cybercontrol
Nuovo Utente
- Messaggi
- 23
- Reazioni
- 1
- Punteggio
- 25
ho rilevato delle connessioni anomale su alcune porte , per cui ho provato a lanciare il tool anti rootkit visto che l'antivirus non rileva nulla, mi segnala numerosi problemi il tool , avrei bisogno del vosto intervento per identificare i falsi positivi ed evitare problemi .
grazie
grazie
Codice:
+----------------------------------------------------
| Trend Micro RootkitBuster
| Module version: 5.0.0.1061
| Computer Name:
| OS version:
| User Name:
+----------------------------------------------------
--== Dump Hidden MBR, Hidden Files and Alternate Data Streams on C:\ ==--
No hidden files found.
--== Dump Hidden Registry Value on HKLM ==--
[HIDDEN_REGISTRY][Hidden Reg Value]:
KeyPath : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\Teredo
Root : 74bb0ac
SubKey : Teredo
ValueName : Collection
Data :
ValueType : 3
AccessType: 0
FullLength: 90
DataSize : 8
1 hidden registry entries found.
--== Dump Hidden Process ==--
No hidden processes found.
--== Dump Hidden Driver ==--
No hidden drivers found.
--== Service Win32 API Hook List ==--
[HOOKED_SERVICE_API]:
Service API : ZwAlertResumeThread
Image Path :
OriginalHandler : 0x82f20ca9
CurrentHandler : 0x85f8aa40
ServiceNumber : 0xd
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwAlertThread
Image Path :
OriginalHandler : 0x82e73bc0
CurrentHandler : 0x85fa1008
ServiceNumber : 0xe
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwAllocateVirtualMemory
Image Path :
OriginalHandler : 0x82e6cbcc
CurrentHandler : 0x85f70558
ServiceNumber : 0x13
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwAlpcConnectPort
Image Path :
OriginalHandler : 0x82eb844e
CurrentHandler : 0x85e8e210
ServiceNumber : 0x16
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwAssignProcessToJobObject
Image Path :
OriginalHandler : 0x82e41fca
CurrentHandler : 0x85f6df00
ServiceNumber : 0x2b
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateMutant
Image Path :
OriginalHandler : 0x82e5328e
CurrentHandler : 0x85fa1470
ServiceNumber : 0x4a
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateSymbolicLinkObject
Image Path :
OriginalHandler : 0x82e448ed
CurrentHandler : 0x85f6d998
ServiceNumber : 0x56
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateThread
Image Path : C:\Windows\system32\DRIVERS\ehdrv.sys
OriginalHandler : 0x82f1eed6
CurrentHandler : 0x8cd3a7f0
ServiceNumber : 0x57
ModuleName : ehdrv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateThreadEx
Image Path :
OriginalHandler : 0x82eb334b
CurrentHandler : 0x85f6da88
ServiceNumber : 0x58
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwDebugActiveProcess
Image Path :
OriginalHandler : 0x82ef0db0
CurrentHandler : 0x85f87760
ServiceNumber : 0x60
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwDuplicateObject
Image Path :
OriginalHandler : 0x82e7465a
CurrentHandler : 0x85f87f80
ServiceNumber : 0x6f
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwFreeVirtualMemory
Image Path :
OriginalHandler : 0x82cfc47a
CurrentHandler : 0x85edab60
ServiceNumber : 0x83
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwImpersonateAnonymousToken
Image Path :
OriginalHandler : 0x82e388bc
CurrentHandler : 0x85fa1540
ServiceNumber : 0x91
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwImpersonateThread
Image Path :
OriginalHandler : 0x82ebc84c
CurrentHandler : 0x85fa1088
ServiceNumber : 0x93
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwLoadDriver
Image Path :
OriginalHandler : 0x82e08bfc
CurrentHandler : 0x85b2e058
ServiceNumber : 0x9b
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwMapViewOfSection
Image Path :
OriginalHandler : 0x82e89512
CurrentHandler : 0x85edaa80
ServiceNumber : 0xa8
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenEvent
Image Path :
OriginalHandler : 0x82e52c8a
CurrentHandler : 0x85f87d48
ServiceNumber : 0xb1
