View Full Version : Privilegi di amministratore disattivati
walterluca1
17-12-2010, 13:19
Ciao, dopo l'eliminazione di un virus che aveva disattivato il mio antivirus, mi sono ritrovato con i privilegi di amministratore disattivati. Ho windows 7, sono l'unico utente e amministratore e NON HO MAI DOVUTO dare conferma, per esempio per spostare un file in una cartella. Come se non li avessi piu'.
La cosa piu' ovvia che mi è venuta in mente è disattivare il controllo utente, non vorrei pero' che il virus fosse ancora attivo (anche se pensavo di averlo debellato) e aspetti solo che io disattivi il controllo utente per fare cio' che vuole.
E' possibile ripristinare i privilegi di amministratore come li ho sempre avuti?
Nicodemo Timoteo Taddeo
17-12-2010, 14:13
Visto che c'è di mezzo un malware, magari un bel rootkit ancora in esecuzione (provato Gmer?) e quindi non sapendo che cosa ha combinato, non posso dirti nulla di certo. Comunque il metodo per ripristinare i "Security Settings" in Windows 7, e altre versioni precedenti di windows, è quello di avviare il prompt (con account amministrativo quindi se non ti funziona l'esegui come è un problema), e lanciare la seguente stringa:
secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose
Puoi anche googlare per cercare conferme, sia mai che io sbagli qualcosa :read:
Ora quello che avevo da dirti l'ho fatto, la palla passa a te :)
Personalmente ritrovandomi il PC con a bordo una situazione del genere ed essendo diffidente per natura, formatterei e reinstallerei, oppure ricaricherei un backup della partizione di sistema fatto in precedenza preinfezione.
Saluti.
walterluca1
17-12-2010, 15:17
ciao, grazie mille della risposta tempestiva. Sto provando Gmer come hai detto tu, sto scansionado la C:\ e dopo se gmer crea un allegato lo posto. Non voglio neanche pensare a formatare perchè spero che non sia necessario.
Grazie per il consiglio di inserire la stringa nel cmd, che per forza (come Gmer) devo far partire da amministratore. Pero' lo ritengo un ultima chance perche dopo quello non si puo' tornare indietro.
Mi sono accorto che non ho punti di ripristino, forse cancellati da quel virus.
a fra poco con la scansione Gmer
ecco qua
Nicodemo Timoteo Taddeo
17-12-2010, 19:21
ciao, grazie mille della risposta tempestiva. Sto provando Gmer come hai detto tu, sto scansionado la C:\ e dopo se gmer crea un allegato lo posto.
Questo è il posto per postare il postat... ops il log di Gmer :)
http://www.hwupgrade.it/forum/showthread.php?t=1372589
Saluti.
walterluca1
17-12-2010, 19:55
grazie delle info
ecco il conclamato log
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-17 16:23:59
Windows 6.1.7600 Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-0 MAXTOR_STM3500320AS rev.MX15
Running: 188k24vg.exe; Driver: C:\Users\Walter\AppData\Local\Temp\kxryqpow.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x901ABBAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x901AB9D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x901ABB0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwSaveKeyEx + 13B1 830738E9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 830933B2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE ntoskrnl.exe!ZwLoadDriver 831DF124 7 Bytes JMP 901ABB10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 8321FD9F 5 Bytes JMP 901A75D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!RtlCompareUnicodeStrings + 50C 8324714A 5 Bytes JMP 901A9012 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!NtCreateSection 83290E75 7 Bytes JMP 901AB9D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8330F6FE 7 Bytes JMP 901ABBB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? System32\Drivers\spwk.sys Impossibile trovare il percorso specificato. !
.text USBPORT.SYS!DllUnload 922F0CA0 5 Bytes JMP 862171D8
.text aps968wy.SYS 90349000 2 Bytes [44, C8]
.text aps968wy.SYS 90349003 9 Bytes [83, EE, C6, 00, 83, A0, A7, ...] {SUB ESI, -0x3a; ADD [EBX-0x7cff5860], AL}
.text aps968wy.SYS 9034900D 9 Bytes [A7, 00, 83, 48, CB, 00, 83, ...] {CMPSD ; ADD [EBX-0x7cff34b8], AL; ADD [EAX], AL}
.text aps968wy.SYS 90349017 85 Bytes [00, DE, 47, B0, 89, E6, 45, ...]
.text aps968wy.SYS 9034906E 83 Bytes [07, 83, 50, 21, 09, 83, EC, ...]
.text ...
