|
|||||||
|
|
|
 |
|
|
Strumenti |
15-03-2005, 14:27
|
#1 |
|
Member
Iscritto dal: Aug 2000
Messaggi: 291
|
Risultato scansione con hijackthis
....che programmi devo utilizzare per rimuovere i worms?
Grazie Logfile of HijackThis v1.99.1 Scan saved at 13.43.01, on 15/03/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe C:\Programmi\Norton Personal Firewall\NISUM.EXE C:\WINDOWS\Explorer.EXE C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\essspk.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\yjpyor.exe C:\Programmi\Norton Personal Firewall\ccPxySvc.exe C:\Programmi\File comuni\Symantec Shared\ccApp.exe C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe C:\Programmi\Norton AntiVirus\navapsvc.exe C:\Programmi\Messenger\msmsgs.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10MT2.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10RN2.EXE C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\WinRAR\WinRAR.exe C:\DOCUME~1\Nico\IMPOST~1\Temp\Rar$EX02.551\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://letgohome.com/sp.htm?id=9 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://letgohome.com/sp.htm?id=9 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://letgohome.com/hp.htm?id=9 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://letgohome.com/hp.htm?id=9 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.libero.it R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://letgohome.com/hp.htm?id=9 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://letgohome.com/sp.htm?id=9 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Libero R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\DDCDDR~1.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe O4 - HKLM\..\Run: [MAGIXautostart] D:\install\program\setup.exe O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load O4 - HKLM\..\Run: [zckziormkkuo] C:\WINDOWS\System32\yjpyor.exe O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe O4 - HKLM\..\Run: [ccApp] C:\Programmi\File comuni\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [ccRegVfy] C:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe O4 - HKLM\..\Run: [Zone Alarm] vsmon.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [Security iGuard] C:\Programmi\Security iGuard\Security iGuard.exe O4 - HKLM\..\RunServices: [Zone Alarm] vsmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Corel Network monitor worker - {58B72EF8-ED85-4934-BE38-C7964D18C5A6} - C:\WINDOWS\System32\iegfxfrw.dll O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {58B72EF8-ED85-4934-BE38-C7964D18C5A6} - C:\WINDOWS\System32\iegfxfrw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE O9 - Extra button: Microsoft AntiSpyware helper - {0D5C8091-5939-465B-993A-505006F6DE9C} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0D5C8091-5939-465B-993A-505006F6DE9C} - (no file) (HKCU) O9 - Extra button: Corel Network monitor worker - {58B72EF8-ED85-4934-BE38-C7964D18C5A6} - C:\WINDOWS\System32\iegfxfrw.dll (HKCU) O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {58B72EF8-ED85-4934-BE38-C7964D18C5A6} - C:\WINDOWS\System32\iegfxfrw.dll (HKCU) O9 - Extra button: Microsoft AntiSpyware helper - {CE2B5F6B-F86E-4D6B-9DC0-E603143F7129} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {CE2B5F6B-F86E-4D6B-9DC0-E603143F7129} - (no file) (HKCU) O9 - Extra button: Microsoft AntiSpyware helper - {F9C8F52D-7763-4A7E-A466-3870FB5A66EC} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F9C8F52D-7763-4A7E-A466-3870FB5A66EC} - (no file) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.libero.it O20 - AppInit_DLLs: chr55im9ss86sjll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Programmi\Norton Personal Firewall\ccPxySvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Programmi\Norton Personal Firewall\NISUM.EXE O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe |
|
|
|
15-03-2005, 15:29
|
#2 |
|
Senior Member
Iscritto dal: Dec 2004
Città: Magenta(MI)
Messaggi: 1513
|
Io fixerei tutte le voci elencate di seguito:
C:\WINDOWS\System32\yjpyor.exe O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\DDCDDR~1.DLL O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load O4 - HKLM\..\Run: [zckziormkkuo] C:\WINDOWS\System32\yjpyor.exe O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe O4 - HKLM\..\RunServices: [Zone Alarm] vsmon.exe O4 - HKLM\..\Run: [Security iGuard] C:\Programmi\Security iGuard\Security iGuard.exe O4 - HKLM\..\RunServices: [Zone Alarm] vsmon.exe O9 - Extra button: Corel Network monitor worker - {58B72EF8-ED85-4934-BE38-C7964D18C5A6} - C:\WINDOWS\System32\iegfxfrw.dll O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {58B72EF8-ED85-4934-BE38-C7964D18C5A6} - C:\WINDOWS\System32\iegfxfrw.dll O9 - Extra button: Microsoft AntiSpyware helper - {0D5C8091-5939-465B-993A-505006F6DE9C} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0D5C8091-5939-465B-993A-505006F6DE9C} - (no file) (HKCU) O9 - Extra button: Corel Network monitor worker - {58B72EF8-ED85-4934-BE38-C7964D18C5A6} - C:\WINDOWS\System32\iegfxfrw.dll (HKCU) O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {58B72EF8-ED85-4934-BE38-C7964D18C5A6} - C:\WINDOWS\System32\iegfxfrw.dll (HKCU) O9 - Extra button: Microsoft AntiSpyware helper - {CE2B5F6B-F86E-4D6B-9DC0-E603143F7129} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {CE2B5F6B-F86E-4D6B-9DC0-E603143F7129} - (no file) (HKCU) O9 - Extra button: Microsoft AntiSpyware helper - {F9C8F52D-7763-4A7E-A466-3870FB5A66EC} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F9C8F52D-7763-4A7E-A466-3870FB5A66EC} - (no file) (HKCU) O20 - AppInit_DLLs: chr55im9ss86sjll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll ciao |
|
|
|
|
15-03-2005, 15:43
|
#3 |
|
Member
Iscritto dal: Aug 2000
Messaggi: 291
|
Grazie 1000 seguiro' il tuo consiglio
|
|
|
|
|
15-03-2005, 15:46
|
#4 |
|
Senior Member
Iscritto dal: Dec 2004
Città: Magenta(MI)
Messaggi: 1513
|
Un altro consiglio.
Non usare più "Security iGuard" che è dichiarato "non sicuro" disinstallalo ciao |
|
|
|
|
16-03-2005, 13:40
|
#5 |
|
Member
Iscritto dal: Aug 2000
Messaggi: 291
|
ho provato a disintallare security iGuard....ma al riavvio e all'apertura di internet mi ricompare......
|
|
|
|
|
16-03-2005, 14:47
|
#6 |
|
Senior Member
Iscritto dal: Dec 2004
Città: Magenta(MI)
Messaggi: 1513
|
Hai provato a toglierlo da pannello di controllo/installa applicazioni?
se no fallo e poi rimuovi la tutta la directory in c\programmi meglio fare sempre in modalità provvisoria e dopo aver disabilitato il system restore ciao |
|
|
|
|
16-03-2005, 15:10
|
#7 |
|
Member
Iscritto dal: Aug 2000
Messaggi: 291
|
...si l'ho tolto da installazione applicazioni....provero' come dici tu in modalita provvisoria....
ancora grazie per la tua disponibilita' Nic |
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 20:36.
