|
|||||||
|
|
|
 |
|
|
Strumenti |
10-01-2007, 18:53
|
#1 |
|
Senior Member
Iscritto dal: Apr 2004
Messaggi: 1675
|
Ho un rootkit ???
ho fatto una scansione con GMER e nella tabella Rootkit c'è questo:
GMER 1.0.12.12011 - http://www.gmer.net Rootkit scan 2007-01-10 19:48:48 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.12 ---- SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateValueKey SSDT \??\C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS ZwQueryDirectoryFile SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQuerySystemInformation Code \??\C:\WINDOWS\system32\drivers\klif.sys FsRtlCheckLockForReadAccess Code \??\C:\WINDOWS\system32\drivers\klif.sys IoIsOperationSynchronous ---- Devices - GMER 1.0.12 ---- Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 823641D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 823641D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 823641D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 823641D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 823641D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 823641D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 823641D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 823641D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 823641D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 823641D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 823641D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 823641D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 823641D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 823641D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 823641D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 823641D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 823641D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 823641D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 823641D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 823641D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 823641D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 823641D8 ---- Threads - GMER 1.0.12 ---- Thread 4:168 82104A20 Thread 4:172 820E2C60 Thread 4:176 820E2C60 Thread 4:420 82104A20 ---- EOF - GMER 1.0.12 ---- c'è o non c'è ??? 
|
|
|
|
10-01-2007, 19:11
|
#2 |
|
Senior Member
Iscritto dal: Nov 2006
Messaggi: 1886
|
Ciao, io credevo che gmer segnalasse in colore rosso i processi "HIDDEN" ( nascosti ) trovati, onestamente non so rispondere alla tua domanda, però ti suggerisco il thread:
gmer e analisi dei suoi logs [tread ufficiale] http://www.hwupgrade.it/forum/showthread.php?t=1372589 sicuramente lì troverai attenzione  e le risposte che cerchi  ciao |
|
|
|
|
10-01-2007, 19:14
|
#3 |
|
Senior Member
Iscritto dal: Apr 2004
Messaggi: 1675
|
ok grazie
 cmq la lista è molto piu' lunga solo che non riesco ad editare ( sia Firefox che Opera ), mi fa scaricare la pagina editpost.php
|
|
|
|
|
11-01-2007, 13:47
|
#4 | |
|
Senior Member
Iscritto dal: Apr 2006
Messaggi: 22462
|
Quote:
__________________
amd a64x2 4400+ sk939;asus a8n-sli; 2x1gb ddr400; x850 crossfire; 2 x western digital abys 320gb|| asus g1
Se striscia fulmina, se svolazza l'ammazza |
|
|
|
|
|
11-01-2007, 15:14
|
#5 | |
|
Senior Member
Iscritto dal: Nov 2006
Città: Monza (MI)
Messaggi: 3329
|
Quote:
__________________
CM Haf 932 Advanced | EVGA Supernova 750 G5 | Asus ROG Maximus X Hero | i7 8700k @ 4.8 cooled by Noctua NH-D15 | G.Skill DDR4 Trident Z RGB 2x8GB @ 4133 MHz 1,45v | Asus ROG STRIX GTX 1080 Ti OC | Samsung 970 EvoPlus 500GB | Samsung 840 Pro 128 GB | WD Caviar Blue 1TB | AOC 24G2U/BK | Corsair K70 (CMX Red ) | Logitech G-Pro Wireless | Fnatic FOCUS V2 | HyperX Cloud II | Win 10 Pro X64 | Vodafone FTTH 1000/200 Toshiba L50-A-1EL + Samsung 830 128 GB |
|
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 10:48.
