artem17 0 Napisano 21 Maja 2018 Udostępnij Napisano 21 Maja 2018 Witam. Gmer wykrył troche rzeczy, nie wiem czy to wirusy, proszę o ocene Logów z niego. Dodam, że Kaspersky, Adwcleaner i HitmanPro, nie wykrywa nic.....) Mam win XP GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2018-05-21 19:15:01 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e WDC_WD20EARX-00PASB0 rev.51.0AB51 1863.02GB Running: gmer.exe; Driver: C:\DOCUME~1\Darekk\USTAWI~1\Temp\ffaoqaoc.sys ---- System - GMER 2.2 ---- SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwAdjustPrivilegesToken [0xAC0CB430] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwAllocateVirtualMemory [0xAC0CB6B0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwClose [0xAC0CB450] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwConnectPort [0xAC0CB3B0] SSDT spqw.sys ZwCreateKey [0xF6D6E0E0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwCreateProcess [0xAC0CB3E0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwCreateProcessEx [0xAC0CB3F0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwCreateSection [0xAC0CB390] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwCreateSymbolicLinkObject [0xAC0CB540] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwCreateThread [0xAC0CB4A0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwDebugActiveProcess [0xAC0CB4E0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwDeleteKey [0xAC0CB630] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwDeleteValueKey [0xAC0CB650] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwDeviceIoControlFile [0xAC0CB6A0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwDuplicateObject [0xAC0CB510] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwEnumerateKey [0xAC0CB660] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwEnumerateValueKey [0xAC0CB670] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwLoadDriver [0xAC0CB4F0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwLoadKey [0xAC0CB5F0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwLoadKey2 [0xAC0CB600] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwMapViewOfSection [0xAC0CB520] SSDT spqw.sys ZwOpenKey [0xF6D6E0C0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwOpenProcess [0xAC0CB410] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwOpenSection [0xAC0CB400] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwOpenThread [0xAC0CB420] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwPlugPlayControl [0xAC0CB550] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwProtectVirtualMemory [0xAC0CB460] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwQueryIntervalProfile [0xAC0CB930] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwQueryKey [0xAC0CB680] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwQueryMultipleValueKey [0xAC0CB640] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwQueryValueKey [0xAC0CB620] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwQueueApcThread [0xAC0CB4C0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwRenameKey [0xAC0CB690] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwReplaceKey [0xAC0CB5E0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwRequestWaitReplyPort [0xAC0CB3D0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwRestoreKey [0xAC0CB5D0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwResumeProcess [0xAC0CB580] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwResumeThread [0xAC0CB560] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSaveKey [0xAC0CB5A0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSaveKeyEx [0xAC0CB5B0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSaveMergedKeys [0xAC0CB5C0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSecureConnectPort [0xAC0CB3C0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSetContextThread [0xAC0CB4B0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSetInformationObject [0xAC0CB440] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSetInformationToken [0xAC0CB3A0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSetSystemInformation [0xAC0CB500] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSetValueKey [0xAC0CB610] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSuspendProcess [0xAC0CB590] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSuspendThread [0xAC0CB570] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSystemDebugControl [0xAC0CB4D0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwTerminateProcess [0xAC0CB470] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwTerminateThread [0xAC0CB480] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwUnmapViewOfSection [0xAC0CB530] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwWriteVirtualMemory [0xAC0CB490] INT 0x62 ? 