Risultato scansione con hijackthis

[bz42zd]

....che programmi devo utilizzare per rimuovere i worms?
Grazie


Logfile of HijackThis v1.99.1
Scan saved at 13.43.01, on 15/03/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\essspk.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\yjpyor.exe
C:\Programmi\Norton Personal Firewall\ccPxySvc.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10MT2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10RN2.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\Nico\IMPOST~1\Temp\Rar$EX02.551\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://letgohome.com/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://letgohome.com/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://letgohome.com/hp.htm?id=9
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://letgohome.com/hp.htm?id=9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.libero.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://letgohome.com/hp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://letgohome.com/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Libero
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\DDCDDR~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [MAGIXautostart] D:\install\program\setup.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [zckziormkkuo] C:\WINDOWS\System32\yjpyor.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [ccApp] C:\Programmi\File comuni\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Zone Alarm] vsmon.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Programmi\Security iGuard\Security iGuard.exe
O4 - HKLM\..\RunServices: [Zone Alarm] vsmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Corel Network monitor worker - {58B72EF8-ED85-4934-BE38-C7964D18C5A6} - C:\WINDOWS\System32\iegfxfrw.dll
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {58B72EF8-ED85-4934-BE38-C7964D18C5A6} - C:\WINDOWS\System32\iegfxfrw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {0D5C8091-5939-465B-993A-505006F6DE9C} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0D5C8091-5939-465B-993A-505006F6DE9C} - (no file) (HKCU)
O9 - Extra button: Corel Network monitor worker - {58B72EF8-ED85-4934-BE38-C7964D18C5A6} - C:\WINDOWS\System32\iegfxfrw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {58B72EF8-ED85-4934-BE38-C7964D18C5A6} - C:\WINDOWS\System32\iegfxfrw.dll (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {CE2B5F6B-F86E-4D6B-9DC0-E603143F7129} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {CE2B5F6B-F86E-4D6B-9DC0-E603143F7129} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F9C8F52D-7763-4A7E-A466-3870FB5A66EC} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F9C8F52D-7763-4A7E-A466-3870FB5A66EC} - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.libero.it
O20 - AppInit_DLLs: chr55im9ss86sjll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Programmi\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Programmi\Norton Personal Firewall\NISUM.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe

[bluepix]

Io fixerei tutte le voci elencate di seguito:

C:\WINDOWS\System32\yjpyor.exe

O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\DDCDDR~1.DLL

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [zckziormkkuo] C:\WINDOWS\System32\yjpyor.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\RunServices: [Zone Alarm] vsmon.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Programmi\Security iGuard\Security iGuard.exe
O4 - HKLM\..\RunServices: [Zone Alarm] vsmon.exe

O9 - Extra button: Corel Network monitor worker - {58B72EF8-ED85-4934-BE38-C7964D18C5A6} - C:\WINDOWS\System32\iegfxfrw.dll
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {58B72EF8-ED85-4934-BE38-C7964D18C5A6} - C:\WINDOWS\System32\iegfxfrw.dll
O9 - Extra button: Microsoft AntiSpyware helper - {0D5C8091-5939-465B-993A-505006F6DE9C} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0D5C8091-5939-465B-993A-505006F6DE9C} - (no file) (HKCU)
O9 - Extra button: Corel Network monitor worker - {58B72EF8-ED85-4934-BE38-C7964D18C5A6} - C:\WINDOWS\System32\iegfxfrw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {58B72EF8-ED85-4934-BE38-C7964D18C5A6} - C:\WINDOWS\System32\iegfxfrw.dll (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {CE2B5F6B-F86E-4D6B-9DC0-E603143F7129} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {CE2B5F6B-F86E-4D6B-9DC0-E603143F7129} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F9C8F52D-7763-4A7E-A466-3870FB5A66EC} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F9C8F52D-7763-4A7E-A466-3870FB5A66EC} - (no file) (HKCU)

O20 - AppInit_DLLs: chr55im9ss86sjll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll


ciao

[bz42zd]

Grazie 1000 seguiro' il tuo consiglio

[bluepix]

Un altro consiglio.

Non usare più "Security iGuard" che è dichiarato "non sicuro"

disinstallalo

ciao

[bz42zd]

ho provato a disintallare security iGuard....ma al riavvio e all'apertura di internet mi ricompare......

[bluepix]

Hai provato a toglierlo da pannello di controllo/installa applicazioni?

se no fallo e poi rimuovi la tutta la directory in c\programmi

meglio fare sempre in modalità provvisoria e dopo aver disabilitato il system restore

ciao

[bz42zd]

...si l'ho tolto da installazione applicazioni....provero' come dici tu in modalita provvisoria....
ancora grazie per la tua disponibilita'

Nic