|
|||||||
|
|
|
 |
|
|
Strumenti |
08-04-2008, 23:50
|
#1 |
|
Junior Member
Iscritto dal: Apr 2008
Messaggi: 7
|
Interpretazione Hijackthis.Ho virus,dialer,spyware? C:\WINDOWS\winlogon.exe. cos'è'?
Interpretazione Hijackthis
-------------------------------------------------------------------------------- Salve sono nuovo e nn so ancora bene cm muovermi... oggi mi è apparsa un'icona sul dekstop cn scritto: "rundll32.exe stmctrl.dll,TaskBar" io cn avast ho bloccato subito dei processi strani che mi chiedevano l'autorizzazione ed ho spento il pc,ma alla riaccensione c'era sempre qualche tentativo di processi che nn so cosa siano... inoltre ho riscontrato una diminuzione della velocità di Internet Alice ADSL da 7 mega e 5 mega... nn so sinceramente cosa sia...però consultando questo forum mi sono mosso in fretta e furia x capire se avevo un virus ,un dialer o qualsiasi cosa di nn sicuro sul mio pc ho scaricato hijackthis e ho fatto il controllo il risulato è questo Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21.45.29, on 08/04/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe D:\Programmi\Avast Computer Week\aswUpdSv.exe D:\Programmi\Avast Computer Week\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Programmi\File comuni\LightScribe\LSSrvc.exe C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\Programmi\Prevx2\PXAgent.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe D:\Programmi\Avast Computer Week\ashMaiSv.exe D:\Programmi\Avast Computer Week\ashWebSv.exe C:\Programmi\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Apps\Powercinema\PCMService.exe D:\PROGRA~1\AVASTC~1\ashDisp.exe C:\Programmi\File comuni\Real\Update_OB\realsched.exe D:\Programmi\Nokia PC Suite (nuova vers.)\Nokia PC Suite 6\LaunchApplication.exe C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe C:\Programmi\QuickTime\qttask.exe C:\Programmi\Prevx2\PXConsole.exe C:\WINDOWS\system32\rundll32.exe C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe C:\Programmi\Windows Media Player\WMPNSCFG .exe C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Programmi\Windows Live\Messenger\usnsvc.exe C:\Programmi\Internet Explorer\iexplore.exe D:\Programmi\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\it.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://renewalcenter.symantec.com/st...p_cversion=300 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - D:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAudPropShortcut.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programmi\File comuni\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\AVASTC~1\ashDisp.exe O4 - HKLM\..\Run: [ashMaiSv] D:\PROGRA~1\ashmaisv.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Programmi\Nokia PC Suite (nuova vers.)\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [PrevxRootkitRemovalTool] "D:\Documents and Settings\Dario.SN106716190315\Impostazioni locali\Temporary Internet Files\Content.IE5\DF1GUQZI\BAB88ED[1].exe" -scan O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PrevxOne] "C:\Programmi\Prevx2\PXConsole.exe" O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKLM\..\Run: [WireLessMouse] C:\Programmi\DS-3200 Wireless Optical Slimline Deskset\MouseDrv.exe O4 - HKLM\..\Run: [WireLessKeyboard] C:\Programmi\DS-3200 Wireless Optical Slimline Deskset\PS2USBKbdDrv.exe O4 - HKLM\..\Run: [TQ566808] "E:\Setup.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = D:\Programmi\OFFICE\Office10\OSA.EXE O8 - Extra context menu item: Add to AMV Converter... - D:\Programmi\MP3 Player Utilities 4.15\AMVConverter\grab.html O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\OFFICE\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - D:\Programmi\MP3 Player Utilities 4.15\MediaManager\grab.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\it.htm O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://elgabry89.spaces.live.com//Ph...d/MsnPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/.../GAME_UNO1.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://elgabry89.spaces.live.com/Pho...d/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab53083.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files...fosFinder2.CAB O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...34/mcfscan.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://webchatportal.altervista.org/msnchat45.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9D08004B-C2D5-4336-BBC4-8468A9A29AE9}: NameServer = 85.37.17.7 85.38.28.95 O20 - Winlogon Notify: winjrs32 - C:\WINDOWS\ O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Programmi\Avast Computer Week\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - D:\Programmi\Avast Computer Week\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Programmi\Avast Computer Week\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - D:\Programmi\Avast Computer Week\ashWebSv.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe O23 - Service: PREVXAgent - Prevx - C:\Programmi\Prevx2\PXAgent.exe O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 11904 bytes ho effettuato una scansione veloce con avast nella cartella C:\Windows\System32,ma nn mi ha rilevato niente. Inoltre ho scaricato ad-aware 2007 e AVG Anti-spyware 7.5 ma nn ho ancora avuto il tempo di effettuare una scansione con essi,cosa che farò al piu presto... Infine qualcuno sa dirmi cos'è:"C:\WINDOWS\winlogon.exe" xkè avast mi chiede di autrizzare il processo ma nn so sinceramente cosa sia... X finire qualcuno sa cos'è il processo ctfmon?xkè ogni tanto mi da problemi,ovvero quando spengo il pc devo aspettare che termini... spero che qualcuno riesca a darmi una soluzione e una risposta(rassicurante)... grazie mille a tutti! Ultima modifica di ElGabry89 : 08-04-2008 alle 23:58. |
|
|
|
09-04-2008, 09:14
|
#2 |
|
Member
Iscritto dal: Mar 2006
Messaggi: 273
|
per winlogon.exe questo è un link in cui trovi qualcosa:
mentre questo è per ctfmon.exe |
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 15:56.
