Problema con candy-box.biz e pagine pubblicitarie

Risolto/Chiuso
frank2913 Posti 11 Data di registrazione lunedì 4 maggio 2015 Stato Membri Ultimo intervento giovedì 7 maggio 2015 - 4 mag 2015 alle 00:17
Noureddine Bouzidi Posti 22674 Data di registrazione giovedì 19 marzo 2009 Stato Moderatore Ultimo intervento giovedì 7 gennaio 2021 - 7 mag 2015 alle 20:08
Salve a tutti. Come da titolo non riesco ad eliminare in modo definitivo candy-box.biz; dopo un po' che navigo con chrome si aprono delle pagine pubblicitarie casuali. Ho già letto le varie discussioni presenti sul sito provando a seguire i consigli, ma non sono riuscito a debellarlo del tutto. Ho fatto più volte la scansione con Malwarebytes, AdwCleaner, ZHPCleaner, Eusing Free Registry Cleaner, Avast e credo di aver eliminato tutti i programmi malevoli anche manualmente dal pannello di controllo. Non capisco perchè rimane un rimasuglio da qualche parte nel computer che non riesco a togliere. Grazie in anticipo per eventuali risposte.

5 risposte

l'embrouille 75 Posti 5307 Data di registrazione lunedì 4 luglio 2011 Stato Membri Ultimo intervento giovedì 5 luglio 2018 749
4 mag 2015 alle 08:17
Ciao,
Scarica Revo Uninstaller =
https://it.ccm.net/download/scaricare-139-revo-uninstaller
Leggi la guida e prova a disinstallare Candybox

frank2913 Posti 11 Data di registrazione lunedì 4 maggio 2015 Stato Membri Ultimo intervento giovedì 7 maggio 2015
4 mag 2015 alle 13:34
Ciao, ho provato con Revo a disinstallarlo: ho selezionato il programma in modalità mirino e tutte le voci, ho fatto tutti i passaggi, infine ho riavviato il computer, ma il problema rimane. Forse ho sbagliato qualcosa, però se riavvio Revo non mi dà più candy-box 3.0.
Noureddine Bouzidi Posti 22674 Data di registrazione giovedì 19 marzo 2009 Stato Moderatore Ultimo intervento giovedì 7 gennaio 2021 15.404
4 mag 2015 alle 13:41
fai una nuova scansione con ZHPCleaner e mandaci il report
frank2913 Posti 11 Data di registrazione lunedì 4 maggio 2015 Stato Membri Ultimo intervento giovedì 7 maggio 2015
4 mag 2015 alle 16:57
~ ZHPCleaner v2015.5.4.208 by Nicolas Coolman (04/05/2015)
~ Run by Francesco (Administrator) (04/05/2015 16:46:25)
~ Forum : http://forum.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Chercare
~ Report : C:\Users\Francesco\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Francesco\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Deactivate
~ Boot Mode : Normal (Normal boot)
~ Windows VISTA, 32-bit Service Pack 1 (Build 6001)


---\\ Servizi (0)
~ Nessun elemento malevolo trovato.


---\\ Browser Internet (0)
~ Nessun elemento malevolo trovato.


---\\ File hosts (1)
~ Il file hosts è legittimo (20)


---\\ Operazioni pianificate automatiche. (0)
~ Nessun elemento malevolo trovato.


---\\ Esploratore ( File, Cartelle) (0)
~ Nessun elemento malevolo trovato.


---\\ Registro ( Chiavi, Valori, Dati ) (0)
~ Nessun elemento malevolo trovato.


---\\ Risultato di riparazione
~ Qualsiasi riparazione fatta
~ Browser non trovato (Google Chrome)
~ Browser non trovato (Opera Software)


---\\ Statistiche
~ Elementi analizzati : 61187
~ Elementi trovati : 0
~ Elementi cancellati : 0
~ Elementi riparati : 0


End of clean at 16:55:03
===================
ZHPCleaner-[R]-03052015-12_08_20.txt
ZHPCleaner-[R]-04052015-16_37_42.txt
ZHPCleaner-[S]-03052015-12_07_22.txt
ZHPCleaner-[S]-03052015-15_35_59.txt
ZHPCleaner-[S]-04052015-16_36_30.txt
ZHPCleaner-[S]-04052015-16_55_03.txt
frank2913 Posti 11 Data di registrazione lunedì 4 maggio 2015 Stato Membri Ultimo intervento giovedì 7 maggio 2015
4 mag 2015 alle 16:58
Non mi trova nulla eppure continua ad aprirsi una pagina con indirizzo adserver.candy-box.biz
Noureddine Bouzidi Posti 22674 Data di registrazione giovedì 19 marzo 2009 Stato Moderatore Ultimo intervento giovedì 7 gennaio 2021 15.404
5 mag 2015 alle 13:42
scarica ZHPDiag

Dopo l'installazione ti appaiono icone sul desktop
  • Avvia ZHPDiag
  • Per avviare la scansione fai clic sul pulsante
  • Un report "ZHPDiag.txt" verrà aperto
  • copia il contenuto del report qui


~~# Per ogni problema... c'è una soluzione #~~
frank2913 Posti 11 Data di registrazione lunedì 4 maggio 2015 Stato Membri Ultimo intervento giovedì 7 maggio 2015
6 mag 2015 alle 13:22
~ Riporto di ZHPDiag v2015.2.23.23 - Nicolas Coolman (23/02/2015)
~ Lanciato da Francesco (06/05/2015 13.18.15)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Indirizzo del foum Web : http://forum.nicolascoolman.fr
~ Tradotto da
~ Stato della versione : Nuova versione disponibile
~ Lista Bianca : Attivata dal programma
~ Elevazione dei privilegi : OK
~ Controllo dell'Account utente :


---\\ Browser Internet
MSIE: Internet Explorer v7.0.6001.18000
GCIE: Google Chrome v42.0.2311.135 (Defaut)

---\\ Informazioni sul prodotto Windows
~ Langage: Italien
Windows Server License Manager Script : OK
Windows Automatic Updates : OK
Windows Vista (TM) Ultimate, 32-bit Service Pack 1 (Build 6001)

---\\ Software di protezione del sistema
Avast Internet Security v10.2.2215
Malwarebytes Anti-Malware versione 2.0.4.1028

---\\ Software di ottimizzazione del sistema
CCleaner v2.32

---\\ Condivisione di software PeerToPeer
eMule

---\\ Software di sorveglianza
Adobe Flash Player 17 NPAPI

---\\ Informazioni sul sistema
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1977 MB (40% free)
System Restore: Activé (Enable)
System drive C: has 196 GB (42%) free of 466 GB

---\\ Connessione alla modalità sistema
~ Computer Name: PC-FRANCESCO
~ User Name: Francesco
~ All Users Names: Guest, Francesco, Administrator,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variabili di ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Francesco\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Francesco\AppData\Roaming\
~ %Desktop% : C:\Users\Francesco\Desktop\
~ %Favorites% : C:\Users\Francesco\Favorites\
~ %LocalAppData% : C:\Users\Francesco\AppData\Local\
~ %StartMenu% : C:\Users\Francesco\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumerazione delle unità disco
C: Hard drive, Flash drive, Thumb drive (Free 196 Go of 466 Go)
D: Hard drive, Flash drive, Thumb drive (Free 763 Go of 932 Go)
E: CD-ROM drive (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
J: Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Stato di Windows Security Center
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Ricerca di particolari file generico
[MD5.4F554999D7D5F05DAAEBBA7B5BA1089D] - (.Microsoft Corporation - Esplora risorse.) (.29/10/2008 - 7.29.41.) -- C:\Windows\Explorer.exe [2927104]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Applicazione di avvio di Windows.) (.21/01/2008 - 3.21.52.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.DA5A72211661C7F162B332FEA4F09A69] - (.Microsoft Corporation - Internet Extensions per Win32.) (.21/04/2011 - 16.00.34.) -- C:\Windows\System32\wininet.dll [833024]
[MD5.C2610B6BDBEFC053BBDAB4F1B965CB24] - (.Microsoft Corporation - Applicazione Accesso a Windows.) (.21/01/2008 - 3.22.59.) -- C:\Windows\System32\Winlogon.exe [314880]
[MD5.48EB99503533C27AC6135648E5474457] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14.16.42.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.2D9C903DC76A66813D350A562DE40ED9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.21/01/2008 - 3.21.09.) -- C:\Windows\system32\Drivers\atapi.sys [21560]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 3.21.58.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.1EC25CEA0DE6AC4718BF89F9E1778B57] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/01/2008 - 3.21.11.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.A3E9FA213F443AC77C7746119D13FEEC] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15.24.14.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.C87B1EE051C0464491C1A7B03FA0BC99] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/01/2008 - 3.21.30.) -- C:\Windows\system32\Drivers\HDAudBus.sys [53760]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Driver della porta i8042.) (.21/01/2008 - 3.21.28.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 3.22.35.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.5734A0F2BE7E495F7D3ED6EFD4B9F5A1] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 13.49.35.) -- C:\Windows\system32\Drivers\MRxSmb.sys [105984]
[MD5.7C5FEE5B1C5728507CD96FB4A13E7A02] - (.Microsoft Corporation - MBT Transport driver.) (.21/01/2008 - 3.23.10.) -- C:\Windows\system32\Drivers\netBT.sys [184320]
[MD5.B4EFFE29EB4F15538FD8A9681108492D] - (.Microsoft Corporation - Driver file system NT.) (.21/01/2008 - 3.21.58.) -- C:\Windows\system32\Drivers\ntfs.sys [1081912]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Driver della porta parallela.) (.02/11/2006 - 9.51.30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 3.23.02.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 3.21.09.) -- C:\Windows\system32\Drivers\rdpdr.sys [248832]
[MD5.031E6BCD53C9B2B9ACE111EAFEC347B6] - (.Microsoft Corporation - SMB Transport driver.) (.21/01/2008 - 3.23.10.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.D09276B1FAB033CE1D40DCBDF303D10F] - (.Microsoft Corporation - TDI Translation Driver.) (.21/01/2008 - 3.23.00.) -- C:\Windows\system32\Drivers\tdx.sys [71680]
[MD5.D8B4A53DD2769F226B3EB374374987C9] - (.Microsoft Corporation - Driver copia shadow del volume.) (.21/01/2008 - 3.21.29.) -- C:\Windows\system32\Drivers\volsnap.sys [227896]
~ Generic Processes: Scanned in 00mn 00s



