Un saluto a tutti. Sono nuovo del forum è la prima volta che vi scrivo anche perchè ho deciso da poco di passare a Comodo Internet Security che nonostante quello che molti in altri forum scrivono reputo molto al di sopra di altri prodotti simili.
Il mio problema è che durante la scansione comodo antivirus nell’area critica rileva la presenza di 2 chiavi che reputa infette e che non riesce a rimuovere e che vi scrivo:
chiave 1):
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{866E5309-4DE4-EC1D-5303B5015403F078}{E4D7DA31-B59C-2F42-84703E9617E7637D}{F8D6A80B-EA06-4220-85CE61582D500BD8}{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1
chiave 2):
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{DF771B98-AC91-34D8-F0EE49DCFFD7BEDE}{02C90D3B-A401-D38F-0F8BFA977E327E75}{1704AFF6-6AA2-2F70-F8B468ED602E6063}\SE4K5INHHR1EDZYY15BVZC6TKG1
Ho fatto altre scansioni con malwarebytes, superantispyware, hitmanPro, on line ho provato anche la scansione con Panda activescan e Trendmicro Housecall e nessuno rileva nulla. Il pc funziona perfettamente non ho nessun sintomo di infezioni e controllo sempre fra i programmi in avvio su msconfig che non si aggiunga nulla di anomalo. Le impostazioni dell’antivirus sono quelle normali non le ho modificate
Devo considerarle come falsi positivi?
Se a qualcuno può servire vi posto anche il log di Higackthis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11.27.38, on 28/04/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmi\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Fighters\SPAMfighter\sfagent.exe
C:\Programmi\KMaestro\KMaestro.exe
C:\Programmi\COMODO\COMODO Internet Security\cfp.exe
C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
C:\Programmi\File comuni\InterVideo\DeviceService\DevSvc.exe
C:\Programmi\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\PSIService.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Fighters\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Fighters\FighterSuiteService.exe
C:\Programmi\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\VIA\RAID\vialogsv.exe
C:\Programmi\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
C:\Programmi\File comuni\Raxco\Shared\PDEngine.exe
C:\Programmi\Raxco\PerfectDisk\PDAgentS1.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\msiexec.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Outlook, Office, Skype, Bing, Breaking News, and Latest Videos
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Outlook, Office, Skype, Bing, Breaking News, and Latest Videos
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O4 - HKLM..\Run: [sfagent] C:\Programmi\Fighters\SPAMfighter\sfagent.exe
O4 - HKLM..\Run: [BtcMaestro] “C:\Programmi\KMaestro\KMaestro.exe”
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [COMODO Internet Security] “C:\Programmi\COMODO\COMODO Internet Security\cfp.exe” -h
O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVIZIO LOCALE’)
O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVIZIO DI RETE’)
O4 - HKUS\S-1-5-21-527237240-1078081533-682003330-1004..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘UpdatusUser’)
O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Programmi\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Programmi\File comuni\InterVideo\DeviceService\DevSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programmi\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\File comuni\Raxco\Shared\PDEngine.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Programmi\Fighters\SPAMfighter\sfus.exe
O23 - Service: Suite Service - SPAMfighter ApS - C:\Programmi\Fighters\FighterSuiteService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Programmi\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VRAID Log Service - Unknown owner - C:\Programmi\VIA\RAID\vialogsv.exe
–
End of file - 6590 bytes
Secondo voi devo preoccuparmi? cosa mi consigliate?
Un saluto a tutti e grazie anticipatamente a quanti troveranno il tempo di rispondermi