Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Nuova versione di Bagle?

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Nuova versione di Bagle?

Messaggioda LoveDreamer » lun dic 31, 2007 10:26 am

Buongiorno, e visto che ci siamo buon anno a tutti.
Sono nuovo del forum e dato che mi sono imbattuto anche io in un simpatico "rootkit" ho deciso di chiedere un vostro preziosissimo supporto.
Vi allego il log di HJ e dell'online scanner di KAV:

------------------ HJ-------------------

Logfile of HijackThis v1.99.1
Scan saved at 10.21.36, on 31/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programmi\Acronis\TrueImageWorkstation\TrueImageMonitor.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Acronis\TrueImageWorkstation\TimounterMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\Programmi\DU Meter\DUMeter.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Programmi\K9\K9.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programmi\DU Meter\DUMeterSvc.exe
C:\Programmi\FreePOPs\freepopsservice.exe
C:\Programmi\FreePOPs\freepopsd.exe
C:\Programmi\No-IP\DUC20.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\UltraVNC\WinVNC.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE
C:\Documents and Settings\LoveDreamer\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [WinVNC] "C:\Programmi\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programmi\Acronis\TrueImageWorkstation\TrueImageMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Programmi\Creative SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programmi\Acronis\TrueImageWorkstation\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hldrrr.exe
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe

O4 - HKCU\..\Run: [DU Meter] C:\Programmi\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - Startup: Launch K9.lnk = C:\Programmi\K9\K9.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8882443468
O17 - HKLM\System\CCS\Services\Tcpip\..\{058D4079-20AF-44CD-9BD4-BFEDFC556EC6}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{058D4079-20AF-44CD-9BD4-BFEDFC556EC6}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{058D4079-20AF-44CD-9BD4-BFEDFC556EC6}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Programmi\DU Meter\DUMeterSvc.exe
O23 - Service: FreePOPs - Unknown owner - C:\Programmi\FreePOPs\freepopsservice.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Programmi\No-IP\DUC20.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Update Center (Windows Update Center) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing)
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Programmi\UltraVNC\WinVNC.exe" -service (file missing)

----------------------------- KAV --------------------------------

Monday, December 31, 2007 10:01:08 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 31/12/2007
Kaspersky Anti-Virus database records: 500579
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
H:\
I:\
Scan Statistics
Total number of scanned objects 75054
Number of viruses found 23
Number of infected objects 57
Number of suspicious objects 0
Duration of the scan process 01:51:50