---\\ Stato dei file nascosti (nascosti/totale)
~ Mes images (My Pictures) : 2/47
~ Mes musiques (My Musics) : 2/166
~ Mes Videos (My Videos) : 1/17
~ Mes Favoris (My Favorites) : 1/20
~ Mes Documents (My Documents) : 4/173
~ Mon Bureau (My Desktop) : 1/31
~ Menu demarrer (Programs) : 1/39
~ Hidden Files: Scanned in 00mn 00s



---\\ Processo avviato
[MD5.06964B7DE858BB6317164BF184E9C766] - (.Avast Software s.r.o. - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912] [PID.2056]
[MD5.7EDA1D46618C2F5801E4A47D80AE89ED] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [812872] [PID.3748]
[MD5.7D493FEBC01FB93E13E03750A862BE32] - (.Link Up Advertising - CandyBox.) -- C:\Program Files\CandyBox\cab.exe [406528] [PID.2348]
[MD5.9D2DB58768C5E760F55754E86E86AE9C] - (...) -- C:\ProgramData\Service\Application\proc.exe [162072] [PID.3232]
[MD5.62BB79160F86CD962F312C68C6239BFD] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53472] [PID.5164]
[MD5.472D170E4E1FEED584616E08CFB0F1EF] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8179200] [PID.4296]
[MD5.F96EBC5A624349D81DCC7600A3C5DC43] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.5124]
[MD5.0BA91E1358AD25236863039BB2609A2E] - (.Microsoft Corporation - Servizio gestione licenze software Microsof.) -- C:\Windows\system32\SLsvc.exe [2623488] [PID.1244]
[MD5.210A326658D72D7F2EE2267F3D9C44D4] - (.Avast Software s.r.o. - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336] [PID.1616]
[MD5.60F37044ECB50154DAC0AC2B83F6AB88] - (.Avast Software s.r.o. - avast! firewall service.) -- C:\Program Files\AVAST Software\Avast\afwServ.exe [107448] [PID.1788]
[MD5.7515019E92598852D62EEAF6C37786F6] - (.MS - Auto Update System.) -- C:\Program Files\CandyBox\aus.exe [286208] [PID.2300]
[MD5.7CF1B716372B89568AE4C0FE769F5869] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872] [PID.2400]
[MD5.5019A83BE87FD8B60F7333901BFD35E5] - (.Avast Software - AvastVirtualBox Interface.) -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216] [PID.3136]
~ Processes Running: Scanned in 00mn 01s



---\\ Mozilla Firefox, plugin, start, cerca, estensioni (P2, M0, M1, M2, M3)
C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\oit2jfpg.default\prefs.js
~ Firefox Browser: 34 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, start, cerca, URLSearchHook, Phishing (R0, R1, R3, R4)
R0 - HKCU\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.chatzum.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = about:newtab
~ IE Browser: 16 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, gestione Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analisi delle linee F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (20)
~ Hosts File: Scanned in 00mn 00s



---\\ Internet Explorer barre degli strumenti (O3)
O3 - Toolbar: Adobe PDF - [HKLM]{47833539-D0C5-4125-9FA8-0819E2EAAC93} . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Chiave orfano
~ Toolbar: Scanned in 00mn 00s



---\\ Altri link utenti (O4)
O4 - GS\Desktop [Public]: eMule.lnk . (.https://www.emule-project.net/home/perl/general.cgi?l=1 - eMule.) -- C:\Program Files\eMule\emule.exe =>P2P.eMule
~ Global Startup: 1 Legitimates Filtered in 00mn 02s



---\\ Iniziato da file e registro applicazioni (O4)
O4 - HKLM\..\Run: [AvastUI.exe] . (.Avast Software s.r.o. - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
~ Application: Scanned in 00mn 00s



---\\ I pulsanti sulla barra degli strumenti "principali strumenti" di Internet Explorer (O9)
O9 - Extra button: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modificare gli indirizzi DNS domain (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{E27BFE7A-6554-475F-8155-98AC10C854C6}: DhcpNameServer = 85.37.17.16 85.38.28.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{E27BFE7A-6554-475F-8155-98AC10C854C6}: DhcpNameServer = 85.37.17.16 85.38.28.68
O17 - HKLM\System\CS2\Services\Tcpip\..\{E27BFE7A-6554-475F-8155-98AC10C854C6}: DhcpNameServer = 85.37.17.16 85.38.28.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.37.17.16 85.38.28.68
~ Domain: Scanned in 00mn 00s



---\\ Protocollo addizionale (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizzatore HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valore di registro AppInit_DLLs e sottochiavi Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Chiave di registro autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Shell Browser UI Library.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Elenco dei servizi non Microsoft NT e non disabili (O23)
O23 - Service: Servizio di gestione (asl) . (...) - C:\ProgramData\Service\Application\asl.exe
O23 - Service: Auto Update Service (AUS) . (.MS - Auto Update System.) - C:\Program Files\CandyBox\aus.exe
O23 - Service: Log Session Manager (Log S.M.) . (.Link Up Advertising - CandyBox.) - C:\Program Files\CandyBox\cab.exe
~ Services: 6 Legitimates Filtered in 00mn 06s



---\\ L'enumerazione Active Desktop Editor MHTML (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Users\Francesco\Downloads\alaska_winter_nights-wide.jpg
O24 - Desktop General: WallPaper - .(...) - C:\Users\Francesco\Downloads\alaska_winter_nights-wide.jpg
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Attività pianificate in modo automatico (039)
[MD5.00000000000000000000000000000000] [APT] [amiupdaterExd] (...) -- C:\Users\Francesco\AppData\Local\Temp\amiupdater224.exe (.not file.) [0] =>PUP.Dealply
[MD5.00000000000000000000000000000000] [APT] [{31587B49-56B4-4813-8C47-47EF72EB67AC}] (...) -- C:\Users\Francesco\AppData\Roaming\istartsurf\UninstallManager.exe (.not file.) [0] =>PUP.IsStart
[MD5.00000000000000000000000000000000] [APT] [{499A721D-AE14-4184-824F-57E3F3AD425C}] (...) -- C:\Users\Francesco\AppData\Roaming\Nosibay\Bubble Dock\Bubble Dock Uninstall.exe (.not file.) [0] =>PUP.BubbleDock
[MD5.00000000000000000000000000000000] [APT] [{9A5BC3C8-5CAE-47C3-BE7A-1AEC067BF264}] (...) -- C:\Users\Francesco\Downloads\BwinCasino (1).exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [978]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1134]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1138]
~ Scheduled Task: 14 Legitimates Filtered in 00mn 03s



---\\ Software installato (O42)
O42 - Logiciel: Er Finestra - (.DaNieLz Works 2002.) [HKLM] -- Er Finestra
O42 - Logiciel: WinOff - (...) [HKLM] -- {8049EB00-4F62-44FB-AAF7-CB42F588E3C5}_is1
~ Logic: 9 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\NDS]
[HKCU\Software\WHCASINOREAL.IT]
[HKCU\Software\xohiwgcmz]
[HKLM\Software\50 Stars Casino]
[HKLM\Software\AUS]
[HKLM\Software\African Palace Casino]
[HKLM\Software\Amber Coast Casino]
[HKLM\Software\Baraka Bingo]
[HKLM\Software\Baraka Casino Online]
[HKLM\Software\Better Casino]
[HKLM\Software\Bingo Day]
[HKLM\Software\Blackpool Bingo]
[HKLM\Software\Blackpool Club Casino]
[HKLM\Software\CASINO PLEX]
[HKLM\Software\CandyBox]
[HKLM\Software\Carnaval Casino]
[HKLM\Software\Casino Bellini]
[HKLM\Software\Casino DelRio]
[HKLM\Software\Casino Vendome]
[HKLM\Software\Casino.com]
[HKLM\Software\Centrebet Casino]
[HKLM\Software\Centrebet Poker]
[HKLM\Software\Class 1 Casino]
[HKLM\Software\Club Dice Casino]
[HKLM\Software\Club Dice Poker]
[HKLM\Software\Club Gold Casino]
[HKLM\Software\Cote dAzur Palace Casino]
[HKLM\Software\Craps.com]
[HKLM\Software\Dafa Poker]
[HKLM\Software\Dafa888]
[HKLM\Software\Diamond Club Casino]
[HKLM\Software\Enter Casino]
[HKLM\Software\Fair Poker]
[HKLM\Software\Fast Win Casino]
[HKLM\Software\Giant Vegas Casino]
[HKLM\Software\Golden Palace Casino PT]
[HKLM\Software\Grand Play Casino]
[HKLM\Software\Grosvenor Casinos]
[HKLM\Software\IncrediMail]
[HKLM\Software\Indio Casino]
[HKLM\Software\King Solomons Casino]
[HKLM\Software\Kiwi Bingo]
[HKLM\Software\Kiwi Casino]
[HKLM\Software\Kiwi Poker]
[HKLM\Software\MANSION Casino]
[HKLM\Software\Magic Box Casino]
[HKLM\Software\Mansion Poker]
[HKLM\Software\Miss Bingo]
[HKLM\Software\New York Casino]
[HKLM\Software\Noble Casino]
[HKLM\Software\Noble Poker]
[HKLM\Software\Nuts Poker]
[HKLM\Software\Omni Casino]
[HKLM\Software\OnlineCasino.com]
[HKLM\Software\OxigenRef]
[HKLM\Software\Play United Casino]
[HKLM\Software\PlayGate Casino]
[HKLM\Software\PlayGate Poker]
[HKLM\Software\Poker 770]
[HKLM\Software\Poker Ocean]
[HKLM\Software\PowerOffer]
[HKLM\Software\Prestige Bingo]
[HKLM\Software\Prestige Poker]
[HKLM\Software\Riva Poker]
[HKLM\Software\Royal Dice Casino]
[HKLM\Software\Royal Lounge Casino]
[HKLM\Software\Sky Kings Casino]
[HKLM\Software\Tiki Bingo]
[HKLM\Software\Titan Casino]
[HKLM\Software\Titan.it Casino]
[HKLM\Software\USA Casino]
[HKLM\Software\Vegas Red Casino]
[HKLM\Software\WHCASINOREAL.IT]
[HKLM\Software\William Hill CASINO CLUB]
[HKLM\Software\Windows Casino]
[HKLM\Software\Windows Poker]
[HKLM\Software\Ya888Ya Casino]
[HKLM\Software\Zipang Casino]
[HKLM\Software\pokerplex]
[HKLM\Software\pokersnai_real]
[HKLM\Software\sunpoker]
[HKLM\Software\vulcanpoker]
~ Key Software: 278 Legitimates Filtered in 00mn 00s



---\\ Contenuto delle cartelle Programmi, ProgramFiles, ProgramData, AppData (O43)
O43 - CFD: 02/05/2015 - 21.55.47 - [] ----D C:\Program Files\CandyBox
O43 - CFD: 14/05/2014 - 16.26.19 - [0] ----D C:\Program Files\Cool Mirage Ltd
O43 - CFD: 20/05/2010 - 22.02.25 - [] ----D C:\Program Files\Er Finestra
O43 - CFD: 17/08/2013 - 22.19.32 - [] ----D C:\Program Files\ffvfw
O43 - CFD: 29/09/2009 - 23.22.04 - [] -SH-D C:\Program Files\File comuni
O43 - CFD: 05/08/2011 - 18.18.40 - [] ----D C:\Program Files\LimeWire
O43 - CFD: 24/04/2015 - 11.37.42 - [] ----D C:\Program Files\PokerStars.IT
O43 - CFD: 02/05/2015 - 21.57.09 - [] ----D C:\Program Files\UltraZip
O43 - CFD: 28/12/2012 - 23.38.10 - [] ----D C:\ProgramData\55-6p-p5-r0-60-31
O43 - CFD: 25/02/2012 - 17.57.36 - [] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 29/09/2009 - 23.22.04 - [] -SH-D C:\ProgramData\Documenti
O43 - CFD: 29/09/2009 - 23.22.04 - [] -SH-D C:\ProgramData\Menu Avvio
O43 - CFD: 29/09/2009 - 23.22.04 - [] -SH-D C:\ProgramData\Preferiti
O43 - CFD: 02/05/2015 - 21.57.08 - [] ----D C:\ProgramData\Service
O43 - CFD: 04/12/2012 - 23.01.45 - [0] ----D C:\ProgramData\????
O43 - CFD: 04/12/2012 - 23.01.44 - [0] ----D C:\ProgramData\????Ä???8520-1533-40C5-AD09-953C574F14BCÄ???
O43 - CFD: 09/12/2012 - 12.35.51 - [0] ----D C:\ProgramData\?E?E?????????????????????????
O43 - CFD: 08/12/2012 - 10.59.23 - [0] ----D C:\ProgramData\?í?í?????????????????????????
O43 - CFD: 17/12/2012 - 21.49.43 - [0] ----D C:\ProgramData\?????????????????????????????
O43 - CFD: 18/12/2012 - 23.03.43 - [0] ----D C:\ProgramData\????
O43 - CFD: 26/12/2012 - 13.40.19 - [0] ----D C:\ProgramData\????
O43 - CFD: 11/12/2012 - 23.00.07 - [0] ----D C:\ProgramData\????
O43 - CFD: 03/05/2015 - 16.07.48 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffvfw
O43 - CFD: 20/05/2010 - 22.02.23 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Radio Deejay
O43 - CFD: 02/11/2006 - 14.35.50 - [] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 07/12/2011 - 18.50.41 - [0] ----D C:\Users\Francesco\AppData\Roaming\Ansylo
O43 - CFD: 26/02/2012 - 18.43.30 - [0] ----D C:\Users\Francesco\AppData\Roaming\Daawpya
O43 - CFD: 22/03/2012 - 18.55.51 - [] ----D C:\Users\Francesco\AppData\Roaming\Edfoy
O43 - CFD: 24/02/2012 - 20.54.58 - [] ----D C:\Users\Francesco\AppData\Roaming\Ifuvv
O43 - CFD: 24/03/2012 - 1.48.55 - [0] ----D C:\Users\Francesco\AppData\Roaming\Imudy
O43 - CFD: 07/12/2011 - 1.25.33 - [0] ----D C:\Users\Francesco\AppData\Roaming\Raa
O43 - CFD: 31/12/2012 - 18.32.55 - [] ----D C:\Users\Francesco\AppData\Roaming\RisikoDigitalII
O43 - CFD: 04/05/2015 - 0.34.56 - [] ----D C:\Users\Francesco\AppData\Local\EE221CBB-1430603881-DE11-8A19-0007E9BECBF3
O43 - CFD: 02/05/2015 - 22.52.30 - [] ----D C:\Users\Francesco\AppData\Local\EE221CBB-1430603896-DE11-8A19-0007E9BECBF3
O43 - CFD: 27/09/2014 - 16.32.34 - [] ----D C:\Users\Francesco\AppData\Local\PokerStars.IT
O43 - CFD: 02/09/2012 - 13.02.17 - [] ----D C:\Users\Francesco\AppData\Local\PosService
O43 - CFD: 01/09/2012 - 21.22.00 - [] ----D C:\Users\Francesco\AppData\Local\PowerOffer
O43 - CFD: 13/02/2014 - 18.05.51 - [] ----D C:\Users\Francesco\AppData\Local\Senza titolo
O43 - CFD: 02/03/2013 - 22.45.55 - [] ----D C:\Users\Francesco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Guadagnare 200 Euro al giorno Sistema 1
O43 - CFD: 20/05/2010 - 22.02.22 - [0] ----D C:\Users\Francesco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Radio Deejay
~ Program Folder: 231 Legitimates Filtered in 00mn 01s



---\\ Ultimi file modificati o creati su Windows e System32 (O44)
O44 - LFC:[MD5.35281CA2C003866E54C0F60CFC3FCC32] - 02/05/2015 - 20.56.11 ---A- . (...) -- C:\Windows\win.ini [321]
O44 - LFC:[MD5.1F3CE16AE4BAB02C8DCD204FF40A4A8A] - 02/05/2015 - 21.11.39 ---A- . (...) -- C:\Windows\System32\029B560A371F4E00AB32838EBC01B9E7 [4]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 02/05/2015 - 21.26.00 RSHA- . (...) -- C:\IO.SYS [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 02/05/2015 - 21.26.00 RSHA- . (...) -- C:\MSDOS.SYS [0]
O44 - LFC:[MD5.78864F1759CBE126777F38A398FFEB3A] - 05/05/2015 - 11.40.48 ---A- . (...) -- C:\Windows\ntbtlog.txt [190134]
~ Files: 16 Legitimates Filtered in 00mn 30s



---\\ Operazioni e funzioni all'avvio di Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Enumerazione della chiave del Registro di sistema StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\PosService [Key] . (.PLauncher - PLauncher.) -- C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe
~ SMSR Keys: 17 Legitimates Filtered in 00mn 00s



---\\ Enumerazione del Registro chiavi PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Elenco dei driver del sistema (SDL) (O58)
O58 - SDL:18/04/2015 - 13.52.30 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24144] =>.ALWIL Software
O58 - SDL:18/04/2015 - 13.51.47 ---A- . (.ALWIL Software - avast! Filtering NDIS driver.) -- C:\Windows\System32\Drivers\aswNdis.sys [12112]
O58 - SDL:18/04/2015 - 13.52.30 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49904] =>.ALWIL Software
O58 - SDL:18/04/2015 - 13.52.30 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208024] =>.ALWIL Software
O58 - SDL:25/10/2010 - 10.07.48 ---A- . (.Devguru Co., Ltd - Device Error Recovery SDK(x86).) -- C:\Windows\System32\Drivers\dgderdrv.sys [18120]
O58 - SDL:21/01/2008 - 3.21.30 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [342584]
O58 - SDL:02/11/2006 - 10.50.07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\Drivers\iteatapi.sys [35944]
O58 - SDL:02/11/2006 - 10.50.09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\Drivers\iteraid.sys [35944]
O58 - SDL:30/12/2010 - 10.41.56 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [66112]
O58 - SDL:30/12/2010 - 10.41.56 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [180672]
O58 - SDL:30/12/2010 - 10.41.56 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Mobile Logging Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudserd.sys [180672]
O58 - SDL:21/01/2008 - 3.21.28 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\Drivers\uliahci.sys [238648]
O58 - SDL:02/11/2006 - 10.50.35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\System32\Drivers\ulsata.sys [98408]
O58 - SDL:21/01/2008 - 3.21.31 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\System32\Drivers\ulsata2.sys [115816]
O58 - SDL:16/04/2010 - 7.33.36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys [41472]
O58 - SDL:02/11/2006 - 8.09.42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:02/11/2006 - 8.09.45 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:25/10/2010 - 10.03.52 ---A- . (...) -- C:\Windows\System32\FsUsbExDisk.Sys [36640]
O58 - SDL:02/11/2006 - 8.09.41 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:02/11/2006 - 8.09.44 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:02/11/2006 - 8.09.44 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:02/11/2006 - 8.09.29 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:02/11/2006 - 8.09.35 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:02/11/2006 - 8.09.38 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:02/11/2006 - 8.09.40 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:02/11/2006 - 8.09.31 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:02/11/2006 - 8.09.20 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:02/11/2006 - 8.09.23 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:02/11/2006 - 8.09.24 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:02/11/2006 - 8.09.26 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:02/11/2006 - 8.09.22 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 93 Legitimates Filtered in 00mn 05s



---\\ Elenco di strumenti di disinfezione (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Elenco servizi registrati legacy (LALS) (O64)
O64 - Services: CurCS - 18/04/2015 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
~ Legacy: 81 Legitimates Filtered in 00mn 00s



---\\ Associazioni Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu Start Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Cerca "infezione su browser internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - https://www.bing.com/?toHttps=1&redig=2F13C9FB4BE74CED9DE7191D634B97FB
~ Keys: Scanned in 00mn 00s



---\\ Condizioni generali dei servizi non Microsoft (GSR) (SR = esecuzione, SS = fermato)
SS - | Demand 03/05/2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 16/04/2010 144672 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SS - | Auto 10/03/2015 570136 | (asl) . (...) - C:\ProgramData\Service\Application\asl.exe
SS - | Disabled 25/10/2010 95568 | (dgdersvc) . (.Devguru Co., Ltd..) - C:\Windows\system32\dgdersvc.exe
SS - | Disabled 30/09/2009 654848 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Disabled 25/10/2010 217088 | (FsUsbExService) . (.Teruten.) - C:\Windows\system32\FsUsbExService.exe
SS - | Auto 27/11/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 27/11/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 22/12/2009 136120 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Disabled 28/04/2010 545576 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Disabled 31/12/2008 174616 | (LMS) . (.Intel Corporation.) - C:\Program Files\Intel\AMT\LMS.exe
SS - | Disabled 05/05/2015 208384 | (mijifyhu) . (...) - C:\Users\Francesco\AppData\Local\EE221CBB-1430603881-DE11-8A19-0007E9BECBF3\cnsh2DA3.tmp
SS - | Disabled 20/09/2007 853288 | (Nero BackItUp Scheduler 3) . (.Nero AG.) - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
SS - | Disabled 20/09/2007 382248 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
SS - | Disabled 03/04/2012 169472 | (PowerOffer Service) . (.PowerOfferService.) - C:\Users\Francesco\AppData\Local\PosService\Pos.exe
SS - | Disabled 31/12/2008 2054680 | (UNS) . (.Intel Corporation.) - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
SS - | Demand 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2014 286208 | (AUS) . (.MS.) - C:\Program Files\CandyBox\aus.exe
SR - | Auto 18/04/2015 343336 | (avast! Antivirus) . (.Avast Software s.r.o..) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 18/04/2015 107448 | (avast! Firewall) . (.Avast Software s.r.o..) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SR - | Demand 18/04/2015 3205216 | (AvastVBoxSvc) . (.Avast Software.) - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
SR - | Auto 20/07/2014 406528 | (Log S.M.) . (.Link Up Advertising.) - C:\Program Files\CandyBox\cab.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 16s



---\\ Scansione aggiuntive (O88)
Database Version : 13008 - (23/02/2015)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E] =>PUP.SweetIM
[HKLM\Software\poker 770] =>Adware.Casino
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8] =>PUP.SweetIM
~ Additionnel Scan: 306423 Items scanned in 00mn 47s



---\\ Informationi complémentaires sul le segnalazione
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, gestione Proxy (R5)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer barre degli strumenti (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Iniziato da file e registro applicazioni (O4)
~ AMI: 3 Legitimates Filtered in 00mn 00s



---\\ Riepilogo dei rilevamenti trovato sulla workstation
http://nicolascoolman.fr/pup-dealply =>PUP.Dealply
http://nicolascoolman.fr/pup-isstart =>PUP.IsStart
http://nicolascoolman.fr/pup-bubbledock =>PUP.BubbleDock
http://nicolascoolman.fr/pup-sweetim =>PUP.SweetIM
http://nicolascoolman.fr/28388393-adware-casino =>Adware.Casino
~ MSI: 5 link(s) detected in 00mn 00s



~ 888 Legitimates filtered by white list
End of the scan (548 lines in 02mn 58s)(0.4)
Noureddine Bouzidi Posti 22674 Data di registrazione giovedì 19 marzo 2009 Stato Moderatore Ultimo intervento giovedì 7 gennaio 2021 15.404 > frank2913 Posti 11 Data di registrazione lunedì 4 maggio 2015 Stato Membri Ultimo intervento giovedì 7 maggio 2015
6 mag 2015 alle 16:39
AdwCleaner e ZHPCleaner dovrebbero già aver rimosso alcuni PUP

