cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Riporto di ZHPDiag v2014.2.17.15 - Nicolas Coolman (17/02/2014)
~ Lanciato da moha (22/02/2014 12:17:48)
~ Indirizzo del sito Web : http://nicolascoolman.webs.com
~ Forum di supporto gratuito per la disinfezione : http://nicolascoolman.webs.com/apps/links/
~ Tradotto da
~ Stato della versione :
~ Lista Bianca : Attivata dal programma
~ Elevazione dei privilegi : OK
~ Controllo dell'Account utente : Deactivate by program


---\\ Browser Internet
MSIE: Internet Explorer v11.0.9600.16518
GCIE: Google Chrome v31.0.1650.57 (Defaut)

---\\ Informazioni sul prodotto Windows
~ Langage: Italien
Windows Vista (TM) Ultimate, 64-bit Service Pack 1 (Build 6000)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK

---\\ Software di protezione del sistema
avast! Free Antivirus v8.0.1489.0

---\\ Software di ottimizzazione del sistema
CCleaner v4.02 =>Piriform Ltd

---\\ Condivisione di software PeerToPeer

---\\ Software di sorveglianza
Adobe Flash Player 12 ActiveX
Adobe Reader XI
Java 7 Update 45

---\\ Informazioni sul sistema
~ Processor: Intel64 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3766 MB (50% free)
System Restore: Activé (Enable)
System drive C: has 404 GB (89%) free of 453 GB

---\\ Connessione alla modalità sistema
~ Computer Name: MOHA-PC
~ User Name: moha
~ All Users Names: moha, HomeGroupUser$, Guest, Administrator,
~ Unselected Option: O61
Logged in as Administrator

---\\ Variabili di ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\moha\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\moha\AppData\Roaming\
~ %Desktop% : C:\Users\moha\Desktop\
~ %Favorites% : C:\Users\moha\Favorites\
~ %LocalAppData% : C:\Users\moha\AppData\Local\
~ %StartMenu% : C:\Users\moha\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumerazione delle unità disco
C: Hard drive, Flash drive, Thumb drive (Free 404 Go of 453 Go)
D: CD-ROM drive (Not Inserted)



---\\ Stato di Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Ricerca di particolari file generico
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Esplora risorse.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Applicazione di avvio di Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.263B6E451526A90FF8B1CEC759F22956] - (.Microsoft Corporation - Internet Extensions per Win32.) (.06/02/2014 - 10:24:52.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Applicazione Accesso a Windows.) (.21/11/2010 - 04:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Libreria gestione licenze software.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver della porta i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Driver file system NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver della porta parallela.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/11/2010 - 04:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver copia shadow del volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Stato dei file nascosti (nascosti/totale)
~ Mes images (My Pictures) : 1/10
~ Mes Favoris (My Favorites) : 1/142
~ Mes Documents (My Documents) : 3/26
~ Mon Bureau (My Desktop) : 1/6086
~ Menu demarrer (Programs) : 1/43
~ Hidden Files: Scanned in 00mn 05s



---\\ Processo avviato
[MD5.FC9B9EEE213709758147FBDA9B76DFF3] - (.Updater - Updater service.) -- C:\ProgramData\Updater\updater.exe [481144] [PID.3976] =>PUP.CrossRider
[MD5.3F11B20D12D89365D7721BDC860CE5F0] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968] [PID.596]
[MD5.183FE367262870FD6B88BD579FE6F03C] - (.WatchDog - No Comment.) -- C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe [426872] [PID.4412] =>PUP.SearchDonkey
[MD5.183FE367262870FD6B88BD579FE6F03C] - (.WatchDog - No Comment.) -- C:\ProgramData\RHelpers\FireFoxHelper\FireFoxHelper.exe [426872] [PID.4460] =>PUP.SearchDonkey
[MD5.183FE367262870FD6B88BD579FE6F03C] - (.WatchDog - No Comment.) -- C:\ProgramData\RHelpers\IEHelper\IeHelper.exe [426872] [PID.4588] =>PUP.SearchDonkey
[MD5.F3287508ECF3FB139CD7FFBB764F59F2] - (.BernyR - Dreambox Control Center.) -- C:\Users\moha\Desktop\dream\dcc\DCC.exe [6640128] [PID.4688]
[MD5.D0E625DE0932DF394CCF28F3AC8396E5] - (...) -- C:\Users\moha\Desktop\dream\DreamCS Gbox Tool\DreamCS.exe [2667520] [PID.3772]
[MD5.6242E3D67787CCBF4E06AD2982853144] - (.Microsoft Corporation - Comando Ping TCP/IP.) -- C:\Windows\SysWOW64\ping.exe [15360] [PID.2604]
[MD5.4263F6C131E513CEA1AE82B5B81A4E1A] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [808152] [PID.4340]
[MD5.9366903B457F71640F5B6AE2CA2A0EAC] - (.No owner - CS Studio.) -- C:\Program Files (x86)\CS Studio\CS Studio.exe [1108992] [PID.4640]
[MD5.8750B3454AF73568BE6203047A08F560] - (.Apache Software Foundation - Apache HTTP Server.) -- C:\Program Files (x86)\CS Studio\Apache2.2\bin\httpd.exe [24645] [PID.1832]
[MD5.AB44884BC129FC04D75A4649E0710203] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8338432] [PID.7992]
[MD5.9D35F4CD788ED5FF8CC22F89317E7C83] - (.IObit - Advanced SystemCare Service.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [878368] [PID.512]
[MD5.28D6701C710AD7BA3CB95E75F8F1A9AA] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808] [PID.1564]
[MD5.F4EFDF37D84A555ECF75F9944C7D6945] - (.Cherished Technololgy LIMITED - WPM Service.) -- C:\ProgramData\WPM\wprotectmanager.exe [499856] [PID.1816] =>PUP.WpManager
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.2036]
[MD5.9E530C6F0EEE34CCEAC8104838AB68C7] - (.Microsoft Corporation - Updates Skype Click to Call.) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616] [PID.2328]
[MD5.96B14B79C71CE4A7783184CC8B5DBCE8] - (.Microsoft Corporation - Phone Number Recognition (PNR) module.) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640] [PID.2428]
[MD5.12386962A77AF92C22D6B0D2357658C5] - (.Parallel Lines Development, LLC - Internet Updater Service.) -- C:\ProgramData\InternetUpdater\InternetUpdaterService.exe [45568] [PID.2812] =>Adware.IncrediBar
[MD5.BEFF149A82F78B648046108EB9D28893] - (.IObit - Product Updater.) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200] [PID.2856]
[MD5.F02A533F517EB38333CB12A9E8963773] - (.Google Inc. - Google Installer.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [136176] [PID.6188]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, start, cerca, estensioni (G0, G1, G2)
C:\Users\moha\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://it.search.yahoo.com
G0 - GCSP: Preference [User Data\Default] http://websearch.search-guide.info =>PUP.WSGuideInfo
G2 - GCE: Preference [User Data\Default] [amfclgbdpgndipgoegfpkkgobahigbcl] Snap.Do v.1.4, (Désactivé) =>Hijacker.SmartBar
G2 - GCE: Preference [User Data\Default] [gaohomgkplmekmskucbkoskmmpgpmjgl] Tube Dimmer v.2.6.48 (Activé) =>PUP.TubeDimmer
G2 - GCE: Preference [User Data\Default] [hahpjplbmicfkmoccokbjejahjjpnena] Improved Search v.1.2 (Activé) =>Hijacker.SearchB1org
G2 - GCE: Preference [User Data\Default] [hbcennhacfaagdopikcegfcobcadeocj] Ebay Shopping Assistant by Spigot v.1.1 (Activé) =>PUP.Dealio
G2 - GCE: Preference [User Data\Default] [icdlfehblmklkikfigmjhbmmpmkmpooj] Domain Error Assistant v.1.3 (Activé) =>PUP.Dealio
G2 - GCE: Preference [User Data\Default] [ifohbjbgfchkkfhphahclmkpgejiplfo] Lightning Newtab v.1.1.8.5, (Activé) =>PUP.Elex
G2 - GCE: Preference [User Data\Default] [igjjkeeamkpihpncmmbgdkhdnjpcfmfb] Tube Dimmer v.2.6.48 (Activé) =>PUP.TubeDimmer
G2 - GCE: Preference [User Data\Default] [kljomipciokglfnjdnmmghflipgncine] surf aned keeP v.2.19 (Activé) =>Adware.SurfAndKeep
G2 - GCE: Preference [User Data\Default] [mhkaekfpcppmmioggniknbnbdbcigpkk] Slick Savings v.2.4 (Activé) =>PUP.Dealio
G2 - GCE: Preference [User Data\Default] [oonmfoejhccgbckkgnhlhheaeaagodaj] Downlload keepeere v.1.6 (Activé) =>PUP.DownloadKeeper
G2 - GCE: Preference [User Data\Default] [pfndaklgolladniicklehhancnlgocpp] Amazon Shopping Assistant by Spigot v.1.0 (Activé) =>PUP.Dealio
~ Google Browser: 29 Legitimates Filtered in 00mn 02s



---\\ Internet Explorer, start, cerca, URLSearchHook, Phishing (R0, R1, R3, R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nationzoom.com =>Hijacker.NationZoom
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.nationzoom.com =>Hijacker.NationZoom
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com =>Hijacker.SmartBar
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.nationzoom.com =>Hijacker.NationZoom
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nationzoom.com =>Hijacker.NationZoom
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nationzoom.com =>Hijacker.NationZoom
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com =>Hijacker.SmartBar
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com =>Hijacker.SmartBar
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.nationzoom.com =>Hijacker.NationZoom
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nationzoom.com =>Hijacker.NationZoom
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nationzoom.com =>Hijacker.NationZoom
~ IE Browser: 22 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, gestione Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.2
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analisi delle linee F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 22



---\\ Browser Helper Objects da browser (O2)
O2 - BHO: suurf and Keep [64Bits] - {CE18E333-BAF8-9B07-D408-47CF522D18D9} . (...) -- C:\Program Files (x86)\suurf and Keep\x.dll =>Adware.SurfAndKeep
O2 - BHO: NitroPDFBHO Class [64Bits] - {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} Chiave orfano
O2 - BHO: YoutubeAdblocker [64Bits] - {FA26C285-FFA0-58A2-66FA-6F29606D02B1} . (...) -- C:\Program Files (x86)\YoutubeAdblocker\5de.dll =>PUP.Multiplug
O2 - BHO: Adblock Plus for IE Browser Helper Object [64Bits] - {FFCB3198-32F3-4E8B-9539-4324694ED664} . (.Adblock Plus - Adblock Plus Module.) -- C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
O2 - BHO: ExplorerWnd Helper [64Bits] - {10921475-03CE-4E04-90CE-E2E7EF20C814} Chiave orfano
O2 - BHO: (no name) [64Bits] - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Chiave orfano
O2 - BHO: Snap.DoEngine [64Bits] - {31ad400d-1b06-4e33-a59a-90c2c140cba0} . (...) -- mscoree.dll (.not file.) =>Hijacker.SmartBar
~ BHO: 24 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer barre degli strumenti (O3)
O3 - Toolbar: avast! Online Security - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O3 - Toolbar: Snap.Do - [HKLM]{ae07101b-46d4-4a98-af68-0333ea26e113} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chiave orfano
~ Toolbar: Scanned in 00mn 00s



---\\ Altri link utenti (O4)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.nationzoom.com =>Hijacker.NationZoom
O4 - GS\Desktop [Public]: PowerISO.lnk . (.Power Software Ltd - PowerISO.) -- C:\Program Files (x86)\PowerISO\PowerISO.exe
O4 - GS\Desktop [Public]: Uninstaller.lnk . (.IObit - Uninstall Programs.) -- C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
O4 - GS\QuickLaunch [moha]: BestSoftCracked Free Download.lnk . (...) -- C:\Program Files (x86)\Live TV on PC 2012\BestSoftCracked Free Download.url
O4 - GS\QuickLaunch [moha]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.nationzoom.com =>Hijacker.NationZoom
O4 - GS\QuickLaunch [moha]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.nationzoom.com =>Hijacker.NationZoom
O4 - GS\QuickLaunch [moha]: Live TV on PC 2012 v1.23.lnk . (...) -- C:\Program Files (x86)\Live TV on PC 2012\Live TV on PC 2012 v1.23.exe
O4 - GS\TaskBar [moha]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.nationzoom.com =>Hijacker.NationZoom
O4 - GS\TaskBar [moha]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.nationzoom.com =>Hijacker.NationZoom
O4 - GS\TaskBar [moha]: On-Screen Keyboard.lnk . (.Microsoft Corporation - Tastiera su schermo accessibilità.) -- C:\Windows\system32\osk.exe
O4 - GS\Program [moha]: BestSoftCracked Free Download.lnk . (...) -- C:\Program Files (x86)\Live TV on PC 2012\BestSoftCracked Free Download.url
O4 - GS\Program [moha]: CS Studio.lnk . (...) -- C:\Program Files (x86)\CS Studio\CS Studio.exe
O4 - GS\Program [moha]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.nationzoom.com =>Hijacker.NationZoom
O4 - GS\Program [moha]: Live TV on PC 2012 v1.23.lnk . (...) -- C:\Program Files (x86)\Live TV on PC 2012\Live TV on PC 2012 v1.23.exe
O4 - GS\Program [moha]: Search.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.nationzoom.com =>Hijacker.NationZoom
O4 - GS\SystemTools [moha]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.nationzoom.com =>Hijacker.NationZoom
O4 - GS\Desktop [moha]: Athan.lnk . (.www.IslamicFinder.org - Automatic Athan (Azan) five times a day f.) -- C:\Program Files (x86)\Athan\Athan.exe
O4 - GS\Desktop [moha]: CS Studio.lnk . (...) -- C:\Program Files (x86)\CS Studio\CS Studio.exe
O4 - GS\Desktop [moha]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.nationzoom.com =>Hijacker.NationZoom
O4 - GS\Desktop [moha]: Your Unin-staller!.lnk . (.URSoft,Inc - Your Uninstaller! - New way to uninstall pr.) -- C:\Program Files (x86)\Your Uninstaller 2010\urmain.exe
O4 - GS\QuickLaunch [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Guest]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Guest]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Guest]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Guest]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Global Startup: 87 Legitimates Filtered in 00mn 02s



---\\ Iniziato da file e registro applicazioni (O4)
O4 - GS\Startup [moha]: OneNote 2010 Screen Clipper and Launcher.lnk . (...) -- C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.exe (.not file.)
O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [Updater] . (.Updater - Updater service.) -- C:\ProgramData\Updater\updater.exe =>PUP.CrossRider
O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadget per il desktop di Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadget per il desktop di Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2045253165-1226071829-2013089991-1000\..\Run: [Updater] . (.Updater - Updater service.) -- C:\ProgramData\Updater\updater.exe =>PUP.CrossRider
~ Application: Scanned in 00mn 00s



---\\ I pulsanti sulla barra degli strumenti "principali strumenti" di Internet Explorer (O9)
O9 - Extra button: إر&سال إلى OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: ملاحظات OneNote الم&رتبطة [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)
O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modificare gli indirizzi DNS domain (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C8EDB6E-E229-4C6D-BA24-5B6567D3517E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{67228E02-7315-49DA-BE9A-D4B52D801633}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{67228E02-7315-49DA-BE9A-D4B52D801633}: DhcpDomain = localdomain
O17 - HKLM\System\CS1\Services\Tcpip\..\{2C8EDB6E-E229-4C6D-BA24-5B6567D3517E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{67228E02-7315-49DA-BE9A-D4B52D801633}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{67228E02-7315-49DA-BE9A-D4B52D801633}: DhcpDomain = localdomain
O17 - HKLM\System\CS2\Services\Tcpip\..\{2C8EDB6E-E229-4C6D-BA24-5B6567D3517E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{67228E02-7315-49DA-BE9A-D4B52D801633}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{67228E02-7315-49DA-BE9A-D4B52D801633}: DhcpDomain = localdomain
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocollo addizionale (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizzatore HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valore di registro AppInit_DLLs e sottochiavi Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Valore di registro AppInit_DLLs e sottochiavi Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - ,C:\Windows\system32\nvinitx.dll (.not file.)
~ AppInit DLL: Scanned in 00mn 00s



---\\ Elenco dei servizi non Microsoft NT e non disabili (O23)
O23 - Service: Internet Updater (InternetUpdater) . (.Parallel Lines Development, LLC - Internet Updater Service.) - C:\ProgramData\InternetUpdater\InternetUpdaterService.exe =>Adware.IncrediBar
O23 - Service: Wpm Service (Wpm) . (.Cherished Technololgy LIMITED - WPM Service.) - C:\ProgramData\WPM\wprotectmanager.exe =>PUP.WpManager
~ Services: 9 Legitimates Filtered in 00mn 11s



---\\ Attività pianificate in modo automatico (039)
[MD5.00000000000000000000000000000000] [APT] [DealPlyUpdate] (...) -- C:\Program Files (x86)\DealPly\DealPlyUpdate.exe (.not file.) [0] =>PUP.DealPly
[MD5.00000000000000000000000000000000] [APT] [Desk 365 RunAsStdUser] (...) -- C:\Program Files (x86)\Desk 365\desk365.exe (.not file.) [0] =>Hijacker.22Find
[MD5.00000000000000000000000000000000] [APT] [{0B9DE003-A609-4377-AECD-6992E1B184D6}] (...) -- C:\Users\moha\Desktop\Almophakera.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{BA5453EC-3904-4ECA-8A4A-FD647634AA81}] (...) -- C:\Users\moha\Desktop\CCcam-info.exe (.not file.) [0]
~ Scheduled Task: 19 Legitimates Filtered in 00mn 08s



---\\ Software installato (O42)
O42 - Logiciel: CS Studio - (.Soft-Dream.) [HKLM][64Bits] -- CS Studio
O42 - Logiciel: Internet Updater - (.Parallel Lines Development, LLC.) [HKLM][64Bits] -- InternetUpdater
O42 - Logiciel: WPM17.8.0.3297 - (.Cherished Technololgy LIMITED.) [HKLM][64Bits] -- WPM =>PUP.WpManager
O42 - Logiciel: YoutubeAdblocker - (.YoutubeAdblocker.) [HKLM][64Bits] -- {4820778D-AB0D-6D18-C316-52A6A0E1D507} =>PUP.Multiplug
O42 - Logiciel: suurf and Keep - (.SuRRf andu keeP.) [HKLM][64Bits] -- {A35CA8FF-CB7D-8361-1CB9-83219CD11C78} =>Adware.SurfAndKeep
O42 - Logiciel: ÇáãÝßÑÉ ÇáÅÓáÇãíÉ - (...) [HKLM][64Bits] -- ÇáãÝßÑÉ ÇáÅÓáÇãíÉ1.0
~ Logic: 9 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN PIP]
[HKCU\Software\BI]
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\CToolbar]
[HKCU\Software\DealPlyLive] =>PUP.DealPly
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\OUP]
[HKCU\Software\SmartbarBackup] =>Hijacker.SmartBar
[HKCU\Software\SmartbarLog] =>Hijacker.SmartBar
[HKCU\Software\Smartbar] =>Hijacker.SmartBar
[HKCU\Software\TutoTag] =>Spyware.AgenceExclusive
[HKCU\Software\Tutorials] =>Spyware.AgenceExclusive
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKLM\Software\Wow6432Node\"EnigmEdit]
[HKLM\Software\Wow6432Node\CToolbar]
[HKLM\Software\Wow6432Node\DataMngr] =>PUP.Datamngr
[HKLM\Software\Wow6432Node\IO3O]
[HKLM\Software\Wow6432Node\SProtector] =>PUP.Mocaflix
[HKLM\Software\Wow6432Node\Tutorials] =>Spyware.AgenceExclusive
[HKLM\Software\Wow6432Node\deskSvc]
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager
~ Key Software: 189 Legitimates Filtered in 00mn 00s



---\\ Contenuto delle cartelle Programmi, ProgramFiles, ProgramData, AppData (O43)
O43 - CFD: 03/09/2013 - 16:26:48 - [0] ----D C:\Program Files (x86)\Bushman Solutions
O43 - CFD: 07/01/2014 - 17:57:59 - [21,751] ----D C:\Program Files (x86)\CS Studio
O43 - CFD: 07/01/2014 - 13:11:19 - [0] ----D C:\Program Files (x86)\DealPly =>PUP.DealPly
O43 - CFD: 07/01/2014 - 13:52:27 - [0] ----D C:\Program Files (x86)\DealPlyLive =>PUP.DealPly
O43 - CFD: 04/11/2013 - 20:17:43 - [0,354] ----D C:\Program Files (x86)\Downlload keepeere =>PUP.DownloadKeeper
O43 - CFD: 30/06/2013 - 17:47:53 - [0] ----D C:\Program Files (x86)\Filesland
O43 - CFD: 21/11/2013 - 16:41:28 - [0] ----D C:\Program Files (x86)\fst_it_14
O43 - CFD: 17/11/2013 - 18:46:56 - [1,417] ----D C:\Program Files (x86)\Live TV on PC 2012
O43 - CFD: 09/10/2013 - 17:18:43 - [0] ----D C:\Program Files (x86)\LiveSupport
O43 - CFD: 01/10/2013 - 16:06:55 - [0] ----D C:\Program Files (x86)\Longman
O43 - CFD: 29/10/2013 - 17:08:41 - [10,330] ----D C:\Program Files (x86)\MyPC Backup =>PUP.MyPCBackup
O43 - CFD: 01/10/2013 - 17:50:38 - [0] ----D C:\Program Files (x86)\OUP
O43 - CFD: 14/10/2013 - 17:44:09 - [0] ----D C:\Program Files (x86)\RegClean Pro =>Rogue.RegistryPowerCleaner
O43 - CFD: 22/11/2013 - 15:01:30 - [0,866] ----D C:\Program Files (x86)\suurf and Keep =>Adware.SurfAndKeep
O43 - CFD: 05/11/2013 - 00:59:57 - [0] ----D C:\Program Files (x86)\WebSearch
O43 - CFD: 22/11/2013 - 15:01:37 - [0,866] ----D C:\Program Files (x86)\YoutubeAdblocker =>PUP.Multiplug
O43 - CFD: 10/11/2013 - 19:56:54 - [0,775] ----D C:\Program Files (x86)\ÇáãÝßÑÉ ÇáÅÓáÇãíÉ
O43 - CFD: 07/01/2014 - 12:50:05 - [33,331] ----D C:\Program Files (x86)\Common Files\337
O43 - CFD: 15/11/2013 - 13:30:59 - [0,588] ----D C:\Program Files (x86)\Common Files\Spigot =>PUP.Dealio
O43 - CFD: 22/11/2013 - 15:01:37 - [0,061] ----D C:\ProgramData\1990d3c906c6db58
O43 - CFD: 10/08/2013 - 12:51:40 - [0] ----D C:\ProgramData\Babylon =>PUP.Babylon
O43 - CFD: 07/01/2014 - 12:47:16 - [0,070] ----D C:\ProgramData\DealPlyLive =>PUP.DealPly
O43 - CFD: 18/06/2013 - 18:11:51 - [0] -SH-D C:\ProgramData\Documenti
O43 - CFD: 05/11/2013 - 00:59:57 - [0] ----D C:\ProgramData\Downlload keepeere =>PUP.DownloadKeeper
O43 - CFD: 25/10/2013 - 20:46:13 - [0] ----D C:\ProgramData\Downlooadd keeper =>PUP.DownloadKeeper
O43 - CFD: 25/10/2013 - 20:46:13 - [0,003] ----D C:\ProgramData\EboookkBrowwse =>Adware.eBookBrowse
O43 - CFD: 22/11/2013 - 15:00:54 - [3,169] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 17/01/2014 - 18:28:41 - [1,432] ----D C:\ProgramData\InternetUpdater
O43 - CFD: 18/06/2013 - 18:11:51 - [0] -SH-D C:\ProgramData\Menu Avvio
O43 - CFD: 18/06/2013 - 18:11:51 - [0] -SH-D C:\ProgramData\Preferiti
O43 - CFD: 03/11/2013 - 20:46:18 - [0] ----D C:\ProgramData\ProductData
O43 - CFD: 21/11/2013 - 13:22:13 - [1,221] ----D C:\ProgramData\RHelpers =>PUP.SearchDonkey
O43 - CFD: 22/11/2013 - 15:01:31 - [0,357] ----D C:\ProgramData\suurf and Keep =>Adware.SurfAndKeep
O43 - CFD: 21/11/2013 - 13:22:13 - [1,103] ----D C:\ProgramData\TubeDimmer =>PUP.TubeDimmer
O43 - CFD: 21/11/2013 - 13:22:13 - [0,459] ----D C:\ProgramData\Updater =>PUP.CrossRider
O43 - CFD: 07/01/2014 - 12:48:31 - [0,477] ----D C:\ProgramData\WPM =>PUP.WpManager
O43 - CFD: 22/11/2013 - 15:01:37 - [0,357] ----D C:\ProgramData\YoutubeAdblocker =>PUP.Multiplug
O43 - CFD: 03/11/2013 - 20:46:08 - [0] ----D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
O43 - CFD: 16/01/2014 - 19:06:01 - [0] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 03/09/2013 - 16:10:41 - [1,249] ----D C:\Users\moha\AppData\Roaming\BabSolution =>Hijacker.BabSolution
O43 - CFD: 10/08/2013 - 12:51:40 - [0,006] ----D C:\Users\moha\AppData\Roaming\Babylon =>PUP.Babylon
O43 - CFD: 25/10/2013 - 19:51:19 - [0] ----D C:\Users\moha\AppData\Roaming\DealPly =>PUP.DealPly
O43 - CFD: 01/10/2013 - 16:09:21 - [0,016] ----D C:\Users\moha\AppData\Roaming\lpd
O43 - CFD: 01/10/2013 - 16:03:32 - [6,944] ----D C:\Users\moha\AppData\Roaming\OpenCandy =>Adware.OpenCandy
O43 - CFD: 07/01/2014 - 12:46:58 - [0,163] ----D C:\Users\moha\AppData\Local\B1E
O43 - CFD: 07/01/2014 - 12:47:16 - [0] ----D C:\Users\moha\AppData\Local\DealPlyLive =>PUP.DealPly
O43 - CFD: 01/10/2013 - 16:09:19 - [0] ----D C:\Users\moha\AppData\Local\lpd
O43 - CFD: 25/10/2013 - 19:52:59 - [20,770] ----D C:\Users\moha\AppData\Local\Smartbar =>Hijacker.SmartBar
O43 - CFD: 01/07/2013 - 15:45:19 - [19,339] ----D C:\Users\moha\AppData\Local\{9D64DBC2-83C5-4CE0-B1AF-E18E0536C633}
O43 - CFD: 07/01/2014 - 17:58:00 - [0,011] ----D C:\Users\moha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CS Studio
O43 - CFD: 17/11/2013 - 18:46:56 - [0,004] ----D C:\Users\moha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live TV on PC 2012
~ Program Folder: 182 Legitimates Filtered in 00mn 16s



---\\ Ultimi file modificati o creati su Windows e System32 (O44)
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 09/02/2014 - 20:56:08 ---A- . (...) -- C:\asc_rdflag [0]
O44 - LFC:[MD5.E13F489F0B1E52319A86BDD996263F4B] - 16/02/2014 - 12:26:49 ---A- . (...) -- C:\Windows\win.ini [478]
O44 - LFC:[MD5.C339A59C2C62110E560CC80FBFC0A66F] - 21/02/2014 - 20:58:37 ---A- . (...) -- C:\Windows\IE11_main.log [1409]
O44 - LFC:[MD5.5FF4F0B4185ABBD3B05D724B3A6CE0E4] - 21/02/2014 - 21:17:01 ---A- . (...) -- C:\Windows\AutoKMS.log [3051]
O44 - LFC:[MD5.B3B9295385F4E74D023181E5A24F4D83] - 22/02/2014 - 11:36:58 ---A- . (...) -- C:\Windows\Keygen.exe [77824]
~ Files: 60 Legitimates Filtered in 00mn 07s



---\\ Ultimi file creati in Windows Prefetcher (O45)
O45 - LFCP:[MD5.6371A6043075BDE91463EC2F61BD2E1E] - 07/02/2014 - 18:43:51 ---A- - C:\Windows\Prefetch\PROGRAMDEACTIVATOR.EXE-3451CBA0.pf
O45 - LFCP:[MD5.9ADFEB7C7599CE6F0116FBEA897DD50F] - 08/02/2014 - 16:32:20 ---A- - C:\Windows\Prefetch\ASCTRAY.EXE-82A44851.pf
O45 - LFCP:[MD5.56E96BDE6BDA1C5E96954F5EC6FABF28] - 10/02/2014 - 18:28:36 ---A- - C:\Windows\Prefetch\SETUP{DFDF8A3B-13BE-41A4-9C50-2F198B1E.pf
O45 - LFCP:[MD5.A5898B5053B5F60B698FFEA62DFBE2E9] - 12/02/2014 - 12:22:43 ---A- - C:\Windows\Prefetch\SETUP{A0B6E3EB-EF00-43F5-B8B6-37B18B5E.pf
O45 - LFCP:[MD5.9EB8C4A864C84710028DAD483999C463] - 20/02/2014 - 19:19:22 ---A- - C:\Windows\Prefetch\PERFORMANCEOPTIMIZER.EXE-DB215C0B.pf
O45 - LFCP:[MD5.FECA73C31565C49BBFD0EE401E1CFDC2] - 21/02/2014 - 11:22:15 ---A- - C:\Windows\Prefetch\AUTOSWEEP.EXE-A29D49CF.pf
O45 - LFCP:[MD5.1A2E0AC76179CA0C0EF105459BB5A4AF] - 22/02/2014 - 11:37:27 ---A- - C:\Windows\Prefetch\AUTOCARE.EXE-C07E2A92.pf
O45 - LFCP:[MD5.0B72EF5D212AC29E402FE6153E2E11E6] - 22/02/2014 - 11:37:27 ---A- - C:\Windows\Prefetch\DISPLAY.EXE-F7B8D24C.pf
O45 - LFCP:[MD5.A296592215F82F9A0CBF533198E4261B] - 22/02/2014 - 11:37:45 ---A- - C:\Windows\Prefetch\REALTIMEPROTECTOR.EXE-39BCD03F.pf
O45 - LFCP:[MD5.3D3888B3ECE6B89C165E14A213A9E107] - 22/02/2014 - 11:38:43 ---A- - C:\Windows\Prefetch\MONITORDISK.EXE-492F212D.pf
O45 - LFCP:[MD5.24377560DAB4EC40ECBF09F42400831E] - 22/02/2014 - 11:38:56 ---A- - C:\Windows\Prefetch\DCC.EXE-DE889A0E.pf
O45 - LFCP:[MD5.65333D0000842B65C26EE79B15C41946] - 22/02/2014 - 11:39:00 ---A- - C:\Windows\Prefetch\DREAMCS.EXE-E8B042F6.pf
O45 - LFCP:[MD5.C01CC12B9FB66480F729D8B774CA1DBE] - 22/02/2014 - 11:43:40 ---A- - C:\Windows\Prefetch\CS STUDIO.EXE-F72E432A.pf
O45 - LFCP:[MD5.AFB3C2DD6EED33DCB0FD8BCADBE500A5] - 22/02/2014 - 11:43:46 ---A- - C:\Windows\Prefetch\HTTPD.EXE-8C367349.pf
~ Prefetcher: 118 Legitimates Filtered in 00mn 01s



---\\ Operazioni e funzioni all'avvio di Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Chiave del Registro di sistema Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{5472dc54-5795-11e3-af00-1c7508447c05}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{626b4cd0-98c1-11e3-9540-1c7508447c05}\AutoRun\command. (...) -- E:\Windows\AutoRun.exe (.not file.)
O51 - MPSK:{626b4ce2-98c1-11e3-9540-1c7508447c05}\AutoRun\command. (...) -- E:\Windows\AutoRun.exe (.not file.)
O51 - MPSK:{767a03f9-584e-11e3-984b-1c7508447c05}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{7e355dbc-fac5-11e2-a6ee-1c7508447c05}\AutoRun\command. (...) -- E:\autorun.exe (.not file.)
O51 - MPSK:{de7b7aa2-e24f-11e2-a122-1c7508447c05}\AutoRun\command. (...) -- E:\setup_vmb_lite.exe (.not file.)
O51 - MPSK:{ee0c82b9-6186-11e3-96d6-1c7508447c05}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{ee0c82cf-6186-11e3-96d6-1c7508447c05}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumerazione del Registro chiavi PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Enumerazione della chiave del Registro di sistema PoliciesExplorer (SRI) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Elenco dei driver del sistema (SDL) (O58)
O58 - SDL:[MD5.5573AA70993A2BB81525B1C704B88763] - 09/05/2013 - 09:59:07 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65336]
O58 - SDL:[MD5.2E83D2621E87C493AB45DC6655BA77D4] - 28/06/2013 - 10:50:30 ---A- . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum [175]
O58 - SDL:[MD5.A5F29AC2F0ADE8B995B49D7350CE3AC0] - 28/06/2013 - 10:50:30 ---A- . (...) -- C:\Windows\System32\Drivers\aswSP.sys.sum [175]
O58 - SDL:[MD5.22F521108881DC59837F6FC614E0568F] - 28/06/2013 - 10:50:30 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [189936]
O58 - SDL:[MD5.E86C64478D9A90D62255FE9EB0150C6E] - 28/06/2013 - 10:50:30 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys.sum [175]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 16 Legitimates Filtered in 00mn 05s



---\\ Elenco di strumenti di disinfezione (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Elenco servizi registrati legacy (LALS) (O64)
O64 - Services: CurCS - 03/11/2013 - C:\Windows\System32\DRIVERS\iaStorA.sys (iaStorA) .(.Intel Corporation - Intel Rapid Storage Technology driver - x64.) - LEGACY_IASTORA
O64 - Services: CurCS - 03/11/2013 - C:\Windows\System32\DRIVERS\nvpciflt.sys (nvpciflt) .(.NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version.) - LEGACY_NVPCIFLT
O64 - Services: CurCS - 10/06/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 120 Legitimates Filtered in 00mn 00s



---\\ Menu Start Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.nationzoom.com =>Hijacker.NationZoom
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.nationzoom.com =>Hijacker.NationZoom
~ Keys: Scanned in 00mn 00s



---\\ Cerca "infezione su browser internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {63773C42-D204-4ABC-9B29-11F35966E907} [DefaultScope] - (Yahoo) - http://it.search.yahoo.com
~ Keys: Scanned in 00mn 00s



---\\ Enumera i file Crack e Keygen (CKF) (O82)
C:\Users\moha\Desktop\ana\أسرار الإعجاز العلمي في القرآن والسنة\www.kaheel7.com\ar\images\stories\crackedmud11.JPG
~ Files: Scanned in 00mn 14s



---\\ Particolare ricerca nella directory principale del sistema (SPRF) (O84)
[MD5.D7C7E1E03019171B9F9154122933745E] [SPRF][18/06/2013] (...) -- C:\Users\moha\AppData\Roaming\addons.dat [24673]
[MD5.3264FC05C2A51D34D14BAE0C9ADE43E4] [SPRF][04/01/2014] (.No owner - Adblock Plus for IE.) -- C:\Users\moha\Desktop\adblockplusie-1.1.exe [4741136]
[MD5.F597F4F1C2FA13ED5AA9B3312C3A322E] [SPRF][30/06/2013] (.No owner - Setup Application.) -- C:\Users\moha\Desktop\AthanBasic1.exe [8956776]
[MD5.EF1E21ED7BFD12115F3AA88B25656040] [SPRF][21/07/2010] (.No owner - Setup Application.) -- C:\Users\moha\Desktop\CS studio 4.2.3. free Install.exe [18770343]
[MD5.FADF7472046A5B9103AD5D4CA7B4486C] [SPRF][21/11/2013] (...) -- C:\Users\moha\Desktop\DUCSetup_v4_0_1.exe [240392]
[MD5.DD67C749FC6B564B527D2A4F3BC090DA] [SPRF][21/11/2013] (.No owner - Powered by BetterInstaller.) -- C:\Users\moha\Desktop\NoIP_downloader_by_Downloadsourcenet.exe [166736] =>Adware.MegaSearch
[MD5.4EA518249A33A6E1A3C28FD59A1A945C] [SPRF][14/10/2013] (.Systweak Inc - RegClean Pro.) -- C:\Users\moha\Desktop\rcpsetupapnnew_apnnew2_1421462_it.exe [5683416] =>Rogue.RegistryPowerCleaner
[MD5.56F49D47AE684EEB00D1A6B69E215D5D] [SPRF][27/01/2009] (.Tanida Inc - Tanida Demo Builder.) -- C:\Users\moha\Desktop\Word_2007-1.exe [5106605]
[MD5.AFE471C17CF3674D50E049D64C59F244] [SPRF][28/01/2009] (.Tanida Inc - Tanida Demo Builder.) -- C:\Users\moha\Desktop\Word_2007-2.exe [5707610]
~ Files: 17 Legitimates Filtered in 00mn 14s



---\\ Elenco di eccezioni del firewall (Firewallrules) (O87)
O87 - FAEL: "TCP Query User{394F4C33-9953-4107-AD3D-52FA585B1BD4}C:\users\moha\desktop\dcc\dcc.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\moha\desktop\dcc\dcc.exe (.not file.)
O87 - FAEL: "UDP Query User{A3B1FB1B-FAC3-4548-B90C-39F6C9025B61}C:\users\moha\desktop\dcc\dcc.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\moha\desktop\dcc\dcc.exe (.not file.)
~ Firewall: 210 Legitimates Filtered in 00mn 01s



---\\ Ricerca pacchetti WindowsInstaller (WIS) (NTFS)(O93)
[MD5.EFFDCC3B7C870B53AC7B24998F082565] [WIS][25/10/2013] (.ReSoft Ltd. - Snap.Do.) -- C:\Windows\Installer\49f5e.msi [9121792] =>Hijacker.SmartBar
~ WIS: 59 Legitimates Filtered in 00mn 07s



---\\ Condizioni generali dei servizi non Microsoft (GSR) (SR = esecuzione, SS = fermato)
SS - | Demand 21/02/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 18/06/2013 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe

SR - | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 25/10/2013 878368 | (AdvancedSystemCareService7) . (.IObit.) - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
SR - | Auto 18/06/2013 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SR - | Auto 15/01/2014 45568 | (InternetUpdater) . (.Parallel Lines Development, LLC.) - C:\ProgramData\InternetUpdater\InternetUpdaterService.exe
SR - | Auto 25/10/2013 2151200 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
SR - | Auto 23/10/2013 922912 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 18/12/2013 2103096 | (TuneUp.UtilitiesSvc) . (.TuneUp Software.) - C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\uxtuneup.dll (UxTuneUp) . (.TuneUp Software.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 07/01/2014 499856 | (Wpm) . (.Cherished Technololgy LIMITED.) - C:\ProgramData\WPM\wprotectmanager.exe =>PUP.WpManager
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 11s



---\\ Ricerche simultanee su Master Boot Record (MBR) (O80)
Run by moha at 22/02/2014 12:20:05
~ OS 64 not supported by MBR tool

~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Ricerche simultanee sul Master Boot Record (MBRCheck) (O80)
Written by ad13, http://ad13.geekstog
Run by moha at 22/02/2014 12:20:07

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 02s



---\\ Scansione aggiuntive (O88)
Database Version : 13031 - (17/02/2014)
Clés trouvées (Keys found) : 73
Valeurs trouvées (Values found) : 10
Dossiers trouvés (Folders found) : 44
Fichiers trouvés (Files found) : 16

[HKLM\Software\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl] =>Hijacker.SmartBar^
[HKLM\Software\Google\Chrome\Extensions\gaohomgkplmekmskucbkoskmmpgpmjgl] =>PUP.TubeDimmer^
[HKLM\Software\Google\Chrome\Extensions\hahpjplbmicfkmoccokbjejahjjpnena] =>Hijacker.SearchB1org^
[HKLM\Software\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj] =>PUP.Dealio^
[HKLM\Software\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj] =>PUP.Dealio^
[HKLM\Software\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo] =>PUP.Elex^
[HKLM\Software\Google\Chrome\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb] =>PUP.TubeDimmer^
[HKLM\Software\Google\Chrome\Extensions\kljomipciokglfnjdnmmghflipgncine] =>Adware.SurfAndKeep^
[HKLM\Software\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk] =>PUP.Dealio^
[HKLM\Software\Google\Chrome\Extensions\oonmfoejhccgbckkgnhlhheaeaagodaj] =>PUP.DownloadKeeper^
[HKLM\Software\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp] =>PUP.Dealio^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE18E333-BAF8-9B07-D408-47CF522D18D9}] =>Adware.SurfAndKeep^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FA26C285-FFA0-58A2-66FA-6F29606D02B1}] =>PUP.Multiplug^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] =>Hijacker.SmartBar^
[HKLM\SYSTEM\CurrentControlSet\Services\InternetUpdater] =>Adware.IncrediBar^
[HKLM\SYSTEM\CurrentControlSet\Services\Wpm] =>PUP.WpManager^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyUpdate] =>PUP.DealPly^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desk 365 RunAsStdUser] =>Hijacker.22Find^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WPM] =>PUP.WpManager^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}] =>PUP.Multiplug^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A35CA8FF-CB7D-8361-1CB9-83219CD11C78}] =>Adware.SurfAndKeep^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}] =>Hijacker.SmartBar
[HKLM\Software\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}] =>Hijacker.SmartBar
[HKLM\Software\Wow6432Node\Microsoft\Tracing\SnapDo_RASAPI32] =>Hijacker.SmartBar
[HKLM\Software\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}] =>Hijacker.SmartBar
[HKLM\Software\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}] =>Hijacker.SmartBar
[HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Tracing\SnapDo_RASMANCS] =>Hijacker.SmartBar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent
[HKLM\Software\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent
[HKLM\Software\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}] =>Hijacker.SmartBar
[HKLM\Software\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =>Toolbar.Wajam
[HKLM\Software\Wow6432Node\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =>Toolbar.Wajam
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\AppID\esrv.EXE] =>PUP.Babylon
[HKCU\Software\APN PIP] =>Toolbar.Ask
[HKCU\Software\CToolbar] =>Toolbar.Crawler
[HKLM\Software\Wow6432Node\CToolbar] =>Toolbar.Crawler
[HKLM\Software\Wow6432Node\DataMngr] =>Adware.Bandoo
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKCU\Software\AppDataLow\Software\Search Settings] =>PUP.Dealio
[HKCU\Software\SmartbarBackup] =>Hijacker.SmartBar
[HKCU\Software\SmartbarLog] =>Hijacker.SmartBar
[HKCU\Software\AppDataLow\SProtector] =>PUP.AdvancedSystemProtector
[HKLM\Software\Wow6432Node\SProtector] =>PUP.AdvancedSystemProtector
[HKCU\Software\Tutorials] =>Spyware.AgenceExclusive
[HKLM\Software\Wow6432Node\Tutorials] =>Spyware.AgenceExclusive
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}] =>Adware.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}] =>PUP.AppGraffiti
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\desksvc] =>Hijacker.22find
[HKLM\Software\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}] =>Adware.MagniPic
[HKLM\Software\Wow6432Node\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}] =>Adware.MagniPic
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj] =>PUP.Dealio
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp] =>PUP.Dealio
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo] =>PUP.Elex
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}] =>PUP.AppGraffiti
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}] =>PUP.AppGraffiti
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}] =>PUP.AppGraffiti
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}] =>PUP.AppGraffiti
[HKCU\Software\BI] =>Adware.MegaSearch
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk] =>PUP.Dealio
[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:Updater =>PUP.CrossRider^
C:\Users\moha\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl =>Hijacker.SmartBar^
C:\Users\moha\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaohomgkplmekmskucbkoskmmpgpmjgl =>PUP.TubeDimmer^
C:\Users\moha\AppData\Local\Google\Chrome\User Data\Default\Extensions\hahpjplbmicfkmoccokbjejahjjpnena =>Hijacker.SearchB1org^
C:\Users\moha\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj =>PUP.Dealio^
C:\Users\moha\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj =>PUP.Dealio^
C:\Users\moha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo =>PUP.Elex^
C:\Users\moha\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb =>PUP.TubeDimmer^
C:\Users\moha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kljomipciokglfnjdnmmghflipgncine =>Adware.SurfAndKeep^
C:\Users\moha\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk =>PUP.Dealio^
C:\Users\moha\AppData\Local\Google\Chrome\User Data\Default\Extensions\oonmfoejhccgbckkgnhlhheaeaagodaj =>PUP.DownloadKeeper^
C:\Users\moha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp =>PUP.Dealio^
C:\Program Files (x86)\DealPly =>PUP.DealPly^
C:\Program Files (x86)\DealPlyLive =>PUP.DealPly^
C:\Program Files (x86)\Downlload keepeere =>PUP.DownloadKeeper^
C:\Program Files (x86)\MyPC Backup =>PUP.MyPCBackup^
C:\Program Files (x86)\RegClean Pro =>Rogue.RegistryPowerCleaner^
C:\Program Files (x86)\suurf and Keep =>Adware.SurfAndKeep^
C:\Program Files (x86)\YoutubeAdblocker =>PUP.Multiplug^
C:\Program Files (x86)\Common Files\Spigot =>PUP.Dealio^
C:\ProgramData\Babylon =>PUP.Babylon^
C:\ProgramData\DealPlyLive =>PUP.DealPly^
C:\ProgramData\Downlload keepeere =>PUP.DownloadKeeper^
C:\ProgramData\Downlooadd keeper =>PUP.DownloadKeeper^
C:\ProgramData\EboookkBrowwse =>Adware.eBookBrowse^
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\ProgramData\RHelpers =>PUP.SearchDonkey^
C:\ProgramData\suurf and Keep =>Adware.SurfAndKeep^
C:\ProgramData\TubeDimmer =>PUP.TubeDimmer^
C:\ProgramData\Updater =>PUP.CrossRider^
C:\ProgramData\WPM =>PUP.WpManager^
C:\ProgramData\YoutubeAdblocker =>PUP.Multiplug^
C:\Users\moha\AppData\Roaming\BabSolution =>Hijacker.BabSolution^
C:\Users\moha\AppData\Roaming\Babylon =>PUP.Babylon^
C:\Users\moha\AppData\Roaming\DealPly =>PUP.DealPly^
C:\Users\moha\AppData\Roaming\OpenCandy =>Adware.OpenCandy^
C:\Users\moha\AppData\Local\DealPlyLive =>PUP.DealPly^
C:\Users\moha\AppData\Local\Smartbar =>Hijacker.SmartBar^
C:\Program Files (x86)\WebSearch =>Hijacker.LookForiThere
C:\Program Files (x86)\IObit Apps Toolbar =>PUP.Dealio
C:\Program Files (x86)\Common Files\337 =>Hijacker.22find
C:\Users\moha\AppData\Local\SearchProtect =>Toolbar.Conduit
C:\Users\moha\AppData\Local\B1E =>Toolbar.BrotherSoft
C:\Users\moha\AppData\LocalLow\BabylonToolbar =>PUP.Babylon
C:\Users\moha\AppData\LocalLow\Minibar =>PUP.Minibar
C:\ProgramData\Updater\updater.exe =>PUP.CrossRider^
C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe =>PUP.SearchDonkey^
C:\ProgramData\RHelpers\FireFoxHelper\FireFoxHelper.exe =>PUP.SearchDonkey^
C:\ProgramData\RHelpers\IEHelper\IeHelper.exe =>PUP.SearchDonkey^
C:\ProgramData\WPM\wprotectmanager.exe =>PUP.WpManager^
C:\ProgramData\InternetUpdater\InternetUpdaterService.exe =>Adware.IncrediBar^
[HKCU\Software\BabSolution] =>Hijacker.BabSolution^
[HKCU\Software\DealPlyLive] =>PUP.DealPly^
[HKCU\Software\Smartbar] =>Hijacker.SmartBar^
[HKCU\Software\TutoTag] =>Spyware.AgenceExclusive^
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^
C:\Users\moha\Desktop\NoIP_downloader_by_Downloadsourcenet.exe =>Adware.MegaSearch^
C:\Users\moha\Desktop\rcpsetupapnnew_apnnew2_1421462_it.exe =>Rogue.RegistryPowerCleaner^
C:\Windows\Installer\49f5e.msi =>Hijacker.SmartBar^
C:\Windows\AutoKMS.exe =>Trojan.Keygen
C:\Users\moha\AppData\Local\Temp\GoogleToolbarInstaller1.log =>PUP.Babylon
~ Additionnel Scan: 212692 Items scanned in 00mn 48s



