Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

user32.dll win32/pinit

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

user32.dll win32/pinit

Postdi deviltry » 25/08/09 04:12

dato che dalla ricerca di "pinit" su questo forum non è uscito nulla e anche google mi sembra abbastanza estraneo a questo nome ... ce lo metto io :lol:
comunque in poche parole il mio fidato NOD32 mi ha segnalato:
G:\WINDOWS\system32\user32.dll
Win32/Pinit virus.....
unica cosa che forse centra qualcosa che ho trovato è questa pagina.....
http://www.virustotal.com/it/analisis/95876f9c633189699d01d590f375b280
dove si vede come diversi antivirus lo identificano con nomi differenti.....
ora.....
io mi ricordo il famoso caso dove il 9/11/08 (data curiosa)tra gli aggiornamenti di avg c'era riconosci user32.dll come virus e cancellalo....simpatica sorpresa quando l'ignaro utente riavviava e ovviamente il winzoz senza questo file non funziona...
allora io prima di dare il cancella ho provato a dare il disinfetta.....ma continuava ad apparire...e visto che dovevo giocare al golf online e mi continuava a ridurre il golf a icona per i messaggi ho fatto che chiudere NOD32 ......
finito il giochino mi sono fatto un po di giri per cercare una soluzione e visto che non ne ho lette in giro ho deciso di scrivere questo post ......
ora ho riavviato nod e mi ha fatto sapere di nuovo del virus nei programmi d'avvio (anche se con hijack non ho visto strane cose in avvio)...gli ho detto dinuovo di disinfettare e il risultato è questo....
G:\WINDOWS\system32\USER32.dll - Win32/Pinit virus - disinfettato (dopo il prossimo avvio)

aia va a finire che qui mi tocca riinstallare......
comunque io riavvio e se percaso funziona tutto e il virus e' sparito ...tutto bene ...
se mi tocca la console di ripristino ci provo qualche volta poi formatto....
e se per caso si ripresenta il virus?????
avete qualche consiglio?? ......
speriamo a presto.... saluti
Se più gente trattasse la gente con favor, avremmo meno gente difficile e più gente di cuor.
Avatar utente
deviltry
Utente Senior
 
Post: 1672
Iscritto il: 04/02/02 01:00
Località: vercelli

Sponsor
 

Re: user32.dll win32/pinit

Postdi deviltry » 25/08/09 04:23

non pensavo...... ma si è riavviato ma ovviamente mi continua ancora a segnalare il virus.....
riporto anche una cosa nuova tra le info dell'allarme c'era questa cosa:
Evento occorso durante il tentativo di accesso al file da parte di un'applicazione: G:\Programmi\Java\jre6\bin\jqs.exe.

e cosa centra java con user32.dll??......
sapreste dirmi che strada usare o quale prove fare??
grazie e... a domaninotte
Se più gente trattasse la gente con favor, avremmo meno gente difficile e più gente di cuor.
Avatar utente
deviltry
Utente Senior
 
Post: 1672
Iscritto il: 04/02/02 01:00
Località: vercelli

Re: user32.dll win32/pinit

Postdi deviltry » 25/08/09 12:21

uau....non mi fidavo e invece è andato tutto bene......
come ultimo atto di follia ierinotte/questa mattina ho deciso di dargli il comando cancella mi ha detto che doveva riavviare per eseguire ed è riuscito .... il virus non viene più trovato e il pc si avvia tranquillamente.....
ho deciso di dare il cancella dato che era infettato anche il file in \WINDOWS\system32\dllcache\user32.dll che se non ho capito male nella cartella dllcache c'è una specie di backup quindi male che andava potevo recuperarlo da li il file....
o magari una volta che quello originale è stato cancellato è stato automaticamente preso quello .....
ma di queste cose proprio non ne so nulla.....

Qui metto le stringhe che ho trovato per recuperare il file tramite console di ripristino.....
versione da dllcache
copy C:\Windows\system32\dllcache\user32.dll C:\Windows\system32\user32.dll
versione da cd
expand D:\i386\user32.dl_ c:\windows\system32\
(al posto di “D:” usare la lettera associata al cdrom nel Vostro sistema)

una cosa ancora mi rimane ignota..... come ha fatto ad infettarsi user32.dll??
saluti e... a presto ;)
Se più gente trattasse la gente con favor, avremmo meno gente difficile e più gente di cuor.
Avatar utente
deviltry
Utente Senior
 
Post: 1672
Iscritto il: 04/02/02 01:00
Località: vercelli

Re: user32.dll win32/pinit

Postdi deviltry » 25/08/09 12:25

uff.... ma non si può lasciare la modifica del messaggio per almeno un paio di minuti ..... almeno se noto errori o mancanze vado subito a correggere.......

PS... il "user32.dll" nella cartella dllcache era riuscito subito a disinfettarlo per questo lo contavo come buono ;)
Se più gente trattasse la gente con favor, avremmo meno gente difficile e più gente di cuor.
Avatar utente
deviltry
Utente Senior
 
Post: 1672
Iscritto il: 04/02/02 01:00
Località: vercelli

Re: user32.dll win32/pinit

Postdi deviltry » 28/08/09 23:22

aia ne è uscito un'altro .....
un'altro file di sistema infettato
questa volta non vede piu la lettera dell'unita .....
file:
\device\harddiskvolume5\windows\sistem32\nvrsk.dll
virus:
win32/pinit.j worm
commento:
tentativo di accesso al file da parte di un'applicazione: G:\windows\sistem32\wbem\wmiprvse.exe

quindi ci sarà un virus che gira da qualche parte e che ognitanto attacca dei file di sistema....
proverò a fare una scansione completa anche se ci vorrà parecchio data la mole di file stipata nel mio pc....

se intanto qualcuno, che ha delle idee piu precise su come trovare e eliminare questo problema, potesse darmi qualche consiglio ne sarei assai grato......
saluti
Se più gente trattasse la gente con favor, avremmo meno gente difficile e più gente di cuor.
Avatar utente
deviltry
Utente Senior
 
Post: 1672
Iscritto il: 04/02/02 01:00
Località: vercelli

Re: user32.dll win32/pinit

Postdi Luke57 » 29/08/09 13:52

Ciao, prova a utilizzare qualche tools per vederci più chiaro, ed esempio malwarebytes e combofix.Posta poi i loro report.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: user32.dll win32/pinit

Postdi deviltry » 30/08/09 06:27

dunque.... per ora ho fatto girare combofix....non lo avevo mai provato.....sembra comunque che sia un aggeggino interessante e da quanto ho capito mi ha cancellato qualche file.......
spero che il pc si riavvii lostesso .... e devo capire questa console di ripristino che mi ha installato.....ma pensavo che la console di ripristino fosse quella di quando inserisci il cd di win e selezioni R.....
o forse e' la stessa cosa ma questa è installata e l'ha agguinta nel boot ...... mah scoprirò al riavvio...sempre che si riavvii...
intanto incollo il report
Codice: Seleziona tutto
ComboFix 09-08-29.01 - Deviltry 30/08/2009  7.05.18.1.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.39.1040.18.2048.1519 [GMT 2:00]
Eseguito da: g:\documents and settings\Deviltry\Desktop\ComboFix.exe
AV: Sistema Antivirus NOD32 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

g:\documents and settings\Deviltry\Dati applicazioni\inst.exe
g:\windows\system32\1c83c265.dll
g:\windows\system32\af7b9870.dll
g:\windows\system32\kr_done1
g:\windows\system32\msaatext32.dll
g:\windows\system32\nvrsk.dll
g:\windows\Temp\70.exe
g:\windows\Temp\73.exe

.
(((((((((((((((((((((((((   Files Creati Da 2009-07-28 al 2009-08-30  )))))))))))))))))))))))))))))))))))
.

2009-08-20 04:56 . 2009-08-20 04:56   --------   d--h--w-   g:\windows\system32\GroupPolicy
2009-08-19 20:01 . 2009-08-19 20:01   --------   d-----w-   g:\programmi\Microsoft Silverlight
2009-08-19 16:26 . 2009-08-19 17:36   --------   d-----w-   g:\documents and settings\Deviltry\Dati applicazioni\Scribus
2009-08-19 16:25 . 2009-08-19 16:26   --------   d-----w-   g:\programmi\Scribus 1.3.5.1
2009-08-19 15:15 . 2009-08-19 15:15   --------   d-----w-   g:\programmi\JRE
2009-08-16 21:17 . 2009-08-17 14:07   --------   d-----w-   g:\windows\SxsCaPendDel
2009-08-13 19:53 . 2009-08-13 19:53   41872   ----a-w-   g:\windows\system32\xfcodec.dll
2009-08-13 01:36 . 2009-07-10 13:26   1315328   -c----w-   g:\windows\system32\dllcache\msoe.dll
2009-08-05 23:29 . 2009-08-05 23:29   --------   d-----w-   g:\programmi\Ontrack
2009-08-05 08:59 . 2009-08-05 08:59   205312   -c----w-   g:\windows\system32\dllcache\mswebdvd.dll
2009-08-02 11:03 . 2009-08-02 11:03   --------   d-----w-   g:\windows\system32\ivtMobCache

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-30 04:57 . 2008-10-20 12:05   1   ----a-w-   g:\documents and settings\Deviltry\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-08-30 04:50 . 2008-08-17 01:26   --------   d---a-w-   g:\documents and settings\All Users\Dati applicazioni\TEMP
2009-08-30 04:29 . 2009-03-13 00:48   --------   d-----w-   g:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-08-27 23:23 . 2009-07-10 17:27   --------   d-----w-   g:\documents and settings\Deviltry\Dati applicazioni\Xfire
2009-08-27 21:01 . 2008-08-17 09:18   --------   d-----w-   g:\documents and settings\All Users\Dati applicazioni\DVD Shrink
2009-08-25 03:30 . 2007-10-29 12:00   579584   ----a-w-   g:\windows\system32\user32.dll
2009-08-20 01:47 . 2008-08-12 00:59   61168   ----a-w-   g:\documents and settings\Deviltry\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-08-19 15:15 . 2008-10-20 11:59   --------   d-----w-   g:\programmi\OpenOffice.org 3
2009-08-19 04:52 . 2009-07-10 17:27   --------   d-----w-   g:\programmi\Xfire
2009-08-18 17:12 . 2009-04-16 18:28   --------   d-----w-   g:\documents and settings\Deviltry\Dati applicazioni\Canon
2009-08-18 16:39 . 2008-08-17 08:41   --------   d-----w-   g:\documents and settings\Deviltry\Dati applicazioni\Vso
2009-08-16 21:22 . 2007-10-29 12:00   76598   ----a-w-   g:\windows\system32\perfc010.dat
2009-08-16 21:22 . 2007-10-29 12:00   472228   ----a-w-   g:\windows\system32\perfh010.dat
2009-08-07 23:46 . 2008-11-15 06:43   --------   d-----w-   g:\documents and settings\All Users\Dati applicazioni\TrackMania
2009-08-05 23:29 . 2008-08-12 01:17   --------   d--h--w-   g:\programmi\InstallShield Installation Information
2009-08-05 08:59 . 2007-10-29 12:00   205312   ----a-w-   g:\windows\system32\mswebdvd.dll
2009-07-30 21:08 . 2009-07-30 21:08   --------   d-----w-   g:\documents and settings\NetworkService\Dati applicazioni\Xfire
2009-07-30 21:03 . 2009-07-30 21:02   --------   d-----w-   g:\documents and settings\Deviltry\Dati applicazioni\Download Manager
2009-07-24 01:40 . 2009-07-24 00:40   --------   d-----w-   g:\programmi\BlueSoleil
2009-07-17 19:01 . 2007-10-29 12:00   58880   ----a-w-   g:\windows\system32\atl.dll
2009-07-13 20:37 . 2008-08-13 05:42   --------   d-----w-   g:\documents and settings\All Users\Dati applicazioni\Installations
2009-07-13 20:37 . 2008-08-13 05:44   --------   d-----w-   g:\programmi\File comuni\Nokia
2009-07-13 20:37 . 2008-08-13 05:43   --------   d-----w-   g:\programmi\Nokia
2009-07-13 20:36 . 2009-07-13 20:36   36864   ----a-w-   g:\documents and settings\All Users\Dati applicazioni\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\Sleep.exe
2009-07-13 20:36 . 2009-07-13 20:36   3351812   ----a-w-   g:\documents and settings\All Users\Dati applicazioni\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\msxml6Exec.exe
2009-07-13 20:36 . 2009-07-13 20:36   3181612   ----a-w-   g:\documents and settings\All Users\Dati applicazioni\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\vcredistExec.exe
2009-07-13 20:36 . 2009-07-13 20:36   24384200   ----a-w-   g:\documents and settings\All Users\Dati applicazioni\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\NokiaSoftwareUpdaterSetup_1.6.13IT.exe
2009-07-13 20:31 . 2008-08-13 05:49   --------   d-----w-   g:\documents and settings\Deviltry\Dati applicazioni\Nokia
2009-07-13 20:19 . 2009-07-13 20:19   --------   d-----w-   g:\programmi\File comuni\PCSuite
2009-07-13 20:17 . 2008-08-13 05:44   --------   d-----w-   g:\programmi\DIFX
2009-07-13 20:17 . 2009-07-13 20:17   --------   d-----w-   g:\programmi\PC Connectivity Solution
2009-07-13 20:00 . 2009-07-13 20:00   95232   ----a-w-   g:\documents and settings\All Users\Dati applicazioni\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-07-13 20:00 . 2009-07-13 20:00   8192   ----a-w-   g:\documents and settings\All Users\Dati applicazioni\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-07-13 20:00 . 2009-07-13 20:00   61440   ----a-w-   g:\documents and settings\All Users\Dati applicazioni\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-07-13 20:00 . 2009-07-13 20:00   10240   ----a-w-   g:\documents and settings\All Users\Dati applicazioni\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-07-13 20:00 . 2009-07-13 20:00   33853800   ----a-w-   g:\documents and settings\All Users\Dati applicazioni\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_ita.exe
2009-07-13 08:08 . 2007-10-29 12:00   286720   ----a-w-   g:\windows\system32\wmpdxm.dll
2009-07-10 18:20 . 2009-07-10 18:20   --------   d-----w-   g:\programmi\games
2009-07-10 17:31 . 2009-07-10 17:31   --------   d-----w-   g:\documents and settings\LocalService\Dati applicazioni\Xfire
2009-07-06 18:27 . 2009-07-06 18:27   --------   d-----w-   g:\programmi\7-Zip
2009-07-03 16:55 . 2007-10-29 12:00   915456   ----a-w-   g:\windows\system32\wininet.dll
2009-06-25 08:25 . 2007-10-29 12:00   735744   ----a-w-   g:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2007-10-29 12:00   56832   ----a-w-   g:\windows\system32\secur32.dll
2009-06-25 08:25 . 2007-10-29 12:00   54272   ----a-w-   g:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2007-10-29 12:00   301568   ----a-w-   g:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2007-10-29 12:00   147456   ----a-w-   g:\windows\system32\schannel.dll
2009-06-25 08:25 . 2007-10-29 12:00   136192   ----a-w-   g:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2007-10-29 12:00   92928   ----a-w-   g:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2007-10-29 12:00   81920   ----a-w-   g:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2007-10-29 12:00   119808   ----a-w-   g:\windows\system32\t2embed.dll
2009-06-15 10:43 . 2007-10-29 12:00   78336   ----a-w-   g:\windows\system32\telnet.exe
2009-06-15 10:43 . 2007-10-29 12:00   82432   ----a-w-   g:\windows\system32\tlntsess.exe
2009-06-10 14:13 . 2007-10-29 12:00   85504   ----a-w-   g:\windows\system32\avifil32.dll
2009-06-10 07:19 . 2008-08-12 00:48   2066432   ----a-w-   g:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2007-10-29 12:00   132096   ----a-w-   g:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2007-10-29 12:00   1296384   ----a-w-   g:\windows\system32\quartz.dll
2006-10-11 08:04 . 2008-08-23 03:17   61036   ----a-w-   g:\programmi\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2008-08-23 03:17   48742   ----a-w-   g:\programmi\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2008-08-23 03:17   29313   ----a-w-   g:\programmi\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2008-08-23 03:17   41082   ----a-w-   g:\programmi\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2008-08-23 03:17   166510   ----a-w-   g:\programmi\mozilla firefox\components\xpinstal.dll
2006-05-03 10:06 . 2009-02-16 21:18   163328   --sh--r-   g:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2009-02-16 21:18   31232   --sh--r-   g:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2009-02-16 21:18   216064   --sh--r-   g:\windows\system32\nbDX.dll
.