Fai una nuova scansione con AdwCleaner
poi
una con ZHPCleaner
poi
una con ZHPDiag

posta i 3 report uno per messaggio
frank2913 Posti 11 Data di registrazione lunedì 4 maggio 2015 Stato Membri Ultimo intervento giovedì 7 maggio 2015 > Noureddine Bouzidi Posti 22674 Data di registrazione giovedì 19 marzo 2009 Stato Moderatore Ultimo intervento giovedì 7 gennaio 2021
6 mag 2015 alle 17:34
# AdwCleaner v4.203 - Creato file registro eventi 06/05/2015 in 17:22:04
# Aggiornato 30/04/2015 da Xplode
# Database : 2015-04-30.2 [Locale]
# Sistema operativo : Windows Vista (TM) Ultimate Service Pack 1 (x86)
# Nome utente : Francesco - PC-FRANCESCO
# In esecuzione da : C:\Users\Francesco\Downloads\adwcleaner_4.203.exe
# Opzione : Pulizia
          • [ Servizi ] *****
          • [ File / Cartelle ] *****


Cartella Eliminato : C:\Program Files\Conduit
Cartella Eliminato : C:\Program Files\mbot_it_498
Cartella Eliminato : C:\Windows\system32\jmdp
Cartella Eliminato : C:\Users\Francesco\AppData\Local\SoftwareUpdater
Cartella Eliminato : C:\Users\Francesco\AppData\Local\mbot_it_498
Cartella Eliminato : C:\Users\Francesco\AppData\LocalLow\Conduit
          • [ Attività pianificate ] *****
          • [ Collegamenti ] *****
          • [ Registry ] *****
          • [ Browser web ] *****


-\\ Internet Explorer v7.0.6001.18639


-\\ Mozilla Firefox v


-\\ Google Chrome v42.0.2311.135


AdwCleaner[R0].txt - [1167 byte] - [06/05/2015 17:19:34]
AdwCleaner[R1].txt - [1225 byte] - [06/05/2015 17:21:08]
AdwCleaner[S0].txt - [1159 byte] - [06/05/2015 17:22:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1217 byte] ##########
frank2913 Posti 11 Data di registrazione lunedì 4 maggio 2015 Stato Membri Ultimo intervento giovedì 7 maggio 2015 > Noureddine Bouzidi Posti 22674 Data di registrazione giovedì 19 marzo 2009 Stato Moderatore Ultimo intervento giovedì 7 gennaio 2021
6 mag 2015 alle 17:44
~ ZHPCleaner v2015.5.5.213 by Nicolas Coolman (06/05/2015)
~ Run by Francesco (Administrator) (06/05/2015 17:36:29)
~ Forum : http://forum.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Chercare
~ Report : C:\Users\Francesco\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Francesco\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Deactivate
~ Boot Mode : Normal (Normal boot)
~ Windows VISTA, 32-bit Service Pack 1 (Build 6001)


---\\ Servizi (0)
~ Nessun elemento malevolo trovato.


---\\ Browser Internet (0)
~ Nessun elemento malevolo trovato.


---\\ File hosts (1)
~ Il file hosts è legittimo (20)


---\\ Operazioni pianificate automatiche. (0)
~ Nessun elemento malevolo trovato.


---\\ Esploratore ( File, Cartelle) (0)
~ Nessun elemento malevolo trovato.


---\\ Registro ( Chiavi, Valori, Dati ) (0)
~ Nessun elemento malevolo trovato.


---\\ Risultato di riparazione
~ Qualsiasi riparazione fatta
~ Browser non trovato (Google Chrome)
~ Browser non trovato (Opera Software)


---\\ Statistiche
~ Elementi analizzati : 61302
~ Elementi trovati : 0
~ Elementi cancellati : 0
~ Elementi riparati : 0


End of clean at 17:44:32
===================
ZHPCleaner-[R]-03052015-12_08_20.txt
ZHPCleaner-[R]-04052015-16_37_42.txt
ZHPCleaner-[R]-06052015-14_56_10.txt
ZHPCleaner-[S]-03052015-12_07_22.txt
ZHPCleaner-[S]-03052015-15_35_59.txt
ZHPCleaner-[S]-04052015-16_36_30.txt
ZHPCleaner-[S]-04052015-16_55_03.txt
ZHPCleaner-[S]-05052015-12_24_51.txt
ZHPCleaner-[S]-06052015-14_55_30.txt
ZHPCleaner-[S]-06052015-17_44_32.txt
frank2913 Posti 11 Data di registrazione lunedì 4 maggio 2015 Stato Membri Ultimo intervento giovedì 7 maggio 2015 > Noureddine Bouzidi Posti 22674 Data di registrazione giovedì 19 marzo 2009 Stato Moderatore Ultimo intervento giovedì 7 gennaio 2021
6 mag 2015 alle 17:55
~ Riporto di ZHPDiag v2015.2.23.23 - Nicolas Coolman (23/02/2015)
~ Lanciato da Francesco (06/05/2015 17.52.48)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Indirizzo del foum Web : http://forum.nicolascoolman.fr
~ Tradotto da
~ Stato della versione : Nuova versione disponibile
~ Lista Bianca : Attivata dal programma
~ Elevazione dei privilegi : OK
~ Controllo dell'Account utente :


---\\ Browser Internet
MSIE: Internet Explorer v7.0.6001.18000
GCIE: Google Chrome v42.0.2311.135 (Defaut)

---\\ Informazioni sul prodotto Windows
~ Langage: Italien
Windows Server License Manager Script : OK
Windows Automatic Updates : OK
Windows Vista (TM) Ultimate, 32-bit Service Pack 1 (Build 6001)

---\\ Software di protezione del sistema
Avast Internet Security v10.2.2215
Malwarebytes Anti-Malware versione 2.0.4.1028

---\\ Software di ottimizzazione del sistema
CCleaner v2.32

---\\ Condivisione di software PeerToPeer
eMule

---\\ Software di sorveglianza
Adobe Flash Player 17 NPAPI

---\\ Informazioni sul sistema
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1977 MB (58% free)
System Restore: Activé (Enable)
System drive C: has 199 GB (42%) free of 466 GB

---\\ Connessione alla modalità sistema
~ Computer Name: PC-FRANCESCO
~ User Name: Francesco
~ All Users Names: Guest, Francesco, Administrator,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variabili di ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Francesco\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Francesco\AppData\Roaming\
~ %Desktop% : C:\Users\Francesco\Desktop\
~ %Favorites% : C:\Users\Francesco\Favorites\
~ %LocalAppData% : C:\Users\Francesco\AppData\Local\
~ %StartMenu% : C:\Users\Francesco\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumerazione delle unità disco
C: Hard drive, Flash drive, Thumb drive (Free 199 Go of 466 Go)
D: Hard drive, Flash drive, Thumb drive (Free 763 Go of 932 Go)
E: CD-ROM drive (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
J: Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Stato di Windows Security Center
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Ricerca di particolari file generico
[MD5.4F554999D7D5F05DAAEBBA7B5BA1089D] - (.Microsoft Corporation - Esplora risorse.) (.29/10/2008 - 7.29.41.) -- C:\Windows\Explorer.exe [2927104]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Applicazione di avvio di Windows.) (.21/01/2008 - 3.21.52.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.DA5A72211661C7F162B332FEA4F09A69] - (.Microsoft Corporation - Internet Extensions per Win32.) (.21/04/2011 - 16.00.34.) -- C:\Windows\System32\wininet.dll [833024]
[MD5.C2610B6BDBEFC053BBDAB4F1B965CB24] - (.Microsoft Corporation - Applicazione Accesso a Windows.) (.21/01/2008 - 3.22.59.) -- C:\Windows\System32\Winlogon.exe [314880]
[MD5.48EB99503533C27AC6135648E5474457] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14.16.42.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.2D9C903DC76A66813D350A562DE40ED9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.21/01/2008 - 3.21.09.) -- C:\Windows\system32\Drivers\atapi.sys [21560]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 3.21.58.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.1EC25CEA0DE6AC4718BF89F9E1778B57] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/01/2008 - 3.21.11.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.A3E9FA213F443AC77C7746119D13FEEC] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15.24.14.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.C87B1EE051C0464491C1A7B03FA0BC99] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/01/2008 - 3.21.30.) -- C:\Windows\system32\Drivers\HDAudBus.sys [53760]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Driver della porta i8042.) (.21/01/2008 - 3.21.28.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 3.22.35.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.5734A0F2BE7E495F7D3ED6EFD4B9F5A1] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 13.49.35.) -- C:\Windows\system32\Drivers\MRxSmb.sys [105984]
[MD5.7C5FEE5B1C5728507CD96FB4A13E7A02] - (.Microsoft Corporation - MBT Transport driver.) (.21/01/2008 - 3.23.10.) -- C:\Windows\system32\Drivers\netBT.sys [184320]
[MD5.B4EFFE29EB4F15538FD8A9681108492D] - (.Microsoft Corporation - Driver file system NT.) (.21/01/2008 - 3.21.58.) -- C:\Windows\system32\Drivers\ntfs.sys [1081912]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Driver della porta parallela.) (.02/11/2006 - 9.51.30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 3.23.02.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 3.21.09.) -- C:\Windows\system32\Drivers\rdpdr.sys [248832]
[MD5.031E6BCD53C9B2B9ACE111EAFEC347B6] - (.Microsoft Corporation - SMB Transport driver.) (.21/01/2008 - 3.23.10.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.D09276B1FAB033CE1D40DCBDF303D10F] - (.Microsoft Corporation - TDI Translation Driver.) (.21/01/2008 - 3.23.00.) -- C:\Windows\system32\Drivers\tdx.sys [71680]
[MD5.D8B4A53DD2769F226B3EB374374987C9] - (.Microsoft Corporation - Driver copia shadow del volume.) (.21/01/2008 - 3.21.29.) -- C:\Windows\system32\Drivers\volsnap.sys [227896]
~ Generic Processes: Scanned in 00mn 00s



