www.MegaLab.it

[eloisa]

<font color="red">Per crazy.cat:

ieri hai risolto i problemi del mio amico mfd.

Puoi risolvere anche i miei?

Questo è il report che ho avuto da Hijack:</font id="red">

Logfile of HijackThis v1.98.2
Scan saved at 13.39.51, on 11/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:ProgrammiFile comuniSymantec SharedccSetMgr.exe
C:ProgrammiFile comuniSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
C:ProgrammiFile comuniMicrosoft SharedVS7Debugmdm.exe
C:ProgrammiNorton AntiVirus
avapsvc.exe
C:WINDOWSSystem32
vsvc32.exe
C:ProgrammiNorton AntiVirusSAVScan.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSystem32RunDll32.exe
C:PROGRA~1MYWEBS~1ar1.binmwsoemon.exe
C:ProgrammiQuickTimeqttask.exe
C:ProgrammiFile comuniSymantec SharedccApp.exe
C:ProgrammiCashBackincashback.exe
C:ProgrammiNaviSearchin
ls.exe
C:WINDOWSSystem32ctfmon.exe
C:WINDOWSSystem32RUNDLL32.EXE
C:sp.exe
C:ProgrammiMSN MessengerMsnMsgr.Exe
C:ProgrammiLinkgramLinkPilotLinkPilot.exe
C:ProgrammiWinZipWZQKPICK.EXE
C:PROGRA~1INCRED~1inIMApp.exe
C:ProgrammiMessengermsmsgs.exe
C:WINDOWSSystem32wuauclt.exe
C:PROGRA~1WINZIPwinzip32.exe
C:Documents and SettingspcImpostazioni localiTempHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.it/
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Collegamenti
O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:WINDOWS waintec.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:ProgrammiMyWebSearchSrchAstt1.binMWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:ProgrammiMyWebSearchar1.binMWSBAR.DLL
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:WINDOWS2_0_1browserhelper2.dll (file missing)
O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:WINDOWSSystem32ridge.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:ProgrammiNorton AntiVirusNavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:ProgrammiMyWebSearchar1.binMWSBAR.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:ProgrammiNorton AntiVirusNavShExt.dll
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM..Run: [NeroCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [MyWebSearch Email Plugin] C:PROGRA~1MYWEBS~1ar1.binmwsoemon.exe
O4 - HKLM..Run: [QuickTime Task] "C:ProgrammiQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [RunDLL] rundll32.exe "C:WINDOWSSystem32ridge.dll",Load
O4 - HKLM..Run: [rsxkl] C:WINDOWS sxkl.exe
O4 - HKLM..Run: [mfshovmt] C:WINDOWSmfshovmt.exe
O4 - HKLM..Run: [alchem] C:WINDOWSalchem.exe
O4 - HKLM..Run: [sxib] C:WINDOWSsxib.exe
O4 - HKLM..Run: [Windows Update] C:WINDOWSSystem32mxbaqcn.exe
O4 - HKLM..Run: [ccApp] "C:ProgrammiFile comuniSymantec SharedccApp.exe"
O4 - HKLM..Run: [CashBack] C:ProgrammiCashBackincashback.exe
O4 - HKLM..Run: [NaviSearch] C:ProgrammiNaviSearchin
ls.exe
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 - HKCU..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU..Run: [IncrediMail] C:PROGRA~1INCRED~1inIncMail.exe /c
O4 - HKCU..Run: [sp] C:sp.exe
O4 - HKCU..Run: [MsnMsgr] "C:ProgrammiMSN MessengerMsnMsgr.Exe" /background
O4 - Global Startup: LinkPilot.lnk = C:ProgrammiLinkgramLinkPilotLinkPilot.exe
O4 - Global Startup: Microsoft Office.lnk = C:ProgrammiMicrosoft OfficeOffice10OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:ProgrammiWinZipWZQKPICK.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:PROGRA~1INCRED~1in esourcesWebMenuImg.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: LinkPilot - {EECB22F2-6A10-11D3-8D0F-0060B0F1BE54} - C:PROGRA~1LinkgramLINKPI~1lpband.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgrammiMessengerMSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgrammiMessengerMSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b28578.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:foo.mht!http://www.free32.com/POP.CHM::/sp.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b28578.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b28578.cab

<font color="red">Che ne dici? Cosa devo cancellare?

Cordialmente</font id="red">

[crazy.cat]

Le voci che ti ho indicato sotto devono sparire,dopo le pulizie e controlli che ti ho indicato,rifai la scansione con Hijackthis e vediamo cosa è rimasto. Quando fai le scansioni dei virus segnati i nomi di quello che trova.

Prima cosa: segui le istruzioni in questa pagina http://www.zanezane.net/articoli.asp?id=427 e fai la scansione e pulizia.

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:ProgrammiMyWebSearchSrchAstt1.binMWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:ProgrammiMyWebSearchar1.binMWSBAR.DLL
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:WINDOWS2_0_1browserhelper2.dll (file missing)
O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:WINDOWSSystem32ridge.dll (file missing)
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:ProgrammiMyWebSearchar1.binMWSBAR.DLL
O4 - HKLM..Run: [MyWebSearch Email Plugin] C:PROGRA~1MYWEBS~1ar1.binmwsoemon.exe
O4 - HKLM..Run: [RunDLL] rundll32.exe "C:WINDOWSSystem32ridge.dll",Load
O4 - HKLM..Run: [alchem] C:WINDOWSalchem.exe
O4 - HKLM..Run: [CashBack] C:ProgrammiCashBackincashback.exe
O4 - HKLM..Run: [NaviSearch] C:ProgrammiNaviSearchin
ls.exe
O4 - HKCU..Run: [sp] C:sp.exe
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:foo.mht!http://www.free32.com/POP.CHM::/sp.exe

Questi exe sono sconosciuti, ti direi di provare a seguire le istruzioni in questa pagina per fare una scansione dei virus http://www.zanezane.net/articoli.asp?id=187 , se fosse troppo difficile fai almeno una scansione online da questo sito http://www.pandasoftware.com/activescan ... ncipal.htm

O4 - HKLM..Run: [rsxkl] C:WINDOWS sxkl.exe
O4 - HKLM..Run: [mfshovmt] C:WINDOWSmfshovmt.exe
O4 - HKLM..Run: [sxib] C:WINDOWSsxib.exe
O4 - HKLM..Run: [Windows Update] C:WINDOWSSystem32mxbaqcn.exe

Fai sapere come và e benvenuta nel forum.