cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Riporto di ZHPDiag v2014.3.21.20 - Nicolas Coolman (21/03/2014)
~ Lanciato da -- (21/03/2014 16.00.31)
~ Indirizzo del sito Web : http://nicolascoolman.webs.com
~ Forum di supporto gratuito per la disinfezione : http://nicolascoolman.webs.com/apps/links/
~ Tradotto da
~ Stato della versione :
~ Lista Bianca : Attivata dal programma
~ Elevazione dei privilegi : OK
~ Controllo dell'Account utente : Activate by user


---\\ Browser Internet
MSIE: Internet Explorer v10.0.9200.16843
GCIE: Google Chrome v33.0.1750.154 (Defaut)

---\\ Informazioni sul prodotto Windows
~ Langage: Italien
Windows 8, 64-bit (Build 9200)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Software di protezione del sistema
avast! Internet Security v9.0.2016
Malwarebytes Anti-Malware versione 1.75.0.1300
Windows Defender W8

---\\ Software di ottimizzazione del sistema

---\\ Condivisione di software PeerToPeer

---\\ Software di sorveglianza

---\\ Informazioni sul sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3950 MB (60% free)
System Restore: Activé (Enable)
System drive C: has 244 GB (87%) free of 279 GB

---\\ Connessione alla modalità sistema
~ Computer Name: LENOVO-PC
~ User Name: --
~ All Users Names: Guest, Administrator, --,
~ Unselected Option: O45,O61
Logged in as Administrator

---\\ Variabili di ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\--\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\--\AppData\Roaming\
~ %Desktop% : C:\Users\--\Desktop\
~ %Favorites% : C:\Users\--\Favorites\
~ %LocalAppData% : C:\Users\--\AppData\Local\
~ %StartMenu% : C:\Users\--\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumerazione delle unità disco
C: Hard drive, Flash drive, Thumb drive (Free 244 Go of 279 Go)
E: CD-ROM drive (Not Inserted)



---\\ Stato di Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Ricerca di particolari file generico
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Esplora risorse.) (.01/06/2013 - 03.34.21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Applicazione di avvio di Windows.) (.25/07/2012 - 19.08.50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.79EDF01FA13D886F8E1B655D542011FB] - (.Microsoft Corporation - Internet Extensions per Win32.) (.23/02/2014 - 00.13.41.) -- C:\Windows\System32\wininet.dll [2241536]
[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Applicazione Accesso a Windows.) (.10/10/2012 - 21.46.58.) -- C:\Windows\System32\Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Libreria gestione licenze software.) (.25/07/2012 - 19.07.20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Driver funzione ausiliaria di WinSock.) (.03/09/2013 - 19.11.23.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.25/07/2012 - 21.00.48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.25/07/2012 - 18.30.10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.25/07/2012 - 18.26.36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.25/07/2012 - 18.26.53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.19/09/2012 - 22.08.44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Driver della porta i8042.) (.25/07/2012 - 18.28.51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.25/07/2012 - 18.23.01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.05/02/2013 - 14.29.09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.25/07/2012 - 18.24.28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - Driver file system NT.) (.02/02/2013 - 02.54.54.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Driver della porta parallela.) (.25/07/2012 - 18.29.53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.25/07/2012 - 18.23.17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirector dispositivi Microsoft RDP.) (.25/07/2012 - 18.25.18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.25/07/2012 - 21.26.47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Driver copia shadow del volume.) (.01/06/2013 - 03.26.33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s



---\\ Stato dei file nascosti (nascosti/totale)
~ Mes Favoris (My Favorites) : 1/17
~ Mes Documents (My Documents) : 1/2
~ Mon Bureau (My Desktop) : 1/17
~ Menu demarrer (Programs) : 1/27
~ Hidden Files: Scanned in 00mn 00s



