|
|||||||
|
|
|
 |
|
|
Strumenti |
11-11-2010, 09:39
|
#1 |
|
Senior Member
Iscritto dal: Sep 2002
Messaggi: 547
|
Pictor vs GMER: chi ha ragione?
Ciao,
chiedo un vostro parere perché sono un pò allibito. Ho installato da due giorni Windows XP su un PC. Tutto funziona, ho Avira 10, Firewall Windows attivo, SP3 installato. Sto solo tribolando per far funzionare il Windows Update che non riesce a mostrarmi l'elenco degli update. Tra tutte le mie prove ho fatto anche uno scan con GMER e mi è uscito questo: Codice:
GMER 1.0.15.15477 - http://www.gmer.net
Rootkit quick scan 2010-11-11 10:32:23
Windows 5.1.2600 Service Pack 3
Running: pkv1wjmu.exe - gi.mee.r.cmd; Driver: C:\DOCUME~1\Fabrizio\IMPOST~1\Temp\uwdyqpog.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sectors 312581552 (+255): rootkit-like behavior;
---- System - GMER 1.0.15 ----
SSDT \WINDOWS\system32\ntoskrnl.exe (Sistema e kernel NT/Microsoft Corporation) ZwEnumerateKey [0x80578E1C] <-- ROOTKIT !!!
SSDT \WINDOWS\system32\ntoskrnl.exe (Sistema e kernel NT/Microsoft Corporation) ZwEnumerateValueKey [0x80587691] <-- ROOTKIT !!!
SSDT \WINDOWS\system32\ntoskrnl.exe (Sistema e kernel NT/Microsoft Corporation) ZwQueryDirectoryFile [0x80581E69] <-- ROOTKIT !!!
SSDT \WINDOWS\system32\ntoskrnl.exe (Sistema e kernel NT/Microsoft Corporation) ZwQuerySystemInformation [0x80585FF1] <-- ROOTKIT !!!
Code \WINDOWS\system32\ntoskrnl.exe (Sistema e kernel NT/Microsoft Corporation) ZwOpenJobObject [0x8062EC6F]
Code \WINDOWS\system32\ntoskrnl.exe (Sistema e kernel NT/Microsoft Corporation) ZwQueryOpenSubKeys [0x8064CF8F]
Code 7CB25D09 ZwRenameKey
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Services - GMER 1.0.15 ----
Service (*** hidden *** ) acap2000 <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\ACPI.sys (*** hidden *** ) [BOOT] ACPI <-- ROOTKIT !!!
Service (*** hidden *** ) [SYSTEM] AFS2K <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\agp440.sys (*** hidden *** ) [BOOT] agp440 <-- ROOTKIT !!!
Service C:\WINDOWS\System32\svchost.exe (*** hidden *** ) [AUTO] Alerter <-- ROOTKIT !!!
Service C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (*** hidden *** ) [AUTO] Apple Mobile Device <-- ROOTKIT !!!
Service (*** hidden *** ) [SYSTEM] Asapi <-- ROOTKIT !!!
Service (*** hidden *** ) ASP.NET_2.0.50727 <-- ROOTKIT !!!
Service (*** hidden *** ) Aspi32 <-- ROOTKIT !!!
Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (*** hidden *** ) [MANUAL] aspnet_state <-- ROOTKIT !!!
Service C:\Programmi\ASTRA32\ASTRA32.sys (*** hidden *** ) [AUTO] ASTRA32 <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\atapi.sys (*** hidden *** ) [BOOT] atapi <-- ROOTKIT !!!
Service C:\WINDOWS\system32\Ati2evxx.exe (*** hidden *** ) [AUTO] Ati HotKey Poller <-- ROOTKIT !!!
Service C:\WINDOWS\system32\ati2sgag.exe (*** hidden *** ) [AUTO] ATI Smart <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (*** hidden *** ) [MANUAL] ati2mtag <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\atmarpc.sys (*** hidden *** ) [MANUAL] Atmarpc <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\audstub.sys (*** hidden *** ) [MANUAL] audstub <-- ROOTKIT !!!
Service C:\WINDOWS\system32\DRIVERS\avgntflt.sys (*** hidden *** ) [AUTO] avgntflt <-- ROOTKIT !!!
Service System32\DRIVERS\HSF_BSC2.sys (*** hidden *** ) [MANUAL] basic2 <-- ROOTKIT !!!
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] BITS <-- ROOTKIT !!!
Service C:\DOCUME~1\Fabrizio\IMPOST~1\Temp\catchme.sys (*** hidden *** ) [MANUAL] catchme <-- ROOTKIT !!!
Service system32\DRIVERS\CCDECODE.sys (*** hidden *** ) [MANUAL] CCDECODE <-- ROOTKIT !!!
Service C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe (*** hidden *** ) [AUTO] ccEvtMgr <-- ROOTKIT !!!
Service C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe (*** hidden *** ) [MANUAL] ccPwdSvc <-- ROOTKIT !!!
Service C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe (*** hidden *** ) [AUTO] ccSetMgr <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\cdrom.sys (*** hidden *** ) [SYSTEM] Cdrom <-- ROOTKIT !!!
Service (*** hidden *** ) Class <-- ROOTKIT !!!
Service C:\WINDOWS\system32\clipsrv.exe (*** hidden *** ) [MANUAL] ClipSrv <-- ROOTKIT !!!
Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (*** hidden *** ) [MANUAL] clr_optimization_v2.0.50727_32 <-- ROOTKIT !!!
Service C:\WINDOWS\System32\dllhost.exe (*** hidden *** ) [MANUAL] COMSysApp <-- ROOTKIT !!!
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] CryptSvc <-- ROOTKIT !!!
Service C:\Programmi\Symantec AntiVirus\DefWatch.exe (*** hidden *** ) [AUTO] DefWatch <-- ROOTKIT !!!
Service C:\WINDOWS\System32\svchost.exe (*** hidden *** ) [AUTO] Dhcp <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\disk.sys (*** hidden *** ) [BOOT] Disk <-- ROOTKIT !!!
Service C:\WINDOWS\System32\svchost.exe (*** hidden *** ) [AUTO] Dnscache <-- ROOTKIT !!!
Service System32\Drivers\driverx.sys (*** hidden *** ) [AUTO] DriverX <-- ROOTKIT !!!
Service (*** hidden *** ) [AUTO] e76ajiwzkdeu <-- ROOTKIT !!!
Service C:\WINDOWS\system32\drivers\EIO.sys (*** hidden *** ) [AUTO] EIO <-- ROOTKIT !!!
Service C:\WINDOWS\System32\svchost.exe (*** hidden *** ) [MANUAL] EventSystem <-- ROOTKIT !!!
Service System32\DRIVERS\HSF_FALL.sys (*** hidden *** ) [AUTO] Fallback <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\fdc.sys (*** hidden *** ) [MANUAL] Fdc <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\flpydisk.sys (*** hidden *** ) [MANUAL] Flpydisk <-- ROOTKIT !!!
Service System32\DRIVERS\HSF_FSKS.sys (*** hidden *** ) [AUTO] Fsks <-- ROOTKIT !!!
Service system32\DRIVERS\fssfltr_tdi.sys (*** hidden *** ) [AUTO] fssfltr <-- ROOTKIT !!!
Service C:\Programmi\Windows Live\Family Safety\fsssvc.exe (*** hidden *** ) [MANUAL] fsssvc <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\ftdisk.sys (*** hidden *** ) [BOOT] Ftdisk <-- ROOTKIT !!!
Service System32\Drivers\GEARAspiWDM.sys (*** hidden *** ) [MANUAL] GEARAspiWDM <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\msgpc.sys (*** hidden *** ) [MANUAL] Gpc <-- ROOTKIT !!!
Service C:\Programmi\Google\Update\GoogleUpdate.exe (*** hidden *** ) [AUTO] gupdate <-- ROOTKIT !!!
Service C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe (*** hidden *** ) [MANUAL] gusvc <-- ROOTKIT !!!
Service C:\WINDOWS\System32\svchost.exe (*** hidden *** ) [AUTO] HidServ <-- ROOTKIT !!!