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Hagel Technologies\DU Meter\DUMeter.sqb Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LoveDreamer\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LoveDreamer\Dati applicazioni\K9\Emails\DB\debug.txt Object is locked skipped
C:\Documents and Settings\LoveDreamer\Dati applicazioni\K9\Emails\DB\ProxyLog.txt Object is locked skipped
C:\Documents and Settings\LoveDreamer\Dati applicazioni\K9\Emails\DB\sessions.txt Object is locked skipped
C:\Documents and Settings\LoveDreamer\Desktop\Documenti LoveDreamer\Impostazioni locali\Temp\stdmemio.sys Infected: Rootkit.Win32.Small.b skipped
C:\Documents and Settings\LoveDreamer\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LoveDreamer\Impostazioni locali\Cronologia\History.IE5\MSHist012007123120080101\index.dat Object is locked skipped
C:\Documents and Settings\LoveDreamer\Impostazioni locali\Dati applicazioni\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\LoveDreamer\Impostazioni locali\Dati applicazioni\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\LoveDreamer\Impostazioni locali\Dati applicazioni\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\LoveDreamer\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LoveDreamer\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LoveDreamer\Impostazioni locali\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\LoveDreamer\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LoveDreamer\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LoveDreamer\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LoveDreamer\UserData\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Programmi\FreePOPs\log.txt Object is locked skipped
C:\Programmi\FreePOPs\stderr.txt Object is locked skipped
C:\Programmi\FreePOPs\stdout.txt Object is locked skipped
C:\Programmi\No-IP\Service.log Object is locked skipped
C:\Programmi\UltraVNC\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
C:\Programmi\UltraVNC\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped
C:\Programmi\UltraVNC\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_528.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
D:\Archivio\Programmi\Comunication\UltraVNC-102-Setup.exe/file04 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
D:\Archivio\Programmi\Comunication\UltraVNC-102-Setup.exe/file05 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
D:\Archivio\Programmi\Comunication\UltraVNC-102-Setup.exe/file34 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped
D:\Archivio\Programmi\Comunication\UltraVNC-102-Setup.exe Inno: infected - 3 skipped
D:\Archivio\Programmi\Copy\Nero.Ultra.Edition.v8.0.3.0.MULTILANGUAGE.rar/Setup/Nero PhotoShow Express/nero_photoshow_express_5_setup.exe/data0017 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
D:\Archivio\Programmi\Copy\Nero.Ultra.Edition.v8.0.3.0.MULTILANGUAGE.rar/Setup/Nero PhotoShow Express/nero_photoshow_express_5_setup.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
D:\Archivio\Programmi\Copy\Nero.Ultra.Edition.v8.0.3.0.MULTILANGUAGE.rar/Setup/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
D:\Archivio\Programmi\Copy\Nero.Ultra.Edition.v8.0.3.0.MULTILANGUAGE.rar RAR: infected - 3 skipped
D:\Archivio\Programmi\Internet\Chat\BDevil5.exe/bdevil.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.602 skipped
D:\Archivio\Programmi\Internet\Chat\BDevil5.exe Vise: infected - 1 skipped
D:\Archivio\Programmi\Internet\Chat\mIRC_v6.12.zip/mirc612.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.612 skipped
D:\Archivio\Programmi\Internet\Chat\mIRC_v6.12.zip/mirc612.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.612 skipped
D:\Archivio\Programmi\Internet\Chat\mIRC_v6.12.zip ZIP: infected - 2 skipped
D:\Archivio\Programmi\iPod\Data Doctor Recovery Ipod 2.0.1.5.zip/Data Doctor Recovery iPod 2.0.1.5.exe Infected: Email-Worm.Win32.Bagle.hp skipped
D:\Archivio\Programmi\iPod\Data Doctor Recovery Ipod 2.0.1.5.zip ZIP: infected - 1 skipped
D:\Archivio\Programmi\Mix\Programas Exclusivos Para Dj (Dss Dj 5.0, Mixvibes, Soundforge, Goldwave, Tracktor E Outros).rar/Programas exclusivos para DJ/PCDJ Silver Mixmaster/PCDJ Silver Mixmaster.exe Infected: not-a-virus:AdWare.Win32.TimeSink.d skipped
D:\Archivio\Programmi\Mix\Programas Exclusivos Para Dj (Dss Dj 5.0, Mixvibes, Soundforge, Goldwave, Tracktor E Outros).rar RAR: infected - 1 skipped
D:\Archivio\Programmi\Passwords Tools\Advanced Password Recovery - (Ace,Excel,Pdf,Zip,Icq,Rar,Access,Office,Outlook).rar/AdvPassw/Advanced Rar Password Recovery v1.11/DISTINCT.RAR/setup.exe/WISE0039.BIN Infected: not-a-virus:PSWTool.Win32.OEPass.b skipped
D:\Archivio\Programmi\Passwords Tools\Advanced Password Recovery - (Ace,Excel,Pdf,Zip,Icq,Rar,Access,Office,Outlook).rar/AdvPassw/Advanced Rar Password Recovery v1.11/DISTINCT.RAR/setup.exe Infected: not-a-virus:PSWTool.Win32.OEPass.b skipped
D:\Archivio\Programmi\Passwords Tools\Advanced Password Recovery - (Ace,Excel,Pdf,Zip,Icq,Rar,Access,Office,Outlook).rar/AdvPassw/Advanced Rar Password Recovery v1.11/DISTINCT.RAR Infected: not-a-virus:PSWTool.Win32.OEPass.b skipped