---\\ Processo avviato
[MD5.28F73DA249CED71B08E211309C668544] - (...) -- C:\Program Files (x86)\View-Password\ViewPassword_wd.exe [93184] [PID.1316] =>PUP.ViewPassword
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2688]
[MD5.4EABB8FF69B481D0464ACAD02D709C2B] - (.Lenovo - Mobile Hotspot Client Application.) -- C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe [937976] [PID.4780]
[MD5.4BFA1849DC7AA3CB99C160D9EB96C67B] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640] [PID.4128]
[MD5.224F6B374852153C8C24BED141AE3A20] - (...) -- ysWOW64\rundll32.exe [0] [PID.4944]
[MD5.596D8807D351C43496DDF4495FBD391C] - (.www.IslamicFinder.org - Automatic Athan (Azan) five times a day f.) -- C:\Program Files (x86)\Athan\Athan.exe [1208320] [PID.4876]
[MD5.F71D97B6B631D565AF7C6E0BDF9D49F4] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [770736] [PID.2924]
[MD5.FBC9D7B5E28DE4064C6D1C10F2B1B789] - (.Lenovo Corporation - Lenovo® AVFramework Native 32-Bit Server.) -- C:\Program Files\Lenovo\Communications Utility\tpknrres.exe [603696] [PID.5900]
[MD5.4945093A93034C5078610677F723C09E] - (.No owner - IEWebSiteLogon.) -- C:\Program Files\Lenovo Fingerprint Reader\x86\IEWebSiteLogon.exe [4622184] [PID.4548]
[MD5.154A4419AD8CFE7AE89BB3EBCF20E935] - (.No owner - Location Task Manager LPD Access Agent.) -- C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe [13120] [PID.4008]
[MD5.41D2D33B604B97B3F0331FA693136053] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8356864] [PID.6028]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, start, cerca, estensioni (G0, G1, G2)
C:\Users\--\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
~ Google Browser: 17 Legitimates Filtered in 00mn 01s



---\\ Internet Explorer, gestione Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analisi delle linee F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Altri link utenti (O4)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: HSPA USB MODEM.lnk . (...) -- C:\Program Files (x86)\HSPA USB MODEM\HSPA USB MODEM.exe
O4 - GS\Desktop [Public]: Tango.lnk . (.Tango Inc. - Tango.) -- C:\Program Files (x86)\Tango\Tango.exe
O4 - GS\Program [Public]: Desktop.lnk - Chiave orfano
O4 - GS\QuickLaunch [--]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [--]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [--]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [--]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [--]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [--]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\--\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
O4 - GS\Program [--]: System Update Search.lnk . (.Microsoft - SystemUpdateSearch.) -- C:\Program Files (x86)\Lenovo\System Update\SystemUpdateSearch.exe
O4 - GS\Desktop [--]: Athan.lnk . (.www.IslamicFinder.org - Automatic Athan (Azan) five times a day f.) -- C:\Program Files (x86)\Athan\Athan.exe
O4 - GS\Desktop [--]: Your Unin-staller!.lnk . (.URSoft,Inc - Your Uninstaller! - New way to uninstall pr.) -- C:\Program Files (x86)\Your Uninstaller 2010\urmain.exe
~ Global Startup: 50 Legitimates Filtered in 00mn 01s



---\\ Iniziato da file e registro applicazioni (O4)
O4 - HKLM\..\Run: [LnvMobHotspotClient] . (.Lenovo - Mobile Hotspot Client Application.) -- C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe
O4 - HKLM\..\Run: [LENOVO.TPKNRRES] . (.Lenovo Corporation - Lenovo® AVFramework Startup Stub Module.) -- C:\Program Files\Lenovo\Communications Utility\LibStartStub.dll
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [PWMTRV] rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.dll (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [Athan] . (.www.IslamicFinder.org - Automatic Athan (Azan) five times a day f.) -- C:\Program Files (x86)\Athan\Athan.exe
~ Application: Scanned in 00mn 00s



---\\ Modificare gli indirizzi DNS domain (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0850B4A4-CCF7-4B62-AB7F-EC1C453248E9}: NameServer = 212.52.97.25 193.70.152.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B39ABA9-49D1-4BD9-8968-4053A0CACAB6}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B39ABA9-49D1-4BD9-8968-4053A0CACAB6}: DhcpDomain = localdomain
O17 - HKLM\System\CS1\Services\Tcpip\..\{0850B4A4-CCF7-4B62-AB7F-EC1C453248E9}: NameServer = 212.52.97.25 193.70.152.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{0B39ABA9-49D1-4BD9-8968-4053A0CACAB6}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0B39ABA9-49D1-4BD9-8968-4053A0CACAB6}: DhcpDomain = localdomain
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocollo addizionale (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valore di registro AppInit_DLLs e sottochiavi Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Elenco dei servizi non Microsoft NT e non disabili (O23)
O23 - Service: (LocationTaskManager) . (.No owner - Location Task Manager.) - C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
~ Services: 26 Legitimates Filtered in 00mn 40s



---\\ Attività pianificate in modo automatico (039)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\View Password_wd.job [406] =>PUP.ViewPassword
[MD5.00000000000000000000000000000000] [APT] [PMTask] (...) -- C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe (.not file.) [0]
[MD5.28F73DA249CED71B08E211309C668544] [APT] [View Password_wd] (...) -- C:\Program Files (x86)\View-Password\ViewPassword_wd.exe [93184] =>PUP.ViewPassword
~ Scheduled Task: 19 Legitimates Filtered in 00mn 05s