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenProcess
Image Path :
OriginalHandler : 0x82e54ad4
CurrentHandler : 0x85fe0670
ServiceNumber : 0xbe
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenProcessToken
Image Path :
OriginalHandler : 0x82ea721f
CurrentHandler : 0x85fa1210
ServiceNumber : 0xbf
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenSection
Image Path :
OriginalHandler : 0x82eac89b
CurrentHandler : 0x85f87bf8
ServiceNumber : 0xc2
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenThread
Image Path :
OriginalHandler : 0x82ea0f95
CurrentHandler : 0x85fa1290
ServiceNumber : 0xc6
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwProtectVirtualMemory
Image Path :
OriginalHandler : 0x82e85581
CurrentHandler : 0x85f6de10
ServiceNumber : 0xd7
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwResumeThread
Image Path :
OriginalHandler : 0x82eb3572
CurrentHandler : 0x85e8c570
ServiceNumber : 0x130
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSetInformationProcess
Image Path :
OriginalHandler : 0x82e7b76d
CurrentHandler : 0x85eda928
ServiceNumber : 0x14d
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSetSystemInformation
Image Path :
OriginalHandler : 0x82e9126c
CurrentHandler : 0x85f87840
ServiceNumber : 0x15e
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSuspendProcess
Image Path :
OriginalHandler : 0x82f20be3
CurrentHandler : 0x85f87c88
ServiceNumber : 0x16e
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSuspendThread
Image Path :
OriginalHandler : 0x82ed8085
CurrentHandler : 0x85fe08d8
ServiceNumber : 0x16f
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSystemDebugControl
Image Path : C:\Windows\system32\DRIVERS\ehdrv.sys
OriginalHandler : 0x82ec86bc
CurrentHandler : 0x8cd3a830
ServiceNumber : 0x170
ModuleName : ehdrv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwTerminateProcess
Image Path :
OriginalHandler : 0x82e9dbcd
CurrentHandler : 0x85eda070
ServiceNumber : 0x172
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwTerminateThread
Image Path :
OriginalHandler : 0x82ebb584
CurrentHandler : 0x85fe0ae0
ServiceNumber : 0x173
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwUnmapViewOfSection
Image Path :
OriginalHandler : 0x82ea785a
CurrentHandler : 0x85f70100
ServiceNumber : 0x181
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwWriteVirtualMemory
Image Path :
OriginalHandler : 0x82ea292a
CurrentHandler : 0x85f70180
ServiceNumber : 0x18f
ModuleName :
SDTType : 0x0
No hidden operating system service hooks found.
--== Dump Hidden Port ==--
No hidden ports found.
--== Dump Kernel Code Patching ==--
No kernel code patching detected.
--== Dump Hidden Services ==--
[HIDDEN_SERVICE]:
Service name : .NET CLR Data
ImagePath : C:\Windows\system32\drivers\.NET CLR Data.sys
Display name :
[HIDDEN_SERVICE]:
Service name : .NET CLR Networking
ImagePath : C:\Windows\system32\drivers\.NET CLR Networking.sys
Display name :
[HIDDEN_SERVICE]:
Service name : .NET Data Provider for Oracle
ImagePath : C:\Windows\system32\drivers\.NET Data Provider for Oracle.sys
Display name :
[HIDDEN_SERVICE]:
Service name : .NET Data Provider for SqlServer
ImagePath : C:\Windows\system32\drivers\.NET Data Provider for SqlServer.sys
Display name :
[HIDDEN_SERVICE]:
Service name : .NETFramework
ImagePath : C:\Windows\system32\drivers\.NETFramework.sys
Display name :
[HIDDEN_SERVICE]:
Service name : adsi
ImagePath : C:\Windows\system32\drivers\adsi.sys
Display name :
[HIDDEN_SERVICE]:
Service name : BattC
ImagePath : C:\Windows\system32\drivers\BattC.sys
Display name :
[HIDDEN_SERVICE]:
Service name : BTHPORT
ImagePath : C:\Windows\system32\drivers\BTHPORT.sys
Display name :
[HIDDEN_SERVICE]:
Service name : crypt32
ImagePath : C:\Windows\system32\drivers\crypt32.sys
Display name :
[HIDDEN_SERVICE]:
Service name : DCLocator
ImagePath : C:\Windows\system32\drivers\DCLocator.sys
