39 . 2011-12-15 08:22 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-08-19 10:39 . 2011-12-15 08:22 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
c:\progra~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-25 14:24 1515496 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2012-05-16 18:37 194928 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-08-25 1515496]
"{99079a25-328f-4bd4-be04-00955acaa0a7}"= "c:\progra~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{99079a25-328f-4bd4-be04-00955acaa0a7}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-02-15 297280]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-19 348664]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-08-25 886760]
"PosService"="c:\users\Public\Documents\AppData\PoApp\PLauncher.exe" [2011-12-03 218624]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 PowerOffer Service;Pos Service;c:\users\Tonia\AppData\Local\PosService\Pos.exe [2011-12-02 164864]
R2 ServUpdater;Serv Updater;c:\users\Tonia\AppData\Local\ServUpdater\ServiceUpd.exe [2011-12-02 156160]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-09-28 172912]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-24 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-04-16 79488]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-04-16 40064]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-01 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-10 279616]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-04-27 22912]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-04-27 20328]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-04-27 62584]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-25 204288]
S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-08-19 86224]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-03-15 352336]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-02-22 873064]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-01-31 244624]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-06-21 341296]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-02-15 257344]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-25 9257472]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-25 300544]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [2011-01-20 67624]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [2011-01-20 19496]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys [2011-04-12 51240]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [2011-01-13 85544]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-04-06 142632]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-02-14 412712]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-12-16 47232]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1594513926-270000843-2063396663-1000Core.job
- c:\users\Tonia\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-29 20:08]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1594513926-270000843-2063396663-1000UA.job
- c:\users\Tonia\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-29 20:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-04-08 11788392]
.
------- Scansione supplementare -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://search.findeer.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{37BBD2B2-9A6A-4D2B-9077-4801C8485281}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{DEA1BE54-44A8-47A1-B8F4-906C519C61B3}\44D2C496E6B6: NameServer = 176.31.229.24,176.31.229.25
FF - ProfilePath - c:\users\Tonia\AppData\Roaming\Mozilla\Firefox\Profiles\4nhqioe2.default\
FF - prefs.js: browser.search.selectedEngine - Cerca...
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
BHO-{82EA3E77-7BD2-4744-A8F2-670770767EC5} - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0410.EXE
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2012-10-22 21:29:56
ComboFix-quarantined-files.txt 2012-10-22 19:29
ComboFix2.txt 2012-10-22 18:20
.
Pre-Run: 227.586.072.576 byte disponibili
Post-Run: 227.574.063.104 byte disponibili
.
- - End Of File - - E71D639D41823BCFAE529D83CDA466D7
tanya70
Utente Junior
 
Post: 12
Iscritto il: 23/10/12 10:23

Sponsor
 

Re: AIUTO non ne posso più con w32/Patched.UA

Postdi shel » 23/10/12 11:40

ciao tanya70 prova questa procedura vediamo se almeno in parte risolvi il tuo problema

Apri il Blocco Note copia e incolla questa righe:

Codice: Seleziona tutto
file::
c:\progra~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Yontoo\YontooIEClient.dll
c:\program files (x86)\Ask.com\Updater\Updater.exe
c:\users\Public\Documents\AppData\PoApp\PLauncher.exe

folder::
c:\progra~2\WI3C8A~1\Datamngr
c:\program files (x86)\Ask.com
c:\program files (x86)\Yontoo
c:\users\Public\Documents\AppData\PoApp
c:\users\Tonia\AppData\Roaming\Hazaud
c:\users\Tonia\AppData\Roaming\Ryho

registry::
[-HKEY_CLASSES_ROOT\clsid\{99079a25-328f-4bd4-be04-00955acaa0a7}]
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
"{99079a25-328f-4bd4-be04-00955acaa0a7}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ApnUpdater"=-
"PosService"=-

driver::
PowerOffer Service
ServUpdater

DDS::
mStart Page = hxxp://search.findeer.com
TCP: Interfaces\{37BBD2B2-9A6A-4D2B-9077-4801C8485281}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{DEA1BE54-44A8-47A1-B8F4-906C519C61B3}\44D2C496E6B6: NameServer = 176.31.229.24,176.31.229.25



Salva il file sul Desktop come CFScript.txt

Trascina il file appena creato ovvero CFScript.txt sull'icona di ComboFix

al termine il PC si dovrebbe ravviare, eventualmente riavvia tu manualmente, allega il log che trovi in C:\ComboFix.txt



Scarica TDSSKiller.zip sul desktop:
http://support.kaspersky.com/viruses/so ... =208280684
Estrai i dati in una cartella e fai doppio clik su TDSSKiller.exe
clicca su "Start Scan"
Se trova qualche infezione di default avrai l'opzione "Cure" per cui, clicca su "Continue".
Per eliminare le infezioni trovate, si deve necessariamente riavviare il pc.
Posta il log che trovi in C:\
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: AIUTO non ne posso più con w32/Patched.UA

Postdi tanya70 » 23/10/12 18:18

Ciao shel, innanzitutto grazie per la risposta e l'aiuto, ho fatto quanto mi hai detto ossia aprire il note copia-incolla delle righe nel file CFSript.txt , trascinato sull'icona di Combofix tutto ok ma quando il pc si è riavviato da solo non mi ha permesso di fotocopiare il log, mi dava una voce in cui diceva che il programma non era autorizzato dall'amministratore e non mi permetteva di aprire nulla tanto che ho dovuto riavviare io manualmente, quindi a questo punto ho perso il report e non ho potuto incollarlo. Ho continuato con kaspersky come mi hai suggerito e non è uscito nulla, ho fatto un'ulteriore scansione con Avira e maledetto w32 è scomparso, non so come, ma il tuo suggerimento è servito. GRAZIE MILLE.
P.S ho descritto il tutto magari può servire a qualcuno
Ancora Grazie siete ingambissimi
tanya70
Utente Junior
 
Post: 12
Iscritto il: 23/10/12 10:23

Re: AIUTO non ne posso più con w32/Patched.UA

Postdi shel » 23/10/12 18:49

a me servirebbe quel log...

prova in questo modo, da start esegui scrivi nello spazio bianco cmd /c dir /a/s/b c:\qoobox >log2.txt & log2.txt e dai ok vedi se riesci a recuperarlo

posta anche il log di tds killer
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: AIUTO non ne posso più con w32/Patched.UA

Postdi tanya70 » 24/10/12 09:22

fatto, start esegui, mi esce il log ma quando vado per aprirlo non me lo da, non si apre.
Il log di tsd killer dove lo prendo?
Il fatto che tu mi chieda queste cose vuol dire che potrei ritrovarmi il w32??
tanya70
Utente Junior
 
Post: 12
Iscritto il: 23/10/12 10:23

Re: AIUTO non ne posso più con w32/Patched.UA

Postdi shel » 24/10/12 09:38

fatto, start esegui, mi esce il log ma quando vado per aprirlo non me lo da, non si apre.


quando vedi il log vai in alto a sinistra su ''file'' e scegli ''salva con nome'' e lo salvi sul desktop poi lo posti nel forum
non ho detto che l'infezione e' ancora nel pc, e' solo un controllo che vorrei fare
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: AIUTO non ne posso più con w32/Patched.UA