Service system32\DRIVERS\hidusb.sys (*** hidden *** ) [MANUAL] HidUsb <-- ROOTKIT !!!
Service (*** hidden *** ) [DISABLED] hpt3xx <-- ROOTKIT !!!
Service system32\DRIVERS\HPZid412.sys (*** hidden *** ) [MANUAL] HPZid412 <-- ROOTKIT !!!
Service system32\DRIVERS\HPZipr12.sys (*** hidden *** ) [MANUAL] HPZipr12 <-- ROOTKIT !!!
Service system32\DRIVERS\HPZius12.sys (*** hidden *** ) [MANUAL] HPZius12 <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys (*** hidden *** ) [MANUAL] HSFHWBS2 <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys (*** hidden *** ) [MANUAL] HSF_DP <-- ROOTKIT !!!
Service System32\DRIVERS\HSF_MSFT.sys (*** hidden *** ) [MANUAL] hsf_msft <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\i8042prt.sys (*** hidden *** ) [SYSTEM] i8042prt <-- ROOTKIT !!!
Service C:\WINDOWS\system32\imapi.exe (*** hidden *** ) [MANUAL] ImapiService <-- ROOTKIT !!!
Service (*** hidden *** ) [DISABLED] IntelIde <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\intelppm.sys (*** hidden *** ) [SYSTEM] intelppm <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys (*** hidden *** ) [MANUAL] IpFilterDriver <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\ipinip.sys (*** hidden *** ) [MANUAL] IpInIp <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\ipnat.sys (*** hidden *** ) [MANUAL] IpNat <-- ROOTKIT !!!
Service C:\Programmi\iPod\bin\iPodService.exe (*** hidden *** ) [MANUAL] iPod Service <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\ipsec.sys (*** hidden *** ) [SYSTEM] IPSec <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\irenum.sys (*** hidden *** ) [MANUAL] IRENUM <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\isapnp.sys (*** hidden *** ) [BOOT] isapnp <-- ROOTKIT !!!
Service System32\DRIVERS\HSF_K56K.sys (*** hidden *** ) [AUTO] K56 <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\kbdclass.sys (*** hidden *** ) [SYSTEM] Kbdclass <-- ROOTKIT !!!
Service system32\DRIVERS\kbdhid.sys (*** hidden *** ) [SYSTEM] kbdhid <-- ROOTKIT !!!
Service C:\WINDOWS\System32\svchost.exe (*** hidden *** ) [AUTO] lanmanworkstation <-- ROOTKIT !!!
Service System32\drivers\cmlkb.sys (*** hidden *** ) [BOOT] lmnw <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (*** hidden *** ) [AUTO] mdmxsdk <-- ROOTKIT !!!
Service C:\WINDOWS\System32\mnmsrvc.exe (*** hidden *** ) [DISABLED] mnmsrvc <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\mouclass.sys (*** hidden *** ) [SYSTEM] Mouclass <-- ROOTKIT !!!
Service System32\DRIVERS\mouhid.sys (*** hidden *** ) [MANUAL] mouhid <-- ROOTKIT !!!
Service (*** hidden *** ) [BOOT] MrFilter <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\mrxdav.sys (*** hidden *** ) [MANUAL] MRxDAV <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\mrxsmb.sys (*** hidden *** ) [SYSTEM] MRxSmb <-- ROOTKIT !!!
Service C:\WINDOWS\System32\msdtc.exe (*** hidden *** ) [MANUAL] MSDTC <-- ROOTKIT !!!
Service C:\WINDOWS\system32\msiexec.exe (*** hidden *** ) [MANUAL] MSIServer <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\mssmbios.sys (*** hidden *** ) [MANUAL] mssmbios <-- ROOTKIT !!!
Service system32\drivers\MSTEE.sys (*** hidden *** ) [MANUAL] MSTEE <-- ROOTKIT !!!
Service system32\DRIVERS\NABTSFEC.sys (*** hidden *** ) [MANUAL] NABTSFEC <-- ROOTKIT !!!
Service C:\PROGRA~1\FILECO~1\SYMANT~1\VIRUSD~1\20101023.004\naveng.sys (*** hidden *** ) [MANUAL] NAVENG <-- ROOTKIT !!!
Service C:\PROGRA~1\FILECO~1\SYMANT~1\VIRUSD~1\20101023.004\navex15.sys (*** hidden *** ) [MANUAL] NAVEX15 <-- ROOTKIT !!!
Service system32\DRIVERS\NdisIP.sys (*** hidden *** ) [MANUAL] NdisIP <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\ndistapi.sys (*** hidden *** ) [MANUAL] NdisTapi <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\ndisuio.sys (*** hidden *** ) [MANUAL] Ndisuio <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\ndiswan.sys (*** hidden *** ) [MANUAL] NdisWan <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\netbios.sys (*** hidden *** ) [SYSTEM] NetBIOS <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\netbt.sys (*** hidden *** ) [SYSTEM] NetBT <-- ROOTKIT !!!
Service C:\WINDOWS\System32\svchost.exe (*** hidden *** ) [MANUAL] Nla <-- ROOTKIT !!!
Service C:\WINDOWS\System32\lsass.exe (*** hidden *** ) [DISABLED] NtLmSsp <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys (*** hidden *** ) [MANUAL] NwlnkFlt <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys (*** hidden *** ) [MANUAL] NwlnkFwd <-- ROOTKIT !!!
Service (*** hidden *** ) P3 <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\parport.sys (*** hidden *** ) [MANUAL] Parport <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\pci.sys (*** hidden *** ) [BOOT] PCI <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\pciide.sys (*** hidden *** ) [BOOT] PCIIde <-- ROOTKIT !!!
Service system32\drivers\pfc.sys (*** hidden *** ) [MANUAL] Pfc <-- ROOTKIT !!!
Service (*** hidden *** ) [AUTO] pjcovb37y2eoahe <-- ROOTKIT !!!
Service C:\WINDOWS\system32\HPZipm12.exe (*** hidden *** ) [MANUAL] Pml Driver HPZ12 <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\raspptp.sys (*** hidden *** ) [MANUAL] PptpMiniport <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\processr.sys (*** hidden *** ) [SYSTEM] Processor <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\psched.sys (*** hidden *** ) [MANUAL] PSched <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\ptilink.sys (*** hidden *** ) [MANUAL] Ptilink <-- ROOTKIT !!!
Service System32\Drivers\PxHelp20.sys (*** hidden *** ) [BOOT] PxHelp20 <-- ROOTKIT !!!
Service system32\DRIVERS\qv2kux.sys (*** hidden *** ) [MANUAL] QV2KUX <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\rasacd.sys (*** hidden *** ) [SYSTEM] RasAcd <-- ROOTKIT !!!
Service C:\WINDOWS\System32\svchost.exe (*** hidden *** ) [MANUAL] RasAuto <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\rasl2tp.sys (*** hidden *** ) [MANUAL] Rasl2tp <-- ROOTKIT !!!
Service C:\WINDOWS\System32\svchost.exe (*** hidden *** ) [MANUAL] RasMan <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\raspppoe.sys (*** hidden *** ) [MANUAL] RasPppoe <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\raspti.sys (*** hidden *** ) [MANUAL] Raspti <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\rdbss.sys (*** hidden *** ) [SYSTEM] Rdbss <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\rdpdr.sys (*** hidden *** ) [MANUAL] rdpdr <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\redbook.sys (*** hidden *** ) [SYSTEM] redbook <-- ROOTKIT !!!
Service C:\WINDOWS\System32\svchost.exe (*** hidden *** ) [DISABLED] RemoteAccess <-- ROOTKIT !!!
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [DISABLED] RemoteRegistry <-- ROOTKIT !!!
Service System32\DRIVERS\HSF_SAMP.sys (*** hidden *** ) [MANUAL] Rksample <-- ROOTKIT !!!
Service C:\WINDOWS\System32\locator.exe (*** hidden *** ) [MANUAL] RpcLocator <-- ROOTKIT !!!
Service C:\WINDOWS\System32\rsvp.exe (*** hidden *** ) [MANUAL] RSVP <-- ROOTKIT !!!
Service C:\Programmi\Symantec AntiVirus\SavRoam.exe (*** hidden *** ) [MANUAL] SavRoam <-- ROOTKIT !!!
Service C:\Programmi\Symantec AntiVirus\savrt.sys (*** hidden *** ) [SYSTEM] SAVRT <-- ROOTKIT !!!
Service C:\Programmi\Symantec AntiVirus\Savrtpel.sys (*** hidden *** ) [AUTO] SAVRTPEL <-- ROOTKIT !!!
Service C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (*** hidden *** ) [AUTO] SeaPort <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\secdrv.sys (*** hidden *** ) [AUTO] Secdrv <-- ROOTKIT !!!
Service C:\WINDOWS\System32\svchost.exe (*** hidden *** ) [AUTO] seclogon <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\serenum.sys (*** hidden *** ) [MANUAL] serenum <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\serial.sys (*** hidden *** ) [SYSTEM] Serial <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\sfloppy.sys (*** hidden *** ) [MANUAL] Sfloppy <-- ROOTKIT !!!
Service C:\WINDOWS\System32\svchost.exe (*** hidden *** ) [AUTO] SharedAccess <-- ROOTKIT !!!
Service system32\DRIVERS\SLIP.sys (*** hidden *** ) [MANUAL] SLIP <-- ROOTKIT !!!
Service C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe (*** hidden *** ) [MANUAL] SNDSrvc <-- ROOTKIT !!!
Service System32\DRIVERS\HSF_FAXX.sys (*** hidden *** ) [AUTO] SoftFax <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\sr.sys (*** hidden *** ) [BOOT] sr <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\srv.sys (*** hidden *** ) [MANUAL] Srv <-- ROOTKIT !!!
Service C:\WINDOWS\System32\svchost.exe (*** hidden *** ) [DISABLED] SSDPSRV <-- ROOTKIT !!!
Service C:\WINDOWS\System32\svchost.exe (*** hidden *** ) [AUTO] stisvc <-- ROOTKIT !!!
Service system32\DRIVERS\StreamIP.sys (*** hidden *** ) [MANUAL] streamip <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\swenum.sys (*** hidden *** ) [MANUAL] swenum <-- ROOTKIT !!!
Service C:\WINDOWS\System32\dllhost.exe (*** hidden *** ) [MANUAL] SwPrv <-- ROOTKIT !!!
Service C:\Programmi\Symantec AntiVirus\Rtvscan.exe (*** hidden *** ) [AUTO] Symantec AntiVirus <-- ROOTKIT !!!
Service C:\Programmi\Symantec\SYMEVENT.SYS (*** hidden *** ) [MANUAL] SymEvent <-- ROOTKIT !!!
Service System32\Drivers\SYMREDRV.SYS (*** hidden *** ) [MANUAL] SYMREDRV <-- ROOTKIT !!!
Service System32\Drivers\SYMTDI.SYS (*** hidden *** ) [SYSTEM] SYMTDI <-- ROOTKIT !!!
Service C:\WINDOWS\system32\smlogsvc.exe (*** hidden *** ) [DISABLED] SysmonLog <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\tcpip.sys (*** hidden *** ) [SYSTEM] Tcpip <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\termdd.sys (*** hidden *** ) [SYSTEM] TermDD <-- ROOTKIT !!!
Service C:\WINDOWS\System32\tlntsvr.exe (*** hidden *** ) [MANUAL] TlntSvr <-- ROOTKIT !!!
Service System32\DRIVERS\HSF_TONE.sys (*** hidden *** ) [AUTO] Tones <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\update.sys (*** hidden *** ) [MANUAL] Update <-- ROOTKIT !!!
Service C:\WINDOWS\System32\svchost.exe (*** hidden *** ) [DISABLED] upnphost <-- ROOTKIT !!!
Service System32\Drivers\usbaapl.sys (*** hidden *** ) [MANUAL] USBAAPL <-- ROOTKIT !!!
Service system32\drivers\usbaudio.sys (*** hidden *** ) [MANUAL] usbaudio <-- ROOTKIT !!!
Service system32\DRIVERS\usbccgp.sys (*** hidden *** ) [MANUAL] usbccgp <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\usbhub.sys (*** hidden *** ) [MANUAL] usbhub <-- ROOTKIT !!!
Service system32\DRIVERS\usbprint.sys (*** hidden *** ) [MANUAL] usbprint <-- ROOTKIT !!!
Service system32\DRIVERS\usbscan.sys (*** hidden *** ) [MANUAL] usbscan <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\usbuhci.sys (*** hidden *** ) [MANUAL] usbuhci <-- ROOTKIT !!!
Service C:\WINDOWS\system32\DRIVERS\usb8023.sys (*** hidden *** ) [MANUAL] USB_RNDIS <-- ROOTKIT !!!
Service C:\WINDOWS\system32\UTSCSI.EXE (*** hidden *** ) [AUTO] UTSCSI <-- ROOTKIT !!!
Service system32\DRIVERS\V0260Vid.sys (*** hidden *** ) [MANUAL] V0260VID <-- ROOTKIT !!!
Service System32\DRIVERS\HSF_V124.sys (*** hidden *** ) [AUTO] V124 <-- ROOTKIT !!!
Service (*** hidden *** ) VxD <-- ROOTKIT !!!
Service System32\drivers\fofrcnb.sys (*** hidden *** ) [BOOT] wahjf <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\wanarp.sys (*** hidden *** ) [MANUAL] Wanarp <-- ROOTKIT !!!
Service C:\WINDOWS\System32\svchost.exe (*** hidden *** ) [AUTO] WebClient <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys (*** hidden *** ) [MANUAL] winachsf <-- ROOTKIT !!!
Service (*** hidden *** ) [MANUAL] Winsock - Google Desktop Search Backup Before First Install <-- ROOTKIT !!!
Service (*** hidden *** ) [MANUAL] Winsock - Google Desktop Search Backup Before Last Install <-- ROOTKIT !!!
Service (*** hidden *** ) Winsock2 - Google Desktop Search Backup Before First Install <-- ROOTKIT !!!
Service (*** hidden *** ) Winsock2 - Google Desktop Search Backup Before Last Install <-- ROOTKIT !!!
Service C:\WINDOWS\System32\wbem\wmiapsrv.exe (*** hidden *** ) [MANUAL] WmiApSrv <-- ROOTKIT !!!
Service system32\DRIVERS\wpdusb.sys (*** hidden *** ) [MANUAL] WpdUsb <-- ROOTKIT !!!
Service C:\WINDOWS\System32\drivers\ws2ifsl.sys (*** hidden *** ) [DISABLED] WS2IFSL <-- ROOTKIT !!!
Service system32\DRIVERS\WSTCODEC.SYS (*** hidden *** ) [MANUAL] WSTCODEC <-- ROOTKIT !!!
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] wuauserv <-- ROOTKIT !!!
Service system32\DRIVERS\WudfPf.sys (*** hidden *** ) [BOOT] WudfPf <-- ROOTKIT !!!
Service system32\DRIVERS\wudfrd.sys (*** hidden *** ) [MANUAL] WudfRd <-- ROOTKIT !!!
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] WudfSvc <-- ROOTKIT !!!
Service system32\DRIVERS\yukonwxp.sys (*** hidden *** ) [MANUAL] yukonwxp <-- ROOTKIT !!!
Service (*** hidden *** ) {0A220682-7961-4B4E-B6F2-AB8127E68BC5} <-- ROOTKIT !!!
Service (*** hidden *** ) {8E926BA7-04B4-4EC4-8235-37CE70BFDE7B} <-- ROOTKIT !!!
---- EOF - GMER 1.0.15 ----
 Mi pare moltro strano dopo soli due giorni di attività (e ho fatto veramente poco!). Inoltre la maggior parte delle rilevazioni mi pare roba di default di Windows, driver, etc... Qual'è la vostra opinione? Ha toppato questa volta GMER? 
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 11:25.