---\\ Software installato (O42)
O42 - Logiciel: LPT System Updater Service - (.LPT.) [HKLM][64Bits] -- {BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24} =>Adware.IncrediBar
O42 - Logiciel: On Screen Display - (...) [HKLM][64Bits] -- OnScreenDisplay
O42 - Logiciel: View Password - (.View Password.) [HKLM][64Bits] -- 0ba83585-9f57-4c3c-86f2-b347c7278840 =>PUP.ViewPassword
~ Logic: 30 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\MarineAquarium3Free_57] =>Adware.MarineAquarium
[HKCU\Software\PopularScreensavers_7i]
[HKLM\Software\Wow6432Node\ErrorLists-crcodedownloader]
[HKLM\Software\Wow6432Node\MarineAquarium3Free_57] =>Adware.MarineAquarium
[HKLM\Software\Wow6432Node\PopularScreensavers_7i]
~ Key Software: 226 Legitimates Filtered in 00mn 00s



---\\ Contenuto delle cartelle Programmi, ProgramFiles, ProgramData, AppData (O43)
O43 - CFD: 15/01/2014 - 14.03.31 - [1,069] ----D C:\Program Files (x86)\MarineAquarium3Free_57 =>Adware.MarineAquarium
O43 - CFD: 09/02/2014 - 14.39.58 - [0,542] ----D C:\Program Files (x86)\PopularScreensavers_7i
O43 - CFD: 20/03/2014 - 19.57.09 - [0,260] ----D C:\Program Files (x86)\View-Password =>PUP.ViewPassword
O43 - CFD: 19/03/2014 - 11.40.21 - [0,002] ----D C:\ProgramData\6c0d52d95a491cb6
O43 - CFD: 12/12/2013 - 16.50.01 - [0] -SH-D C:\ProgramData\Documenti
O43 - CFD: 12/12/2013 - 16.50.01 - [0] -SH-D C:\ProgramData\Menu Avvio
O43 - CFD: 17/05/2013 - 12.10.12 - [0,149] ----D C:\ProgramData\NoiseSuppressionTips
O43 - CFD: 19/03/2014 - 12.51.42 - [0,007] ----D C:\ProgramData\SaVeRAddoon
O43 - CFD: 19/03/2014 - 12.51.40 - [0,007] ----D C:\ProgramData\websaveer
O43 - CFD: 15/01/2014 - 14.04.03 - [2,660] ----D C:\Users\--\AppData\Local\MarineAquarium3Free_57 =>Adware.MarineAquarium
O43 - CFD: 09/02/2014 - 14.54.31 - [0,442] ----D C:\Users\--\AppData\Local\PopularScreensavers_7i
~ Program Folder: 134 Legitimates Filtered in 00mn 44s



---\\ Chiave del Registro di sistema Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{0098b2c0-63e4-11e3-be73-2cd05ab37969}\AutoRun\command. (...) -- F:\autorun.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumerazione del Registro chiavi PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Enumerazione della chiave del Registro di sistema PoliciesExplorer (SRI) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Elenco dei driver del sistema (SDL) (O58)
O58 - SDL:[MD5.8D4B8BF93C65BDBC133B20706A3B5208] - 20/03/2014 - 16.22.38 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.0606875650850B0697D662934529F6FC] - 20/03/2014 - 16.22.38 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208928]
O58 - SDL:[MD5.609C2E3170CA7DC9CD1547CA0BE0FA28] - 08/11/2012 - 19.14.44 ----- . (.Windows (R) Win 7 DDK provider - WINNT/2K/XP/2003 Driver.) -- C:\Windows\System32\Drivers\Fastboot.sys [63792]
O58 - SDL:[MD5.4E85355B94CFCB67C135F6521A4895A7] - 25/07/2012 - 21.00.55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
~ Drivers: 17 Legitimates Filtered in 00mn 05s



---\\ Elenco di strumenti di disinfezione (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associazioni Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu Start Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Particolare ricerca nella directory principale del sistema (SPRF) (O84)
[MD5.DF06DC5837316EA78746E3F790A950ED] [SPRF][21/03/2014] (...) -- C:\Users\--\Desktop\AdwCleaner.exe [1950720]
[MD5.F597F4F1C2FA13ED5AA9B3312C3A322E] [SPRF][20/03/2014] (.No owner - Setup Application.) -- C:\Users\--\Desktop\AthanBasic1.exe [8956776]
[MD5.655694DA17ED382B267692132948B7C1] [SPRF][17/12/2013] (...) -- C:\Users\--\Desktop\SetupTango_1-6-14117.exe [11779040]
~ Files: 5 Legitimates Filtered in 00mn 00s



