Condividi:        

Trojan generic17.AENX

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Trojan generic17.AENX

Postdi robyfuma » 28/03/10 13:19

Ieri sera ho scaricato Orbitdownloader direttamente dal suo sito, mi occorreva per avere da republica.tv la trasmissione rai perunanotte. Stamani, come tutte le mattine AVG fà la scansione del pc, nulla. Faccio partire Malwarebytes e intanto entro in rete. AVG Rilevamento Resident Shield mi avverte INFEZIONE:Trojan Generic17.AENX oggetto: C\Programmi\Orbitdownloader\orbinet.exe processo: C\Programmi\Malwarebytes' Anti-Malware\mbam.exe. Sposto in quarantena. La mia curiosità stà nel fatto che avevo già usato Orbit un paio di volte e non era mai accaduto nulla, può essere un falso positivo o qualcosa del genere???? (sono molto ignorante in materia!). Cosa devo fare????
Grazie a chiunque voglia darmi una mano. :)
robyfuma
Utente Senior
 
Post: 105
Iscritto il: 22/04/09 09:08

Sponsor
 

Re: Trojan generic17.AENX

Postdi shel » 28/03/10 14:36

ciao
scarica Hijackthis

lancia il programma cliccando l’eseguibile e avvia la scansione, scegliendo la voce "Do a system scan and save a logfile"

Ricordati di mettere HIJACKTHIS in una cartella a lui dedicata (in Programmi o Documenti), l'importante è che non si trovi sul desktop o in cartelle temporanee è importante se vuoi salvare i backup

Posta il log che rilascia
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: Trojan generic17.AENX

Postdi robyfuma » 28/03/10 17:39

Ciao e grazie per il tuo aiuto. Ti posto il log.
Codice: Seleziona tutto
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.34.28, on 28/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Orbitdownloader\orbitdm.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fastweb.it/portale/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmi\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programmi\Orbitdownloader\orbitcth.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmi\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programmi\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programmi\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SpybotSnD] "C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE /P30 "EPSON Stylus Photo R320 Series" /M "Stylus Photo R320" /EF "HKCU"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Orbit.lnk = C:\Programmi\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 9780 bytes
robyfuma
Utente Senior
 
Post: 105
Iscritto il: 22/04/09 09:08

Re: Trojan generic17.AENX

Postdi shel » 28/03/10 18:06

il log e' a posto probabilmente avg ha preso un altro abbaglio

prova a scansionare il sistema con combofix

scaricalo ed eseguilo dal desktop

- segui le instruzioni
- finita la scansione portati in C:\ e copia/incolla, nella tua prossima risposta, il contenuto del file di testo Combofix.txt
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: Trojan generic17.AENX

Postdi robyfuma » 28/03/10 18:42

Ecco il log di Combofix......."per me è arabo!".....
Fammi sapere.
Codice: Seleziona tutto
ComboFix 10-03-28.01 - Roberta 28/03/2010  19.21.50.6.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.39.1040.18.1790.1237 [GMT 2:00]
Eseguito da: c:\documents and settings\Roberta\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Roberta\Dati applicazioni\Desktopicon
c:\documents and settings\Roberta\Dati applicazioni\Desktopicon\eBay.ico
c:\documents and settings\Roberta\Dati applicazioni\Desktopicon\uninst.exe
c:\windows\system32\AVSredirect.dll

.
(((((((((((((((((((((((((   Files Creati Da 2010-02-28 al 2010-03-28  )))))))))))))))))))))))))))))))))))
.

