cmdow.exe

[Sam]

Salve tutti ................

Su un altro pc ho riscontrato d'aver ricevuto visite

Ho fatto uno scan con il Kaspersky on line e m'è uscito questo :

E:\WINDOWS\system32\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows


Quindi ho dato l'hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:41:09, on 15.07.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
E:\WINDOWS\Explorer.EXE
E:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
E:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Programme\Java\jre1.6.0_05\bin\jusched.exe
E:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe
E:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
E:\Programme\Microsoft IntelliType Pro\type32.exe
E:\Programme\Microsoft IntelliPoint\point32.exe
E:\Programme\Winamp\winampa.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Programme\Windows Live\Messenger\MsnMsgr.Exe
E:\Programme\Messenger\msmsgs.exe
E:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - E:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Programme\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [IAAnotif] "E:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [avgnt] "E:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [type32] "E:\Programme\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "E:\Programme\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [WinampAgent] E:\Programme\Winamp\winampa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DW6] "E:\Programme\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [MSMSGS] "E:\Programme\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - E:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - E:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - E:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - E:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - E:\Programme\TuneUpUtilities2006\WinStylerThemeSvc .exe
O23 - Service: XAudioService - Conexant Systems, Inc. - E:\WINDOWS\system32\DRIVERS\xaudio.exe

--
End of file - 5914 bytes


ps: l'hijackthis l'ho messo in crogrammi/hijackthis sia il setup che l'exe ... ho fatto bene ?

ah dimenticavo ... mentre installavo una chat mi s'è inserito un programma strano che erroneamente ho installato nel pc e non riesco a disinstallarlo ...

Si chiama The Weather Channel ... l'ho disinstallato da installazione applicazioni ma non si leva ...

Questo è il portatile di mia cugina ma è incasinato ... help me

[hell's bells]

In relazione al tuo file presunto infetto

Some anti-virus software vendors now classify cmdow.exe as a hacking tool because it can hide windows. A hacking tool is NOT a virus.

If you have any doubts regarding the authenticity of your copy of cmdow.exe, verify its integrity by comparing its checksum with those listed here.

About Cmdow

Cmdow is a Win32 commandline utility for NT4/2000/XP/2003 that allows windows to be listed, moved, resized, renamed, hidden/unhidden, disabled/enabled, minimized, maximized, restored, activated/inactivated, closed, killed and more.

Cmdow is 31kb standalone executable. It does not create any temporary files, nor does it write to the registry. There is no installation procedure, just run it. To completely remove all traces of it from your system, delete it.

Per quanto concerne il programma che hai disinstallato, segui questo percorso

E:\Programme\The Weather Channel FW\Desktop

controlla se la cartella esiste ancora e se ha files all'interno, la voce è ancora presente in hijackthis

[Sam]

What ???????????




In internet ci sò girare pure io .... ma non capisco bene

[hell's bells]

Spiego, è un comando legittimo di windows, solo che lavora in modalità nascosta e molti antivirus lo rilevano come malevolo, se noti il report di kaspersky not-a-virus:RiskTool.Win32.HideWindows è anche scritto, non è un virus ma un tool nascosto di windows.