Author Topic: INFECT or no ? help me please ? (Read 3956 times)

miciotta62 · « **on:** July 05, 2012, 08:43:52 PM »

yesterday scan with AVAST and none , but with antimlwarebtye's (suggest to me by avast team ) it found :

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

what is ? false/positive or REAL infect key ?

and hijackthis found this :

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe

i think is not infect but a skype tool ?

and this :

O23 - Service: HWDeviceService.exe - Unknown owner - C:\Documents and Settings\All Users\Dati applicazioni\DatacardService\HWDeviceService.exe

i think my datacard internet key

what i to do ? SAS , and kasperky Tdss anf GMER not found this 3 INFECTIONS...

i delete this or ? help me ....

essexboy · « **Reply #1 on:** July 05, 2012, 09:01:14 PM »

Hi PUM means Possible Unwanted Modification (Possibile modifica indesiderata)

And is of no great concern

Is the computer exhibiting any weird behaviour ?

miciotta62 · « **Reply #2 on:** July 05, 2012, 09:14:00 PM »

a little bit !

this key register i delete or not ?

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|StartMenuLogoff

help me ? hi,,,,

essexboy · « **Reply #3 on:** July 05, 2012, 09:15:42 PM »

Yes accept the recommendation

What are the problems you are experiencing ?

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Select All Users
Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s
CREATERESTOREPOINT

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Post both logs

miciotta62 · « **Reply #4 on:** July 06, 2012, 08:23:05 PM »

in attach my log file of OTL... please say if i have a infect or not ? thanks...

essexboy · « **Reply #5 on:** July 06, 2012, 08:58:13 PM »

That looks clean no infection that I can see

miciotta62 · « **Reply #6 on:** July 07, 2012, 01:25:45 PM »

great !

also the key and the two 023 object from hijackthis is ALL false/postivie ?

i NOT delete it ?

miciotta62 · « **Reply #7 on:** July 07, 2012, 01:26:26 PM »

and hijackthis found this :

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: HWDeviceService.exe - Unknown owner - C:\Documents and Settings\All Users\Dati applicazioni\DatacardService\HWDeviceService.exe

essexboy · « **Reply #8 on:** July 07, 2012, 01:38:18 PM »

Those keys are legitimate, I am afraid Hijackthis cannot cope with the current windows or malware

Author Topic: INFECT or no ? help me please ? (Read 3956 times)

miciotta62

INFECT or no ? help me please ?

essexboy

Re: INFECT or no ? help me please ?

miciotta62

Re: INFECT or no ? help me please ?

essexboy

Re: INFECT or no ? help me please ?

miciotta62

Re: INFECT or no ? help me please ?

essexboy

Re: INFECT or no ? help me please ?

miciotta62

Re: INFECT or no ? help me please ?

miciotta62

Re: INFECT or no ? help me please ?

essexboy

Re: INFECT or no ? help me please ?