Postdi tanya70 » 24/10/12 14:45

ComboFix 12-10-22.02 - Tonia 23/10/2012 14:57:59.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.3558.2289 [GMT 2:00]
Eseguito da: c:\users\Tonia\Desktop\ComboFix.exe
Opzioni usate :: c:\users\Tonia\Desktop\CFScript.txt.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\progra~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll"
"c:\program files (x86)\Ask.com\GenericAskToolbar.dll"
"c:\program files (x86)\Ask.com\Updater\Updater.exe"
"c:\program files (x86)\Yontoo\YontooIEClient.dll"
"c:\users\Public\Documents\AppData\PoApp\PLauncher.exe"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Ask.com
c:\program files (x86)\Ask.com\assets\oobe\b.png
c:\program files (x86)\Ask.com\assets\oobe\bl.png
c:\program files (x86)\Ask.com\assets\oobe\br.png
c:\program files (x86)\Ask.com\assets\oobe\l.png
c:\program files (x86)\Ask.com\assets\oobe\pointer.png
c:\program files (x86)\Ask.com\assets\oobe\r.png
c:\program files (x86)\Ask.com\assets\oobe\t.png
c:\program files (x86)\Ask.com\assets\oobe\tl.png
c:\program files (x86)\Ask.com\assets\oobe\tr.png
c:\program files (x86)\Ask.com\cobrand.ico
c:\program files (x86)\Ask.com\config.xml
c:\program files (x86)\Ask.com\favicon.ico
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Ask.com\mupcfg.xml
c:\program files (x86)\Ask.com\precache.exe
c:\program files (x86)\Ask.com\SaUpdate.exe
c:\program files (x86)\Ask.com\Updater\config.xml
c:\program files (x86)\Ask.com\Updater\Updater.exe
c:\program files (x86)\Ask.com\UpdateTask.exe
c:\program files (x86)\Yontoo
c:\program files (x86)\Yontoo\YontooIEClient.dll
c:\users\Public\Documents\AppData\PoApp
c:\users\Public\Documents\AppData\PoApp\7z.dll
c:\users\Public\Documents\AppData\PoApp\AppLib.Zip.dll
c:\users\Public\Documents\AppData\PoApp\kw.sdb
c:\users\Public\Documents\AppData\PoApp\PLauncher.exe
c:\users\Public\Documents\AppData\PoApp\PService.exe
c:\users\Public\Documents\AppData\PoApp\RegHandlerDll.dll
c:\users\Public\Documents\AppData\PoApp\settings\settings.ini
c:\users\Tonia\AppData\Roaming\Hazaud
c:\users\Tonia\AppData\Roaming\Ryho
c:\users\Tonia\AppData\Roaming\Ryho\irci.tyv
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_PowerOffer Service
-------\Service_ServUpdater
.
.
((((((((((((((((((((((((( Files Creati Da 2012-09-23 al 2012-10-23 )))))))))))))))))))))))))))))))))))
.
.
2012-10-23 13:13 . 2012-10-23 13:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-22 15:25 . 2012-10-22 15:25 -------- d-----w- c:\programdata\AVS4YOU
2012-10-22 15:25 . 2012-10-22 15:25 -------- d-----w- c:\users\Tonia\AppData\Roaming\AVS4YOU
2012-10-22 15:24 . 2012-10-22 17:53 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia
2012-10-22 15:24 . 2011-06-23 11:25 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll
2012-10-22 15:24 . 2012-10-22 17:54 -------- d-----w- c:\program files (x86)\AVS4YOU
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-19 10:39 . 2011-12-15 08:22 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-08-19 10:39 . 2011-12-15 08:22 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
c:\progra~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-02-15 297280]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-19 348664]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-09-28 172912]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-24 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-04-16 79488]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-04-16 40064]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-01 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-10 279616]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-04-27 22912]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-04-27 20328]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-04-27 62584]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-25 204288]
S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-08-19 86224]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-03-15 352336]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-02-22 873064]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-01-31 244624]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-06-21 341296]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-02-15 257344]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-25 9257472]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-25 300544]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [2011-01-20 67624]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [2011-01-20 19496]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys [2011-04-12 51240]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [2011-01-13 85544]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-04-06 142632]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-02-14 412712]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-12-16 47232]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1594513926-270000843-2063396663-1000Core.job
- c:\users\Tonia\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-29 20:08]
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1594513926-270000843-2063396663-1000UA.job
- c:\users\Tonia\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-29 20:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-04-08 11788392]
.
------- Scansione supplementare -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://search.findeer.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{37BBD2B2-9A6A-4D2B-9077-4801C8485281}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{DEA1BE54-44A8-47A1-B8F4-906C519C61B3}\44D2C496E6B6: NameServer = 176.31.229.24,176.31.229.25
FF - ProfilePath - c:\users\Tonia\AppData\Roaming\Mozilla\Firefox\Profiles\4nhqioe2.default\
FF - prefs.js: browser.search.selectedEngine - Cerca...
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/webhp?hl=it
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
BHO-{82EA3E77-7BD2-4744-A8F2-670770767EC5} - (no file)
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files (x86)\Yontoo\YontooIEClient.dll
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0410.EXE
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Launch Manager\LMworker.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
.
**************************************************************************
.
Ora fine scansione: 2012-10-23 15:34:25 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-10-23 13:34
ComboFix2.txt 2012-10-22 19:30
ComboFix3.txt 2012-10-22 18:20
.
Pre-Run: 233.868.701.696 byte disponibili
Post-Run: 233.456.603.136 byte disponibili
.
- - End Of File - - 50823ADFDA839BAAF199177FBE7EC3E9
tanya70
Utente Junior
 
Post: 12
Iscritto il: 23/10/12 10:23

Re: AIUTO non ne posso più con w32/Patched.UA

Postdi shel » 24/10/12 15:24

ciao e' rimasto ancora qualcosa da eliminare

scarica adwcleaner usa solol l'opzione delete poi fai questa scansione per togliere tutte le tracce dell'infezione

Scarica OTL sul desktop

Metti la spunta su SCAN ALL USERS.

Sotto output, metti la spunta su minimal output

Clicca sulla freccettina di File Age e seleziona 60 Days

Metti la spunta a LOP Check e Purity Check.

Clicca su RUN SCAN

Alla fine della la scansione troverai due log sul desktop. OTL.txt ed Extras.txt, salvali e allegali come gli altri
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: AIUTO non ne posso più con w32/Patched.UA

Postdi tanya70 » 24/10/12 18:31

Ciao
OTL.txt :

OTL logfile created on: 24/10/2012 18:36:19 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tonia\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

3,47 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 63,29% Memory free
6,95 Gb Paging File | 5,52 Gb Available in Paging File | 79,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,83 Gb Total Space | 217,11 Gb Free Space | 76,49% Space Free | Partition Type: NTFS

Computer Name: TONIA-PC | User Name: Tonia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Tonia\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe ()
PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
PRC - C:\Programmi\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll ()
MOD - C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe ()
MOD - C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (NitroReaderDriverReadSpool2) -- C:\Programmi\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (wlidsvc) -- C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (ePowerSvc) -- C:\Programmi\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
SRV - (Live Updater Service) -- C:\Programmi\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated)
SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. )
SRV - (wlcrasvc) -- C:\Programmi\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)


========== Driver Services (SafeList) ==========

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (bScsiMSa) -- C:\Windows\SysNative\drivers\bScsiMSa.sys (Broadcom Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (b57xdmp) -- C:\Windows\SysNative\drivers\b57xdmp.sys (Broadcom Corporation)
DRV:64bit: - (b57xdbd) -- C:\Windows\SysNative\drivers\b57xdbd.sys (Broadcom Corporation)
DRV:64bit: - (bScsiSDa) -- C:\Windows\SysNative\drivers\bScsiSDa.sys (Broadcom Corporation)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKLM\..\SearchScopes,DefaultScope =


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1594513926-270000843-2063396663-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1594513926-270000843-2063396663-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1594513926-270000843-2063396663-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Cerca..."
FF - prefs.js..browser.startup.homepage: "https://www.google.com/webhp?hl=it"
FF - prefs.js..extensions.enabledItems: plugin@videofiledownload.com:1.5
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.20.00
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.13.1.100007
FF - prefs.js..extensions.enabledItems: {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}:3.15.1.0
FF - prefs.js..extensions.enabledItems: {C9B68337-E93A-44EA-94DC-CB300EC06444}:4.22.0
FF - prefs.js..extensions.enabledItems: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}:3.15.1.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Tonia\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Tonia\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/23 13:24:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/23 13:24:21 | 000,000,000 | ---D | M]

[2012/10/23 13:00:43 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Tonia\AppData\Roaming\mozilla\Extensions
[2012/10/24 18:27:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tonia\AppData\Roaming\mozilla\Firefox\Profiles\4nhqioe2.default\extensions
[2012/10/24 10:42:31 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Tonia\AppData\Roaming\mozilla\Firefox\Profiles\4nhqioe2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/06/30 18:31:33 | 000,000,000 | ---D | M] (VideoFileDownload - Download YouTube Videos) -- C:\Users\Tonia\AppData\Roaming\mozilla\Firefox\Profiles\4nhqioe2.default\extensions\plugin@videofiledownload.com
[2012/03/08 10:58:14 | 000,001,867 | -H-- | M] () -- C:\Users\Tonia\AppData\Roaming\mozilla\firefox\profiles\4nhqioe2.default\searchplugins\findeer.xml
[2012/10/23 13:00:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/10/23 13:24:20 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/23 13:24:18 | 000,001,393 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-it.xml
[2012/10/23 13:24:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/23 13:24:18 | 000,000,744 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-it.xml
[2012/10/23 13:24:18 | 000,000,817 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\hoepli.xml
[2012/10/23 13:24:18 | 000,001,182 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-it.xml
[2012/10/23 13:24:18 | 000,000,953 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-it.xml