D:\Archivio\Programmi\Passwords Tools\Advanced Password Recovery - (Ace,Excel,Pdf,Zip,Icq,Rar,Access,Office,Outlook).rar RAR: infected - 3 skipped
D:\Archivio\Programmi\Sistema\RevelationV2.zip/SetupRevelationV2.exe/WISE0012.BIN Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
D:\Archivio\Programmi\Sistema\RevelationV2.zip/SetupRevelationV2.exe/WISE0013.BIN Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
D:\Archivio\Programmi\Sistema\RevelationV2.zip/SetupRevelationV2.exe Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
D:\Archivio\Programmi\Sistema\RevelationV2.zip ZIP: infected - 3 skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/Realtime Spy/realtimespysetup.exe/RTS.exe Infected: Trojan-Downloader.Win32.SpyAgent.a skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/Realtime Spy/realtimespysetup.exe/RTSConfig.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.g skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/Realtime Spy/realtimespysetup.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.g skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/Spy Agent v4.3/SpyAgent4.exe/SystemSA32.dll Infected: not-a-virus:Monitor.Win32.SpyAgent.b skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/Spy Agent v4.3/SpyAgent4.exe/Deploy.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.43302 skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/Spy Agent v4.3/SpyAgent4.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.43302 skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/SpyAnywhere v2.12/fullspyanywhere.exe/NoServer.exe Infected: not-a-virus:RemoteAdmin.Win32.SpyAnywhere.e skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/SpyAnywhere v2.12/fullspyanywhere.exe Infected: not-a-virus:RemoteAdmin.Win32.SpyAnywhere.e skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/Spytech Security 2003/SW2003.exe/SpyAgent4.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.44103 skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/Spytech Security 2003/SW2003.exe/Deploy.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.43302 skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/Spytech Security 2003/SW2003.exe/SystemSA32.dll Infected: not-a-virus:Monitor.Win32.SpyAgent.44103 skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/Spytech Security 2003/SW2003.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.44103 skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/SpyTech NetVizor v4.00.04/NVClientInstallTrial.exe/SystemSA32N.dll Infected: not-a-virus:Monitor.Win32.SpyAgent.c skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/SpyTech NetVizor v4.00.04/NVClientInstallTrial.exe/NTInvisible.dll Infected: not-a-virus:Monitor.Win32.SpyAgent.44103 skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/SpyTech NetVizor v4.00.04/NVClientInstallTrial.exe/svchost.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.d skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/SpyTech NetVizor v4.00.04/NVClientInstallTrial.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.d skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/SpyTech NetVizor v4.00.04/NVViewerInstall.exe/sbrowse.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.50003 skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/SpyTech NetVizor v4.00.04/NVViewerInstall.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.50003 skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/Spytech Spyagent 5.35/SpyAgent5FULL.exe/SystemSA32.dll Infected: not-a-virus:Monitor.Win32.SpyAgent.g skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/Spytech Spyagent 5.35/SpyAgent5FULL.exe/Deploy.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.h skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/Spytech Spyagent 5.35/SpyAgent5FULL.exe/NoStealth.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.60006 skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/Spytech Spyagent 5.35/SpyAgent5FULL.exe/YahooDLL.dll Infected: not-a-virus:Monitor.Win32.SpyAgent.f skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/Spytech Spyagent 5.35/SpyAgent5FULL.exe/sbrowse.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.g skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/Spytech Spyagent 5.35/SpyAgent5FULL.exe/NTInvisible.dll Infected: not-a-virus:Monitor.Win32.SpyAgent.44103 skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/Spytech Spyagent 5.35/SpyAgent5FULL.exe/driver-setup.exe Infected: Trojan.Win32.Pakes skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/Spytech Spyagent 5.35/SpyAgent5FULL.exe/svchost.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.50003 skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/Spytech Spyagent 5.35/SpyAgent5FULL.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.50003 skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar RAR: infected - 27 skipped
Scan process completed.
----------------------------------------------------------------------

Non fate troppo caso a tutti gli altri "virus" rilevati. Quelli sono "innoqui"!
Io direi che le voci interessanti sono quelle che ho evidenziato in grassetto.

Il comportamento è sempre il medesimo del Bagle.
- Disinstallazione dell'antivirus
- Impossibilità di reinstallazione di qualsiasi sw. per la sicurezza
- Windows Installer che va in loop dando l'errore 1304 "errore permessi"

Premetto che ho già tentato di esegiure un bel po' di script con The Avenger" da voi postati ma senza esito [cry+]
Vi prego di farmi avere uno script che mi permetta di eliminare questo bastar***!!!!
Grazie 1000 per l'aiuto che sono sicurissimo non esiterete a darmi.
Ciao ciao a tutti [:)]
Ultima modifica di LoveDreamer il lun dic 31, 2007 10:49 am, modificato 1 volta in totale.
/_/_/_/_/_/_/_/ LoveDreamer /_/_/_/_/_/_/_/
Avatar utente
LoveDreamer
Neo Iscritto
Neo Iscritto
 
Messaggi: 6
Iscritto il: lun dic 31, 2007 10:10 am

Re: Nuova versione di Bagle?

Messaggioda crazy.cat » lun dic 31, 2007 10:47 am

Disattiva il ripristino della configurazione e lo riattivi solo alla fine delle pulizie
http://www.MegaLab.it/2330

rifai la scansione con hijackthis, selezioni le caselle di queste due irghe e premi fix checked per eliminarle.
O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hldrrr.exe
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe

Poi prova questo script
Codice: Seleziona tutto
Files to delete:
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\hldrrr.exe
C:\WINDOWS\system32\trusted.exe
C:\WINDOWS\system32\drivers\pci32.sys
C:\windows\system32\drivers\hldrrr.exe
C:\Documents and Settings\LoveDreamer\Desktop\Documenti LoveDreamer\Impostazioni locali\Temp\stdmemio.sys
D:\Archivio\Programmi\iPod\Data Doctor Recovery Ipod 2.0.1.5.zip
D:\Archivio\Programmi\Spy\Spy Agent.rar

folders to delete:
C:\WINDOWS\exefnd
C:\WINDOWS\exefld

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\CurrentControlSet\Services\pci32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32


al riavvio ti esce un txt e ne posti qui il contenuto.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda LoveDreamer » lun dic 31, 2007 11:04 am

Ho fixato le chiavi che mi hai detto con HJ, ma se effettuo subito dopo una nuova scansione quelle chiavi sono ancora presenti.
Ho eseguito lo script che mi hai dato e questo è il log:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\gonyqitn

*******************

Script file located at: \??\C:\WINDOWS\yguymldw.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\drivers\hidr.exe not found!
Deletion of file C:\WINDOWS\system32\drivers\hidr.exe failed!

Could not process line:
C:\WINDOWS\system32\drivers\hidr.exe
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\srosa.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\srosa.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\srosa.sys
Status: 0xc0000034



File C:\WINDOWS\system32\wintems.exe not found!
Deletion of file C:\WINDOWS\system32\wintems.exe failed!

Could not process line:
C:\WINDOWS\system32\wintems.exe
Status: 0xc0000034



File C:\WINDOWS\system32\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\hldrrr.exe failed!

Could not process line:
C:\WINDOWS\system32\hldrrr.exe
Status: 0xc0000034



File C:\WINDOWS\system32\trusted.exe not found!
Deletion of file C:\WINDOWS\system32\trusted.exe failed!

Could not process line:
C:\WINDOWS\system32\trusted.exe
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\pci32.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\pci32.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\pci32.sys
Status: 0xc0000034



File C:\windows\system32\drivers\hldrrr.exe not found!
Deletion of file C:\windows\system32\drivers\hldrrr.exe failed!

Could not process line:
C:\windows\system32\drivers\hldrrr.exe
Status: 0xc0000034

File C:\Documents and Settings\LoveDreamer\Desktop\Documenti LoveDreamer\Impostazioni locali\Temp\stdmemio.sys deleted successfully.
File D:\Archivio\Programmi\iPod\Data Doctor Recovery Ipod 2.0.1.5.zip deleted successfully.
File D:\Archivio\Programmi\Spy\Spy Agent.rar deleted successfully.


Folder C:\WINDOWS\exefnd not found!
Deletion of folder C:\WINDOWS\exefnd failed!

Could not process line:
C:\WINDOWS\exefnd
Status: 0xc0000034



Folder C:\WINDOWS\exefld not found!
Deletion of folder C:\WINDOWS\exefld failed!

Could not process line:
C:\WINDOWS\exefld
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\pci32
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

----------------------------------------------------------------

Al riavvio ho anche trovato in avvio automatico un file (desktop.ini) che adesso è presente anche in start --> programmi
Ti posto il log:

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787

Purtroppo ancora non è stato debellato il rootkit, (impossibile installare AV, loop di Windows Installer ecc..) [cry+] [cry+] [cry+]

HELP!
Grazie ancora
/_/_/_/_/_/_/_/ LoveDreamer /_/_/_/_/_/_/_/
Avatar utente
LoveDreamer
Neo Iscritto
Neo Iscritto
 
Messaggi: 6
Iscritto il: lun dic 31, 2007 10:10 am


Messaggioda crazy.cat » lun dic 31, 2007 11:34 am

Fai una scansione con gmer, solo della sezione rootkit, ci arrivi premendo le doppie >> che ci sono nel programma.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda LoveDreamer » lun dic 31, 2007 11:45 am

Ecco il log:
Grazie [:)]
GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-12-31 11:47:42
Windows 5.1.2600 Service Pack 2


---- Kernel code sections - GMER 1.0.13 ----

? cbyqcler.sys Impossibile trovare il file specificato.

---- Devices - GMER 1.0.13 ----

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F78771DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F78771DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F786AF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F786AF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F786AF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F786AF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F786AF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F786AF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F786AF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F786AF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F786AF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F786AF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F786AF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F7877454] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F786AF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F786AF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F786AF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F786AF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F786AF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F78771DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F786AF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F786AF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F786AF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F786AF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F786AF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F786AF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F786AF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F789BA96] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F789B306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F789B306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F789B958] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F789B306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F789B306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F789B306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F789B306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F789B306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F789B306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F789B306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F789B306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F789B306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F789BDA8] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F789B306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F789B306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F789B306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F789B306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F789B306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F789B306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F789B306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F789B306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F789B306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F789B306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F789B306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F789B306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F789B306] SiWinAcc.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE_NAMED_PIPE [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLOSE [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_INFORMATION [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_INFORMATION [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_EA [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_EA [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_VOLUME_INFORMATION [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_VOLUME_INFORMATION [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DIRECTORY_CONTROL [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FILE_SYSTEM_CONTROL [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_LOCK_CONTROL [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE_MAILSLOT [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_SECURITY [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_SECURITY [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CHANGE [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_QUOTA [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_QUOTA [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE_NAMED_PIPE [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLOSE [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_INFORMATION [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_INFORMATION [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_EA [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_EA [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_VOLUME_INFORMATION [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_VOLUME_INFORMATION [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DIRECTORY_CONTROL [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FILE_SYSTEM_CONTROL [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_LOCK_CONTROL [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE_MAILSLOT [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_SECURITY [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_SECURITY [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CHANGE [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_QUOTA [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_QUOTA [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE_NAMED_PIPE [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLOSE [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_QUERY_INFORMATION [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SET_INFORMATION [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_QUERY_EA [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SET_EA [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_QUERY_VOLUME_INFORMATION [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SET_VOLUME_INFORMATION [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DIRECTORY_CONTROL [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FILE_SYSTEM_CONTROL [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_LOCK_CONTROL [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE_MAILSLOT [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_QUERY_SECURITY [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SET_SECURITY [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CHANGE [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_QUERY_QUOTA [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SET_QUOTA [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE_NAMED_PIPE [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLOSE [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_QUERY_INFORMATION [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SET_INFORMATION [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_QUERY_EA [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SET_EA [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_QUERY_VOLUME_INFORMATION [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SET_VOLUME_INFORMATION [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DIRECTORY_CONTROL [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FILE_SYSTEM_CONTROL [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_LOCK_CONTROL [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE_MAILSLOT [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_QUERY_SECURITY [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SET_SECURITY [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CHANGE [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_QUERY_QUOTA [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SET_QUOTA [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE_NAMED_PIPE [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLOSE [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_QUERY_INFORMATION [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SET_INFORMATION [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_QUERY_EA [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SET_EA [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_QUERY_VOLUME_INFORMATION [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SET_VOLUME_INFORMATION [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DIRECTORY_CONTROL [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FILE_SYSTEM_CONTROL [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_LOCK_CONTROL [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE_MAILSLOT [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_QUERY_SECURITY [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SET_SECURITY [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CHANGE [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_QUERY_QUOTA [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SET_QUOTA [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE_NAMED_PIPE [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLOSE [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_QUERY_INFORMATION [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SET_INFORMATION [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_QUERY_EA [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SET_EA [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_QUERY_VOLUME_INFORMATION [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SET_VOLUME_INFORMATION [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DIRECTORY_CONTROL [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FILE_SYSTEM_CONTROL [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_LOCK_CONTROL [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE_MAILSLOT [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_QUERY_SECURITY [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SET_SECURITY [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CHANGE [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_QUERY_QUOTA [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SET_QUOTA [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CREATE [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CREATE_NAMED_PIPE [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CLOSE [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_READ [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_WRITE [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_QUERY_INFORMATION [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SET_INFORMATION [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_QUERY_EA [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SET_EA [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_FLUSH_BUFFERS [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_QUERY_VOLUME_INFORMATION [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SET_VOLUME_INFORMATION [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_DIRECTORY_CONTROL [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_FILE_SYSTEM_CONTROL [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_DEVICE_CONTROL [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SHUTDOWN [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_LOCK_CONTROL [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CLEANUP [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CREATE_MAILSLOT [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_QUERY_SECURITY [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SET_SECURITY [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_POWER [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SYSTEM_CONTROL [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_DEVICE_CHANGE [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_QUERY_QUOTA [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SET_QUOTA [F7A48380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CREATE [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CREATE_NAMED_PIPE [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CLOSE [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_READ [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_WRITE [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_QUERY_INFORMATION [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SET_INFORMATION [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_QUERY_EA [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SET_EA [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_FLUSH_BUFFERS [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_QUERY_VOLUME_INFORMATION [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SET_VOLUME_INFORMATION [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_DIRECTORY_CONTROL [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_FILE_SYSTEM_CONTROL [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_DEVICE_CONTROL [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SHUTDOWN [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_LOCK_CONTROL [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CLEANUP [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CREATE_MAILSLOT [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_QUERY_SECURITY [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SET_SECURITY [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_POWER [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SYSTEM_CONTROL [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_DEVICE_CHANGE [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_QUERY_QUOTA [F7B0B6B0] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SET_QUOTA [F7B0B6B0] timntr.sys

---- EOF - GMER 1.0.13 ----
/_/_/_/_/_/_/_/ LoveDreamer /_/_/_/_/_/_/_/
Avatar utente
LoveDreamer
Neo Iscritto
Neo Iscritto
 
Messaggi: 6
Iscritto il: lun dic 31, 2007 10:10 am

Messaggioda crazy.cat » lun dic 31, 2007 12:00 pm

Hai sbagliato sezione.