---\\ Elenco di eccezioni del firewall (Firewallrules) (O87)
O87 - FAEL: "{3C86A523-2501-405F-9193-7ABB97E1DE29}" | In - Public - P6 - TRUE | .(.Tango Inc. - Tango.) -- C:\Program Files (x86)\Tango\Tango.exe
O87 - FAEL: "{401FF05E-DAB2-4E38-B7DC-5F0237EDD888}" | In - Public - P17 - TRUE | .(.Tango Inc. - Tango.) -- C:\Program Files (x86)\Tango\Tango.exe
O87 - FAEL: "TCP Query User{F19578C3-21D8-4BE5-A1E2-5B275F58B9A4}C:\program files (x86)\tango\tango.exe" | In - Private - P6 - TRUE | .(.Tango Inc. - Tango.) -- C:\program files (x86)\tango\tango.exe
O87 - FAEL: "UDP Query User{5642E99E-17FF-4D5B-9F5B-D7AC480DA308}C:\program files (x86)\tango\tango.exe" | In - Private - P17 - TRUE | .(.Tango Inc. - Tango.) -- C:\program files (x86)\tango\tango.exe
~ Firewall: 218 Legitimates Filtered in 00mn 01s



---\\ Enumera i codici di prodotti software (PUC) (O90)
O90 - PUC: "607ECAC1947DAC44BBEFFA0649D6B181" . (.Password Vault.) -- C:\windows\Installer\{1CACE706-D749-44CA-BBFE-AF60946D1B18}\ARPPRODUCTICON.exe
O90 - PUC: "6789F87B3EC7FC940888005A3CE32455" . (..) -- C:\windows\Installer\{B78F9876-7CE3-49CF-8088-00A5C33E4255}\ARPPRODUCTICON.exe
O90 - PUC: "A7FF4F04412B35449B3780B090EC0D91" . (.Absolute Reminder.) -- C:\windows\Installer\{40F4FF7A-B214-4453-B973-080B09CED019}\_6FEFF9B68218417F98F549.exe
~ Update Products: 56 Legitimates Filtered in 00mn 00s



---\\ Ricerca pacchetti WindowsInstaller (WIS) (NTFS)(O93)
[MD5.80B6AD155CE12841DEAF0FE881D0C570] [WIS][16/12/2013] (.Earth Networks, Inc. - Weather.) -- C:\Windows\Installer\41e769.msi [2736128]
[MD5.238F06F0151652B032D4DC2B54C74EB3] [WIS][06/02/2014] (.LPT - LPT System Updater Service.) -- C:\Windows\Installer\6db02a.msi [1712128] =>Adware.IncrediBar
~ WIS: 59 Legitimates Filtered in 00mn 09s



