Remote

Rusli
Rusli Posts: 1,019 Influencer

Ever since I am using a computer it seems that someone is remotely controlling my computer.

 

Anyone here can decypher this.

 

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{B2381205-833B-4FAE-9065-C15F1B61F561}\Connection@Name  isatap.{B3BB47BA-6B58-49E4-A4DD-24E50B40F316}
Reg             HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind     \Device\{D07A2C17-23CF-4DC0-8F51-76978AF99903}?\Device\{E91629C4-0B7C-41F0-B63F-3A885826E2CC}?\Device\{607B1863-8721-40B5-8998-EEF77A91A393}?\Device\{B2381205-833B-4FAE-9065-C15F1B61F561}?\Device\{34097E1F-0DBD-4B2F-84F9-9F3F97ED81C9}?\Device\{9D053EF8-675D-4338-9F38-5D82F867A9B7}?\Device\{746FCE53-E7A5-4679-AC2E-966D21C91D1B}?\Device\{3FC08348-043B-4AB2-8EB5-2B99120F146E}?\Device\{30AC64B1-D1B2-4BD1-9AF7-FFE51A0796FB}?\Device\{A5B0DF03-A04C-4FA9-AF9D-04085628CB00}?\Device\{F4409829-C39D-4C75-872A-4A588859EF39}?\Device\{74B85993-6E8E-4FB1-8DA6-6E70C0C696C1}?\Device\{1EA43591-F27E-41FE-B204-ACD5A3457824}?\Device\{DE22AD90-7011-4F52-BC7C-E9490919A352}?\Device\{7EC96DE7-595C-4C2A-971B-77EFD9C36A63}?\Device\{B8662798-8808-4D59-9638-F2D77D9E3307}?\Device\{9B6D0C84-5FCE-4B16-8112-1B9DDD821DCC}?\Device\{3949181C-89FE-4AC4-BE75-DE720FB7A149}?\Device\{2926408A-5324-4983-AA8B-C4768DC70079}?\Device\{BADF0FDD-24B7-490D-9475-957837F9A21B}?\Device\{D83DF1C8-485D-4A2D-B43A-8D014E96A985}?\Device\{E71452D0-EE71-4287-9BB4-EC4
Reg             HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export   \Device\TCPIP6TUNNEL_{D07A2C17-23CF-4DC0-8F51-76978AF99903}?\Device\TCPIP6TUNNEL_{E91629C4-0B7C-41F0-B63F-3A885826E2CC}?\Device\TCPIP6TUNNEL_{607B1863-8721-40B5-8998-EEF77A91A393}?\Device\TCPIP6TUNNEL_{B2381205-833B-4FAE-9065-C15F1B61F561}?\Device\TCPIP6TUNNEL_{34097E1F-0DBD-4B2F-84F9-9F3F97ED81C9}?\Device\TCPIP6TUNNEL_{9D053EF8-675D-4338-9F38-5D82F867A9B7}?\Device\TCPIP6TUNNEL_{746FCE53-E7A5-4679-AC2E-966D21C91D1B}?\Device\TCPIP6TUNNEL_{3FC08348-043B-4AB2-8EB5-2B99120F146E}?\Device\TCPIP6TUNNEL_{30AC64B1-D1B2-4BD1-9AF7-FFE51A0796FB}?\Device\TCPIP6TUNNEL_{A5B0DF03-A04C-4FA9-AF9D-04085628CB00}?\Device\TCPIP6TUNNEL_{F4409829-C39D-4C75-872A-4A588859EF39}?\Device\TCPIP6TUNNEL_{74B85993-6E8E-4FB1-8DA6-6E70C0C696C1}?\Device\TCPIP6TUNNEL_{1EA43591-F27E-41FE-B204-ACD5A3457824}?\Device\TCPIP6TUNNEL_{DE22AD90-7011-4F52-BC7C-E9490919A352}?\Device\TCPIP6TUNNEL_{7EC96DE7-595C-4C2A-971B-77EFD9C36A63}?\Device\TCPIP6TUNNEL_{B8662798-8808-4D59-9638-F2D77D9E3307}?\Device\TCPIP6TUNNEL_{9B6D0C84-5FCE-4B16-8112-1B9DDD821DCC}?\De
Reg             HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route    "{D07A2C17-23CF-4DC0-8F51-76978AF99903}"?"{E91629C4-0B7C-41F0-B63F-3A885826E2CC}"?"{607B1863-8721-40B5-8998-EEF77A91A393}"?"{B2381205-833B-4FAE-9065-C15F1B61F561}"?"{34097E1F-0DBD-4B2F-84F9-9F3F97ED81C9}"?"{9D053EF8-675D-4338-9F38-5D82F867A9B7}"?"{746FCE53-E7A5-4679-AC2E-966D21C91D1B}"?"{3FC08348-043B-4AB2-8EB5-2B99120F146E}"?"{30AC64B1-D1B2-4BD1-9AF7-FFE51A0796FB}"?"{A5B0DF03-A04C-4FA9-AF9D-04085628CB00}"?"{F4409829-C39D-4C75-872A-4A588859EF39}"?"{74B85993-6E8E-4FB1-8DA6-6E70C0C696C1}"?"{1EA43591-F27E-41FE-B204-ACD5A3457824}"?"{DE22AD90-7011-4F52-BC7C-E9490919A352}"?"{7EC96DE7-595C-4C2A-971B-77EFD9C36A63}"?"{B8662798-8808-4D59-9638-F2D77D9E3307}"?"{9B6D0C84-5FCE-4B16-8112-1B9DDD821DCC}"?"{3949181C-89FE-4AC4-BE75-DE720FB7A149}"?"{2926408A-5324-4983-AA8B-C4768DC70079}"?"{BADF0FDD-24B7-490D-9475-957837F9A21B}"?"{D83DF1C8-485D-4A2D-B43A-8D014E96A985}"?"{E71452D0-EE71-4287-9BB4-EC4F7E5B2D45}"?"{E5698A85-C83F-43AF-A5EC-C40FF5026246}"?"{2057E613-0DDA-415C-9ABD-298147292F70}"?"{8586DEB1-212B-4572-99BD-389562E9F8CF}
Reg             HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{B2381205-833B-4FAE-9065-C15F1B61F561}@InterfaceName                      isatap.{B3BB47BA-6B58-49E4-A4DD-24E50B40F316}
Reg             HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{B2381205-833B-4FAE-9065-C15F1B61F561}@ReusableType                       0
Reg             HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch                                                                              1898

