module: [ USP10.dll] 100%... |
ntoskrnl.exe (80400000 - 8059d200)... suspected! (verdict = 5).
module ntoskrnl.exe [0x80400000 - 0x8059d200]:
0x8046905a (section .text) 18 byte(s): exclusion filter: KeFlushCurrentTb()
file :d8 0f 22 d8 c3 0f 20 e0 25 7f ff ff ff 0f 22 e0 0d 80
memory :e0 25 7f ff ff ff 0f 22 e0 0d 80 00 00 00 0f 22 e0 c3
verdict = 1
0x80469072 (section .text) 1 byte(s): exclusion filter: KeFlushCurrentTb() [c3->00]
file :c3
memory :00
verdict = 1
0x80469494 (section .text) [RtlPrefetchMemoryNonTemporal()+0] 1 byte(s): exclusion filter: RtlPrefetchMemoryNonTemporal() [c3->90]
file :c3
memory :90
verdict = 1
IDT[1] points to 0x85c1601d (addr DOES NOT belong to ANY MODULE!)
verdict = 5
UNFIXABLE!
IDT[3] points to 0x85c1603c (addr DOES NOT belong to ANY MODULE!)
verdict = 5
UNFIXABLE!
IDT[14] points to 0x85c1607a (addr DOES NOT belong to ANY MODULE!)
verdict = 5
UNFIXABLE!
module ntoskrnl.exe: end of details
(f7496000 - f74ac000)... error code = 0x5
tcpip.sys (ef066000 - ef0b5000)... innocent hooking (verdict = 2).
module tcpip.sys [0xef066000 - 0xef0b5000]:
0xef06dd0c (section .text) 6 byte(s):
JMPing code (jmp to: 0xf73dacdb)
address 0xf73dacdb is inside Teefer.sys module [0xf73d2000-0xf73ef000]
target module path: Teefer.sys
file :ff 70 04 ff 50 30
memory :e8 cf cf 36 08 90
verdict = 2
0xef07268d (section .text) 6 byte(s):
JMPing code (jmp to: 0xf73dacdb)
address 0xf73dacdb is inside Teefer.sys module [0xf73d2000-0xf73ef000]
target module path: Teefer.sys
file :ff 70 04 ff 50 30
memory :e8 4e 86 36 08 90
verdict = 2
0xef07419a (section .text) 6 byte(s):
JMPing code (jmp to: 0xf73dacdb)
address 0xf73dacdb is inside Teefer.sys module [0xf73d2000-0xf73ef000]
target module path: Teefer.sys
file :ff 70 04 ff 50 30
memory :e8 41 6b 36 08 90
verdict = 2
module tcpip.sys: end of details
dump_WMILIB.SYS (eb657000 - eb658000)... Image file not found!
dump_atapi.sys (eee0e000 - eee24000)... Image file not found!
IsPubDrv.sys (edaf0000 - edb14000)... Image file not found!
扫一扫
8749
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
