VIRY.CZ

http://www.virustotal.com/cs/analisis/b ... 1268595899

21:13:24:750 3640 TDSS rootkit removing tool 2.2.8 Mar 10 2010 15:53:20
21:13:24:750 3640 ================================================================================
21:13:24:750 3640 SystemInfo:

21:13:24:750 3640 OS Version: 5.1.2600 ServicePack: 3.0
21:13:24:750 3640 Product type: Workstation
21:13:24:750 3640 ComputerName: MAJUR-C83F52894
21:13:24:750 3640 UserName: Martin
21:13:24:750 3640 Windows directory: C:\WINDOWS
21:13:24:750 3640 Processor architecture: Intel x86
21:13:24:750 3640 Number of processors: 2
21:13:24:750 3640 Page size: 0x1000
21:13:24:750 3640 Boot type: Normal boot
21:13:24:750 3640 ================================================================================
21:13:24:765 3640 UnloadDriverW: NtUnloadDriver error 2
21:13:24:765 3640 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
21:13:24:937 3640 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
21:13:24:937 3640 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
21:13:24:937 3640 wfopen_ex: Trying to KLMD file open
21:13:24:937 3640 wfopen_ex: File opened ok (Flags 2)
21:13:24:937 3640 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
21:13:24:937 3640 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
21:13:24:937 3640 wfopen_ex: Trying to KLMD file open
21:13:24:937 3640 wfopen_ex: File opened ok (Flags 2)
21:13:24:937 3640 Initialize success
21:13:24:937 3640
21:13:24:937 3640 Scanning Services ...
21:13:25:500 3640 GetAdvancedServicesInfo: Raw services enum returned 371 services
21:13:25:500 3640
21:13:25:500 3640 Scanning Kernel memory ...
21:13:25:500 3640 Devices to scan: 16
21:13:25:500 3640
21:13:25:500 3640 Driver Name: Disk
21:13:25:500 3640 IRP_MJ_CREATE : BA10EBB0
21:13:25:500 3640 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:13:25:500 3640 IRP_MJ_CLOSE : BA10EBB0
21:13:25:500 3640 IRP_MJ_READ : BA108D1F
21:13:25:500 3640 IRP_MJ_WRITE : BA108D1F
21:13:25:500 3640 IRP_MJ_QUERY_INFORMATION : 804F4562
21:13:25:515 3640 IRP_MJ_SET_INFORMATION : 804F4562
21:13:25:515 3640 IRP_MJ_QUERY_EA : 804F4562
21:13:25:515 3640 IRP_MJ_SET_EA : 804F4562
21:13:25:515 3640 IRP_MJ_FLUSH_BUFFERS : BA1092E2
21:13:25:515 3640 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:13:25:515 3640 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:13:25:515 3640 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:13:25:515 3640 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:13:25:515 3640 IRP_MJ_DEVICE_CONTROL : BA1093BB
21:13:25:515 3640 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA10CF28
21:13:25:515 3640 IRP_MJ_SHUTDOWN : BA1092E2
21:13:25:515 3640 IRP_MJ_LOCK_CONTROL : 804F4562
21:13:25:515 3640 IRP_MJ_CLEANUP : 804F4562
21:13:25:515 3640 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:13:25:515 3640 IRP_MJ_QUERY_SECURITY : 804F4562
21:13:25:515 3640 IRP_MJ_SET_SECURITY : 804F4562
21:13:25:515 3640 IRP_MJ_POWER : BA10AC82
21:13:25:515 3640 IRP_MJ_SYSTEM_CONTROL : BA10F99E
21:13:25:515 3640 IRP_MJ_DEVICE_CHANGE : 804F4562
21:13:25:515 3640 IRP_MJ_QUERY_QUOTA : 804F4562
21:13:25:515 3640 IRP_MJ_SET_QUOTA : 804F4562
21:13:25:562 3640 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
21:13:25:562 3640
21:13:25:562 3640 Driver Name: Disk
21:13:25:562 3640 IRP_MJ_CREATE : BA10EBB0
21:13:25:562 3640 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:13:25:562 3640 IRP_MJ_CLOSE : BA10EBB0
21:13:25:562 3640 IRP_MJ_READ : BA108D1F
21:13:25:562 3640 IRP_MJ_WRITE : BA108D1F
21:13:25:562 3640 IRP_MJ_QUERY_INFORMATION : 804F4562
21:13:25:562 3640 IRP_MJ_SET_INFORMATION : 804F4562
21:13:25:562 3640 IRP_MJ_QUERY_EA : 804F4562
21:13:25:562 3640 IRP_MJ_SET_EA : 804F4562
21:13:25:562 3640 IRP_MJ_FLUSH_BUFFERS : BA1092E2
21:13:25:562 3640 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:13:25:562 3640 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:13:25:562 3640 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:13:25:562 3640 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:13:25:562 3640 IRP_MJ_DEVICE_CONTROL : BA1093BB
21:13:25:562 3640 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA10CF28
21:13:25:562 3640 IRP_MJ_SHUTDOWN : BA1092E2
21:13:25:562 3640 IRP_MJ_LOCK_CONTROL : 804F4562
21:13:25:562 3640 IRP_MJ_CLEANUP : 804F4562
21:13:25:562 3640 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:13:25:562 3640 IRP_MJ_QUERY_SECURITY : 804F4562
21:13:25:562 3640 IRP_MJ_SET_SECURITY : 804F4562
21:13:25:562 3640 IRP_MJ_POWER : BA10AC82
21:13:25:562 3640 IRP_MJ_SYSTEM_CONTROL : BA10F99E
21:13:25:562 3640 IRP_MJ_DEVICE_CHANGE : 804F4562
21:13:25:562 3640 IRP_MJ_QUERY_QUOTA : 804F4562
21:13:25:562 3640 IRP_MJ_SET_QUOTA : 804F4562
21:13:25:578 3640 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
21:13:25:578 3640
21:13:25:578 3640 Driver Name: Disk
21:13:25:578 3640 IRP_MJ_CREATE : BA10EBB0
21:13:25:578 3640 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:13:25:578 3640 IRP_MJ_CLOSE : BA10EBB0
21:13:25:578 3640 IRP_MJ_READ : BA108D1F
21:13:25:578 3640 IRP_MJ_WRITE : BA108D1F
21:13:25:578 3640 IRP_MJ_QUERY_INFORMATION : 804F4562
21:13:25:578 3640 IRP_MJ_SET_INFORMATION : 804F4562
21:13:25:578 3640 IRP_MJ_QUERY_EA : 804F4562
21:13:25:578 3640 IRP_MJ_SET_EA : 804F4562
21:13:25:593 3640 IRP_MJ_FLUSH_BUFFERS : BA1092E2
21:13:25:593 3640 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:13:25:593 3640 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:13:25:593 3640 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:13:25:593 3640 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:13:25:593 3640 IRP_MJ_DEVICE_CONTROL : BA1093BB
21:13:25:593 3640 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA10CF28
21:13:25:593 3640 IRP_MJ_SHUTDOWN : BA1092E2
21:13:25:593 3640 IRP_MJ_LOCK_CONTROL : 804F4562
21:13:25:593 3640 IRP_MJ_CLEANUP : 804F4562
21:13:25:593 3640 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:13:25:593 3640 IRP_MJ_QUERY_SECURITY : 804F4562
21:13:25:593 3640 IRP_MJ_SET_SECURITY : 804F4562
21:13:25:593 3640 IRP_MJ_POWER : BA10AC82
21:13:25:593 3640 IRP_MJ_SYSTEM_CONTROL : BA10F99E
21:13:25:593 3640 IRP_MJ_DEVICE_CHANGE : 804F4562
21:13:25:593 3640 IRP_MJ_QUERY_QUOTA : 804F4562
21:13:25:593 3640 IRP_MJ_SET_QUOTA : 804F4562
21:13:25:625 3640 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
21:13:25:625 3640
21:13:25:625 3640 Driver Name: Disk
21:13:25:625 3640 IRP_MJ_CREATE : BA10EBB0
21:13:25:625 3640 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:13:25:625 3640 IRP_MJ_CLOSE : BA10EBB0
21:13:25:625 3640 IRP_MJ_READ : BA108D1F
21:13:25:625 3640 IRP_MJ_WRITE : BA108D1F
21:13:25:625 3640 IRP_MJ_QUERY_INFORMATION : 804F4562
21:13:25:625 3640 IRP_MJ_SET_INFORMATION : 804F4562
21:13:25:625 3640 IRP_MJ_QUERY_EA : 804F4562
21:13:25:625 3640 IRP_MJ_SET_EA : 804F4562
21:13:25:625 3640 IRP_MJ_FLUSH_BUFFERS : BA1092E2
21:13:25:625 3640 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:13:25:625 3640 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:13:25:625 3640 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:13:25:625 3640 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:13:25:625 3640 IRP_MJ_DEVICE_CONTROL : BA1093BB
21:13:25:625 3640 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA10CF28
21:13:25:625 3640 IRP_MJ_SHUTDOWN : BA1092E2
21:13:25:625 3640 IRP_MJ_LOCK_CONTROL : 804F4562
21:13:25:625 3640 IRP_MJ_CLEANUP : 804F4562
21:13:25:625 3640 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:13:25:625 3640 IRP_MJ_QUERY_SECURITY : 804F4562
21:13:25:625 3640 IRP_MJ_SET_SECURITY : 804F4562
21:13:25:625 3640 IRP_MJ_POWER : BA10AC82
21:13:25:625 3640 IRP_MJ_SYSTEM_CONTROL : BA10F99E
21:13:25:625 3640 IRP_MJ_DEVICE_CHANGE : 804F4562
21:13:25:625 3640 IRP_MJ_QUERY_QUOTA : 804F4562
21:13:25:625 3640 IRP_MJ_SET_QUOTA : 804F4562
21:13:25:687 3640 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
21:13:25:687 3640
21:13:25:687 3640 Driver Name: usbstor
21:13:25:687 3640 IRP_MJ_CREATE : BA44D218
21:13:25:687 3640 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:13:25:687 3640 IRP_MJ_CLOSE : BA44D218
21:13:25:687 3640 IRP_MJ_READ : BA44D23C
21:13:25:687 3640 IRP_MJ_WRITE : BA44D23C
21:13:25:687 3640 IRP_MJ_QUERY_INFORMATION : 804F4562
21:13:25:687 3640 IRP_MJ_SET_INFORMATION : 804F4562
21:13:25:687 3640 IRP_MJ_QUERY_EA : 804F4562
21:13:25:687 3640 IRP_MJ_SET_EA : 804F4562
21:13:25:687 3640 IRP_MJ_FLUSH_BUFFERS : 804F4562
21:13:25:687 3640 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:13:25:687 3640 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:13:25:687 3640 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:13:25:687 3640 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:13:25:687 3640 IRP_MJ_DEVICE_CONTROL : BA44D180
21:13:25:687 3640 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8A4B81B0
21:13:25:687 3640 IRP_MJ_SHUTDOWN : 804F4562
21:13:25:687 3640 IRP_MJ_LOCK_CONTROL : 804F4562
21:13:25:687 3640 IRP_MJ_CLEANUP : 804F4562
21:13:25:687 3640 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:13:25:687 3640 IRP_MJ_QUERY_SECURITY : 804F4562
21:13:25:687 3640 IRP_MJ_SET_SECURITY : 804F4562
21:13:25:687 3640 IRP_MJ_POWER : BA44C5F0
21:13:25:687 3640 IRP_MJ_SYSTEM_CONTROL : BA44AA6E
21:13:25:687 3640 IRP_MJ_DEVICE_CHANGE : 804F4562
21:13:25:687 3640 IRP_MJ_QUERY_QUOTA : 804F4562
21:13:25:687 3640 IRP_MJ_SET_QUOTA : 804F4562
21:13:25:734 3640 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
21:13:25:734 3640
21:13:25:734 3640 Driver Name: usbstor
21:13:25:734 3640 IRP_MJ_CREATE : BA44D218
21:13:25:734 3640 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:13:25:734 3640 IRP_MJ_CLOSE : BA44D218
21:13:25:734 3640 IRP_MJ_READ : BA44D23C
21:13:25:734 3640 IRP_MJ_WRITE : BA44D23C
21:13:25:734 3640 IRP_MJ_QUERY_INFORMATION : 804F4562
21:13:25:734 3640 IRP_MJ_SET_INFORMATION : 804F4562
21:13:25:734 3640 IRP_MJ_QUERY_EA : 804F4562
21:13:25:734 3640 IRP_MJ_SET_EA : 804F4562
21:13:25:734 3640 IRP_MJ_FLUSH_BUFFERS : 804F4562
21:13:25:734 3640 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:13:25:734 3640 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:13:25:734 3640 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:13:25:734 3640 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:13:25:734 3640 IRP_MJ_DEVICE_CONTROL : BA44D180
21:13:25:734 3640 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8A4B81B0
21:13:25:734 3640 IRP_MJ_SHUTDOWN : 804F4562
21:13:25:734 3640 IRP_MJ_LOCK_CONTROL : 804F4562
21:13:25:734 3640 IRP_MJ_CLEANUP : 804F4562
21:13:25:734 3640 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:13:25:734 3640 IRP_MJ_QUERY_SECURITY : 804F4562
21:13:25:734 3640 IRP_MJ_SET_SECURITY : 804F4562
21:13:25:734 3640 IRP_MJ_POWER : BA44C5F0
21:13:25:734 3640 IRP_MJ_SYSTEM_CONTROL : BA44AA6E
21:13:25:734 3640 IRP_MJ_DEVICE_CHANGE : 804F4562
21:13:25:734 3640 IRP_MJ_QUERY_QUOTA : 804F4562
21:13:25:734 3640 IRP_MJ_SET_QUOTA : 804F4562
21:13:25:765 3640 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
21:13:25:765 3640
21:13:25:765 3640 Driver Name: usbstor
21:13:25:765 3640 IRP_MJ_CREATE : BA44D218
21:13:25:765 3640 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:13:25:765 3640 IRP_MJ_CLOSE : BA44D218
21:13:25:765 3640 IRP_MJ_READ : BA44D23C
21:13:25:765 3640 IRP_MJ_WRITE : BA44D23C
21:13:25:765 3640 IRP_MJ_QUERY_INFORMATION : 804F4562
21:13:25:765 3640 IRP_MJ_SET_INFORMATION : 804F4562
21:13:25:765 3640 IRP_MJ_QUERY_EA : 804F4562
21:13:25:765 3640 IRP_MJ_SET_EA : 804F4562
21:13:25:765 3640 IRP_MJ_FLUSH_BUFFERS : 804F4562
21:13:25:765 3640 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:13:25:765 3640 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:13:25:765 3640 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:13:25:765 3640 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:13:25:765 3640 IRP_MJ_DEVICE_CONTROL : BA44D180
21:13:25:765 3640 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8A4B81B0
21:13:25:765 3640 IRP_MJ_SHUTDOWN : 804F4562
21:13:25:765 3640 IRP_MJ_LOCK_CONTROL : 804F4562
21:13:25:765 3640 IRP_MJ_CLEANUP : 804F4562
21:13:25:765 3640 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:13:25:765 3640 IRP_MJ_QUERY_SECURITY : 804F4562
21:13:25:765 3640 IRP_MJ_SET_SECURITY : 804F4562
21:13:25:765 3640 IRP_MJ_POWER : BA44C5F0
21:13:25:765 3640 IRP_MJ_SYSTEM_CONTROL : BA44AA6E
21:13:25:765 3640 IRP_MJ_DEVICE_CHANGE : 804F4562
21:13:25:765 3640 IRP_MJ_QUERY_QUOTA : 804F4562
21:13:25:765 3640 IRP_MJ_SET_QUOTA : 804F4562
21:13:25:796 3640 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
21:13:25:812 3640
21:13:25:812 3640 Driver Name: usbstor
21:13:25:812 3640 IRP_MJ_CREATE : BA44D218
21:13:25:812 3640 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:13:25:812 3640 IRP_MJ_CLOSE : BA44D218
21:13:25:812 3640 IRP_MJ_READ : BA44D23C
21:13:25:812 3640 IRP_MJ_WRITE : BA44D23C
21:13:25:812 3640 IRP_MJ_QUERY_INFORMATION : 804F4562
21:13:25:812 3640 IRP_MJ_SET_INFORMATION : 804F4562
21:13:25:812 3640 IRP_MJ_QUERY_EA : 804F4562
21:13:25:812 3640 IRP_MJ_SET_EA : 804F4562
21:13:25:812 3640 IRP_MJ_FLUSH_BUFFERS : 804F4562
21:13:25:812 3640 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:13:25:812 3640 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:13:25:812 3640 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:13:25:812 3640 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:13:25:812 3640 IRP_MJ_DEVICE_CONTROL : BA44D180
21:13:25:812 3640 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8A4B81B0
21:13:25:812 3640 IRP_MJ_SHUTDOWN : 804F4562
21:13:25:812 3640 IRP_MJ_LOCK_CONTROL : 804F4562
21:13:25:812 3640 IRP_MJ_CLEANUP : 804F4562
21:13:25:812 3640 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:13:25:812 3640 IRP_MJ_QUERY_SECURITY : 804F4562
21:13:25:812 3640 IRP_MJ_SET_SECURITY : 804F4562
21:13:25:812 3640 IRP_MJ_POWER : BA44C5F0
21:13:25:812 3640 IRP_MJ_SYSTEM_CONTROL : BA44AA6E
21:13:25:812 3640 IRP_MJ_DEVICE_CHANGE : 804F4562
21:13:25:812 3640 IRP_MJ_QUERY_QUOTA : 804F4562
21:13:25:812 3640 IRP_MJ_SET_QUOTA : 804F4562
21:13:25:843 3640 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
21:13:25:843 3640
21:13:25:843 3640 Driver Name: Disk
21:13:25:843 3640 IRP_MJ_CREATE : BA10EBB0
21:13:25:843 3640 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:13:25:843 3640 IRP_MJ_CLOSE : BA10EBB0
21:13:25:843 3640 IRP_MJ_READ : BA108D1F
21:13:25:843 3640 IRP_MJ_WRITE : BA108D1F
21:13:25:843 3640 IRP_MJ_QUERY_INFORMATION : 804F4562
21:13:25:843 3640 IRP_MJ_SET_INFORMATION : 804F4562
21:13:25:843 3640 IRP_MJ_QUERY_EA : 804F4562
21:13:25:843 3640 IRP_MJ_SET_EA : 804F4562
21:13:25:843 3640 IRP_MJ_FLUSH_BUFFERS : BA1092E2
21:13:25:843 3640 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:13:25:843 3640 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:13:25:843 3640 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:13:25:843 3640 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:13:25:843 3640 IRP_MJ_DEVICE_CONTROL : BA1093BB
21:13:25:843 3640 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA10CF28
21:13:25:843 3640 IRP_MJ_SHUTDOWN : BA1092E2
21:13:25:843 3640 IRP_MJ_LOCK_CONTROL : 804F4562
21:13:25:843 3640 IRP_MJ_CLEANUP : 804F4562
21:13:25:843 3640 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:13:25:843 3640 IRP_MJ_QUERY_SECURITY : 804F4562
21:13:25:843 3640 IRP_MJ_SET_SECURITY : 804F4562
21:13:25:843 3640 IRP_MJ_POWER : BA10AC82
21:13:25:843 3640 IRP_MJ_SYSTEM_CONTROL : BA10F99E
21:13:25:843 3640 IRP_MJ_DEVICE_CHANGE : 804F4562
21:13:25:843 3640 IRP_MJ_QUERY_QUOTA : 804F4562
21:13:25:843 3640 IRP_MJ_SET_QUOTA : 804F4562
21:13:25:875 3640 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
21:13:25:875 3640
21:13:25:875 3640 Driver Name: Disk
21:13:25:875 3640 IRP_MJ_CREATE : BA10EBB0
21:13:25:875 3640 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:13:25:875 3640 IRP_MJ_CLOSE : BA10EBB0
21:13:25:875 3640 IRP_MJ_READ : BA108D1F
21:13:25:875 3640 IRP_MJ_WRITE : BA108D1F
21:13:25:875 3640 IRP_MJ_QUERY_INFORMATION : 804F4562
21:13:25:875 3640 IRP_MJ_SET_INFORMATION : 804F4562
21:13:25:875 3640 IRP_MJ_QUERY_EA : 804F4562
21:13:25:875 3640 IRP_MJ_SET_EA : 804F4562
21:13:25:875 3640 IRP_MJ_FLUSH_BUFFERS : BA1092E2
21:13:25:875 3640 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:13:25:875 3640 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:13:25:875 3640 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:13:25:875 3640 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:13:25:875 3640 IRP_MJ_DEVICE_CONTROL : BA1093BB
21:13:25:875 3640 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA10CF28
21:13:25:875 3640 IRP_MJ_SHUTDOWN : BA1092E2
21:13:25:875 3640 IRP_MJ_LOCK_CONTROL : 804F4562
21:13:25:875 3640 IRP_MJ_CLEANUP : 804F4562
21:13:25:875 3640 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:13:25:875 3640 IRP_MJ_QUERY_SECURITY : 804F4562
21:13:25:875 3640 IRP_MJ_SET_SECURITY : 804F4562
21:13:25:875 3640 IRP_MJ_POWER : BA10AC82
21:13:25:875 3640 IRP_MJ_SYSTEM_CONTROL : BA10F99E
21:13:25:875 3640 IRP_MJ_DEVICE_CHANGE : 804F4562
21:13:25:875 3640 IRP_MJ_QUERY_QUOTA : 804F4562
21:13:25:875 3640 IRP_MJ_SET_QUOTA : 804F4562
21:13:25:906 3640 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
21:13:25:906 3640
21:13:25:906 3640 Driver Name: Disk
21:13:25:906 3640 IRP_MJ_CREATE : BA10EBB0
21:13:25:906 3640 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:13:25:906 3640 IRP_MJ_CLOSE : BA10EBB0
21:13:25:906 3640 IRP_MJ_READ : BA108D1F
21:13:25:906 3640 IRP_MJ_WRITE : BA108D1F
21:13:25:906 3640 IRP_MJ_QUERY_INFORMATION : 804F4562
21:13:25:906 3640 IRP_MJ_SET_INFORMATION : 804F4562
21:13:25:906 3640 IRP_MJ_QUERY_EA : 804F4562
21:13:25:906 3640 IRP_MJ_SET_EA : 804F4562
21:13:25:906 3640 IRP_MJ_FLUSH_BUFFERS : BA1092E2
21:13:25:906 3640 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:13:25:906 3640 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:13:25:906 3640 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:13:25:906 3640 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:13:25:906 3640 IRP_MJ_DEVICE_CONTROL : BA1093BB
21:13:25:906 3640 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA10CF28
21:13:25:906 3640 IRP_MJ_SHUTDOWN : BA1092E2
21:13:25:921 3640 IRP_MJ_LOCK_CONTROL : 804F4562
21:13:25:921 3640 IRP_MJ_CLEANUP : 804F4562
21:13:25:921 3640 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:13:25:921 3640 IRP_MJ_QUERY_SECURITY : 804F4562
21:13:25:921 3640 IRP_MJ_SET_SECURITY : 804F4562
21:13:25:921 3640 IRP_MJ_POWER : BA10AC82
21:13:25:921 3640 IRP_MJ_SYSTEM_CONTROL : BA10F99E
21:13:25:921 3640 IRP_MJ_DEVICE_CHANGE : 804F4562
21:13:25:921 3640 IRP_MJ_QUERY_QUOTA : 804F4562
21:13:25:921 3640 IRP_MJ_SET_QUOTA : 804F4562
21:13:25:937 3640 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
21:13:25:937 3640
21:13:25:937 3640 Driver Name: Disk
21:13:25:937 3640 IRP_MJ_CREATE : BA10EBB0
21:13:25:937 3640 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:13:25:937 3640 IRP_MJ_CLOSE : BA10EBB0
21:13:25:937 3640 IRP_MJ_READ : BA108D1F
21:13:25:937 3640 IRP_MJ_WRITE : BA108D1F
21:13:25:937 3640 IRP_MJ_QUERY_INFORMATION : 804F4562
21:13:25:937 3640 IRP_MJ_SET_INFORMATION : 804F4562
21:13:25:937 3640 IRP_MJ_QUERY_EA : 804F4562
21:13:25:937 3640 IRP_MJ_SET_EA : 804F4562
21:13:25:937 3640 IRP_MJ_FLUSH_BUFFERS : BA1092E2
