explorer.exe

**beppone1990** · 03-02-2008, 17:50

ho un problema o due con il mio computer...

innanzitutto il computer non legge più il file explorer.exe,
il processo che permette di vedere le icone sul desktop (e magari anche qualcos'altro, nn so)...
il file c'è ma quando lo vado ad aprire dice che nn c'è... non so perchè

paragonando il mio pc con il computer problematico ho notato che in c:\windows\ del computer problematico ci sono tantissimi file exe numerati che nel pc non ci sono...(del tipo 23452321.exe)
avira antivir me li considera infetti e pare proprio che lo siano, ma pur provando ad eliminarli da taskmanager (l'unica cosa che mi si apre dato che nn c'è explorer) nn me li cancella...

se ce la faccio installo hijackthis che magari è sempre utile, ditemi che altre info vi servono

grazie mille

**Deifobe** · 03-02-2008, 19:48

allora andremo alla ricerca di cosa possa essere...
1) posta un log di hjt..
2) scarica Registry Search Tool e cerca separatamente:
explorer.exe
userinit
unisci i risultati in un solo file di testo e caricalo su => Sendmefile. Posta il link ottenuto.
3) se non hai problemi con l'antivirus, penso che potremmo anche escludere il bagle.

**beppone1990** · 09-02-2008, 17:02

cosa devo correggere?
grazie mille

Logfile of HijackThis v1.99.1
Scan saved at 15.08.40, on 09/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
K:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {89A1E40D-0254-4F99-B9AE-B60A2D8754A9} - C:\WINDOWS\system32\byxurrs.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\rjqolcfl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301. 7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {E7A0BC06-99F4-4E2D-A0C1-C5CF41162E73} - C:\WINDOWS\system32\vtsqp.dll (file missing)
O2 - BHO: {f5a59960-355a-4b98-bbf4-7af58c692e8f} - {f8e296c8-5fa7-4fbb-89b4-a55306995a5f} - C:\WINDOWS\system32\jmndcgaj.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Programmi\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVFX Engine] C:\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
O4 - HKLM\..\Run: [942ec162] rundll32.exe "C:\WINDOWS\system32\iqaergfi.dll",b
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Voikap] C:\Programmi\Voikap\Voikap.exe
O4 - HKCU\..\Run: [Steam] "C:\Programmi\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe
O4 - HKCU\..\Run: [spoolw] C:\WINDOWS\system32\spoolw.exe
O4 - HKCU\..\Run: [igfxsvc] C:\WINDOWS\system32\igfxsvc.exe
O4 - Startup: Spybot - Search & Destroy.lnk = C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?2d51a75aadec40988a8684b6bbd19536
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?2d51a75aadec40988a8684b6bbd19536
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: *.archiviosex.net
O15 - Trusted Zone: *.cercoporno.com
O15 - Trusted Zone: *.eros-porno.com
O15 - Trusted Zone: *.otherchance.com
O15 - Trusted Zone: *.whatsnew.name
O16 - DPF: {00000000-0000-0000-0000-100000000003} - http://code.trasferimento.biz/l/f293...632a2b5_35.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1145613336811
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1161348788781
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: byxurrs - C:\WINDOWS\SYSTEM32\byxurrs.dll
O20 - Winlogon Notify: rjqolcfl - C:\WINDOWS\SYSTEM32\rjqolcfl.dll
O20 - Winlogon Notify: winepi32 - winepi32.dll (file missing)
O20 - Winlogon Notify: winmbj32 - winmbj32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programmi\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

**beppone1990** · 10-02-2008, 12:51

questo è il link:

http://www.sendmefile.com/00611328

**Deifobe** · 10-02-2008, 21:02

Stampa questa pagina e segui in ordine queste indicazioni.

scarica Avenger e DelDomains (DelDomains salvalo sul desktop)

1) Richiama il task manager (ctrl+alt+canc)
a) clicca su "nuova operazione" e digita regedit.exe
b) termina il processo "explorer".
c) non chiudere il task manager fino al riavvio del pc.