8B797BF8 INT 0x63 ? 8B4CABF8 INT 0x82 ? 8B797BF8 INT 0x83 ? 8B4CABF8 INT 0xA4 ? 8B4CABF8 INT 0xB4 ? 8B4CABF8 ---- Kernel code sections - GMER 2.2 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2D60 80504658 12 Bytes [F0, B4, 0C, AC, F0, B5, 0C, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2E5D 80504755 7 Bytes [B6, 0C, AC, 40, B6, 0C, AC] {MOV DH, 0xc; LODSB ; INC EAX; MOV DH, 0xc; LODSB } .text ntkrnlpa.exe!ZwCallbackReturn + 2F0C 80504804 28 Bytes [D0, B5, 0C, AC, 80, B5, 0C, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2FD0 805048C8 12 Bytes [90, B5, 0C, AC, 70, B5, 0C, ...] ? spqw.sys Nie można odnaleźć określonego pliku. ! .text C:\WINDOWS2\system32\DRIVERS\ati2mtag.sys section is writeable [0xF5B43000, 0xEDC62, 0xE8000020] .text C:\WINDOWS2\system32\DRIVERS\klif.sys section is writeable [0xAC063000, 0x144, 0xC8000040] .text C:\WINDOWS2\system32\DRIVERS\atksgt.sys section is writeable [0xA8AEB300, 0x3B6D8, 0xE8000020] .text C:\WINDOWS2\system32\DRIVERS\lirsgt.sys section is writeable [0xF7787300, 0x1BEE, 0xE8000020] ---- User code sections - GMER 2.2 ---- .text C:\Program Files\OO Software\Defrag\oodag.exe[288] kernel32.dll!SetUnhandledExceptionFilter 7C8449CD 5 Bytes JMP 00401AB0 C:\Program Files\OO Software\Defrag\oodag.exe ? C:\Program Files\Kaspersky Lab\Kaspersky Total Security 18.0.0\avp.exe[824] C:\WINDOWS2\system32\ntdll.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Total Security 18.0.0\avp.exe[824] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 6BF47715 C:\Program Files\Kaspersky Lab\Kaspersky Total Security 18.0.0\ushata.dll ? C:\Program Files\Kaspersky Lab\Kaspersky Total Security 18.0.0\avp.exe[824] C:\WINDOWS2\system32\kernel32.dll time/date stamp mismatch; ? C:\Program Files\Kaspersky Lab\Kaspersky Total Security 18.0.0\avp.exe[824] C:\WINDOWS2\system32\ADVAPI32.dll time/date stamp mismatch; unknown module: WINTRUST.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Total Security 18.0.0\avp.exe[824] USER32.dll!AlignRects 7E362978 4 Bytes [89, 93, F4, 6B] .text C:\Program Files\Kaspersky Lab\Kaspersky Total Security 18.0.0\avp.exe[824] USER32.dll!AlignRects 7E3629C8 4 Bytes [3C, 95, F4, 6B] .text C:\Program Files\Kaspersky Lab\Kaspersky Total Security 18.0.0\avp.exe[824] USER32.dll!AlignRects 7E362A0C 4 Bytes [F1, 93, F4, 6B] .text C:\Program Files\Kaspersky Lab\Kaspersky Total Security 18.0.0\avp.exe[824] USER32.dll!AlignRects 7E362A78 4 Bytes [30, 93, F4, 6B] ? C:\Program Files\Kaspersky Lab\Kaspersky Total Security 18.0.0\avp.exe[824] C:\WINDOWS2\system32\ole32.dll time/date stamp mismatch; ? C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe[1052] C:\WINDOWS2\system32\ntdll.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe[1052] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 6BF47715 C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 2.0\ushata.dll ? C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe[1052] C:\WINDOWS2\system32\kernel32.dll time/date stamp mismatch; ? C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe[1052] C:\WINDOWS2\system32\ADVAPI32.dll time/date stamp mismatch; unknown module: WINTRUST.