Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

rootkit gmer e logfile

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

rootkit gmer e logfile

Messaggioda quanikmimett » ven mar 07, 2008 9:51 pm

Mi potete controllare questo log ,non sono sicuro ma con gmer ho notato la presenza di un rootkit all'avvio,ma cliccando col tasto destro non potevo eliminarlo.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.46.09, on 07/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
F:\Windows\system32\Dwm.exe
F:\Windows\Explorer.EXE
F:\Windows\system32\taskeng.exe
F:\Windows\system32\taskeng.exe
F:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\Windows Media Player\wmpnscfg.exe
F:\Program Files\PaulB\GetHotmail\GetMail\GetMail.exe
F:\Program Files\Eset\nod32kui.exe
F:\Windows\system32\wbem\unsecapp.exe
F:\Program Files\FreePOPs\freepopsd.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Windows\REGEDIT.EXE
F:\Program Files\Windows Live\Messenger\msnmsgr.exe
F:\Program Files\Windows Mail\WinMail.exe
F:\Program Files\Eset\nod32.exe
F:\Users\Pasquale\Desktop\Pulisci PC\GMER caccia rootkit\gmer.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - F:\Program Files\Online_TV\tbOnli.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - F:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - F:\Program Files\Online_TV\tbOnli.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - F:\Program Files\Online_TV\tbOnli.dll
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nod32kui] "F:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [WMPNSCFG] F:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [getmail] "F:\Program Files\PaulB\GetHotmail\GetMail\GetMail.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - F:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Windows Live Search - res://F:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - F:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - F:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://ca.com/it/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{58634C87-0ACF-4702-9F6B-8AC1338BEF42}: NameServer = 208.67.222.222,208.67.220.220
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - F:\Windows\System32\DreamScene.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Diskeeper - Diskeeper Corporation - F:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: G - Unknown owner - F:\Users\Pasquale\AppData\Local\Temp\G.exe (file missing)
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - F:\Program Files\Eset\nod32krn.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - F:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - F:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: WHCSBKJLZ - Unknown owner - F:\Users\Pasquale\AppData\Local\Temp\WHCSBKJLZ.exe (file missing)

--
End of file - 7477 bytes
Avatar utente
quanikmimett
Aficionado
Aficionado
 
Messaggi: 25
Iscritto il: sab mar 01, 2008 9:02 am

Messaggioda ste_95 » ven mar 07, 2008 9:52 pm

Si vede qualcosa, ma puoi postare anche i log di GMER?
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda quanikmimett » ven mar 07, 2008 9:56 pm

aspè sto facendo una nuova scansione [fischio]
Avatar utente
quanikmimett
Aficionado
Aficionado
 
Messaggi: 25
Iscritto il: sab mar 01, 2008 9:02 am


Messaggioda quanikmimett » ven mar 07, 2008 10:00 pm

Ecco il log di gmer ma adesso non vedo righe rosse
GMER 1.0.14.14116 - http://www.gmer.net
Rootkit scan 2008-03-07 22:00:55
Windows 5.1.2600 Service Pack 2


---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!ZwQueryLicenseValue + D41 81C46239 1 Byte [ 06 ]

---- User code sections - GMER 1.0.14 ----

.text F:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe[1956] kernel32.dll!CreateThread + 1A 76673809 4 Bytes [ 67, BF, DD, 89 ]
.text F:\Program Files\Windows Live\Messenger\msnmsgr.exe[3440] kernel32.dll!SetUnhandledExceptionFilter 7665D187 5 Bytes JMP 0056DBBD F:\Program Files\Windows Live\Messenger\msnmsgr.exe (Windows Live Messenger/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.14 ----

IAT F:\Windows\Explorer.EXE[1712] @ F:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74BCFE0C] F:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT F:\Windows\Explorer.EXE[1712] @ F:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74B9C53D] F:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT F:\Windows\Explorer.EXE[1712] @ F:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74B8A31F] F:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT F:\Windows\Explorer.EXE[1712] @ F:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74B8CBEF] F:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT F:\Windows\Explorer.EXE[1712] @ F:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74B88AAA] F:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT F:\Windows\Explorer.EXE[1712] @ F:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74B9DAB8] F:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT F:\Windows\Explorer.EXE[1712] @ F:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74B87D8D] F:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT F:\Windows\Explorer.EXE[1712] @ F:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74B87CF4] F:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT F:\Windows\Explorer.EXE[1712] @ F:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74B86A4E] F:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT F:\Windows\Explorer.EXE[1712] @ F:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74C1BE7C] F:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT F:\Windows\Explorer.EXE[1712] @ F:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74BA8A5E] F:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT F:\Windows\Explorer.EXE[1712] @ F:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74B890CD] F:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT F:\Windows\Explorer.EXE[1712] @ F:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74B92248] F:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT F:\Windows\Explorer.EXE[1712] @ F:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74B92273] F:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT F:\Windows\Explorer.EXE[1712] @ F:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74B97724] F:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT F:\Windows\Explorer.EXE[1712] @ F:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74B97546] F:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT F:\Windows\Explorer.EXE[1712] @ F:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74BC861D] F:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT F:\Windows\Explorer.EXE[1712] @ F:\Windows\system32\ole32.dll [msvcrt.dll!free] [6BEADE6B] F:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT F:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe[1956] @ F:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [0044F8CC] F:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
IAT F:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe[1956] @ F:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0044F8CC] F:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset )
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Gestione filtri file system Microsoft/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat amon.sys (Amon monitor/Eset )