2010-03-28 10:37 . 2010-03-28 10:37   --------   d-----w-   c:\programmi\FreeTime
2010-03-27 23:37 . 2010-03-27 23:37   --------   d-----w-   c:\programmi\File comuni\SWF Studio
2010-03-27 14:08 . 2010-03-28 11:31   --------   d-----w-   c:\programmi\Orbitdownloader
2010-03-24 12:37 . 2010-03-24 12:37   --------   d-----w-   c:\programmi\ScanSoft
2010-03-19 23:17 . 2010-03-19 23:18   --------   d-----w-   c:\programmi\File comuni\Jasc Software Inc
2010-03-19 23:17 . 2010-03-19 23:17   --------   d-----w-   c:\programmi\Jasc Software Inc
2010-03-18 21:24 . 2010-03-18 21:34   --------   d-----w-   c:\programmi\ABC Amber LIT Converter
2010-03-17 18:13 . 2010-02-12 10:03   293376   ------w-   c:\windows\system32\browserchoice.exe
2010-03-17 14:06 . 2010-03-17 15:22   --------   d-----w-   c:\programmi\Yahoo!
2010-03-07 13:03 . 2010-03-07 13:03   --------   d-----w-   c:\programmi\ciotoli.it
2010-02-26 18:34 . 2010-02-26 18:36   156672   ----a-w-   c:\windows\system32\rmc_fixasf.exe
2010-02-26 18:34 . 2010-02-26 18:36   237568   ----a-w-   c:\windows\system32\rmc_rtspdl.dll
2010-02-26 18:34 . 2010-02-26 18:34   --------   d-----w-   c:\documents and settings\Roberta\Impostazioni locali\Dati applicazioni\mdnslib
2010-02-26 18:33 . 2010-02-26 18:33   --------   d-----w-   c:\windows\Applian Director
2010-02-26 18:32 . 2010-02-26 18:32   --------   d-----w-   c:\documents and settings\Roberta\Impostazioni locali\Dati applicazioni\FLVService
2010-02-26 18:32 . 2010-02-26 18:32   --------   d-----w-   c:\windows\Replay Media Catcher

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-28 17:09 . 2010-02-24 16:35   --------   d-----w-   c:\documents and settings\Roberta\Dati applicazioni\Orbit
2010-03-28 16:22 . 2010-02-06 09:36   --------   d-----w-   c:\documents and settings\Roberta\Dati applicazioni\vlc
2010-03-28 11:33 . 2009-03-11 16:37   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\avg8
2010-03-28 10:37 . 2009-08-28 21:04   --------   d-----w-   c:\programmi\FormatFactory
2010-03-22 14:36 . 2009-04-04 15:08   --------   d-----w-   c:\documents and settings\Roberta\Dati applicazioni\dvdcss
2010-03-22 14:05 . 2009-04-11 08:20   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\DVD Shrink
2010-03-22 06:30 . 2010-01-19 13:56   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-03-17 14:06 . 2009-03-20 15:30   --------   d-----w-   c:\programmi\CCleaner
2010-03-13 12:02 . 2009-03-19 08:28   --------   d-----w-   c:\programmi\EPSON Print CD
2010-03-11 18:44 . 2009-04-08 15:08   --------   d-----w-   c:\documents and settings\Roberta\Dati applicazioni\gtk-2.0
2010-03-11 18:43 . 2009-05-12 14:47   --------   d-----w-   c:\programmi\Avidemux 2.4
2010-02-25 19:35 . 2009-03-11 16:37   --------   d-----w-   c:\programmi\AVG
2010-02-24 16:35 . 2010-02-24 16:35   --------   d-----w-   c:\documents and settings\Roberta\Dati applicazioni\GrabPro
2010-02-21 10:32 . 2010-02-21 10:32   --------   d-----w-   c:\programmi\AviSynth 2.5
2010-02-21 10:32 . 2010-02-21 10:32   --------   d-----w-   c:\programmi\eRightSoft
2010-02-19 20:19 . 2009-05-23 09:08   --------   d---a-w-   c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-02-02 11:51 . 2010-02-02 11:50   --------   d-----w-   c:\programmi\iTunes
2010-02-02 11:50 . 2010-02-02 11:50   --------   d-----w-   c:\programmi\iPod
2010-02-02 11:50 . 2009-04-05 17:19   --------   d-----w-   c:\programmi\File comuni\Apple
2010-02-02 11:47 . 2010-02-02 11:46   --------   d-----w-   c:\programmi\QuickTime
2010-02-02 11:43 . 2010-02-02 11:43   72488   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-25 13:28 . 2009-10-23 06:34   3777816   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\TEMP\AVG\setup.exe
2010-01-18 07:44 . 2010-01-07 21:58   5115824   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-14 10:12 . 2009-10-03 06:40   181120   ------w-   c:\windows\system32\MpSigStub.exe
2010-01-07 15:07 . 2009-04-23 18:10   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-04-23 18:10   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2008-05-16 22:36   353792   ----a-w-   c:\windows\system32\drivers\srv.sys
2006-05-03 10:06 . 2010-02-21 10:32   163328   --sh--r-   c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2010-02-21 10:32   31232   --sh--r-   c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2010-02-21 10:32   216064   --sh--r-   c:\windows\system32\nbDX.dll
.

(((((((((((((((((((((((((((((   SnapShot@2010-02-18_12.11.51   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-28 17:20 . 2010-03-28 17:20   16384              c:\windows\Temp\Perflib_Perfdata_fc.dat
+ 2010-02-21 10:32 . 2004-01-24 23:00   70656              c:\windows\system32\yv12vfw.dll
- 2008-05-16 22:36 . 2009-10-28 15:07   46080              c:\windows\system32\tzchange.exe
+ 2008-05-16 22:36 . 2010-01-23 08:11   46080              c:\windows\system32\tzchange.exe
+ 2010-02-21 10:32 . 2004-01-24 23:00   70656              c:\windows\system32\i420vfw.dll
+ 2010-03-19 23:18 . 2010-03-19 23:18   25214              c:\windows\Installer\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}\ARPPRODUCTICON.exe
- 2009-07-22 10:33 . 2009-07-22 10:33   25214              c:\windows\Installer\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}\ARPPRODUCTICON.exe
+ 2009-03-11 16:00 . 2010-03-10 22:46   23040              c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-03-11 16:00 . 2010-02-10 11:33   23040              c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-03-11 16:00 . 2010-03-10 22:46   61440              c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2009-03-11 16:00 . 2010-02-10 11:33   61440              c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2009-03-11 16:00 . 2010-02-10 11:33   27136              c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-03-11 16:00 . 2010-03-10 22:46   27136              c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-03-11 16:00 . 2010-02-10 11:33   11264              c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-03-11 16:00 . 2010-03-10 22:46   11264              c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-03-11 16:00 . 2010-02-10 11:33   86016              c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-03-11 16:00 . 2010-03-10 22:46   86016              c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-03-11 16:00 . 2010-02-10 11:33   12288              c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-03-11 16:00 . 2010-03-10 22:46   12288              c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2010-03-19 22:31 . 2010-03-19 22:31   49152              c:\windows\Installer\{7C4196CA-CA41-4F34-9C08-7724E7705D52}\NewShortcut1_7C4196CACA414F349C087724E7705D52.exe
+ 2010-03-19 22:31 . 2010-03-19 22:31   10134              c:\windows\Installer\{7C4196CA-CA41-4F34-9C08-7724E7705D52}\ARPPRODUCTICON.exe
+ 2010-02-24 06:52 . 2009-10-28 15:07   46080              c:\windows\$NtUninstallKB979306$\tzchange.exe
+ 2010-02-24 06:52 . 2010-01-23 10:40   16896              c:\windows\$NtUninstallKB979306$\spuninst\tzchange.dll
+ 2010-02-24 06:53 . 2008-07-08 13:06   26488              c:\windows\$hf_mig$\KB976662-IE8\update\spcustom.dll
+ 2010-02-24 06:53 . 2008-07-08 13:06   18808              c:\windows\$hf_mig$\KB976662-IE8\spmsg.dll
+ 2009-03-11 16:00 . 2010-03-10 22:46   4096              c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2009-03-11 16:00 . 2010-02-10 11:33   4096              c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-05-16 22:36 . 2009-06-22 06:45   726528              c:\windows\system32\jscript.dll
+ 2008-05-16 22:36 . 2009-12-09 05:53   726528              c:\windows\system32\jscript.dll
+ 2008-05-16 22:36 . 2009-12-09 05:53   726528              c:\windows\system32\dllcache\jscript.dll
- 2008-05-16 22:36 . 2009-06-22 06:45   726528              c:\windows\system32\dllcache\jscript.dll
+ 2010-02-21 10:32 . 2004-02-22 09:11   719872              c:\windows\system32\devil.dll
+ 2010-02-21 10:32 . 2009-09-27 08:39   369152              c:\windows\system32\avisynth.dll
+ 2010-02-26 18:32 . 2010-02-26 18:32   473600              c:\windows\Replay Media Catcher\uninstall.exe
+ 2010-03-07 13:03 . 2010-03-07 13:03   244736              c:\windows\Installer\e01c34.msi
+ 2010-03-19 22:31 . 2010-03-19 22:31   533504              c:\windows\Installer\371ee0f.msi
- 2009-03-11 16:00 . 2010-02-10 11:33   409600              c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-03-11 16:00 . 2010-03-10 22:46   409600              c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-03-11 16:00 . 2010-02-10 11:33   286720              c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-03-11 16:00 . 2010-03-10 22:46   286720              c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2009-03-11 16:00 . 2010-02-10 11:33   249856              c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-03-11 16:00 . 2010-03-10 22:46   249856              c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-03-11 16:00 . 2010-02-10 11:33   794624              c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-03-11 16:00 . 2010-03-10 22:46   794624              c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-03-11 16:00 . 2010-02-10 11:33   135168              c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-03-11 16:00 . 2010-03-10 22:46   135168              c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-03-11 16:00 . 2010-02-10 11:33   593920              c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-03-11 16:00 . 2010-03-10 22:46   593920              c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2010-02-24 06:53 . 2008-07-08 13:06   402296              c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
+ 2010-02-24 06:53 . 2008-07-08 13:06   233848              c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
+ 2010-02-24 06:53 . 2009-06-22 06:45   726528              c:\windows\ie8updates\KB976662-IE8\jscript.dll
+ 2010-02-26 18:33 . 2010-02-26 18:33   473600              c:\windows\Applian Director\uninstall.exe
+ 2010-02-24 06:52 . 2009-05-26 11:41   402296              c:\windows\$NtUninstallKB979306$\spuninst\updspapi.dll
+ 2010-02-24 06:52 . 2009-05-26 11:41   233848              c:\windows\$NtUninstallKB979306$\spuninst\spuninst.exe
+ 2010-02-24 06:53 . 2008-07-08 13:06   402296              c:\windows\$hf_mig$\KB976662-IE8\update\updspapi.dll
+ 2010-02-24 06:53 . 2008-07-08 13:06   763768              c:\windows\$hf_mig$\KB976662-IE8\update\update.exe
+ 2010-02-24 06:53 . 2008-07-08 13:06   233848              c:\windows\$hf_mig$\KB976662-IE8\spuninst.exe
+ 2010-02-24 06:47 . 2009-12-09 05:51   726528              c:\windows\$hf_mig$\KB976662-IE8\SP3QFE\jscript.dll
- 2008-05-16 22:58 . 2008-04-14 12:00   3558912              c:\windows\system32\dllcache\moviemk.exe
+ 2008-05-16 22:58 . 2009-10-23 15:28   3558912              c:\windows\system32\dllcache\moviemk.exe
+ 2010-03-19 23:18 . 2010-03-19 23:18   2091008              c:\windows\Installer\3a52804.msi
+ 2010-02-04 17:11 . 2010-02-04 17:11   5526528              c:\windows\Installer\360ace8.msp
+ 2010-01-27 16:53 . 2010-01-27 16:53   6820864              c:\windows\Installer\360acd3.msp
+ 2010-03-24 12:37 . 2010-03-24 12:37   1981952              c:\windows\Installer\1441329.msi
+ 2009-03-14 14:16 . 2010-03-02 05:30   31648712              c:\windows\system32\MRT.exe
.
-- Snapshot per reimpostare la data corrente --
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:02   1230080   ----a-w-   c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo R320 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE" [2004-12-16 98304]
"AlcoholAutomount"="c:\programmi\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-10-29 205256]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-26 8491008]
"nwiz"="nwiz.exe" [2008-01-26 1626112]
"NvMediaCenter"="NvMCTray.dll" [2008-01-26 81920]
"RTHDCPL"="RTHDCPL.EXE" [2008-11-24 16858112]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-18 2046816]
"NBKeyScan"="c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]
"EPSON Stylus Photo R320 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE" [2004-12-16 98304]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"REGSHAVE"="c:\programmi\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"SpybotSnD"="c:\programmi\Spybot - Search & Destroy\SpybotSD.exe" [2009-01-26 5365592]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2010-01-22 141608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Orbit.lnk - c:\programmi\Orbitdownloader\orbitdm.exe [2010-3-27 1805584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-31 08:20   11952   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\InterVideo\\DVD7\\WinDVD.exe"=
"c:\\Programmi\\File comuni\\Nero\\Nero Web\\SetupX.exe"=
"c:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitdm.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/03/2009 18.37.26 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/03/2009 18.37.29 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [11/03/2009 18.37.23 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [11/03/2009 18.37.21 297752]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [01/06/2009 7.27.13 721904]
.
Contenuto della cartella 'Scheduled Tasks'

2010-03-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-03-28 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]

2010-03-28 c:\windows\Tasks\User_Feed_Synchronization-{B231C5D4-29AB-456F-AE9A-25E1ADE2C378}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.fastweb.it/portale/
uInternet Settings,ProxyOverride = local
IE: &Download by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/202
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

AddRemove-eBay Icon - c:\documents and settings\Roberta\Dati applicazioni\Desktopicon\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-28 19:26
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Ora fine scansione: 2010-03-28  19:27:45
ComboFix-quarantined-files.txt  2010-03-28 17:27

Pre-Run: 43.898.273.792 byte disponibili
Post-Run: 43.868.532.736 byte disponibili

- - End Of File - - 13AC55FFB919249395892ACE7CFFEBEB
robyfuma
Utente Senior
 
Post: 105
Iscritto il: 22/04/09 09:08

Re: Trojan generic17.AENX

Postdi shel » 28/03/10 19:06

collegati su questo sito e analizza il file segnalato

c:\windows\system32\browserchoice.exe
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: Trojan generic17.AENX

Postdi robyfuma » 28/03/10 19:41

Analizzato mi sono copiata il log e te lo posto.
Premetto che questo browser.exe me lo sono ritrovata in collegamento sul desktop dopo un aggiornamento di windows, l'ho aperto e mi comunicava che......te lo copio....

Il browser rappresenta un elemento del software importante del computer. È il mezzo utilizzato per navigare in Internet, la finestra attorno ai siti Web visitati.
Sono disponibili numerosi browser, ciascuno fornito di una vasta gamma di funzionalità. Dalla schermata successiva è possibile selezionare e installare tutti i browser aggiuntivi che si desidera.
Nota: l'aggiornamento della scelta del browser ha sbloccato il browser, Microsoft Windows Internet Explorer, dalla barra delle applicazioni ma è possibile bloccarlo di nuovo. Per ulteriori informazioni, fare clic qui.
Internet Explorer è ancora disponibile dal menu Start/Programmi.
Prima di procedere, confermare di disporre della connessione a Internet.

......nella pagina succesiva c'è l'elenco di tutti i browser disponibili con il loro link. Così sono andata al sito di windows per controllare e in effetti negli aggiornamenti c'è, dicono per "una direttiva europea". E' possibile eliminarlo???

P.S log esaminato
Codice: Seleziona tutto
File browserchoice.exe ricevuto il 2010.03.28 14:22:35 (UTC)
Stato corrente: finito

Risultato: 0/42 (0.00%)
 Formattato Stampa risultati  Antivirus Versione Ultimo aggiornamento Risultato
a-squared 4.5.0.50 2010.03.28 -
AhnLab-V3 5.0.0.2 2010.03.27 -
AntiVir 7.10.5.241 2010.03.26 -
Antiy-AVL 2.0.3.7 2010.03.26 -
Authentium 5.2.0.5 2010.03.28 -
Avast 4.8.1351.0 2010.03.28 -
Avast5 5.0.332.0 2010.03.28 -
AVG 9.0.0.787 2010.03.28 -
BitDefender 7.2 2010.03.28 -
CAT-QuickHeal 10.00 2010.03.27 -
ClamAV 0.96.0.0-git 2010.03.28 -
Comodo 4416 2010.03.28 -
DrWeb 5.0.1.12222 2010.03.28 -
eSafe 7.0.17.0 2010.03.28 -
eTrust-Vet 35.2.7391 2010.03.26 -
F-Prot 4.5.1.85 2010.03.27 -
F-Secure 9.0.15370.0 2010.03.28 -
Fortinet 4.0.14.0 2010.03.27 -
GData 19 2010.03.28 -
Ikarus T3.1.1.80.0 2010.03.28 -
Jiangmin 13.0.900 2010.03.28 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.03.28 -
McAfee 5933 2010.03.27 -
McAfee+Artemis 5933 2010.03.27 -
McAfee-GW-Edition 6.8.5 2010.03.27 -
Microsoft 1.5605 2010.03.28 -
NOD32 4979 2010.03.28 -
Norman 6.04.10 2010.03.28 -
nProtect 2009.1.8.0 2010.03.28 -
Panda 10.0.2.2 2010.03.28 -
PCTools 7.0.3.5 2010.03.28 -
Prevx 3.0 2010.03.28 -
Rising 22.40.06.04 2010.03.28 -
Sophos 4.52.0 2010.03.28 -
Sunbelt 6101 2010.03.26 -
Symantec 20091.2.0.41 2010.03.28 -
TheHacker 6.5.2.0.246 2010.03.28 -
TrendMicro 9.120.0.1004 2010.03.28 -
VBA32 3.12.12.2 2010.03.27 -
ViRobot 2010.3.27.2248 2010.03.27 -
VirusBuster 5.0.27.0 2010.03.27 -
Informazioni addizionali
File size: 293376 bytes
MD5   : da1919d896dbd5895e138932ae9e398b
SHA1  : 361bee6e2535d9fc10a01ac6686be55d854fc5ba
SHA256: 4c5fb3c35ca7c2e10ae2920afd40e854c123219901c15a80941ac9f53eef97d7
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x3363
timedatestamp.....: 0x4B737C6F (Thu Feb 11 04:41:35 2010)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x34CA 0x3600 6.18 e0356f94745647bc2bed78b680e83512
.data 0x5000 0x68C 0x400 5.80 28fcfd5ab0eb9c208220c87444240f30
.rsrc 0x6000 0x44000 0x43400 6.41 1370a78bf18215c408206d0638b25934
.reloc 0x4A000 0x648 0x800 2.72 cb9cda0ca1762d2b27ddcf4dd8860ae5

( 10 imports )

