AVIRA VIRUS HTML/Framer.pyvwg

[[Claudio]]

Ok, il report non presenta problemi.

Disinstalla le due applicazioni browser (WOT, ADBLOCK), SUPERAntiSpyware (inutile, nei fatti) e AVIRA.

Dopo aver eseguito le disinstallazioni, allega un nuovo Report di Hijackthis e un nuovo TXT generato con CCleaner (per entrambi, le istruzioni le trovi in un post precedente).

[Twolight]

Eseguito la disinstallazione dei programmi come da istruzioni, compreso Avira (ora sono scoperto da antivirus).

REPORT HIJACK

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:45:52, on 13/05/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal

Running processes:
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
G:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Invia a Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Invia a periferica &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.vodafone.it
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d9ed60dfaf454a9a\AESTSr64.exe
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Accesso rete (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceUpd (PowerOffer Upd Service) - ServiceUpd - C:\Users\alphabeta\AppData\Local\ServiceUpd\ServiceUpd.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Samsung AllShare PC (SamsungAllShareV2.0) - Samsung Electronics Co., Ltd. - C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
O23 - Service: SimpleSlideShowServer - Samsung Electronics Co., Ltd. - C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe
O23 - Service: Spooler di stampa (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d9ed60dfaf454a9a\STacSV64.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 7964 bytes

[Twolight]

REPORT cccleaner

7-Zip 9.22 (x64 edition) Igor Pavlov 11/06/2013 4,75 MB 9.22.00.0
Acrobat.com Adobe Systems Incorporated 03/09/2009 1,60 MB 1.6.65
Adobe AIR Adobe Systems Incorporated 30/04/2014 4.0.0.1390
Adobe Flash Player 13 ActiveX Adobe Systems Incorporated 12/05/2014 6,00 MB 13.0.0.206
AMD Catalyst Install Manager Advanced Micro Devices, Inc. 12/04/2013 26,2 MB 8.0.877.0
Apple Mobile Device Support Apple Inc. 16/03/2014 21,3 MB 7.1.1.3
Apple Software Update Apple Inc. 09/06/2011 2,25 MB 2.1.3.127
Atheros Driver Installation Program Atheros 26/03/2013 5.0
AVerMedia TV Tuner Card 1.0.0.4 AVerMedia TECHNOLOGIES, Inc. 26/03/2013 1.0.0.4
Bluetooth by hp Broadcom Corporation 21/10/2011 184 MB 6.3.0.8200
Broadcom 802.11 Wireless LAN Adapter Broadcom Corporation 21/09/2011 5.30.21.0
Canon Easy-PhotoPrint EX 29/01/2012
Canon Easy-WebPrint EX 29/01/2012
Canon Inkjet Printer/Scanner/Fax Extended Survey Program 29/11/2011
Canon MP Navigator EX 3.0 29/11/2011
Canon MP250 series MP Drivers 29/11/2011
Canon Utilities My Printer 29/11/2011
Canon Utilities Solution Menu 29/11/2011
CCleaner Piriform 24/04/2014 4.13
CloneSpy 3.04 The CloneSpy Team 12/05/2014 5,44 MB 3.04
Convert MP4 to MP3 ConvertMP4toMP3.com 24/03/2013 23,0 MB
doPDF 7.3 printer Softland 07/03/2014 13,7 MB 7.3.393
Dropbox Dropbox, Inc. 24/12/2013 2.4.10
ENE CIR Receiver Driver ENE 01/01/2014 3.7.0.0
Facebook Video Calling 2.0.0.447 Skype Limited 14/01/2014 12,0 MB 2.0.447
Feedback Tool Microsoft Corporation 23/02/2011 2,30 MB 1.2.0
FileHippo.com Update Checker 03/09/2013
Foxit Reader Foxit Corporation 06/05/2014 102 MB 6.2.0.429
Free PDF to Word Converter 5.1.0.383 Smart Soft 06/08/2013 5.1.0.383
Google Chrome Google Inc. 04/05/2014 36.0.1985.2
Hauppauge WinTV 7 Hauppauge Computer Works 09/01/2014 v7.0.31050 (CD 2.7)
HP 3D DriveGuard Hewlett-Packard 30/01/2011 3,27 MB 4.0.3.1
HP Advisor Hewlett-Packard 08/11/2011 48,8 MB 3.3.12286.3436
HP MediaSmart Music/Photo/Video Hewlett-Packard 30/01/2011 401 MB 3.0.3123
HP MediaSmart SmartMenu Hewlett-Packard 30/01/2011 1,85 MB 3.0.30.1
HP MediaSmart Webcam Hewlett-Packard 30/01/2011 81,7 MB 3.0.1913
HP Product Detection Hewlett-Packard Company 01/02/2011 1,90 MB 10.7.9.0
HP Quick Launch Buttons Hewlett-Packard 11/02/2011 6.50.12.1
HP Setup Hewlett-Packard 03/09/2009 1.2.3220.3079
HP Support Assistant 07/11/2011
HP Support Solutions Framework Hewlett-Packard Company 20/03/2014 6,62 MB 11.50.0012
HP Update Hewlett-Packard 03/09/2009 2,96 MB 5.001.000.014
HP User Guides 0154 Hewlett-Packard 03/09/2009 153 MB 1.01.0001
HP Wireless Assistant Hewlett-Packard 03/09/2009 3,97 MB 3.50.9.1
iCloud Apple Inc. 27/04/2014 156 MB 3.1.0.40
IDT Audio IDT 26/03/2013 1.0.6276.0
Intel(R) Rapid Storage Technology Intel Corporation 25/08/2011 10.1.0.1008
Internet Explorer (Enable DEP) 13/07/2013
iTunes Apple Inc. 23/04/2014 215 MB 11.1.5.5
Java 7 Update 55 Oracle 12/05/2014 118 MB 7.0.550
JMicron 1394 Filter Driver JMicron Technology Corp. 27/08/2011 1.00.17.01
JMicron JMB38X Flash Media Controller Driver JMicron Technology Corp. 27/01/2013 1.00.20.07
LightScribe System Software LightScribe 30/01/2011 22,5 MB 1.18.6.1
Microsoft .NET Framework 4.5.1 Microsoft Corporation 08/12/2013 38,8 MB 4.5.50938
Microsoft .NET Framework 4.5.1 (Italiano) Microsoft Corporation 08/12/2013 2,93 MB 4.5.50938
Microsoft Office File Validation Add-In Microsoft Corporation 16/09/2011 7,95 MB 14.0.5130.5003
Microsoft Office Outlook Connector Microsoft Corporation 13/07/2012 3,38 MB 14.0.6123.5001
Microsoft Office PowerPoint Viewer 2007 (Italian) Microsoft Corporation 12/12/2013 167 MB 12.0.6612.1000
Microsoft Office Professional Edition 2003 Microsoft Corporation 09/04/2014 1,66 GB 11.0.8173.0
Microsoft Silverlight Microsoft Corporation 07/05/2014 50,7 MB 5.1.30214.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 31/01/2011 260 KB 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 31/01/2011 252 KB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 15/06/2011 300 KB 8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 15/06/2011 572 KB 8.0.61000
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Corporation 14/04/2011 580 KB 8.0.51011
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Corporation 16/03/2011 212 KB 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 31/01/2011 200 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Corporation 14/04/2011 790 KB 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 14/04/2011 598 KB 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 15/03/2011 788 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 24/08/2011 238 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 15/06/2011 788 KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 30/01/2011 596 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 30/11/2011 226 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 15/06/2011 600 KB 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 10/04/2013 13,7 MB 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 05/10/2011 12,2 MB 10.0.40219
Microsoft Works Microsoft Corporation 14/10/2012 836 MB 9.7.0621
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 31/01/2011 1,27 MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 31/01/2011 1,33 MB 4.20.9876.0
MSXML 4.0 SP2 Parser and SDK Microsoft Corporation 17/02/2011 38,0 KB 4.20.9818.0
Opera Stable 21.0.1432.57 Opera Software ASA 08/05/2014 21.0.1432.57
OUTDATEfighter 17/03/2013
paint.net 4.0 Pre-Release dotPDN LLC 06/05/2014 23,3 MB 4.0.0
Password Safe 12/03/2012
Picasa 3 Google, Inc. 17/03/2013 3.9
PlayReady PC Runtime amd64 Microsoft Corporation 21/04/2014 2,05 MB 1.3.0
Realtek 8136 8168 8169 Ethernet Driver Realtek 30/01/2011 1.00.0007
Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 26/03/2013 6.1.7100.30094
Registrazione utente Canon MP250 series 29/11/2011
Revo Uninstaller 1.95 VS Revo Group 12/07/2013 1.95
Samsung AllShare Samsung Electronics Co., Ltd. 25/04/2013 74,3 MB 2.1.0.12031_10
Samsung Kies Samsung Electronics Co., Ltd. 13/06/2013 159 MB 2.5.3.13052_10
SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. 13/06/2013 47,3 MB 1.5.24.0
Speccy Piriform 05/05/2014 1.26
Spotify Spotify AB 13/04/2014 0.9.8.296.g91f68827
Spotydl 0.9.36.0 spotydl.com 11/02/2014 83,4 MB 0.9.36.0
Supporto applicazioni Apple Apple Inc. 16/03/2014 93,2 MB 3.0.1
Synaptics Pointing Device Driver Synaptics Incorporated 09/03/2014 46,4 MB 15.3.29.0
System Requirements Lab for Intel Husdawg, LLC 20/03/2014 1,12 MB 4.5.22.0
TomTom HOME Nome società 04/04/2014 49,1 MB 2.9.7
TomTom HOME Visual Studio Merge Modules TomTom International B.V. 20/05/2011 1,88 MB 1.0.2
WebCube. Huawei Technologies Co.,Ltd 04/04/2012 22.001.08.00.12
WebPocket Huawei Technologies Co.,Ltd 28/02/2014 1.11.01.12

attendo commenti.

[[Claudio]]

attendo commenti.

Ci siamo quasi; facciamo fuori ciò che residua di PowerOffer:

1) START;
2) Scegli STRUMENTI DI AMMINISTRAZIONE;
3) scegli SERVIZI;
4) individua questi due servizi (probabilmente ne troverai uno solo, comunque controlla):
A) Pos Service (PowerOffer Service)
B) Serv Updater (ServUpdater)
5) tasto destro del mouse su ogni singolo servizio, scegli PROPRIETA’, nella sezione TIPO DI AVVIO cambia l’impostazione in DISABILITATO, clicca su APPLICA e conferma con OK;
6) Riavvia il sistema, attiva la visualizzazione dei file nascosti, segui il percorso e nella cartella LOCAL rimuovi, se ancora presenti ,queste due cartelle: PosService e ServUpdater.

Poi:

1) Lancia Internet Explorer e assegna queste (tutte e 4) LISTE DI MONITORAGGIO (in pratica sono l'ADBlock per IE senza installare l'addon);

2) Scarica e installa Avira: DOWNLOAD SITO UFFICIALE;

3) Disattiva il RIPRISTINO CONFIGURAZIONE DI SISTEMA: segui le istruzioni per: WINDOWS 7;

Riavvia il computer e, seguendo le istruzioni, RIATTIVA la funzione di RIPRISTINO CONFIGURAZIONE DI SISTEMA;

4) Riesegui una scansione con HitmanPro e allega il Report che verrà rilasciato;

5) allega un nuovo Report di Hijackthis.

[hashcat]

Prima di disinstallare ComboFix vorrei visionare il file infetto rimosso (e sostituito): carica su VirusTotal tutti i file che trovi all'interno della cartella C:\QooBox\Quarantine\ e postane i relativi link.

Infine ti invito a provare RogueKiller. Dopo averlo eseguito, al completamento della scansione preliminare automatica, clicca sul pulsante Scan e, al termine della scansione, sul pulsante Report, copia il relativo log e postalo sul forum.

[Twolight]

Premesso che ad ora dopo una faticata non da poco, ma di cui ringrazio tutti quelli che me l'hanno fatta fare, il problema del Framer non si è piu' presentato con I.E.
Ho fatto tutto quello che mi è stato indicato, ora posto i vari reports:
HIJACK

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:41:39, on 14/05/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
G:\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Invia a Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Invia a periferica &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.vodafone.it
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d9ed60dfaf454a9a\AESTSr64.exe
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Accesso rete (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Samsung AllShare PC (SamsungAllShareV2.0) - Samsung Electronics Co., Ltd. - C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
O23 - Service: SimpleSlideShowServer - Samsung Electronics Co., Ltd. - C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe
O23 - Service: Spooler di stampa (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d9ed60dfaf454a9a\STacSV64.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 8631 bytes

[Twolight]

HITMAN PRO

Codice: Seleziona tutto

HitmanPro 3.7.9.216
www.hitmanpro.com

   Computer name . . . . : ALPHABETA-PC
   Windows . . . . . . . : 6.1.1.7601.X64/2
   User name . . . . . . : alphabeta-PC\alphabeta
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (7 days left)

   Scan date . . . . . . : 2014-05-14 11:32:30
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 6m 26s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 1

   Objects scanned . . . : 2.139.264
   Files scanned . . . . : 31.915
   Remnants scanned  . . : 383.995 files / 1.723.354 keys

Cookies _____________________________________________________________________

   C:\Users\alphabeta\AppData\Local\Google\Chrome\User Data\Default\Cookies:eas8.emediate.eu

[Twolight]

ROGUE KILLER

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : alphabeta [Admin rights]
Mode : Scan [Aborted] -- Date : 05/14/2014 11:45:03
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Le attività pianificate : 0 ¤¤¤

¤¤¤ voci di avvio : 0 ¤¤¤

¤¤¤ I browser Web : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] IAT @iexplore.exe (GetProcAddress) : KERNEL32.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0xEB761C90)
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xFF84FB70)
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\syswow64\shlwapi.DLL @ 0x767C46E9)
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\syswow64\shlwapi.DLL @ 0x767C46E9)

¤¤¤ Extern Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

Finished : << RKreport[0]_S_05142014_114503.txt >>

Al riguardo non ho preso nessuna iniziativa per le voci inserite in "DRIVER" , non capisco bene quale tasto di rogue occorre cliccare o se non occorra fare niente. Non so neanche se si tratta di anomalie..??

[hashcat]

Quelle voci di RogueKiller sono innocue.

Mancano ancora i report di VirusTotal.

[Twolight]

Per chiudere posto anche tutti i link presenti nella cartella "Quarantine" di Qooobox dopo averli fatti esaminare da Virus total,
Non sembra che sia stato rilevato niente di particolare, se pensate che invece sia necessario un'azione di correzione, vi prego comunicarmelo.

https://www.virustotal.com/it/file/3dc3 ... /analysis/

https://www.virustotal.com/it/file/e3b0 ... /analysis/


https://www.virustotal.com/it/file/c9c8 ... 400075853/

https://www.virustotal.com/it/file/8cd3 ... 400076050/

https://www.virustotal.com/it/file/dad6 ... 400076150/

https://www.virustotal.com/it/file/fcc5 ... 400076250/

https://www.virustotal.com/it/file/59fc ... 400076365/

https://www.virustotal.com/it/file/2fdd ... 400076472/

https://www.virustotal.com/it/file/45e0 ... 400076627/

https://www.virustotal.com/it/file/617f ... /analysis/


https://www.virustotal.com/it/file/3e4a ... 400076722/



https://www.virustotal.com/it/file/0d55 ... 400077127/

https://www.virustotal.com/it/file/0534 ... 400077336/

https://www.virustotal.com/it/file/4cee ... 400077679/

https://www.virustotal.com/it/file/0464 ... 400077791/

https://www.virustotal.com/it/file/3c3b ... 400077854/

https://www.virustotal.com/it/file/f541 ... 400077982/

https://www.virustotal.com/it/file/b8f6 ... 400078252/

https://www.virustotal.com/it/file/0df4 ... /analysis/

https://www.virustotal.com/it/file/851f ... 400078683/


https://www.virustotal.com/it/file/8d16 ... /analysis/


https://www.virustotal.com/it/file/182b ... 400078993/

A questo punto incrociando le dita ma fiducioso, ringrazio tutti ed attendo vostri eventuali suggerimenti.
In particolare mi piacerebbe conoscere come configurare adeguatamente Avira.

[[Claudio]]

Per chiudere posto anche tutti i link presenti nella cartella "Quarantine" di Qooobox dopo averli fatti esaminare da Virus total,
Non sembra che sia stato rilevato niente di particolare

Infatti.

In particolare mi piacerebbe conoscere come configurare adeguatamente Avira.

Cosi su due piedi è praticamente impossibile; tempo fa avevo cercato di "recuperare" la Guida che avevo scritto per un altro forum .... ma non mi è stato possibile.

1) disinstalla COMBOFIX: clicca su START, nel campo CERCA PROGRAMMI digita combofix /uninstall (con spazio tra combofix e /uninstall ) e segui le istruzioni;

2) cestina i tool proposti da Hashcat;

3) cestina tutti gli eventuali report salvati, ecc..

Oggi, è giorno di aggiornamenti di Windows, quindi provvedi.

Se non riscontri ulteriori problematiche abbiamo concluso.

[Twolight]

Per chiudere posto anche tutti i link presenti nella cartella "Quarantine" di Qooobox dopo averli fatti esaminare da Virus total,
Non sembra che sia stato rilevato niente di particolare

Infatti.

In particolare mi piacerebbe conoscere come configurare adeguatamente Avira.

Cosi su due piedi è praticamente impossibile; tempo fa avevo cercato di "recuperare" la Guida che avevo scritto per un altro forum .... ma non mi è stato possibile.

1) disinstalla COMBOFIX: clicca su START, nel campo CERCA PROGRAMMI digita combofix /uninstall (con spazio tra combofix e /uninstall ) e segui le istruzioni;

2) cestina i tool proposti da Hashcat;

3) cestina tutti gli eventuali report salvati, ecc..

Oggi, è giorno di aggiornamenti di Windows, quindi provvedi.

Se non riscontri ulteriori problematiche abbiamo concluso.

Grazie davvero.