========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://search.findeer.com
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Tonia\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Tonia\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Tonia\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Tonia\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Tonia\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/10/23 15:13:33 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {82EA3E77-7BD2-4744-A8F2-670770767EC5} - No CLSID value found.
O2 - BHO: (HrefNewTabBHO Class) - {9EE1A6E7-E822-4D0E-9664-815F94B00373} - C:\Users\Tonia\AppData\Local\EpicNewTab\HrefIENewTab.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1594513926-270000843-2063396663-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1594513926-270000843-2063396663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Tonia\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tonia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Tonia\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tonia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37BBD2B2-9A6A-4D2B-9077-4801C8485281}: DhcpNameServer = 192.51.120.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37BBD2B2-9A6A-4D2B-9077-4801C8485281}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D087F6DA-6570-43B5-8466-3689C20EE643}: DhcpNameServer = 10.60.24.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DEA1BE54-44A8-47A1-B8F4-906C519C61B3}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 60 Days ==========

[2012/10/24 18:34:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tonia\Desktop\OTL.exe
[2012/10/24 17:56:35 | 000,000,000 | ---D | C] -- C:\Users\Tonia\Documents\Nicolò
[2012/10/24 17:43:55 | 000,000,000 | ---D | C] -- C:\Users\Tonia\AppData\Local\{C3C22A5D-A030-4BF5-9E3E-EE7FF0799A7C}
[2012/10/24 16:09:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/10/24 11:41:46 | 000,000,000 | ---D | C] -- C:\Users\Tonia\AppData\Local\{1A7FE232-2AED-43D1-AE90-AA1D22BCBAF3}
[2012/10/24 11:31:47 | 000,000,000 | ---D | C] -- C:\Users\Tonia\AppData\Roaming\HandBrake
[2012/10/24 11:24:35 | 000,000,000 | ---D | C] -- C:\Users\Tonia\Documents\DVDVideoSoft
[2012/10/24 10:48:03 | 000,000,000 | ---D | C] -- C:\Users\Tonia\.gimp-2.6
[2012/10/24 10:47:57 | 000,000,000 | ---D | C] -- C:\Users\Tonia\.gegl-0.0
[2012/10/24 10:42:30 | 000,000,000 | ---D | C] -- C:\Users\Tonia\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/10/24 10:41:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012/10/24 10:40:46 | 000,000,000 | ---D | C] -- C:\Users\Tonia\AppData\Roaming\TuneUp Software
[2012/10/24 10:40:25 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012/10/24 10:39:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012/10/24 10:39:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/10/24 10:39:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2012/10/24 10:39:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2012/10/24 10:37:52 | 000,000,000 | ---D | C] -- C:\Users\Tonia\AppData\Roaming\DVDVideoSoft
[2012/10/23 15:48:03 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Tonia\Desktop\tdsskiller.exe
[2012/10/23 15:18:13 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/10/23 14:56:39 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/10/23 10:34:17 | 000,000,000 | ---D | C] -- C:\Users\Tonia\Documents\NeroVision
[2012/10/22 20:42:22 | 001,153,912 | ---- | C] (Emsi Software GmbH) -- C:\Users\Tonia\Desktop\BlitzBlank.exe
[2012/10/22 19:57:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/22 19:57:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/22 19:57:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/22 19:56:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/22 19:56:22 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/22 19:50:17 | 004,987,615 | R--- | C] (Swearware) -- C:\Users\Tonia\Desktop\ComboFix.exe
[2012/10/22 17:25:13 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2012/10/22 17:25:11 | 000,000,000 | ---D | C] -- C:\Users\Tonia\AppData\Roaming\AVS4YOU
[2012/10/22 17:24:52 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2012/10/22 17:24:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2012/10/22 17:24:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2012/10/19 12:05:46 | 000,000,000 | ---D | C] -- C:\Users\Tonia\Desktop\Ricette altervista
[2012/10/01 18:34:17 | 000,000,000 | ---D | C] -- C:\Users\Tonia\AppData\Local\{3C3D7E24-CBE1-4DF9-A8F3-9BE65633720F}
[2012/09/18 17:17:43 | 000,000,000 | ---D | C] -- C:\Users\Tonia\Desktop\Paradiso Riassunti
[2012/09/14 11:03:47 | 000,000,000 | ---D | C] -- C:\Users\Tonia\AppData\Local\{0D867EA4-5CD6-48AC-BCDC-6D1ED533840D}
[2012/09/04 21:29:52 | 000,000,000 | ---D | C] -- C:\Users\Tonia\AppData\Local\{9CF8FDD4-FB79-4BA0-8236-FC3097552F64}
[2012/08/30 18:22:22 | 000,000,000 | ---D | C] -- C:\Users\Tonia\AppData\Local\{BE4B6BC8-B59B-4EEA-A25A-13CDB3A39C0F}
[2012/08/30 18:21:47 | 000,000,000 | ---D | C] -- C:\Users\Tonia\AppData\Local\{9C19E160-2932-4951-8F4F-265E8FA6CA1F}
[2012/08/29 22:04:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/08/29 22:04:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/08/29 22:04:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

========== Files - Modified Within 60 Days ==========

[2012/10/24 18:39:37 | 000,024,656 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/24 18:39:37 | 000,024,656 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/24 18:39:01 | 000,001,160 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1594513926-270000843-2063396663-1000UA.job
[2012/10/24 18:34:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tonia\Desktop\OTL.exe
[2012/10/24 18:31:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/24 18:30:55 | 2798,211,072 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/24 18:26:54 | 000,538,941 | ---- | M] () -- C:\Users\Tonia\Desktop\adwcleaner.exe
[2012/10/24 16:32:14 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012/10/24 16:17:36 | 000,001,975 | ---- | M] () -- C:\Users\Tonia\Desktop\PlantsVsZombies - collegamento.lnk
[2012/10/24 10:42:04 | 000,001,243 | ---- | M] () -- C:\Users\Tonia\Desktop\DVDVideoSoft Free Studio.lnk
[2012/10/23 15:48:11 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tonia\Desktop\tdsskiller.exe
[2012/10/23 15:13:33 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/10/23 13:00:37 | 000,001,943 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/10/23 08:39:18 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1594513926-270000843-2063396663-1000Core.job
[2012/10/22 20:43:01 | 001,153,912 | ---- | M] (Emsi Software GmbH) -- C:\Users\Tonia\Desktop\BlitzBlank.exe
[2012/10/22 19:50:39 | 004,987,615 | R--- | M] (Swearware) -- C:\Users\Tonia\Desktop\ComboFix.exe
[2012/10/22 18:43:11 | 000,318,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/09/25 15:58:52 | 000,001,319 | ---- | M] () -- C:\Users\Tonia\AppData\Roaming\SAS7_000.DAT
[2012/08/30 18:45:44 | 001,653,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/30 18:45:44 | 000,739,254 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2012/08/30 18:45:44 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/30 18:45:44 | 000,146,294 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2012/08/30 18:45:44 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

========== Files Created - No Company Name ==========

[2012/10/24 18:26:50 | 000,538,941 | ---- | C] () -- C:\Users\Tonia\Desktop\adwcleaner.exe
[2012/10/24 16:17:36 | 000,001,975 | ---- | C] () -- C:\Users\Tonia\Desktop\PlantsVsZombies - collegamento.lnk
[2012/10/24 10:42:04 | 000,001,243 | ---- | C] () -- C:\Users\Tonia\Desktop\DVDVideoSoft Free Studio.lnk
[2012/10/23 13:24:22 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/10/23 13:00:37 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/10/22 19:57:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/22 19:57:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/22 19:57:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/22 19:57:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/22 19:57:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/28 11:15:31 | 000,000,264 | -H-- | C] () -- C:\ProgramData\~Hi2XZmN6cF2OWl
[2012/03/28 11:15:31 | 000,000,168 | -H-- | C] () -- C:\ProgramData\~Hi2XZmN6cF2OWlr
[2012/03/28 11:15:14 | 000,000,448 | -H-- | C] () -- C:\ProgramData\Hi2XZmN6cF2OWl
[2012/02/26 20:04:31 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/12/17 19:07:56 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/12/12 14:16:27 | 000,001,319 | ---- | C] () -- C:\Users\Tonia\AppData\Roaming\SAS7_000.DAT
[2011/09/29 22:44:39 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2011/09/23 23:42:03 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2011/07/05 03:34:59 | 000,000,267 | ---- | C] () -- C:\Windows\LaunApp.ini
[2011/07/05 03:30:27 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/07/05 03:29:06 | 000,001,258 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2011/07/04 18:01:33 | 001,631,856 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/04 17:56:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/04/27 23:23:42 | 000,000,325 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2011/04/27 23:23:42 | 000,000,271 | ---- | C] () -- C:\Windows\WisPriority.ini
[2011/04/27 23:23:42 | 000,000,166 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2011/03/21 19:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

