Systém startuje 60minut.

[MatesJ]

http://www.virustotal.com/cs/analisis/b ... 1268595899

[MatesJ]

21:13:24:750 3640 TDSS rootkit removing tool 2.2.8 Mar 10 2010 15:53:20
21:13:24:750 3640 ================================================================================
21:13:24:750 3640 SystemInfo:

21:13:24:750 3640 OS Version: 5.1.2600 ServicePack: 3.0
21:13:24:750 3640 Product type: Workstation
21:13:24:750 3640 ComputerName: MAJUR-C83F52894
21:13:24:750 3640 UserName: Martin
21:13:24:750 3640 Windows directory: C:\WINDOWS
21:13:24:750 3640 Processor architecture: Intel x86
21:13:24:750 3640 Number of processors: 2
21:13:24:750 3640 Page size: 0x1000
21:13:24:750 3640 Boot type: Normal boot
21:13:24:750 3640 ================================================================================
21:13:24:765 3640 UnloadDriverW: NtUnloadDriver error 2
21:13:24:765 3640 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
21:13:24:937 3640 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
21:13:24:937 3640 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
21:13:24:937 3640 wfopen_ex: Trying to KLMD file open
21:13:24:937 3640 wfopen_ex: File opened ok (Flags 2)
21:13:24:937 3640 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
21:13:24:937 3640 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
21:13:24:937 3640 wfopen_ex: Trying to KLMD file open
21:13:24:937 3640 wfopen_ex: File opened ok (Flags 2)
21:13:24:937 3640 Initialize success
21:13:24:937 3640
21:13:24:937 3640 Scanning Services ...
21:13:25:500 3640 GetAdvancedServicesInfo: Raw services enum returned 371 services
21:13:25:500 3640
21:13:25:500 3640 Scanning Kernel memory ...
21:13:25:500 3640 Devices to scan: 16
21:13:25:500 3640
21:13:25:500 3640 Driver Name: Disk
21:13:25:500 3640 IRP_MJ_CREATE : BA10EBB0
21:13:25:500 3640 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:13:25:500 3640 IRP_MJ_CLOSE : BA10EBB0
21:13:25:500 3640 IRP_MJ_READ : BA108D1F
21:13:25:500 3640 IRP_MJ_WRITE : BA108D1F
21:13:25:500 3640 IRP_MJ_QUERY_INFORMATION : 804F4562
21:13:25:515 3640 IRP_MJ_SET_INFORMATION : 804F4562
21:13:25:515 3640 IRP_MJ_QUERY_EA : 804F4562
21:13:25:515 3640 IRP_MJ_SET_EA : 804F4562
21:13:25:515 3640 IRP_MJ_FLUSH_BUFFERS : BA1092E2
21:13:25:515 3640 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:13:25:515 3640 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:13:25:515 3640 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:13:25:515 3640 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:13:25:515 3640 IRP_MJ_DEVICE_CONTROL : BA1093BB
21:13:25:515 3640 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA10CF28
21:13:25:515 3640 IRP_MJ_SHUTDOWN : BA1092E2
21:13:25:515 3640 IRP_MJ_LOCK_CONTROL : 804F4562
21:13:25:515 3640 IRP_MJ_CLEANUP : 804F4562
21:13:25:515 3640 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:13:25:515 3640 IRP_MJ_QUERY_SECURITY : 804F4562
21:13:25:515 3640 IRP_MJ_SET_SECURITY : 804F4562
21:13:25:515 3640 IRP_MJ_POWER : BA10AC82
21:13:25:515 3640 IRP_MJ_SYSTEM_CONTROL : BA10F99E
21:13:25:515 3640 IRP_MJ_DEVICE_CHANGE : 804F4562
21:13:25:515 3640 IRP_MJ_QUERY_QUOTA : 804F4562
21:13:25:515 3640 IRP_MJ_SET_QUOTA : 804F4562
21:13:25:562 3640 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
21:13:25:562 3640
21:13:25:562 3640 Driver Name: Disk
21:13:25:562 3640 IRP_MJ_CREATE : BA10EBB0
21:13:25:562 3640 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:13:25:562 3640 IRP_MJ_CLOSE : BA10EBB0
21:13:25:562 3640 IRP_MJ_READ : BA108D1F
21:13:25:562 3640 IRP_MJ_WRITE : BA108D1F
21:13:25:562 3640 IRP_MJ_QUERY_INFORMATION : 804F4562
21:13:25:562 3640 IRP_MJ_SET_INFORMATION : 804F4562
21:13:25:562 3640 IRP_MJ_QUERY_EA : 804F4562
21:13:25:562 3640 IRP_MJ_SET_EA : 804F4562
21:13:25:562 3640 IRP_MJ_FLUSH_BUFFERS : BA1092E2