------- Sigcheck -------

[-] 2008-08-12 03:23   509440   E66062DF04DE1F01C6BC484468B65D22   g:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2008-04-14 02:14   510464   9259170D29B5A256735FCB8B80280857   g:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-09-09 08:38   510464   90F406811EE1EEE294792D00E21CA16C   g:\windows\system32\winlogon.exe

[7] 2007-10-29 12:00   4224   DA1F27D85E0D1525F6621372E7B685E9   g:\windows\system32\dllcache\beep.sys

g:\windows\system32\drivers\beep.sys ... è mancante !!
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="g:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"D066UUtility"="g:\windows\TWAIN_32\D66U\D066UUTY.EXE" [2000-07-06 32768]
"nod32kui"="g:\programmi\Eset\nod32kui.exe" [2008-08-15 949376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="g:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"MySpaceIM"="g:\programmi\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

g:\documents and settings\Deviltry\Menu Avvio\Programmi\Esecuzione automatica\
Collegamento a html2pop3.exe.lnk - g:\programmi\utili\htmltopop3\html2pop3.exe [2008-8-13 111104]
Collegamento a LOGI_MWX.EXE.lnk - g:\programmi\Logitech\MouseWare\Drivers\Win2k_XP\LOGI_MWX.EXE [2008-8-12 19968]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\beep.sys]
@="beep"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"g:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"g:\\Programmi\\SecondLife\\SLVoice.exe"=
"g:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"g:\\Programmi\\Microsoft ActiveSync\\WCESMgr.exe"=
"g:\\Programmi\\Microsoft ActiveSync\\wcescomm.exe"=
"g:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"g:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"g:\\Programmi\\Synergy\\synergys.exe"=
"g:\\Programmi\\TmNationsForever\\TmForever.exe"=
"g:\\Programmi\\TmUnitedForever\\TmForever.exe"=
"g:\\Programmi\\Messenger\\msmsgs.exe"=
"g:\\Programmi\\Goa\\PangYa_Eu\\update_eu.exe"=
"g:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"g:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"g:\\Programmi\\BlueSoleil\\BlueSoleilCS.exe"=
"g:\\Programmi\\MySpace\\IM\\MySpaceIM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20001:UDP"= 20001:UDP:MicroSAN

R0 BtHidBus;Bluetooth HID Bus Service;g:\windows\system32\drivers\BtHidBus.sys [07/01/2009 23.39.36 20744]
R0 viasraid;viasraid;g:\windows\system32\drivers\viasraid.sys [12/08/2008 3.35.29 77312]
R0 ZetSFD;ZetSFD;g:\windows\system32\drivers\ZetSFD.sys [12/08/2008 3.40.30 12800]
R1 Asapi;Asapi;g:\windows\system32\drivers\asapi.sys [17/08/2008 13.56.08 10240]
R1 nod32drv;nod32drv;g:\windows\system32\drivers\nod32drv.sys [15/08/2008 5.04.21 15424]
R2 SFSZ;DataPlow SFS for Zetera Storage Devices;g:\windows\system32\drivers\sfsz.sys [12/08/2008 3.40.29 345984]
R2 Synergy Server;Synergy Server;g:\programmi\Synergy\synergys.exe [02/04/2006 22.20.16 733184]
R2 Z-SANService;Z-SAN Service;g:\programmi\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe [12/08/2008 3.40.27 376891]
R3 btnetBUs;Bluetooth PAN Bus Service;g:\windows\system32\drivers\btnetBus.sys [07/12/2008 12.44.54 30088]
R3 DynCal;Dynamic Calibration Service;g:\windows\system32\drivers\DynCal.sys [26/10/2001 17.37.04 13946]
R3 IvtBtBUs;IVT Bluetooth Bus Service;g:\windows\system32\drivers\IvtBtBus.sys [02/07/2008 14.58.48 26248]
R3 KbGhost;RulingTec Keyboard Emulator;g:\windows\system32\drivers\KbGhost.sys [13/11/2001 16.29.24 4372]
R3 PSXGamepadEnabler;Psx Hid to Gamepad Port Enabler;g:\windows\system32\drivers\psxpad.sys [10/01/2009 16.07.35 12160]
R3 PsxPortEnumerator;Psx Port Enumerator;g:\windows\system32\drivers\psxenum.sys [10/01/2009 16.07.35 16896]
R3 ZetBus;Zetera Virtual Bus;g:\windows\system32\drivers\ZetBus.sys [12/08/2008 3.40.27 15488]
R3 ZetMPD;ZetMPD;g:\windows\system32\drivers\ZetMPD.sys [12/08/2008 3.40.30 5120]
S2 BsMobileCS;BsMobileCS;g:\programmi\BlueSoleil\BsMobileCS.exe [27/02/2009 16.40.48 143467]
S2 gupdate1c9a37585a2d6f4;Servizio di Google Update (gupdate1c9a37585a2d6f4);g:\programmi\Google\Update\GoogleUpdate.exe [13/03/2009 2.49.07 133104]
S2 msaatext32;Active Accessibility text support;rundll32.exe g:\windows\system32\msaatext32.dll,okyw --> rundll32.exe g:\windows\system32\msaatext32.dll,okyw [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;g:\windows\system32\drivers\nmwcdnsu.sys [13/07/2009 22.16.45 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;g:\windows\system32\drivers\nmwcdnsuc.sys [13/07/2009 22.16.46 8320]
S3 npggsvc;nProtect GameGuard Service;g:\windows\system32\GameMon.des -service --> g:\windows\system32\GameMon.des -service [?]
S3 udfpt;udfpt;g:\windows\system32\drivers\udfpt.sys --> g:\windows\system32\drivers\udfpt.sys [?]
S3 USBVSP;USBVSP;g:\windows\system32\drivers\usbvsp.sys [28/04/2009 19.24.22 89728]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - dump_wmimmc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"g:\windows\system32\rundll32.exe" "g:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-08-30 g:\windows\Tasks\Google Software Updater.job
- g:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-12 20:42]

2009-08-29 g:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- g:\programmi\Google\Update\GoogleUpdate.exe [2009-03-13 00:49]

2009-08-30 g:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- g:\programmi\Google\Update\GoogleUpdate.exe [2009-03-13 00:49]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = localhost
IE: Add to Google Photos Screensa&ver - g:\windows\system32\GPhotos.scr/200
IE: Invia tramite Bluetooth - g:\programmi\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Invia usando Messaggio(&M)... - g:\programmi\BlueSoleil\TransSend\IE\tssms.htm
LSP: g:\windows\system32\imon.dll
DPF: Microsoft XML Parser for Java - file:///G:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - g:\documents and settings\Deviltry\Dati applicazioni\Mozilla\Firefox\Profiles\pp9bhtqs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - component: g:\programmi\Mozilla Firefox\components\xpinstal.dll
FF - component: g:\programmi\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: g:\programmi\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: g:\programmi\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - g:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-30 07:11
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="g:\windows\system32\GameMon.des -service"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(728)
g:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(784)
g:\windows\system32\relog_ap.dll
g:\windows\system32\imon.dll
g:\programmi\Eset\pr_imon.dll
.
Ora fine scansione: 2009-08-30  7.14.36
ComboFix-quarantined-files.txt  2009-08-30 05:13

Pre-Run: 16.976.945.152 byte disponibili
Post-Run: 18.198.626.304 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

235   --- E O F ---   2009-08-27 21:24
Se più gente trattasse la gente con favor, avremmo meno gente difficile e più gente di cuor.
Avatar utente
deviltry
Utente Senior
 
Post: 1672
Iscritto il: 04/02/02 01:00
Località: vercelli

Re: user32.dll win32/pinit

Postdi deviltry » 30/08/09 19:53

dunque...subito dopo ho messo al lavoro Malwarebytes .... ho fatto la scansione rapida, dato che non avevo tanto tempo comunque ha dato esito negativo......
ne avevo gia sentito parlare sul forum di questi due soft ma senza alcun problema non avevo approfondito la conoscenza... da quel che ho capito combofix lavora sulle cartelle di sistema e il registro di configurazione... ma non ho capito qual'è la sua specializzazione, cioè cosa trova ..
Malwarebytes magari lavorando a pc "pulito" non ha trovato nulla....ma mi sembra che gli si può dire quali dischi controllare (parlando della versione free ovviamente).... però mi piacerebbe sapere la specializzazione anche di questo giusto per sapere come e quando utilizzare l'uno o l'altro o assieme .... di entrambi ho trovato delle istruzioni di utilizzo ma non il loro indirizzo di specializzazione.....

una cosa sulle istruzioni di combofix diceva ... lui può anche cancellare dei file e quindi pulire tutto però può essere che rimanga qualcosa, quindi consigliavano comunque il report nel forum dove è stato consigliato .... ma per leggiere questo report nel miglior modo possibile e capire cosa si legge ci si basa solo sull'esperienza ho ci sono anche siti come per HijackThis dove si inserisce il report e da già qualche risultato di cose che sarebbe meglio controllare e nel caso fixare...

comunque ti ringrazio assai per questa dritta e se poi sapresti rispondere a qualcuna delle sù domande e magari leggere il report ...
saluti...a presto ;)
a presto
Se più gente trattasse la gente con favor, avremmo meno gente difficile e più gente di cuor.
Avatar utente
deviltry
Utente Senior
 
Post: 1672
Iscritto il: 04/02/02 01:00
Località: vercelli

Re: user32.dll win32/pinit

Postdi Luke57 » 30/08/09 23:17

Ciao, apri un file di testo, al suo interno copiaci il seguente testo.

Codice: Seleziona tutto
Driver::
msaatext32

File::
g:\windows\system32\msaatext32.dll


salvalo sul desktop con il nome obbligatorio di CFScript.txt

trascina con il puntatore del mouse sull'icona di combofix ; il programma avvierà una nuova scansione. Al termine di essa, riavvia e posta il nuovo report.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: user32.dll win32/pinit

Postdi deviltry » 31/08/09 21:42

eccofatto.......
dottore è grave?? :lol: :lol: :lol:


    ComboFix 09-08-31.03 - Deviltry 31/08/2009 21.07.09.2.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2048.1497 [GMT 2:00]
    Eseguito da: g:\documents and settings\Deviltry\Desktop\ComboFix.exe
    Opzioni usate :: g:\documents and settings\Deviltry\Desktop\CFScript.txt
    AV: Sistema Antivirus NOD32 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

    FILE ::
    "g:\windows\system32\msaatext32.dll"
    .

    ((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_MSAATEXT32
    -------\Service_msaatext32


    ((((((((((((((((((((((((( Files Creati Da 2009-07-28 al 2009-08-31 )))))))))))))))))))))))))))))))))))
    .

    2009-08-30 05:29 . 2009-08-30 05:29 -------- d-----w- g:\documents and settings\Deviltry\Dati applicazioni\Malwarebytes
    2009-08-30 05:29 . 2009-08-03 11:36 38160 ----a-w- g:\windows\system32\drivers\mbamswissarmy.sys
    2009-08-30 05:29 . 2009-08-30 05:29 -------- d-----w- g:\documents and settings\All Users\Dati applicazioni\Malwarebytes
    2009-08-30 05:29 . 2009-08-30 05:29 -------- d-----w- g:\programmi\Malwarebytes' Anti-Malware
    2009-08-30 05:29 . 2009-08-03 11:36 19096 ----a-w- g:\windows\system32\drivers\mbam.sys
    2009-08-20 04:56 . 2009-08-20 04:56 -------- d--h--w- g:\windows\system32\GroupPolicy
    2009-08-19 20:01 . 2009-08-19 20:01 -------- d-----w- g:\programmi\Microsoft Silverlight
    2009-08-19 16:26 . 2009-08-19 17:36 -------- d-----w- g:\documents and settings\Deviltry\Dati applicazioni\Scribus
    2009-08-19 16:25 . 2009-08-19 16:26 -------- d-----w- g:\programmi\Scribus 1.3.5.1
    2009-08-19 15:15 . 2009-08-19 15:15 -------- d-----w- g:\programmi\JRE
    2009-08-16 21:17 . 2009-08-17 14:07 -------- d-----w- g:\windows\SxsCaPendDel
    2009-08-13 19:53 . 2009-08-13 19:53 41872 ----a-w- g:\windows\system32\xfcodec.dll
    2009-08-13 01:36 . 2009-07-10 13:26 1315328 -c----w- g:\windows\system32\dllcache\msoe.dll
    2009-08-05 23:29 . 2009-08-05 23:29 -------- d-----w- g:\programmi\Ontrack
    2009-08-05 08:59 . 2009-08-05 08:59 205312 -c----w- g:\windows\system32\dllcache\mswebdvd.dll
    2009-08-02 11:03 . 2009-08-02 11:03 -------- d-----w- g:\windows\system32\ivtMobCache

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-31 17:46 . 2009-03-13 00:48 -------- d-----w- g:\documents and settings\All Users\Dati applicazioni\Google Updater
    2009-08-30 22:32 . 2008-08-17 01:26 -------- d---a-w- g:\documents and settings\All Users\Dati applicazioni\TEMP
    2009-08-30 04:57 . 2008-10-20 12:05 1 ----a-w- g:\documents and settings\Deviltry\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2009-08-27 23:23 . 2009-07-10 17:27 -------- d-----w- g:\documents and settings\Deviltry\Dati applicazioni\Xfire
    2009-08-27 21:01 . 2008-08-17 09:18 -------- d-----w- g:\documents and settings\All Users\Dati applicazioni\DVD Shrink
    2009-08-25 03:30 . 2007-10-29 12:00 579584 ------w- g:\windows\system32\user32.dll
    2009-08-20 01:47 . 2008-08-12 00:59 61168 ----a-w- g:\documents and settings\Deviltry\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
    2009-08-19 15:15 . 2008-10-20 11:59 -------- d-----w- g:\programmi\OpenOffice.org 3
    2009-08-19 04:52 . 2009-07-10 17:27 -------- d-----w- g:\programmi\Xfire
    2009-08-18 17:12 . 2009-04-16 18:28 -------- d-----w- g:\documents and settings\Deviltry\Dati applicazioni\Canon
    2009-08-18 16:39 . 2008-08-17 08:41 -------- d-----w- g:\documents and settings\Deviltry\Dati applicazioni\Vso
    2009-08-16 21:22 . 2007-10-29 12:00 76598 ----a-w- g:\windows\system32\perfc010.dat
    2009-08-16 21:22 . 2007-10-29 12:00 472228 ----a-w- g:\windows\system32\perfh010.dat
    2009-08-07 23:46 . 2008-11-15 06:43 -------- d-----w- g:\documents and settings\All Users\Dati applicazioni\TrackMania
    2009-08-05 23:29 . 2008-08-12 01:17 -------- d--h--w- g:\programmi\InstallShield Installation Information
    2009-08-05 08:59 . 2007-10-29 12:00 205312 ----a-w- g:\windows\system32\mswebdvd.dll
    2009-07-30 21:08 . 2009-07-30 21:08 -------- d-----w- g:\documents and settings\NetworkService\Dati applicazioni\Xfire
    2009-07-30 21:03 . 2009-07-30 21:02 -------- d-----w- g:\documents and settings\Deviltry\Dati applicazioni\Download Manager
    2009-07-24 01:40 . 2009-07-24 00:40 -------- d-----w- g:\programmi\BlueSoleil
    2009-07-17 19:01 . 2007-10-29 12:00 58880 ----a-w- g:\windows\system32\atl.dll
    2009-07-13 20:37 . 2008-08-13 05:42 -------- d-----w- g:\documents and settings\All Users\Dati applicazioni\Installations
    2009-07-13 20:37 . 2008-08-13 05:44 -------- d-----w- g:\programmi\File comuni\Nokia
    2009-07-13 20:37 . 2008-08-13 05:43 -------- d-----w- g:\programmi\Nokia
    2009-07-13 20:36 . 2009-07-13 20:36 36864 ----a-w- g:\documents and settings\All Users\Dati applicazioni\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\Sleep.exe
    2009-07-13 20:36 . 2009-07-13 20:36 3351812 ----a-w- g:\documents and settings\All Users\Dati applicazioni\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\msxml6Exec.exe
    2009-07-13 20:36 . 2009-07-13 20:36 3181612 ----a-w- g:\documents and settings\All Users\Dati applicazioni\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\vcredistExec.exe
    2009-07-13 20:36 . 2009-07-13 20:36 24384200 ----a-w- g:\documents and settings\All Users\Dati applicazioni\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\NokiaSoftwareUpdaterSetup_1.6.13IT.exe
    2009-07-13 20:31 . 2008-08-13 05:49 -------- d-----w- g:\documents and settings\Deviltry\Dati applicazioni\Nokia
    2009-07-13 20:19 . 2009-07-13 20:19 -------- d-----w- g:\programmi\File comuni\PCSuite
    2009-07-13 20:17 . 2008-08-13 05:44 -------- d-----w- g:\programmi\DIFX
    2009-07-13 20:17 . 2009-07-13 20:17 -------- d-----w- g:\programmi\PC Connectivity Solution
    2009-07-13 20:00 . 2009-07-13 20:00 95232 ----a-w- g:\documents and settings\All Users\Dati applicazioni\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
    2009-07-13 20:00 . 2009-07-13 20:00 8192 ----a-w- g:\documents and settings\All Users\Dati applicazioni\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
    2009-07-13 20:00 . 2009-07-13 20:00 61440 ----a-w- g:\documents and settings\All Users\Dati applicazioni\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
    2009-07-13 20:00 . 2009-07-13 20:00 10240 ----a-w- g:\documents and settings\All Users\Dati applicazioni\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
    2009-07-13 20:00 . 2009-07-13 20:00 33853800 ----a-w- g:\documents and settings\All Users\Dati applicazioni\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_ita.exe
    2009-07-13 08:08 . 2007-10-29 12:00 286720 ----a-w- g:\windows\system32\wmpdxm.dll
    2009-07-10 18:20 . 2009-07-10 18:20 -------- d-----w- g:\programmi\games
    2009-07-10 17:31 . 2009-07-10 17:31 -------- d-----w- g:\documents and settings\LocalService\Dati applicazioni\Xfire
    2009-07-06 18:27 . 2009-07-06 18:27 -------- d-----w- g:\programmi\7-Zip
    2009-07-03 16:55 . 2007-10-29 12:00 915456 ------w- g:\windows\system32\wininet.dll
    2009-06-25 08:25 . 2007-10-29 12:00 735744 ----a-w- g:\windows\system32\lsasrv.dll
    2009-06-25 08:25 . 2007-10-29 12:00 56832 ----a-w- g:\windows\system32\secur32.dll
    2009-06-25 08:25 . 2007-10-29 12:00 54272 ----a-w- g:\windows\system32\wdigest.dll
    2009-06-25 08:25 . 2007-10-29 12:00 301568 ----a-w- g:\windows\system32\kerberos.dll
    2009-06-25 08:25 . 2007-10-29 12:00 147456 ----a-w- g:\windows\system32\schannel.dll
    2009-06-25 08:25 . 2007-10-29 12:00 136192 ----a-w- g:\windows\system32\msv1_0.dll
    2009-06-24 11:18 . 2007-10-29 12:00 92928 ----a-w- g:\windows\system32\drivers\ksecdd.sys
    2009-06-16 14:36 . 2007-10-29 12:00 81920 ----a-w- g:\windows\system32\fontsub.dll
    2009-06-16 14:36 . 2007-10-29 12:00 119808 ----a-w- g:\windows\system32\t2embed.dll
    2009-06-15 10:43 . 2007-10-29 12:00 78336 ----a-w- g:\windows\system32\telnet.exe
    2009-06-15 10:43 . 2007-10-29 12:00 82432 ----a-w- g:\windows\system32\tlntsess.exe
    2009-06-10 14:13 . 2007-10-29 12:00 85504 ----a-w- g:\windows\system32\avifil32.dll
    2009-06-10 07:19 . 2008-08-12 00:48 2066432 ----a-w- g:\windows\system32\mstscax.dll
    2009-06-10 06:14 . 2007-10-29 12:00 132096 ----a-w- g:\windows\system32\wkssvc.dll
    2009-06-03 19:09 . 2007-10-29 12:00 1296384 ----a-w- g:\windows\system32\quartz.dll
    2006-10-11 08:04 . 2008-08-23 03:17 61036 ----a-w- g:\programmi\mozilla firefox\components\jar50.dll
    2006-10-11 08:04 . 2008-08-23 03:17 48742 ----a-w- g:\programmi\mozilla firefox\components\jsd3250.dll
    2006-10-11 08:05 . 2008-08-23 03:17 29313 ----a-w- g:\programmi\mozilla firefox\components\myspell.dll
    2006-10-11 08:05 . 2008-08-23 03:17 41082 ----a-w- g:\programmi\mozilla firefox\components\spellchk.dll
    2006-10-11 08:04 . 2008-08-23 03:17 166510 ----a-w- g:\programmi\mozilla firefox\components\xpinstal.dll
    2006-05-03 10:06 . 2009-02-16 21:18 163328 --sh--r- g:\windows\system32\flvDX.dll
    2007-02-21 11:47 . 2009-02-16 21:18 31232 --sh--r- g:\windows\system32\msfDX.dll
    2008-03-16 13:30 . 2009-02-16 21:18 216064 --sh--r- g:\windows\system32\nbDX.dll
    .

