Results 1 to 3 of 3

Thread: Do I have a rootkit on my computer, here are the recent scans of avira and GMER.

  1. #1
    Member
    Join Date
    Jan 2009
    Posts
    47

    Do I have a rootkit on my computer, here are the recent scans of avira and GMER.

    Hello, I did a scan with avira, it found 4 hidden files. Then I Did a scan with GMER, I am not sure if it found a rootkit or not. Will someone help me ? I am not sure if it is a rootkit or just a false alarm. I am running windows 7 64bit.
    Here are the files GMER found:


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\001bdc002bb8
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\001bdc002bb8@0002761463a9 0x9C 0xA5 0xC0 0xF9 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\001bdc00318b
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\001bdc00318b@0002762683ae 0xAC 0x78 0x0B 0xE3 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\001bdc0f4a42
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\001bdc0f4a42@0002762bbcd7 0x50 0x17 0xA7 0xC1 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\001bdc002bb8 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\001bdc002bb8@0002761463a9 0x9C 0xA5 0xC0 0xF9 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\001bdc00318b (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\001bdc00318b@0002762683ae 0xAC 0x78 0x0B 0xE3 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\001bdc0f4a42 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\001bdc0f4a42@0002762bbcd7 0x50 0x17 0xA7 0xC1 ...

    ---- EOF - GMER 1.0.15 ----
    Here is what Avira found:
    Start of the scan: Wednesday, June 08, 2011 16:52

    Starting search for hidden objects.
    C:\Program Files\Common Files\Microsoft Shared\Windows Live
    C:\Program Files\Common Files\Microsoft Shared\Windows Live
    [NOTE] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Applets\SysTray\BattMeter\Flyout\381b42 22-f694-41f0-9685-ff5bb260df2e
    [NOTE] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Applets\SysTray\BattMeter\Flyout\8c5e7f da-e8bf-4a96-9a85-a6e23a8c635c
    [NOTE] The registry entry is invisible.
    c:\program files (x86)\microsoft works\wkscal.exe
    c:\program files (x86)\microsoft works\wkscal.exe
    [NOTE] The process is not visible.

    The scan of running processes will be started
    Scan process 'avscan.exe' - '74' Module(s) have been scanned
    Scan process 'avscan.exe' - '29' Module(s) have been scanned
    Scan process 'Expert8.exe' - '47' Module(s) have been scanned
    Scan process 'avgnt.exe' - '70' Module(s) have been scanned
    Scan process 'WkCalRem.exe' - '25' Module(s) have been scanned
    Scan process 'DPAgent.exe' - '50' Module(s) have been scanned
    Scan process 'LSSrvc.exe' - '25' Module(s) have been scanned
    Scan process 'HPDrvMntSvc.exe' - '19' Module(s) have been scanned
    Scan process 'CinemanowSvc.exe' - '35' Module(s) have been scanned
    Scan process 'avguard.exe' - '69' Module(s) have been scanned
    Scan process 'sched.exe' - '50' Module(s) have been scanned
    Scan process 'a2service.exe' - '41' Module(s) have been scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!
    Boot sector 'E:\'
    [INFO] No virus was found!

    Starting to scan executable files (registry).
    The registry was scanned ( '100' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\ProgramData\Microsoft\WLSetup\wlt82C3.tmp
    [0] Archive type: CAB (Microsoft)
    --> WriterProdLang.7z
    [1] Archive type: 7-Zip
    --> WriterProdLang.cab
    [2] Archive type: CAB (Microsoft)
    --> writerprodlang.msi
    [WARNING] The file could not be read!
    C:\ProgramData\Microsoft\WLSetup\wlt8534.tmp
    [0] Archive type: CAB (Microsoft)
    --> LanguageSelector64.7z
    [1] Archive type: 7-Zip
    --> LanguageSelector64.cab
    [2] Archive type: CAB (Microsoft)
    --> LanguageSelector64.msi
    [WARNING] The file could not be read!
    Begin scan in 'D:\' <RECOVERY>
    Begin scan in 'E:\' <HP_TOOLS>


    End of the scan: Wednesday, June 08, 2011 17:50
    Used time: 58:09 Minute(s)

    The scan has been done completely.

    30402 Scanned directories
    550843 Files were scanned
    0 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 files were deleted
    0 Viruses and unwanted programs were repaired
    0 Files were moved to quarantine
    0 Files were renamed
    0 Files cannot be scanned
    550843 Files not concerned
    2752 Archives were scanned
    2 Warnings
    4 Notes
    484546 Objects were scanned with rootkit scan
    4 Hidden objects were found

  2. #2
    Lifetime Friend of Staff
    Join Date
    May 2007
    Location
    Sheboygan, WI
    Posts
    3,921
    Our sister site is where you can get good help getting that cleaned up.

    http://discussions.virtualdr.com/sho...d.php?t=167915

  3. #3
    Lifetime Friend of Staff
    Join Date
    May 2007
    Location
    Sheboygan, WI
    Posts
    3,921

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •