|
|||||||
|
|
|
 |
|
|
Strumenti |
28-10-2008, 09:23
|
#1 |
|
Senior Member
Iscritto dal: Apr 2006
Messaggi: 424
|
aiuto con log di GMER ?
Chi mi da un occhio su questo log di gmer del mio pc in
Ufficio ? che dite tutto ok ? grazieee GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-10-23 15:59:34 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.14 ---- SSDT E2A4B630 ZwConnectPort SSDT \??\C:\Programmi\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAA99DF20] SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xA9FDC6D0] ---- Kernel code sections - GMER 1.0.14 ---- ? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys Impossibile trovare il file specificato. ! ? C:\WINDOWS\system32\Drivers\PROCEXP100.SYS Impossibile trovare il file specificato. ! ? C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\aswArKrn.sys Impossibile trovare il file specificato. ! ---- User code sections - GMER 1.0.14 ---- .text C:\WINDOWS\Explorer.EXE[1664] SHELL32.dll!SHFileOperationW 7CA7FF28 5 Bytes JMP 018D1102 C:\Documents and Settings\Administrator\Documenti\JCM archivio-old\wincm\wincmm\MIX\ - Utility\PC problemi\win_care\Sblocco PRG\Unlocker\UnlockerHook.dll .text C:\Windows\Explorer.exe[3352] SHELL32.dll!SHFileOperationW 7CA7FF28 5 Bytes JMP 10001102 C:\Documents and Settings\Administrator\Documenti\JCM archivio-old\wincm\wincmm\MIX\ - Utility\PC problemi\win_care\Sblocco PRG\Unlocker\UnlockerHook.dll ---- Devices - GMER 1.0.14 ---- AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \FileSystem\Fastfat \Fat FLTMGR.SYS (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00015300cf08 Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00015300cf08 Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00015300cf08 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@NoPopUpsOnBoot 1 ---- Files - GMER 1.0.14 ---- File C:\Documents and Settings\Administrator\Documenti\archivio-old\wincm\wincmm\2008\Mag 2008\Program_MIX\MIX - 2008\2008\MIX\GENNAIO 2008\sonic\CODEC_WMP11\wmplugins_com - The place to find and share plug-ins, skins, and visualizations to enhance your Windows Media experience_file\arrow_yellow.gif 47 bytes File C:\Documents and Settings\Administrator\Documenti\archivio-old\wincm\wincmm\2008\Mag 2008\Program_MIX\MIX - 2008\2008\MIX\GENNAIO 2008\sonic\CODEC_WMP11\wmplugins_com - The place to find and share plug-ins, skins, and visualizations to enhance your Windows Media experience_file\btn_go_home.gif 508 bytes segue una miriade di file !!! ---- EOF - GMER 1.0.14 ---- |
|
|
28-10-2008, 09:24
|
#2 |
|
Senior Member
Iscritto dal: Apr 2006
Messaggi: 424
|
e il mio....
Chi e’ cosi gentile di darmi un occhio su questo report di GMER
Del mio pc di casa: GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-10-23 12:59:40 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.14 ---- SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwClose [0xF4317606] SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0xF431705A] SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateKey [0xF4316D3C] SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0xF4318652] SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteKey [0xF4316E46] SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey [0xF4316F30] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF424C0AC] SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwLoadDriver [0xF43178CC] SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0xF4317362] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF424C5AE] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF424BFEC] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF424C050] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF424C6CE] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF424C68E] SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwSetValueKey [0xF4316BBA] SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess [0xF4317814] SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xB98626D0] SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0xF4317494] ---- Kernel code sections - GMER 1.0.14 ---- ? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys Impossibile trovare il file specificato. ! ---- User IAT/EAT - GMER 1.0.14 ---- IAT C:\WINDOWS\system32\services.exe[1060] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002 IAT C:\WINDOWS\system32\services.exe[1060] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000 ---- Devices - GMER 1.0.14 ---- AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Ahead Software AG) ---- Disk sectors - GMER 1.0.14 ---- Disk \Device\Harddisk0\DR0 sector 62: copy of MBR ---- EOF - GMER 1.0.14 ---- per questo ultimo in particolare: MBR.exe -f in modealita'provvisoria: Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK copy of MBR has been found in sector 62 ! MBR.exe in modalita' normale: Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK copy of MBR has been found in sector 62 ! |
|
|
|
28-10-2008, 11:01
|
#3 |
|
Senior Member
Iscritto dal: Feb 2007
Città: Roma
Messaggi: 2155
|
Non volermene, ma queste richieste andrebbero fatte nel thread apposito:
gmer e analisi dei suoi logs [tread ufficiale] 
__________________
Kaspersky Virus Removal Tool | Avira AntiVir Rescue System | Threatfire in Italiano | Norton User Account Control (beta) La tua prossima affermazione sarà un No? Rispondi con un Si o un No.
 |
|
|
|
28-10-2008, 13:20
|
#4 |
|
Senior Member
Iscritto dal: Nov 2001
Città: Fidenza(pr) da Trento
Messaggi: 27479
|
colgo l'occasione per ricordare l'esistenza del Thread Importanti nato con lo scopo d'agevolare le ricerche agli utenti
questo verrà chiuso essendo thread doppione ps: grazie nuz 
__________________
"Visti da vicino siamo tutti strani..." ~|~ What Defines a Community? ~|~ Thread eMule Ufficiale ~|~ Online Armor in Italiano ~|~ Regole di Sezione ~|► Guida a PrivateFirewall
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 02:29.