---\\ Stato dei file nascosti (nascosti/totale)
~ Mes images (My Pictures) : 2/47
~ Mes musiques (My Musics) : 2/166
~ Mes Videos (My Videos) : 1/17
~ Mes Favoris (My Favorites) : 1/20
~ Mes Documents (My Documents) : 4/173
~ Mon Bureau (My Desktop) : 1/31
~ Menu demarrer (Programs) : 1/39
~ Hidden Files: Scanned in 00mn 00s



---\\ Processo avviato
[MD5.06964B7DE858BB6317164BF184E9C766] - (.Avast Software s.r.o. - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912] [PID.3188]
[MD5.9D2DB58768C5E760F55754E86E86AE9C] - (...) -- C:\ProgramData\Service\Application\proc.exe [162072] [PID.3816]
[MD5.7D493FEBC01FB93E13E03750A862BE32] - (.Link Up Advertising - CandyBox.) -- C:\Program Files\CandyBox\cab.exe [406528] [PID.2200]
[MD5.62BB79160F86CD962F312C68C6239BFD] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53472] [PID.1248]
[MD5.F96EBC5A624349D81DCC7600A3C5DC43] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.5748]
[MD5.472D170E4E1FEED584616E08CFB0F1EF] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8179200] [PID.4476]
[MD5.0BA91E1358AD25236863039BB2609A2E] - (.Microsoft Corporation - Servizio gestione licenze software Microsof.) -- C:\Windows\system32\SLsvc.exe [2623488] [PID.1344]
[MD5.210A326658D72D7F2EE2267F3D9C44D4] - (.Avast Software s.r.o. - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336] [PID.1644]
[MD5.60F37044ECB50154DAC0AC2B83F6AB88] - (.Avast Software s.r.o. - avast! firewall service.) -- C:\Program Files\AVAST Software\Avast\afwServ.exe [107448] [PID.1856]
[MD5.7515019E92598852D62EEAF6C37786F6] - (.MS - Auto Update System.) -- C:\Program Files\CandyBox\aus.exe [286208] [PID.2156]
[MD5.7CF1B716372B89568AE4C0FE769F5869] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872] [PID.2256]
[MD5.5019A83BE87FD8B60F7333901BFD35E5] - (.Avast Software - AvastVirtualBox Interface.) -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216] [PID.2864]
~ Processes Running: Scanned in 00mn 00s



---\\ Mozilla Firefox, plugin, start, cerca, estensioni (P2, M0, M1, M2, M3)
C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\oit2jfpg.default\prefs.js
~ Firefox Browser: 34 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, start, cerca, URLSearchHook, Phishing (R0, R1, R3, R4)
R0 - HKCU\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.chatzum.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = about:newtab
~ IE Browser: 16 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, gestione Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analisi delle linee F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (20)
~ Hosts File: Scanned in 00mn 00s



---\\ Internet Explorer barre degli strumenti (O3)
O3 - Toolbar: Adobe PDF - [HKLM]{47833539-D0C5-4125-9FA8-0819E2EAAC93} . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Chiave orfano
~ Toolbar: Scanned in 00mn 00s



---\\ Altri link utenti (O4)
O4 - GS\Desktop [Public]: eMule.lnk . (.https://www.emule-project.net/home/perl/general.cgi?l=1 - eMule.) -- C:\Program Files\eMule\emule.exe =>P2P.eMule
~ Global Startup: 1 Legitimates Filtered in 00mn 02s



---\\ Iniziato da file e registro applicazioni (O4)
O4 - HKLM\..\Run: [AvastUI.exe] . (.Avast Software s.r.o. - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
~ Application: Scanned in 00mn 00s



---\\ I pulsanti sulla barra degli strumenti "principali strumenti" di Internet Explorer (O9)
O9 - Extra button: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modificare gli indirizzi DNS domain (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{E27BFE7A-6554-475F-8155-98AC10C854C6}: DhcpNameServer = 85.37.17.16 85.38.28.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{E27BFE7A-6554-475F-8155-98AC10C854C6}: DhcpNameServer = 85.37.17.16 85.38.28.68
O17 - HKLM\System\CS2\Services\Tcpip\..\{E27BFE7A-6554-475F-8155-98AC10C854C6}: DhcpNameServer = 85.37.17.16 85.38.28.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.37.17.16 85.38.28.68
~ Domain: Scanned in 00mn 00s



---\\ Protocollo addizionale (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizzatore HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valore di registro AppInit_DLLs e sottochiavi Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Chiave di registro autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Shell Browser UI Library.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Elenco dei servizi non Microsoft NT e non disabili (O23)
O23 - Service: Servizio di gestione (asl) . (...) - C:\ProgramData\Service\Application\asl.exe
O23 - Service: Auto Update Service (AUS) . (.MS - Auto Update System.) - C:\Program Files\CandyBox\aus.exe
O23 - Service: Log Session Manager (Log S.M.) . (.Link Up Advertising - CandyBox.) - C:\Program Files\CandyBox\cab.exe
~ Services: 6 Legitimates Filtered in 00mn 04s



---\\ L'enumerazione Active Desktop Editor MHTML (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Users\Francesco\Downloads\alaska_winter_nights-wide.jpg
O24 - Desktop General: WallPaper - .(...) - C:\Users\Francesco\Downloads\alaska_winter_nights-wide.jpg
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Attività pianificate in modo automatico (039)
[MD5.00000000000000000000000000000000] [APT] [amiupdaterExd] (...) -- C:\Users\Francesco\AppData\Local\Temp\amiupdater224.exe (.not file.) [0] =>PUP.Dealply
[MD5.00000000000000000000000000000000] [APT] [{31587B49-56B4-4813-8C47-47EF72EB67AC}] (...) -- C:\Users\Francesco\AppData\Roaming\istartsurf\UninstallManager.exe (.not file.) [0] =>PUP.IsStart
[MD5.00000000000000000000000000000000] [APT] [{499A721D-AE14-4184-824F-57E3F3AD425C}] (...) -- C:\Users\Francesco\AppData\Roaming\Nosibay\Bubble Dock\Bubble Dock Uninstall.exe (.not file.) [0] =>PUP.BubbleDock
[MD5.00000000000000000000000000000000] [APT] [{9A5BC3C8-5CAE-47C3-BE7A-1AEC067BF264}] (...) -- C:\Users\Francesco\Downloads\BwinCasino (1).exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [978]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1134]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1138]
~ Scheduled Task: 14 Legitimates Filtered in 00mn 03s



---\\ Software installato (O42)
O42 - Logiciel: Er Finestra - (.DaNieLz Works 2002.) [HKLM] -- Er Finestra
O42 - Logiciel: WinOff - (...) [HKLM] -- {8049EB00-4F62-44FB-AAF7-CB42F588E3C5}_is1
~ Logic: 9 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\NDS]
[HKCU\Software\WHCASINOREAL.IT]
[HKCU\Software\xohiwgcmz]
[HKLM\Software\50 Stars Casino]
[HKLM\Software\AUS]
[HKLM\Software\African Palace Casino]
[HKLM\Software\Amber Coast Casino]
[HKLM\Software\Baraka Bingo]
[HKLM\Software\Baraka Casino Online]
[HKLM\Software\Better Casino]
[HKLM\Software\Bingo Day]
[HKLM\Software\Blackpool Bingo]
[HKLM\Software\Blackpool Club Casino]
[HKLM\Software\CASINO PLEX]
[HKLM\Software\CandyBox]
[HKLM\Software\Carnaval Casino]
[HKLM\Software\Casino Bellini]
[HKLM\Software\Casino DelRio]
[HKLM\Software\Casino Vendome]
[HKLM\Software\Casino.com]
[HKLM\Software\Centrebet Casino]
[HKLM\Software\Centrebet Poker]
[HKLM\Software\Class 1 Casino]
[HKLM\Software\Club Dice Casino]
[HKLM\Software\Club Dice Poker]
[HKLM\Software\Club Gold Casino]
[HKLM\Software\Cote dAzur Palace Casino]
[HKLM\Software\Craps.com]
[HKLM\Software\Dafa Poker]
[HKLM\Software\Dafa888]
[HKLM\Software\Diamond Club Casino]
[HKLM\Software\Enter Casino]
[HKLM\Software\Fair Poker]
[HKLM\Software\Fast Win Casino]
[HKLM\Software\Giant Vegas Casino]
[HKLM\Software\Golden Palace Casino PT]
[HKLM\Software\Grand Play Casino]
[HKLM\Software\Grosvenor Casinos]
[HKLM\Software\IncrediMail]
[HKLM\Software\Indio Casino]
[HKLM\Software\King Solomons Casino]
[HKLM\Software\Kiwi Bingo]
[HKLM\Software\Kiwi Casino]
[HKLM\Software\Kiwi Poker]
[HKLM\Software\MANSION Casino]
[HKLM\Software\Magic Box Casino]
[HKLM\Software\Mansion Poker]
[HKLM\Software\Miss Bingo]
[HKLM\Software\New York Casino]
[HKLM\Software\Noble Casino]
[HKLM\Software\Noble Poker]
[HKLM\Software\Nuts Poker]
[HKLM\Software\Omni Casino]
[HKLM\Software\OnlineCasino.com]
[HKLM\Software\OxigenRef]
[HKLM\Software\Play United Casino]
[HKLM\Software\PlayGate Casino]
[HKLM\Software\PlayGate Poker]
[HKLM\Software\Poker 770]
[HKLM\Software\Poker Ocean]
[HKLM\Software\PowerOffer]
[HKLM\Software\Prestige Bingo]
[HKLM\Software\Prestige Poker]
[HKLM\Software\Riva Poker]
[HKLM\Software\Royal Dice Casino]
[HKLM\Software\Royal Lounge Casino]
[HKLM\Software\Sky Kings Casino]
[HKLM\Software\Tiki Bingo]
[HKLM\Software\Titan Casino]
[HKLM\Software\Titan.it Casino]
[HKLM\Software\USA Casino]
[HKLM\Software\Vegas Red Casino]
[HKLM\Software\WHCASINOREAL.IT]
[HKLM\Software\William Hill CASINO CLUB]
[HKLM\Software\Windows Casino]
[HKLM\Software\Windows Poker]
[HKLM\Software\Ya888Ya Casino]
[HKLM\Software\Zipang Casino]
[HKLM\Software\pokerplex]
[HKLM\Software\pokersnai_real]
[HKLM\Software\sunpoker]
[HKLM\Software\vulcanpoker]
~ Key Software: 278 Legitimates Filtered in 00mn 00s



---\\ Contenuto delle cartelle Programmi, ProgramFiles, ProgramData, AppData (O43)
O43 - CFD: 02/05/2015 - 21.55.47 - [] ----D C:\Program Files\CandyBox
O43 - CFD: 14/05/2014 - 16.26.19 - [0] ----D C:\Program Files\Cool Mirage Ltd
O43 - CFD: 20/05/2010 - 22.02.25 - [] ----D C:\Program Files\Er Finestra
O43 - CFD: 17/08/2013 - 22.19.32 - [] ----D C:\Program Files\ffvfw
O43 - CFD: 29/09/2009 - 23.22.04 - [] -SH-D C:\Program Files\File comuni
O43 - CFD: 05/08/2011 - 18.18.40 - [] ----D C:\Program Files\LimeWire
O43 - CFD: 24/04/2015 - 11.37.42 - [] ----D C:\Program Files\PokerStars.IT
O43 - CFD: 02/05/2015 - 21.57.09 - [] ----D C:\Program Files\UltraZip
O43 - CFD: 28/12/2012 - 23.38.10 - [] ----D C:\ProgramData\55-6p-p5-r0-60-31
O43 - CFD: 25/02/2012 - 17.57.36 - [] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 29/09/2009 - 23.22.04 - [] -SH-D C:\ProgramData\Documenti
O43 - CFD: 29/09/2009 - 23.22.04 - [] -SH-D C:\ProgramData\Menu Avvio
O43 - CFD: 29/09/2009 - 23.22.04 - [] -SH-D C:\ProgramData\Preferiti
O43 - CFD: 02/05/2015 - 21.57.08 - [] ----D C:\ProgramData\Service
O43 - CFD: 04/12/2012 - 23.01.45 - [0] ----D C:\ProgramData\????
O43 - CFD: 04/12/2012 - 23.01.44 - [0] ----D C:\ProgramData\????Ä???8520-1533-40C5-AD09-953C574F14BCÄ???
O43 - CFD: 09/12/2012 - 12.35.51 - [0] ----D C:\ProgramData\?E?E?????????????????????????
O43 - CFD: 08/12/2012 - 10.59.23 - [0] ----D C:\ProgramData\?í?í?????????????????????????
O43 - CFD: 17/12/2012 - 21.49.43 - [0] ----D C:\ProgramData\?????????????????????????????
O43 - CFD: 18/12/2012 - 23.03.43 - [0] ----D C:\ProgramData\????
O43 - CFD: 26/12/2012 - 13.40.19 - [0] ----D C:\ProgramData\????
O43 - CFD: 11/12/2012 - 23.00.07 - [0] ----D C:\ProgramData\????
O43 - CFD: 03/05/2015 - 16.07.48 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffvfw
O43 - CFD: 20/05/2010 - 22.02.23 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Radio Deejay
O43 - CFD: 02/11/2006 - 14.35.50 - [] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 07/12/2011 - 18.50.41 - [0] ----D C:\Users\Francesco\AppData\Roaming\Ansylo
O43 - CFD: 26/02/2012 - 18.43.30 - [0] ----D C:\Users\Francesco\AppData\Roaming\Daawpya
O43 - CFD: 22/03/2012 - 18.55.51 - [] ----D C:\Users\Francesco\AppData\Roaming\Edfoy
O43 - CFD: 24/02/2012 - 20.54.58 - [] ----D C:\Users\Francesco\AppData\Roaming\Ifuvv
O43 - CFD: 24/03/2012 - 1.48.55 - [0] ----D C:\Users\Francesco\AppData\Roaming\Imudy
O43 - CFD: 07/12/2011 - 1.25.33 - [0] ----D C:\Users\Francesco\AppData\Roaming\Raa
O43 - CFD: 31/12/2012 - 18.32.55 - [] ----D C:\Users\Francesco\AppData\Roaming\RisikoDigitalII
O43 - CFD: 04/05/2015 - 0.34.56 - [] ----D C:\Users\Francesco\AppData\Local\EE221CBB-1430603881-DE11-8A19-0007E9BECBF3
O43 - CFD: 02/05/2015 - 22.52.30 - [] ----D C:\Users\Francesco\AppData\Local\EE221CBB-1430603896-DE11-8A19-0007E9BECBF3
O43 - CFD: 27/09/2014 - 16.32.34 - [] ----D C:\Users\Francesco\AppData\Local\PokerStars.IT
O43 - CFD: 02/09/2012 - 13.02.17 - [] ----D C:\Users\Francesco\AppData\Local\PosService
O43 - CFD: 01/09/2012 - 21.22.00 - [] ----D C:\Users\Francesco\AppData\Local\PowerOffer
O43 - CFD: 13/02/2014 - 18.05.51 - [] ----D C:\Users\Francesco\AppData\Local\Senza titolo
O43 - CFD: 02/03/2013 - 22.45.55 - [] ----D C:\Users\Francesco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Guadagnare 200 Euro al giorno Sistema 1
O43 - CFD: 20/05/2010 - 22.02.22 - [0] ----D C:\Users\Francesco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Radio Deejay
~ Program Folder: 231 Legitimates Filtered in 00mn 01s



---\\ Ultimi file modificati o creati su Windows e System32 (O44)
O44 - LFC:[MD5.35281CA2C003866E54C0F60CFC3FCC32] - 02/05/2015 - 20.56.11 ---A- . (...) -- C:\Windows\win.ini [321]
O44 - LFC:[MD5.1F3CE16AE4BAB02C8DCD204FF40A4A8A] - 02/05/2015 - 21.11.39 ---A- . (...) -- C:\Windows\System32\029B560A371F4E00AB32838EBC01B9E7 [4]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 02/05/2015 - 21.26.00 RSHA- . (...) -- C:\IO.SYS [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 02/05/2015 - 21.26.00 RSHA- . (...) -- C:\MSDOS.SYS [0]
O44 - LFC:[MD5.A8157C84E32545BDF27F5297FDF560ED] - 06/05/2015 - 13.35.01 ---A- . (...) -- C:\Windows\ntbtlog.txt [380082]
~ Files: 16 Legitimates Filtered in 00mn 25s



---\\ Operazioni e funzioni all'avvio di Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Enumerazione della chiave del Registro di sistema StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\PosService [Key] . (.PLauncher - PLauncher.) -- C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe
~ SMSR Keys: 17 Legitimates Filtered in 00mn 00s



---\\ Enumerazione del Registro chiavi PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Elenco dei driver del sistema (SDL) (O58)
O58 - SDL:18/04/2015 - 13.52.30 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24144] =>.ALWIL Software
O58 - SDL:18/04/2015 - 13.51.47 ---A- . (.ALWIL Software - avast! Filtering NDIS driver.) -- C:\Windows\System32\Drivers\aswNdis.sys [12112]
O58 - SDL:18/04/2015 - 13.52.30 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49904] =>.ALWIL Software
O58 - SDL:18/04/2015 - 13.52.30 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208024] =>.ALWIL Software
O58 - SDL:25/10/2010 - 10.07.48 ---A- . (.Devguru Co., Ltd - Device Error Recovery SDK(x86).) -- C:\Windows\System32\Drivers\dgderdrv.sys [18120]
O58 - SDL:21/01/2008 - 3.21.30 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [342584]
O58 - SDL:02/11/2006 - 10.50.07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\Drivers\iteatapi.sys [35944]
O58 - SDL:02/11/2006 - 10.50.09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\Drivers\iteraid.sys [35944]
O58 - SDL:30/12/2010 - 10.41.56 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [66112]
O58 - SDL:30/12/2010 - 10.41.56 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [180672]
O58 - SDL:30/12/2010 - 10.41.56 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Mobile Logging Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudserd.sys [180672]
O58 - SDL:21/01/2008 - 3.21.28 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\Drivers\uliahci.sys [238648]
O58 - SDL:02/11/2006 - 10.50.35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\System32\Drivers\ulsata.sys [98408]
O58 - SDL:21/01/2008 - 3.21.31 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\System32\Drivers\ulsata2.sys [115816]
O58 - SDL:16/04/2010 - 7.33.36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys [41472]
O58 - SDL:02/11/2006 - 8.09.42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:02/11/2006 - 8.09.45 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:25/10/2010 - 10.03.52 ---A- . (...) -- C:\Windows\System32\FsUsbExDisk.Sys [36640]
O58 - SDL:02/11/2006 - 8.09.41 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:02/11/2006 - 8.09.44 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:02/11/2006 - 8.09.44 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:02/11/2006 - 8.09.29 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:02/11/2006 - 8.09.35 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:02/11/2006 - 8.09.38 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:02/11/2006 - 8.09.40 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:02/11/2006 - 8.09.31 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:02/11/2006 - 8.09.20 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:02/11/2006 - 8.09.23 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:02/11/2006 - 8.09.24 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:02/11/2006 - 8.09.26 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:02/11/2006 - 8.09.22 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 93 Legitimates Filtered in 00mn 06s



---\\ Elenco di strumenti di disinfezione (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Elenco servizi registrati legacy (LALS) (O64)
O64 - Services: CurCS - 18/04/2015 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
~ Legacy: 82 Legitimates Filtered in 00mn 00s



---\\ Associazioni Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu Start Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Cerca "infezione su browser internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - https://www.bing.com/?toHttps=1&redig=2F13C9FB4BE74CED9DE7191D634B97FB
~ Keys: Scanned in 00mn 00s



---\\ Condizioni generali dei servizi non Microsoft (GSR) (SR = esecuzione, SS = fermato)
SS - | Demand 03/05/2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 16/04/2010 144672 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SS - | Auto 10/03/2015 570136 | (asl) . (...) - C:\ProgramData\Service\Application\asl.exe
SS - | Disabled 25/10/2010 95568 | (dgdersvc) . (.Devguru Co., Ltd..) - C:\Windows\system32\dgdersvc.exe
SS - | Disabled 30/09/2009 654848 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Disabled 25/10/2010 217088 | (FsUsbExService) . (.Teruten.) - C:\Windows\system32\FsUsbExService.exe
SS - | Auto 27/11/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 27/11/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 22/12/2009 136120 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Disabled 28/04/2010 545576 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Disabled 31/12/2008 174616 | (LMS) . (.Intel Corporation.) - C:\Program Files\Intel\AMT\LMS.exe
SS - | Disabled 05/05/2015 208384 | (mijifyhu) . (...) - C:\Users\Francesco\AppData\Local\EE221CBB-1430603881-DE11-8A19-0007E9BECBF3\cnsh2DA3.tmp
SS - | Disabled 20/09/2007 853288 | (Nero BackItUp Scheduler 3) . (.Nero AG.) - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
SS - | Disabled 20/09/2007 382248 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
SS - | Disabled 03/04/2012 169472 | (PowerOffer Service) . (.PowerOfferService.) - C:\Users\Francesco\AppData\Local\PosService\Pos.exe
SS - | Disabled 31/12/2008 2054680 | (UNS) . (.Intel Corporation.) - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
SS - | Demand 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2014 286208 | (AUS) . (.MS.) - C:\Program Files\CandyBox\aus.exe
SR - | Auto 18/04/2015 343336 | (avast! Antivirus) . (.Avast Software s.r.o..) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 18/04/2015 107448 | (avast! Firewall) . (.Avast Software s.r.o..) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SR - | Demand 18/04/2015 3205216 | (AvastVBoxSvc) . (.Avast Software.) - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
SR - | Auto 20/07/2014 406528 | (Log S.M.) . (.Link Up Advertising.) - C:\Program Files\CandyBox\cab.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 11s



---\\ Scansione aggiuntive (O88)
Database Version : 13008 - (23/02/2015)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E] =>PUP.SweetIM
[HKLM\Software\poker 770] =>Adware.Casino
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8] =>PUP.SweetIM
~ Additionnel Scan: 306200 Items scanned in 00mn 38s



---\\ Informationi complémentaires sul le segnalazione
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, gestione Proxy (R5)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer barre degli strumenti (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Iniziato da file e registro applicazioni (O4)
~ AMI: 3 Legitimates Filtered in 00mn 00s



---\\ Riepilogo dei rilevamenti trovato sulla workstation
http://nicolascoolman.fr/pup-dealply =>PUP.Dealply
http://nicolascoolman.fr/pup-isstart =>PUP.IsStart
http://nicolascoolman.fr/pup-bubbledock =>PUP.BubbleDock
http://nicolascoolman.fr/pup-sweetim =>PUP.SweetIM
http://nicolascoolman.fr/28388393-adware-casino =>Adware.Casino
~ MSI: 5 link(s) detected in 00mn 00s



~ 889 Legitimates filtered by white list
End of the scan (547 lines in 02mn 20s)(0.4)
l'embrouille 75 Posti 5307 Data di registrazione lunedì 4 luglio 2011 Stato Membri Ultimo intervento giovedì 5 luglio 2018 749
6 mag 2015 alle 10:20
Ciao,
Prova anche a fare questo:
Clicca su Start = Ricerca = Fa una ricerca con la parola Adserver Candy box o Candybox e cancella tutti i files trovato.

frank2913 Posti 11 Data di registrazione lunedì 4 maggio 2015 Stato Membri Ultimo intervento giovedì 7 maggio 2015
6 mag 2015 alle 13:20
Ciao. Ci ho già pensato e in teoria lo avrei anche disinstallato, ma continua in qualche modo ad esserci anche se il programma non esiste. Per le mie limitate competenze non so dove andare a parare.