Remote
Ever since I am using a computer it seems that someone is remotely controlling my computer.
Anyone here can decypher this.
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{B2381205-833B-4FAE-9065-C15F1B61F561}\Connection@Name isatap.{B3BB47BA-6B58-49E4-A4DD-24E50B40F316}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind \Device\{D07A2C17-23CF-4DC0-8F51-76978AF99903}?\Device\{E91629C4-0B7C-41F0-B63F-3A885826E2CC}?\Device\{607B1863-8721-40B5-8998-EEF77A91A393}?\Device\{B2381205-833B-4FAE-9065-C15F1B61F561}?\Device\{34097E1F-0DBD-4B2F-84F9-9F3F97ED81C9}?\Device\{9D053EF8-675D-4338-9F38-5D82F867A9B7}?\Device\{746FCE53-E7A5-4679-AC2E-966D21C91D1B}?\Device\{3FC08348-043B-4AB2-8EB5-2B99120F146E}?\Device\{30AC64B1-D1B2-4BD1-9AF7-FFE51A0796FB}?\Device\{A5B0DF03-A04C-4FA9-AF9D-04085628CB00}?\Device\{F4409829-C39D-4C75-872A-4A588859EF39}?\Device\{74B85993-6E8E-4FB1-8DA6-6E70C0C696C1}?\Device\{1EA43591-F27E-41FE-B204-ACD5A3457824}?\Device\{DE22AD90-7011-4F52-BC7C-E9490919A352}?\Device\{7EC96DE7-595C-4C2A-971B-77EFD9C36A63}?\Device\{B8662798-8808-4D59-9638-F2D77D9E3307}?\Device\{9B6D0C84-5FCE-4B16-8112-1B9DDD821DCC}?\Device\{3949181C-89FE-4AC4-BE75-DE720FB7A149}?\Device\{2926408A-5324-4983-AA8B-C4768DC70079}?\Device\{BADF0FDD-24B7-490D-9475-957837F9A21B}?\Device\{D83DF1C8-485D-4A2D-B43A-8D014E96A985}?\Device\{E71452D0-EE71-4287-9BB4-EC4
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export \Device\TCPIP6TUNNEL_{D07A2C17-23CF-4DC0-8F51-76978AF99903}?\Device\TCPIP6TUNNEL_{E91629C4-0B7C-41F0-B63F-3A885826E2CC}?\Device\TCPIP6TUNNEL_{607B1863-8721-40B5-8998-EEF77A91A393}?\Device\TCPIP6TUNNEL_{B2381205-833B-4FAE-9065-C15F1B61F561}?\Device\TCPIP6TUNNEL_{34097E1F-0DBD-4B2F-84F9-9F3F97ED81C9}?\Device\TCPIP6TUNNEL_{9D053EF8-675D-4338-9F38-5D82F867A9B7}?\Device\TCPIP6TUNNEL_{746FCE53-E7A5-4679-AC2E-966D21C91D1B}?\Device\TCPIP6TUNNEL_{3FC08348-043B-4AB2-8EB5-2B99120F146E}?\Device\TCPIP6TUNNEL_{30AC64B1-D1B2-4BD1-9AF7-FFE51A0796FB}?\Device\TCPIP6TUNNEL_{A5B0DF03-A04C-4FA9-AF9D-04085628CB00}?\Device\TCPIP6TUNNEL_{F4409829-C39D-4C75-872A-4A588859EF39}?\Device\TCPIP6TUNNEL_{74B85993-6E8E-4FB1-8DA6-6E70C0C696C1}?\Device\TCPIP6TUNNEL_{1EA43591-F27E-41FE-B204-ACD5A3457824}?\Device\TCPIP6TUNNEL_{DE22AD90-7011-4F52-BC7C-E9490919A352}?\Device\TCPIP6TUNNEL_{7EC96DE7-595C-4C2A-971B-77EFD9C36A63}?\Device\TCPIP6TUNNEL_{B8662798-8808-4D59-9638-F2D77D9E3307}?\Device\TCPIP6TUNNEL_{9B6D0C84-5FCE-4B16-8112-1B9DDD821DCC}?\De
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route "{D07A2C17-23CF-4DC0-8F51-76978AF99903}"?"{E91629C4-0B7C-41F0-B63F-3A885826E2CC}"?"{607B1863-8721-40B5-8998-EEF77A91A393}"?"{B2381205-833B-4FAE-9065-C15F1B61F561}"?"{34097E1F-0DBD-4B2F-84F9-9F3F97ED81C9}"?"{9D053EF8-675D-4338-9F38-5D82F867A9B7}"?"{746FCE53-E7A5-4679-AC2E-966D21C91D1B}"?"{3FC08348-043B-4AB2-8EB5-2B99120F146E}"?"{30AC64B1-D1B2-4BD1-9AF7-FFE51A0796FB}"?"{A5B0DF03-A04C-4FA9-AF9D-04085628CB00}"?"{F4409829-C39D-4C75-872A-4A588859EF39}"?"