> advapi32.dll: RegCloseKey, RegCreateKeyExW, GetTokenInformation, OpenProcessToken, CreateProcessAsUserW, SetTokenInformation, GetLengthSid, ConvertStringSidToSidW, DuplicateTokenEx
> kernel32.dll: GetLastError, VerifyVersionInfoW, VerSetConditionMask, FreeLibrary, GetProcAddress, LoadLibraryW, CloseHandle, GetCurrentProcess, GetUserGeoID, GetExitCodeProcess, WaitForSingleObject, LocalFree, GetModuleHandleW, lstrcmpA, GetModuleFileNameW, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, GetStartupInfoA, InterlockedCompareExchange, Sleep, InterlockedExchange
> msvcrt.dll: _controlfp, _vsnwprintf, memset, __3@YAXPAX@Z, wcschr, _wcsnicmp, _terminate@@YAXXZ, __set_app_type, __p__fmode, __p__commode, __setusermatherr, _amsg_exit, _initterm, _acmdln, exit, _ismbblead, _XcptFilter, _exit, _cexit, __getmainargs, _wtoi, __2@YAPAXI@Z
> ntdll.dll: RtlUnwind
> ole32.dll: CoUninitialize, CoTaskMemFree, CoCreateInstance, CoInitializeEx
> oleaut32.dll: -, -
> shell32.dll: -, SHGetFolderPathW, -, -, ShellExecuteW, SHBindToParent
> shlwapi.dll: PathCombineW, PathAddExtensionW, -, SHRegGetBoolUSValueW, SHRegGetUSValueW, SHDeleteValueW, PathFindFileNameW, -, SHRegSetUSValueW, SHSetValueW
> user32.dll: LoadStringW
> wininet.dll: InternetGetCookieW, InternetSetCookieW

( 0 exports )
 
TrID  : File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 6144:IEesYclzRCayeopvGE0zM6s4D8e8FIBK86dNvMXfAo:IEerclzRCayeopvGNzM6s4D8e8FIBK8f
sigcheck: publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Browser Choice
original name: browserchoice.exe
internal name: Browser Choice
file version.: 6.1.7600.16526 (win7_gdr.100210-1504)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
 
PEiD  : -
RDS   : NSRL Reference Data Set
-


 ATTENZIONE: VirusTotal è un servizio gratuito offerto da Hispasec Sistemas. Non esiste garanzia circa la disponibilità e la continuità di questo servizio. Nonostante il livello di identificazione conseguito da multipli motori antivirus sia molto superiore a quello offerto dal singolo prodotto, questi risultati NON garantiscono la sicurezza di un file. Attualmente, non esiste soluzione che offra certezza al 100% sull'identificazione di virus e malware
robyfuma
Utente Senior
 
Post: 105
Iscritto il: 22/04/09 09:08

Re: Trojan generic17.AENX

Postdi shel » 28/03/10 20:06

si e' un aggiornamento di windows, se ne parla anche in questa discussione

sembra che il tuo pc e' a posto, probabilmente avg lo ha identificato come minaccia

prova ad aggiornare avg alla versione 9 e ripeti la scansione, controlla se lo rileva ancora

per disinstallare la vecchia versione usa questo tool

per eliminare combofix scarica OTC by OldTimer

eseguilo
Clicca su CleanUp.
Alla richiesta di riavvio clicca SI

vai in C:\ ed elimina la cartella qoobox
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: Trojan generic17.AENX

Postdi robyfuma » 28/03/10 20:21

Con AVG 9 ho grossi problemi per istallarlo ho già provato, mi dà sempre un errore. A proposito visto che ne parliamo, il 2 maggio mi scade la licenza cosa, (sempre se puoi), potresti consigliarmi di alternativo?
Grazie shell, sinceramente tanto, per l'aiuto che mi hai dato. Siete "GRANDI"....
Roberta
robyfuma
Utente Senior
 
Post: 105
Iscritto il: 22/04/09 09:08

Re: Trojan generic17.AENX

Postdi shel » 28/03/10 21:20

posso consigliarti avira, leggero e performante

scaricalo da qui e dopo averlo aggiornato fai una scansione completa del sistema
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56


Torna a Sicurezza e Privacy


Topic correlati a "Trojan generic17.AENX":

trojan win32/sirefef
Autore: marzianu
Forum: Sicurezza e Privacy
Risposte: 27

Chi c’è in linea

Visitano il forum: Nessuno e 113 ospiti