Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

AR - GMER

Moderátoři: james008, JaRon, Moderátoři

Zamčeno
Zpráva
Autor
Uživatelský avatar
riffman
VIP
VIP
Příspěvky: 3203
Registrován: 20 říj 2004 07:00
Bydliště: České Budějovice
Kontaktovat uživatele:

AR - GMER

#1 Příspěvek od riffman »

GMER

GMER je dalsi v rade antirootkit bojovniku, radi se ale mezi ty lepsi valecne stroje.

K pouziti na Windows NT/W2K/XP/VISTA


Ke stazeni zde

V pripade nefunkcniho webu vyrobce:

mirror 1 zde
mirror 2 zde

alter odkazy zde nebo zde



V operacnich systemech Windows Vista a Windows 7 spoustejte aplikaci jako spravce (kliknutim pravym mysitkem na ikonu aplikace a volbou "Spustit jako spravce"
:!:

Po stazeni aplikaci rozbalte a spustte, probehne rychly sken a otevre se hlavni okno programu:

Obrázek

pokud klikneme na tlacitko Save vpravo dole, muzeme vyexportovat prvni log, ktery vlozime na forum

prvni maly log ma zhruba tento tvar:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-06-14 08:56:45
Windows 5.1.2600 Service Pack 3


---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)

---- EOF - GMER 1.0.14 ----

abychom se dostali k "hlavnimu" skenu a ziskani logu z nej, ponechame v pravem sloupci zafajfkovane vsechny polozky a klikneme na tlacitko Scan, pak to vypada v okne aplikace asi takhle:

Obrázek

Vyckame konce skenu (coz trva tak kolem peti deseti minut; v nekterych pripadech ovsem muze delka skenu presahnout i dve hodiny!!!), pote opet klikneme na tlacitko Save a vyexportujeme log cislo 2, jeho vysledna podoba je zhruba takovahle:
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-06-14 09:01:44
Windows 5.1.2600 Service Pack 3


---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Billy\Billy.exe[180] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B95BB0 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll
.text C:\wincmd\TOTALCMD.EXE[376] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10005BB0 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll
.text C:\DOCUME~1\TOM~1\LOCALS~1\Temp\_tc\gmer.exe[640] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10005BB0 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[828] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [ C2, 04, 00, 00 ]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1076] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10005BB0 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1100] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10005BB0 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll
.text C:\Program Files\Desktop Sidebar\dsidebar.exe[1132] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10005BB0 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll
.text C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe[1144] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10005BB0 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll
.text C:\Program Files\QIP\qip.exe[1168] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10005BB0 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll
.text ...

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\nvata \Device\00000081 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)

Device \Driver\nvata \Device\NvAta0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\nvata \Device\NvAta1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\nvata \Device\NvAta2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\USBSTOR \Device\0000008a sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\USBSTOR \Device\0000008b sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION
---- EOF - GMER 1.0.14 --------

i tento log vlozte na forum :)


Poznamka:

Ukazky detekce GMERu zde http://www.gmer.net/rootkits.php
Give us a chance to live
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all

Zamčeno