Spostati nella finestra del registro e segui questo percorso fino a cliccare sulla cartella explorer.exe:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe ]

1) prendi nota (precisa) del contenuto di questa cartella (lo vedi nella finestra a destra).
2) ora devi eliminarla:
- clicca su explorer.exe con il tasto destro del mouse => elimina.
--- se non te la fa eliminare, riclicca sulla chiave e scegli => autorizzazioni => controllo completo => spunta "consenti" per il tuo account. Riprova ad eliminarla.
--- se comunque non te la fa eliminare, controlla non sia attivo (vedi task manager) il processo richiamato in questa cartella. Se c'è, lo termini e riesegui l'operazione delle autorizzazioni.
3) eliminata la cartella, premi F5 e chiudi il registro.
4) sempre dal task manager: clicca su "nuova operazione" => digita explorer
5) posta il contenuto della chiave che hai eliminato .

2) fixa con hjt (da modalità provvisoria):
(nota: la voce in blu l'ho inserita perchè non so cosa sia. Se conosci il programma non fixarla e non eliminarlo.. altrimenti fixa ed elilima la cartella VOIKAP. La voce in verde non è richiesta in avvio. Se vuoi tenerla non fixarla)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {89A1E40D-0254-4F99-B9AE-B60A2D8754A9} - C:\WINDOWS\system32\byxurrs.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\rjqolcfl.dll
O2 - BHO: (no name) - {E7A0BC06-99F4-4E2D-A0C1-C5CF41162E73} - C:\WINDOWS\system32\vtsqp.dll (file missing)
O2 - BHO: {f5a59960-355a-4b98-bbf4-7af58c692e8f} - {f8e296c8-5fa7-4fbb-89b4-a55306995a5f} - C:\WINDOWS\system32\jmndcgaj.dll
O4 - HKLM\..\Run: [942ec162] rundll32.exe "C:\WINDOWS\system32\iqaergfi.dll",b
O4 - HKCU\..\Run: [Voikap] C:\Programmi\Voikap\Voikap.exe
O4 - HKCU\..\Run: [Steam] "C:\Programmi\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [spoolw] C:\WINDOWS\system32\spoolw.exe
O4 - HKCU\..\Run: [igfxsvc] C:\WINDOWS\system32\igfxsvc.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O15 - Trusted Zone: *.archiviosex.net
O15 - Trusted Zone: *.cercoporno.com
O15 - Trusted Zone: *.eros-porno.com
O15 - Trusted Zone: *.otherchance.com
O15 - Trusted Zone: *.whatsnew.name
O16 - DPF: {00000000-0000-0000-0000-100000000003} - http://code.trasferimento.biz/l/f29...7632a2b5_35.exe
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads.../ampx_en_dl.cab
O20 - Winlogon Notify: byxurrs - C:\WINDOWS\SYSTEM32\byxurrs.dll
O20 - Winlogon Notify: rjqolcfl - C:\WINDOWS\SYSTEM32\rjqolcfl.dll
O20 - Winlogon Notify: winepi32 - winepi32.dll (file missing)
O20 - Winlogon Notify: winmbj32 - winmbj32.dll (file missing)

3) torna in modalità normale e fai clic con tasto destro del mouse su DelDomains e scegli "Installa"

4) Esegui avenger, seleziona l'opzione "Input Script Manually" e clicca sulla lente d'ingrandimento. All'interno della finestra "Wiew/edit script", nel box bianco, copia/incolla:

files to delete:
C:\WINDOWS\system32\byxurrs.dll
C:\WINDOWS\system32\rjqolcfl.dll
C:\WINDOWS\system32\vtsqp.dll
C:\WINDOWS\system32\jmndcgaj.dll
C:\WINDOWS\system32\iqaergfi.dll
C:\WINDOWS\system32\spoolw.exe
C:\WINDOWS\system32\igfxsvc.exe
C:\WINDOWS\SYSTEM32\byxurrs.dll
C:\WINDOWS\SYSTEM32\rjqolcfl.dll
C:\WINDOWS\SYSTEM32\winepi32.dll
C:\WINDOWS\SYSTEM32\winmbj32.dll
C:\WINDOWS\winepi32.dll
C:\WINDOWS\winmbj32.dll

registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\byxurrs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rjqolcfl
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winepi32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winmbj32
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{89A1E40D-0254-4F99-B9AE-B60A2D8754A9}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{E7A0BC06-99F4-4E2D-A0C1-C5CF41162E73}