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                       82AB2F52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!NtTraceEvent                                                                                                                    82A7DE34 5 Bytes  JMP 934EDC00
.text           ntkrnlpa.exe!RtlSidHashLookup + 224                                                                                                          82ABA724 8 Bytes  [90, CB, C7, 85, 70, CC, C7, ...]
.text           ntkrnlpa.exe!RtlSidHashLookup + 23C                                                                                                          82ABA73C 4 Bytes  [60, B9, BE, 85]
.text           ntkrnlpa.exe!RtlSidHashLookup + 248                                                                                                          82ABA748 4 Bytes  [30, 14, B9, 85]
.text           ntkrnlpa.exe!RtlSidHashLookup + 29C                                                                                                          82ABA79C 4 Bytes  [98, C2, C7, 85] {CWDE ; RET 0x85c7}
.text           ntkrnlpa.exe!RtlSidHashLookup + 318                                                                                                          82ABA818 4 Bytes  [E0, C8, C7, 85]
.text           ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                                                              82A8E579 1 Byte  [06]
.text           win32k.sys!CLIPOBJ_cEnumStart + 6CE0                                                                                                         95CF55A5 5 Bytes  JMP 934EDAC0
.text           win32k.sys!CLIPOBJ_cEnumStart + 71E8                                                                                                         95CF5AAD 5 Bytes  JMP 934EDB60
.text           win32k.sys!EngAllocMem + 7E47                                                                                                                95C15142 5 Bytes  JMP 934ED700
.text           win32k.sys!EngCTGetCurrentGamma + 1C7A                                                                                                       95CE9C9C 5 Bytes  JMP 934ED7A0
.text           win32k.sys!EngLpkInstalled + 6119                                                                                                            95C67842 5 Bytes  JMP 934EDA20
.text           win32k.sys!PATHOBJ_bEnum + 7A2F                                                                                                              95C2782E 5 Bytes  JMP 934ED660
.text           win32k.sys!PATHOBJ_vGetBounds + EB7                                                                                                          95CE5C81 5 Bytes  JMP 934ED840
.text           win32k.sys!XFORMOBJ_iGetXform + 331A                                                                                                         95C04C57 5 Bytes  JMP 934ED5C0

---- EOF - GMER 1.0.15 ----

Because my computer been the target of SMB,ICMP attacks.Someone is trying to copy files in my computer.

 

Do let me know.

Comments

This discussion has been closed.
Pricing & Product Info