Il pc di un amico non andava su internet e aveva come sfondo una mascherina "windows warnig message". Ho cercato su internet ed era stato consigliato a qualcuno col mio stesso problema di utilizzare malwarebytes. Dopo una scansione con questo software sono state trovate 51 infezioni che ho rimosso. Al riavvio (e ai successivi) non sono più comparse le icone del desktop e la barra di windows. L'unica cosa che mi è possibile fare è aprire il task manager. L'ho fatto e ho tentato di far partire explorer.exe, ma mi dice che non trova il percorso... stessa cosa se sfoglio, lo prendo da dentro windows e tento di farlo partire. Help.. E' possibile con un cd di windows ripristinare i files mancanti e le eventuali chiavi di registro senza formattare?
Se pur dovesse essere possibile io ho il cd di xp home, ma non so che xp c'è su questo pc, fa lo stesso?
Ho l'impressione che sia corrotto il registro. Ho provato a rinominare il suo file explorer.exe, lui automaticamente lo ricrea, prendo il mio file explorer e lo sostituisco a quello che è stato appena ricreato, provo a lanciarlo... ma nada. Quindi cancello il mio per sicurezza e gli rimetto il suo. Please.. attendo notizie.
P.S. anche in modalità provvisoria non cambia nulla, e neache il punto di ripristino di sitema di qualche giorno prima ha risolto nulla
Se può servirvi qui c'è il file di log di malwarebytes
Malwarebytes' Anti-Malware 1.28
Versione del database: 1134
Windows 5.1.2600 Service Pack 2

20/09/2008 10.59.07
mbam-log-2008-09-20 (10-59-07).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 47637
Tempo trascorso: 4 minute(s), 4 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 4
Valori di registro infetti: 9
Elementi dato del registro infetti: 2
Cartelle infette: 13
File infetti: 27

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcrqrj0er7a (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhcrqrj0er7a (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Explorer.exe (Security.Hijack) -> Quarantined and deleted successfully.

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OLE\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Elementi dato del registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Cartelle infette:
C:\Programmi\Microsoft Security Adviser (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Programmi\rhcrqrj0er7a (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Dati applicazioni\rhcrqrj0er7a (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Dati applicazioni\rhcrqrj0er7a\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Dati applicazioni\rhcrqrj0er7a\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Dati applicazioni\rhcrqrj0er7a\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Dati applicazioni\rhcrqrj0er7a\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Dati applicazioni\rhcrqrj0er7a\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Dati applicazioni\rhcrqrj0er7a\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Dati applicazioni\rhcrqrj0er7a\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Dati applicazioni\rhcrqrj0er7a\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Dati applicazioni\rhcrqrj0er7a\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Dati applicazioni\rhcrqrj0er7a\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

File infetti:
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\4198770221.exe (Malware.Trace) -> Quarantined and deleted successfully.
C:\Programmi\Microsoft Security Adviser\msctrl.log (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Programmi\Microsoft Security Adviser\mssadv.log (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Programmi\Microsoft Security Adviser\mssadv_sp.log (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Programmi\rhcrqrj0er7a\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programmi\rhcrqrj0er7a\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programmi\rhcrqrj0er7a\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programmi\rhcrqrj0er7a\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programmi\rhcrqrj0er7a\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programmi\rhcrqrj0er7a\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programmi\rhcrqrj0er7a\rhcrqrj0er7a.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programmi\rhcrqrj0er7a\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qulcqiof.jpg (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcvqrj0er7a.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcvqrj0er7a.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcvqrj0er7a.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pphcvqrj0er7a.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\E.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Ho risolto il problema delle icone e della barra di windows cancellando la seguente chiave di registro
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe

Ciao r16, grazie per la risposta e scusa se non ti ho risposto subito.. Per quanto riguarda quella chiave l'ho cancellata per intero e al riavvio è ricomparso tutto ho visto se funzionava internet e qualche altra applicazione e ho chiuso. Magari quella chiave viene poi ricreata al prossimo riavvio?? Al momento funziona, speriamo continui... se non dovesse andare controllerò queste chiavi che mi hai segnalato. Grazie ancora.