Olimpo Informatico

salpic80 · Comune mortale Registrato: 05/01/08 11:37 Messaggi: 4 Residenza: Napoli

Ciao a tutti!Prima di tutto complimenti per il forum!
Passando al mio problemone..."avevo" un trojan Vundo. Ho fatto una scansione con a-squared antimalware in modalità provvisoria e comparendomi questo file infetto ho provato ad eliminarlo,senza successo..al che ho optato per la quarantena e qui son sorti i problemi perchè si è riavviato il pc e da allora nn vedo più il desktop, o meglio non esiste più la cartella explorer.Vedo solo lo sfondo.Ho XP e non ho il cd di installazione.
Premetto che ho già utilizzato molti programmi che avrebbero dovuto eliminarlo: Vundofix - combofix - avenger -gmer.cosa fare?

chemicalbit · Dio maturo Registrato: 01/04/05 18:59 Messaggi: 18597 Residenza: Milano

salpic80 · Comune mortale Registrato: 05/01/08 11:37 Messaggi: 4 Residenza: Napoli

Allora, quando dal task manager (l'unica cosa ke mi compare) digito: explorer , non mi compare nulla e mi dice: " impossibile trovare il file explorer.Verifica che il percorso sia esatto e riprovare".
Ho un unico account sul pc.
In modalità provvisoria ho gli stessi problemi.quando accedo in modalità provvisoria mi chiede se voglio accedere come administrator o come salpic(unico account sull'intero pc).
Se accedo alla cartella windows, il file explorer non c'è. c'è un solo file explorer con estensione scf.
Qualsiasi scansione fatta online non mi rileva nulla.I log sono puliti.
Non ho idee Sad

bdoriano

E' più utile se posti i vari logs così possiamo farci un'idea precisa di cosa è successo. Wink

PS: ancora non ci hanno dato la sfera di cristallo. Razz

salpic80 · Comune mortale Registrato: 05/01/08 11:37 Messaggi: 4 Residenza: Napoli

Hai ragione.A volte sono distratto!!
ti passo il log hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.50.15, on 06/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Anti-Malware\a2service.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\niSvcLoc.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [a-squared] "C:\Programmi\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_2] C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\wmnetmgr.dll"
O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_3] C:\WINDOWS\System32\regsvr32 /s /u "C:\WINDOWS\System32\wmv8dmod.dll"
O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_4] C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\wmvdmod.dll"
O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_5] C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\wmvdmoe2.dll"
O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_6] C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\wmadmoe.dll"
O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_7] C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\wmspdmod.dll"
O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_8] C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\wmspdmoe.dll"
O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_9] C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\wmsdmoe.dll"
O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_10] C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\wmsdmoe2.dll"
O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_20] C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\wmadmod.dll"
O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_21] C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\mpg4dmod.dll"
O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_22] C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\mp43dmod.dll"
O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_23] C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\mp4sdmod.dll"
O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_24] C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\wmsdmod.dll"
O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_30] C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\laprxy.dll"
O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_31] "C:\WINDOWS\System32\logagent.exe" /RegServer
O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_32] C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\wmvcore.dll"
O4 - HKLM\..\RunOnce: [OE_WMPDRM_Install_1] C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\drmstor.dll"
O4 - HKLM\..\RunOnce: [OE_WMPDRM_Install_2] C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\drmclien.dll"
O4 - HKLM\..\RunOnce: [OE_WMPDRM_Install_4] C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\drmv2clt.dll"
O4 - HKLM\..\RunOnce: [OE_WMPDRM_Install_5] C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\blackbox.dll"
O4 - HKLM\..\RunOnce: [OE_WMPDRM_Install_6] C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\msnetobj.dll"
O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_0] C:\WINDOWS\INF\unregmp2.exe /MigrateLibrary
O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_1] "C:\Programmi\Windows Media Player\migrate.exe" /s
O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_2] C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\wmp.dll
O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_8] C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\wmpshell.dll
O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_9] C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\wmpasf.dll
O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_10] C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\wmpdxm.dll
O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_11] C:\WINDOWS\System32\regsvr32 /s "C:\Programmi\Windows Media Player\mpvis.dll"
O4 - HKLM\..\RunOnce: [OE_WMPWMDM_Install_7] C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\mspmsnsv.dll
O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_20] C:\WINDOWS\INF\unregmp2.exe /Shortcuts /RegExts
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Programmi\File comuni\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-21-1960408961-413027322-725345543-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'ntpsal')
O4 - HKUS\S-1-5-21-1960408961-413027322-725345543-1005\..\RunOnce: [NeroHomeFirstStart] C:\Programmi\File comuni\Ahead\Lib\NMFirstStart.exe (User 'ntpsal')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Microsoft Office OneNote 2003.lnk = C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kasperskyitalia.it/servizi/kavscanner/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: NILM License manager - Macrovision Corporation - C:\Programmi\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: Network Time Protocol Daemon (NTP) - Unknown owner - C:\Programmi\NTP\bin\ntpd.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

--

salpic80 · Comune mortale Registrato: 05/01/08 11:37 Messaggi: 4 Residenza: Napoli

Ho risolto!Finalmente dopo 10 giorni senza desktop ora lo vedo...avevo l'explorer.exe danneggiato..l'ho sostituito ( grazie al consiglio di un amico) ed ora funziona tutto.Scusatemi per il tempo che vi ho fatto perdere.

bdoriano

Contento che hai risolto. Very Happy