�� ��������� ����������:          ��쑒��-PC
�� ��:                            Microsoft Windows 7 Ultimate 
롛��� OS:                           6.1.7600 �/� ���� 7600
������������ ��:                    Microsoft Corporation
������ �����⫨� ��� DCOM:         ������⤦� ������ �����嘪
�秦� ���� ������������ ����㣘���: Multiprocessor Free
�棠��� �᫦��� ����椫��:           ��㩫��
������������⤦� ���������:         
�����ਠ����� ����椫��:             69831-640-1780577-45389
��������� ������ �����ᩫ����:     7/5/2005, 6:24:05 ��
� ���夞��� ����㣘���:            19/12/2009, 1:08:49 ��
������������ ����㣘���:            System manufacturer
����⢦ ����㣘���:                  P5K
�秦� ����㣘���:                    X86-based PC
�����������:                        ��������៞��� 1 �����������.
                                     [01]: x64 Family 6 Model 23 Stepping 6 GenuineIntel ~3017 Mhz
롛��� BIOS:                         American Megatrends Inc. 1103   , 18/6/2008
���ᢦ��� �� Windows:               C:\Windows
���ᢦ��� ����㣘���:                C:\Windows\system32
������� �������夞���:               \Device\HarddiskVolume2
������ ����婜�� ����㣘���:        el;��������
��驩� ����������妬:                en-us;������� (����� ��������)
�餞 騘�:                           (UTC+02:00) ��㤘, �������⩫�, �ऩ�������秦��
�������� ���������� ��㣞:           3.071 MB
����⩠�� ���������� ��㣞:          2.317 MB
�������� ��㣞: �⚠��� �⚜���:     6.141 MB
�������� ��㣞: ����⩠��:           5.296 MB
�������� ��㣞: �����������嫘�:     845 MB
�⩜�� ����妬 ��������垩��:        C:\pagefile.sys
���☪:                              WORKGROUP
���������� �礛����:                \\��쑒��-PC
꣜��� ��������驜��:                ��������៞��� 10 ᣜ��� ��������驜��.
                                     [01]: KB973525
                                     [02]: KB974332
                                     [03]: KB974431
                                     [04]: KB974455
                                     [05]: KB974571
                                     [06]: KB975364
                                     [07]: KB975467
                                     [08]: KB976098
                                     [09]: KB976325
                                     [10]: KB976749
�ᨫ�� ����禬:                      ��������៞��� 1 NIC(s).
                                     [01]: Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller
                                           �� �礛����: ������ �礛���
                                           �����������⤦ DHCP:    ���
                                           ���������� DHCP:     192.168.254.254
                                           �����礩��� IP
                                           [01]: 192.168.254.1
                                           [02]: fe80::8d8d:12aa:3c0d:f27
1:12:55:205	3120	ForceUnloadDriver: NtUnloadDriver error 2
1:12:55:205	3120	ForceUnloadDriver: NtUnloadDriver error 2
1:12:55:205	3120	ForceUnloadDriver: NtUnloadDriver error 2
1:12:55:236	3120	main: Driver KLMD successfully dropped
1:12:55:252	3120	main: Driver KLMD successfully loaded
1:12:55:252	3120	
Scanning	Registry ...
1:12:55:252	3120	ScanServices: Searching service UACd.sys
1:12:55:252	3120	ScanServices: Open/Create key error 2
1:12:55:252	3120	ScanServices: Searching service TDSSserv.sys
1:12:55:252	3120	ScanServices: Open/Create key error 2
1:12:55:252	3120	ScanServices: Searching service gaopdxserv.sys
1:12:55:252	3120	ScanServices: Open/Create key error 2
1:12:55:252	3120	ScanServices: Searching service gxvxcserv.sys
1:12:55:252	3120	ScanServices: Open/Create key error 2
1:12:55:252	3120	ScanServices: Searching service MSIVXserv.sys
1:12:55:252	3120	ScanServices: Open/Create key error 2
1:12:55:252	3120	UnhookRegistry: Kernel module file name: C:\Windows\system32\ntkrnlpa.exe, base addr: 82A3A000
1:12:55:267	3120	UnhookRegistry: Kernel local addr: 1580000
1:12:55:267	3120	UnhookRegistry: KeServiceDescriptorTable addr: 16E89C0
1:12:55:314	3120	UnhookRegistry: KiServiceTable addr: 15EF6F0
1:12:55:314	3120	UnhookRegistry: NtEnumerateKey service number (local): 74
1:12:55:314	3120	UnhookRegistry: NtEnumerateKey local addr: 17E5A2F
1:12:55:314	3120	KLMD_OpenDevice: Trying to open KLMD device
1:12:55:314	3120	KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey
1:12:55:314	3120	KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey
1:12:55:314	3120	KLMD_ReadMem: Trying to ReadMemory 0x82A7B2A5[0x4]
1:12:55:314	3120	UnhookRegistry: NtEnumerateKey service number (kernel): 74
1:12:55:314	3120	KLMD_ReadMem: Trying to ReadMemory 0x82AA98C0[0x4]
1:12:55:314	3120	UnhookRegistry: NtEnumerateKey real addr: 82C9FA2F
1:12:55:314	3120	UnhookRegistry: NtEnumerateKey calc addr: 82C9FA2F
1:12:55:314	3120	UnhookRegistry: No SDT hooks found on NtEnumerateKey
1:12:55:314	3120	KLMD_ReadMem: Trying to ReadMemory 0x82C9FA2F[0xA]
1:12:55:314	3120	UnhookRegistry: No splicing found on NtEnumerateKey
1:12:55:314	3120	
Scanning	Kernel memory ...
1:12:55:314	3120	KLMD_OpenDevice: Trying to open KLMD device
1:12:55:314	3120	KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk
1:12:55:314	3120	KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
1:12:55:314	3120	DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 861F2348
1:12:55:314	3120	DetectCureTDL3: KLMD_GetDeviceObjectList returned 3 DevObjects
1:12:55:314	3120	DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 861F5030
1:12:55:314	3120	KLMD_GetLowerDeviceObject: Trying to get lower device object for 861F5030
1:12:55:314	3120	DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 86160918
1:12:55:314	3120	KLMD_GetLowerDeviceObject: Trying to get lower device object for 86160918
1:12:55:314	3120	DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 86144318
1:12:55:314	3120	KLMD_GetLowerDeviceObject: Trying to get lower device object for 86144318
1:12:55:314	3120	KLMD_ReadMem: Trying to ReadMemory 0x86144318[0x38]
1:12:55:314	3120	DetectCureTDL3: DRIVER_OBJECT addr: 86114DB8
1:12:55:314	3120	KLMD_ReadMem: Trying to ReadMemory 0x86114DB8[0xA8]
1:12:55:314	3120	KLMD_ReadMem: Trying to ReadMemory 0x861131E8[0x208]
1:12:55:314	3120	DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
1:12:55:314	3120	DetectCureTDL3: IrpHandler (0) addr: 8537E1F8
1:12:55:314	3120	DetectCureTDL3: IrpHandler (1) addr: 82AEB437
1:12:55:314	3120	DetectCureTDL3: IrpHandler (2) addr: 8537E1F8
1:12:55:314	3120	DetectCureTDL3: IrpHandler (3) addr: 82AEB437
1:12:55:314	3120	DetectCureTDL3: IrpHandler (4) addr: 82AEB437
