Autor | Zpráva | ||
---|---|---|---|
MaxDJs Profil * |
#1 · Zasláno: 15. 4. 2009, 14:59:20
GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-06-14 09:01:44 Windows 5.1.2600 Service Pack 3 ---- User code sections - GMER 1.0.14 ---- .text C:\Program Files\Billy\Billy.exe[180] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B95BB0 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll .text C:\wincmd\TOTALCMD.EXE[376] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10005BB0 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll .text C:\DOCUME~1\TOM~1\LOCALS~1\Temp\_tc\gmer.exe[640] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10005BB0 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[828] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [ C2, 04, 00, 00 ] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1076] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10005BB0 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll .text C:\Program Files\ESET\ESET Smart Security\egui.exe[1100] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10005BB0 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll .text C:\Program Files\Desktop Sidebar\dsidebar.exe[1132] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10005BB0 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll .text C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe[1144] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10005BB0 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll .text C:\Program Files\QIP\qip.exe[1168] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10005BB0 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll .text ... ---- Devices - GMER 1.0.14 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (Eset Personal Firewall TDI filter/ESET) AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET) Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\nvata \Device\00000081 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET) AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET) Device \Driver\nvata \Device\NvAta0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\nvata \Device\NvAta1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\nvata \Device\NvAta2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\USBSTOR \Device\0000008a sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\USBSTOR \Device\0000008b sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET) ---- Registry - GMER 1.0.14 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION ---- EOF - GMER 1.0.14 -------- Zdravím, potřebuji zařídit aby se v testovaném logu(který sem zadal pomocí formuláře) výskyt položek např.: Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\sysbus32 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\sysbus32@Type Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\sysbus32@ErrorControl Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\sysbus32@Start Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\sysbus32@ImagePath System32\DRIVERS\sysbus32.sys Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\sysbus32@ExtParam Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\sysbus32 Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\sysbus32@Type Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\sysbus32@ErrorControl Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\sysbus32@Start Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\sysbus32@ImagePath System32\DRIVERS\sysbus32.sys Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\sysbus32@ExtParam Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\sysbus32 Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\sysbus32@Type Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\sysbus32@ErrorControl Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\sysbus32@Start Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\sysbus32@ImagePath System32\DRIVERS\sysbus32.sys Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\sysbus32@ExtParam a tam kde se to shoduje tak aby se to zvýraznilo červenou barvou Bylo by mi možno poradit nějáký skript? Děkuji za odpověď |
||
Taps Profil |
#2 · Zasláno: 15. 4. 2009, 16:17:30
MaxDJs
zkus použít regulární výrazy,popř pole a strpos |
||
Časová prodleva: 15 let
|
0