Avvii gmer, c'è il pulsante con le tre >>> e passi in un altra sezione, trovi il pulsante rootkit e fai lo scan di quella zona, premi copy e poi incolli il risultato.
http://www.MegaLab.it/2675/2

controlla se trova dei file in rosso e magari segnati i nomi.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda LoveDreamer » lun dic 31, 2007 12:50 pm

Rieccomi [:)]
Io la scansione con avenger l'ho fatta seguendo le indicazioni che mi hai dato tu, comunque sia buone nuove (forse).
Il rootkit potrebbe essere stato debellato.
Dico poterbbe perché:
1) Sono riuscito a rimuovere SAVCE e a reinstallarlo correttamente. L'autoprotect parte senza problemi all'avvio.
2) HJ non mi rileva più quei processi "incriminati": (vedi nuovo log)
O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hldrrr.exe
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
3) L'unico problema è che purtroppo in modalità provvisoria ho sempre il blue screen [cry+]
...e adesso ?!?!?!?! [:)]
Grazie grazie grazie!!!!

-------------------------- HJ LOG--------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 12.48.32, on 31/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programmi\Acronis\TrueImageWorkstation\TrueImageMonitor.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Acronis\TrueImageWorkstation\TimounterMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\Programmi\DU Meter\DUMeter.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Programmi\K9\K9.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programmi\DU Meter\DUMeterSvc.exe
C:\Programmi\FreePOPs\freepopsservice.exe
C:\Programmi\FreePOPs\freepopsd.exe
C:\Programmi\No-IP\DUC20.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\UltraVNC\WinVNC.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Symantec AntiVirus\DefWatch.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\Symantec AntiVirus\Rtvscan.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Symantec AntiVirus\vptray.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\LoveDreamer\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [WinVNC] "C:\Programmi\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programmi\Acronis\TrueImageWorkstation\TrueImageMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Programmi\Creative SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programmi\Acronis\TrueImageWorkstation\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DU Meter] C:\Programmi\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - Startup: Launch K9.lnk = C:\Programmi\K9\K9.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8882443468
O17 - HKLM\System\CCS\Services\Tcpip\..\{058D4079-20AF-44CD-9BD4-BFEDFC556EC6}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{058D4079-20AF-44CD-9BD4-BFEDFC556EC6}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{058D4079-20AF-44CD-9BD4-BFEDFC556EC6}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programmi\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Programmi\DU Meter\DUMeterSvc.exe
O23 - Service: FreePOPs - Unknown owner - C:\Programmi\FreePOPs\freepopsservice.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Programmi\No-IP\DUC20.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programmi\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programmi\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Update Center (Windows Update Center) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing)
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Programmi\UltraVNC\WinVNC.exe" -service (file missing)

------------------------------------------------------------------------------------
/_/_/_/_/_/_/_/ LoveDreamer /_/_/_/_/_/_/_/
Avatar utente
LoveDreamer
Neo Iscritto
Neo Iscritto
 
Messaggi: 6
Iscritto il: lun dic 31, 2007 10:10 am

Messaggioda crazy.cat » lun dic 31, 2007 1:06 pm

scaricati questo fille reg, ci clicchi sopra due volte e confermi quando te lo chiede.
Riavvii e provi ad entrare in modalità provvisoria.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda LoveDreamer » lun dic 31, 2007 1:13 pm

Non vedo nessun file da scaricare [cry+]
/_/_/_/_/_/_/_/ LoveDreamer /_/_/_/_/_/_/_/
Avatar utente
LoveDreamer
Neo Iscritto
Neo Iscritto
 
Messaggi: 6
Iscritto il: lun dic 31, 2007 10:10 am

Messaggioda crazy.cat » lun dic 31, 2007 2:29 pm

hai ragione pure tu..

http://www.MegaLab.it/3250
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda LoveDreamer » lun dic 31, 2007 2:45 pm

che dire......
YEPPPAAAAAAAAAAAAAAAAAAAAAAAAAA [rotolo] [rotolo] [rotolo]
Adesso tutto funziona alla grande!!!!!
GRAZIE GRAZIE E ANCORA GRAZIEEEEEE

BUON ANNO A TUTTIIIIIIIII [applauso+]
/_/_/_/_/_/_/_/ LoveDreamer /_/_/_/_/_/_/_/
Avatar utente
LoveDreamer
Neo Iscritto
Neo Iscritto
 
Messaggi: 6
Iscritto il: lun dic 31, 2007 10:10 am


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 13 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising