Olimpo Informatico

alexsamb · Mortale devoto Registrato: 15/04/08 15:50 Messaggi: 5

ciao a tutti....ho un problema:
all'avvio di windows xp sp2 si verifica un errore dato dal file temp2.exe ho provato a cancellarli ma non ho risolto nulla!!!!poi ho un altro problema inspiegabile....mentre lavoro con il pc si aprono decine di finestre internet explorer che appena vengono chiuse si riaprono automjaticamente...!!!
cosa devo fare?!?!?!aiutatemi!!!
spero in un votro aiuto....sono disperato!!!

grazie anticipatamente!!

bdoriano · Inviato: 15 Apr 2008 22:13 Oggetto:

Ciao alexsamb, Ciao

Non scrivere in maiuscolo, per convenzione equivale a urlare.

Comincia a fare le pulizie generali:

Disabilita il ripristino di sistema.
Pulisci i files temporanei con ATF-Cleaner e/o CCleaner
Scarica Norman Malware Cleaner.
Avvia il pc in modalità provvisoria.
Avvia Norman Malware Cleaner e fagli fare la scansione completa.
Viene generato un log sul desktop chiamandolo NFix_2008-04-gg_hh-mm-ss.log, alla fine della scansione caricalo su FreeFileHosting come indicato qui e posta il link che ti viene assegnato.
Segui le istruzioni di questo topic per postare il log di combofix.

PS: se vuoi, puoi presentarti qui

alexsamb · Mortale devoto Registrato: 15/04/08 15:50 Messaggi: 5

Ecco il Link che mi è uscito....che devo fare ora?!?!

NFix_2008-04-15_23-26-59.log

alexsamb · Mortale devoto Registrato: 15/04/08 15:50 Messaggi: 5

mentre questo è il Log salvato da Malware...

Norman Malware Cleaner
Copyright © 1990 - 2008, Norman ASA. Built 2008/04/08 18:04:26

Norman Scanner Engine Version: 5.92.04
Nvcbin.def Version: 5.92.00, Date: 2008/04/08 18:04:26, Variants: 1500380

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 2
Logged on user: CSM-101\Mitchell

Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\WINDOWS\System32\userinit.exe, explorer.exe" -> "C:\WINDOWS\System32\userinit.exe,"

Scan started: 15/04/2008 23:26:59

Scanning running processes and process memory...

C:\WINDOWS\system32\temp1.exe (Infected with Suspicious_M.gen)
Terminated process
Deleted file

C:\WINDOWS\system32\explorer.exe (Infected with W32/Smalltroj.BHVR)
Terminated process
File marked for defered cleaning (reboot required)

C:\Programmi\STK016_V2.01\STK016M.exe (Infected with W32/Cres.F)
Terminated process
Removed link file: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\STK016 PNP Monitor.lnk
Deleted file

C:\WINDOWS\system32\drivers\sdpiosys.sys (Infected with W32/Rootkit.EXJ)
Removed driver: sdpiosys
Deleted file

Number of processes/threads found: 2103
Number of processes/threads scanned: 2100
Number of processes/threads not scanned: 3
Number of infected processes/threads terminated: 3
Total scanning time: 39s

Scanning file system...

Scanning: C:\*.*

C:\autorun.inf (Infected with Text/Perlovga.A)
Deleted file

C:\copy.exe (Infected with Suspicious_M.gen)
Deleted file

C:\host.exe (Infected with W32/Smalldrp.JHW)
Deleted file

C:\Documents and Settings\Mitchell\Desktop\BACK UP_2008\Incoming EMULE\Windows Vista 2007 Versione Definitiva In Italiano Crack!! Funziona Perfettamente!!!.rar/setup.exe (Infected with Spybot.BFUS)
Deleted file

C:\Programmi\Circle Developement\Uninstall.exe (Infected with W32/Agent.FDKU)
Deleted file

C:\Programmi\DAEMON Tools\SetupDTSB.exe (Infected with W32/SaveNow.BV)
Deleted file

C:\Programmi\eMule\Incoming\VA - Pacha 2008 (2008) - Electro_House.rar/CMT (Error whilst scanning file: I/O Error)

C:\Programmi\eMule\Incoming\VA_-_Dream_Dance_Vol.46-2CD-2008-MOD.rar/CMT (Error whilst scanning file: I/O Error)

C:\Programmi\eMule\Incoming\VA_-_Dream_Dance_Vol.46-2CD-2008-MOD.rar/RR (Error whilst scanning file: I/O Error)

C:\Programmi\eMule\Temp\003.part/CMT (Error whilst scanning file: I/O Error)

C:\Programmi\eMule\Temp\017.part/CMT (Error whilst scanning file: I/O Error)

C:\Programmi\STK016_V2.01\STK016K.exe (Infected with W32/Cres.C)
Deleted file

C:\WINDOWS\autorun.inf (Infected with Text/Perlovga.A)
Deleted file

C:\WINDOWS\svchost.exe (Infected with W32/Smalldrp.JHW)
Removed registry value: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows -> Load = "C:\WINDOWS\svchost.exe"
Deleted file

C:\WINDOWS\xcopy.exe (Infected with Suspicious_M.gen)
Deleted file

C:\WINDOWS\system32\explorer.exe (Infected with W32/Smalltroj.BHVR)
Terminated process
File marked for defered cleaning (reboot required)

C:\WINDOWS\system32\fooool.exe (Infected with W32/Malware.XJE)
Deleted file

C:\WINDOWS\system32\temp2.exe (Infected with W32/Smalldoor.CSL)
Deleted file

Scanning: D:\*.*

D:\autorun.inf (Infected with Text/Perlovga.A)
Deleted file

D:\copy.exe (Infected with Suspicious_M.gen)
Deleted file

D:\host.exe (Infected with W32/Smalldrp.JHW)
Deleted file

D:\DA SMISTARE\The Sims 2 H&M Fashion.rar/CMT (Error whilst scanning file: I/O Error)

D:\DA SMISTARE\The Sims 2 H&M Fashion.rar/RR (Error whilst scanning file: I/O Error)

D:\DA SMISTARE\[Nero.8.Ultra.Edition].Nero.Ultra.Edition.v8.0.3.0.MULTILANGUAGE\Setup\Installation\Data\32E35AAD.cab/unknown43 (Error whilst scanning file: I/O Error)

D:\DA SMISTARE\[Nero.8.Ultra.Edition].Nero.Ultra.Edition.v8.0.3.0.MULTILANGUAGE\Setup\Installation\Data\32E35AAD.cab/unknown44 (Error whilst scanning file: I/O Error)

D:\DA SMISTARE\[Nero.8.Ultra.Edition].Nero.Ultra.Edition.v8.0.3.0.MULTILANGUAGE\Setup\Installation\Data\B28518DF.cab/unknown40 (Error whilst scanning file: I/O Error)

D:\DA SMISTARE\[Nero.8.Ultra.Edition].Nero.Ultra.Edition.v8.0.3.0.MULTILANGUAGE\Setup\Installation\Data\B28518DF.cab/unknown41 (Error whilst scanning file: I/O Error)

D:\DA SMISTARE\[Nero.8.Ultra.Edition].Nero.Ultra.Edition.v8.0.3.0.MULTILANGUAGE\Setup\Installation\Data\E4060BF5.cab/unknown0/unknown0 (Error whilst scanning file: I/O Error)
D:\DA SMISTARE\[Nero.8.Ultra.Edition].Nero.Ultra.Edition.v8.0.3.0.MULTILANGUAGE\Setup\Installation\Data\E4060BF5.cab/unknown0 (Possible archive bomb)

D:\GIOCHI\Sexy Games - Virtuallyjenna, 3D Sex Villa, Hentai 3D Ii, Dream Stripper & Active Dolls.rar/CRACKED_ThriXXX_Hentai3D_017_AND_SexVilla3D_017_AND_VirtuallyJenna_017_Incl_AMD_Patch.rar/CMT (Error whilst scanning file: I/O Error)

D:\GIOCHI\Sexy Games - Virtuallyjenna, 3D Sex Villa, Hentai 3D Ii, Dream Stripper & Active Dolls.rar/CRACKED_ThriXXX_Hentai3D_017_AND_SexVilla3D_017_AND_VirtuallyJenna_017_Incl_AMD_Patch.rar/svil2_017\3DSexVilla-017-001-(AMD-ONLY!)-hotfix\3DSexVilla-017-001-start.exe (Infected with W32/Smalltroj.DGZQ)
Deleted file

D:\GIOCHI\[PC Game ITA] THE SIMS 2 CRACK + KEYGEN + PATCH CENSURA + TOOLS.rar/crack e seriale\keygen.exe (Infected with Suspicious_F.gen)
Deleted file

D:\GIOCHI\THE SIMS 2\[PC Game DVD] The Sims 2 - Multilanguage [PT-ITA - ENG - FRA - DE - ESP - And Others Languages] - DVD Version 100% Work Granted.rar/CMT (Error whilst scanning file: I/O Error)

D:\GIOCHI\THE SIMS 2\[PC Game DVD] The Sims 2 - Multilanguage [PT-ITA - ENG - FRA - DE - ESP - And Others Languages] - DVD Version 100% Work Granted.rar/The_Sims_2_Multilanguage_DVD.part41.rar (Error whilst scanning file: I/O Error)

D:\PENNA USB\Nuova cartella (3)\Power DVD 7.0.1725.0 Multilenguaje + Crack_DnGnMsTr.zip/Power DVD 7.0.1725.0 Multilenguaje + Crack_DnGnMsTr/Patch.exe (Infected with W32/Suspicious_U.gen)
Deleted file

D:\PROGRAMMI\eMule 0.48a pro -ultra2 multilangue.rar/emule 0.48a pro -ultra2 multilangue\Old version.rar/Old version\eMule0.48a.rar/CMT (Error whilst scanning file: I/O Error)

D:\PROGRAMMI\dvd software\SLYSOFT CloneDVD2-2.9.0.1+KEYGEN\Any Dvd 6.050\Otros patchs\Any Dvd 6.050 By odiliada.zip/AnyDVD v6.0.5.0 - Patcher.exe (Infected with Suspicious_F.gen)
Deleted file

D:\PROGRAMMI\dvd software\SLYSOFT CloneDVD2-2.9.0.1+KEYGEN\Any Dvd 6.050\Otros patchs\AnyDVD v6.0.5.0 - Patcher.exe (Infected with Suspicious_F.gen)
Deleted file

D:\PROGRAMMI\Real Player\crack - premium activator.exe (Infected with W32/DLoader.DWMV)
Deleted file

D:\PROGRAMMI\Winamp 5.24 PRO KeyGen Patch ITA FRA GER SPA POR RUS... Plug-ins Controller Programmi\KeyGen\Keygen.exe (Infected with Suspicious_F.gen)
Deleted file

D:\PROGRAMMI\Winamp 5.24 PRO KeyGen Patch ITA FRA GER SPA POR RUS... Plug-ins Controller Programmi\KeyGen\Winamp keygen-Pro.exe (Infected with Suspicious_F.gen)
Deleted file

D:\System Volume Information\_RESTO~1\RP37\A0005792.exe (Infected with Suspicious_F.gen)
Deleted file

D:\System Volume Information\_RESTO~1\RP37\A0005794.exe (Infected with Suspicious_F.gen)
Deleted file

Scanning: c:\System Volume Information\*.*

Scanning: d:\System Volume Information\*.*

Running post-scan cleanup routine:
Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\WINDOWS\System32\userinit.exe, explorer.exe" -> "C:\WINDOWS\System32\userinit.exe,"

Number of files found: 209275
Number of archives unpacked: 11089
Number of files scanned: 209222
Number of files not scanned: 53
Number of files skipped due to exclude list: 0
Number of infected files found: 27
Number of infected files repaired/deleted: 25
Number of infections removed: 25
Total scanning time: 1h 29m 49s

bdoriano · Inviato: 16 Apr 2008 18:18 Oggetto:

Norman Malware ha fatto diverse pulizie, manca il log di combofix.

alexsamb · Mortale devoto Registrato: 15/04/08 15:50 Messaggi: 5

ho formattato il tutto.....!!!
grazie mille lo stesso!!!
è stato un piacere!!!!
a presto!!!
Very Happy