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

Clicca sul pulsante "Done", poi sul semaforo verde, rispondi 2 volte Yes. Il pc dovrebbe riavviarsi da solo, altrimenti riavvialo tu. Posta il report rilasciato

5) fai delle scansioni con Vundofix, FixVundo e VirtumundoBeGone.

posta un nuovo log di hjt

**beppone1990** · 11-02-2008, 19:51

innanzitutto grazie mille...

purtroppo i problemi non sono finiti...

una cosa positiva c'è: il problema con explorer sembra essere risolto: il processo compare e le icone sul desktop pure!!!

il contenuto della cartella explorer che ho cancellato era: nome file: debugger, tipo: reg_sz, locazione: c:\WINDOWS\w32dbg.exe

il file di avenger che mi chiedevi spero sia questo, correggimi se sbaglio...:

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Error: could not create zip file.
Error code: 1813

//////////////////////////////////////////

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Service s\elkaflgu

*******************

Script file located at: \??\C:\Program Files\dnxiblwu.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\byxurrs.dll not found!
Deletion of file C:\WINDOWS\system32\byxurrs.dll failed!

Could not process line:
C:\WINDOWS\system32\byxurrs.dll
Status: 0xc0000034

File C:\WINDOWS\system32\rjqolcfl.dll not found!
Deletion of file C:\WINDOWS\system32\rjqolcfl.dll failed!

Could not process line:
C:\WINDOWS\system32\rjqolcfl.dll
Status: 0xc0000034

File C:\WINDOWS\system32\vtsqp.dll not found!
Deletion of file C:\WINDOWS\system32\vtsqp.dll failed!

Could not process line:
C:\WINDOWS\system32\vtsqp.dll
Status: 0xc0000034

File C:\WINDOWS\system32\jmndcgaj.dll not found!
Deletion of file C:\WINDOWS\system32\jmndcgaj.dll failed!

Could not process line:
C:\WINDOWS\system32\jmndcgaj.dll
Status: 0xc0000034

File C:\WINDOWS\system32\iqaergfi.dll not found!
Deletion of file C:\WINDOWS\system32\iqaergfi.dll failed!

Could not process line:
C:\WINDOWS\system32\iqaergfi.dll
Status: 0xc0000034

File C:\WINDOWS\system32\spoolw.exe not found!
Deletion of file C:\WINDOWS\system32\spoolw.exe failed!

Could not process line:
C:\WINDOWS\system32\spoolw.exe
Status: 0xc0000034

File C:\WINDOWS\system32\igfxsvc.exe not found!
Deletion of file C:\WINDOWS\system32\igfxsvc.exe failed!

Could not process line:
C:\WINDOWS\system32\igfxsvc.exe
Status: 0xc0000034

File C:\WINDOWS\SYSTEM32\byxurrs.dll not found!
Deletion of file C:\WINDOWS\SYSTEM32\byxurrs.dll failed!

Could not process line:
C:\WINDOWS\SYSTEM32\byxurrs.dll
Status: 0xc0000034

File C:\WINDOWS\SYSTEM32\rjqolcfl.dll not found!
Deletion of file C:\WINDOWS\SYSTEM32\rjqolcfl.dll failed!

Could not process line:
C:\WINDOWS\SYSTEM32\rjqolcfl.dll
Status: 0xc0000034

File C:\WINDOWS\SYSTEM32\winepi32.dll not found!
Deletion of file C:\WINDOWS\SYSTEM32\winepi32.dll failed!

Could not process line:
C:\WINDOWS\SYSTEM32\winepi32.dll
Status: 0xc0000034

File C:\WINDOWS\SYSTEM32\winmbj32.dll not found!
Deletion of file C:\WINDOWS\SYSTEM32\winmbj32.dll failed!

Could not process line:
C:\WINDOWS\SYSTEM32\winmbj32.dll
Status: 0xc0000034

File C:\WINDOWS\winepi32.dll not found!
Deletion of file C:\WINDOWS\winepi32.dll failed!

Could not process line:
C:\WINDOWS\winepi32.dll
Status: 0xc0000034

File C:\WINDOWS\winmbj32.dll not found!
Deletion of file C:\WINDOWS\winmbj32.dll failed!

Could not process line:
C:\WINDOWS\winmbj32.dll
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\byxurrs not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\byxurrs failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rjqolcfl not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rjqolcfl failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winepi32 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winepi32 failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winmbj32 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winmbj32 failed!
Status: 0xc0000034

Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{89A1E40D-0254-4F99-B9AE-B60A2D8754A9} not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{89A1E40D-0254-4F99-B9AE-B60A2D8754A9} failed!
Status: 0xc0000034

Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A} not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A} failed!
Status: 0xc0000034

Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{E7A0BC06-99F4-4E2D-A0C1-C5CF41162E73} not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{E7A0BC06-99F4-4E2D-A0C1-C5CF41162E73} failed!
Status: 0xc0000034

Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.

questo invece è il report di hijackthis, se non erro ci sono problemi nel 04, ma non voglio cancellare cose che non devo, quindi faccio quello che mi dici:

Logfile of HijackThis v1.99.1
Scan saved at 18.39.20, on 11/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\V0220Mon.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
K:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Programmi\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVFX Engine] C:\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [942ec162] rundll32.exe "C:\WINDOWS\system32\nvpbabju.dll",b
O4 - HKLM\..\Run: [xdkgfhqr] C:\ifiipsql.bat
O4 - HKLM\..\Run: [eedbwkbm] C:\fstngaqe.bat
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe
O4 - Startup: Spybot - Search & Destroy.lnk = C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?2d51a75aadec40988a8684b6bbd19536
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?2d51a75aadec40988a8684b6bbd19536
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1145613336811
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1161348788781
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programmi\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

**beppone1990** · 11-02-2008, 19:55

quasi dimenticavo:
non mi si apre internet explorer...

mi dice che non torva il file "(null)"...
ha fatto così solo dopo i passaggi che ho svolto, prima funzionava correttamente...
(nn è un problema di linea, chiaramente...)

**Deifobe** · 12-02-2008, 02:07

scarica Virit

con hjt fixa:
O4 - HKLM\..\Run: [942ec162] rundll32.exe "C:\WINDOWS\system32\nvpbabju.dll",b
O4 - HKLM\..\Run: [xdkgfhqr] C:\ifiipsql.bat
O4 - HKLM\..\Run: [eedbwkbm] C:\fstngaqe.bat

con avenger:

files to delete:
C:\WINDOWS\system32\nvpbabju.dll
C:\ifiipsql.bat
c:\WINDOWS\w32dbg.exe
C:\fstngaqe.bat

vai nuovamente nel registro e verifica anche:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe
Se presente, prendi nota del contenuto e la elimini.

il precedente avenger, se vedi, non ha cancellato nulla.
A conti fatti hai solo fixato quelle voci, eliminato explorer.exe e fatto scansioni. Vediano cosa succede dopo quest'altro intervento.

fai una scansione con virtit in modalità provvisoria (devi installarlo e aggiornarlo prima)

PS vundofix, fixvundo ecc ecc cosa hanno trovato?

**beppone1990** · 12-02-2008, 20:03

alla fine vundofix mi dice che nn ha trovato niente...

però durante la scansione (i tempi sono stati lunghi) mi sono apparse delle detections da antivir, io ho mosso tutto in quarantena, perchè la maggior parte dei file 'infetti' sono file di sistema, in c: windows....

**beppone1990** · 12-02-2008, 21:26

nel registro segna:
debugger c:/windows/iexplore_32.exe

Discussione: explorer.exe

Strumenti discussione

Ricerca discussione

Visualizza

explorer.exe

Permessi di invio