21:13:25:562 3640 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:13:25:562 3640 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:13:25:562 3640 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:13:25:562 3640 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:13:25:562 3640 IRP_MJ_DEVICE_CONTROL : BA1093BB
21:13:25:562 3640 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA10CF28
21:13:25:562 3640 IRP_MJ_SHUTDOWN : BA1092E2
21:13:25:562 3640 IRP_MJ_LOCK_CONTROL : 804F4562
21:13:25:562 3640 IRP_MJ_CLEANUP : 804F4562
21:13:25:562 3640 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:13:25:562 3640 IRP_MJ_QUERY_SECURITY : 804F4562
21:13:25:562 3640 IRP_MJ_SET_SECURITY : 804F4562
21:13:25:562 3640 IRP_MJ_POWER : BA10AC82
21:13:25:562 3640 IRP_MJ_SYSTEM_CONTROL : BA10F99E
21:13:25:562 3640 IRP_MJ_DEVICE_CHANGE : 804F4562
21:13:25:562 3640 IRP_MJ_QUERY_QUOTA : 804F4562
21:13:25:562 3640 IRP_MJ_SET_QUOTA : 804F4562
21:13:25:578 3640 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
21:13:25:578 3640
21:13:25:578 3640 Driver Name: Disk
21:13:25:578 3640 IRP_MJ_CREATE : BA10EBB0
21:13:25:578 3640 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:13:25:578 3640 IRP_MJ_CLOSE : BA10EBB0
21:13:25:578 3640 IRP_MJ_READ : BA108D1F
21:13:25:578 3640 IRP_MJ_WRITE : BA108D1F
21:13:25:578 3640 IRP_MJ_QUERY_INFORMATION : 804F4562
21:13:25:578 3640 IRP_MJ_SET_INFORMATION : 804F4562
21:13:25:578 3640 IRP_MJ_QUERY_EA : 804F4562
21:13:25:578 3640 IRP_MJ_SET_EA : 804F4562
21:13:25:593 3640 IRP_MJ_FLUSH_BUFFERS : BA1092E2
21:13:25:593 3640 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:13:25:593 3640 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:13:25:593 3640 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:13:25:593 3640 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:13:25:593 3640 IRP_MJ_DEVICE_CONTROL : BA1093BB
21:13:25:593 3640 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA10CF28
21:13:25:593 3640 IRP_MJ_SHUTDOWN : BA1092E2
21:13:25:593 3640 IRP_MJ_LOCK_CONTROL : 804F4562
21:13:25:593 3640 IRP_MJ_CLEANUP : 804F4562
21:13:25:593 3640 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:13:25:593 3640 IRP_MJ_QUERY_SECURITY : 804F4562
21:13:25:593 3640 IRP_MJ_SET_SECURITY : 804F4562
21:13:25:593 3640 IRP_MJ_POWER : BA10AC82
21:13:25:593 3640 IRP_MJ_SYSTEM_CONTROL : BA10F99E
21:13:25:593 3640 IRP_MJ_DEVICE_CHANGE : 804F4562
21:13:25:593 3640 IRP_MJ_QUERY_QUOTA : 804F4562
21:13:25:593 3640 IRP_MJ_SET_QUOTA : 804F4562
21:13:25:625 3640 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
21:13:25:625 3640
21:13:25:625 3640 Driver Name: Disk
21:13:25:625 3640 IRP_MJ_CREATE : BA10EBB0
21:13:25:625 3640 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:13:25:625 3640 IRP_MJ_CLOSE : BA10EBB0
21:13:25:625 3640 IRP_MJ_READ : BA108D1F
21:13:25:625 3640 IRP_MJ_WRITE : BA108D1F
21:13:25:625 3640 IRP_MJ_QUERY_INFORMATION : 804F4562
21:13:25:625 3640 IRP_MJ_SET_INFORMATION : 804F4562
21:13:25:625 3640 IRP_MJ_QUERY_EA : 804F4562
21:13:25:625 3640 IRP_MJ_SET_EA : 804F4562
21:13:25:625 3640 IRP_MJ_FLUSH_BUFFERS : BA1092E2
21:13:25:625 3640 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:13:25:625 3640 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:13:25:625 3640 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:13:25:625 3640 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:13:25:625 3640 IRP_MJ_DEVICE_CONTROL : BA1093BB
21:13:25:625 3640 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA10CF28
21:13:25:625 3640 IRP_MJ_SHUTDOWN : BA1092E2
21:13:25:625 3640 IRP_MJ_LOCK_CONTROL : 804F4562
21:13:25:625 3640 IRP_MJ_CLEANUP : 804F4562
21:13:25:625 3640 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:13:25:625 3640 IRP_MJ_QUERY_SECURITY : 804F4562
21:13:25:625 3640 IRP_MJ_SET_SECURITY : 804F4562
21:13:25:625 3640 IRP_MJ_POWER : BA10AC82
21:13:25:625 3640 IRP_MJ_SYSTEM_CONTROL : BA10F99E
21:13:25:625 3640 IRP_MJ_DEVICE_CHANGE : 804F4562