========== ZeroAccess Check ==========

[2011/11/17 08:41:18 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{0149b6f5-5c0f-f6fa-1f2d-9b5a997c15c0}\@
[2011/11/17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{0149b6f5-5c0f-f6fa-1f2d-9b5a997c15c0}\L
[2012/07/23 16:42:34 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{0149b6f5-5c0f-f6fa-1f2d-9b5a997c15c0}\U
[2012/07/03 19:34:23 | 000,002,048 | -HS- | M] () -- C:\Users\Tonia\AppData\Local\{0149b6f5-5c0f-f6fa-1f2d-9b5a997c15c0}\@
[2011/11/17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Tonia\AppData\Local\{0149b6f5-5c0f-f6fa-1f2d-9b5a997c15c0}\L
[2011/11/17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Tonia\AppData\Local\{0149b6f5-5c0f-f6fa-1f2d-9b5a997c15c0}\U
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2012/01/04 12:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/01/04 12:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 10:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/04/03 11:36:40 | 000,000,000 | ---D | M] -- C:\Users\Tonia\AppData\Roaming\Bor
[2012/06/30 15:21:11 | 000,000,000 | -H-D | M] -- C:\Users\Tonia\AppData\Roaming\DAEMON Tools Lite
[2012/10/24 11:38:42 | 000,000,000 | ---D | M] -- C:\Users\Tonia\AppData\Roaming\DVDVideoSoft
[2012/10/24 10:42:30 | 000,000,000 | ---D | M] -- C:\Users\Tonia\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/03/31 13:43:00 | 000,000,000 | ---D | M] -- C:\Users\Tonia\AppData\Roaming\Epic
[2012/03/28 12:10:16 | 000,000,000 | ---D | M] -- C:\Users\Tonia\AppData\Roaming\Epson
[2012/03/07 18:53:15 | 000,000,000 | -H-D | M] -- C:\Users\Tonia\AppData\Roaming\Evd
[2012/04/11 19:10:53 | 000,000,000 | ---D | M] -- C:\Users\Tonia\AppData\Roaming\Ewafp
[2012/03/28 12:10:16 | 000,000,000 | ---D | M] -- C:\Users\Tonia\AppData\Roaming\gtk-2.0
[2012/10/24 11:31:47 | 000,000,000 | ---D | M] -- C:\Users\Tonia\AppData\Roaming\HandBrake
[2011/12/12 13:24:52 | 000,000,000 | -H-D | M] -- C:\Users\Tonia\AppData\Roaming\InterTrust
[2012/03/01 10:11:38 | 000,000,000 | -H-D | M] -- C:\Users\Tonia\AppData\Roaming\Lolyon
[2011/10/02 21:56:38 | 000,000,000 | -H-D | M] -- C:\Users\Tonia\AppData\Roaming\Nitro PDF
[2012/03/28 12:07:22 | 000,000,000 | ---D | M] -- C:\Users\Tonia\AppData\Roaming\Nuance
[2012/03/23 12:16:44 | 000,000,000 | -H-D | M] -- C:\Users\Tonia\AppData\Roaming\Obor
[2012/03/28 12:07:23 | 000,000,000 | ---D | M] -- C:\Users\Tonia\AppData\Roaming\Opera
[2012/03/28 12:10:18 | 000,000,000 | ---D | M] -- C:\Users\Tonia\AppData\Roaming\PowerCinema
[2012/03/07 16:31:00 | 000,000,000 | -H-D | M] -- C:\Users\Tonia\AppData\Roaming\Qevee
[2011/10/01 12:26:26 | 000,000,000 | -H-D | M] -- C:\Users\Tonia\AppData\Roaming\Softi Software
[2012/10/24 10:40:46 | 000,000,000 | ---D | M] -- C:\Users\Tonia\AppData\Roaming\TuneUp Software
[2012/03/23 12:16:48 | 000,000,000 | -H-D | M] -- C:\Users\Tonia\AppData\Roaming\Upyw
[2012/10/24 18:26:46 | 000,000,000 | -H-D | M] -- C:\Users\Tonia\AppData\Roaming\uTorrent
[2012/04/11 20:06:37 | 000,000,000 | ---D | M] -- C:\Users\Tonia\AppData\Roaming\Uzpaopz
[2012/03/07 16:31:00 | 000,000,000 | -H-D | M] -- C:\Users\Tonia\AppData\Roaming\Vyzao
[2012/01/29 22:14:13 | 000,000,000 | -H-D | M] -- C:\Users\Tonia\AppData\Roaming\Windows Live Writer
[2012/03/20 11:23:20 | 000,000,000 | -H-D | M] -- C:\Users\Tonia\AppData\Roaming\Woebfy
[2012/03/23 12:16:49 | 000,000,000 | -H-D | M] -- C:\Users\Tonia\AppData\Roaming\Xafiysr
[2012/03/07 16:19:56 | 000,000,000 | -H-D | M] -- C:\Users\Tonia\AppData\Roaming\Yqxen
[2012/03/05 11:35:45 | 000,000,000 | -H-D | M] -- C:\Users\Tonia\AppData\Roaming\Ysamte

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:F35A93AD

< End of report >
tanya70
Utente Junior
 
Post: 12
Iscritto il: 23/10/12 10:23

Re: AIUTO non ne posso più con w32/Patched.UA

Postdi tanya70 » 24/10/12 18:50

...non riesco a copiare Extras mi dice che ho superato il numero di caratteri e non so come fare per allegare il file qui
tanya70
Utente Junior
 
Post: 12
Iscritto il: 23/10/12 10:23

Re: AIUTO non ne posso più con w32/Patched.UA

Postdi shel » 24/10/12 20:52

Tania hai una brutta infezione da rootkit zero access vediamo se riuusciamo a debellarla, gia' si e' diffusa e ha creato nuove cartelle infette

ora disattiva il ripristino e lascialo disattivato, poi apri otl e copia nello spazio bianco il seguente codice

Codice: Seleziona tutto
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.20.00
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.13.1.100007
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
[2012/03/08 10:58:14 | 000,001,867 | -H-- | M] () -- C:\Users\Tonia\AppData\Roaming\mozilla\firefox\profiles\4nhqioe2.default\searchplugins\findeer.xml
CHR - homepage: http://search.findeer.com
O2 - BHO: (no name) - {82EA3E77-7BD2-4744-A8F2-670770767EC5} - No CLSID value found.
O2 - BHO: (HrefNewTabBHO Class) - {9EE1A6E7-E822-4D0E-9664-815F94B00373} - C:\Users\Tonia\AppData\Local\EpicNewTab\HrefIENewTab.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O8:64bit: - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Tonia\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Tonia\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37BBD2B2-9A6A-4D2B-9077-4801C8485281}: NameServer = 176.31.229.24,176.31.229.25
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
[2012/10/23 14:56:39 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/10/22 19:57:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/22 19:57:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/22 19:57:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/22 19:56:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/22 19:56:22 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/22 19:50:17 | 004,987,615 | R--- | C] (Swearware) -- C:\Users\Tonia\Desktop\ComboFix.exe

