Autor Zpráva
MaxDJs
Profil *
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-06-14 09:01:44
Windows 5.1.2600 Service Pack 3


---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Billy\Billy.exe[180] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B95BB0 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll
.text C:\wincmd\TOTALCMD.EXE[376] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10005BB0 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll
.text C:\DOCUME~1\TOM~1\LOCALS~1\Temp\_tc\gmer.exe[640] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10005BB0 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[828] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [ C2, 04, 00, 00 ]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1076] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10005BB0 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1100] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10005BB0 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll
.text C:\Program Files\Desktop Sidebar\dsidebar.exe[1132] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10005BB0 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll
.text C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe[1144] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10005BB0 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll
.text C:\Program Files\QIP\qip.exe[1168] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10005BB0 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll
.text ...

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\nvata \Device\00000081 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)

Device \Driver\nvata \Device\NvAta0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\nvata \Device\NvAta1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\nvata \Device\NvAta2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\USBSTOR \Device\0000008a sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\USBSTOR \Device\0000008b sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION
---- EOF - GMER 1.0.14 --------


Zdravím,

potřebuji zařídit aby se v testovaném logu(který sem zadal pomocí formuláře) výskyt položek

např.:
Reg      \Registry\MACHINE\SYSTEM\ControlSet001\Services\sysbus32                     
Reg      \Registry\MACHINE\SYSTEM\ControlSet001\Services\sysbus32@Type                
Reg      \Registry\MACHINE\SYSTEM\ControlSet001\Services\sysbus32@ErrorControl        
Reg      \Registry\MACHINE\SYSTEM\ControlSet001\Services\sysbus32@Start              
Reg      \Registry\MACHINE\SYSTEM\ControlSet001\Services\sysbus32@ImagePath  System32\DRIVERS\sysbus32.sys
Reg      \Registry\MACHINE\SYSTEM\ControlSet001\Services\sysbus32@ExtParam           
Reg      \Registry\MACHINE\SYSTEM\ControlSet003\Services\sysbus32                     
Reg      \Registry\MACHINE\SYSTEM\ControlSet003\Services\sysbus32@Type                
Reg      \Registry\MACHINE\SYSTEM\ControlSet003\Services\sysbus32@ErrorControl        
Reg      \Registry\MACHINE\SYSTEM\ControlSet003\Services\sysbus32@Start               
Reg      \Registry\MACHINE\SYSTEM\ControlSet003\Services\sysbus32@ImagePath           System32\DRIVERS\sysbus32.sys
Reg      \Registry\MACHINE\SYSTEM\ControlSet003\Services\sysbus32@ExtParam            
Reg      \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\sysbus32                 
Reg      \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\sysbus32@Type            
Reg      \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\sysbus32@ErrorControl    
Reg      \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\sysbus32@Start           
Reg      \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\sysbus32@ImagePath       System32\DRIVERS\sysbus32.sys
Reg      \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\sysbus32@ExtParam        


a tam kde se to shoduje tak aby se to zvýraznilo červenou barvou

Bylo by mi možno poradit nějáký skript?

Děkuji za odpověď
Taps
Profil
MaxDJs
zkus použít regulární výrazy,popř pole a strpos

Vaše odpověď

Mohlo by se hodit


Prosím používejte diakritiku a interpunkci.

Ochrana proti spamu. Napište prosím číslo dvě-sta čtyřicet-sedm: