PrezerDj
03-01-2007, 18:33
Non ho problemi al pc, sn protetto cn kis ed avg antispyware, x curiosità lancio Gmer e mi trova la seguente roba, che è? sono infetto? come posso sistemare tutto?
GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-01-03 18:31:07
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwClose
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcessEx
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSymbolicLinkObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDuplicateObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwFlushKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwInitializeRegistry
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey2
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwNotifyChangeKey
SSDT kl1.sys ZwOpenFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenKey
SSDT \??\C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryMultipleValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQuerySystemInformation
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwReplaceKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwRestoreKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwResumeThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSaveKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetContextThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetSecurityObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSuspendThread
SSDT \??\C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwUnloadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwWriteVirtualMemory
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[284]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[285]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[286]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[287]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[288]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[289]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[290]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[291]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[292]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[293]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[294]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[295]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[296]
Code \??\C:\WINDOWS\system32\drivers\klif.sys FsRtlCheckLockForReadAccess
Code \??\C:\WINDOWS\system32\drivers\klif.sys IoIsOperationSynchronous
---- Kernel code sections - GMER 1.0.12 ----
.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF2E 5 Bytes JMP AA8E0760 \??\C:\WINDOWS\system32\drivers\klif.sys
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF718 5 Bytes JMP AA8E0C50 \??\C:\WINDOWS\system32\drivers\klif.sys
.text ntkrnlpa.exe!KiDispatchInterrupt + 100 80544C20 7 Bytes JMP AA8E3CD0 \??\C:\WINDOWS\system32\drivers\klif.sys
---- User code sections - GMER 1.0.12 ----
.text C:\WINDOWS\explorer.exe[1804] SHELL32.dll!StrStrW + FFE33B46 7C9DE9F8 4 Bytes [ 04, 03, FF, 00 ]
.text C:\WINDOWS\explorer.exe[1804] SHELL32.dll!StrStrW + FFE33B56 7C9DEA08 4 Bytes [ 00, 04, FF, 00 ]
.text C:\WINDOWS\explorer.exe[1804] SHELL32.dll!StrStrW + FFE34A96 7C9DF948 4 Bytes [ 54, 04, FF, 00 ]
.text C:\WINDOWS\explorer.exe[1804] SHELL32.dll!StrStrW + FFE34AB2 7C9DF964 4 Bytes [ 82, 03, FF, 00 ]
.text C:\WINDOWS\explorer.exe[1804] SHELL32.dll!StrStrW + FFE34AC6 7C9DF978 4 Bytes [ 58, 03, FF, 00 ]
.text C:\WINDOWS\explorer.exe[1804] SHELL32.dll!DAD_ShowDragImage + 2370 7CA19E68 4 Bytes [ FC, 04, FF, 00 ]
---- Threads - GMER 1.0.12 ----
Thread 4:116 865EDA20
Thread 4:120 8656FC60
Thread 4:124 8656FC60
Thread 4:384 865EDA20
Thread 4:520 865EDA20
Thread 4:2084 844AA5B0
---- Registry - GMER 1.0.12 ----
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\[email protected] E169C746D3D3451EC9A5A98DABEC32E61F86A11605B4C9194E28465AB765920725C8D7A99D0BA69ABF0FE92D9BD64A9541E45E6D8879CAE357D7B4EBDB94B601181425D1ABB6626829E50DA5006D3D18B4D9AC98F35E7324B8D6B2E1A0FAE2D717DD1626E6BD626885CDC875F7F6D2B8C0B72FD237AA08AB9BC8EDCDEE827805CDBE86B4CB4B43DDA5EDC543B20006247B59FA78D9EC03B27BD88BE7C05A8DEABE5048AAEACE59F232F1A0D776DA87EC501A1A0D76F58ED02A35FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667C038D530D6EB3452BA7FD869164D6794A6171C11EC38DE3D5631596744FA90F41F8E56E2E4A42310644C8B3DA64B689D8B482BF1D14E1CDE5C080773E6341623823F6F0404FC45B151EC65A31788133E69069B12618705F01E2E43DCD07C3C7BB682317D20CEB43EF5F74B02CBEE65837BBF4BD6D986A6C170C34C0CE93D67737EB42DB79C0BBB7C20A144E3471730A4BE21568B782E73181D0E73ABCCC4500310520C61920977351440EA953E8113DA22FA6EBE3048B13FDEF61DADC9C40228167D06EB4D02D73789CD6E2B999383668AC056C4A781FC08E889C3446451DCE12EFCE90B4F9522532A69137A78914C884F8AE6343968C344DF77F469526414366AB81A394C46EDDE15D7AF1CAA2
---- EOF - GMER 1.0.12 ----
GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-01-03 18:31:07
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwClose
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcessEx
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSymbolicLinkObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDuplicateObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwFlushKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwInitializeRegistry
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey2
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwNotifyChangeKey
SSDT kl1.sys ZwOpenFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenKey
SSDT \??\C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryMultipleValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQuerySystemInformation
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwReplaceKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwRestoreKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwResumeThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSaveKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetContextThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetSecurityObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSuspendThread
SSDT \??\C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwUnloadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwWriteVirtualMemory
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[284]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[285]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[286]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[287]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[288]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[289]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[290]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[291]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[292]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[293]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[294]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[295]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[296]
Code \??\C:\WINDOWS\system32\drivers\klif.sys FsRtlCheckLockForReadAccess
Code \??\C:\WINDOWS\system32\drivers\klif.sys IoIsOperationSynchronous
---- Kernel code sections - GMER 1.0.12 ----
.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF2E 5 Bytes JMP AA8E0760 \??\C:\WINDOWS\system32\drivers\klif.sys
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF718 5 Bytes JMP AA8E0C50 \??\C:\WINDOWS\system32\drivers\klif.sys
.text ntkrnlpa.exe!KiDispatchInterrupt + 100 80544C20 7 Bytes JMP AA8E3CD0 \??\C:\WINDOWS\system32\drivers\klif.sys
---- User code sections - GMER 1.0.12 ----
.text C:\WINDOWS\explorer.exe[1804] SHELL32.dll!StrStrW + FFE33B46 7C9DE9F8 4 Bytes [ 04, 03, FF, 00 ]
.text C:\WINDOWS\explorer.exe[1804] SHELL32.dll!StrStrW + FFE33B56 7C9DEA08 4 Bytes [ 00, 04, FF, 00 ]
.text C:\WINDOWS\explorer.exe[1804] SHELL32.dll!StrStrW + FFE34A96 7C9DF948 4 Bytes [ 54, 04, FF, 00 ]
.text C:\WINDOWS\explorer.exe[1804] SHELL32.dll!StrStrW + FFE34AB2 7C9DF964 4 Bytes [ 82, 03, FF, 00 ]
.text C:\WINDOWS\explorer.exe[1804] SHELL32.dll!StrStrW + FFE34AC6 7C9DF978 4 Bytes [ 58, 03, FF, 00 ]
.text C:\WINDOWS\explorer.exe[1804] SHELL32.dll!DAD_ShowDragImage + 2370 7CA19E68 4 Bytes [ FC, 04, FF, 00 ]
---- Threads - GMER 1.0.12 ----
Thread 4:116 865EDA20
Thread 4:120 8656FC60
Thread 4:124 8656FC60
Thread 4:384 865EDA20
Thread 4:520 865EDA20
Thread 4:2084 844AA5B0
---- Registry - GMER 1.0.12 ----
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\[email protected] E169C746D3D3451EC9A5A98DABEC32E61F86A11605B4C9194E28465AB765920725C8D7A99D0BA69ABF0FE92D9BD64A9541E45E6D8879CAE357D7B4EBDB94B601181425D1ABB6626829E50DA5006D3D18B4D9AC98F35E7324B8D6B2E1A0FAE2D717DD1626E6BD626885CDC875F7F6D2B8C0B72FD237AA08AB9BC8EDCDEE827805CDBE86B4CB4B43DDA5EDC543B20006247B59FA78D9EC03B27BD88BE7C05A8DEABE5048AAEACE59F232F1A0D776DA87EC501A1A0D76F58ED02A35FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667C038D530D6EB3452BA7FD869164D6794A6171C11EC38DE3D5631596744FA90F41F8E56E2E4A42310644C8B3DA64B689D8B482BF1D14E1CDE5C080773E6341623823F6F0404FC45B151EC65A31788133E69069B12618705F01E2E43DCD07C3C7BB682317D20CEB43EF5F74B02CBEE65837BBF4BD6D986A6C170C34C0CE93D67737EB42DB79C0BBB7C20A144E3471730A4BE21568B782E73181D0E73ABCCC4500310520C61920977351440EA953E8113DA22FA6EBE3048B13FDEF61DADC9C40228167D06EB4D02D73789CD6E2B999383668AC056C4A781FC08E889C3446451DCE12EFCE90B4F9522532A69137A78914C884F8AE6343968C344DF77F469526414366AB81A394C46EDDE15D7AF1CAA2
---- EOF - GMER 1.0.12 ----