:Folders
C:\Users\Tonia\AppData\Roaming\Ewafp
C:\Users\Tonia\AppData\Roaming\Lolyon
C:\Users\Tonia\AppData\Roaming\Obor
C:\Users\Tonia\AppData\Roaming\Qevee
C:\Users\Tonia\AppData\Roaming\Upyw
C:\Users\Tonia\AppData\Roaming\Uzpaopz
C:\Users\Tonia\AppData\Roaming\Vyzao
C:\Users\Tonia\AppData\Roaming\Woebfy
C:\Users\Tonia\AppData\Roaming\Xafiysr
C:\Users\Tonia\AppData\Roaming\Yqxen
C:\Users\Tonia\AppData\Roaming\Ysamte
C:\ProgramData\~Hi2XZmN6cF2OWl
C:\ProgramData\~Hi2XZmN6cF2OWlr
C:\ProgramData\Hi2XZmN6cF2OWl
C:\Windows\Installer\{0149b6f5-5c0f-f6fa-1f2d-9b5a997c15c0}\@
C:\Windows\Installer\{0149b6f5-5c0f-f6fa-1f2d-9b5a997c15c0}\L
C:\Windows\Installer\{0149b6f5-5c0f-f6fa-1f2d-9b5a997c15c0}\U
C:\Users\Tonia\AppData\Local\{0149b6f5-5c0f-f6fa-1f2d-
C:\Users\Tonia\AppData\Local\{0149b6f5-5c0f-f6fa-1f2d-9b5a997c15c0}\L
C:\Users\Tonia\AppData\Local\{0149b6f5-5c0f-f6fa-1f2d-

:Files
C:\Windows\assembly\Desktop.ini
ipconfig /flushdns /c

:commands
[Reboot]


clicca run scan e allega il nuovo log che ottieni
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: AIUTO non ne posso più con w32/Patched.UA

Postdi tanya70 » 25/10/12 09:15

Ciao questo è il nuovo log di otl:
OTL logfile created on: 25/10/2012 10:00:31 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tonia\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

3,47 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 67,00% Memory free
6,95 Gb Paging File | 5,67 Gb Available in Paging File | 81,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,83 Gb Total Space | 226,43 Gb Free Space | 79,78% Space Free | Partition Type: NTFS

Computer Name: TONIA-PC | User Name: Tonia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Tonia\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe ()
PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
PRC - C:\Programmi\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll ()
MOD - C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe ()
MOD - C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (NitroReaderDriverReadSpool2) -- C:\Programmi\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (wlidsvc) -- C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (ePowerSvc) -- C:\Programmi\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
SRV - (Live Updater Service) -- C:\Programmi\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated)
SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. )
SRV - (wlcrasvc) -- C:\Programmi\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)


========== Driver Services (SafeList) ==========

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (bScsiMSa) -- C:\Windows\SysNative\drivers\bScsiMSa.sys (Broadcom Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (b57xdmp) -- C:\Windows\SysNative\drivers\b57xdmp.sys (Broadcom Corporation)
DRV:64bit: - (b57xdbd) -- C:\Windows\SysNative\drivers\b57xdbd.sys (Broadcom Corporation)
DRV:64bit: - (bScsiSDa) -- C:\Windows\SysNative\drivers\bScsiSDa.sys (Broadcom Corporation)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Cerca..."
FF - prefs.js..browser.startup.homepage: "https://www.google.com/webhp?hl=it"
FF - prefs.js..extensions.enabledAddons: plugin@videofiledownload.com:1.5
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..extensions.enabledItems: plugin@videofiledownload.com:1.5
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.20.00
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.13.1.100007
FF - prefs.js..extensions.enabledItems: {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}:3.15.1.0
FF - prefs.js..extensions.enabledItems: {C9B68337-E93A-44EA-94DC-CB300EC06444}:4.22.0
FF - prefs.js..extensions.enabledItems: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}:3.15.1.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Tonia\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Tonia\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/23 13:24:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/23 13:24:21 | 000,000,000 | ---D | M]

[2012/10/23 13:00:43 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Tonia\AppData\Roaming\mozilla\Extensions
[2012/10/24 18:27:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tonia\AppData\Roaming\mozilla\Firefox\Profiles\4nhqioe2.default\extensions
[2012/10/24 10:42:31 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Tonia\AppData\Roaming\mozilla\Firefox\Profiles\4nhqioe2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/06/30 18:31:33 | 000,000,000 | ---D | M] (VideoFileDownload - Download YouTube Videos) -- C:\Users\Tonia\AppData\Roaming\mozilla\Firefox\Profiles\4nhqioe2.default\extensions\plugin@videofiledownload.com
[2012/03/08 10:58:14 | 000,001,867 | -H-- | M] () -- C:\Users\Tonia\AppData\Roaming\mozilla\firefox\profiles\4nhqioe2.default\searchplugins\findeer.xml
[2012/10/23 13:00:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/10/23 13:24:20 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/23 13:24:18 | 000,001,393 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-it.xml
[2012/10/23 13:24:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/23 13:24:18 | 000,000,744 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-it.xml
[2012/10/23 13:24:18 | 000,000,817 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\hoepli.xml
[2012/10/23 13:24:18 | 000,001,182 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-it.xml
[2012/10/23 13:24:18 | 000,000,953 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-it.xml

========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://search.findeer.com
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Tonia\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Tonia\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Tonia\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Tonia\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Tonia\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/10/23 15:13:33 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {82EA3E77-7BD2-4744-A8F2-670770767EC5} - No CLSID value found.
O2 - BHO: (HrefNewTabBHO Class) - {9EE1A6E7-E822-4D0E-9664-815F94B00373} - C:\Users\Tonia\AppData\Local\EpicNewTab\HrefIENewTab.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Tonia\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tonia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Tonia\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tonia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37BBD2B2-9A6A-4D2B-9077-4801C8485281}: DhcpNameServer = 192.51.120.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37BBD2B2-9A6A-4D2B-9077-4801C8485281}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D087F6DA-6570-43B5-8466-3689C20EE643}: DhcpNameServer = 10.60.24.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DEA1BE54-44A8-47A1-B8F4-906C519C61B3}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/24 18:34:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tonia\Desktop\OTL.exe
[2012/10/24 17:56:35 | 000,000,000 | ---D | C] -- C:\Users\Tonia\Documents\Nicolò
[2012/10/24 17:43:55 | 000,000,000 | ---D | C] -- C:\Users\Tonia\AppData\Local\{C3C22A5D-A030-4BF5-9E3E-EE7FF0799A7C}
[2012/10/24 16:09:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/10/24 11:41:46 | 000,000,000 | ---D | C] -- C:\Users\Tonia\AppData\Local\{1A7FE232-2AED-43D1-AE90-AA1D22BCBAF3}
[2012/10/24 11:31:47 | 000,000,000 | ---D | C] -- C:\Users\Tonia\AppData\Roaming\HandBrake
[2012/10/24 11:24:35 | 000,000,000 | ---D | C] -- C:\Users\Tonia\Documents\DVDVideoSoft
[2012/10/24 10:48:03 | 000,000,000 | ---D | C] -- C:\Users\Tonia\.gimp-2.6
[2012/10/24 10:47:57 | 000,000,000 | ---D | C] -- C:\Users\Tonia\.gegl-0.0
[2012/10/24 10:42:30 | 000,000,000 | ---D | C] -- C:\Users\Tonia\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/10/24 10:41:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012/10/24 10:40:46 | 000,000,000 | ---D | C] -- C:\Users\Tonia\AppData\Roaming\TuneUp Software
[2012/10/24 10:40:25 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012/10/24 10:39:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012/10/24 10:39:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/10/24 10:39:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2012/10/24 10:39:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2012/10/24 10:37:52 | 000,000,000 | ---D | C] -- C:\Users\Tonia\AppData\Roaming\DVDVideoSoft
[2012/10/23 15:48:03 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Tonia\Desktop\tdsskiller.exe
[2012/10/23 15:18:13 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/10/23 14:56:39 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/10/23 10:34:17 | 000,000,000 | ---D | C] -- C:\Users\Tonia\Documents\NeroVision
[2012/10/22 20:42:22 | 001,153,912 | ---- | C] (Emsi Software GmbH) -- C:\Users\Tonia\Desktop\BlitzBlank.exe
[2012/10/22 19:57:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/22 19:57:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/22 19:57:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/22 19:56:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/22 19:56:22 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/22 19:50:17 | 004,987,615 | R--- | C] (Swearware) -- C:\Users\Tonia\Desktop\ComboFix.exe
[2012/10/22 17:25:13 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2012/10/22 17:25:11 | 000,000,000 | ---D | C] -- C:\Users\Tonia\AppData\Roaming\AVS4YOU
[2012/10/22 17:24:52 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2012/10/22 17:24:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2012/10/22 17:24:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2012/10/19 12:05:46 | 000,000,000 | ---D | C] -- C:\Users\Tonia\Desktop\Ricette altervista
[2012/10/01 18:34:17 | 000,000,000 | ---D | C] -- C:\Users\Tonia\AppData\Local\{3C3D7E24-CBE1-4DF9-A8F3-9BE65633720F}

