GMER je dalsi v rade antirootkit bojovniku, radi se ale mezi ty lepsi valecne stroje.
Po stazeni aplikaci rozbalte a spustte, probehne rychly sken a otevre se hlavni okno programu:
pokud klikneme na tlacitko Save vpravo dole, muzeme vyexportovat prvni log, ktery vlozime na forum
GMER 1.0.14.14536 -
http://www.gmer.netRootkit scan 2008-06-14 08:56:45
Windows 5.1.2600 Service Pack 3
---- Devices - GMER 1.0.14 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
---- EOF - GMER 1.0.14 ----
abychom se dostali k "hlavnimu" skenu a ziskani logu z nej, ponechame v pravem sloupci zafajfkovane vsechny polozky a klikneme na tlacitko Scan, pak to vypada v okne aplikace asi takhle:
Vyckame konce skenu (coz trva tak kolem peti deseti minut; v nekterych pripadech ovsem muze delka skenu presahnout i dve hodiny!!!), pote opet klikneme na tlacitko Save a vyexportujeme log cislo 2, jeho vysledna podoba je zhruba takovahle:
GMER 1.0.14.14536 -
http://www.gmer.netRootkit scan 2008-06-14 09:01:44
Windows 5.1.2600 Service Pack 3
---- User code sections - GMER 1.0.14 ----
.text C:\Program Files\Billy\Billy.exe[180] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B95BB0 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll
.text C:\wincmd\TOTALCMD.EXE[376] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10005BB0 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll
.text C:\DOCUME~1\TOM~1\LOCALS~1\Temp\_tc\gmer.exe[640] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10005BB0 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[828] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [ C2, 04, 00, 00 ]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1076] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10005BB0 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1100] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10005BB0 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll
.text C:\Program Files\Desktop Sidebar\dsidebar.exe[1132] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10005BB0 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll
.text C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe[1144] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10005BB0 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll
.text C:\Program Files\QIP\qip.exe[1168] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10005BB0 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll
.text ...
---- Devices - GMER 1.0.14 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\nvata \Device\00000081 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
Device \Driver\nvata \Device\NvAta0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\nvata \Device\NvAta1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\nvata \Device\NvAta2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\USBSTOR \Device\0000008a sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\USBSTOR \Device\0000008b sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
---- Registry - GMER 1.0.14 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION
---- EOF - GMER 1.0.14 --------