virus explorer.exe qualcuno mi può aiutare?

questa è la scansione di hijackthis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17.56.04, on 21/09/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programmi\Sygate\SPF\smc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Programmi\Synaptics\SynTP\SynTPEnh.exe

C:\Programmi\HP\QuickPlay\QPService.exe

C:\Programmi\HP\HP Software Update\HPWuSchd2.exe

C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Programmi\File comuni\Real\Update_OB\realsched.exe

C:\Programmi\iTunes\iTunesHelper.exe

C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Programmi\Skype\Phone\Skype.exe

C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe

C:\Documents and Settings\All Users\Dati applicazioni\Macrovision\FLEXnet Connect\6\ISUSPM.exe

C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe

C:\Programmi\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe

C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe

C:\Programmi\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgw.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Programmi\File comuni\LightScribe\LSSrvc.exe

C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe

C:\Programmi\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\mqsvc.exe

C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Programmi\iPod\bin\iPodService.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Programmi\Windows Live\Messenger\usnsvc.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\Internet Explorer\iexplore.exe

C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.naruto.it/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome...

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QPService] "C:\Programmi\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Programmi\Hewlett-Packard\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickT

3 risposte

Classificazione
  • Anonimo
    1 decennio fa
    Risposta preferita

    usa spybot search and destroy

    by andrea

  • 1 decennio fa

    Posta il log di hyjack sul sito

    http://www.hijackthis.de/index.php

    e segui le istruzioni

    poi con hijack rimuovi le voci incriminate

  • 1 decennio fa

    puoi sare spybot o ad-aware spyreware! e in futuro niente più siti strani!

    queste specie di trojan vengono da siti di natura pornografica o legata ad essa!

    ATTENTO IN FUTURO!

    ah devi eseguirli da provvisorio!

    cioè riavviii il pc e premi F8!

    in questo modo utilizzi il pc senza che altri processi se non quelli necessari siano attivi, si rendono in questo modo cancellabili!

    una volta eliminato crea un file TXT scrivici quello che vuoi e mettilo nella cartella dove si trovava explorer.exe e chiamalo con questo stesso nome, in questo modo se il trojan tenta di entrare si vede già esistente e non dovrebbe mettersi!

Altre domande? Fai una domanda e ottieni le risposte che cerchi.