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000f3d38f4c1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000f3d38f4c1@001a161a519b 0x2C 0x15 0x8F 0xD9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000f3d38f4c1@0016dbfef279 0x03 0xD0 0x7E 0x2D ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000f3d38f4c1
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000f3d38f4c1@001a161a519b 0x2C 0x15 0x8F 0xD9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000f3d38f4c1@0016dbfef279 0x03 0xD0 0x7E 0x2D ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\tþÛÉZv8‹vþÿÿÿR~v·ÄìvìÛ„ìÛ¹ÃìvÀÄìv
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\tþÛÉZv8‹vþÿÿÿR~v·ÄìvìÛ„ìÛ¹ÃìvÀÄìv@0140710900063D11C8EF10054038389C F?\Windows\system32\FM20ENU.DLL
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION DD6734246282B5324D908527C9EDAEC03A818FDFC030607BE27F04BE631BD9
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion@CurrentVersion 6.0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion@CurrentBuildNumber 6000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion@ProductName Windows Vista (TM) Ultimate
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\ÔN?
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\ÔN?@CacheSizeInMB 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\ÔN?@CacheStatus 2
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\ÔN?@USBVersion 131072
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\ÔN?@ReadSpeedKBs 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\ÔN?@WriteSpeedKBs 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\ÔN?@PhysicalDeviceSizeMB 305242
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\ÔN?@RecommendedCacheSizeMB 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\ÔN?@HasSlowRegions 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\ÔN?@DoRetestDevice 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\ÔN?@DeviceStatus 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\ÔN?@LastTestedTime 0x00 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\˜ÀÅ-
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\˜ÀÅ-@CacheSizeInMB 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\˜ÀÅ-@CacheStatus 2
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\˜ÀÅ-@USBVersion 131072
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\˜ÀÅ-@ReadSpeedKBs 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\˜ÀÅ-@WriteSpeedKBs 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\˜ÀÅ-@PhysicalDeviceSizeMB 305242
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\˜ÀÅ-@RecommendedCacheSizeMB 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\˜ÀÅ-@HasSlowRegions 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\˜ÀÅ-@DoRetestDevice 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\˜ÀÅ-@DeviceStatus 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\˜ÀÅ-@LastTestedTime 0x00 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Cache\Intranet\„Â
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Cache\Intranet\„%Â@Successes -536870912
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Cache\Intranet\„%Â@Failures -536870911
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Cache\Intranet\„%Â@{58634C87-0ACF-4702-9F6B-8AC1338BEF42} 0x00 0x18 0xF8 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6C0230A3-959D-BC17-6EC8-E09B71C7A658}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6C0230A3-959D-BC17-6EC8-E09B71C7A658}@bboilhhpjnnpdelknapefccakgpnllibhbil 0x61 0x61 0x00 0x6A
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6C0230A3-959D-BC17-6EC8-E09B71C7A658}@aboilhhpjnnpdelknaafecficgbokplaff 0x61 0x61 0x00 0x6A

---- EOF - GMER 1.0.14 ----
[V]
Avatar utente
quanikmimett
Aficionado
Aficionado
 
Messaggi: 25
Iscritto il: sab mar 01, 2008 9:02 am

Messaggioda quanikmimett » ven mar 07, 2008 10:02 pm

come faccio a postare log del registro dove la scansione con gmer mi fa vedere voci in rosso
Avatar utente
quanikmimett
Aficionado
Aficionado
 
Messaggi: 25
Iscritto il: sab mar 01, 2008 9:02 am

Messaggioda ste_95 » sab mar 08, 2008 6:53 am

quanikmimett ha scritto:come faccio a postare log del registro dove la scansione con gmer mi fa vedere voci in rosso

Spiegati meglio [uhm]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 5 ospiti

cron
Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising