Hardware Upgrade Forum - View Single Post

davisurf · 25-09-2006, 12:27

salve a tutti, è affidabile gmer per rilevare rootkit?

questo il report, ho qualche dubbio:

GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-09-25 12:25:41
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.10 ----

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwClose <-- ROOTKIT !!!
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateFile <-- ROOTKIT !!!
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateKey <-- ROOTKIT !!!
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcess <-- ROOTKIT !!!
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcessEx <-- ROOTKIT !!!
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateThread <-- ROOTKIT !!!
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteFile <-- ROOTKIT !!!
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteKey <-- ROOTKIT !!!
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteValueKey <-- ROOTKIT !!!
SSDT \SystemRoot\system32\drivers\khips.sys ZwLoadDriver <-- ROOTKIT !!!
SSDT \SystemRoot\system32\drivers\khips.sys ZwMapViewOfSection <-- ROOTKIT !!!
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenFile <-- ROOTKIT !!!
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenKey <-- ROOTKIT !!!
SSDT \??\C:\Programmi\ewido anti-spyware 4.0\guard.sys ZwOpenProcess <-- ROOTKIT !!!
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwResumeThread <-- ROOTKIT !!!
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetInformationFile <-- ROOTKIT !!!
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetValueKey <-- ROOTKIT !!!
SSDT \??\C:\Programmi\ewido anti-spyware 4.0\guard.sys ZwTerminateProcess <-- ROOTKIT !!!
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwWriteFile <-- ROOTKIT !!!

---- Services - GMER 1.0.10 ----

Service [SYSTEM] Aavmker4 <-- ROOTKIT !!!
Service [DISABLED] Abiosdsk <-- ROOTKIT !!!
Service [DISABLED] ACPIEC <-- ROOTKIT !!!
Service [AUTO] aswMon2 <-- ROOTKIT !!!
Service [MANUAL] aswRdr <-- ROOTKIT !!!
Service [SYSTEM] aswTdi <-- ROOTKIT !!!
Service [DISABLED] Atdisk <-- ROOTKIT !!!
Service [SYSTEM] Beep <-- ROOTKIT !!!
Service [MANUAL] bvrp_pci <-- ROOTKIT !!!
Service [DISABLED] cbidf2k <-- ROOTKIT !!!
Service [SYSTEM] Cdaudio <-- ROOTKIT !!!
Service [DISABLED] Cdfs <-- ROOTKIT !!!
Service [SYSTEM] Changer <-- ROOTKIT !!!
Service C:\Programmi\ewido anti-spyware 4.0\guard.sys [SYSTEM] ewido anti-spyware 4.0 driver <-- ROOTKIT !!!
Service [DISABLED] Fastfat <-- ROOTKIT !!!
Service [SYSTEM] Fips <-- ROOTKIT !!!
Service [SYSTEM] Fs_Rec <-- ROOTKIT !!!
Service [SYSTEM] i2omgmt <-- ROOTKIT !!!
Service [MANUAL] kbeepm <-- ROOTKIT !!!
Service [BOOT] KSecDD <-- ROOTKIT !!!
Service [SYSTEM] lbrtfdc <-- ROOTKIT !!!
Service [SYSTEM] mnmdd <-- ROOTKIT !!!
Service [MANUAL] Modem <-- ROOTKIT !!!
Service [BOOT] MountMgr <-- ROOTKIT !!!
Service [SYSTEM] Msfs <-- ROOTKIT !!!
Service [BOOT] Mup <-- ROOTKIT !!!
Service [BOOT] NDIS <-- ROOTKIT !!!
Service [MANUAL] NDProxy <-- ROOTKIT !!!
Service [SYSTEM] Npfs <-- ROOTKIT !!!
Service [DISABLED] Ntfs <-- ROOTKIT !!!
Service [SYSTEM] Null <-- ROOTKIT !!!
Service [BOOT] PartMgr <-- ROOTKIT !!!
Service [AUTO] ParVdm <-- ROOTKIT !!!
Service [SYSTEM] PCIDump <-- ROOTKIT !!!
Service [DISABLED] Pcmcia <-- ROOTKIT !!!
Service [MANUAL] PDCOMP <-- ROOTKIT !!!
Service [MANUAL] PDFRAME <-- ROOTKIT !!!
Service [MANUAL] PDRELI <-- ROOTKIT !!!
Service [MANUAL] PDRFRAME <-- ROOTKIT !!!
Service [MANUAL] RDPWD <-- ROOTKIT !!!
Service [DISABLED] RemoteRegistry <-- ROOTKIT !!!
Service [MANUAL] SCardDrv <-- ROOTKIT !!!
Service [SYSTEM] Sfloppy <-- ROOTKIT !!!
Service [DISABLED] Simbad <-- ROOTKIT !!!
Service [MANUAL] TDPIPE <-- ROOTKIT !!!
Service [MANUAL] TDTCP <-- ROOTKIT !!!
Service [DISABLED] TlntSvr <-- ROOTKIT !!!
Service [MANUAL] TSP <-- ROOTKIT !!!
Service [DISABLED] Udfs <-- ROOTKIT !!!
Service [MANUAL] uploadmgr <-- ROOTKIT !!!
Service [BOOT] VolSnap <-- ROOTKIT !!!
Service [MANUAL] WDICA <-- ROOTKIT !!!
Service [MANUAL] Winsock <-- ROOTKIT !!!
Service [MANUAL] Wmi <-- ROOTKIT !!!

---- EOF - GMER 1.0.10 ----

25-09-2006, 12:27	#1
davisurf Junior Member Iscritto dal: May 2006 Città: Sardinia Messaggi: 18	Gmer e rootkit salve a tutti, è affidabile gmer per rilevare rootkit? questo il report, ho qualche dubbio: GMER 1.0.10.10122 - http://www.gmer.net Rootkit 2006-09-25 12:25:41 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.10 ---- SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwClose <-- ROOTKIT !!! SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateFile <-- ROOTKIT !!! SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateKey <-- ROOTKIT !!! SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcess <-- ROOTKIT !!! SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcessEx <-- ROOTKIT !!! SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateThread <-- ROOTKIT !!! SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteFile <-- ROOTKIT !!! SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteKey <-- ROOTKIT !!! SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteValueKey <-- ROOTKIT !!! SSDT \SystemRoot\system32\drivers\khips.sys ZwLoadDriver <-- ROOTKIT !!! SSDT \SystemRoot\system32\drivers\khips.sys ZwMapViewOfSection <-- ROOTKIT !!! SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenFile <-- ROOTKIT !!! SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenKey <-- ROOTKIT !!! SSDT \??\C:\Programmi\ewido anti-spyware 4.0\guard.sys ZwOpenProcess <-- ROOTKIT !!! SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwResumeThread <-- ROOTKIT !!! SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetInformationFile <-- ROOTKIT !!! SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetValueKey <-- ROOTKIT !!! SSDT \??\C:\Programmi\ewido anti-spyware 4.0\guard.sys ZwTerminateProcess <-- ROOTKIT !!! SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwWriteFile <-- ROOTKIT !!! ---- Services - GMER 1.0.10 ---- Service [SYSTEM] Aavmker4 <-- ROOTKIT !!! Service [DISABLED] Abiosdsk <-- ROOTKIT !!! Service [DISABLED] ACPIEC <-- ROOTKIT !!! Service [AUTO] aswMon2 <-- ROOTKIT !!! Service [MANUAL] aswRdr <-- ROOTKIT !!! Service [SYSTEM] aswTdi <-- ROOTKIT !!! Service [DISABLED] Atdisk <-- ROOTKIT !!! Service [SYSTEM] Beep <-- ROOTKIT !!! Service [MANUAL] bvrp_pci <-- ROOTKIT !!! Service [DISABLED] cbidf2k <-- ROOTKIT !!! Service [SYSTEM] Cdaudio <-- ROOTKIT !!! Service [DISABLED] Cdfs <-- ROOTKIT !!! Service [SYSTEM] Changer <-- ROOTKIT !!! Service C:\Programmi\ewido anti-spyware 4.0\guard.sys [SYSTEM] ewido anti-spyware 4.0 driver <-- ROOTKIT !!! Service [DISABLED] Fastfat <-- ROOTKIT !!! Service [SYSTEM] Fips <-- ROOTKIT !!! Service [SYSTEM] Fs_Rec <-- ROOTKIT !!! Service [SYSTEM] i2omgmt <-- ROOTKIT !!! Service [MANUAL] kbeepm <-- ROOTKIT !!! Service [BOOT] KSecDD <-- ROOTKIT !!! Service [SYSTEM] lbrtfdc <-- ROOTKIT !!! Service [SYSTEM] mnmdd <-- ROOTKIT !!! Service [MANUAL] Modem <-- ROOTKIT !!! Service [BOOT] MountMgr <-- ROOTKIT !!! Service [SYSTEM] Msfs <-- ROOTKIT !!! Service [BOOT] Mup <-- ROOTKIT !!! Service [BOOT] NDIS <-- ROOTKIT !!! Service [MANUAL] NDProxy <-- ROOTKIT !!! Service [SYSTEM] Npfs <-- ROOTKIT !!! Service [DISABLED] Ntfs <-- ROOTKIT !!! Service [SYSTEM] Null <-- ROOTKIT !!! Service [BOOT] PartMgr <-- ROOTKIT !!! Service [AUTO] ParVdm <-- ROOTKIT !!! Service [SYSTEM] PCIDump <-- ROOTKIT !!! Service [DISABLED] Pcmcia <-- ROOTKIT !!! Service [MANUAL] PDCOMP <-- ROOTKIT !!! Service [MANUAL] PDFRAME <-- ROOTKIT !!! Service [MANUAL] PDRELI <-- ROOTKIT !!! Service [MANUAL] PDRFRAME <-- ROOTKIT !!! Service [MANUAL] RDPWD <-- ROOTKIT !!! Service [DISABLED] RemoteRegistry <-- ROOTKIT !!! Service [MANUAL] SCardDrv <-- ROOTKIT !!! Service [SYSTEM] Sfloppy <-- ROOTKIT !!! Service [DISABLED] Simbad <-- ROOTKIT !!! Service [MANUAL] TDPIPE <-- ROOTKIT !!! Service [MANUAL] TDTCP <-- ROOTKIT !!! Service [DISABLED] TlntSvr <-- ROOTKIT !!! Service [MANUAL] TSP <-- ROOTKIT !!! Service [DISABLED] Udfs <-- ROOTKIT !!! Service [MANUAL] uploadmgr <-- ROOTKIT !!! Service [BOOT] VolSnap <-- ROOTKIT !!! Service [MANUAL] WDICA <-- ROOTKIT !!! Service [MANUAL] Winsock <-- ROOTKIT !!! Service [MANUAL] Wmi <-- ROOTKIT !!! ---- EOF - GMER 1.0.10 ----