Problema con candy-box.biz e pagine pubblicitarie

Risolto/Chiuso
frank2913 Posti 11 Data di registrazione lunedì 4 maggio 2015 Stato Membri Ultimo intervento giovedì 7 maggio 2015 - 4 mag 2015 alle 00:17
Noureddine Bouzidi Posti 22674 Data di registrazione giovedì 19 marzo 2009 Stato Moderatore Ultimo intervento giovedì 7 gennaio 2021 - 7 mag 2015 alle 20:08
Salve a tutti. Come da titolo non riesco ad eliminare in modo definitivo candy-box.biz; dopo un po' che navigo con chrome si aprono delle pagine pubblicitarie casuali. Ho già letto le varie discussioni presenti sul sito provando a seguire i consigli, ma non sono riuscito a debellarlo del tutto. Ho fatto più volte la scansione con Malwarebytes, AdwCleaner, ZHPCleaner, Eusing Free Registry Cleaner, Avast e credo di aver eliminato tutti i programmi malevoli anche manualmente dal pannello di controllo. Non capisco perchè rimane un rimasuglio da qualche parte nel computer che non riesco a togliere. Grazie in anticipo per eventuali risposte.

5 risposte

l'embrouille 75 Posti 5297 Data di registrazione lunedì 4 luglio 2011 Stato Membri Ultimo intervento giovedì 5 luglio 2018 748
4 mag 2015 alle 08:17
Ciao,
Scarica Revo Uninstaller =
https://it.ccm.net/download/scaricare-139-revo-uninstaller
Leggi la guida e prova a disinstallare Candybox

0
frank2913 Posti 11 Data di registrazione lunedì 4 maggio 2015 Stato Membri Ultimo intervento giovedì 7 maggio 2015
4 mag 2015 alle 13:34
Ciao, ho provato con Revo a disinstallarlo: ho selezionato il programma in modalità mirino e tutte le voci, ho fatto tutti i passaggi, infine ho riavviato il computer, ma il problema rimane. Forse ho sbagliato qualcosa, però se riavvio Revo non mi dà più candy-box 3.0.
0
Noureddine Bouzidi Posti 22674 Data di registrazione giovedì 19 marzo 2009 Stato Moderatore Ultimo intervento giovedì 7 gennaio 2021 15.418
4 mag 2015 alle 13:41
fai una nuova scansione con ZHPCleaner e mandaci il report
0
frank2913 Posti 11 Data di registrazione lunedì 4 maggio 2015 Stato Membri Ultimo intervento giovedì 7 maggio 2015
4 mag 2015 alle 16:57
~ ZHPCleaner v2015.5.4.208 by Nicolas Coolman (04/05/2015)
~ Run by Francesco (Administrator) (04/05/2015 16:46:25)
~ Forum : http://forum.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Chercare
~ Report : C:\Users\Francesco\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Francesco\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Deactivate
~ Boot Mode : Normal (Normal boot)
~ Windows VISTA, 32-bit Service Pack 1 (Build 6001)


---\\ Servizi (0)
~ Nessun elemento malevolo trovato.


---\\ Browser Internet (0)
~ Nessun elemento malevolo trovato.


---\\ File hosts (1)
~ Il file hosts è legittimo (20)


---\\ Operazioni pianificate automatiche. (0)
~ Nessun elemento malevolo trovato.


---\\ Esploratore ( File, Cartelle) (0)
~ Nessun elemento malevolo trovato.


---\\ Registro ( Chiavi, Valori, Dati ) (0)
~ Nessun elemento malevolo trovato.


---\\ Risultato di riparazione
~ Qualsiasi riparazione fatta
~ Browser non trovato (Google Chrome)
~ Browser non trovato (Opera Software)


---\\ Statistiche
~ Elementi analizzati : 61187
~ Elementi trovati : 0
~ Elementi cancellati : 0
~ Elementi riparati : 0


End of clean at 16:55:03
===================
ZHPCleaner-[R]-03052015-12_08_20.txt
ZHPCleaner-[R]-04052015-16_37_42.txt
ZHPCleaner-[S]-03052015-12_07_22.txt
ZHPCleaner-[S]-03052015-15_35_59.txt
ZHPCleaner-[S]-04052015-16_36_30.txt
ZHPCleaner-[S]-04052015-16_55_03.txt
0
frank2913 Posti 11 Data di registrazione lunedì 4 maggio 2015 Stato Membri Ultimo intervento giovedì 7 maggio 2015
4 mag 2015 alle 16:58
Non mi trova nulla eppure continua ad aprirsi una pagina con indirizzo adserver.candy-box.biz
0
Noureddine Bouzidi Posti 22674 Data di registrazione giovedì 19 marzo 2009 Stato Moderatore Ultimo intervento giovedì 7 gennaio 2021 15.418
5 mag 2015 alle 13:42
scarica ZHPDiag

Dopo l'installazione ti appaiono icone sul desktop
  • Avvia ZHPDiag
  • Per avviare la scansione fai clic sul pulsante
  • Un report "ZHPDiag.txt" verrà aperto
  • copia il contenuto del report qui


~~# Per ogni problema... c'è una soluzione #~~
0
frank2913 Posti 11 Data di registrazione lunedì 4 maggio 2015 Stato Membri Ultimo intervento giovedì 7 maggio 2015
6 mag 2015 alle 13:22
~ Riporto di ZHPDiag v2015.2.23.23 - Nicolas Coolman (23/02/2015)
~ Lanciato da Francesco (06/05/2015 13.18.15)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Indirizzo del foum Web : http://forum.nicolascoolman.fr
~ Tradotto da
~ Stato della versione : Nuova versione disponibile
~ Lista Bianca : Attivata dal programma
~ Elevazione dei privilegi : OK
~ Controllo dell'Account utente :


---\\ Browser Internet
MSIE: Internet Explorer v7.0.6001.18000
GCIE: Google Chrome v42.0.2311.135 (Defaut)

---\\ Informazioni sul prodotto Windows
~ Langage: Italien
Windows Server License Manager Script : OK
Windows Automatic Updates : OK
Windows Vista (TM) Ultimate, 32-bit Service Pack 1 (Build 6001)

---\\ Software di protezione del sistema
Avast Internet Security v10.2.2215
Malwarebytes Anti-Malware versione 2.0.4.1028

---\\ Software di ottimizzazione del sistema
CCleaner v2.32

---\\ Condivisione di software PeerToPeer
eMule

---\\ Software di sorveglianza
Adobe Flash Player 17 NPAPI

---\\ Informazioni sul sistema
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1977 MB (40% free)
System Restore: Activé (Enable)
System drive C: has 196 GB (42%) free of 466 GB

---\\ Connessione alla modalità sistema
~ Computer Name: PC-FRANCESCO
~ User Name: Francesco
~ All Users Names: Guest, Francesco, Administrator,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variabili di ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Francesco\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Francesco\AppData\Roaming\
~ %Desktop% : C:\Users\Francesco\Desktop\
~ %Favorites% : C:\Users\Francesco\Favorites\
~ %LocalAppData% : C:\Users\Francesco\AppData\Local\
~ %StartMenu% : C:\Users\Francesco\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumerazione delle unità disco
C: Hard drive, Flash drive, Thumb drive (Free 196 Go of 466 Go)
D: Hard drive, Flash drive, Thumb drive (Free 763 Go of 932 Go)
E: CD-ROM drive (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
J: Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Stato di Windows Security Center
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Ricerca di particolari file generico
[MD5.4F554999D7D5F05DAAEBBA7B5BA1089D] - (.Microsoft Corporation - Esplora risorse.) (.29/10/2008 - 7.29.41.) -- C:\Windows\Explorer.exe [2927104]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Applicazione di avvio di Windows.) (.21/01/2008 - 3.21.52.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.DA5A72211661C7F162B332FEA4F09A69] - (.Microsoft Corporation - Internet Extensions per Win32.) (.21/04/2011 - 16.00.34.) -- C:\Windows\System32\wininet.dll [833024]
[MD5.C2610B6BDBEFC053BBDAB4F1B965CB24] - (.Microsoft Corporation - Applicazione Accesso a Windows.) (.21/01/2008 - 3.22.59.) -- C:\Windows\System32\Winlogon.exe [314880]
[MD5.48EB99503533C27AC6135648E5474457] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14.16.42.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.2D9C903DC76A66813D350A562DE40ED9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.21/01/2008 - 3.21.09.) -- C:\Windows\system32\Drivers\atapi.sys [21560]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 3.21.58.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.1EC25CEA0DE6AC4718BF89F9E1778B57] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/01/2008 - 3.21.11.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.A3E9FA213F443AC77C7746119D13FEEC] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15.24.14.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.C87B1EE051C0464491C1A7B03FA0BC99] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/01/2008 - 3.21.30.) -- C:\Windows\system32\Drivers\HDAudBus.sys [53760]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Driver della porta i8042.) (.21/01/2008 - 3.21.28.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 3.22.35.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.5734A0F2BE7E495F7D3ED6EFD4B9F5A1] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 13.49.35.) -- C:\Windows\system32\Drivers\MRxSmb.sys [105984]
[MD5.7C5FEE5B1C5728507CD96FB4A13E7A02] - (.Microsoft Corporation - MBT Transport driver.) (.21/01/2008 - 3.23.10.) -- C:\Windows\system32\Drivers\netBT.sys [184320]
[MD5.B4EFFE29EB4F15538FD8A9681108492D] - (.Microsoft Corporation - Driver file system NT.) (.21/01/2008 - 3.21.58.) -- C:\Windows\system32\Drivers\ntfs.sys [1081912]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Driver della porta parallela.) (.02/11/2006 - 9.51.30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 3.23.02.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 3.21.09.) -- C:\Windows\system32\Drivers\rdpdr.sys [248832]
[MD5.031E6BCD53C9B2B9ACE111EAFEC347B6] - (.Microsoft Corporation - SMB Transport driver.) (.21/01/2008 - 3.23.10.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.D09276B1FAB033CE1D40DCBDF303D10F] - (.Microsoft Corporation - TDI Translation Driver.) (.21/01/2008 - 3.23.00.) -- C:\Windows\system32\Drivers\tdx.sys [71680]
[MD5.D8B4A53DD2769F226B3EB374374987C9] - (.Microsoft Corporation - Driver copia shadow del volume.) (.21/01/2008 - 3.21.29.) -- C:\Windows\system32\Drivers\volsnap.sys [227896]
~ Generic Processes: Scanned in 00mn 00s



---\\ Stato dei file nascosti (nascosti/totale)
~ Mes images (My Pictures) : 2/47
~ Mes musiques (My Musics) : 2/166
~ Mes Videos (My Videos) : 1/17
~ Mes Favoris (My Favorites) : 1/20
~ Mes Documents (My Documents) : 4/173
~ Mon Bureau (My Desktop) : 1/31
~ Menu demarrer (Programs) : 1/39
~ Hidden Files: Scanned in 00mn 00s



---\\ Processo avviato
[MD5.06964B7DE858BB6317164BF184E9C766] - (.Avast Software s.r.o. - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912] [PID.2056]
[MD5.7EDA1D46618C2F5801E4A47D80AE89ED] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [812872] [PID.3748]
[MD5.7D493FEBC01FB93E13E03750A862BE32] - (.Link Up Advertising - CandyBox.) -- C:\Program Files\CandyBox\cab.exe [406528] [PID.2348]
[MD5.9D2DB58768C5E760F55754E86E86AE9C] - (...) -- C:\ProgramData\Service\Application\proc.exe [162072] [PID.3232]
[MD5.62BB79160F86CD962F312C68C6239BFD] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53472] [PID.5164]
[MD5.472D170E4E1FEED584616E08CFB0F1EF] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8179200] [PID.4296]
[MD5.F96EBC5A624349D81DCC7600A3C5DC43] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.5124]
[MD5.0BA91E1358AD25236863039BB2609A2E] - (.Microsoft Corporation - Servizio gestione licenze software Microsof.) -- C:\Windows\system32\SLsvc.exe [2623488] [PID.1244]
[MD5.210A326658D72D7F2EE2267F3D9C44D4] - (.Avast Software s.r.o. - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336] [PID.1616]
[MD5.60F37044ECB50154DAC0AC2B83F6AB88] - (.Avast Software s.r.o. - avast! firewall service.) -- C:\Program Files\AVAST Software\Avast\afwServ.exe [107448] [PID.1788]
[MD5.7515019E92598852D62EEAF6C37786F6] - (.MS - Auto Update System.) -- C:\Program Files\CandyBox\aus.exe [286208] [PID.2300]
[MD5.7CF1B716372B89568AE4C0FE769F5869] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872] [PID.2400]
[MD5.5019A83BE87FD8B60F7333901BFD35E5] - (.Avast Software - AvastVirtualBox Interface.) -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216] [PID.3136]
~ Processes Running: Scanned in 00mn 01s



---\\ Mozilla Firefox, plugin, start, cerca, estensioni (P2, M0, M1, M2, M3)
C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\oit2jfpg.default\prefs.js
~ Firefox Browser: 34 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, start, cerca, URLSearchHook, Phishing (R0, R1, R3, R4)
R0 - HKCU\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.chatzum.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = about:newtab
~ IE Browser: 16 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, gestione Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analisi delle linee F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (20)
~ Hosts File: Scanned in 00mn 00s



---\\ Internet Explorer barre degli strumenti (O3)
O3 - Toolbar: Adobe PDF - [HKLM]{47833539-D0C5-4125-9FA8-0819E2EAAC93} . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Chiave orfano
~ Toolbar: Scanned in 00mn 00s



---\\ Altri link utenti (O4)
O4 - GS\Desktop [Public]: eMule.lnk . (.https://www.emule-project.net/home/perl/general.cgi?l=1 - eMule.) -- C:\Program Files\eMule\emule.exe =>P2P.eMule
~ Global Startup: 1 Legitimates Filtered in 00mn 02s



---\\ Iniziato da file e registro applicazioni (O4)
O4 - HKLM\..\Run: [AvastUI.exe] . (.Avast Software s.r.o. - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
~ Application: Scanned in 00mn 00s



---\\ I pulsanti sulla barra degli strumenti "principali strumenti" di Internet Explorer (O9)
O9 - Extra button: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modificare gli indirizzi DNS domain (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{E27BFE7A-6554-475F-8155-98AC10C854C6}: DhcpNameServer = 85.37.17.16 85.38.28.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{E27BFE7A-6554-475F-8155-98AC10C854C6}: DhcpNameServer = 85.37.17.16 85.38.28.68
O17 - HKLM\System\CS2\Services\Tcpip\..\{E27BFE7A-6554-475F-8155-98AC10C854C6}: DhcpNameServer = 85.37.17.16 85.38.28.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.37.17.16 85.38.28.68
~ Domain: Scanned in 00mn 00s



---\\ Protocollo addizionale (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizzatore HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valore di registro AppInit_DLLs e sottochiavi Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Chiave di registro autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Shell Browser UI Library.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Elenco dei servizi non Microsoft NT e non disabili (O23)
O23 - Service: Servizio di gestione (asl) . (...) - C:\ProgramData\Service\Application\asl.exe
O23 - Service: Auto Update Service (AUS) . (.MS - Auto Update System.) - C:\Program Files\CandyBox\aus.exe
O23 - Service: Log Session Manager (Log S.M.) . (.Link Up Advertising - CandyBox.) - C:\Program Files\CandyBox\cab.exe
~ Services: 6 Legitimates Filtered in 00mn 06s



---\\ L'enumerazione Active Desktop Editor MHTML (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Users\Francesco\Downloads\alaska_winter_nights-wide.jpg
O24 - Desktop General: WallPaper - .(...) - C:\Users\Francesco\Downloads\alaska_winter_nights-wide.jpg
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Attività pianificate in modo automatico (039)
[MD5.00000000000000000000000000000000] [APT] [amiupdaterExd] (...) -- C:\Users\Francesco\AppData\Local\Temp\amiupdater224.exe (.not file.) [0] =>PUP.Dealply
[MD5.00000000000000000000000000000000] [APT] [{31587B49-56B4-4813-8C47-47EF72EB67AC}] (...) -- C:\Users\Francesco\AppData\Roaming\istartsurf\UninstallManager.exe (.not file.) [0] =>PUP.IsStart
[MD5.00000000000000000000000000000000] [APT] [{499A721D-AE14-4184-824F-57E3F3AD425C}] (...) -- C:\Users\Francesco\AppData\Roaming\Nosibay\Bubble Dock\Bubble Dock Uninstall.exe (.not file.) [0] =>PUP.BubbleDock
[MD5.00000000000000000000000000000000] [APT] [{9A5BC3C8-5CAE-47C3-BE7A-1AEC067BF264}] (...) -- C:\Users\Francesco\Downloads\BwinCasino (1).exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [978]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1134]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1138]
~ Scheduled Task: 14 Legitimates Filtered in 00mn 03s



---\\ Software installato (O42)
O42 - Logiciel: Er Finestra - (.DaNieLz Works 2002.) [HKLM] -- Er Finestra
O42 - Logiciel: WinOff - (...) [HKLM] -- {8049EB00-4F62-44FB-AAF7-CB42F588E3C5}_is1
~ Logic: 9 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\NDS]
[HKCU\Software\WHCASINOREAL.IT]
[HKCU\Software\xohiwgcmz]
[HKLM\Software\50 Stars Casino]
[HKLM\Software\AUS]
[HKLM\Software\African Palace Casino]
[HKLM\Software\Amber Coast Casino]
[HKLM\Software\Baraka Bingo]
[HKLM\Software\Baraka Casino Online]
[HKLM\Software\Better Casino]
[HKLM\Software\Bingo Day]
[HKLM\Software\Blackpool Bingo]
[HKLM\Software\Blackpool Club Casino]
[HKLM\Software\CASINO PLEX]
[HKLM\Software\CandyBox]
[HKLM\Software\Carnaval Casino]
[HKLM\Software\Casino Bellini]
[HKLM\Software\Casino DelRio]
[HKLM\Software\Casino Vendome]
[HKLM\Software\Casino.com]
[HKLM\Software\Centrebet Casino]
[HKLM\Software\Centrebet Poker]
[HKLM\Software\Class 1 Casino]
[HKLM\Software\Club Dice Casino]
[HKLM\Software\Club Dice Poker]
[HKLM\Software\Club Gold Casino]
[HKLM\Software\Cote dAzur Palace Casino]
[HKLM\Software\Craps.com]
[HKLM\Software\Dafa Poker]
[HKLM\Software\Dafa888]
[HKLM\Software\Diamond Club Casino]
[HKLM\Software\Enter Casino]
[HKLM\Software\Fair Poker]
[HKLM\Software\Fast Win Casino]
[HKLM\Software\Giant Vegas Casino]
[HKLM\Software\Golden Palace Casino PT]
[HKLM\Software\Grand Play Casino]
[HKLM\Software\Grosvenor Casinos]
[HKLM\Software\IncrediMail]
[HKLM\Software\Indio Casino]
[HKLM\Software\King Solomons Casino]
[HKLM\Software\Kiwi Bingo]
[HKLM\Software\Kiwi Casino]
[HKLM\Software\Kiwi Poker]
[HKLM\Software\MANSION Casino]
[HKLM\Software\Magic Box Casino]
[HKLM\Software\Mansion Poker]
[HKLM\Software\Miss Bingo]
[HKLM\Software\New York Casino]
[HKLM\Software\Noble Casino]
[HKLM\Software\Noble Poker]
[HKLM\Software\Nuts Poker]
[HKLM\Software\Omni Casino]
[HKLM\Software\OnlineCasino.com]
[HKLM\Software\OxigenRef]
[HKLM\Software\Play United Casino]
[HKLM\Software\PlayGate Casino]
[HKLM\Software\PlayGate Poker]
[HKLM\Software\Poker 770]
[HKLM\Software\Poker Ocean]
[HKLM\Software\PowerOffer]
[HKLM\Software\Prestige Bingo]
[HKLM\Software\Prestige Poker]
[HKLM\Software\Riva Poker]
[HKLM\Software\Royal Dice Casino]
[HKLM\Software\Royal Lounge Casino]
[HKLM\Software\Sky Kings Casino]
[HKLM\Software\Tiki Bingo]
[HKLM\Software\Titan Casino]
[HKLM\Software\Titan.it Casino]
[HKLM\Software\USA Casino]
[HKLM\Software\Vegas Red Casino]
[HKLM\Software\WHCASINOREAL.IT]
[HKLM\Software\William Hill CASINO CLUB]
[HKLM\Software\Windows Casino]
[HKLM\Software\Windows Poker]
[HKLM\Software\Ya888Ya Casino]
[HKLM\Software\Zipang Casino]
[HKLM\Software\pokerplex]
[HKLM\Software\pokersnai_real]
[HKLM\Software\sunpoker]
[HKLM\Software\vulcanpoker]
~ Key Software: 278 Legitimates Filtered in 00mn 00s



---\\ Contenuto delle cartelle Programmi, ProgramFiles, ProgramData, AppData (O43)
O43 - CFD: 02/05/2015 - 21.55.47 - [] ----D C:\Program Files\CandyBox
O43 - CFD: 14/05/2014 - 16.26.19 - [0] ----D C:\Program Files\Cool Mirage Ltd
O43 - CFD: 20/05/2010 - 22.02.25 - [] ----D C:\Program Files\Er Finestra
O43 - CFD: 17/08/2013 - 22.19.32 - [] ----D C:\Program Files\ffvfw
O43 - CFD: 29/09/2009 - 23.22.04 - [] -SH-D C:\Program Files\File comuni
O43 - CFD: 05/08/2011 - 18.18.40 - [] ----D C:\Program Files\LimeWire
O43 - CFD: 24/04/2015 - 11.37.42 - [] ----D C:\Program Files\PokerStars.IT
O43 - CFD: 02/05/2015 - 21.57.09 - [] ----D C:\Program Files\UltraZip
O43 - CFD: 28/12/2012 - 23.38.10 - [] ----D C:\ProgramData\55-6p-p5-r0-60-31
O43 - CFD: 25/02/2012 - 17.57.36 - [] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 29/09/2009 - 23.22.04 - [] -SH-D C:\ProgramData\Documenti
O43 - CFD: 29/09/2009 - 23.22.04 - [] -SH-D C:\ProgramData\Menu Avvio
O43 - CFD: 29/09/2009 - 23.22.04 - [] -SH-D C:\ProgramData\Preferiti
O43 - CFD: 02/05/2015 - 21.57.08 - [] ----D C:\ProgramData\Service
O43 - CFD: 04/12/2012 - 23.01.45 - [0] ----D C:\ProgramData\????
O43 - CFD: 04/12/2012 - 23.01.44 - [0] ----D C:\ProgramData\????Ä???8520-1533-40C5-AD09-953C574F14BCÄ???
O43 - CFD: 09/12/2012 - 12.35.51 - [0] ----D C:\ProgramData\?E?E?????????????????????????
O43 - CFD: 08/12/2012 - 10.59.23 - [0] ----D C:\ProgramData\?í?í?????????????????????????
O43 - CFD: 17/12/2012 - 21.49.43 - [0] ----D C:\ProgramData\?????????????????????????????
O43 - CFD: 18/12/2012 - 23.03.43 - [0] ----D C:\ProgramData\????
O43 - CFD: 26/12/2012 - 13.40.19 - [0] ----D C:\ProgramData\????
O43 - CFD: 11/12/2012 - 23.00.07 - [0] ----D C:\ProgramData\????
O43 - CFD: 03/05/2015 - 16.07.48 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffvfw
O43 - CFD: 20/05/2010 - 22.02.23 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Radio Deejay
O43 - CFD: 02/11/2006 - 14.35.50 - [] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 07/12/2011 - 18.50.41 - [0] ----D C:\Users\Francesco\AppData\Roaming\Ansylo
O43 - CFD: 26/02/2012 - 18.43.30 - [0] ----D C:\Users\Francesco\AppData\Roaming\Daawpya
O43 - CFD: 22/03/2012 - 18.55.51 - [] ----D C:\Users\Francesco\AppData\Roaming\Edfoy
O43 - CFD: 24/02/2012 - 20.54.58 - [] ----D C:\Users\Francesco\AppData\Roaming\Ifuvv
O43 - CFD: 24/03/2012 - 1.48.55 - [0] ----D C:\Users\Francesco\AppData\Roaming\Imudy
O43 - CFD: 07/12/2011 - 1.25.33 - [0] ----D C:\Users\Francesco\AppData\Roaming\Raa
O43 - CFD: 31/12/2012 - 18.32.55 - [] ----D C:\Users\Francesco\AppData\Roaming\RisikoDigitalII
O43 - CFD: 04/05/2015 - 0.34.56 - [] ----D C:\Users\Francesco\AppData\Local\EE221CBB-1430603881-DE11-8A19-0007E9BECBF3
O43 - CFD: 02/05/2015 - 22.52.30 - [] ----D C:\Users\Francesco\AppData\Local\EE221CBB-1430603896-DE11-8A19-0007E9BECBF3
O43 - CFD: 27/09/2014 - 16.32.34 - [] ----D C:\Users\Francesco\AppData\Local\PokerStars.IT
O43 - CFD: 02/09/2012 - 13.02.17 - [] ----D C:\Users\Francesco\AppData\Local\PosService
O43 - CFD: 01/09/2012 - 21.22.00 - [] ----D C:\Users\Francesco\AppData\Local\PowerOffer
O43 - CFD: 13/02/2014 - 18.05.51 - [] ----D C:\Users\Francesco\AppData\Local\Senza titolo
O43 - CFD: 02/03/2013 - 22.45.55 - [] ----D C:\Users\Francesco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Guadagnare 200 Euro al giorno Sistema 1
O43 - CFD: 20/05/2010 - 22.02.22 - [0] ----D C:\Users\Francesco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Radio Deejay
~ Program Folder: 231 Legitimates Filtered in 00mn 01s



---\\ Ultimi file modificati o creati su Windows e System32 (O44)
O44 - LFC:[MD5.35281CA2C003866E54C0F60CFC3FCC32] - 02/05/2015 - 20.56.11 ---A- . (...) -- C:\Windows\win.ini [321]
O44 - LFC:[MD5.1F3CE16AE4BAB02C8DCD204FF40A4A8A] - 02/05/2015 - 21.11.39 ---A- . (...) -- C:\Windows\System32\029B560A371F4E00AB32838EBC01B9E7 [4]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 02/05/2015 - 21.26.00 RSHA- . (...) -- C:\IO.SYS [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 02/05/2015 - 21.26.00 RSHA- . (...) -- C:\MSDOS.SYS [0]
O44 - LFC:[MD5.78864F1759CBE126777F38A398FFEB3A] - 05/05/2015 - 11.40.48 ---A- . (...) -- C:\Windows\ntbtlog.txt [190134]
~ Files: 16 Legitimates Filtered in 00mn 30s



---\\ Operazioni e funzioni all'avvio di Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Enumerazione della chiave del Registro di sistema StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\PosService [Key] . (.PLauncher - PLauncher.) -- C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe
~ SMSR Keys: 17 Legitimates Filtered in 00mn 00s



---\\ Enumerazione del Registro chiavi PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Elenco dei driver del sistema (SDL) (O58)
O58 - SDL:18/04/2015 - 13.52.30 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24144] =>.ALWIL Software
O58 - SDL:18/04/2015 - 13.51.47 ---A- . (.ALWIL Software - avast! Filtering NDIS driver.) -- C:\Windows\System32\Drivers\aswNdis.sys [12112]
O58 - SDL:18/04/2015 - 13.52.30 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49904] =>.ALWIL Software
O58 - SDL:18/04/2015 - 13.52.30 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208024] =>.ALWIL Software
O58 - SDL:25/10/2010 - 10.07.48 ---A- . (.Devguru Co., Ltd - Device Error Recovery SDK(x86).) -- C:\Windows\System32\Drivers\dgderdrv.sys [18120]
O58 - SDL:21/01/2008 - 3.21.30 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [342584]
O58 - SDL:02/11/2006 - 10.50.07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\Drivers\iteatapi.sys [35944]
O58 - SDL:02/11/2006 - 10.50.09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\Drivers\iteraid.sys [35944]
O58 - SDL:30/12/2010 - 10.41.56 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [66112]
O58 - SDL:30/12/2010 - 10.41.56 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [180672]
O58 - SDL:30/12/2010 - 10.41.56 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Mobile Logging Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudserd.sys [180672]
O58 - SDL:21/01/2008 - 3.21.28 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\Drivers\uliahci.sys [238648]
O58 - SDL:02/11/2006 - 10.50.35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\System32\Drivers\ulsata.sys [98408]
O58 - SDL:21/01/2008 - 3.21.31 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\System32\Drivers\ulsata2.sys [115816]
O58 - SDL:16/04/2010 - 7.33.36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys [41472]
O58 - SDL:02/11/2006 - 8.09.42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:02/11/2006 - 8.09.45 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:25/10/2010 - 10.03.52 ---A- . (...) -- C:\Windows\System32\FsUsbExDisk.Sys [36640]
O58 - SDL:02/11/2006 - 8.09.41 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:02/11/2006 - 8.09.44 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:02/11/2006 - 8.09.44 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:02/11/2006 - 8.09.29 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:02/11/2006 - 8.09.35 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:02/11/2006 - 8.09.38 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:02/11/2006 - 8.09.40 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:02/11/2006 - 8.09.31 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:02/11/2006 - 8.09.20 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:02/11/2006 - 8.09.23 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:02/11/2006 - 8.09.24 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:02/11/2006 - 8.09.26 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:02/11/2006 - 8.09.22 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 93 Legitimates Filtered in 00mn 05s



---\\ Elenco di strumenti di disinfezione (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Elenco servizi registrati legacy (LALS) (O64)
O64 - Services: CurCS - 18/04/2015 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
~ Legacy: 81 Legitimates Filtered in 00mn 00s



---\\ Associazioni Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu Start Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Cerca "infezione su browser internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - https://www.bing.com/?toHttps=1&redig=2F13C9FB4BE74CED9DE7191D634B97FB
~ Keys: Scanned in 00mn 00s



---\\ Condizioni generali dei servizi non Microsoft (GSR) (SR = esecuzione, SS = fermato)
SS - | Demand 03/05/2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 16/04/2010 144672 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SS - | Auto 10/03/2015 570136 | (asl) . (...) - C:\ProgramData\Service\Application\asl.exe
SS - | Disabled 25/10/2010 95568 | (dgdersvc) . (.Devguru Co., Ltd..) - C:\Windows\system32\dgdersvc.exe
SS - | Disabled 30/09/2009 654848 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Disabled 25/10/2010 217088 | (FsUsbExService) . (.Teruten.) - C:\Windows\system32\FsUsbExService.exe
SS - | Auto 27/11/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 27/11/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 22/12/2009 136120 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Disabled 28/04/2010 545576 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Disabled 31/12/2008 174616 | (LMS) . (.Intel Corporation.) - C:\Program Files\Intel\AMT\LMS.exe
SS - | Disabled 05/05/2015 208384 | (mijifyhu) . (...) - C:\Users\Francesco\AppData\Local\EE221CBB-1430603881-DE11-8A19-0007E9BECBF3\cnsh2DA3.tmp
SS - | Disabled 20/09/2007 853288 | (Nero BackItUp Scheduler 3) . (.Nero AG.) - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
SS - | Disabled 20/09/2007 382248 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
SS - | Disabled 03/04/2012 169472 | (PowerOffer Service) . (.PowerOfferService.) - C:\Users\Francesco\AppData\Local\PosService\Pos.exe
SS - | Disabled 31/12/2008 2054680 | (UNS) . (.Intel Corporation.) - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
SS - | Demand 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2014 286208 | (AUS) . (.MS.) - C:\Program Files\CandyBox\aus.exe
SR - | Auto 18/04/2015 343336 | (avast! Antivirus) . (.Avast Software s.r.o..) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 18/04/2015 107448 | (avast! Firewall) . (.Avast Software s.r.o..) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SR - | Demand 18/04/2015 3205216 | (AvastVBoxSvc) . (.Avast Software.) - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
SR - | Auto 20/07/2014 406528 | (Log S.M.) . (.Link Up Advertising.) - C:\Program Files\CandyBox\cab.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 16s



---\\ Scansione aggiuntive (O88)
Database Version : 13008 - (23/02/2015)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E] =>PUP.SweetIM
[HKLM\Software\poker 770] =>Adware.Casino
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8] =>PUP.SweetIM
~ Additionnel Scan: 306423 Items scanned in 00mn 47s



---\\ Informationi complémentaires sul le segnalazione
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, gestione Proxy (R5)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer barre degli strumenti (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Iniziato da file e registro applicazioni (O4)
~ AMI: 3 Legitimates Filtered in 00mn 00s



---\\ Riepilogo dei rilevamenti trovato sulla workstation
http://nicolascoolman.fr/pup-dealply =>PUP.Dealply
http://nicolascoolman.fr/pup-isstart =>PUP.IsStart
http://nicolascoolman.fr/pup-bubbledock =>PUP.BubbleDock
http://nicolascoolman.fr/pup-sweetim =>PUP.SweetIM
http://nicolascoolman.fr/28388393-adware-casino =>Adware.Casino
~ MSI: 5 link(s) detected in 00mn 00s



~ 888 Legitimates filtered by white list
End of the scan (548 lines in 02mn 58s)(0.4)
0
Noureddine Bouzidi Posti 22674 Data di registrazione giovedì 19 marzo 2009 Stato Moderatore Ultimo intervento giovedì 7 gennaio 2021 15.418 > frank2913 Posti 11 Data di registrazione lunedì 4 maggio 2015 Stato Membri Ultimo intervento giovedì 7 maggio 2015
6 mag 2015 alle 16:39
AdwCleaner e ZHPCleaner dovrebbero già aver rimosso alcuni PUP

Fai una nuova scansione con AdwCleaner
poi
una con ZHPCleaner
poi
una con ZHPDiag

posta i 3 report uno per messaggio
0
frank2913 Posti 11 Data di registrazione lunedì 4 maggio 2015 Stato Membri Ultimo intervento giovedì 7 maggio 2015 > Noureddine Bouzidi Posti 22674 Data di registrazione giovedì 19 marzo 2009 Stato Moderatore Ultimo intervento giovedì 7 gennaio 2021
6 mag 2015 alle 17:34
# AdwCleaner v4.203 - Creato file registro eventi 06/05/2015 in 17:22:04
# Aggiornato 30/04/2015 da Xplode
# Database : 2015-04-30.2 [Locale]
# Sistema operativo : Windows Vista (TM) Ultimate Service Pack 1 (x86)
# Nome utente : Francesco - PC-FRANCESCO
# In esecuzione da : C:\Users\Francesco\Downloads\adwcleaner_4.203.exe
# Opzione : Pulizia
          • [ Servizi ] *****
          • [ File / Cartelle ] *****


Cartella Eliminato : C:\Program Files\Conduit
Cartella Eliminato : C:\Program Files\mbot_it_498
Cartella Eliminato : C:\Windows\system32\jmdp
Cartella Eliminato : C:\Users\Francesco\AppData\Local\SoftwareUpdater
Cartella Eliminato : C:\Users\Francesco\AppData\Local\mbot_it_498
Cartella Eliminato : C:\Users\Francesco\AppData\LocalLow\Conduit
          • [ Attività pianificate ] *****
          • [ Collegamenti ] *****
          • [ Registry ] *****
          • [ Browser web ] *****


-\\ Internet Explorer v7.0.6001.18639


-\\ Mozilla Firefox v


-\\ Google Chrome v42.0.2311.135


AdwCleaner[R0].txt - [1167 byte] - [06/05/2015 17:19:34]
AdwCleaner[R1].txt - [1225 byte] - [06/05/2015 17:21:08]
AdwCleaner[S0].txt - [1159 byte] - [06/05/2015 17:22:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1217 byte] ##########
0
frank2913 Posti 11 Data di registrazione lunedì 4 maggio 2015 Stato Membri Ultimo intervento giovedì 7 maggio 2015 > Noureddine Bouzidi Posti 22674 Data di registrazione giovedì 19 marzo 2009 Stato Moderatore Ultimo intervento giovedì 7 gennaio 2021
6 mag 2015 alle 17:44
~ ZHPCleaner v2015.5.5.213 by Nicolas Coolman (06/05/2015)
~ Run by Francesco (Administrator) (06/05/2015 17:36:29)
~ Forum : http://forum.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Chercare
~ Report : C:\Users\Francesco\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Francesco\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Deactivate
~ Boot Mode : Normal (Normal boot)
~ Windows VISTA, 32-bit Service Pack 1 (Build 6001)


---\\ Servizi (0)
~ Nessun elemento malevolo trovato.


---\\ Browser Internet (0)
~ Nessun elemento malevolo trovato.


---\\ File hosts (1)
~ Il file hosts è legittimo (20)


---\\ Operazioni pianificate automatiche. (0)
~ Nessun elemento malevolo trovato.


---\\ Esploratore ( File, Cartelle) (0)
~ Nessun elemento malevolo trovato.


---\\ Registro ( Chiavi, Valori, Dati ) (0)
~ Nessun elemento malevolo trovato.


---\\ Risultato di riparazione
~ Qualsiasi riparazione fatta
~ Browser non trovato (Google Chrome)
~ Browser non trovato (Opera Software)


---\\ Statistiche
~ Elementi analizzati : 61302
~ Elementi trovati : 0
~ Elementi cancellati : 0
~ Elementi riparati : 0


End of clean at 17:44:32
===================
ZHPCleaner-[R]-03052015-12_08_20.txt
ZHPCleaner-[R]-04052015-16_37_42.txt
ZHPCleaner-[R]-06052015-14_56_10.txt
ZHPCleaner-[S]-03052015-12_07_22.txt
ZHPCleaner-[S]-03052015-15_35_59.txt
ZHPCleaner-[S]-04052015-16_36_30.txt
ZHPCleaner-[S]-04052015-16_55_03.txt
ZHPCleaner-[S]-05052015-12_24_51.txt
ZHPCleaner-[S]-06052015-14_55_30.txt
ZHPCleaner-[S]-06052015-17_44_32.txt
0
frank2913 Posti 11 Data di registrazione lunedì 4 maggio 2015 Stato Membri Ultimo intervento giovedì 7 maggio 2015 > Noureddine Bouzidi Posti 22674 Data di registrazione giovedì 19 marzo 2009 Stato Moderatore Ultimo intervento giovedì 7 gennaio 2021
6 mag 2015 alle 17:55
~ Riporto di ZHPDiag v2015.2.23.23 - Nicolas Coolman (23/02/2015)
~ Lanciato da Francesco (06/05/2015 17.52.48)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Indirizzo del foum Web : http://forum.nicolascoolman.fr
~ Tradotto da
~ Stato della versione : Nuova versione disponibile
~ Lista Bianca : Attivata dal programma
~ Elevazione dei privilegi : OK
~ Controllo dell'Account utente :


---\\ Browser Internet
MSIE: Internet Explorer v7.0.6001.18000
GCIE: Google Chrome v42.0.2311.135 (Defaut)

---\\ Informazioni sul prodotto Windows
~ Langage: Italien
Windows Server License Manager Script : OK
Windows Automatic Updates : OK
Windows Vista (TM) Ultimate, 32-bit Service Pack 1 (Build 6001)

---\\ Software di protezione del sistema
Avast Internet Security v10.2.2215
Malwarebytes Anti-Malware versione 2.0.4.1028

---\\ Software di ottimizzazione del sistema
CCleaner v2.32

---\\ Condivisione di software PeerToPeer
eMule

---\\ Software di sorveglianza
Adobe Flash Player 17 NPAPI

---\\ Informazioni sul sistema
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1977 MB (58% free)
System Restore: Activé (Enable)
System drive C: has 199 GB (42%) free of 466 GB

---\\ Connessione alla modalità sistema
~ Computer Name: PC-FRANCESCO
~ User Name: Francesco
~ All Users Names: Guest, Francesco, Administrator,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variabili di ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Francesco\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Francesco\AppData\Roaming\
~ %Desktop% : C:\Users\Francesco\Desktop\
~ %Favorites% : C:\Users\Francesco\Favorites\
~ %LocalAppData% : C:\Users\Francesco\AppData\Local\
~ %StartMenu% : C:\Users\Francesco\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumerazione delle unità disco
C: Hard drive, Flash drive, Thumb drive (Free 199 Go of 466 Go)
D: Hard drive, Flash drive, Thumb drive (Free 763 Go of 932 Go)
E: CD-ROM drive (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
J: Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Stato di Windows Security Center
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Ricerca di particolari file generico
[MD5.4F554999D7D5F05DAAEBBA7B5BA1089D] - (.Microsoft Corporation - Esplora risorse.) (.29/10/2008 - 7.29.41.) -- C:\Windows\Explorer.exe [2927104]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Applicazione di avvio di Windows.) (.21/01/2008 - 3.21.52.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.DA5A72211661C7F162B332FEA4F09A69] - (.Microsoft Corporation - Internet Extensions per Win32.) (.21/04/2011 - 16.00.34.) -- C:\Windows\System32\wininet.dll [833024]
[MD5.C2610B6BDBEFC053BBDAB4F1B965CB24] - (.Microsoft Corporation - Applicazione Accesso a Windows.) (.21/01/2008 - 3.22.59.) -- C:\Windows\System32\Winlogon.exe [314880]
[MD5.48EB99503533C27AC6135648E5474457] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14.16.42.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.2D9C903DC76A66813D350A562DE40ED9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.21/01/2008 - 3.21.09.) -- C:\Windows\system32\Drivers\atapi.sys [21560]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 3.21.58.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.1EC25CEA0DE6AC4718BF89F9E1778B57] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/01/2008 - 3.21.11.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.A3E9FA213F443AC77C7746119D13FEEC] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15.24.14.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.C87B1EE051C0464491C1A7B03FA0BC99] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/01/2008 - 3.21.30.) -- C:\Windows\system32\Drivers\HDAudBus.sys [53760]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Driver della porta i8042.) (.21/01/2008 - 3.21.28.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 3.22.35.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.5734A0F2BE7E495F7D3ED6EFD4B9F5A1] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 13.49.35.) -- C:\Windows\system32\Drivers\MRxSmb.sys [105984]
[MD5.7C5FEE5B1C5728507CD96FB4A13E7A02] - (.Microsoft Corporation - MBT Transport driver.) (.21/01/2008 - 3.23.10.) -- C:\Windows\system32\Drivers\netBT.sys [184320]
[MD5.B4EFFE29EB4F15538FD8A9681108492D] - (.Microsoft Corporation - Driver file system NT.) (.21/01/2008 - 3.21.58.) -- C:\Windows\system32\Drivers\ntfs.sys [1081912]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Driver della porta parallela.) (.02/11/2006 - 9.51.30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 3.23.02.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 3.21.09.) -- C:\Windows\system32\Drivers\rdpdr.sys [248832]
[MD5.031E6BCD53C9B2B9ACE111EAFEC347B6] - (.Microsoft Corporation - SMB Transport driver.) (.21/01/2008 - 3.23.10.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.D09276B1FAB033CE1D40DCBDF303D10F] - (.Microsoft Corporation - TDI Translation Driver.) (.21/01/2008 - 3.23.00.) -- C:\Windows\system32\Drivers\tdx.sys [71680]
[MD5.D8B4A53DD2769F226B3EB374374987C9] - (.Microsoft Corporation - Driver copia shadow del volume.) (.21/01/2008 - 3.21.29.) -- C:\Windows\system32\Drivers\volsnap.sys [227896]
~ Generic Processes: Scanned in 00mn 00s



---\\ Stato dei file nascosti (nascosti/totale)
~ Mes images (My Pictures) : 2/47
~ Mes musiques (My Musics) : 2/166
~ Mes Videos (My Videos) : 1/17
~ Mes Favoris (My Favorites) : 1/20
~ Mes Documents (My Documents) : 4/173
~ Mon Bureau (My Desktop) : 1/31
~ Menu demarrer (Programs) : 1/39
~ Hidden Files: Scanned in 00mn 00s



---\\ Processo avviato
[MD5.06964B7DE858BB6317164BF184E9C766] - (.Avast Software s.r.o. - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912] [PID.3188]
[MD5.9D2DB58768C5E760F55754E86E86AE9C] - (...) -- C:\ProgramData\Service\Application\proc.exe [162072] [PID.3816]
[MD5.7D493FEBC01FB93E13E03750A862BE32] - (.Link Up Advertising - CandyBox.) -- C:\Program Files\CandyBox\cab.exe [406528] [PID.2200]
[MD5.62BB79160F86CD962F312C68C6239BFD] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53472] [PID.1248]
[MD5.F96EBC5A624349D81DCC7600A3C5DC43] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.5748]
[MD5.472D170E4E1FEED584616E08CFB0F1EF] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8179200] [PID.4476]
[MD5.0BA91E1358AD25236863039BB2609A2E] - (.Microsoft Corporation - Servizio gestione licenze software Microsof.) -- C:\Windows\system32\SLsvc.exe [2623488] [PID.1344]
[MD5.210A326658D72D7F2EE2267F3D9C44D4] - (.Avast Software s.r.o. - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336] [PID.1644]
[MD5.60F37044ECB50154DAC0AC2B83F6AB88] - (.Avast Software s.r.o. - avast! firewall service.) -- C:\Program Files\AVAST Software\Avast\afwServ.exe [107448] [PID.1856]
[MD5.7515019E92598852D62EEAF6C37786F6] - (.MS - Auto Update System.) -- C:\Program Files\CandyBox\aus.exe [286208] [PID.2156]
[MD5.7CF1B716372B89568AE4C0FE769F5869] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872] [PID.2256]
[MD5.5019A83BE87FD8B60F7333901BFD35E5] - (.Avast Software - AvastVirtualBox Interface.) -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216] [PID.2864]
~ Processes Running: Scanned in 00mn 00s



---\\ Mozilla Firefox, plugin, start, cerca, estensioni (P2, M0, M1, M2, M3)
C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\oit2jfpg.default\prefs.js
~ Firefox Browser: 34 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, start, cerca, URLSearchHook, Phishing (R0, R1, R3, R4)
R0 - HKCU\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.chatzum.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = about:newtab
~ IE Browser: 16 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, gestione Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analisi delle linee F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (20)
~ Hosts File: Scanned in 00mn 00s



---\\ Internet Explorer barre degli strumenti (O3)
O3 - Toolbar: Adobe PDF - [HKLM]{47833539-D0C5-4125-9FA8-0819E2EAAC93} . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Chiave orfano
~ Toolbar: Scanned in 00mn 00s



---\\ Altri link utenti (O4)
O4 - GS\Desktop [Public]: eMule.lnk . (.https://www.emule-project.net/home/perl/general.cgi?l=1 - eMule.) -- C:\Program Files\eMule\emule.exe =>P2P.eMule
~ Global Startup: 1 Legitimates Filtered in 00mn 02s



---\\ Iniziato da file e registro applicazioni (O4)
O4 - HKLM\..\Run: [AvastUI.exe] . (.Avast Software s.r.o. - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
~ Application: Scanned in 00mn 00s



---\\ I pulsanti sulla barra degli strumenti "principali strumenti" di Internet Explorer (O9)
O9 - Extra button: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modificare gli indirizzi DNS domain (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{E27BFE7A-6554-475F-8155-98AC10C854C6}: DhcpNameServer = 85.37.17.16 85.38.28.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{E27BFE7A-6554-475F-8155-98AC10C854C6}: DhcpNameServer = 85.37.17.16 85.38.28.68
O17 - HKLM\System\CS2\Services\Tcpip\..\{E27BFE7A-6554-475F-8155-98AC10C854C6}: DhcpNameServer = 85.37.17.16 85.38.28.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.37.17.16 85.38.28.68
~ Domain: Scanned in 00mn 00s



---\\ Protocollo addizionale (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizzatore HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valore di registro AppInit_DLLs e sottochiavi Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Chiave di registro autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Shell Browser UI Library.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Elenco dei servizi non Microsoft NT e non disabili (O23)
O23 - Service: Servizio di gestione (asl) . (...) - C:\ProgramData\Service\Application\asl.exe
O23 - Service: Auto Update Service (AUS) . (.MS - Auto Update System.) - C:\Program Files\CandyBox\aus.exe
O23 - Service: Log Session Manager (Log S.M.) . (.Link Up Advertising - CandyBox.) - C:\Program Files\CandyBox\cab.exe
~ Services: 6 Legitimates Filtered in 00mn 04s



---\\ L'enumerazione Active Desktop Editor MHTML (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Users\Francesco\Downloads\alaska_winter_nights-wide.jpg
O24 - Desktop General: WallPaper - .(...) - C:\Users\Francesco\Downloads\alaska_winter_nights-wide.jpg
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Attività pianificate in modo automatico (039)
[MD5.00000000000000000000000000000000] [APT] [amiupdaterExd] (...) -- C:\Users\Francesco\AppData\Local\Temp\amiupdater224.exe (.not file.) [0] =>PUP.Dealply
[MD5.00000000000000000000000000000000] [APT] [{31587B49-56B4-4813-8C47-47EF72EB67AC}] (...) -- C:\Users\Francesco\AppData\Roaming\istartsurf\UninstallManager.exe (.not file.) [0] =>PUP.IsStart
[MD5.00000000000000000000000000000000] [APT] [{499A721D-AE14-4184-824F-57E3F3AD425C}] (...) -- C:\Users\Francesco\AppData\Roaming\Nosibay\Bubble Dock\Bubble Dock Uninstall.exe (.not file.) [0] =>PUP.BubbleDock
[MD5.00000000000000000000000000000000] [APT] [{9A5BC3C8-5CAE-47C3-BE7A-1AEC067BF264}] (...) -- C:\Users\Francesco\Downloads\BwinCasino (1).exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [978]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1134]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1138]
~ Scheduled Task: 14 Legitimates Filtered in 00mn 03s



---\\ Software installato (O42)
O42 - Logiciel: Er Finestra - (.DaNieLz Works 2002.) [HKLM] -- Er Finestra
O42 - Logiciel: WinOff - (...) [HKLM] -- {8049EB00-4F62-44FB-AAF7-CB42F588E3C5}_is1
~ Logic: 9 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\NDS]
[HKCU\Software\WHCASINOREAL.IT]
[HKCU\Software\xohiwgcmz]
[HKLM\Software\50 Stars Casino]
[HKLM\Software\AUS]
[HKLM\Software\African Palace Casino]
[HKLM\Software\Amber Coast Casino]
[HKLM\Software\Baraka Bingo]
[HKLM\Software\Baraka Casino Online]
[HKLM\Software\Better Casino]
[HKLM\Software\Bingo Day]
[HKLM\Software\Blackpool Bingo]
[HKLM\Software\Blackpool Club Casino]
[HKLM\Software\CASINO PLEX]
[HKLM\Software\CandyBox]
[HKLM\Software\Carnaval Casino]
[HKLM\Software\Casino Bellini]
[HKLM\Software\Casino DelRio]
[HKLM\Software\Casino Vendome]
[HKLM\Software\Casino.com]
[HKLM\Software\Centrebet Casino]
[HKLM\Software\Centrebet Poker]
[HKLM\Software\Class 1 Casino]
[HKLM\Software\Club Dice Casino]
[HKLM\Software\Club Dice Poker]
[HKLM\Software\Club Gold Casino]
[HKLM\Software\Cote dAzur Palace Casino]
[HKLM\Software\Craps.com]
[HKLM\Software\Dafa Poker]
[HKLM\Software\Dafa888]
[HKLM\Software\Diamond Club Casino]
[HKLM\Software\Enter Casino]
[HKLM\Software\Fair Poker]
[HKLM\Software\Fast Win Casino]
[HKLM\Software\Giant Vegas Casino]
[HKLM\Software\Golden Palace Casino PT]
[HKLM\Software\Grand Play Casino]
[HKLM\Software\Grosvenor Casinos]
[HKLM\Software\IncrediMail]
[HKLM\Software\Indio Casino]
[HKLM\Software\King Solomons Casino]
[HKLM\Software\Kiwi Bingo]
[HKLM\Software\Kiwi Casino]
[HKLM\Software\Kiwi Poker]
[HKLM\Software\MANSION Casino]
[HKLM\Software\Magic Box Casino]
[HKLM\Software\Mansion Poker]
[HKLM\Software\Miss Bingo]
[HKLM\Software\New York Casino]
[HKLM\Software\Noble Casino]
[HKLM\Software\Noble Poker]
[HKLM\Software\Nuts Poker]
[HKLM\Software\Omni Casino]
[HKLM\Software\OnlineCasino.com]
[HKLM\Software\OxigenRef]
[HKLM\Software\Play United Casino]
[HKLM\Software\PlayGate Casino]
[HKLM\Software\PlayGate Poker]
[HKLM\Software\Poker 770]
[HKLM\Software\Poker Ocean]
[HKLM\Software\PowerOffer]
[HKLM\Software\Prestige Bingo]
[HKLM\Software\Prestige Poker]
[HKLM\Software\Riva Poker]
[HKLM\Software\Royal Dice Casino]
[HKLM\Software\Royal Lounge Casino]
[HKLM\Software\Sky Kings Casino]
[HKLM\Software\Tiki Bingo]
[HKLM\Software\Titan Casino]
[HKLM\Software\Titan.it Casino]
[HKLM\Software\USA Casino]
[HKLM\Software\Vegas Red Casino]
[HKLM\Software\WHCASINOREAL.IT]
[HKLM\Software\William Hill CASINO CLUB]
[HKLM\Software\Windows Casino]
[HKLM\Software\Windows Poker]
[HKLM\Software\Ya888Ya Casino]
[HKLM\Software\Zipang Casino]
[HKLM\Software\pokerplex]
[HKLM\Software\pokersnai_real]
[HKLM\Software\sunpoker]
[HKLM\Software\vulcanpoker]
~ Key Software: 278 Legitimates Filtered in 00mn 00s



---\\ Contenuto delle cartelle Programmi, ProgramFiles, ProgramData, AppData (O43)
O43 - CFD: 02/05/2015 - 21.55.47 - [] ----D C:\Program Files\CandyBox
O43 - CFD: 14/05/2014 - 16.26.19 - [0] ----D C:\Program Files\Cool Mirage Ltd
O43 - CFD: 20/05/2010 - 22.02.25 - [] ----D C:\Program Files\Er Finestra
O43 - CFD: 17/08/2013 - 22.19.32 - [] ----D C:\Program Files\ffvfw
O43 - CFD: 29/09/2009 - 23.22.04 - [] -SH-D C:\Program Files\File comuni
O43 - CFD: 05/08/2011 - 18.18.40 - [] ----D C:\Program Files\LimeWire
O43 - CFD: 24/04/2015 - 11.37.42 - [] ----D C:\Program Files\PokerStars.IT
O43 - CFD: 02/05/2015 - 21.57.09 - [] ----D C:\Program Files\UltraZip
O43 - CFD: 28/12/2012 - 23.38.10 - [] ----D C:\ProgramData\55-6p-p5-r0-60-31
O43 - CFD: 25/02/2012 - 17.57.36 - [] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 29/09/2009 - 23.22.04 - [] -SH-D C:\ProgramData\Documenti
O43 - CFD: 29/09/2009 - 23.22.04 - [] -SH-D C:\ProgramData\Menu Avvio
O43 - CFD: 29/09/2009 - 23.22.04 - [] -SH-D C:\ProgramData\Preferiti
O43 - CFD: 02/05/2015 - 21.57.08 - [] ----D C:\ProgramData\Service
O43 - CFD: 04/12/2012 - 23.01.45 - [0] ----D C:\ProgramData\????
O43 - CFD: 04/12/2012 - 23.01.44 - [0] ----D C:\ProgramData\????Ä???8520-1533-40C5-AD09-953C574F14BCÄ???
O43 - CFD: 09/12/2012 - 12.35.51 - [0] ----D C:\ProgramData\?E?E?????????????????????????
O43 - CFD: 08/12/2012 - 10.59.23 - [0] ----D C:\ProgramData\?í?í?????????????????????????
O43 - CFD: 17/12/2012 - 21.49.43 - [0] ----D C:\ProgramData\?????????????????????????????
O43 - CFD: 18/12/2012 - 23.03.43 - [0] ----D C:\ProgramData\????
O43 - CFD: 26/12/2012 - 13.40.19 - [0] ----D C:\ProgramData\????
O43 - CFD: 11/12/2012 - 23.00.07 - [0] ----D C:\ProgramData\????
O43 - CFD: 03/05/2015 - 16.07.48 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffvfw
O43 - CFD: 20/05/2010 - 22.02.23 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Radio Deejay
O43 - CFD: 02/11/2006 - 14.35.50 - [] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 07/12/2011 - 18.50.41 - [0] ----D C:\Users\Francesco\AppData\Roaming\Ansylo
O43 - CFD: 26/02/2012 - 18.43.30 - [0] ----D C:\Users\Francesco\AppData\Roaming\Daawpya
O43 - CFD: 22/03/2012 - 18.55.51 - [] ----D C:\Users\Francesco\AppData\Roaming\Edfoy
O43 - CFD: 24/02/2012 - 20.54.58 - [] ----D C:\Users\Francesco\AppData\Roaming\Ifuvv
O43 - CFD: 24/03/2012 - 1.48.55 - [0] ----D C:\Users\Francesco\AppData\Roaming\Imudy
O43 - CFD: 07/12/2011 - 1.25.33 - [0] ----D C:\Users\Francesco\AppData\Roaming\Raa
O43 - CFD: 31/12/2012 - 18.32.55 - [] ----D C:\Users\Francesco\AppData\Roaming\RisikoDigitalII
O43 - CFD: 04/05/2015 - 0.34.56 - [] ----D C:\Users\Francesco\AppData\Local\EE221CBB-1430603881-DE11-8A19-0007E9BECBF3
O43 - CFD: 02/05/2015 - 22.52.30 - [] ----D C:\Users\Francesco\AppData\Local\EE221CBB-1430603896-DE11-8A19-0007E9BECBF3
O43 - CFD: 27/09/2014 - 16.32.34 - [] ----D C:\Users\Francesco\AppData\Local\PokerStars.IT
O43 - CFD: 02/09/2012 - 13.02.17 - [] ----D C:\Users\Francesco\AppData\Local\PosService
O43 - CFD: 01/09/2012 - 21.22.00 - [] ----D C:\Users\Francesco\AppData\Local\PowerOffer
O43 - CFD: 13/02/2014 - 18.05.51 - [] ----D C:\Users\Francesco\AppData\Local\Senza titolo
O43 - CFD: 02/03/2013 - 22.45.55 - [] ----D C:\Users\Francesco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Guadagnare 200 Euro al giorno Sistema 1
O43 - CFD: 20/05/2010 - 22.02.22 - [0] ----D C:\Users\Francesco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Radio Deejay
~ Program Folder: 231 Legitimates Filtered in 00mn 01s



---\\ Ultimi file modificati o creati su Windows e System32 (O44)
O44 - LFC:[MD5.35281CA2C003866E54C0F60CFC3FCC32] - 02/05/2015 - 20.56.11 ---A- . (...) -- C:\Windows\win.ini [321]
O44 - LFC:[MD5.1F3CE16AE4BAB02C8DCD204FF40A4A8A] - 02/05/2015 - 21.11.39 ---A- . (...) -- C:\Windows\System32\029B560A371F4E00AB32838EBC01B9E7 [4]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 02/05/2015 - 21.26.00 RSHA- . (...) -- C:\IO.SYS [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 02/05/2015 - 21.26.00 RSHA- . (...) -- C:\MSDOS.SYS [0]
O44 - LFC:[MD5.A8157C84E32545BDF27F5297FDF560ED] - 06/05/2015 - 13.35.01 ---A- . (...) -- C:\Windows\ntbtlog.txt [380082]
~ Files: 16 Legitimates Filtered in 00mn 25s



---\\ Operazioni e funzioni all'avvio di Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Enumerazione della chiave del Registro di sistema StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\PosService [Key] . (.PLauncher - PLauncher.) -- C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe
~ SMSR Keys: 17 Legitimates Filtered in 00mn 00s



---\\ Enumerazione del Registro chiavi PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Elenco dei driver del sistema (SDL) (O58)
O58 - SDL:18/04/2015 - 13.52.30 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24144] =>.ALWIL Software
O58 - SDL:18/04/2015 - 13.51.47 ---A- . (.ALWIL Software - avast! Filtering NDIS driver.) -- C:\Windows\System32\Drivers\aswNdis.sys [12112]
O58 - SDL:18/04/2015 - 13.52.30 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49904] =>.ALWIL Software
O58 - SDL:18/04/2015 - 13.52.30 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208024] =>.ALWIL Software
O58 - SDL:25/10/2010 - 10.07.48 ---A- . (.Devguru Co., Ltd - Device Error Recovery SDK(x86).) -- C:\Windows\System32\Drivers\dgderdrv.sys [18120]
O58 - SDL:21/01/2008 - 3.21.30 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [342584]
O58 - SDL:02/11/2006 - 10.50.07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\Drivers\iteatapi.sys [35944]
O58 - SDL:02/11/2006 - 10.50.09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\Drivers\iteraid.sys [35944]
O58 - SDL:30/12/2010 - 10.41.56 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [66112]
O58 - SDL:30/12/2010 - 10.41.56 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [180672]
O58 - SDL:30/12/2010 - 10.41.56 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Mobile Logging Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudserd.sys [180672]
O58 - SDL:21/01/2008 - 3.21.28 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\Drivers\uliahci.sys [238648]
O58 - SDL:02/11/2006 - 10.50.35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\System32\Drivers\ulsata.sys [98408]
O58 - SDL:21/01/2008 - 3.21.31 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\System32\Drivers\ulsata2.sys [115816]
O58 - SDL:16/04/2010 - 7.33.36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys [41472]
O58 - SDL:02/11/2006 - 8.09.42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:02/11/2006 - 8.09.45 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:25/10/2010 - 10.03.52 ---A- . (...) -- C:\Windows\System32\FsUsbExDisk.Sys [36640]
O58 - SDL:02/11/2006 - 8.09.41 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:02/11/2006 - 8.09.44 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:02/11/2006 - 8.09.44 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:02/11/2006 - 8.09.29 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:02/11/2006 - 8.09.35 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:02/11/2006 - 8.09.38 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:02/11/2006 - 8.09.40 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:02/11/2006 - 8.09.31 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:02/11/2006 - 8.09.20 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:02/11/2006 - 8.09.23 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:02/11/2006 - 8.09.24 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:02/11/2006 - 8.09.26 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:02/11/2006 - 8.09.22 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 93 Legitimates Filtered in 00mn 06s



---\\ Elenco di strumenti di disinfezione (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Elenco servizi registrati legacy (LALS) (O64)
O64 - Services: CurCS - 18/04/2015 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
~ Legacy: 82 Legitimates Filtered in 00mn 00s



---\\ Associazioni Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu Start Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Cerca "infezione su browser internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - https://www.bing.com/?toHttps=1&redig=2F13C9FB4BE74CED9DE7191D634B97FB
~ Keys: Scanned in 00mn 00s



---\\ Condizioni generali dei servizi non Microsoft (GSR) (SR = esecuzione, SS = fermato)
SS - | Demand 03/05/2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 16/04/2010 144672 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SS - | Auto 10/03/2015 570136 | (asl) . (...) - C:\ProgramData\Service\Application\asl.exe
SS - | Disabled 25/10/2010 95568 | (dgdersvc) . (.Devguru Co., Ltd..) - C:\Windows\system32\dgdersvc.exe
SS - | Disabled 30/09/2009 654848 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Disabled 25/10/2010 217088 | (FsUsbExService) . (.Teruten.) - C:\Windows\system32\FsUsbExService.exe
SS - | Auto 27/11/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 27/11/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 22/12/2009 136120 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Disabled 28/04/2010 545576 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Disabled 31/12/2008 174616 | (LMS) . (.Intel Corporation.) - C:\Program Files\Intel\AMT\LMS.exe
SS - | Disabled 05/05/2015 208384 | (mijifyhu) . (...) - C:\Users\Francesco\AppData\Local\EE221CBB-1430603881-DE11-8A19-0007E9BECBF3\cnsh2DA3.tmp
SS - | Disabled 20/09/2007 853288 | (Nero BackItUp Scheduler 3) . (.Nero AG.) - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
SS - | Disabled 20/09/2007 382248 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
SS - | Disabled 03/04/2012 169472 | (PowerOffer Service) . (.PowerOfferService.) - C:\Users\Francesco\AppData\Local\PosService\Pos.exe
SS - | Disabled 31/12/2008 2054680 | (UNS) . (.Intel Corporation.) - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
SS - | Demand 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2014 286208 | (AUS) . (.MS.) - C:\Program Files\CandyBox\aus.exe
SR - | Auto 18/04/2015 343336 | (avast! Antivirus) . (.Avast Software s.r.o..) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 18/04/2015 107448 | (avast! Firewall) . (.Avast Software s.r.o..) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SR - | Demand 18/04/2015 3205216 | (AvastVBoxSvc) . (.Avast Software.) - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
SR - | Auto 20/07/2014 406528 | (Log S.M.) . (.Link Up Advertising.) - C:\Program Files\CandyBox\cab.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 11s



---\\ Scansione aggiuntive (O88)
Database Version : 13008 - (23/02/2015)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E] =>PUP.SweetIM
[HKLM\Software\poker 770] =>Adware.Casino
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8] =>PUP.SweetIM
~ Additionnel Scan: 306200 Items scanned in 00mn 38s



---\\ Informationi complémentaires sul le segnalazione
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, gestione Proxy (R5)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer barre degli strumenti (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Iniziato da file e registro applicazioni (O4)
~ AMI: 3 Legitimates Filtered in 00mn 00s



---\\ Riepilogo dei rilevamenti trovato sulla workstation
http://nicolascoolman.fr/pup-dealply =>PUP.Dealply
http://nicolascoolman.fr/pup-isstart =>PUP.IsStart
http://nicolascoolman.fr/pup-bubbledock =>PUP.BubbleDock
http://nicolascoolman.fr/pup-sweetim =>PUP.SweetIM
http://nicolascoolman.fr/28388393-adware-casino =>Adware.Casino
~ MSI: 5 link(s) detected in 00mn 00s



~ 889 Legitimates filtered by white list
End of the scan (547 lines in 02mn 20s)(0.4)
0

Non hai trovato la risposta che cercavi?

Fai una domanda
l'embrouille 75 Posti 5297 Data di registrazione lunedì 4 luglio 2011 Stato Membri Ultimo intervento giovedì 5 luglio 2018 748
6 mag 2015 alle 10:20
Ciao,
Prova anche a fare questo:
Clicca su Start = Ricerca = Fa una ricerca con la parola Adserver Candy box o Candybox e cancella tutti i files trovato.

0
frank2913 Posti 11 Data di registrazione lunedì 4 maggio 2015 Stato Membri Ultimo intervento giovedì 7 maggio 2015
6 mag 2015 alle 13:20
Ciao. Ci ho già pensato e in teoria lo avrei anche disinstallato, ma continua in qualche modo ad esserci anche se il programma non esiste. Per le mie limitate competenze non so dove andare a parare.
0