PDA

View Full Version : Analisi Spybot, voci di registro che si ricreano


morpheus85
20-06-2009, 11:34
DSO Exploit: Data source object exploit (Modifica al registro, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Modifica al registro, fixed)
HKEY_USERS\S-1-5-21-1409082233-583907252-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Modifica al registro, fixed)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Modifica al registro, fixed)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Modifica al registro, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

Non so se centra ma ultimamente se vado su chatta.it avira mi fa simili segnalazioni ad ogni aggiornamento di pagina:

Virus or unwanted program 'HEUR/HTML.Malware [heuristic]'
detected in file 'D:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\Opera\Opera\profile\cache4\opr1KBK2.
Action performed: Move file to quarantine

morpheus85
20-06-2009, 11:39
ok ho letto di quel problema di internet explorer.. però le segnalazioni di avira le trovo anomale

wjmat
20-06-2009, 13:25
ciao

fai pulizia con ATFCleaner (http://www.hwupgrade.it/forum/showpost.php?p=24033021&postcount=2) o con CCleaner (http://www.hwupgrade.it/forum/showpost.php?p=24033029&postcount=3)
configura antivir come indicato qui (http://www.hwupgrade.it/forum/showthread.php?t=1514684), fai una scansione completa e carichi il log/report secondo le modalità (http://www.hwupgrade.it/forum/showthread.php?t=1751598)

morpheus85
20-06-2009, 15:09
Ecco qui:



Avira AntiVir Personal
Report file date: sabato 20 giugno 2009 14:02

Scanning for 1477965 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: MATRIX-EBA66CDB

Version information:
BUILD.DAT : 8.2.0.353 17048 Bytes 15/05/2009 12:02:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 14:13:02
ANTIVIR2.VDF : 7.1.4.87 2982912 Bytes 12/06/2009 14:28:41
ANTIVIR3.VDF : 7.1.4.116 207872 Bytes 19/06/2009 14:23:01
Engineversion : 8.2.0.191
AEVDF.DLL : 8.1.1.1 106868 Bytes 01/05/2009 14:43:16
AESCRIPT.DLL : 8.1.2.9 409978 Bytes 18/06/2009 14:25:05
AESCN.DLL : 8.1.2.3 127347 Bytes 16/05/2009 14:32:13
AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 13:58:38
AEPACK.DLL : 8.1.3.18 401783 Bytes 28/05/2009 14:24:13
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 18/06/2009 14:24:59
AEHEUR.DLL : 8.1.0.133 1798520 Bytes 18/06/2009 14:24:56
AEHELP.DLL : 8.1.3.6 205174 Bytes 11/06/2009 14:26:09
AEGEN.DLL : 8.1.1.45 348532 Bytes 09/06/2009 14:23:38
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56
AECORE.DLL : 8.1.6.12 180599 Bytes 28/05/2009 14:24:09
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.3 155688 Bytes 21/04/2009 14:41:53
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: d:\programmi\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: repair
Secondary action.................: delete
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: high
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: sabato 20 giugno 2009 14:02

Starting search for hidden objects.
'77151' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'opera.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'CCC.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'RemoteControlAppl.exe' - '1' Module(s) have been scanned
Scan process 'hpztsb05.exe' - '1' Module(s) have been scanned
Scan process 'cfp.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'MOM.exe' - '1' Module(s) have been scanned
Scan process 'dragdiag.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'CLSched.exe' - '1' Module(s) have been scanned
Scan process 'ssoftsrv.exe' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'Input Service.exe' - '1' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'a2service.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'cmdagent.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
43 processes with 43 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '58' files ).


Starting the file scan:

Begin scan in 'C:\'
Begin scan in 'D:\'
D:\pagefile.sys
[WARNING] The file could not be opened!
D:\WINDOWS\system32\drivers\dtscsi.sys
[WARNING] The file could not be opened!
D:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!


End of the scan: sabato 20 giugno 2009 15:05
Used time: 1:03:29 Hour(s)

The scan has been done completely.

4733 Scanning directories
261735 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
261732 Files not concerned
26156 Archives were scanned
3 Warnings
0 Notes
77151 Objects were scanned with rootkit scan
0 Hidden objects were found

wjmat
20-06-2009, 19:01
i futori log, secondo le regole di sezione, grazie

direi che è tutto ok

morpheus85
20-06-2009, 19:55
i futori log, secondo le regole di sezione, grazie

direi che è tutto ok

qualche idea su quelle segnalazioni? falsi positivi?

Chill-Out
20-06-2009, 22:40
qualche idea su quelle segnalazioni? falsi positivi?

Così ad occhio mi verrebbe da dire che usi una versione non aggiornata di Spybot

morpheus85
21-06-2009, 11:50
Così ad occhio mi verrebbe da dire che usi una versione non aggiornata di Spybot

non parlo di quelle segnalazioni ma quelle di avira :read:

Chill-Out
21-06-2009, 14:11
non parlo di quelle segnalazioni ma quelle di avira :read:

Sarò stato tratto in inganno dal titolo della discussione "Analisi Spybot, voci di registro che si ricreano", comunque dal log di Avira non emerge nulla :)