Aiuto per Log di HijackThis

**Edipo** · 28-08-2007, 14:11

Ragazzi potreste dare uno sguardo al mio log per capire se è tutto ok?Gran parte delle voci le riconosco ma non tutte pero.
Grazie in anticipo:

Logfile of HijackThis v1.99.1
Scan saved at 14.05.50, on 28/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\AOL\Active Virus Shield\avp.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\spoolvs.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\AOL\Active Virus Shield\avp.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Documents and Settings\USER\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://pages.activevirusshield.com/installconfirm/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Programmi\AOL Security Toolbar\tbu4\AOL_security_toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [aol] "C:\Programmi\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmi\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe "
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: findfast.exe
O4 - Startup: ptdcuipk.exe
O4 - Startup: system.exe
O4 - Global Startup: autorun.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: &Point&&Go - C:\Programmi\File comuni\Expert System\PGPlatform\PGPlatform.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Garzanti Linguistica - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmi\File comuni\Garzanti\Dizionari Garzanti 2005\IEExtension.dll
O9 - Extra 'Tools' menuitem: Garzanti Linguistica - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmi\File comuni\Garzanti\Dizionari Garzanti 2005\IEExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D8A08F7-0527-4020-9CE6-CA3A7E3B593B}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1D8A08F7-0527-4020-9CE6-CA3A7E3B593B}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{1D8A08F7-0527-4020-9CE6-CA3A7E3B593B}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: hardlife.ini
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Programmi\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Programmi\SPYWAREfighter\spfprc.exe

**tecnico24** · 28-08-2007, 17:33

Il tuo log presenta tante schifezze.procedi cosi:

avvia hijackthis,spunta a sinistra su queste voci:

O20 - AppInit_DLLs: hardlife.ini
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O4 - Global Startup: autorun.exe
O4 - Startup: system.exe
O4 - Startup: ptdcuipk.exe
O4 - Startup: findfast.exe
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe

poi clicca sotto su FIX CHECKED.

poi
Scarica The Avenger
http://swandog46.geekstogo.com/avenger.zip

Poi avvia il file Avenger.exe.
Seleziona l'opzione Input Script Manually, clicca sulla lente di ingrandimento e all'interno dello spazio bianco copia ed incolla questo script:

files to delete:
C:\WINDOWS\system32\spoolvs.exe
C:\WINDOWS\system32\printer.exe

poi clicca su DONE,poi sul semaforo,due volte si,riavvia il pc e postami qui il log di avenger che lo trovi in c:/avenger.txt

**ste_95** · 28-08-2007, 19:45

ma riscontravi problemi particolari?

questo lo conosci:

O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe

a parer mio è da fixare...

Discussione: Aiuto per Log di HijackThis

Strumenti discussione

Ricerca discussione

Visualizza

Aiuto per Log di HijackThis

Permessi di invio