21:13:25:625 3640 IRP_MJ_QUERY_QUOTA : 804F4562
21:13:25:625 3640 IRP_MJ_SET_QUOTA : 804F4562
21:13:25:687 3640 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
21:13:25:687 3640
21:13:25:687 3640 Driver Name: usbstor
21:13:25:687 3640 IRP_MJ_CREATE : BA44D218
21:13:25:687 3640 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:13:25:687 3640 IRP_MJ_CLOSE : BA44D218
21:13:25:687 3640 IRP_MJ_READ : BA44D23C
21:13:25:687 3640 IRP_MJ_WRITE : BA44D23C
21:13:25:687 3640 IRP_MJ_QUERY_INFORMATION : 804F4562
21:13:25:687 3640 IRP_MJ_SET_INFORMATION : 804F4562
21:13:25:687 3640 IRP_MJ_QUERY_EA : 804F4562
21:13:25:687 3640 IRP_MJ_SET_EA : 804F4562
21:13:25:687 3640 IRP_MJ_FLUSH_BUFFERS : 804F4562
21:13:25:687 3640 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:13:25:687 3640 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:13:25:687 3640 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:13:25:687 3640 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:13:25:687 3640 IRP_MJ_DEVICE_CONTROL : BA44D180
21:13:25:687 3640 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8A4B81B0
21:13:25:687 3640 IRP_MJ_SHUTDOWN : 804F4562
21:13:25:687 3640 IRP_MJ_LOCK_CONTROL : 804F4562
21:13:25:687 3640 IRP_MJ_CLEANUP : 804F4562
21:13:25:687 3640 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:13:25:687 3640 IRP_MJ_QUERY_SECURITY : 804F4562
21:13:25:687 3640 IRP_MJ_SET_SECURITY : 804F4562
21:13:25:687 3640 IRP_MJ_POWER : BA44C5F0
21:13:25:687 3640 IRP_MJ_SYSTEM_CONTROL : BA44AA6E
21:13:25:687 3640 IRP_MJ_DEVICE_CHANGE : 804F4562
21:13:25:687 3640 IRP_MJ_QUERY_QUOTA : 804F4562
21:13:25:687 3640 IRP_MJ_SET_QUOTA : 804F4562
21:13:25:734 3640 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
21:13:25:734 3640
21:13:25:734 3640 Driver Name: usbstor
21:13:25:734 3640 IRP_MJ_CREATE : BA44D218
21:13:25:734 3640 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:13:25:734 3640 IRP_MJ_CLOSE : BA44D218
21:13:25:734 3640 IRP_MJ_READ : BA44D23C
21:13:25:734 3640 IRP_MJ_WRITE : BA44D23C
21:13:25:734 3640 IRP_MJ_QUERY_INFORMATION : 804F4562
21:13:25:734 3640 IRP_MJ_SET_INFORMATION : 804F4562
21:13:25:734 3640 IRP_MJ_QUERY_EA : 804F4562
21:13:25:734 3640 IRP_MJ_SET_EA : 804F4562
21:13:25:734 3640 IRP_MJ_FLUSH_BUFFERS : 804F4562
21:13:25:734 3640 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:13:25:734 3640 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:13:25:734 3640 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:13:25:734 3640 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:13:25:734 3640 IRP_MJ_DEVICE_CONTROL : BA44D180
21:13:25:734 3640 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8A4B81B0
21:13:25:734 3640 IRP_MJ_SHUTDOWN : 804F4562
21:13:25:734 3640 IRP_MJ_LOCK_CONTROL : 804F4562
21:13:25:734 3640 IRP_MJ_CLEANUP : 804F4562
21:13:25:734 3640 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:13:25:734 3640 IRP_MJ_QUERY_SECURITY : 804F4562
21:13:25:734 3640 IRP_MJ_SET_SECURITY : 804F4562
21:13:25:734 3640 IRP_MJ_POWER : BA44C5F0
21:13:25:734 3640 IRP_MJ_SYSTEM_CONTROL : BA44AA6E
21:13:25:734 3640 IRP_MJ_DEVICE_CHANGE : 804F4562
21:13:25:734 3640 IRP_MJ_QUERY_QUOTA : 804F4562
21:13:25:734 3640 IRP_MJ_SET_QUOTA : 804F4562
21:13:25:765 3640 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
21:13:25:765 3640
21:13:25:765 3640 Driver Name: usbstor
21:13:25:765 3640 IRP_MJ_CREATE : BA44D218
21:13:25:765 3640 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:13:25:765 3640 IRP_MJ_CLOSE : BA44D218
21:13:25:765 3640 IRP_MJ_READ : BA44D23C
21:13:25:765 3640 IRP_MJ_WRITE : BA44D23C
21:13:25:765 3640 IRP_MJ_QUERY_INFORMATION : 804F4562
21:13:25:765 3640 IRP_MJ_SET_INFORMATION : 804F4562
21:13:25:765 3640 IRP_MJ_QUERY_EA : 804F4562
21:13:25:765 3640 IRP_MJ_SET_EA : 804F4562
21:13:25:765 3640 IRP_MJ_FLUSH_BUFFERS : 804F4562
21:13:25:765 3640 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:13:25:765 3640 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:13:25:765 3640 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:13:25:765 3640 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:13:25:765 3640 IRP_MJ_DEVICE_CONTROL : BA44D180
21:13:25:765 3640 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8A4B81B0
21:13:25:765 3640 IRP_MJ_SHUTDOWN : 804F4562
21:13:25:765 3640 IRP_MJ_LOCK_CONTROL : 804F4562
21:13:25:765 3640 IRP_MJ_CLEANUP : 804F4562
21:13:25:765 3640 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:13:25:765 3640 IRP_MJ_QUERY_SECURITY : 804F4562
21:13:25:765 3640 IRP_MJ_SET_SECURITY : 804F4562
21:13:25:765 3640 IRP_MJ_POWER : BA44C5F0
21:13:25:765 3640 IRP_MJ_SYSTEM_CONTROL : BA44AA6E
21:13:25:765 3640 IRP_MJ_DEVICE_CHANGE : 804F4562
21:13:25:765 3640 IRP_MJ_QUERY_QUOTA : 804F4562
21:13:25:765 3640 IRP_MJ_SET_QUOTA : 804F4562
21:13:25:796 3640 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
21:13:25:812 3640
21:13:25:812 3640 Driver Name: usbstor
21:13:25:812 3640 IRP_MJ_CREATE : BA44D218
21:13:25:812 3640 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:13:25:812 3640 IRP_MJ_CLOSE : BA44D218
21:13:25:812 3640 IRP_MJ_READ : BA44D23C
21:13:25:812 3640 IRP_MJ_WRITE : BA44D23C
21:13:25:812 3640 IRP_MJ_QUERY_INFORMATION : 804F4562
21:13:25:812 3640 IRP_MJ_SET_INFORMATION : 804F4562
21:13:25:812 3640 IRP_MJ_QUERY_EA : 804F4562
21:13:25:812 3640 IRP_MJ_SET_EA : 804F4562
21:13:25:812 3640 IRP_MJ_FLUSH_BUFFERS : 804F4562
21:13:25:812 3640 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:13:25:812 3640 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:13:25:812 3640 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:13:25:812 3640 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:13:25:812 3640 IRP_MJ_DEVICE_CONTROL : BA44D180
21:13:25:812 3640 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8A4B81B0
21:13:25:812 3640 IRP_MJ_SHUTDOWN : 804F4562
21:13:25:812 3640 IRP_MJ_LOCK_CONTROL : 804F4562
21:13:25:812 3640 IRP_MJ_CLEANUP : 804F4562
21:13:25:812 3640 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:13:25:812 3640 IRP_MJ_QUERY_SECURITY : 804F4562
21:13:25:812 3640 IRP_MJ_SET_SECURITY : 804F4562
21:13:25:812 3640 IRP_MJ_POWER : BA44C5F0
21:13:25:812 3640 IRP_MJ_SYSTEM_CONTROL : BA44AA6E
21:13:25:812 3640 IRP_MJ_DEVICE_CHANGE : 804F4562
21:13:25:812 3640 IRP_MJ_QUERY_QUOTA : 804F4562
21:13:25:812 3640 IRP_MJ_SET_QUOTA : 804F4562
21:13:25:843 3640 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
21:13:25:843 3640
21:13:25:843 3640 Driver Name: Disk
21:13:25:843 3640 IRP_MJ_CREATE : BA10EBB0
21:13:25:843 3640 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:13:25:843 3640 IRP_MJ_CLOSE : BA10EBB0
21:13:25:843 3640 IRP_MJ_READ : BA108D1F
21:13:25:843 3640 IRP_MJ_WRITE : BA108D1F
21:13:25:843 3640 IRP_MJ_QUERY_INFORMATION : 804F4562
21:13:25:843 3640 IRP_MJ_SET_INFORMATION : 804F4562
21:13:25:843 3640 IRP_MJ_QUERY_EA : 804F4562
21:13:25:843 3640 IRP_MJ_SET_EA : 804F4562
21:13:25:843 3640 IRP_MJ_FLUSH_BUFFERS : BA1092E2
21:13:25:843 3640 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:13:25:843 3640 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:13:25:843 3640 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:13:25:843 3640 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:13:25:843 3640 IRP_MJ_DEVICE_CONTROL : BA1093BB
21:13:25:843 3640 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA10CF28
21:13:25:843 3640 IRP_MJ_SHUTDOWN : BA1092E2
21:13:25:843 3640 IRP_MJ_LOCK_CONTROL : 804F4562
21:13:25:843 3640 IRP_MJ_CLEANUP : 804F4562
21:13:25:843 3640 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:13:25:843 3640 IRP_MJ_QUERY_SECURITY : 804F4562
21:13:25:843 3640 IRP_MJ_SET_SECURITY : 804F4562
21:13:25:843 3640 IRP_MJ_POWER : BA10AC82
21:13:25:843 3640 IRP_MJ_SYSTEM_CONTROL : BA10F99E
21:13:25:843 3640 IRP_MJ_DEVICE_CHANGE : 804F4562
21:13:25:843 3640 IRP_MJ_QUERY_QUOTA : 804F4562
21:13:25:843 3640 IRP_MJ_SET_QUOTA : 804F4562
21:13:25:875 3640 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
21:13:25:875 3640
21:13:25:875 3640 Driver Name: Disk
21:13:25:875 3640 IRP_MJ_CREATE : BA10EBB0
21:13:25:875 3640 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:13:25:875 3640 IRP_MJ_CLOSE : BA10EBB0
21:13:25:875 3640 IRP_MJ_READ : BA108D1F
21:13:25:875 3640 IRP_MJ_WRITE : BA108D1F
21:13:25:875 3640 IRP_MJ_QUERY_INFORMATION : 804F4562
21:13:25:875 3640 IRP_MJ_SET_INFORMATION : 804F4562
21:13:25:875 3640 IRP_MJ_QUERY_EA : 804F4562
21:13:25:875 3640 IRP_MJ_SET_EA : 804F4562
21:13:25:875 3640 IRP_MJ_FLUSH_BUFFERS : BA1092E2
21:13:25:875 3640 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:13:25:875 3640 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:13:25:875 3640 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:13:25:875 3640 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:13:25:875 3640 IRP_MJ_DEVICE_CONTROL : BA1093BB
21:13:25:875 3640 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA10CF28
21:13:25:875 3640 IRP_MJ_SHUTDOWN : BA1092E2
21:13:25:875 3640 IRP_MJ_LOCK_CONTROL : 804F4562
21:13:25:875 3640 IRP_MJ_CLEANUP : 804F4562
21:13:25:875 3640 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:13:25:875 3640 IRP_MJ_QUERY_SECURITY : 804F4562
21:13:25:875 3640 IRP_MJ_SET_SECURITY : 804F4562
21:13:25:875 3640 IRP_MJ_POWER : BA10AC82
21:13:25:875 3640 IRP_MJ_SYSTEM_CONTROL : BA10F99E
21:13:25:875 3640 IRP_MJ_DEVICE_CHANGE : 804F4562
21:13:25:875 3640 IRP_MJ_QUERY_QUOTA : 804F4562
21:13:25:875 3640 IRP_MJ_SET_QUOTA : 804F4562
21:13:25:906 3640 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
21:13:25:906 3640
21:13:25:906 3640 Driver Name: Disk
21:13:25:906 3640 IRP_MJ_CREATE : BA10EBB0
21:13:25:906 3640 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:13:25:906 3640 IRP_MJ_CLOSE : BA10EBB0
21:13:25:906 3640 IRP_MJ_READ : BA108D1F
21:13:25:906 3640 IRP_MJ_WRITE : BA108D1F
21:13:25:906 3640 IRP_MJ_QUERY_INFORMATION : 804F4562
21:13:25:906 3640 IRP_MJ_SET_INFORMATION : 804F4562
21:13:25:906 3640 IRP_MJ_QUERY_EA : 804F4562
21:13:25:906 3640 IRP_MJ_SET_EA : 804F4562
21:13:25:906 3640 IRP_MJ_FLUSH_BUFFERS : BA1092E2
21:13:25:906 3640 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:13:25:906 3640 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:13:25:906 3640 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:13:25:906 3640 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:13:25:906 3640 IRP_MJ_DEVICE_CONTROL : BA1093BB
21:13:25:906 3640 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA10CF28
21:13:25:906 3640 IRP_MJ_SHUTDOWN : BA1092E2
21:13:25:921 3640 IRP_MJ_LOCK_CONTROL : 804F4562
21:13:25:921 3640 IRP_MJ_CLEANUP : 804F4562
21:13:25:921 3640 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:13:25:921 3640 IRP_MJ_QUERY_SECURITY : 804F4562
21:13:25:921 3640 IRP_MJ_SET_SECURITY : 804F4562
21:13:25:921 3640 IRP_MJ_POWER : BA10AC82
21:13:25:921 3640 IRP_MJ_SYSTEM_CONTROL : BA10F99E
21:13:25:921 3640 IRP_MJ_DEVICE_CHANGE : 804F4562
21:13:25:921 3640 IRP_MJ_QUERY_QUOTA : 804F4562
21:13:25:921 3640 IRP_MJ_SET_QUOTA : 804F4562
21:13:25:937 3640 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
21:13:25:937 3640
21:13:25:937 3640 Driver Name: Disk
21:13:25:937 3640 IRP_MJ_CREATE : BA10EBB0
21:13:25:937 3640 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:13:25:937 3640 IRP_MJ_CLOSE : BA10EBB0
21:13:25:937 3640 IRP_MJ_READ : BA108D1F
21:13:25:937 3640 IRP_MJ_WRITE : BA108D1F
21:13:25:937 3640 IRP_MJ_QUERY_INFORMATION : 804F4562
21:13:25:937 3640 IRP_MJ_SET_INFORMATION : 804F4562
21:13:25:937 3640 IRP_MJ_QUERY_EA : 804F4562
21:13:25:937 3640 IRP_MJ_SET_EA : 804F4562
21:13:25:937 3640 IRP_MJ_FLUSH_BUFFERS : BA1092E2
21:13:25:937 3640 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:13:25:937 3640 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:13:25:937 3640 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:13:25:937 3640 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:13:25:937 3640 IRP_MJ_DEVICE_CONTROL : BA1093BB
21:13:25:937 3640 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA10CF28
21:13:25:937 3640 IRP_MJ_SHUTDOWN : BA1092E2
21:13:25:937 3640 IRP_MJ_LOCK_CONTROL : 804F4562
21:13:25:937 3640 IRP_MJ_CLEANUP : 804F4562
21:13:25:937 3640 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:13:25:937 3640 IRP_MJ_QUERY_SECURITY : 804F4562
21:13:25:937 3640 IRP_MJ_SET_SECURITY : 804F4562
21:13:25:937 3640 IRP_MJ_POWER : BA10AC82
21:13:25:937 3640 IRP_MJ_SYSTEM_CONTROL : BA10F99E
21:13:25:937 3640 IRP_MJ_DEVICE_CHANGE : 804F4562
21:13:25:937 3640 IRP_MJ_QUERY_QUOTA : 804F4562
21:13:25:937 3640 IRP_MJ_SET_QUOTA : 804F4562
21:13:25:968 3640 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
21:13:25:968 3640
21:13:25:968 3640 Driver Name: Disk
21:13:25:968 3640 IRP_MJ_CREATE : BA10EBB0
21:13:25:968 3640 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:13:25:968 3640 IRP_MJ_CLOSE : BA10EBB0
21:13:25:968 3640 IRP_MJ_READ : BA108D1F
21:13:25:968 3640 IRP_MJ_WRITE : BA108D1F
21:13:25:968 3640 IRP_MJ_QUERY_INFORMATION : 804F4562
21:13:25:968 3640 IRP_MJ_SET_INFORMATION : 804F4562
21:13:25:968 3640 IRP_MJ_QUERY_EA : 804F4562
21:13:25:968 3640 IRP_MJ_SET_EA : 804F4562
21:13:25:968 3640 IRP_MJ_FLUSH_BUFFERS : BA1092E2
21:13:25:968 3640 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:13:25:968 3640 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:13:25:968 3640 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:13:25:968 3640 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:13:25:968 3640 IRP_MJ_DEVICE_CONTROL : BA1093BB
21:13:25:968 3640 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA10CF28
21:13:25:968 3640 IRP_MJ_SHUTDOWN : BA1092E2
21:13:25:968 3640 IRP_MJ_LOCK_CONTROL : 804F4562
21:13:25:968 3640 IRP_MJ_CLEANUP : 804F4562
21:13:25:968 3640 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:13:25:968 3640 IRP_MJ_QUERY_SECURITY : 804F4562
21:13:25:968 3640 IRP_MJ_SET_SECURITY : 804F4562
21:13:25:968 3640 IRP_MJ_POWER : BA10AC82
21:13:25:968 3640 IRP_MJ_SYSTEM_CONTROL : BA10F99E
21:13:25:968 3640 IRP_MJ_DEVICE_CHANGE : 804F4562
21:13:25:968 3640 IRP_MJ_QUERY_QUOTA : 804F4562
21:13:25:968 3640 IRP_MJ_SET_QUOTA : 804F4562
21:13:25:984 3640 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
21:13:25:984 3640
21:13:25:984 3640 Driver Name: atapi
21:13:25:984 3640 IRP_MJ_CREATE : B9F026F2
21:13:25:984 3640 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:13:25:984 3640 IRP_MJ_CLOSE : B9F026F2
21:13:25:984 3640 IRP_MJ_READ : 804F4562
21:13:25:984 3640 IRP_MJ_WRITE : 804F4562
21:13:25:984 3640 IRP_MJ_QUERY_INFORMATION : 804F4562
21:13:25:984 3640 IRP_MJ_SET_INFORMATION : 804F4562
21:13:25:984 3640 IRP_MJ_QUERY_EA : 804F4562
21:13:25:984 3640 IRP_MJ_SET_EA : 804F4562
21:13:25:984 3640 IRP_MJ_FLUSH_BUFFERS : 804F4562
21:13:25:984 3640 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:13:25:984 3640 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:13:25:984 3640 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:13:25:984 3640 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:13:25:984 3640 IRP_MJ_DEVICE_CONTROL : B9F02712
21:13:25:984 3640 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8B275258
21:13:25:984 3640 IRP_MJ_SHUTDOWN : 804F4562
21:13:25:984 3640 IRP_MJ_LOCK_CONTROL : 804F4562
21:13:25:984 3640 IRP_MJ_CLEANUP : 804F4562
21:13:25:984 3640 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:13:25:984 3640 IRP_MJ_QUERY_SECURITY : 804F4562
21:13:25:984 3640 IRP_MJ_SET_SECURITY : 804F4562
21:13:25:984 3640 IRP_MJ_POWER : B9F0273C
21:13:25:984 3640 IRP_MJ_SYSTEM_CONTROL : B9F09336
21:13:25:984 3640 IRP_MJ_DEVICE_CHANGE : 804F4562
21:13:25:984 3640 IRP_MJ_QUERY_QUOTA : 804F4562
21:13:25:984 3640 IRP_MJ_SET_QUOTA : 804F4562
21:13:26:062 3640 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
21:13:26:062 3640
21:13:26:062 3640 Driver Name: atapi
21:13:26:062 3640 IRP_MJ_CREATE : B9F026F2
21:13:26:062 3640 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:13:26:062 3640 IRP_MJ_CLOSE : B9F026F2
21:13:26:062 3640 IRP_MJ_READ : 804F4562
21:13:26:062 3640 IRP_MJ_WRITE : 804F4562
21:13:26:062 3640 IRP_MJ_QUERY_INFORMATION : 804F4562
21:13:26:062 3640 IRP_MJ_SET_INFORMATION : 804F4562
21:13:26:062 3640 IRP_MJ_QUERY_EA : 804F4562
21:13:26:062 3640 IRP_MJ_SET_EA : 804F4562
21:13:26:062 3640 IRP_MJ_FLUSH_BUFFERS : 804F4562
21:13:26:062 3640 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:13:26:062 3640 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:13:26:062 3640 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:13:26:062 3640 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:13:26:062 3640 IRP_MJ_DEVICE_CONTROL : B9F02712
21:13:26:062 3640 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8B275258
21:13:26:062 3640 IRP_MJ_SHUTDOWN : 804F4562
21:13:26:062 3640 IRP_MJ_LOCK_CONTROL : 804F4562
21:13:26:062 3640 IRP_MJ_CLEANUP : 804F4562
21:13:26:062 3640 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:13:26:062 3640 IRP_MJ_QUERY_SECURITY : 804F4562
21:13:26:062 3640 IRP_MJ_SET_SECURITY : 804F4562
21:13:26:062 3640 IRP_MJ_POWER : B9F0273C
21:13:26:062 3640 IRP_MJ_SYSTEM_CONTROL : B9F09336
21:13:26:062 3640 IRP_MJ_DEVICE_CHANGE : 804F4562
21:13:26:062 3640 IRP_MJ_QUERY_QUOTA : 804F4562
21:13:26:062 3640 IRP_MJ_SET_QUOTA : 804F4562
21:13:26:125 3640 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
21:13:26:125 3640
21:13:26:125 3640 Driver Name: atapi
21:13:26:125 3640 IRP_MJ_CREATE : B9F026F2
21:13:26:125 3640 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:13:26:125 3640 IRP_MJ_CLOSE : B9F026F2
21:13:26:125 3640 IRP_MJ_READ : 804F4562
21:13:26:125 3640 IRP_MJ_WRITE : 804F4562
21:13:26:125 3640 IRP_MJ_QUERY_INFORMATION : 804F4562
21:13:26:125 3640 IRP_MJ_SET_INFORMATION : 804F4562
21:13:26:125 3640 IRP_MJ_QUERY_EA : 804F4562
21:13:26:125 3640 IRP_MJ_SET_EA : 804F4562
21:13:26:125 3640 IRP_MJ_FLUSH_BUFFERS : 804F4562
21:13:26:125 3640 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:13:26:125 3640 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:13:26:125 3640 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:13:26:125 3640 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:13:26:125 3640 IRP_MJ_DEVICE_CONTROL : B9F02712
21:13:26:125 3640 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8B275258
21:13:26:125 3640 IRP_MJ_SHUTDOWN : 804F4562
21:13:26:125 3640 IRP_MJ_LOCK_CONTROL : 804F4562
21:13:26:125 3640 IRP_MJ_CLEANUP : 804F4562
21:13:26:125 3640 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:13:26:125 3640 IRP_MJ_QUERY_SECURITY : 804F4562
21:13:26:125 3640 IRP_MJ_SET_SECURITY : 804F4562
21:13:26:125 3640 IRP_MJ_POWER : B9F0273C
21:13:26:125 3640 IRP_MJ_SYSTEM_CONTROL : B9F09336
21:13:26:125 3640 IRP_MJ_DEVICE_CHANGE : 804F4562
21:13:26:125 3640 IRP_MJ_QUERY_QUOTA : 804F4562
21:13:26:125 3640 IRP_MJ_SET_QUOTA : 804F4562
21:13:26:171 3640 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
21:13:26:171 3640
21:13:26:187 3640 Completed
21:13:26:187 3640
21:13:26:187 3640 Results:
21:13:26:187 3640 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
21:13:26:187 3640 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
21:13:26:187 3640 File objects infected / cured / cured on reboot: 0 / 0 / 0
21:13:26:187 3640
21:13:26:187 3640 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
21:13:26:187 3640 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
21:13:26:187 3640 KLMD(ARK) unloaded successfully