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA4464300, 0x3B6D8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA44A7300, 0x1BEE, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1712] kernel32.dll!SetUnhandledExceptionFilter 760B3142 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Mozilla Firefox\firefox.exe[1776] ntdll.dll!LdrLoadDll 77C6F585 5 Bytes JMP 013C13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Tunngle\TnglCtrl.exe[3144] ntdll.dll!DbgBreakPoint 77C43540 1 Byte [90]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5312] USER32.dll!TrackPopupMenu 770A4B3B 5 Bytes JMP 5C3F2342 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\pci.sys[ntoskrnl.exe!IoDetachDevice] [89A32DDC] \SystemRoot\System32\Drivers\spwk.sys
IAT \SystemRoot\system32\DRIVERS\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [89A32E30] \SystemRoot\System32\Drivers\spwk.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [89A08042] \SystemRoot\System32\Drivers\spwk.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [89A086D6] \SystemRoot\System32\Drivers\spwk.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [89A08800] \SystemRoot\System32\Drivers\spwk.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [89A0813E] \SystemRoot\System32\Drivers\spwk.sys
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[ataport.SYS!AtaPortNotification] 00147880
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[ataport.SYS!AtaPortStallExecution] C25DC033
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] [005AB7E8] \Windows\System32\autochk.exe (Auto Check Utility/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[ataport.SYS!AtaPortInitialize] 157B805E
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B
IAT \SystemRoot\System32\Drivers\aps968wy.SYS[NTOSKRNL.exe!KeTickCount] 78801875
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7487250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74872494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74855624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [748556E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74868573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74864D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [748650CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [748651A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [748666D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [748682CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74868819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7486907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7486E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1848] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74864C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2096] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75CB5D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2096] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75CB5D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2096] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75CB5D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2096] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75CB5D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8507A1F8
Device \FileSystem\fastfat \FatCdrom 8606C500
Device \Driver\volmgr \Device\VolMgrControl 850761F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{79EAFBA8-AED8-4F56-BCD4-45D265993702} 861371F8
Device \Driver\usbuhci \Device\USBPDO-0 862181F8
Device \Driver\usbuhci \Device\USBPDO-1 862181F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{118998DA-A708-44ED-A006-7C5C7AB03063} 861371F8
Device \Driver\usbuhci \Device\USBPDO-2 862181F8
Device \Driver\usbuhci \Device\USBPDO-3 862181F8
Device \Driver\usbehci \Device\USBPDO-4 863321F8
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\usbohci \Device\USBPDO-5 863751F8
Device \Driver\usbohci \Device\USBPDO-6 863751F8
Device \Driver\PCI_PNP7970 \Device\00000063 spwk.sys
Device \Driver\volmgr \Device\HarddiskVolume1 850761F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-7 863321F8
Device \Driver\ACPI_HAL \Device\00000058 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume2 850761F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom0 860B11F8
Device \Driver\atapi \Device\Ide\IdePort0 850781F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 850781F8
Device \Driver\atapi \Device\Ide\IdePort1 850781F8
Device \Driver\atapi \Device\Ide\IdePort2 850781F8
Device \Driver\atapi \Device\Ide\IdePort3 850781F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 850781F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-4 850781F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-6 850781F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-0 850781F8
Device \Driver\volmgr \Device\HarddiskVolume3 850761F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom1 860B11F8
Device \Driver\sptd \Device\112027970 spwk.sys
Device \Driver\volmgr \Device\HarddiskVolume4 850761F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom2 860B11F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 861371F8
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\usbuhci \Device\USBFDO-0 862181F8
Device \Driver\usbuhci \Device\USBFDO-1 862181F8
Device \Driver\usbuhci \Device\USBFDO-2 862181F8
Device \Driver\usbuhci \Device\USBFDO-3 862181F8
Device \Driver\usbehci \Device\USBFDO-4 863321F8
Device \Driver\usbohci \Device\USBFDO-5 863751F8
Device \Driver\usbohci \Device\USBFDO-6 863751F8
Device \Driver\usbehci \Device\USBFDO-7 863321F8
Device \Driver\aps968wy \Device\Scsi\aps968wy1Port4Path0Target0Lun0 863771F8
Device \Driver\aps968wy \Device\Scsi\aps968wy1 863771F8
Device \FileSystem\fastfat \Fat 8606C500
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Gestione filtri file system Microsoft/Microsoft Corporation)
Device \FileSystem\cdfs \Cdfs 860AB1F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc000647
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc000647@0018090412e3 0x8D 0x24 0x8D 0x29 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc000647@1886ac51eaaf 0xFC 0xD6 0xFC 0x6A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xED 0x81 0x0C 0xA9 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFB 0xE3 0xBC 0xE8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCD 0x0B 0x36 0x3D ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc000647 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc000647@0018090412e3 0x8D 0x24 0x8D 0x29 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc000647@1886ac51eaaf 0xFC 0xD6 0xFC 0x6A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xED 0x81 0x0C 0xA9 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFB 0xE3 0xBC 0xE8 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCD 0x0B 0x36 0x3D ...
---- EOF - GMER 1.0.15 ----
walterluca1
18-12-2010, 10:07
Ancora nessun suggerimento? La cosa è cosi' grave che persino i programmi non hanno auorizzazione a modificare i loro file, e cio' mi infastidisce parecchio.
Sto per disattivare il controllo, e spero di non pagarene le conseguenze. Auito ragazzi :) :) :) :)
walterluca1
20-12-2010, 00:31
Controllo disattivato, ora mi sento come una pecora senza lana? Ho freeeeeeeeeeeedo hahaha. :sofico:
I privilegi non ci sono ancora. Vedo scudini di amministratore dappertutto
vBulletin® v3.6.4, Copyright ©2000-2025, Jelsoft Enterprises Ltd.