21:13:25:937 3640 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:13:25:937 3640 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:13:25:937 3640 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:13:25:937 3640 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:13:25:937 3640 IRP_MJ_DEVICE_CONTROL : BA1093BB
21:13:25:937 3640 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA10CF28
21:13:25:937 3640 IRP_MJ_SHUTDOWN : BA1092E2
21:13:25:937 3640 IRP_MJ_LOCK_CONTROL : 804F4562
21:13:25:937 3640 IRP_MJ_CLEANUP : 804F4562
21:13:25:937 3640 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:13:25:937 3640 IRP_MJ_QUERY_SECURITY : 804F4562
21:13:25:937 3640 IRP_MJ_SET_SECURITY : 804F4562
21:13:25:937 3640 IRP_MJ_POWER : BA10AC82
21:13:25:937 3640 IRP_MJ_SYSTEM_CONTROL : BA10F99E
21:13:25:937 3640 IRP_MJ_DEVICE_CHANGE : 804F4562
21:13:25:937 3640 IRP_MJ_QUERY_QUOTA : 804F4562
21:13:25:937 3640 IRP_MJ_SET_QUOTA : 804F4562
21:13:25:968 3640 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
21:13:25:968 3640
21:13:25:968 3640 Driver Name: Disk
21:13:25:968 3640 IRP_MJ_CREATE : BA10EBB0
21:13:25:968 3640 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:13:25:968 3640 IRP_MJ_CLOSE : BA10EBB0
21:13:25:968 3640 IRP_MJ_READ : BA108D1F
21:13:25:968 3640 IRP_MJ_WRITE : BA108D1F
21:13:25:968 3640 IRP_MJ_QUERY_INFORMATION : 804F4562
21:13:25:968 3640 IRP_MJ_SET_INFORMATION : 804F4562
21:13:25:968 3640 IRP_MJ_QUERY_EA : 804F4562
21:13:25:968 3640 IRP_MJ_SET_EA : 804F4562
21:13:25:968 3640 IRP_MJ_FLUSH_BUFFERS : BA1092E2
21:13:25:968 3640 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:13:25:968 3640 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:13:25:968 3640 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:13:25:968 3640 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:13:25:968 3640 IRP_MJ_DEVICE_CONTROL : BA1093BB
21:13:25:968 3640 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA10CF28
21:13:25:968 3640 IRP_MJ_SHUTDOWN : BA1092E2
21:13:25:968 3640 IRP_MJ_LOCK_CONTROL : 804F4562
21:13:25:968 3640 IRP_MJ_CLEANUP : 804F4562
21:13:25:968 3640 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:13:25:968 3640 IRP_MJ_QUERY_SECURITY : 804F4562
21:13:25:968 3640 IRP_MJ_SET_SECURITY : 804F4562
21:13:25:968 3640 IRP_MJ_POWER : BA10AC82
21:13:25:968 3640 IRP_MJ_SYSTEM_CONTROL : BA10F99E
21:13:25:968 3640 IRP_MJ_DEVICE_CHANGE : 804F4562
21:13:25:968 3640 IRP_MJ_QUERY_QUOTA : 804F4562
21:13:25:968 3640 IRP_MJ_SET_QUOTA : 804F4562
21:13:25:984 3640 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
21:13:25:984 3640
21:13:25:984 3640 Driver Name: atapi
21:13:25:984 3640 IRP_MJ_CREATE : B9F026F2
21:13:25:984 3640 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:13:25:984 3640 IRP_MJ_CLOSE : B9F026F2
21:13:25:984 3640 IRP_MJ_READ : 804F4562
21:13:25:984 3640 IRP_MJ_WRITE : 804F4562
21:13:25:984 3640 IRP_MJ_QUERY_INFORMATION : 804F4562
21:13:25:984 3640 IRP_MJ_SET_INFORMATION : 804F4562
21:13:25:984 3640 IRP_MJ_QUERY_EA : 804F4562
21:13:25:984 3640 IRP_MJ_SET_EA : 804F4562
21:13:25:984 3640 IRP_MJ_FLUSH_BUFFERS : 804F4562
21:13:25:984 3640 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:13:25:984 3640 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:13:25:984 3640 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:13:25:984 3640 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:13:25:984 3640 IRP_MJ_DEVICE_CONTROL : B9F02712
21:13:25:984 3640 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8B275258
21:13:25:984 3640 IRP_MJ_SHUTDOWN : 804F4562
21:13:25:984 3640 IRP_MJ_LOCK_CONTROL : 804F4562
21:13:25:984 3640 IRP_MJ_CLEANUP : 804F4562
21:13:25:984 3640 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:13:25:984 3640 IRP_MJ_QUERY_SECURITY : 804F4562
21:13:25:984 3640 IRP_MJ_SET_SECURITY : 804F4562
21:13:25:984 3640 IRP_MJ_POWER : B9F0273C
21:13:25:984 3640 IRP_MJ_SYSTEM_CONTROL : B9F09336
21:13:25:984 3640 IRP_MJ_DEVICE_CHANGE : 804F4562
21:13:25:984 3640 IRP_MJ_QUERY_QUOTA : 804F4562
21:13:25:984 3640 IRP_MJ_SET_QUOTA : 804F4562
21:13:26:062 3640 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
21:13:26:062 3640
21:13:26:062 3640 Driver Name: atapi
21:13:26:062 3640 IRP_MJ_CREATE : B9F026F2
21:13:26:062 3640 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:13:26:062 3640 IRP_MJ_CLOSE : B9F026F2
21:13:26:062 3640 IRP_MJ_READ : 804F4562
21:13:26:062 3640 IRP_MJ_WRITE : 804F4562
21:13:26:062 3640 IRP_MJ_QUERY_INFORMATION : 804F4562
21:13:26:062 3640 IRP_MJ_SET_INFORMATION : 804F4562
21:13:26:062 3640 IRP_MJ_QUERY_EA : 804F4562
21:13:26:062 3640 IRP_MJ_SET_EA : 804F4562
21:13:26:062 3640 IRP_MJ_FLUSH_BUFFERS : 804F4562
21:13:26:062 3640 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:13:26:062 3640 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:13:26:062 3640 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:13:26:062 3640 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:13:26:062 3640 IRP_MJ_DEVICE_CONTROL : B9F02712
21:13:26:062 3640 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8B275258
21:13:26:062 3640 IRP_MJ_SHUTDOWN : 804F4562
21:13:26:062 3640 IRP_MJ_LOCK_CONTROL : 804F4562
21:13:26:062 3640 IRP_MJ_CLEANUP : 804F4562
21:13:26:062 3640 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:13:26:062 3640 IRP_MJ_QUERY_SECURITY : 804F4562
21:13:26:062 3640 IRP_MJ_SET_SECURITY : 804F4562
21:13:26:062 3640 IRP_MJ_POWER : B9F0273C
21:13:26:062 3640 IRP_MJ_SYSTEM_CONTROL : B9F09336
21:13:26:062 3640 IRP_MJ_DEVICE_CHANGE : 804F4562
21:13:26:062 3640 IRP_MJ_QUERY_QUOTA : 804F4562
21:13:26:062 3640 IRP_MJ_SET_QUOTA : 804F4562
21:13:26:125 3640 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
21:13:26:125 3640
21:13:26:125 3640 Driver Name: atapi
21:13:26:125 3640 IRP_MJ_CREATE : B9F026F2
21:13:26:125 3640 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:13:26:125 3640 IRP_MJ_CLOSE : B9F026F2
21:13:26:125 3640 IRP_MJ_READ : 804F4562
21:13:26:125 3640 IRP_MJ_WRITE : 804F4562
21:13:26:125 3640 IRP_MJ_QUERY_INFORMATION : 804F4562
21:13:26:125 3640 IRP_MJ_SET_INFORMATION : 804F4562
21:13:26:125 3640 IRP_MJ_QUERY_EA : 804F4562
21:13:26:125 3640 IRP_MJ_SET_EA : 804F4562
21:13:26:125 3640 IRP_MJ_FLUSH_BUFFERS : 804F4562
21:13:26:125 3640 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:13:26:125 3640 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:13:26:125 3640 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:13:26:125 3640 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:13:26:125 3640 IRP_MJ_DEVICE_CONTROL : B9F02712
21:13:26:125 3640 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8B275258
21:13:26:125 3640 IRP_MJ_SHUTDOWN : 804F4562
21:13:26:125 3640 IRP_MJ_LOCK_CONTROL : 804F4562
21:13:26:125 3640 IRP_MJ_CLEANUP : 804F4562
21:13:26:125 3640 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:13:26:125 3640 IRP_MJ_QUERY_SECURITY : 804F4562
21:13:26:125 3640 IRP_MJ_SET_SECURITY : 804F4562
21:13:26:125 3640 IRP_MJ_POWER : B9F0273C
21:13:26:125 3640 IRP_MJ_SYSTEM_CONTROL : B9F09336
21:13:26:125 3640 IRP_MJ_DEVICE_CHANGE : 804F4562
21:13:26:125 3640 IRP_MJ_QUERY_QUOTA : 804F4562
21:13:26:125 3640 IRP_MJ_SET_QUOTA : 804F4562
21:13:26:171 3640 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
21:13:26:171 3640
21:13:26:187 3640 Completed
21:13:26:187 3640
21:13:26:187 3640 Results:
21:13:26:187 3640 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
21:13:26:187 3640 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
21:13:26:187 3640 File objects infected / cured / cured on reboot: 0 / 0 / 0
21:13:26:187 3640
21:13:26:187 3640 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
21:13:26:187 3640 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
21:13:26:187 3640 KLMD(ARK) unloaded successfully

Takže na tdl3rootkita to nevypadá. A to atapi.sys vypadá taky v pořádku, tohle je falešná detekce antiviru

. Vydržte chvilku, projdu znovu log z Gmeru

je možné, že to zasahuje i do opravné konzole: nevidí disky krom společného C: a D:, dir nefunguje na C: a D:

už ho mám, potvoru

. Vydržte, než napíšu skript. Zatím stáhněte nový combofix, držte se postupu.

Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.

***********

Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir

***********

Combofix stahněte takto:
- pravým myšítkem klikněte na odkaz combofixu --uložit jako.. ,a teď ho přejmenujte na Potvora.com a uložte.

A počkejte na další pokyny

hotovo, na stránky T-Cleaneru se nedostanu, ale stáhnu ho

Ještě prosím zatím restartujte do nouzového režimu.

Máte nainstalovanou konzolu zotavení?

ok restart dáme, Konzola zotavení? v BIOSU je Quick recovery a to nemám a do recovery console se dostanu

stav nouze práce v síti a WIn a nebo Recovery Console???

Ted běžte do stavu nouze se sítí. Já jsem se jen ptala, jestli tu recovery conzoli máte, pokud ne, až se spustí combofix, necháte ji nainstalovat.

Nemusíte, hlavně aby byl přejmenovaný a aktualizovaný combofix. Jdeme na to

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

KillAll::

Rootkit::
c:\windows\system32\drivers\TDSSpxoe.sys
c:\windows\system32\TDSSktpa.dll
c:\windows\system32\TDSSwupe.dat
c:\windows\system32\TDSSirxy.dll
c:\windows\system32\TDSSyavu.dll
c:\windows\system32\TDSSacun.dll
c:\windows\system32\TDSSqqcn.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSsahc.dll
c:\windows\system32\TDSSehys.log
c:\windows\system32\TDSSwghd.log

Driver::
TDSSserv.sys

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek

-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

už toi fičí, jen nevidím v nouzáku avast, abych vypl residentní ochrany, jak dále?

zastavím ho nějak v Task Manageru, který proces?

Ne, nechejte ho tak

tak teď se ukáže CF fičí....................... držím mu palec.........

tu poslední známou funkční konfiguraci tam chcete případně dát? Bude to na déle......... zatím fáze 4

Tu použijete pouze v případě, že počítač nebude chtít naběhnout

VIRY.CZ

Systém startuje 60minut.

Re: Systém startuje 60minut.

Re: Systém startuje 60minut.

Re: Systém startuje 60minut.

Re: Systém startuje 60minut.

Re: Systém startuje 60minut.

Re: Systém startuje 60minut.

Re: Systém startuje 60minut.

Re: Systém startuje 60minut.

Re: Systém startuje 60minut.

Re: Systém startuje 60minut.

Re: Systém startuje 60minut.

Re: Systém startuje 60minut.

Re: Systém startuje 60minut.

Re: Systém startuje 60minut.

Re: Systém startuje 60minut.