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe[1052] USER32.dll!AlignRects 7E362978 4 Bytes [89, 93, F4, 6B] .text C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe[1052] USER32.dll!AlignRects 7E3629C8 4 Bytes [3C, 95, F4, 6B] .text C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe[1052] USER32.dll!AlignRects 7E362A0C 4 Bytes [F1, 93, F4, 6B] .text C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe[1052] USER32.dll!AlignRects 7E362A78 4 Bytes [30, 93, F4, 6B] ? C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe[1052] C:\WINDOWS2\system32\ole32.dll time/date stamp mismatch; ? C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe[2416] C:\WINDOWS2\system32\kernel32.dll time/date stamp mismatch; ? C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe[2416] C:\WINDOWS2\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe[2416] USER32.dll!AlignRects 7E362978 4 Bytes [89, 93, F4, 6B] .text C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe[2416] USER32.dll!AlignRects 7E3629C8 4 Bytes [3C, 95, F4, 6B] .text C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe[2416] USER32.dll!AlignRects 7E362A0C 4 Bytes [F1, 93, F4, 6B] .text C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe[2416] USER32.dll!AlignRects 7E362A78 4 Bytes [30, 93, F4, 6B] .text C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe[2416] USER32.dll!MoveWindow + A3 7E37B341 5 Bytes JMP 6BF4A33D C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 2.0\ushata.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe[2416] USER32.dll!UnhookWinEvent + 25 7E3818D1 5 Bytes JMP 6BF4A2E9 C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 2.0\ushata.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe[2416] USER32.dll!SetMenu + 1B 7E39F411 5 Bytes JMP 6BF4A025 C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 2.0\ushata.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe[2416] USER32.dll!GetRawInputDeviceInfoW + 10 7E3A6568 5 Bytes JMP 6BF4A07C C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 2.0\ushata.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe[2416] USER32.dll!GetRawInputDeviceInfoW + 68 7E3A65C0 5 Bytes JMP 6BF4A1DE C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 2.0\ushata.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe[2416] USER32.dll!GetRawInputDeviceInfoA + C1 7E3BAFCE 5 Bytes JMP 6BF4A187 C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 2.0\ushata.dll ? C:\Program Files\Kaspersky Lab\Kaspersky Total Security 18.0.0\avpui.exe[3276] C:\WINDOWS2\system32\kernel32.dll time/date stamp mismatch; ? C:\Program Files\Kaspersky Lab\Kaspersky Total Security 18.0.0\avpui.exe[3276] C:\WINDOWS2\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Total Security 18.0.0\avpui.exe[3276] USER32.dll!AlignRects 7E362978 4 Bytes [89, 93, F4, 6B] .text C:\Program Files\Kaspersky Lab\Kaspersky Total Security 18.0.0\avpui.exe[3276] USER32.dll!AlignRects 7E3629C8 4 Bytes [3C, 95, F4, 6B] .text C:\Program Files\Kaspersky Lab\Kaspersky Total Security 18.0.0\avpui.exe[3276] USER32.dll!AlignRects 7E362A0C 4 Bytes [F1, 93, F4, 6B] .text C:\Program Files\Kaspersky Lab\Kaspersky Total Security 18.0.0\avpui.exe[3276] USER32.dll!AlignRects 7E362A78 4 Bytes [30, 93, F4, 6B] .text C:\Program Files\Kaspersky Lab\Kaspersky Total Security 18.0.0\avpui.exe[3276] USER32.dll!MoveWindow + A3 7E37B341 5 Bytes JMP 6BF4A33D C:\Program Files\Kaspersky Lab\Kaspersky Total Security 18.0.0\ushata.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Total Security 18.0.0\avpui.exe[3276] USER32.dll!UnhookWinEvent + 25 7E3818D1 5 Bytes JMP 6BF4A2E9 C:\Program Files\Kaspersky Lab\Kaspersky Total Security 18.0.0\ushata.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Total Security 18.0.0\avpui.exe[3276] USER32.dll!SetMenu + 1B 7E39F411 5 Bytes JMP 6BF4A025 C:\Program Files\Kaspersky Lab\Kaspersky Total Security 18.0.0\ushata.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Total Security 18.0.0\avpui.exe[3276] USER32.dll!GetRawInputDeviceInfoW + 10 7E3A6568 5 Bytes JMP 6BF4A07C C:\Program Files\Kaspersky Lab\Kaspersky Total Security 18.0.0\ushata.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Total Security 18.0.0\avpui.exe[3276] USER32.dll!GetRawInputDeviceInfoW + 68 7E3A65C0 5 Bytes JMP 6BF4A1DE C:\Program Files\Kaspersky Lab\Kaspersky Total Security 18.0.0\ushata.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Total Security 18.0.0\avpui.exe[3276] USER32.dll!GetRawInputDeviceInfoA + C1 7E3BAFCE 5 Bytes JMP 6BF4A187 C:\Program Files\Kaspersky Lab\Kaspersky Total Security 18.0.0\ushata.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4104] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B55765 C:\Documents and Settings\All Users.WINDOWS2\Dane aplikacji\Kaspersky Lab\AVP18.0.0\Bases\klsihk.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4104] ntdll.dll!KiUserCallbackDispatcher 7C90E460 5 Bytes JMP 00B55740 C:\Documents and Settings\All Users.WINDOWS2\Dane aplikacji\Kaspersky Lab\AVP18.0.0\Bases\klsihk.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4104] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10008290 C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4104] ntdll.dll!RtlAddVectoredExceptionHandler 7C936A72 5 Bytes JMP 00B557AD C:\Documents and Settings\All Users.WINDOWS2\Dane aplikacji\Kaspersky Lab\AVP18.0.0\Bases\klsihk.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4104] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 14AAE8D2 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4104] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 14AAD9FF C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4104] kernel32.dll!ValidateLocale + B1C8 7C8449C8 7 Bytes JMP 147AAE7F C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4104] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 14AAD405 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4104] USER32.dll!UserClientDllInitialize 7E36B217 7 Bytes [B8, C0, 05, FE, 01, FF, E0] {MOV EAX, 0x1fe05c0; JMP EAX} .text C:\Program Files\Mozilla Firefox\firefox.exe[4104] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00B5581D C:\Documents and Settings\All Users.WINDOWS2\Dane aplikacji\Kaspersky Lab\AVP18.0.0\Bases\klsihk.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4104] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 156D30ED C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4104] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 14765294 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4104] USER32.dll!CreateWindowExA 7E37E4A9 5 Bytes JMP 14C2DDBF C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4104] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00B557E2 C:\Documents and Settings\All Users.WINDOWS2\Dane aplikacji\Kaspersky Lab\AVP18.0.0\Bases\klsihk.dll ---- User IAT/EAT - GMER 2.2 ---- IAT C:\WINDOWS2\Explorer.EXE[448] @ C:\WINDOWS2\Explorer.EXE [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWS2\system32\ShimEng.dll ---- Devices - GMER 2.2 ---- Device \FileSystem\Ntfs \Ntfs 8B7321F8 AttachedDevice \Driver\Tcpip \Device\Ip kltdi.sys Device \Driver\usbuhci \Device\USBPDO-0 8B3FB500 Device \Driver\usbuhci \Device\USBPDO-1 8B3FB500 Device \Driver\dmio \Device\DmControl\DmIoDaemon 8B7981F8 Device \Driver\dmio \Device\DmControl\DmConfig 8B7981F8 Device \Driver\dmio \Device\DmControl\DmPnP 8B7981F8 Device \Driver\dmio \Device\DmControl\DmInfo 8B7981F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{626D0A33-5F81-48F1-9D90-C6D6DCF0539E} 8B4DD500 Device \Driver\usbuhci \Device\USBPDO-2 8B3FB500 Device \Driver\usbuhci \Device\USBPDO-3 8B3FB500 Device \Driver\usbehci \Device\USBPDO-4 8B3FA500 AttachedDevice \Driver\Tcpip \Device\Tcp kltdi.sys Device \Driver\Ftdisk \Device\HarddiskVolume1 8B7991F8 AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 klbackupdisk.sys Device \Driver\Ftdisk \Device\HarddiskVolume2 8B7991F8 AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 klbackupdisk.sys Device \Driver\Cdrom \Device\CdRom0 8B405500 Device \Driver\Ftdisk \Device\HarddiskVolume3 8B7991F8 AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 klbackupdisk.sys Device \Driver\atapi \Device\Ide\IdePort0 [F6C79B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [F6C79B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 [F6C79B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F6C79B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\Ftdisk \Device\HarddiskVolume4 8B7991F8 AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 klbackupdisk.sys Device \Driver\Ftdisk \Device\HarddiskVolume5 8B7991F8 AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 klbackupdisk.sys Device \Driver\NetBT \Device\NetBt_Wins_Export 8B4DD500 Device \Driver\NetBT \Device\NetbiosSmb 8B4DD500 AttachedDevice \Driver\Tcpip \Device\Udp kltdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp kltdi.sys Device \Driver\usbuhci \Device\USBFDO-0 8B3FB500 Device \Driver\NetBT \Device\NetBT_Tcpip_{50804411-8858-4AD7-B24C-8B7AC5742633} 8B4DD500 Device \Driver\usbuhci \Device\USBFDO-1 8B3FB500 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8B2F1488 Device \Driver\usbuhci \Device\USBFDO-2 8B3FB500 Device \Driver\usbuhci \Device\USBFDO-3 8B3FB500 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8B2F1488 Device \Driver\NetBT \Device\NetBT_Tcpip_{E473CBD2-33D7-409C-A12F-BF6CC2357B70} 8B4DD500 Device \Driver\Ftdisk \Device\FtControl 8B7991F8 Device \Driver\usbehci \Device\USBFDO-4 8B3FA500 Device \FileSystem\Cdfs \Cdfs 8B3EF500 ---- Trace I/O - GMER 2.2 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spqw.sys >>UNKNOWN [0x8b6f1938]<< 8b6f1938 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b78eab8] 8b78eab8 Trace 3 CLASSPNP.SYS[f74d7fd7] -> nt!IofCallDriver -> \Device\00000081[0x8b733920] 8b733920 Trace 5 ACPI.sys[f6d2c620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8b716030] 8b716030 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 182404 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBD 0xEA 0x27 0xFF ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E473CBD2-33D7-409C-A12F-BF6CC2357B70}@LeaseObtainedTime 1526921676 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E473CBD2-33D7-409C-A12F-BF6CC2357B70}@T1 1526921803 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E473CBD2-33D7-409C-A12F-BF6CC2357B70}@T2 1526921899 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E473CBD2-33D7-409C-A12F-BF6CC2357B70}@LeaseTerminatesTime 1526921931 Reg HKLM\SYSTEM\CurrentControlSet\Services\{E473CBD2-33D7-409C-A12F-BF6CC2357B70}\Parameters\Tcpip@LeaseObtainedTime 1526921676 Reg HKLM\SYSTEM\CurrentControlSet\Services\{E473CBD2-33D7-409C-A12F-BF6CC2357B70}\Parameters\Tcpip@T1 1526921803 Reg HKLM\SYSTEM\CurrentControlSet\Services\{E473CBD2-33D7-409C-A12F-BF6CC2357B70}\Parameters\Tcpip@T2 1526921899 Reg HKLM\SYSTEM\CurrentControlSet\Services\{E473CBD2-33D7-409C-A12F-BF6CC2357B70}\Parameters\Tcpip@LeaseTerminatesTime 1526921931 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBD 0xEA 0x27 0xFF ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\[email protected] CB69508BC0029DE84103B3F2EAA764F4D3174357A5D9DD3387757CF0BB59E2CEB203F4BDF6FAD562391144425D725CD94E8E821C7EDF19304E81CBDD53B98376255561C2AFFDC82B40F2D230B838BEE41CB5B403FB5665C7D59F6EB187CBFA52D3E995BE9F869DEEF9E0D574F3B4FCE5F111EA79F4D61E8D03C0AFB0B0252D58F541B3E7C1C760298B87E7DAC9556B7E8699DA8007A97EE9BCCBFC2F6C8DDED8C34E038AD326002E2106CB443A3CC126953C5C2E91FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D14079DB7CE019D40AA5CBA7FD869164D6794A2D97226D213B55574430F5B1F74011F0149073252E11C454492CBE4EEAA27A40D4D8EC2EF21EBA6CF807AF7CEE8C941ECC59DCFB07546C5C5842690611071BD9CC8E7DAA1F8105ACFA4B32AC3092275592101CE17722D1BA4C36990A50AE52B331FEACDBE9F1508137505B2D4ECE2D31FEAA002AA0B5F3E97C9C86B4E8066E704D12FEF665852C8E99F0CD94ED079B5CD983EC103947B6C0C73CBA9DF81E9AF79C7241C2B88B2FA5A31BAE8EF15E33CA70171E92E8638A39F824F56564079842ECB08AE95BC36C01F1F56AF6E3CB8C8A362A3D82E00DD29279C82839F9235AB738A700B1EA26F80A340F800716E1F03EA5C1673F440CB05A94BE8451BF0CD2D4D974 Reg HKLM\SOFTWARE\Classes\CLSID\{0583f180-184d-474f-af15-baffffec493e}@Model 119 Reg HKLM\SOFTWARE\Classes\CLSID\{0583f180-184d-474f-af15-baffffec493e}@Therad 30 Reg HKLM\SOFTWARE\Classes\CLSID\{0583f180-184d-474f-af15-baffffec493e}@MData 0x2B 0x8F 0x78 0x29 ... Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0xC6 0x29 0x95 0x33 ... Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0xDE 0x4D 0x8C 0xCA ... Reg HKLM\SOFTWARE\Classes\CLSID\{c59f1874-3427-4c21-867d-a79ce3f1440e}@Model 186 Reg HKLM\SOFTWARE\Classes\CLSID\{c59f1874-3427-4c21-867d-a79ce3f1440e}@Therad 21 Reg HKLM\SOFTWARE\Classes\CLSID\{c59f1874-3427-4c21-867d-a79ce3f1440e}@SpecVersion 226 Reg HKLM\SOFTWARE\Classes\CLSID\{c59f1874-3427-4c21-867d-a79ce3f1440e}@MData 0x73 0xD5 0xCF 0xB8 ... ---- EOF - GMER 2.2 ---- Cytuj Link to post Share on other sites
jarrino 3908 Napisano 22 Maja 2018 Udostępnij Napisano 22 Maja 2018 http://forum.komputerswiat.pl/topic/53035-instrukcja-obs%C5%82ugi-gmera/ Cytuj Link to post Share on other sites
Recommended Posts
Dołącz do dyskusji
Możesz dodać zawartość już teraz a zarejestrować się później. Jeśli posiadasz już konto, zaloguj się aby dodać zawartość za jego pomocą.