problema con maleware

**menatwork** · 11-11-2012, 19:45

probabilmente una delle infezioni che ha portato a questo e' SpyHunter sembrerebbe un rogue piu' che un software di pulizia

ora apri otl e copia questo codice nel box bianco

:OTL
DRV - (esgiguard) -- C:\Programmi\Enigma Software Group\SpyHunter\esgiguard.sys ()
SRV - (SpyHunter 4 Service) -- C:\Programmi\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
IE - HKU\S-1-5-21-1311962358-177964686-3492854707-500\..\SearchScopes\{EF853235-2594-46EB-8EA0-BD5E1115F40C}: "URL" = http://websearch.ask.com/redirect?cl...0401&src=kw&q={searchTerms}&locale=it_IT&apn_ptnrs=^ABZ&apn_dtid =^YYYYYY^YY^IT&apn_uid=74c5ac22-1fcf-4a95-a246-5f3a6c5b2718&apn_sauid=66C71626-7AE9-42A2-B0EC-C8DC3398B0A1
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:BB24555F
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E3C56885
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4CF61E54

:Files
C:\sh4ldr
C:\Programmi\Enigma Software Group\SpyHunter
C:\Windows\Installer\{62e00f59-5fd6-6879-9a8f-7cc5636a5b19}\L
C:\Windows\Installer\{62e00f59-5fd6-6879-9a8f-7cc5636a5b19}\U
C:\Users\Giova\AppData\Local\{62e00f59-5fd6-6879-9a8f-7cc5636a5b19}\@
C:\Users\Giova\AppData\Local\{62e00f59-5fd6-6879-9a8f-7cc5636a5b19}\L
C:\Users\Giova\AppData\Local\{62e00f59-5fd6-6879-9a8f-7cc5636a5b19}\U
C:\Windows\assembly\Desktop.ini
C:\Users\Giova\AppData\Roaming\.#
C:\Users\Giova\AppData\Roaming\Awem
ipconfig /flushdns /c

:commands
[purity]
[Reboot]

premi run fix e allega il log ottenuto

Discussione: problema con maleware

Strumenti discussione

Ricerca discussione

Visualizza

Visualizzazione discussione

Permessi di invio