1:12:55:314	3120	DetectCureTDL3: IrpHandler (5) addr: 82AEB437
1:12:55:314	3120	DetectCureTDL3: IrpHandler (6) addr: 82AEB437
1:12:55:314	3120	DetectCureTDL3: IrpHandler (7) addr: 82AEB437
1:12:55:314	3120	DetectCureTDL3: IrpHandler (8) addr: 82AEB437
1:12:55:314	3120	DetectCureTDL3: IrpHandler (9) addr: 82AEB437
1:12:55:314	3120	DetectCureTDL3: IrpHandler (10) addr: 82AEB437
1:12:55:314	3120	DetectCureTDL3: IrpHandler (11) addr: 82AEB437
1:12:55:314	3120	DetectCureTDL3: IrpHandler (12) addr: 82AEB437
1:12:55:314	3120	DetectCureTDL3: IrpHandler (13) addr: 82AEB437
1:12:55:314	3120	DetectCureTDL3: IrpHandler (14) addr: 8B2A547C
1:12:55:314	3120	DetectCureTDL3: IrpHandler (15) addr: 8537E1F8
1:12:55:314	3120	DetectCureTDL3: IrpHandler (16) addr: 82AEB437
1:12:55:314	3120	DetectCureTDL3: IrpHandler (17) addr: 82AEB437
1:12:55:314	3120	DetectCureTDL3: IrpHandler (18) addr: 82AEB437
1:12:55:314	3120	DetectCureTDL3: IrpHandler (19) addr: 82AEB437
1:12:55:314	3120	DetectCureTDL3: IrpHandler (20) addr: 82AEB437
1:12:55:314	3120	DetectCureTDL3: IrpHandler (21) addr: 82AEB437
1:12:55:314	3120	DetectCureTDL3: IrpHandler (22) addr: 8537E1F8
1:12:55:314	3120	DetectCureTDL3: IrpHandler (23) addr: 8537E1F8
1:12:55:314	3120	DetectCureTDL3: IrpHandler (24) addr: 82AEB437
1:12:55:314	3120	DetectCureTDL3: IrpHandler (25) addr: 82AEB437
1:12:55:314	3120	DetectCureTDL3: IrpHandler (26) addr: 82AEB437
1:12:55:314	3120	KLMD_ReadMem: Trying to ReadMemory 0x861184BF[0x400]
1:12:55:314	3120	TDL3_StartIoHookDetect: CheckParameters: 7, FFDF0308, 334, 1
1:12:55:314	3120	Driver "atapi" StartIo handler infected by TDSS rootkit ... 1:12:55:314	3120	TDL3_StartIoHookCure: Number of patches 1
1:12:55:314	3120	KLMD_WriteMem: Trying to WriteMemory 0x861185B6[0x6]
1:12:55:314	3120	cured
1:12:55:314	3120	TDL3_FileDetect: Processing driver: atapi
1:12:55:314	3120	TDL3_FileDetect: Parameters: C:\Windows\system32\drivers\atapi.sys, C:\Windows\system32\Drivers\tsk_atapi.sys, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\tsk_atapi.sys
1:12:55:314	3120	TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\atapi.sys
1:12:55:314	3120	KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\atapi.sys
1:12:55:330	3120	DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 861F4AC8
1:12:55:330	3120	KLMD_GetLowerDeviceObject: Trying to get lower device object for 861F4AC8
1:12:55:330	3120	DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 86084918
1:12:55:330	3120	KLMD_GetLowerDeviceObject: Trying to get lower device object for 86084918
1:12:55:330	3120	DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 86089908
1:12:55:330	3120	KLMD_GetLowerDeviceObject: Trying to get lower device object for 86089908
1:12:55:330	3120	KLMD_ReadMem: Trying to ReadMemory 0x86089908[0x38]
1:12:55:330	3120	DetectCureTDL3: DRIVER_OBJECT addr: 860ACB18
1:12:55:330	3120	KLMD_ReadMem: Trying to ReadMemory 0x860ACB18[0xA8]
1:12:55:330	3120	KLMD_ReadMem: Trying to ReadMemory 0x853B8908[0x38]
1:12:55:330	3120	KLMD_ReadMem: Trying to ReadMemory 0x86114DB8[0xA8]
1:12:55:330	3120	KLMD_ReadMem: Trying to ReadMemory 0x861131E8[0x208]
1:12:55:330	3120	DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
1:12:55:330	3120	DetectCureTDL3: IrpHandler (0) addr: 86118618
1:12:55:330	3120	DetectCureTDL3: IrpHandler (1) addr: 86118618
1:12:55:330	3120	DetectCureTDL3: IrpHandler (2) addr: 86118618
1:12:55:330	3120	DetectCureTDL3: IrpHandler (3) addr: 86118618
1:12:55:330	3120	DetectCureTDL3: IrpHandler (4) addr: 86118618
1:12:55:330	3120	DetectCureTDL3: IrpHandler (5) addr: 86118618
1:12:55:330	3120	DetectCureTDL3: IrpHandler (6) addr: 86118618
1:12:55:330	3120	DetectCureTDL3: IrpHandler (7) addr: 86118618
1:12:55:330	3120	DetectCureTDL3: IrpHandler (8) addr: 86118618
1:12:55:330	3120	DetectCureTDL3: IrpHandler (9) addr: 86118618
1:12:55:330	3120	DetectCureTDL3: IrpHandler (10) addr: 86118618
1:12:55:330	3120	DetectCureTDL3: IrpHandler (11) addr: 86118618
1:12:55:330	3120	DetectCureTDL3: IrpHandler (12) addr: 86118618
1:12:55:330	3120	DetectCureTDL3: IrpHandler (13) addr: 86118618
1:12:55:330	3120	DetectCureTDL3: IrpHandler (14) addr: 86118618
1:12:55:330	3120	DetectCureTDL3: IrpHandler (15) addr: 86118618
1:12:55:330	3120	DetectCureTDL3: IrpHandler (16) addr: 86118618
1:12:55:330	3120	DetectCureTDL3: IrpHandler (17) addr: 86118618
1:12:55:330	3120	DetectCureTDL3: IrpHandler (18) addr: 86118618
1:12:55:330	3120	DetectCureTDL3: IrpHandler (19) addr: 86118618
1:12:55:330	3120	DetectCureTDL3: IrpHandler (20) addr: 86118618
1:12:55:330	3120	DetectCureTDL3: IrpHandler (21) addr: 86118618
1:12:55:330	3120	DetectCureTDL3: IrpHandler (22) addr: 86118618
1:12:55:330	3120	DetectCureTDL3: IrpHandler (23) addr: 86118618
1:12:55:330	3120	DetectCureTDL3: IrpHandler (24) addr: 86118618
1:12:55:330	3120	DetectCureTDL3: IrpHandler (25) addr: 86118618
1:12:55:330	3120	DetectCureTDL3: IrpHandler (26) addr: 86118618
1:12:55:330	3120	DetectCureTDL3: All IRP handlers pointed to one addr: 86118618
1:12:55:330	3120	KLMD_ReadMem: Trying to ReadMemory 0x86118618[0x400]
1:12:55:330	3120	TDL3_IrpHookDetect: CheckParameters: 4, FFDF0308, 313, 101, 3, 89
1:12:55:330	3120	Driver "atapi" Irp handler infected by TDSS rootkit ... 1:12:55:330	3120	KLMD_WriteMem: Trying to WriteMemory 0x8611867D[0xD]
1:12:55:330	3120	cured
1:12:55:330	3120	KLMD_ReadMem: Trying to ReadMemory 0x861184BF[0x400]
1:12:55:330	3120	TDL3_StartIoHookDetect: CheckParameters: 7, FFDF0308, 334, 0
1:12:55:330	3120	TDL3_FileDetect: Processing driver: atapi
1:12:55:330	3120	TDL3_FileDetect: Parameters: C:\Windows\system32\drivers\atapi.sys, C:\Windows\system32\Drivers\tsk_atapi.sys, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\tsk_atapi.sys
1:12:55:330	3120	TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\atapi.sys
1:12:55:330	3120	KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\atapi.sys
1:12:55:330	3120	File C:\Windows\system32\drivers\atapi.sys infected by TDSS rootkit ... 1:12:55:330	3120	TDL3_FileCure: Processing driver file: C:\Windows\system32\drivers\atapi.sys
1:12:55:330	3120	KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\atapi.sys
1:12:55:330	3120	TDL3_FileCure: Dumping cured buffer to file C:\Windows\system32\Drivers\tsk_atapi.sys
1:12:55:377	3120	TDL3_FileCure: Image path (system32\Drivers\tsk_atapi.sys) was set for service (SYSTEM\CurrentControlSet\Services\atapi)
1:12:55:377	3120	TDL3_FileCure: KLMD_PendCopyFileW (C:\Windows\system32\Drivers\tsk_atapi.sys, C:\Windows\system32\drivers\atapi.sys) success
1:12:55:377	3120	will be cured on next reboot
1:12:55:377	3120	DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 861F3580
1:12:55:377	3120	KLMD_GetLowerDeviceObject: Trying to get lower device object for 861F3580
1:12:55:377	3120	DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 86102918
1:12:55:377	3120	KLMD_GetLowerDeviceObject: Trying to get lower device object for 86102918
1:12:55:377	3120	DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 86096908
1:12:55:377	3120	KLMD_GetLowerDeviceObject: Trying to get lower device object for 86096908
1:12:55:377	3120	KLMD_ReadMem: Trying to ReadMemory 0x86096908[0x38]
1:12:55:377	3120	DetectCureTDL3: DRIVER_OBJECT addr: 86114DB8
1:12:55:377	3120	KLMD_ReadMem: Trying to ReadMemory 0x86114DB8[0xA8]
1:12:55:377	3120	KLMD_ReadMem: Trying to ReadMemory 0x861131E8[0x208]
1:12:55:377	3120	DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
1:12:55:377	3120	DetectCureTDL3: IrpHandler (0) addr: 8537E1F8
1:12:55:377	3120	DetectCureTDL3: IrpHandler (1) addr: 82AEB437
1:12:55:377	3120	DetectCureTDL3: IrpHandler (2) addr: 8537E1F8
1:12:55:377	3120	DetectCureTDL3: IrpHandler (3) addr: 82AEB437
1:12:55:377	3120	DetectCureTDL3: IrpHandler (4) addr: 82AEB437
1:12:55:377	3120	DetectCureTDL3: IrpHandler (5) addr: 82AEB437
1:12:55:377	3120	DetectCureTDL3: IrpHandler (6) addr: 82AEB437
1:12:55:377	3120	DetectCureTDL3: IrpHandler (7) addr: 82AEB437
1:12:55:377	3120	DetectCureTDL3: IrpHandler (8) addr: 82AEB437
1:12:55:377	3120	DetectCureTDL3: IrpHandler (9) addr: 82AEB437
1:12:55:377	3120	DetectCureTDL3: IrpHandler (10) addr: 82AEB437
1:12:55:377	3120	DetectCureTDL3: IrpHandler (11) addr: 82AEB437
1:12:55:377	3120	DetectCureTDL3: IrpHandler (12) addr: 82AEB437
1:12:55:377	3120	DetectCureTDL3: IrpHandler (13) addr: 82AEB437
1:12:55:377	3120	DetectCureTDL3: IrpHandler (14) addr: 8B2A547C
1:12:55:377	3120	DetectCureTDL3: IrpHandler (15) addr: 8537E1F8
1:12:55:377	3120	DetectCureTDL3: IrpHandler (16) addr: 82AEB437
1:12:55:377	3120	DetectCureTDL3: IrpHandler (17) addr: 82AEB437
1:12:55:377	3120	DetectCureTDL3: IrpHandler (18) addr: 82AEB437
1:12:55:377	3120	DetectCureTDL3: IrpHandler (19) addr: 82AEB437
1:12:55:377	3120	DetectCureTDL3: IrpHandler (20) addr: 82AEB437
1:12:55:377	3120	DetectCureTDL3: IrpHandler (21) addr: 82AEB437
1:12:55:377	3120	DetectCureTDL3: IrpHandler (22) addr: 8537E1F8
1:12:55:377	3120	DetectCureTDL3: IrpHandler (23) addr: 8537E1F8
1:12:55:377	3120	DetectCureTDL3: IrpHandler (24) addr: 82AEB437
1:12:55:377	3120	DetectCureTDL3: IrpHandler (25) addr: 82AEB437
1:12:55:377	3120	DetectCureTDL3: IrpHandler (26) addr: 82AEB437
1:12:55:377	3120	KLMD_ReadMem: Trying to ReadMemory 0x861184BF[0x400]
1:12:55:377	3120	TDL3_StartIoHookDetect: CheckParameters: 7, FFDF0308, 334, 0
1:12:55:377	3120	TDL3_FileDetect: Processing driver: atapi
1:12:55:377	3120	TDL3_FileDetect: Parameters: C:\Windows\system32\drivers\tsk_atapi.sys, C:\Windows\system32\Drivers\tsk_tsk_atapi.sys, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\tsk_tsk_atapi.sys
1:12:55:377	3120	TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\tsk_atapi.sys
1:12:55:377	3120	KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\tsk_atapi.sys
1:12:55:377	3120	
Completed

Results:
1:12:55:377	3120	Infected objects in memory:			2
1:12:55:377	3120	Cured objects in memory:			2
1:12:55:377	3120	Infected objects on disk:			1
1:12:55:377	3120	Objects on disk cured on reboot:		1
1:12:55:377	3120	Objects on disk deleted on reboot:		0
1:12:55:377	3120	Registry nodes deleted on reboot:		0
1:12:55:377	3120