{74B85993-6E8E-4FB1-8DA6-6E70C0C696C1}"?"{1EA43591-F27E-41FE-B204-ACD5A3457824}"?"{DE22AD90-7011-4F52-BC7C-E9490919A352}"?"{7EC96DE7-595C-4C2A-971B-77EFD9C36A63}"?"{B8662798-8808-4D59-9638-F2D77D9E3307}"?"{9B6D0C84-5FCE-4B16-8112-1B9DDD821DCC}"?"{3949181C-89FE-4AC4-BE75-DE720FB7A149}"?"{2926408A-5324-4983-AA8B-C4768DC70079}"?"{BADF0FDD-24B7-490D-9475-957837F9A21B}"?"{D83DF1C8-485D-4A2D-B43A-8D014E96A985}"?"{E71452D0-EE71-4287-9BB4-EC4F7E5B2D45}"?"{E5698A85-C83F-43AF-A5EC-C40FF5026246}"?"{2057E613-0DDA-415C-9ABD-298147292F70}"?"{8586DEB1-212B-4572-99BD-389562E9F8CF}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{B2381205-833B-4FAE-9065-C15F1B61F561}@InterfaceName isatap.{B3BB47BA-6B58-49E4-A4DD-24E50B40F316}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{B2381205-833B-4FAE-9065-C15F1B61F561}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 1898
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AB2F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!NtTraceEvent 82A7DE34 5 Bytes JMP 934EDC00
.text ntkrnlpa.exe!RtlSidHashLookup + 224 82ABA724 8 Bytes [90, CB, C7, 85, 70, CC, C7, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 23C 82ABA73C 4 Bytes [60, B9, BE, 85]
.text ntkrnlpa.exe!RtlSidHashLookup + 248 82ABA748 4 Bytes [30, 14, B9, 85]
.text ntkrnlpa.exe!RtlSidHashLookup + 29C 82ABA79C 4 Bytes [98, C2, C7, 85] {CWDE ; RET 0x85c7}
.text ntkrnlpa.exe!RtlSidHashLookup + 318 82ABA818 4 Bytes [E0, C8, C7, 85]
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A8E579 1 Byte [06]
.text win32k.sys!CLIPOBJ_cEnumStart + 6CE0 95CF55A5 5 Bytes JMP 934EDAC0
.text win32k.sys!CLIPOBJ_cEnumStart + 71E8 95CF5AAD 5 Bytes JMP 934EDB60
.text win32k.sys!EngAllocMem + 7E47 95C15142 5 Bytes JMP 934ED700
.text win32k.sys!EngCTGetCurrentGamma + 1C7A 95CE9C9C 5 Bytes JMP 934ED7A0
.text win32k.sys!EngLpkInstalled + 6119 95C67842 5 Bytes JMP 934EDA20
.text win32k.sys!PATHOBJ_bEnum + 7A2F 95C2782E 5 Bytes JMP 934ED660
.text win32k.sys!PATHOBJ_vGetBounds + EB7 95CE5C81 5 Bytes JMP 934ED840
.text win32k.sys!XFORMOBJ_iGetXform + 331A 95C04C57 5 Bytes JMP 934ED5C0
---- EOF - GMER 1.0.15 ----
Because my computer been the target of SMB,ICMP attacks.Someone is trying to copy files in my computer.
Do let me know.
Comments
-
Hello Rusli,
I would suggest you open a support request to us in order for us to be able to investigate the problem a bit further:
http://www.f-secure.com/en_UK/support/home-office/contact-support/
Once you open the support request you can send me the SR ID via a private message. -
If you suspect that someone controls your computer remotely, then you should consider scanning it with F-Secure Rescue CD tool that would be able to detect any rootkits or trojans hooked in Windows, which are not overwise detected because they hide from or bypass the antivirus. You can find more info about F-Secure Rescue CD and links to downloads here: http://www.f-secure.com/en_EMEA-Labs/security-threats/tools/rescue-cd/.