Display name :
[HIDDEN_SERVICE]:
Service name : ESENT
ImagePath : C:\Windows\system32\drivers\ESENT.sys
Display name :
[HIDDEN_SERVICE]:
Service name : Fs_Rec
ImagePath : C:\Windows\system32\drivers\Fs_Rec.sys
Display name :
[HIDDEN_SERVICE]:
Service name : inetaccs
ImagePath : C:\Windows\system32\drivers\inetaccs.sys
Display name :
[HIDDEN_SERVICE]:
Service name : ldap
ImagePath : C:\Windows\system32\drivers\ldap.sys
Display name :
[HIDDEN_SERVICE]:
Service name : Lsa
ImagePath : C:\Windows\system32\drivers\Lsa.sys
Display name :
[HIDDEN_SERVICE]:
Service name : MSDTC Bridge 3.0.0.0
ImagePath : C:\Windows\system32\drivers\MSDTC Bridge 3.0.0.0.sys
Display name :
[HIDDEN_SERVICE]:
Service name : MSSCNTRS
ImagePath : C:\Windows\system32\drivers\MSSCNTRS.sys
Display name :
[HIDDEN_SERVICE]:
Service name : NTDS
ImagePath : C:\Windows\system32\drivers\NTDS.sys
Display name :
[HIDDEN_SERVICE]:
Service name : PerfDisk
ImagePath : C:\Windows\system32\drivers\PerfDisk.sys
Display name :
[HIDDEN_SERVICE]:
Service name : PerfNet
ImagePath : C:\Windows\system32\drivers\PerfNet.sys
Display name :
[HIDDEN_SERVICE]:
Service name : PerfOS
ImagePath : C:\Windows\system32\drivers\PerfOS.sys
Display name :
[HIDDEN_SERVICE]:
Service name : PerfProc
ImagePath : C:\Windows\system32\drivers\PerfProc.sys
Display name :
[HIDDEN_SERVICE]:
Service name : PortProxy
ImagePath : C:\Windows\system32\drivers\PortProxy.sys
Display name :
[HIDDEN_SERVICE]:
Service name : RDPDD
ImagePath : C:\Windows\system32\drivers\RDPDD.sys
Display name :
[HIDDEN_SERVICE]:
Service name : RDPNP
ImagePath : C:\Windows\system32\drivers\RDPNP.sys
Display name :
[HIDDEN_SERVICE]:
Service name : RDPUDD
ImagePath : C:\Windows\system32\drivers\RDPUDD.sys
Display name :
[HIDDEN_SERVICE]:
Service name : ServiceModelEndpoint 3.0.0.0
ImagePath : C:\Windows\system32\drivers\ServiceModelEndpoint 3.0.0.0.sys
Display name :
[HIDDEN_SERVICE]:
Service name : ServiceModelOperation 3.0.0.0
ImagePath : C:\Windows\system32\drivers\ServiceModelOperation 3.0.0.0.sys
Display name :
[HIDDEN_SERVICE]:
Service name : ServiceModelService 3.0.0.0
ImagePath : C:\Windows\system32\drivers\ServiceModelService 3.0.0.0.sys
Display name :
[HIDDEN_SERVICE]:
Service name : SMSvcHost 3.0.0.0
ImagePath : C:\Windows\system32\drivers\SMSvcHost 3.0.0.0.sys
Display name :
[HIDDEN_SERVICE]:
Service name : TCPIP6TUNNEL
ImagePath : C:\Windows\system32\drivers\TCPIP6TUNNEL.sys
Display name :
[HIDDEN_SERVICE]:
Service name : TCPIPTUNNEL
ImagePath : C:\Windows\system32\drivers\TCPIPTUNNEL.sys
Display name :
[HIDDEN_SERVICE]:
Service name : TSDDD
ImagePath : C:\Windows\system32\drivers\TSDDD.sys
Display name :
[HIDDEN_SERVICE]:
Service name : UGatherer
ImagePath : C:\Windows\system32\drivers\UGatherer.sys
Display name :
[HIDDEN_SERVICE]:
Service name : UGTHRSVC
ImagePath : C:\Windows\system32\drivers\UGTHRSVC.sys
Display name :
[HIDDEN_SERVICE]:
Service name : W3SVC
ImagePath : C:\Windows\system32\drivers\W3SVC.sys
Display name :
[HIDDEN_SERVICE]:
Service name : Windows Workflow Foundation 3.0.0.0
ImagePath : C:\Windows\system32\drivers\Windows Workflow Foundation 3.0.0.0.sys
Display name :
[HIDDEN_SERVICE]:
Service name : Winsock
ImagePath : C:\Windows\system32\drivers\Winsock.sys
Display name :
[HIDDEN_SERVICE]:
Service name : WinSock2
ImagePath : C:\Windows\system32\drivers\WinSock2.sys
Display name :
[HIDDEN_SERVICE]:
Service name : WmiApRpl
ImagePath : C:\Windows\system32\drivers\WmiApRpl.sys
Display name :
[HIDDEN_SERVICE]:
Service name : WSearchIdxPi
ImagePath : C:\Windows\system32\drivers\WSearchIdxPi.sys
Display name :
[HIDDEN_SERVICE]:
Service name : xmlprov
ImagePath : C:\Windows\system32\drivers\xmlprov.sys
Display name :
[HIDDEN_SERVICE]:
Service name : {BD7D0074-904D-4586-8AA2-7F88A0F23832}
ImagePath : C:\Windows\system32\drivers\{BD7D0074-904D-4586-8AA2-7F88A0F23832}.sys
Display name :
43 hidden services found.