---\\ Riepilogo dei rilevamenti trovato sulla workstation
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
~ http://nicolascoolman.webs.com/apps/blog/show/38839825-pup-searchdonkey =>PUP.SearchDonkey
~ http://nicolascoolman.webs.com/apps/blog/show/38737316-pup-wpmanager =>PUP.WpManager
~ http://nicolascoolman.webs.com/apps/blog/show/26898222-adware-incredibar =>Adware.Incredibar
~ http://nicolascoolman.webs.com/apps/blog/show/40921098-pup-wsguideinfo =>PUP.WSGuideInfo
~ http://nicolascoolman.webs.com/apps/blog/show/26990375-hijacker-smartbar =>Hijacker.SmartBar
~ http://nicolascoolman.webs.com/apps/blog/show/37242682-pup-tubedimmer =>PUP.TubeDimmer
~ http://nicolascoolman.webs.com/apps/blog/show/30703839-hijacker-searchb1org =>Hijacker.SearchB1org
~ http://nicolascoolman.webs.com/apps/blog/show/27443462-pup-dealio =>PUP.Dealio
~ http://nicolascoolman.webs.com/apps/blog/show/33479906-pup-elex =>PUP.Elex
~ http://nicolascoolman.webs.com/apps/blog/show/35582793-adware-surfandkeep =>Adware.SurfAndKeep
~ http://nicolascoolman.webs.com/apps/blog/show/33571597-pup-downloadkeepeor =>PUP.DownloadKeeper
~ http://nicolascoolman.webs.com/apps/blog/show/38126906-hijacker-nationzoom =>Hijacker.NationZoom
~ http://nicolascoolman.webs.com/apps/blog/show/28060597-pup-dealply =>PUP.DealPly
~ http://nicolascoolman.webs.com/apps/blog/show/26630379-hijacker-22find =>Hijacker.22Find
~ http://nicolascoolman.webs.com/apps/blog/show/26678994-hijacker-babsolution =>Hijacker.BabSolution
~ http://nicolascoolman.webs.com/apps/blog/show/29790567-adware-installcore =>Adware.InstallCore
~ http://nicolascoolman.webs.com/apps/blog/show/26627641-spyware-agenceexclusive =>Spyware.AgenceExclusive
~ http://nicolascoolman.webs.com/apps/blog/show/26630902-adware-lollipop =>Adware.Lollipop
~ http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr =>PUP.Datamngr
~ http://nicolascoolman.webs.com/apps/blog/show/28486577-pup-mocaflix =>PUP.MocaFlix
~ http://nicolascoolman.webs.com/apps/blog/show/32174815-pup-mypcbackup =>PUP.MyPCBackup
~ http://nicolascoolman.webs.com/apps/blog/show/29295819-rogue-registrypowercleaner =>Rogue.RegistryPowerCleaner
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/26693723-adware-ebookbrowse =>Adware.eBookBrowse
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
~ http://nicolascoolman.webs.com/apps/blog/show/26770694-adware-opencandy =>Adware.OpenCandy
~ http://nicolascoolman.webs.com/apps/blog/show/26919368-adware-megasearch =>Adware.MegaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/27672211-pup-v9software =>PUP.V9Software
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo
~ http://nicolascoolman.webs.com/apps/blog/show/26630283-pup-advancedsystemprotector =>PUP.AdvancedSystemProtector
~ http://nicolascoolman.webs.com/apps/blog/show/26611535-pup-appgraffiti =>PUP.AppGraffiti
~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch =>Toolbar.DeltaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/26632189-adware-magnipic =>Adware.MagniPic
~ http://nicolascoolman.webs.com/apps/blog/show/28204239-pup-optimizerpro =>PUP.OptimizerPro
~ http://nicolascoolman.webs.com/apps/blog/show/29285781-hijacker-lookforithere =>Hijacker.LookForiThere
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/34407192-pup-minibar =>PUP.Minibar
~ MSI: 39 link(s) detected in 00mn 48s



~ 1191 Legitimates filtered by white list
End of the scan (780 lines in 03mn 08s)(1)

Publicité


Signaler le contenu de ce document

Publicité