[motji]

Takže na tdl3rootkita to nevypadá. A to atapi.sys vypadá taky v pořádku, tohle je falešná detekce antiviru . Vydržte chvilku, projdu znovu log z Gmeru

[MatesJ]

je možné, že to zasahuje i do opravné konzole: nevidí disky krom společného C: a D:, dir nefunguje na C: a D:

[motji]

už ho mám, potvoru . Vydržte, než napíšu skript. Zatím stáhněte nový combofix, držte se postupu.

Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.


***********


Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir


***********

Combofix stahněte takto:
- pravým myšítkem klikněte na odkaz combofixu --uložit jako.. ,a teď ho přejmenujte na Potvora.com a uložte.

A počkejte na další pokyny

[MatesJ]

hotovo, na stránky T-Cleaneru se nedostanu, ale stáhnu ho

[motji]

Ještě prosím zatím restartujte do nouzového režimu.
Máte nainstalovanou konzolu zotavení?

[MatesJ]

ok restart dáme, Konzola zotavení? v BIOSU je Quick recovery a to nemám a do recovery console se dostanu

[MatesJ]

stav nouze práce v síti a WIn a nebo Recovery Console???

[motji]

Ted běžte do stavu nouze se sítí. Já jsem se jen ptala, jestli tu recovery conzoli máte, pokud ne, až se spustí combofix, necháte ji nainstalovat.

[motji]

Nemusíte, hlavně aby byl přejmenovaný a aktualizovaný combofix. Jdeme na to

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

KillAll::

Rootkit::
c:\windows\system32\drivers\TDSSpxoe.sys
c:\windows\system32\TDSSktpa.dll
c:\windows\system32\TDSSwupe.dat
c:\windows\system32\TDSSirxy.dll
c:\windows\system32\TDSSyavu.dll
c:\windows\system32\TDSSacun.dll
c:\windows\system32\TDSSqqcn.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSsahc.dll
c:\windows\system32\TDSSehys.log
c:\windows\system32\TDSSwghd.log

Driver::
TDSSserv.sys

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

[MatesJ]

už toi fičí, jen nevidím v nouzáku avast, abych vypl residentní ochrany, jak dále?

zastavím ho nějak v Task Manageru, který proces?

[motji]

Ne, nechejte ho tak

[MatesJ]

tak teď se ukáže CF fičí....................... držím mu palec.........

tu poslední známou funkční konfiguraci tam chcete případně dát? Bude to na déle......... zatím fáze 4

[motji]

Tu použijete pouze v případě, že počítač nebude chtít naběhnout