---\\ Condizioni generali dei servizi non Microsoft (GSR) (SR = esecuzione, SS = fermato)
SS - | Demand 25/11/2013 573488 | (AVControlCenter) . (.Lenovo Corporation.) - C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe
SS - | Demand 26/08/2012 276288 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 19/03/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 19/03/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 25/11/2013 512048 | (LENOVO.CAMMUTE) . (.Lenovo Corporation.) - C:\Program Files\Lenovo\Communications Utility\CamMute.exe
SS - | Disabled 24/08/2012 127072 | (LENOVO.MICMUTE) . (.Lenovo Group Limited.) - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
SS - | Demand 25/11/2013 527920 | (LENOVO.TPKNRSVC) . (.Lenovo Group Limited.) - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
SS - | Demand 25/11/2013 702512 | (LENOVO.TVTVCAM) . (.Lenovo Corporation.) - C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
SS - | Demand 19/02/2014 1662424 | (LSCWinService) . (...) - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
SS - | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 21/02/2014 24120 | (SUService) . (...) - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Demand 19/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 20/03/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 20/03/2014 109048 | (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SR - | Auto 24/08/2012 2252088 | (BcmBtRSupport) . (.Broadcom Corporation..) - C:\Windows\System32\BtwRSupportService.exe
SR - | Auto 25/09/2012 957304 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
SR - | Auto 08/07/2011 40960 | (DeviceManager) . (...) - C:\Program Files (x86)\Common Files\DeviceHelper\DeviceManager.exe
SR - | Auto 08/11/2012 139568 | (FastbootService) . (.Lenovo.) - C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
SR - | Auto 31/08/2012 2139496 | (FPLService) . (.AuthenTec, Inc.) - C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe
SR - | Auto 05/12/2012 60272 | (IBMPMSVC) . (.Lenovo..) - C:\Windows\System32\ibmpmsvc.exe
SR - | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 17/07/2012 128896 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 17/07/2012 165760 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 08/02/2013 236360 | (Lenovo QuickSnip Service) . (.LENOVO INCORPORATED..) - C:\Program Files\lenovo\QuickSnipService\QuickSnipService.exe
SR - | Auto 20/01/2014 2085184 | (Lenovo Settings Service) . (.Lenovo Group Limited.) - C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
SR - | Auto 08/02/2013 579400 | (Lenovo System Agent Service) . (.LENOVO INCORPORATED..) - C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe
SR - | Auto 10/08/2012 136288 | (Lenovo.VIRTSCRLSVC) . (.Lenovo Group Limited.) - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
SR - | Auto 17/07/2012 276864 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 11/09/2013 469496 | (LnvHotSpotSvc) . (.Lenovo.) - C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe
SR - | Auto 11/12/2013 468288 | (LocationTaskManager) . (...) - C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 12/03/2013 230408 | (NitroDriverReadSpool8) . (.Nitro PDF Software.) - C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
SR - | Auto 12/03/2013 70152 | (nlsX86cc) . (.Nalpeiron Ltd..) - C:\windows\SysWOW64\NLSSRV32.exe
SR - | Demand 21/11/2013 1669928 | (Power Manager DBC Service) . (.Lenovo.) - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
SR - | Auto 07/09/2012 145808 | (TPHKLOAD) . (.Lenovo Group Limited.) - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
SR - | Demand 16/07/2012 401256 | (TrueService) . (.AuthenTec, Inc..) - C:\Program Files\Common Files\AuthenTec\TrueService.exe
SR - | Auto 17/07/2012 364416 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe

~ Services: Scanned in 00mn 11s



---\\ Ricerche simultanee su Master Boot Record (MBR) (O80)
Run by -- at 21/03/2014 16.03.23
~ OS 64 not supported by MBR tool

~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Ricerche simultanee sul Master Boot Record (MBRCheck) (O80)
Written by ad13, http://ad13.geekstog
Run by -- at 21/03/2014 16.03.25

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 02s



---\\ Scansione aggiuntive (O88)
Database Version : 13031 - (21/03/2014)
Clés trouvées (Keys found) : 5
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 5

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}] =>Adware.IncrediBar^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\0ba83585-9f57-4c3c-86f2-b347c7278840] =>PUP.ViewPassword^
[HKLM\Software\Classes\CLSID\{C98EE38D-21E4-4A50-907D-2B56FEC7013E}] =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110311991194}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311991194}] =>PUP.CrossRider
C:\Program Files (x86)\MarineAquarium3Free_57 =>Adware.MarineAquarium^
C:\Program Files (x86)\View-Password =>PUP.ViewPassword^
C:\Users\--\AppData\Local\MarineAquarium3Free_57 =>Adware.MarineAquarium^
C:\Users\--\AppData\LocalLow\VideoDownloadConverter_4zEI =>Adware.VideoDownloadConverter
C:\Program Files (x86)\View-Password\ViewPassword_wd.exe =>PUP.ViewPassword^
C:\Windows\Tasks\View Password_wd.job =>PUP.ViewPassword^
[HKCU\Software\MarineAquarium3Free_57] =>Adware.MarineAquarium^
[HKLM\Software\Wow6432Node\MarineAquarium3Free_57] =>Adware.MarineAquarium^
C:\Windows\Installer\6db02a.msi =>Adware.IncrediBar^
~ Additionnel Scan: 195009 Items scanned in 00mn 32s



---\\ Riepilogo dei rilevamenti trovato sulla workstation
~ http://nicolascoolman.webs.com/apps/blog/show/35740148-pup-viewpassword =>PUP.ViewPassword
~ http://nicolascoolman.webs.com/apps/blog/show/26898222-adware-incredibar =>Adware.Incredibar
~ http://nicolascoolman.webs.com/apps/blog/show/35305816-adware-marineaquarium =>Adware.MarineAquarium
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
~ http://nicolascoolman.webs.com/apps/blog/show/29640158-adware-videodownloadconverter =>Adware.VideoDownloadConverter
~ MSI: 5 link(s) detected in 00mn 32s



~ 901 Legitimates filtered by white list
End of the scan (438 lines in 03mn 26s)(0)

Publicité


Signaler le contenu de ce document

Publicité