Problém z winsys.exe..... Vyřešeno

[mimi]

17:39:21:609 0616 TDSS rootkit removing tool 2.2.8 Mar 10 2010 15:53:20
17:39:21:609 0616 ================================================================================
17:39:21:609 0616 SystemInfo:

17:39:21:609 0616 OS Version: 5.1.2600 ServicePack: 3.0
17:39:21:609 0616 Product type: Workstation
17:39:21:609 0616 ComputerName: DENISKO-59BD85F
17:39:21:609 0616 UserName: Denisko a Lenka
17:39:21:609 0616 Windows directory: C:\WINDOWS
17:39:21:609 0616 Processor architecture: Intel x86
17:39:21:609 0616 Number of processors: 2
17:39:21:609 0616 Page size: 0x1000
17:39:21:609 0616 Boot type: Normal boot
17:39:21:609 0616 ================================================================================
17:39:21:609 0616 UnloadDriverW: NtUnloadDriver error 2
17:39:21:609 0616 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
17:39:21:640 0616 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
17:39:21:640 0616 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
17:39:21:640 0616 wfopen_ex: Trying to KLMD file open
17:39:21:640 0616 wfopen_ex: File opened ok (Flags 2)
17:39:21:640 0616 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
17:39:21:640 0616 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
17:39:21:640 0616 wfopen_ex: Trying to KLMD file open
17:39:21:640 0616 wfopen_ex: File opened ok (Flags 2)
17:39:21:640 0616 Initialize success
17:39:21:640 0616
17:39:21:640 0616 Scanning Services ...
17:39:21:796 0616 GetAdvancedServicesInfo: Raw services enum returned 341 services
17:39:21:796 0616
17:39:21:796 0616 Scanning Kernel memory ...
17:39:21:796 0616 Devices to scan: 2
17:39:21:796 0616
17:39:21:796 0616 Driver Name: Disk
17:39:21:796 0616 IRP_MJ_CREATE : F764DBB0
17:39:21:796 0616 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
17:39:21:796 0616 IRP_MJ_CLOSE : F764DBB0
17:39:21:796 0616 IRP_MJ_READ : F7647D1F
17:39:21:796 0616 IRP_MJ_WRITE : F7647D1F
17:39:21:796 0616 IRP_MJ_QUERY_INFORMATION : 804F9759
17:39:21:796 0616 IRP_MJ_SET_INFORMATION : 804F9759
17:39:21:796 0616 IRP_MJ_QUERY_EA : 804F9759
17:39:21:796 0616 IRP_MJ_SET_EA : 804F9759
17:39:21:796 0616 IRP_MJ_FLUSH_BUFFERS : F76482E2
17:39:21:796 0616 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
17:39:21:796 0616 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
17:39:21:796 0616 IRP_MJ_DIRECTORY_CONTROL : 804F9759
17:39:21:796 0616 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
17:39:21:796 0616 IRP_MJ_DEVICE_CONTROL : F76483BB
17:39:21:796 0616 IRP_MJ_INTERNAL_DEVICE_CONTROL : F764BF28
17:39:21:796 0616 IRP_MJ_SHUTDOWN : F76482E2
17:39:21:796 0616 IRP_MJ_LOCK_CONTROL : 804F9759
17:39:21:796 0616 IRP_MJ_CLEANUP : 804F9759
17:39:21:796 0616 IRP_MJ_CREATE_MAILSLOT : 804F9759
17:39:21:796 0616 IRP_MJ_QUERY_SECURITY : 804F9759
17:39:21:796 0616 IRP_MJ_SET_SECURITY : 804F9759
17:39:21:796 0616 IRP_MJ_POWER : F7649C82
17:39:21:796 0616 IRP_MJ_SYSTEM_CONTROL : F764E99E
17:39:21:796 0616 IRP_MJ_DEVICE_CHANGE : 804F9759
17:39:21:796 0616 IRP_MJ_QUERY_QUOTA : 804F9759
17:39:21:796 0616 IRP_MJ_SET_QUOTA : 804F9759
17:39:21:828 0616 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
17:39:21:828 0616
17:39:21:828 0616 Driver Name: atapi
17:39:21:828 0616 IRP_MJ_CREATE : F74A46F2
17:39:21:828 0616 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
17:39:21:828 0616 IRP_MJ_CLOSE : F74A46F2
17:39:21:828 0616 IRP_MJ_READ : 804F9759
17:39:21:828 0616 IRP_MJ_WRITE : 804F9759
17:39:21:828 0616 IRP_MJ_QUERY_INFORMATION : 804F9759
17:39:21:828 0616 IRP_MJ_SET_INFORMATION : 804F9759
17:39:21:828 0616 IRP_MJ_QUERY_EA : 804F9759
17:39:21:828 0616 IRP_MJ_SET_EA : 804F9759
17:39:21:828 0616 IRP_MJ_FLUSH_BUFFERS : 804F9759
17:39:21:828 0616 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
17:39:21:828 0616 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
17:39:21:828 0616 IRP_MJ_DIRECTORY_CONTROL : 804F9759
17:39:21:828 0616 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
17:39:21:828 0616 IRP_MJ_DEVICE_CONTROL : F74A4712
17:39:21:828 0616 IRP_MJ_INTERNAL_DEVICE_CONTROL : F76188B4
17:39:21:828 0616 IRP_MJ_SHUTDOWN : 804F9759
17:39:21:828 0616 IRP_MJ_LOCK_CONTROL : 804F9759
17:39:21:828 0616 IRP_MJ_CLEANUP : 804F9759
17:39:21:828 0616 IRP_MJ_CREATE_MAILSLOT : 804F9759
17:39:21:828 0616 IRP_MJ_QUERY_SECURITY : 804F9759
17:39:21:828 0616 IRP_MJ_SET_SECURITY : 804F9759
17:39:21:828 0616 IRP_MJ_POWER : F74A473C
17:39:21:828 0616 IRP_MJ_SYSTEM_CONTROL : F74AB336
17:39:21:828 0616 IRP_MJ_DEVICE_CHANGE : 804F9759
17:39:21:828 0616 IRP_MJ_QUERY_QUOTA : 804F9759
17:39:21:828 0616 IRP_MJ_SET_QUOTA : 804F9759
17:39:21:875 0616 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
17:39:21:875 0616
17:39:21:875 0616 Completed
17:39:21:875 0616
17:39:21:875 0616 Results:
17:39:21:875 0616 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
17:39:21:875 0616 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
17:39:21:875 0616 File objects infected / cured / cured on reboot: 0 / 0 / 0
17:39:21:875 0616
17:39:21:875 0616 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
17:39:21:875 0616 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
17:39:21:890 0616 KLMD(ARK) unloaded successfully

[Reklama]

[jaro3]

Mělo by to být OK.

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.

[mimi]

Ja som v podstate nemal žiadne problémy.Bolo to zavírené alebo tam boli iba nejaké zbytočnosti?Ako je možné že winsys.exe nedetekoval na Virustotal ani jeden antivírak ale iba SpywareTerminátor?

Ale inak díííík moc.Si Pašák nech sa ti darý.Ešte raz Dííík.......

[jaro3]

Nejspíše rootkit , zde je vysvětlení o tom , co je rootkit:
http://www.secit.sk/sk/content/rootkit-co-jak-proc

Díky!!
Zelenou fajfku

[mimi]

Ešte raz dík moc.....

[jaro3]

Není zač, dávám tedy fajfku.