========== Files - Modified Within 30 Days ==========

[2012/10/25 10:04:19 | 000,024,656 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/25 10:04:19 | 000,024,656 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/25 09:56:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/25 09:55:46 | 2798,211,072 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/25 09:39:03 | 000,001,160 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1594513926-270000843-2063396663-1000UA.job
[2012/10/24 18:34:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tonia\Desktop\OTL.exe
[2012/10/24 18:26:54 | 000,538,941 | ---- | M] () -- C:\Users\Tonia\Desktop\adwcleaner.exe
[2012/10/24 16:32:14 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012/10/24 16:17:36 | 000,001,975 | ---- | M] () -- C:\Users\Tonia\Desktop\PlantsVsZombies - collegamento.lnk
[2012/10/24 10:42:04 | 000,001,243 | ---- | M] () -- C:\Users\Tonia\Desktop\DVDVideoSoft Free Studio.lnk
[2012/10/23 15:48:11 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tonia\Desktop\tdsskiller.exe
[2012/10/23 15:13:33 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/10/23 13:00:37 | 000,001,943 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/10/23 08:39:18 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1594513926-270000843-2063396663-1000Core.job
[2012/10/22 20:43:01 | 001,153,912 | ---- | M] (Emsi Software GmbH) -- C:\Users\Tonia\Desktop\BlitzBlank.exe
[2012/10/22 19:50:39 | 004,987,615 | R--- | M] (Swearware) -- C:\Users\Tonia\Desktop\ComboFix.exe
[2012/10/22 18:43:11 | 000,318,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/09/25 15:58:52 | 000,001,319 | ---- | M] () -- C:\Users\Tonia\AppData\Roaming\SAS7_000.DAT

========== Files Created - No Company Name ==========

[2012/10/24 18:26:50 | 000,538,941 | ---- | C] () -- C:\Users\Tonia\Desktop\adwcleaner.exe
[2012/10/24 16:17:36 | 000,001,975 | ---- | C] () -- C:\Users\Tonia\Desktop\PlantsVsZombies - collegamento.lnk
[2012/10/24 10:42:04 | 000,001,243 | ---- | C] () -- C:\Users\Tonia\Desktop\DVDVideoSoft Free Studio.lnk
[2012/10/23 13:24:22 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/10/23 13:00:37 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/10/22 19:57:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/22 19:57:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/22 19:57:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/22 19:57:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/22 19:57:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/28 11:15:31 | 000,000,264 | -H-- | C] () -- C:\ProgramData\~Hi2XZmN6cF2OWl
[2012/03/28 11:15:31 | 000,000,168 | -H-- | C] () -- C:\ProgramData\~Hi2XZmN6cF2OWlr
[2012/03/28 11:15:14 | 000,000,448 | -H-- | C] () -- C:\ProgramData\Hi2XZmN6cF2OWl
[2012/02/26 20:04:31 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/12/17 19:07:56 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/12/12 14:16:27 | 000,001,319 | ---- | C] () -- C:\Users\Tonia\AppData\Roaming\SAS7_000.DAT
[2011/09/29 22:44:39 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2011/09/23 23:42:03 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2011/07/05 03:34:59 | 000,000,267 | ---- | C] () -- C:\Windows\LaunApp.ini
[2011/07/05 03:30:27 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/07/05 03:29:06 | 000,001,258 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2011/07/04 18:01:33 | 001,631,856 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/04 17:56:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/04/27 23:23:42 | 000,000,325 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2011/04/27 23:23:42 | 000,000,271 | ---- | C] () -- C:\Windows\WisPriority.ini
[2011/04/27 23:23:42 | 000,000,166 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2011/03/21 19:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

========== ZeroAccess Check ==========

[2011/11/17 08:41:18 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{0149b6f5-5c0f-f6fa-1f2d-9b5a997c15c0}\@
[2011/11/17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{0149b6f5-5c0f-f6fa-1f2d-9b5a997c15c0}\L
[2012/07/23 16:42:34 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{0149b6f5-5c0f-f6fa-1f2d-9b5a997c15c0}\U
[2012/07/03 19:34:23 | 000,002,048 | -HS- | M] () -- C:\Users\Tonia\AppData\Local\{0149b6f5-5c0f-f6fa-1f2d-9b5a997c15c0}\@
[2011/11/17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Tonia\AppData\Local\{0149b6f5-5c0f-f6fa-1f2d-9b5a997c15c0}\L
[2011/11/17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Tonia\AppData\Local\{0149b6f5-5c0f-f6fa-1f2d-9b5a997c15c0}\U
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2012/01/04 12:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/01/04 12:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 10:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< :OTL >

< IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com >
Invalid Switch: search.findeer.com

< FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.20.00 >

< FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.13.1.100007 >

< FF - user.js - File not found >

< FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found >
Invalid Switch: GENUINE: disabled File not found

< FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found >
Invalid Switch: GENUINE: disabled File not found

< [2012/03/08 10:58:14 | 000,001,867 | -H-- | M] () -- C:\Users\Tonia\AppData\Roaming\mozilla\firefox\profiles\4nhqioe2.default\searchplugins\findeer.xml >
Invalid Switch: 08 10:58:14 | 000,001,867 | -H-- | M] () -- C:\Users\Tonia\AppData\Roaming\mozilla\firefox\profiles\4nhqioe2.default\searchplugins\findeer.xml

< CHR - homepage: http://search.findeer.com >
Invalid Switch: search.findeer.com

< O2 - BHO: (no name) - {82EA3E77-7BD2-4744-A8F2-670770767EC5} - No CLSID value found. >

< O2 - BHO: (HrefNewTabBHO Class) - {9EE1A6E7-E822-4D0E-9664-815F94B00373} - C:\Users\Tonia\AppData\Local\EpicNewTab\HrefIENewTab.dll File not found >

< O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. >

< O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. >

< O4 - HKLM..\Run: [] File not found >

< O8:64bit: - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found >
Invalid Switch: 3000 File not found

< O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Tonia\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () >

< O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found >
Invalid Switch: 3000 File not found

< O8 - Extra context menu item: Free YouTube Download - C:\Users\Tonia\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () >

< O13 - gopher Prefix: missing >

< O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37BBD2B2-9A6A-4D2B-9077-4801C8485281}: NameServer = 176.31.229.24,176.31.229.25 >

< O18:64bit: - Protocol\Handler\livecall - No CLSID value found >

< O18:64bit: - Protocol\Handler\ms-help - No CLSID value found >

< O18:64bit: - Protocol\Handler\msnim - No CLSID value found >

< O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found >

< O18:64bit: - Protocol\Handler\wlpg - No CLSID value found >

< [2012/10/23 14:56:39 | 000,000,000 | ---D | C] -- C:\ComboFix >
Invalid Switch: 23 14:56:39 | 000,000,000 | ---D | C] -- C:\ComboFix

< [2012/10/22 19:57:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe >
Invalid Switch: 22 19:57:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

< [2012/10/22 19:57:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe >
Invalid Switch: 22 19:57:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

< [2012/10/22 19:57:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe >
Invalid Switch: 22 19:57:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

< [2012/10/22 19:56:52 | 000,000,000 | ---D | C] -- C:\Qoobox >
Invalid Switch: 22 19:56:52 | 000,000,000 | ---D | C] -- C:\Qoobox

< [2012/10/22 19:56:22 | 000,000,000 | ---D | C] -- C:\Windows\erdnt >
Invalid Switch: 22 19:56:22 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

< [2012/10/22 19:50:17 | 004,987,615 | R--- | C] (Swearware) -- C:\Users\Tonia\Desktop\ComboFix.exe >
Invalid Switch: 22 19:50:17 | 004,987,615 | R--- | C] (Swearware) -- C:\Users\Tonia\Desktop\ComboFix.exe

< >

< :Folders >

< C:\Users\Tonia\AppData\Roaming\Ewafp >

< C:\Users\Tonia\AppData\Roaming\Lolyon >

< C:\Users\Tonia\AppData\Roaming\Obor >

< C:\Users\Tonia\AppData\Roaming\Qevee >

< C:\Users\Tonia\AppData\Roaming\Upyw >

< C:\Users\Tonia\AppData\Roaming\Uzpaopz >

< C:\Users\Tonia\AppData\Roaming\Vyzao >

< C:\Users\Tonia\AppData\Roaming\Woebfy >

< C:\Users\Tonia\AppData\Roaming\Xafiysr >

< C:\Users\Tonia\AppData\Roaming\Yqxen >

< C:\Users\Tonia\AppData\Roaming\Ysamte >

< C:\ProgramData\~Hi2XZmN6cF2OWl >
[2012/03/28 11:34:08 | 000,000,264 | -H-- | M] () -- C:\ProgramData\~Hi2XZmN6cF2OWl

< C:\ProgramData\~Hi2XZmN6cF2OWlr >
[2012/03/28 11:34:07 | 000,000,168 | -H-- | M] () -- C:\ProgramData\~Hi2XZmN6cF2OWlr

< C:\ProgramData\Hi2XZmN6cF2OWl >
[2012/03/28 11:35:35 | 000,000,448 | -H-- | M] () -- C:\ProgramData\Hi2XZmN6cF2OWl

< C:\Windows\Installer\{0149b6f5-5c0f-f6fa-1f2d-9b5a997c15c0}\@ >
[2011/11/17 08:41:18 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{0149b6f5-5c0f-f6fa-1f2d-9b5a997c15c0}\@

< C:\Windows\Installer\{0149b6f5-5c0f-f6fa-1f2d-9b5a997c15c0}\L >

< C:\Windows\Installer\{0149b6f5-5c0f-f6fa-1f2d-9b5a997c15c0}\U >

< C:\Users\Tonia\AppData\Local\{0149b6f5-5c0f-f6fa-1f2d- >

< C:\Users\Tonia\AppData\Local\{0149b6f5-5c0f-f6fa-1f2d-9b5a997c15c0}\L >

< C:\Users\Tonia\AppData\Local\{0149b6f5-5c0f-f6fa-1f2d- >

< >

< :Files >

< C:\Windows\assembly\Desktop.ini >
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

< ipconfig /flushdns /c >
Configurazione IP di Windows
Cache del resolver DNS svuotata.

< >

< :commands >

< [Reboot] >

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:F35A93AD

< End of report >
tanya70
Utente Junior
 
Post: 12
Iscritto il: 23/10/12 10:23

Re: AIUTO non ne posso più con w32/Patched.UA

Postdi shel » 25/10/12 09:39

Tania non lo hai eseguito correttamente, devi copiare sotto "Custom Scans\Fixes" tutto il testo citato e poi premere run fix

rileggiti bene il post
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: AIUTO non ne posso più con w32/Patched.UA

Postdi tanya70 » 25/10/12 09:43

si ho fatto proprio così come mi hai suggerito, l'unica cosa che ho lasciato così com'era in otl non ho messo le spunte che mi hai detto la volta scorsa ossia 60 days, e le spunte in lop check, purity check... devo farlo?
Devo cliccare run scan o run Fix?
tanya70
Utente Junior
 
Post: 12
Iscritto il: 23/10/12 10:23

Re: AIUTO non ne posso più con w32/Patched.UA

Postdi shel » 25/10/12 09:54

no lascia tutto cosi' e riprova

incollaci questo codice poi premi run fix e allega il nuovo log


:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.20.00
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.13.1.100007
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
[2012/03/08 10:58:14 | 000,001,867 | -H-- | M] () -- C:\Users\Tonia\AppData\Roaming\mozilla\firefox\profiles\4nhqioe2.default\searchplugins\findeer.xml
CHR - homepage: http://search.findeer.com
O2 - BHO: (no name) - {82EA3E77-7BD2-4744-A8F2-670770767EC5} - No CLSID value found.
O2 - BHO: (HrefNewTabBHO Class) - {9EE1A6E7-E822-4D0E-9664-815F94B00373} - C:\Users\Tonia\AppData\Local\EpicNewTab\HrefIENewTab.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O8:64bit: - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Tonia\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Tonia\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37BBD2B2-9A6A-4D2B-9077-4801C8485281}: NameServer = 176.31.229.24,176.31.229.25
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
[2012/10/23 14:56:39 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/10/22 19:57:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/22 19:57:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/22 19:57:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/22 19:56:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/22 19:56:22 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/22 19:50:17 | 004,987,615 | R--- | C] (Swearware) -- C:\Users\Tonia\Desktop\ComboFix.exe

:Files
C:\Users\Tonia\AppData\Roaming\Ewafp
C:\Users\Tonia\AppData\Roaming\Lolyon
C:\Users\Tonia\AppData\Roaming\Obor
C:\Users\Tonia\AppData\Roaming\Qevee
C:\Users\Tonia\AppData\Roaming\Upyw
C:\Users\Tonia\AppData\Roaming\Uzpaopz
C:\Users\Tonia\AppData\Roaming\Vyzao
C:\Users\Tonia\AppData\Roaming\Woebfy
C:\Users\Tonia\AppData\Roaming\Xafiysr
C:\Users\Tonia\AppData\Roaming\Yqxen
C:\Users\Tonia\AppData\Roaming\Ysamte
C:\ProgramData\~Hi2XZmN6cF2OWl
C:\ProgramData\~Hi2XZmN6cF2OWlr
C:\ProgramData\Hi2XZmN6cF2OWl
C:\Windows\Installer\{0149b6f5-5c0f-f6fa-1f2d-9b5a997c15c0}\@
C:\Windows\Installer\{0149b6f5-5c0f-f6fa-1f2d-9b5a997c15c0}\L
C:\Windows\Installer\{0149b6f5-5c0f-f6fa-1f2d-9b5a997c15c0}\U
C:\Users\Tonia\AppData\Local\{0149b6f5-5c0f-f6fa-1f2d-
C:\Users\Tonia\AppData\Local\{0149b6f5-5c0f-f6fa-1f2d-9b5a997c15c0}\L
C:\Users\Tonia\AppData\Local\{0149b6f5-5c0f-f6fa-1f2d-
C:\Windows\assembly\Desktop.ini
ipconfig /flushdns /c



:commands
[purity]
[Reboot]
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: AIUTO non ne posso più con w32/Patched.UA

Postdi tanya70 » 25/10/12 10:14

Mi è sparito dal desktop "combofix" ...mah.. comunque questo è il log che mi hai chiesto


