Analisi Spybot, voci di registro che si ricreano

[morpheus85]

Quote:

DSO Exploit: Data source object exploit (Modifica al registro, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Modifica al registro, fixed)
HKEY_USERS\S-1-5-21-1409082233-583907252-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Modifica al registro, fixed)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Modifica al registro, fixed)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Modifica al registro, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

Non so se centra ma ultimamente se vado su chatta.it avira mi fa simili segnalazioni ad ogni aggiornamento di pagina:

Quote:

Virus or unwanted program 'HEUR/HTML.Malware [heuristic]'
detected in file 'D:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\Opera\Opera\profile\cache4\opr1KBK2.
Action performed: Move file to quarantine

[morpheus85]

ok ho letto di quel problema di internet explorer.. però le segnalazioni di avira le trovo anomale

[wjmat]

ciao

fai pulizia con ATFCleaner o con CCleaner
configura antivir come indicato qui, fai una scansione completa e carichi il log/report secondo le modalità

[morpheus85]

Ecco qui:

Codice:

Avira AntiVir Personal
Report file date: sabato 20 giugno 2009  14:02

Scanning for 1477965 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 3)  [5.1.2600]
Boot mode:        Normally booted
Username:         SYSTEM
Computer name:    MATRIX-EBA66CDB

Version information:
BUILD.DAT     : 8.2.0.353      17048 Bytes  15/05/2009 12:02:00
AVSCAN.EXE    : 8.1.4.10      315649 Bytes  18/11/2008 08:21:26
AVSCAN.DLL    : 8.1.4.0        40705 Bytes  26/05/2008 07:56:40
LUKE.DLL      : 8.1.4.5       164097 Bytes  12/06/2008 12:44:19
LUKERES.DLL   : 8.1.4.0        12033 Bytes  26/05/2008 07:58:52
ANTIVIR0.VDF  : 7.1.0.0     15603712 Bytes  27/10/2008 11:30:36
ANTIVIR1.VDF  : 7.1.2.12     3336192 Bytes  11/02/2009 14:13:02
ANTIVIR2.VDF  : 7.1.4.87     2982912 Bytes  12/06/2009 14:28:41
ANTIVIR3.VDF  : 7.1.4.116     207872 Bytes  19/06/2009 14:23:01
Engineversion : 8.2.0.191 
AEVDF.DLL     : 8.1.1.1       106868 Bytes  01/05/2009 14:43:16
AESCRIPT.DLL  : 8.1.2.9       409978 Bytes  18/06/2009 14:25:05
AESCN.DLL     : 8.1.2.3       127347 Bytes  16/05/2009 14:32:13
AERDL.DLL     : 8.1.1.3       438645 Bytes  04/11/2008 13:58:38
AEPACK.DLL    : 8.1.3.18      401783 Bytes  28/05/2009 14:24:13
AEOFFICE.DLL  : 8.1.0.38      196987 Bytes  18/06/2009 14:24:59
AEHEUR.DLL    : 8.1.0.133    1798520 Bytes  18/06/2009 14:24:56
AEHELP.DLL    : 8.1.3.6       205174 Bytes  11/06/2009 14:26:09
AEGEN.DLL     : 8.1.1.45      348532 Bytes  09/06/2009 14:23:38
AEEMU.DLL     : 8.1.0.9       393588 Bytes  14/10/2008 10:05:56
AECORE.DLL    : 8.1.6.12      180599 Bytes  28/05/2009 14:24:09
AEBB.DLL      : 8.1.0.3        53618 Bytes  14/10/2008 10:05:56
AVWINLL.DLL   : 1.0.0.12       15105 Bytes  09/07/2008 08:40:05
AVPREF.DLL    : 8.0.2.0        38657 Bytes  16/05/2008 09:28:01
AVREP.DLL     : 8.0.0.3       155688 Bytes  21/04/2009 14:41:53
AVREG.DLL     : 8.0.0.1        33537 Bytes  09/05/2008 11:26:40
AVARKT.DLL    : 1.0.0.23      307457 Bytes  12/02/2008 08:29:23
AVEVTLOG.DLL  : 8.0.0.16      119041 Bytes  12/06/2008 12:27:49
SQLITE3.DLL   : 3.3.17.1      339968 Bytes  22/01/2008 17:28:02
SMTPLIB.DLL   : 1.2.0.23       28929 Bytes  12/06/2008 12:49:40
NETNT.DLL     : 8.0.0.1         7937 Bytes  25/01/2008 12:05:10
RCIMAGE.DLL   : 8.0.0.51     2371841 Bytes  12/06/2008 13:48:07
RCTEXT.DLL    : 8.0.52.0       86273 Bytes  27/06/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: d:\programmi\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: repair
Secondary action.................: delete
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, 
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, 
Macro heuristic..................: on
File heuristic...................: high
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: sabato 20 giugno 2009  14:02

Starting search for hidden objects.
'77151' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'opera.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'CCC.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'RemoteControlAppl.exe' - '1' Module(s) have been scanned
Scan process 'hpztsb05.exe' - '1' Module(s) have been scanned
Scan process 'cfp.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'MOM.exe' - '1' Module(s) have been scanned
Scan process 'dragdiag.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'CLSched.exe' - '1' Module(s) have been scanned
Scan process 'ssoftsrv.exe' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'Input Service.exe' - '1' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'a2service.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'cmdagent.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
43 processes with 43 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
    [INFO]      No virus was found!
Master boot sector HD1
    [INFO]      No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
    [INFO]      No virus was found!
Boot sector 'D:\'
    [INFO]      No virus was found!

Starting to scan the registry.
The registry was scanned ( '58' files ).


Starting the file scan:

Begin scan in 'C:\'
Begin scan in 'D:\'
D:\pagefile.sys
    [WARNING]   The file could not be opened!
D:\WINDOWS\system32\drivers\dtscsi.sys
    [WARNING]   The file could not be opened!
D:\WINDOWS\system32\drivers\sptd.sys
    [WARNING]   The file could not be opened!


End of the scan: sabato 20 giugno 2009  15:05
Used time:  1:03:29 Hour(s)

The scan has been done completely.

   4733 Scanning directories
 261735 Files were scanned
      0 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      3 Files cannot be scanned
 261732 Files not concerned
  26156 Archives were scanned
      3 Warnings
      0 Notes
  77151 Objects were scanned with rootkit scan
      0 Hidden objects were found

[wjmat]

i futori log, secondo le regole di sezione, grazie

direi che è tutto ok

[morpheus85]

Quote:

Originariamente inviato da wjmat

i futori log, secondo le regole di sezione, grazie

direi che è tutto ok

qualche idea su quelle segnalazioni? falsi positivi?

[Chill-Out]

Quote:

Originariamente inviato da morpheus85

qualche idea su quelle segnalazioni? falsi positivi?

Così ad occhio mi verrebbe da dire che usi una versione non aggiornata di Spybot

[morpheus85]

Quote:

Originariamente inviato da Chill-Out

Così ad occhio mi verrebbe da dire che usi una versione non aggiornata di Spybot

non parlo di quelle segnalazioni ma quelle di avira

[Chill-Out]

Quote:

Originariamente inviato da morpheus85

non parlo di quelle segnalazioni ma quelle di avira

Sarò stato tratto in inganno dal titolo della discussione "Analisi Spybot, voci di registro che si ricreano", comunque dal log di Avira non emerge nulla