    ------- Sigcheck -------

    [-] 2008-08-12 03:23 509440 E66062DF04DE1F01C6BC484468B65D22 g:\windows\$NtServicePackUninstall$\winlogon.exe
    [7] 2008-04-14 02:14 510464 9259170D29B5A256735FCB8B80280857 g:\windows\ServicePackFiles\i386\winlogon.exe
    [-] 2008-09-09 08:38 510464 90F406811EE1EEE294792D00E21CA16C g:\windows\system32\winlogon.exe

    [7] 2007-10-29 12:00 4224 DA1F27D85E0D1525F6621372E7B685E9 g:\windows\system32\dllcache\beep.sys

    g:\windows\system32\drivers\beep.sys ... è mancante !!
    .
    ((((((((((((((((((((((((((((( SnapShot@2009-08-30_05.12.01 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-08-31 19:15 . 2009-08-31 19:15 16384 g:\windows\temp\Perflib_Perfdata_384.dat
    .
    ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* i valori vuoti & legittimi/default non sono visualizzati.
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="g:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
    "D066UUtility"="g:\windows\TWAIN_32\D66U\D066UUTY.EXE" [2000-07-06 32768]
    "nod32kui"="g:\programmi\Eset\nod32kui.exe" [2008-08-15 949376]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="g:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "MySpaceIM"="g:\programmi\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

    g:\documents and settings\Deviltry\Menu Avvio\Programmi\Esecuzione automatica\
    Collegamento a html2pop3.exe.lnk - g:\programmi\utili\htmltopop3\html2pop3.exe [2008-8-13 111104]
    Collegamento a LOGI_MWX.EXE.lnk - g:\programmi\Logitech\MouseWare\Drivers\Win2k_XP\LOGI_MWX.EXE [2008-8-12 19968]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\beep.sys]
    @="beep"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "g:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "g:\\Programmi\\SecondLife\\SLVoice.exe"=
    "g:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
    "g:\\Programmi\\Microsoft ActiveSync\\WCESMgr.exe"=
    "g:\\Programmi\\Microsoft ActiveSync\\wcescomm.exe"=
    "g:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
    "g:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
    "g:\\Programmi\\Synergy\\synergys.exe"=
    "g:\\Programmi\\TmNationsForever\\TmForever.exe"=
    "g:\\Programmi\\TmUnitedForever\\TmForever.exe"=
    "g:\\Programmi\\Messenger\\msmsgs.exe"=
    "g:\\Programmi\\Goa\\PangYa_Eu\\update_eu.exe"=
    "g:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
    "g:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
    "g:\\Programmi\\BlueSoleil\\BlueSoleilCS.exe"=
    "g:\\Programmi\\MySpace\\IM\\MySpaceIM.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "20001:UDP"= 20001:UDP:MicroSAN

    R0 BtHidBus;Bluetooth HID Bus Service;g:\windows\system32\drivers\BtHidBus.sys [07/01/2009 23.39.36 20744]
    R0 viasraid;viasraid;g:\windows\system32\drivers\viasraid.sys [12/08/2008 3.35.29 77312]
    R0 ZetSFD;ZetSFD;g:\windows\system32\drivers\ZetSFD.sys [12/08/2008 3.40.30 12800]
    R1 Asapi;Asapi;g:\windows\system32\drivers\asapi.sys [17/08/2008 13.56.08 10240]
    R1 nod32drv;nod32drv;g:\windows\system32\drivers\nod32drv.sys [15/08/2008 5.04.21 15424]
    R2 BsMobileCS;BsMobileCS;g:\programmi\BlueSoleil\BsMobileCS.exe [27/02/2009 16.40.48 143467]
    R2 SFSZ;DataPlow SFS for Zetera Storage Devices;g:\windows\system32\drivers\sfsz.sys [12/08/2008 3.40.29 345984]
    R2 Synergy Server;Synergy Server;g:\programmi\Synergy\synergys.exe [02/04/2006 22.20.16 733184]
    R2 Z-SANService;Z-SAN Service;g:\programmi\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe [12/08/2008 3.40.27 376891]
    R3 btnetBUs;Bluetooth PAN Bus Service;g:\windows\system32\drivers\btnetBus.sys [07/12/2008 12.44.54 30088]
    R3 DynCal;Dynamic Calibration Service;g:\windows\system32\drivers\DynCal.sys [26/10/2001 17.37.04 13946]
    R3 IvtBtBUs;IVT Bluetooth Bus Service;g:\windows\system32\drivers\IvtBtBus.sys [02/07/2008 14.58.48 26248]
    R3 KbGhost;RulingTec Keyboard Emulator;g:\windows\system32\drivers\KbGhost.sys [13/11/2001 16.29.24 4372]
    R3 PSXGamepadEnabler;Psx Hid to Gamepad Port Enabler;g:\windows\system32\drivers\psxpad.sys [10/01/2009 16.07.35 12160]
    R3 PsxPortEnumerator;Psx Port Enumerator;g:\windows\system32\drivers\psxenum.sys [10/01/2009 16.07.35 16896]
    R3 ZetBus;Zetera Virtual Bus;g:\windows\system32\drivers\ZetBus.sys [12/08/2008 3.40.27 15488]
    R3 ZetMPD;ZetMPD;g:\windows\system32\drivers\ZetMPD.sys [12/08/2008 3.40.30 5120]
    S2 gupdate1c9a37585a2d6f4;Servizio di Google Update (gupdate1c9a37585a2d6f4);g:\programmi\Google\Update\GoogleUpdate.exe [13/03/2009 2.49.07 133104]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;g:\windows\system32\drivers\nmwcdnsu.sys [13/07/2009 22.16.45 136704]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;g:\windows\system32\drivers\nmwcdnsuc.sys [13/07/2009 22.16.46 8320]
    S3 npggsvc;nProtect GameGuard Service;g:\windows\system32\GameMon.des -service --> g:\windows\system32\GameMon.des -service [?]
    S3 udfpt;udfpt;g:\windows\system32\drivers\udfpt.sys --> g:\windows\system32\drivers\udfpt.sys [?]
    S3 USBVSP;USBVSP;g:\windows\system32\drivers\usbvsp.sys [28/04/2009 19.24.22 89728]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "g:\windows\system32\rundll32.exe" "g:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    .
    Contenuto della cartella 'Scheduled Tasks'

    2009-08-31 g:\windows\Tasks\Google Software Updater.job
    - g:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-12 20:42]

    2009-08-31 g:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - g:\programmi\Google\Update\GoogleUpdate.exe [2009-03-13 00:49]

    2009-08-31 g:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - g:\programmi\Google\Update\GoogleUpdate.exe [2009-03-13 00:49]
    .
    .
    ------- Scansione supplementare -------
    .
    uStart Page = hxxp://www.google.it/
    uInternet Settings,ProxyOverride = localhost
    IE: Add to Google Photos Screensa&ver - g:\windows\system32\GPhotos.scr/200
    IE: Invia tramite Bluetooth - g:\programmi\BlueSoleil\TransSend\IE\tsinfo.htm
    IE: Invia usando Messaggio(&M)... - g:\programmi\BlueSoleil\TransSend\IE\tssms.htm
    LSP: g:\windows\system32\imon.dll
    DPF: Microsoft XML Parser for Java - file:///G:/WINDOWS/Java/classes/xmldso.cab
    FF - ProfilePath - g:\documents and settings\Deviltry\Dati applicazioni\Mozilla\Firefox\Profiles\pp9bhtqs.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
    FF - component: g:\programmi\Mozilla Firefox\components\xpinstal.dll
    FF - component: g:\programmi\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
    FF - component: g:\programmi\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
    FF - component: g:\programmi\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - g:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-31 21:15
    Windows 5.1.2600 Service Pack 3 NTFS

    scansione processi nascosti ...

    scansione entrate autostart nascoste ...

    Scansione files nascosti ...

    Scansione completata con successo
    Files nascosti: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
    "ImagePath"="g:\windows\system32\GameMon.des -service"
    .
    --------------------- Dlls caricate dai processi in esecuzione ---------------------

    - - - - - - - > 'winlogon.exe'(732)
    g:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'lsass.exe'(792)
    g:\windows\system32\relog_ap.dll
    g:\windows\system32\imon.dll
    g:\programmi\Eset\pr_imon.dll

    - - - - - - - > 'explorer.exe'(2212)
    g:\windows\system32\WININET.dll
    g:\programmi\Logitech\MouseWare\System\LgWndHk.dll
    g:\progra~1\WINDOW~2\wmpband.dll
    g:\programmi\Synergy\synrgyhk.dll
    g:\programmi\File comuni\Logitech\Scrolling\LgMsgHk.dll
    g:\windows\system32\webcheck.dll
    .
    ------------------------ Altri processi in esecuzione ------------------------
    .
    g:\windows\system32\ati2evxx.exe
    g:\windows\system32\ati2evxx.exe
    g:\programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe
    g:\programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    g:\programmi\File comuni\Maxtor\Schedule2\schedul2.exe
    g:\programmi\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    g:\programmi\BlueSoleil\BlueSoleilCS.exe
    g:\programmi\Logitech\MouseWare\system\EM_EXEC.EXE
    g:\programmi\Java\jre6\bin\jqs.exe
    g:\programmi\File comuni\logishrd\LVCOMSER\LVComSer.exe
    g:\programmi\ESET\nod32krn.exe
    g:\programmi\Analog Devices\SoundMAX\SMAgent.exe
    g:\windows\system32\wdfmgr.exe
    g:\programmi\BlueSoleil\BsHelpCS.exe
    g:\programmi\File comuni\logishrd\LVCOMSER\LVComSer.exe
    .
    **************************************************************************
    .
    Ora fine scansione: 2009-08-31 21.23.08 - Il pc è stato riavviato
    ComboFix-quarantined-files.txt 2009-08-31 19:22
    ComboFix2.txt 2009-08-30 05:14

    Pre-Run: 18.176.368.640 byte disponibili
    Post-Run: 18.044.428.288 byte disponibili

    263 --- E O F --- 2009-08-27 21:24

grazie del tuo aiuto
Se più gente trattasse la gente con favor, avremmo meno gente difficile e più gente di cuor.
Avatar utente
deviltry
Utente Senior
 
Post: 1672
Iscritto il: 04/02/02 01:00
Località: vercelli

Re: user32.dll win32/pinit

Postdi deviltry » 31/08/09 21:44

aia..mi sono sbagliato.....ho fatto list invece di code...
e qui non si puo neanche riparare
Codice: Seleziona tutto
ComboFix 09-08-31.03 - Deviltry 31/08/2009 21.07.09.2.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.39.1040.18.2048.1497 [GMT 2:00]
Eseguito da: g:\documents and settings\Deviltry\Desktop\ComboFix.exe
Opzioni usate :: g:\documents and settings\Deviltry\Desktop\CFScript.txt
AV: Sistema Antivirus NOD32 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FILE ::
"g:\windows\system32\msaatext32.dll"
.

(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((   Driver/Servizi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSAATEXT32
-------\Service_msaatext32


(((((((((((((((((((((((((   Files Creati Da 2009-07-28 al 2009-08-31  )))))))))))))))))))))))))))))))))))
.

2009-08-30 05:29 . 2009-08-30 05:29   --------   d-----w-   g:\documents and settings\Deviltry\Dati applicazioni\Malwarebytes
2009-08-30 05:29 . 2009-08-03 11:36   38160   ----a-w-   g:\windows\system32\drivers\mbamswissarmy.sys
2009-08-30 05:29 . 2009-08-30 05:29   --------   d-----w-   g:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-08-30 05:29 . 2009-08-30 05:29   --------   d-----w-   g:\programmi\Malwarebytes' Anti-Malware
2009-08-30 05:29 . 2009-08-03 11:36   19096   ----a-w-   g:\windows\system32\drivers\mbam.sys
2009-08-20 04:56 . 2009-08-20 04:56   --------   d--h--w-   g:\windows\system32\GroupPolicy
2009-08-19 20:01 . 2009-08-19 20:01   --------   d-----w-   g:\programmi\Microsoft Silverlight
2009-08-19 16:26 . 2009-08-19 17:36   --------   d-----w-   g:\documents and settings\Deviltry\Dati applicazioni\Scribus
2009-08-19 16:25 . 2009-08-19 16:26   --------   d-----w-   g:\programmi\Scribus 1.3.5.1
2009-08-19 15:15 . 2009-08-19 15:15   --------   d-----w-   g:\programmi\JRE
2009-08-16 21:17 . 2009-08-17 14:07   --------   d-----w-   g:\windows\SxsCaPendDel
2009-08-13 19:53 . 2009-08-13 19:53   41872   ----a-w-   g:\windows\system32\xfcodec.dll
2009-08-13 01:36 . 2009-07-10 13:26   1315328   -c----w-   g:\windows\system32\dllcache\msoe.dll
2009-08-05 23:29 . 2009-08-05 23:29   --------   d-----w-   g:\programmi\Ontrack
2009-08-05 08:59 . 2009-08-05 08:59   205312   -c----w-   g:\windows\system32\dllcache\mswebdvd.dll
2009-08-02 11:03 . 2009-08-02 11:03   --------   d-----w-   g:\windows\system32\ivtMobCache

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-31 17:46 . 2009-03-13 00:48   --------   d-----w-   g:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-08-30 22:32 . 2008-08-17 01:26   --------   d---a-w-   g:\documents and settings\All Users\Dati applicazioni\TEMP
2009-08-30 04:57 . 2008-10-20 12:05   1   ----a-w-   g:\documents and settings\Deviltry\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-08-27 23:23 . 2009-07-10 17:27   --------   d-----w-   g:\documents and settings\Deviltry\Dati applicazioni\Xfire
2009-08-27 21:01 . 2008-08-17 09:18   --------   d-----w-   g:\documents and settings\All Users\Dati applicazioni\DVD Shrink
2009-08-25 03:30 . 2007-10-29 12:00   579584   ------w-   g:\windows\system32\user32.dll
2009-08-20 01:47 . 2008-08-12 00:59   61168   ----a-w-   g:\documents and settings\Deviltry\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-08-19 15:15 . 2008-10-20 11:59   --------   d-----w-   g:\programmi\OpenOffice.org 3
2009-08-19 04:52 . 2009-07-10 17:27   --------   d-----w-   g:\programmi\Xfire
2009-08-18 17:12 . 2009-04-16 18:28   --------   d-----w-   g:\documents and settings\Deviltry\Dati applicazioni\Canon
2009-08-18 16:39 . 2008-08-17 08:41   --------   d-----w-   g:\documents and settings\Deviltry\Dati applicazioni\Vso
2009-08-16 21:22 . 2007-10-29 12:00   76598   ----a-w-   g:\windows\system32\perfc010.dat
2009-08-16 21:22 . 2007-10-29 12:00   472228   ----a-w-   g:\windows\system32\perfh010.dat
2009-08-07 23:46 . 2008-11-15 06:43   --------   d-----w-   g:\documents and settings\All Users\Dati applicazioni\TrackMania
2009-08-05 23:29 . 2008-08-12 01:17   --------   d--h--w-   g:\programmi\InstallShield Installation Information
2009-08-05 08:59 . 2007-10-29 12:00   205312   ----a-w-   g:\windows\system32\mswebdvd.dll
2009-07-30 21:08 . 2009-07-30 21:08   --------   d-----w-   g:\documents and settings\NetworkService\Dati applicazioni\Xfire
2009-07-30 21:03 . 2009-07-30 21:02   --------   d-----w-   g:\documents and settings\Deviltry\Dati applicazioni\Download Manager
2009-07-24 01:40 . 2009-07-24 00:40   --------   d-----w-   g:\programmi\BlueSoleil
2009-07-17 19:01 . 2007-10-29 12:00   58880   ----a-w-   g:\windows\system32\atl.dll
2009-07-13 20:37 . 2008-08-13 05:42   --------   d-----w-   g:\documents and settings\All Users\Dati applicazioni\Installations
2009-07-13 20:37 . 2008-08-13 05:44   --------   d-----w-   g:\programmi\File comuni\Nokia
2009-07-13 20:37 . 2008-08-13 05:43   --------   d-----w-   g:\programmi\Nokia
2009-07-13 20:36 . 2009-07-13 20:36   36864   ----a-w-   g:\documents and settings\All Users\Dati applicazioni\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\Sleep.exe
2009-07-13 20:36 . 2009-07-13 20:36   3351812   ----a-w-   g:\documents and settings\All Users\Dati applicazioni\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\msxml6Exec.exe
2009-07-13 20:36 . 2009-07-13 20:36   3181612   ----a-w-   g:\documents and settings\All Users\Dati applicazioni\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\vcredistExec.exe
2009-07-13 20:36 . 2009-07-13 20:36   24384200   ----a-w-   g:\documents and settings\All Users\Dati applicazioni\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\NokiaSoftwareUpdaterSetup_1.6.13IT.exe
2009-07-13 20:31 . 2008-08-13 05:49   --------   d-----w-   g:\documents and settings\Deviltry\Dati applicazioni\Nokia
2009-07-13 20:19 . 2009-07-13 20:19   --------   d-----w-   g:\programmi\File comuni\PCSuite
2009-07-13 20:17 . 2008-08-13 05:44   --------   d-----w-   g:\programmi\DIFX
2009-07-13 20:17 . 2009-07-13 20:17   --------   d-----w-   g:\programmi\PC Connectivity Solution
2009-07-13 20:00 . 2009-07-13 20:00   95232   ----a-w-   g:\documents and settings\All Users\Dati applicazioni\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-07-13 20:00 . 2009-07-13 20:00   8192   ----a-w-   g:\documents and settings\All Users\Dati applicazioni\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-07-13 20:00 . 2009-07-13 20:00   61440   ----a-w-   g:\documents and settings\All Users\Dati applicazioni\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-07-13 20:00 . 2009-07-13 20:00   10240   ----a-w-   g:\documents and settings\All Users\Dati applicazioni\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-07-13 20:00 . 2009-07-13 20:00   33853800   ----a-w-   g:\documents and settings\All Users\Dati applicazioni\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_ita.exe
2009-07-13 08:08 . 2007-10-29 12:00   286720   ----a-w-   g:\windows\system32\wmpdxm.dll
2009-07-10 18:20 . 2009-07-10 18:20   --------   d-----w-   g:\programmi\games
2009-07-10 17:31 . 2009-07-10 17:31   --------   d-----w-   g:\documents and settings\LocalService\Dati applicazioni\Xfire
2009-07-06 18:27 . 2009-07-06 18:27   --------   d-----w-   g:\programmi\7-Zip
2009-07-03 16:55 . 2007-10-29 12:00   915456   ------w-   g:\windows\system32\wininet.dll
2009-06-25 08:25 . 2007-10-29 12:00   735744   ----a-w-   g:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2007-10-29 12:00   56832   ----a-w-   g:\windows\system32\secur32.dll
2009-06-25 08:25 . 2007-10-29 12:00   54272   ----a-w-   g:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2007-10-29 12:00   301568   ----a-w-   g:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2007-10-29 12:00   147456   ----a-w-   g:\windows\system32\schannel.dll
2009-06-25 08:25 . 2007-10-29 12:00   136192   ----a-w-   g:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2007-10-29 12:00   92928   ----a-w-   g:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2007-10-29 12:00   81920   ----a-w-   g:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2007-10-29 12:00   119808   ----a-w-   g:\windows\system32\t2embed.dll
2009-06-15 10:43 . 2007-10-29 12:00   78336   ----a-w-   g:\windows\system32\telnet.exe
2009-06-15 10:43 . 2007-10-29 12:00   82432   ----a-w-   g:\windows\system32\tlntsess.exe
2009-06-10 14:13 . 2007-10-29 12:00   85504   ----a-w-   g:\windows\system32\avifil32.dll
2009-06-10 07:19 . 2008-08-12 00:48   2066432   ----a-w-   g:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2007-10-29 12:00   132096   ----a-w-   g:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2007-10-29 12:00   1296384   ----a-w-   g:\windows\system32\quartz.dll
2006-10-11 08:04 . 2008-08-23 03:17   61036   ----a-w-   g:\programmi\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2008-08-23 03:17   48742   ----a-w-   g:\programmi\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2008-08-23 03:17   29313   ----a-w-   g:\programmi\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2008-08-23 03:17   41082   ----a-w-   g:\programmi\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2008-08-23 03:17   166510   ----a-w-   g:\programmi\mozilla firefox\components\xpinstal.dll
2006-05-03 10:06 . 2009-02-16 21:18   163328   --sh--r-   g:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2009-02-16 21:18   31232   --sh--r-   g:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2009-02-16 21:18   216064   --sh--r-   g:\windows\system32\nbDX.dll
.

------- Sigcheck -------

[-] 2008-08-12 03:23   509440   E66062DF04DE1F01C6BC484468B65D22   g:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2008-04-14 02:14   510464   9259170D29B5A256735FCB8B80280857   g:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-09-09 08:38   510464   90F406811EE1EEE294792D00E21CA16C   g:\windows\system32\winlogon.exe

[7] 2007-10-29 12:00   4224   DA1F27D85E0D1525F6621372E7B685E9   g:\windows\system32\dllcache\beep.sys

g:\windows\system32\drivers\beep.sys ... è mancante !!
.
(((((((((((((((((((((((((((((   SnapShot@2009-08-30_05.12.01   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-31 19:15 . 2009-08-31 19:15   16384              g:\windows\temp\Perflib_Perfdata_384.dat
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="g:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"D066UUtility"="g:\windows\TWAIN_32\D66U\D066UUTY.EXE" [2000-07-06 32768]
"nod32kui"="g:\programmi\Eset\nod32kui.exe" [2008-08-15 949376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="g:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"MySpaceIM"="g:\programmi\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

g:\documents and settings\Deviltry\Menu Avvio\Programmi\Esecuzione automatica\
Collegamento a html2pop3.exe.lnk - g:\programmi\utili\htmltopop3\html2pop3.exe [2008-8-13 111104]
Collegamento a LOGI_MWX.EXE.lnk - g:\programmi\Logitech\MouseWare\Drivers\Win2k_XP\LOGI_MWX.EXE [2008-8-12 19968]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\beep.sys]
@="beep"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"g:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"g:\\Programmi\\SecondLife\\SLVoice.exe"=
"g:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"g:\\Programmi\\Microsoft ActiveSync\\WCESMgr.exe"=
"g:\\Programmi\\Microsoft ActiveSync\\wcescomm.exe"=
"g:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"g:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"g:\\Programmi\\Synergy\\synergys.exe"=
"g:\\Programmi\\TmNationsForever\\TmForever.exe"=
"g:\\Programmi\\TmUnitedForever\\TmForever.exe"=
"g:\\Programmi\\Messenger\\msmsgs.exe"=
"g:\\Programmi\\Goa\\PangYa_Eu\\update_eu.exe"=
"g:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"g:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"g:\\Programmi\\BlueSoleil\\BlueSoleilCS.exe"=
"g:\\Programmi\\MySpace\\IM\\MySpaceIM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20001:UDP"= 20001:UDP:MicroSAN

R0 BtHidBus;Bluetooth HID Bus Service;g:\windows\system32\drivers\BtHidBus.sys [07/01/2009 23.39.36 20744]
R0 viasraid;viasraid;g:\windows\system32\drivers\viasraid.sys [12/08/2008 3.35.29 77312]
R0 ZetSFD;ZetSFD;g:\windows\system32\drivers\ZetSFD.sys [12/08/2008 3.40.30 12800]
R1 Asapi;Asapi;g:\windows\system32\drivers\asapi.sys [17/08/2008 13.56.08 10240]
R1 nod32drv;nod32drv;g:\windows\system32\drivers\nod32drv.sys [15/08/2008 5.04.21 15424]
R2 BsMobileCS;BsMobileCS;g:\programmi\BlueSoleil\BsMobileCS.exe [27/02/2009 16.40.48 143467]
R2 SFSZ;DataPlow SFS for Zetera Storage Devices;g:\windows\system32\drivers\sfsz.sys [12/08/2008 3.40.29 345984]
R2 Synergy Server;Synergy Server;g:\programmi\Synergy\synergys.exe [02/04/2006 22.20.16 733184]
R2 Z-SANService;Z-SAN Service;g:\programmi\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe [12/08/2008 3.40.27 376891]
R3 btnetBUs;Bluetooth PAN Bus Service;g:\windows\system32\drivers\btnetBus.sys [07/12/2008 12.44.54 30088]
R3 DynCal;Dynamic Calibration Service;g:\windows\system32\drivers\DynCal.sys [26/10/2001 17.37.04 13946]
R3 IvtBtBUs;IVT Bluetooth Bus Service;g:\windows\system32\drivers\IvtBtBus.sys [02/07/2008 14.58.48 26248]
R3 KbGhost;RulingTec Keyboard Emulator;g:\windows\system32\drivers\KbGhost.sys [13/11/2001 16.29.24 4372]
R3 PSXGamepadEnabler;Psx Hid to Gamepad Port Enabler;g:\windows\system32\drivers\psxpad.sys [10/01/2009 16.07.35 12160]
R3 PsxPortEnumerator;Psx Port Enumerator;g:\windows\system32\drivers\psxenum.sys [10/01/2009 16.07.35 16896]
R3 ZetBus;Zetera Virtual Bus;g:\windows\system32\drivers\ZetBus.sys [12/08/2008 3.40.27 15488]
R3 ZetMPD;ZetMPD;g:\windows\system32\drivers\ZetMPD.sys [12/08/2008 3.40.30 5120]
S2 gupdate1c9a37585a2d6f4;Servizio di Google Update (gupdate1c9a37585a2d6f4);g:\programmi\Google\Update\GoogleUpdate.exe [13/03/2009 2.49.07 133104]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;g:\windows\system32\drivers\nmwcdnsu.sys [13/07/2009 22.16.45 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;g:\windows\system32\drivers\nmwcdnsuc.sys [13/07/2009 22.16.46 8320]
S3 npggsvc;nProtect GameGuard Service;g:\windows\system32\GameMon.des -service --> g:\windows\system32\GameMon.des -service [?]
S3 udfpt;udfpt;g:\windows\system32\drivers\udfpt.sys --> g:\windows\system32\drivers\udfpt.sys [?]
S3 USBVSP;USBVSP;g:\windows\system32\drivers\usbvsp.sys [28/04/2009 19.24.22 89728]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"g:\windows\system32\rundll32.exe" "g:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-08-31 g:\windows\Tasks\Google Software Updater.job
- g:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-12 20:42]

2009-08-31 g:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- g:\programmi\Google\Update\GoogleUpdate.exe [2009-03-13 00:49]

2009-08-31 g:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- g:\programmi\Google\Update\GoogleUpdate.exe [2009-03-13 00:49]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = localhost
IE: Add to Google Photos Screensa&ver - g:\windows\system32\GPhotos.scr/200
IE: Invia tramite Bluetooth - g:\programmi\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Invia usando Messaggio(&M)... - g:\programmi\BlueSoleil\TransSend\IE\tssms.htm
LSP: g:\windows\system32\imon.dll
DPF: Microsoft XML Parser for Java - file:///G:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - g:\documents and settings\Deviltry\Dati applicazioni\Mozilla\Firefox\Profiles\pp9bhtqs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - component: g:\programmi\Mozilla Firefox\components\xpinstal.dll
FF - component: g:\programmi\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: g:\programmi\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: g:\programmi\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - g:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-31 21:15
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="g:\windows\system32\GameMon.des -service"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(732)
g:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(792)
g:\windows\system32\relog_ap.dll
g:\windows\system32\imon.dll
g:\programmi\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(2212)
g:\windows\system32\WININET.dll
g:\programmi\Logitech\MouseWare\System\LgWndHk.dll
g:\progra~1\WINDOW~2\wmpband.dll
g:\programmi\Synergy\synrgyhk.dll
g:\programmi\File comuni\Logitech\Scrolling\LgMsgHk.dll
g:\windows\system32\webcheck.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
g:\windows\system32\ati2evxx.exe
g:\windows\system32\ati2evxx.exe
g:\programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe
g:\programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
g:\programmi\File comuni\Maxtor\Schedule2\schedul2.exe
g:\programmi\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
g:\programmi\BlueSoleil\BlueSoleilCS.exe
g:\programmi\Logitech\MouseWare\system\EM_EXEC.EXE
g:\programmi\Java\jre6\bin\jqs.exe
g:\programmi\File comuni\logishrd\LVCOMSER\LVComSer.exe
g:\programmi\ESET\nod32krn.exe
g:\programmi\Analog Devices\SoundMAX\SMAgent.exe
g:\windows\system32\wdfmgr.exe
g:\programmi\BlueSoleil\BsHelpCS.exe
g:\programmi\File comuni\logishrd\LVCOMSER\LVComSer.exe
.
**************************************************************************
.
Ora fine scansione: 2009-08-31 21.23.08 - Il pc è stato riavviato
ComboFix-quarantined-files.txt  2009-08-31 19:22
ComboFix2.txt  2009-08-30 05:14

Pre-Run: 18.176.368.640 byte disponibili
Post-Run: 18.044.428.288 byte disponibili

263   --- E O F ---   2009-08-27 21:24
Se più gente trattasse la gente con favor, avremmo meno gente difficile e più gente di cuor.
Avatar utente
deviltry
Utente Senior
 
Post: 1672
Iscritto il: 04/02/02 01:00
Località: vercelli

Re: user32.dll win32/pinit

Postdi Luke57 » 01/09/09 07:09

Ciao, adesso il report pare a posto.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10


Torna a Sicurezza e Privacy


Topic correlati a "user32.dll win32/pinit":

trojan win32/sirefef
Autore: marzianu
Forum: Sicurezza e Privacy
Risposte: 27
win32/sinowal.gen!y
Autore: diego78
Forum: Sicurezza e Privacy
Risposte: 15

Chi c’è in linea

Visitano il forum: Nessuno e 12 ospiti