Červi mi ničí systém
Re: Červi mi ničí systém
Log udělám, nechce se zobrazit, ale už byl i v raru, složka zabírá nyní 20giga, stále nevím kdeje :)))
-
Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: Červi mi ničí systém
Asi to je otrava, když si necháš zobrazit velikost složky po složce, určitě ji najdeš
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Re: Červi mi ničí systém
Dlouho jsem zde nebyl, omlouvám se. Otrava je když se zeptám na podrobný popis operace, které nerozumím a dostanu odpověd puberťáka :)
Každopádně děkuji za vaši trpělivost a prosím znovu o odpověď na moji otázku...
Každopádně děkuji za vaši trpělivost a prosím znovu o odpověď na moji otázku...
Re: Červi mi ničí systém
jsem vlastníkem Windows XP snad to pomůže. Opravdu jsem to zkoušel a nic...
počítač už je úplně v troskách, každopádně jestly má smysl pokračovat tak se na to podívám znovu...
počítač už je úplně v troskách, každopádně jestly má smysl pokračovat tak se na to podívám znovu...
-
Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: Červi mi ničí systém
Žbeky píše:Asi to je otrava, když si necháš zobrazit velikost složky po složce, určitě ji najdeš
To nebyla odpoved pubertaka, ale opravdu navod. Pouze s konstatovanim, ze to nebude zadna zabava.
Odesláno z mého HTC HD2 pomocí Tapatalk
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Re: Červi mi ničí systém
Omlouvám se za menší odmlku, měl jsem hodně akutních povinností, teď se odtud nehnu dokud to nedořešíme.
Děkuji za vaši trpělivost.
Děkuji za vaši trpělivost.
Re: Červi mi ničí systém
Už to běží, chyba byla samozřejmě na mojí straně...
Nevím jak dlouho to poběží, ale hned po dokončení odešlu log.
Děkuji
Nevím jak dlouho to poběží, ale hned po dokončení odešlu log.
Děkuji
Re: Červi mi ničí systém
Dobrý den, ve 12 procentech mi to našlo toto
Trojan Program:
Exploit.Win32.CVE-2010-2568.gen
Dokud jej neodstraním kontrola se nedokončí, co mám udělat?
Možnosti:
1. Quatantine(recommended)
2. Delete
3. Skip
Trojan Program:
Exploit.Win32.CVE-2010-2568.gen
Dokud jej neodstraním kontrola se nedokončí, co mám udělat?
Možnosti:
1. Quatantine(recommended)
2. Delete
3. Skip
Re: Červi mi ničí systém
Takže jsem dával první možnost (tu doporučenou a jelo to 5 hodinu 37 procent to spadlo(restartoval se pc) a taky se to tam celé promazalo(tabulka s 8-mi nalezenými problémy)
Teď to dávám od znova za 3 hodiny tu bude log...
Teď to dávám od znova za 3 hodiny tu bude log...
Re: Červi mi ničí systém
Tak jsem to udělal, ale je tam na 5 000 znaků, takže vám to pošlu po částech...
Re: Červi mi ničí systém
No těch znaků tam bylo na 1 000 000 takže to asi byl jiný log, jdu to zkoušet znovu za 3 hodiny to zde uložím...
Re: Červi mi ničí systém
Tak to je to co mi z toho zůstalo po 3, předtím to našlo cca 40 virů, neb to už nedohledám :)
Gathering system information: completed 58 minutes ago (events: 249, time: 00:02:30)
24.11.2012 19:09:30 Task started Gathering system information
24.11.2012 19:09:32 Main script of analysis
24.11.2012 19:09:33 Windows version: Microsoft Windows XP, Build=2600, SP="Service Pack 2"
24.11.2012 19:09:33 System Restore: enabled
24.11.2012 19:09:34 1.1 Searching for user-mode API hooks
24.11.2012 19:09:34 Analysis: kernel32.dll, export table found in section .text
24.11.2012 19:09:34 IAT modification detected: CreateProcessA - 00B70010<>7C802367
24.11.2012 19:09:34 IAT modification detected: GetModuleFileNameA - 00B70080<>7C80B357
24.11.2012 19:09:34 IAT modification detected: FreeLibrary - 00B700F0<>7C80AA66
24.11.2012 19:09:34 IAT modification detected: GetModuleFileNameW - 00B70160<>7C80B25D
24.11.2012 19:09:34 IAT modification detected: CreateProcessW - 00B701D0<>7C802332
24.11.2012 19:09:34 IAT modification detected: LoadLibraryW - 00B702B0<>7C80ACD3
24.11.2012 19:09:34 IAT modification detected: LoadLibraryA - 00B70320<>7C801D77
24.11.2012 19:09:34 IAT modification detected: GetProcAddress - 00B70390<>7C80AC28
24.11.2012 19:09:34 Analysis: ntdll.dll, export table found in section .text
24.11.2012 19:09:34 Analysis: user32.dll, export table found in section .text
24.11.2012 19:09:34 Analysis: advapi32.dll, export table found in section .text
24.11.2012 19:09:34 Analysis: ws2_32.dll, export table found in section .text
24.11.2012 19:09:34 Analysis: wininet.dll, export table found in section .text
24.11.2012 19:09:34 Analysis: rasapi32.dll, export table found in section .text
24.11.2012 19:09:34 Analysis: urlmon.dll, export table found in section .text
24.11.2012 19:09:34 Analysis: netapi32.dll, export table found in section .text
24.11.2012 19:09:36 1.2 Searching for kernel-mode API hooks
24.11.2012 19:09:36 Driver loaded successfully
24.11.2012 19:09:36 SDT found (RVA=0846E0)
24.11.2012 19:09:36 Kernel ntkrnlpa.exe found in memory at address 804D7000
24.11.2012 19:09:36 SDT = 8055B6E0
24.11.2012 19:09:36 KiST = 80503734 (284)
24.11.2012 19:09:36 Function NtAdjustPrivilegesToken (0B) intercepted (805EA2D2->ABD87690), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtClose (19) intercepted (805BAEB4->ABD87F94), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtConnectPort (1F) intercepted (805A2FF4->ABD88DC8), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtCreateEvent (23) intercepted (8060CD76->ABD89312), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtCreateFile (25) intercepted (80577E5E->ABD88270), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtCreateKey (29) intercepted (80622048->ABD86500), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtCreateMutant (2B) intercepted (8061548C->ABD891F8), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtCreateNamedPipeFile (2C) intercepted (80577E98->ABD8727E), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtCreatePort (2E) intercepted (805A3B10->ABD890CC), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtCreateSection (32) intercepted (805A9DEE->ABD87426), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtCreateSemaphore (33) intercepted (80612E3C->ABD89432), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtCreateThread (35) intercepted (805CF804->ABD87C1C), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtCreateWaitablePort (38) intercepted (805A3B34->ABD89162), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtDebugActiveProcess (39) intercepted (80640F36->ABD8AB1A), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtDeleteKey (3F) intercepted (806224D8->ABD86B0A), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtDeleteValueKey (41) intercepted (806226A8->ABD86EBE), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtDeviceIoControlFile (42) intercepted (80578024->ABD886F2), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtDuplicateObject (44) intercepted (805BC890->ABD8BD26), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtEnumerateKey (47) intercepted (80622888->ABD8700A), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtEnumerateValueKey (49) intercepted (80622AF2->ABD870A2), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtFsControlFile (54) intercepted (80578058->ABD88500), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtLoadDriver (61) intercepted (80582DFE->ABD8AC0C), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtLoadKey (62) intercepted (80623D78->ABD864DC), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtLoadKey2 (63) intercepted (806239C2->ABD864EE), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtMapViewOfSection (6C) intercepted (805B09CE->ABD8B374), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtNotifyChangeKey (6F) intercepted (80623D42->ABD871CE), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtOpenEvent (72) intercepted (8060CE76->ABD893A8), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtOpenFile (74) intercepted (80578F5C->ABD88016), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtOpenKey (77) intercepted (806233DE->ABD866C0), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtOpenMutant (78) intercepted (80615564->ABD89288), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtOpenProcess (7A) intercepted (805C9C46->ABD878CC), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtOpenSection (7D) intercepted (805A8E12->ABD8B10E), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtOpenSemaphore (7E) intercepted (80612F36->ABD894C8), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtOpenThread (80) intercepted (805C9ED2->ABD877BE), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtQueryKey (A0) intercepted (80623702->ABD8713A), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtQueryMultipleValueKey (A1) intercepted (80621216->ABD86D72), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtQuerySection (A7) intercepted (805B6F64->ABD8B6AE), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtQueryValueKey (B1) intercepted (80620102->ABD8699C), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtQueueApcThread (B4) intercepted (805CFA62->ABD8AFA0), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtRenameKey (C0) intercepted (80621A6E->ABD86C2C), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtReplaceKey (C1) intercepted (80623C28->ABD85F16), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtReplyPort (C2) intercepted (805A3F10->ABD8982C), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtReplyWaitReceivePort (C3) intercepted (805A4ED8->ABD896F2), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtRequestWaitReplyPort (C8) intercepted (805A179A->ABD8A8B4), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtRestoreKey (CC) intercepted (80620450->ABD8628E), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtResumeThread (CE) intercepted (805D3148->ABD8BBC8), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtSaveKey (CF) intercepted (806204F2->ABD85EAE), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtSecureConnectPort (D2) intercepted (805A2788->ABD88B0E), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtSetContextThread (D5) intercepted (805CFF26->ABD87E38), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtSetInformationToken (E6) intercepted (805F865C->ABD8A154), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtSetSecurityObject (ED) intercepted (805BE8FA->ABD8ADAA), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtSetSystemInformation (F0) intercepted (8060DB2E->ABD8B7FE), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtSetValueKey (F7) intercepted (80620708->ABD86816), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtSuspendProcess (FD) intercepted (805D3210->ABD8B8F0), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtSuspendThread (FE) intercepted (805D3082->ABD8BA2A), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtSystemDebugControl (FF) intercepted (80615EA8->ABD8AA3E), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtTerminateProcess (101) intercepted (805D1170->ABD87A68), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtTerminateThread (102) intercepted (805D136A->ABD879C8), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtUnmapViewOfSection (10B) intercepted (805B17DC->ABD8B552), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:37 Function NtWriteVirtualMemory (115) intercepted (805B2D5C->ABD87B52), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:37 >>> Function restored successfully !
24.11.2012 19:09:37 >>> Hook code blocked
24.11.2012 19:09:37 Function FsRtlCheckLockForReadAccess (804EAE40) - machine code modification Method of JmpTo. jmp ABD79FD0 \SystemRoot\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:37 >>> Function restored successfully !
24.11.2012 19:09:37 Function IoIsOperationSynchronous (804EF634) - machine code modification Method of JmpTo. jmp ABD7A3AC \SystemRoot\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:37 >>> Function restored successfully !
24.11.2012 19:09:38 Functions checked: 284, intercepted: 60, restored: 62
24.11.2012 19:09:38 1.3 Checking IDT and SYSENTER
24.11.2012 19:09:38 Analysis for CPU 1
24.11.2012 19:09:38 Analysis for CPU 2
24.11.2012 19:09:38 CmpCallCallBacks = 00092D3C
24.11.2012 19:09:38 Disable callback OK
24.11.2012 19:09:38 Checking IDT and SYSENTER - complete
24.11.2012 19:09:39 1.4 Searching for masking processes and drivers
24.11.2012 19:09:39 Checking not performed: extended monitoring driver (AVZPM) is not installed
24.11.2012 19:09:39 1.5 Checking of IRP handlers
24.11.2012 19:09:39 Driver loaded successfully
24.11.2012 19:09:39 Checking - complete
24.11.2012 19:10:33 >> Services: potentially dangerous service allowed: RemoteRegistry (Vzdálený registr)
24.11.2012 19:10:33 >> Services: potentially dangerous service allowed: TermService (Terminálová služba)
24.11.2012 19:10:33 >> Services: potentially dangerous service allowed: SSDPSRV (Služba rozpoznávání pomocí protokolu SSDP)
24.11.2012 19:10:33 >> Services: potentially dangerous service allowed: TlntSvr (Telnet)
24.11.2012 19:10:33 >> Services: potentially dangerous service allowed: Schedule (Plánovač úloh)
24.11.2012 19:10:33 >> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting - Vzdálené sdílení plochy)
24.11.2012 19:10:33 >> Services: potentially dangerous service allowed: RDSessMgr (Správce relací nápovědy ke vzdálené ploše)
24.11.2012 19:10:33 > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
24.11.2012 19:10:33 >> Security: disk drives' autorun is enabled
24.11.2012 19:10:33 >> Security: administrative shares (C$, D$ ...) are enabled
24.11.2012 19:10:34 >> Security: anonymous user access is enabled
24.11.2012 19:10:34 >> Security: sending Remote Assistant queries is enabled
24.11.2012 19:10:39 >> Disable HDD autorun
24.11.2012 19:10:40 >> Disable autorun from network drives
24.11.2012 19:10:40 >> Disable CD/DVD autorun
24.11.2012 19:10:40 >> Disable removable media autorun
24.11.2012 19:10:40 >> Windows Explorer - show extensions of known file types
24.11.2012 19:10:44 System Analysis in progress
24.11.2012 19:12:00 System Analysis - complete
24.11.2012 19:12:00 Deleting service/driver: uti3ndu1
24.11.2012 19:12:00 [microprogram of healing]> registry key deleted HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uti3ndu1
24.11.2012 19:12:00 Delete file:C:\WINDOWS\system32\Drivers\uti3ndu1.sys
24.11.2012 19:12:00 Deleting service/driver: uji3ndu1
24.11.2012 19:12:00 Main script of analysis
24.11.2012 19:12:00 Task completed Gathering system information
Gathering system information: completed 58 minutes ago (events: 249, time: 00:02:30)
24.11.2012 19:09:30 Task started Gathering system information
24.11.2012 19:09:32 Main script of analysis
24.11.2012 19:09:33 Windows version: Microsoft Windows XP, Build=2600, SP="Service Pack 2"
24.11.2012 19:09:33 System Restore: enabled
24.11.2012 19:09:34 1.1 Searching for user-mode API hooks
24.11.2012 19:09:34 Analysis: kernel32.dll, export table found in section .text
24.11.2012 19:09:34 IAT modification detected: CreateProcessA - 00B70010<>7C802367
24.11.2012 19:09:34 IAT modification detected: GetModuleFileNameA - 00B70080<>7C80B357
24.11.2012 19:09:34 IAT modification detected: FreeLibrary - 00B700F0<>7C80AA66
24.11.2012 19:09:34 IAT modification detected: GetModuleFileNameW - 00B70160<>7C80B25D
24.11.2012 19:09:34 IAT modification detected: CreateProcessW - 00B701D0<>7C802332
24.11.2012 19:09:34 IAT modification detected: LoadLibraryW - 00B702B0<>7C80ACD3
24.11.2012 19:09:34 IAT modification detected: LoadLibraryA - 00B70320<>7C801D77
24.11.2012 19:09:34 IAT modification detected: GetProcAddress - 00B70390<>7C80AC28
24.11.2012 19:09:34 Analysis: ntdll.dll, export table found in section .text
24.11.2012 19:09:34 Analysis: user32.dll, export table found in section .text
24.11.2012 19:09:34 Analysis: advapi32.dll, export table found in section .text
24.11.2012 19:09:34 Analysis: ws2_32.dll, export table found in section .text
24.11.2012 19:09:34 Analysis: wininet.dll, export table found in section .text
24.11.2012 19:09:34 Analysis: rasapi32.dll, export table found in section .text
24.11.2012 19:09:34 Analysis: urlmon.dll, export table found in section .text
24.11.2012 19:09:34 Analysis: netapi32.dll, export table found in section .text
24.11.2012 19:09:36 1.2 Searching for kernel-mode API hooks
24.11.2012 19:09:36 Driver loaded successfully
24.11.2012 19:09:36 SDT found (RVA=0846E0)
24.11.2012 19:09:36 Kernel ntkrnlpa.exe found in memory at address 804D7000
24.11.2012 19:09:36 SDT = 8055B6E0
24.11.2012 19:09:36 KiST = 80503734 (284)
24.11.2012 19:09:36 Function NtAdjustPrivilegesToken (0B) intercepted (805EA2D2->ABD87690), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtClose (19) intercepted (805BAEB4->ABD87F94), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtConnectPort (1F) intercepted (805A2FF4->ABD88DC8), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtCreateEvent (23) intercepted (8060CD76->ABD89312), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtCreateFile (25) intercepted (80577E5E->ABD88270), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtCreateKey (29) intercepted (80622048->ABD86500), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtCreateMutant (2B) intercepted (8061548C->ABD891F8), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtCreateNamedPipeFile (2C) intercepted (80577E98->ABD8727E), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtCreatePort (2E) intercepted (805A3B10->ABD890CC), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtCreateSection (32) intercepted (805A9DEE->ABD87426), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtCreateSemaphore (33) intercepted (80612E3C->ABD89432), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtCreateThread (35) intercepted (805CF804->ABD87C1C), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtCreateWaitablePort (38) intercepted (805A3B34->ABD89162), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtDebugActiveProcess (39) intercepted (80640F36->ABD8AB1A), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtDeleteKey (3F) intercepted (806224D8->ABD86B0A), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtDeleteValueKey (41) intercepted (806226A8->ABD86EBE), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtDeviceIoControlFile (42) intercepted (80578024->ABD886F2), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtDuplicateObject (44) intercepted (805BC890->ABD8BD26), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtEnumerateKey (47) intercepted (80622888->ABD8700A), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtEnumerateValueKey (49) intercepted (80622AF2->ABD870A2), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtFsControlFile (54) intercepted (80578058->ABD88500), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtLoadDriver (61) intercepted (80582DFE->ABD8AC0C), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtLoadKey (62) intercepted (80623D78->ABD864DC), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtLoadKey2 (63) intercepted (806239C2->ABD864EE), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtMapViewOfSection (6C) intercepted (805B09CE->ABD8B374), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtNotifyChangeKey (6F) intercepted (80623D42->ABD871CE), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtOpenEvent (72) intercepted (8060CE76->ABD893A8), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtOpenFile (74) intercepted (80578F5C->ABD88016), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtOpenKey (77) intercepted (806233DE->ABD866C0), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtOpenMutant (78) intercepted (80615564->ABD89288), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtOpenProcess (7A) intercepted (805C9C46->ABD878CC), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtOpenSection (7D) intercepted (805A8E12->ABD8B10E), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtOpenSemaphore (7E) intercepted (80612F36->ABD894C8), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtOpenThread (80) intercepted (805C9ED2->ABD877BE), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtQueryKey (A0) intercepted (80623702->ABD8713A), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtQueryMultipleValueKey (A1) intercepted (80621216->ABD86D72), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtQuerySection (A7) intercepted (805B6F64->ABD8B6AE), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtQueryValueKey (B1) intercepted (80620102->ABD8699C), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtQueueApcThread (B4) intercepted (805CFA62->ABD8AFA0), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtRenameKey (C0) intercepted (80621A6E->ABD86C2C), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtReplaceKey (C1) intercepted (80623C28->ABD85F16), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtReplyPort (C2) intercepted (805A3F10->ABD8982C), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtReplyWaitReceivePort (C3) intercepted (805A4ED8->ABD896F2), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtRequestWaitReplyPort (C8) intercepted (805A179A->ABD8A8B4), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtRestoreKey (CC) intercepted (80620450->ABD8628E), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtResumeThread (CE) intercepted (805D3148->ABD8BBC8), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtSaveKey (CF) intercepted (806204F2->ABD85EAE), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtSecureConnectPort (D2) intercepted (805A2788->ABD88B0E), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtSetContextThread (D5) intercepted (805CFF26->ABD87E38), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtSetInformationToken (E6) intercepted (805F865C->ABD8A154), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtSetSecurityObject (ED) intercepted (805BE8FA->ABD8ADAA), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtSetSystemInformation (F0) intercepted (8060DB2E->ABD8B7FE), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtSetValueKey (F7) intercepted (80620708->ABD86816), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtSuspendProcess (FD) intercepted (805D3210->ABD8B8F0), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtSuspendThread (FE) intercepted (805D3082->ABD8BA2A), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtSystemDebugControl (FF) intercepted (80615EA8->ABD8AA3E), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtTerminateProcess (101) intercepted (805D1170->ABD87A68), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtTerminateThread (102) intercepted (805D136A->ABD879C8), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:36 Function NtUnmapViewOfSection (10B) intercepted (805B17DC->ABD8B552), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:36 >>> Function restored successfully !
24.11.2012 19:09:36 >>> Hook code blocked
24.11.2012 19:09:37 Function NtWriteVirtualMemory (115) intercepted (805B2D5C->ABD87B52), hook C:\WINDOWS\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:37 >>> Function restored successfully !
24.11.2012 19:09:37 >>> Hook code blocked
24.11.2012 19:09:37 Function FsRtlCheckLockForReadAccess (804EAE40) - machine code modification Method of JmpTo. jmp ABD79FD0 \SystemRoot\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:37 >>> Function restored successfully !
24.11.2012 19:09:37 Function IoIsOperationSynchronous (804EF634) - machine code modification Method of JmpTo. jmp ABD7A3AC \SystemRoot\system32\DRIVERS\3654992drv.sys, driver recognized as trusted
24.11.2012 19:09:37 >>> Function restored successfully !
24.11.2012 19:09:38 Functions checked: 284, intercepted: 60, restored: 62
24.11.2012 19:09:38 1.3 Checking IDT and SYSENTER
24.11.2012 19:09:38 Analysis for CPU 1
24.11.2012 19:09:38 Analysis for CPU 2
24.11.2012 19:09:38 CmpCallCallBacks = 00092D3C
24.11.2012 19:09:38 Disable callback OK
24.11.2012 19:09:38 Checking IDT and SYSENTER - complete
24.11.2012 19:09:39 1.4 Searching for masking processes and drivers
24.11.2012 19:09:39 Checking not performed: extended monitoring driver (AVZPM) is not installed
24.11.2012 19:09:39 1.5 Checking of IRP handlers
24.11.2012 19:09:39 Driver loaded successfully
24.11.2012 19:09:39 Checking - complete
24.11.2012 19:10:33 >> Services: potentially dangerous service allowed: RemoteRegistry (Vzdálený registr)
24.11.2012 19:10:33 >> Services: potentially dangerous service allowed: TermService (Terminálová služba)
24.11.2012 19:10:33 >> Services: potentially dangerous service allowed: SSDPSRV (Služba rozpoznávání pomocí protokolu SSDP)
24.11.2012 19:10:33 >> Services: potentially dangerous service allowed: TlntSvr (Telnet)
24.11.2012 19:10:33 >> Services: potentially dangerous service allowed: Schedule (Plánovač úloh)
24.11.2012 19:10:33 >> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting - Vzdálené sdílení plochy)
24.11.2012 19:10:33 >> Services: potentially dangerous service allowed: RDSessMgr (Správce relací nápovědy ke vzdálené ploše)
24.11.2012 19:10:33 > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
24.11.2012 19:10:33 >> Security: disk drives' autorun is enabled
24.11.2012 19:10:33 >> Security: administrative shares (C$, D$ ...) are enabled
24.11.2012 19:10:34 >> Security: anonymous user access is enabled
24.11.2012 19:10:34 >> Security: sending Remote Assistant queries is enabled
24.11.2012 19:10:39 >> Disable HDD autorun
24.11.2012 19:10:40 >> Disable autorun from network drives
24.11.2012 19:10:40 >> Disable CD/DVD autorun
24.11.2012 19:10:40 >> Disable removable media autorun
24.11.2012 19:10:40 >> Windows Explorer - show extensions of known file types
24.11.2012 19:10:44 System Analysis in progress
24.11.2012 19:12:00 System Analysis - complete
24.11.2012 19:12:00 Deleting service/driver: uti3ndu1
24.11.2012 19:12:00 [microprogram of healing]> registry key deleted HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uti3ndu1
24.11.2012 19:12:00 Delete file:C:\WINDOWS\system32\Drivers\uti3ndu1.sys
24.11.2012 19:12:00 Deleting service/driver: uji3ndu1
24.11.2012 19:12:00 Main script of analysis
24.11.2012 19:12:00 Task completed Gathering system information
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 104 hostů