========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: plugin@yontoo.com:1.20.00 removed from extensions.enabledItems
Prefs.js: toolbar@ask.com:3.13.1.100007 removed from extensions.enabledItems
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
C:\Users\Tonia\AppData\Roaming\mozilla\firefox\profiles\4nhqioe2.default\searchplugins\findeer.xml moved successfully.
Use Chrome's Settings page to change the HomePage.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82EA3E77-7BD2-4744-A8F2-670770767EC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82EA3E77-7BD2-4744-A8F2-670770767EC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9EE1A6E7-E822-4D0E-9664-815F94B00373}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9EE1A6E7-E822-4D0E-9664-815F94B00373}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&sporta in Microsoft Excel\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube Download\ deleted successfully.
C:\Users\Tonia\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&sporta in Microsoft Excel\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube Download\ not found.
File C:\Users\Tonia\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{37BBD2B2-9A6A-4D2B-9077-4801C8485281}\\NameServer| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
C:\ComboFix folder moved successfully.
C:\Windows\SWREG.exe moved successfully.
C:\Windows\SWSC.exe moved successfully.
C:\Windows\NIRCMD.exe moved successfully.
C:\Qoobox\Quarantine\Registry_backups folder moved successfully.
C:\Qoobox\Quarantine\C\Windows\System32 folder moved successfully.
C:\Qoobox\Quarantine\C\Windows folder moved successfully.
C:\Qoobox\Quarantine\C\Users\Tonia\AppData\Roaming\wiw folder moved successfully.
C:\Qoobox\Quarantine\C\Users\Tonia\AppData\Roaming\Ryho folder moved successfully.
C:\Qoobox\Quarantine\C\Users\Tonia\AppData\Roaming\OfferBox\http_app.offerbox.com folder moved successfully.
C:\Qoobox\Quarantine\C\Users\Tonia\AppData\Roaming\OfferBox folder moved successfully.
C:\Qoobox\Quarantine\C\Users\Tonia\AppData\Roaming\Hazaud folder moved successfully.
C:\Qoobox\Quarantine\C\Users\Tonia\AppData\Roaming\Cepia folder moved successfully.
C:\Qoobox\Quarantine\C\Users\Tonia\AppData\Roaming folder moved successfully.
C:\Qoobox\Quarantine\C\Users\Tonia\AppData folder moved successfully.
C:\Qoobox\Quarantine\C\Users\Tonia folder moved successfully.
C:\Qoobox\Quarantine\C\Users\Public\Documents\AppData\PoApp\settings folder moved successfully.
C:\Qoobox\Quarantine\C\Users\Public\Documents\AppData\PoApp folder moved successfully.
C:\Qoobox\Quarantine\C\Users\Public\Documents\AppData folder moved successfully.
C:\Qoobox\Quarantine\C\Users\Public\Documents folder moved successfully.
C:\Qoobox\Quarantine\C\Users\Public folder moved successfully.
C:\Qoobox\Quarantine\C\Users folder moved successfully.
C:\Qoobox\Quarantine\C\ProgramData folder moved successfully.
C:\Qoobox\Quarantine\C\Program Files (x86)\Yontoo folder moved successfully.
C:\Qoobox\Quarantine\C\Program Files (x86)\intellidownload folder moved successfully.
C:\Qoobox\Quarantine\C\Program Files (x86)\Ask.com\Updater folder moved successfully.
C:\Qoobox\Quarantine\C\Program Files (x86)\Ask.com\assets\oobe folder moved successfully.
C:\Qoobox\Quarantine\C\Program Files (x86)\Ask.com\assets folder moved successfully.
C:\Qoobox\Quarantine\C\Program Files (x86)\Ask.com folder moved successfully.
C:\Qoobox\Quarantine\C\Program Files (x86) folder moved successfully.
C:\Qoobox\Quarantine\C folder moved successfully.
C:\Qoobox\Quarantine folder moved successfully.
Folder move failed. C:\Qoobox\BackEnv scheduled to be moved on reboot.
C:\Qoobox folder moved successfully.
C:\Windows\erdnt\subs\Users\00000004 folder moved successfully.
C:\Windows\erdnt\subs\Users\00000003 folder moved successfully.
C:\Windows\erdnt\subs\Users\00000002 folder moved successfully.
C:\Windows\erdnt\subs\Users\00000001 folder moved successfully.
C:\Windows\erdnt\subs\Users folder moved successfully.
C:\Windows\erdnt\subs folder moved successfully.
C:\Windows\erdnt\Hiv-backup\Users\00000004 folder moved successfully.
C:\Windows\erdnt\Hiv-backup\Users\00000003 folder moved successfully.
C:\Windows\erdnt\Hiv-backup\Users\00000002 folder moved successfully.
C:\Windows\erdnt\Hiv-backup\Users\00000001 folder moved successfully.
C:\Windows\erdnt\Hiv-backup\Users folder moved successfully.
C:\Windows\erdnt\Hiv-backup folder moved successfully.
C:\Windows\erdnt\cache86 folder moved successfully.
C:\Windows\erdnt\cache64 folder moved successfully.
C:\Windows\erdnt folder moved successfully.
C:\Users\Tonia\Desktop\ComboFix.exe moved successfully.
========== FILES ==========
C:\Users\Tonia\AppData\Roaming\Ewafp folder moved successfully.
C:\Users\Tonia\AppData\Roaming\Lolyon folder moved successfully.
C:\Users\Tonia\AppData\Roaming\Obor folder moved successfully.
C:\Users\Tonia\AppData\Roaming\Qevee folder moved successfully.
C:\Users\Tonia\AppData\Roaming\Upyw folder moved successfully.
C:\Users\Tonia\AppData\Roaming\Uzpaopz folder moved successfully.
C:\Users\Tonia\AppData\Roaming\Vyzao folder moved successfully.
C:\Users\Tonia\AppData\Roaming\Woebfy folder moved successfully.
C:\Users\Tonia\AppData\Roaming\Xafiysr folder moved successfully.
C:\Users\Tonia\AppData\Roaming\Yqxen folder moved successfully.
C:\Users\Tonia\AppData\Roaming\Ysamte folder moved successfully.
C:\ProgramData\~Hi2XZmN6cF2OWl moved successfully.
C:\ProgramData\~Hi2XZmN6cF2OWlr moved successfully.
C:\ProgramData\Hi2XZmN6cF2OWl moved successfully.
C:\Windows\Installer\{0149b6f5-5c0f-f6fa-1f2d-9b5a997c15c0}\@ moved successfully.
C:\Windows\Installer\{0149b6f5-5c0f-f6fa-1f2d-9b5a997c15c0}\L folder moved successfully.
C:\Windows\Installer\{0149b6f5-5c0f-f6fa-1f2d-9b5a997c15c0}\U folder moved successfully.
File\Folder C:\Users\Tonia\AppData\Local\{0149b6f5-5c0f-f6fa-1f2d- not found.
C:\Users\Tonia\AppData\Local\{0149b6f5-5c0f-f6fa-1f2d-9b5a997c15c0}\L folder moved successfully.
File\Folder C:\Users\Tonia\AppData\Local\{0149b6f5-5c0f-f6fa-1f2d- not found.
C:\Windows\assembly\Desktop.ini moved successfully.
< ipconfig /flushdns /c >
Configurazione IP di Windows
Cache del resolver DNS svuotata.
C:\Users\Tonia\Desktop\cmd.bat deleted successfully.
C:\Users\Tonia\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 10252012_110436

Files\Folders moved on Reboot...
File\Folder C:\Qoobox\BackEnv not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
tanya70
Utente Junior
 
Post: 12
Iscritto il: 23/10/12 10:23

Re: AIUTO non ne posso più con w32/Patched.UA

Postdi shel » 25/10/12 10:38

fai una scansione con malwarebytes aggiornalo e fai una scansione completa, una volta finita fai clic su OK => Mostra i Risultati.
Assicurarti che tutto sia selezionato e clicca clic su Rimuovi selezionati.
Se ti chiede di riavviare, riavvia per completare il processo di pulizia.
Posta il rapporto .

Fai anche una nuova scansione con otl

Posta i due log
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: AIUTO non ne posso più con w32/Patched.UA

Postdi Luke57 » 25/10/12 11:08

@tanya70
Ciao, per piacere il report di Otl inseriscilo qui
http://wikisend.com/
(premi scegli file>trovi il report e premi upload. Una volta caricato il file, ti sarà fornito un link, generalmente il primo, per poterlo
vedere. Copi e incolli il lik in un prossimo post)
altrimenti tutti questi chilometrici report appesantiscono molto la discussione.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: AIUTO non ne posso più con w32/Patched.UA

Postdi tanya70 » 25/10/12 13:09

ciao, ok questo è il report do otl

http://wikisend.com/download/500652/OTL.Txt

questo è di malwarebytes :

Malwarebytes Anti-Malware (Prova) 1.65.1.1000
www.malwarebytes.org

Versione database: v2012.10.25.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Tonia :: TONIA-PC [amministratore]

Protezione: Attivata

25/10/2012 11:41:47
mbam-log-2012-10-25 (11-41-47).txt

Tipo di scansione: Scansione completa (C:\|)
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 458067
Tempo impiegato: 1 ore, 59 minuti, 48 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 1
HKCR\AppID\{186E19A3-B909-4F48-B687-BB81EB8BC7CE} (Trojan.BHO) -> Spostato in quarantena ed eliminato con successo.

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 2
C:\Users\Tonia\Downloads\SoftonicDownloader_per_softi-freeocr.exe (PUP.OfferBundler.ST) -> Spostato in quarantena ed eliminato con successo.
C:\_OTL\MovedFiles\10252012_110436\C_Qoobox\Quarantine\C\Users\Tonia\AppData\Roaming\Cepia\rysya.exe.vir (Trojan.Winlock) -> Spostato in quarantena ed eliminato con successo.

(fine)
tanya70
Utente Junior
 
Post: 12
Iscritto il: 23/10/12 10:23

Re: AIUTO non ne posso più con w32/Patched.UA

Postdi shel » 25/10/12 19:55

Apri otl e incolla come prima questo nel box bianco del programma poi premi run fix e allega il nuovo log
:Files
C:\Users\Tonia\AppData\Local\{0149b6f5-5c0f-f6fa-1f2d-9b5a997c15c0}\@
C:\Users\Tonia\AppData\Local\{0149b6f5-5c0f-f6fa-1f2d-9b5a997c15c0}\U
ipconfig /flushdns /c


:commands
[purity]
[Reboot]



sai dirmi se il pc e' migliorato?
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Prossimo

Torna a Sicurezza e Privacy


Topic correlati a "AIUTO non ne posso più con w32/Patched.UA":

Aiuto urgente!!!
Autore: templare77
Forum: Software Windows
Risposte: 1

Chi c’è in linea

Visitano il forum: Nessuno e 2 ospiti