Virus v MBR hard disku. Vyřešeno

[wasaw]

Zdravím vespolek.
Tak sem lezl kam sem neměl a a mám vir v MBR.
Na noťasu HP mám dva OS WinXP a Win7 oba legál. Když spustím XP najede bootovací obrazovka a po 2s naskočí modrá smrt s oznámením-viz odkaz pic z mobilu ( http://img7.imgup.eu/DSC00418.JPG ).
Win7 jede ok. Udělal sem kompletní scan (ESS4,SuperAntispyware,Spybot) i kontolu chyb disku a vše je čisté.
Při spuštěném Win7 si otevřu disk C kde je XP a normálně spustím programy tam uložené. Tak jsem si udělal zálohu ale reinstal XP je zbytečný páč si myslím že vir v MBR zůstane.
Mám i Hiren's BootCD 10.0 ale nějak se mi to nedaří s ním opravit.
Poradí někdo co stím?

[Reklama]

[alenka_v_říši_divů]

Technická : jak si došel k tomu,že jde o vir?
Nešachoval si nějak s HW? HDD i ostatní komponenty sou furt na svým místě?

[X]

Tak to je hezký. Pomůže jen kompletní pomalý formát. Pokud se jedná o vir MBR sektoru, což je dnes veliká vzácnost, možná je to hardwarová závada, harddisk?

[memphisto]

Taky bych to viděl spíše na závadu disku než na vir v MBR.Ten už se opravdu nevidí. TADY máš o tom článek přímo od MS a to včetně řešení. Dočteš se tam, že to může být hardwarového, softwarového či virového původu, ale ten vir bych předem zavrhnul

[wasaw]

TO>alenka_v_říši_divů : vylučovací metodou..vše je naprosto ok jen při boot XP nenajedou..do HW sem nevrtal a disk je v pořádku - mám jej rozdělený na 3 oddíly: na C/XP D/Recovery XP F/W7..do všech složek na C/ se dostanu nebo spustím
TO>X: mno formátovat se mi to zatím nechce páč to je áž to poslední..
TO>memphisto : myslím že to není diskem..doktor disku píše že je ok..
..myslíte že by tomu pomohlo flasch biosu a nebo odstranění a znovu vytvoření oddílu C/ a nováinstalace XP?

[memphisto]

Nová instalace řeší většinu problémů,ale je v tomto případě opravdu nutná? Mrkni na ty možná řešení a něco vyzkoušej. Novou instalaci a flash BIOSu bych volil až jako poslední možnost

[wasaw]

TO>memphisto:..jj díky už to pročítám

[pitimir]

V prvom rade...co tak vylucit ten MBR rootkit?

Pozor, ani zdaleka nejde o zastaralu vzacnost. V poslednej dobe je zase narast pripadov tohto druhu rootkitov (v dosledku toho bol implementovany anti-MBR-rootkit nastroj aj do samotneho ComboFixu). Pred par mesiacmi taktiez prisla nova generacia, ktora bola "neviditelna" pre vacsinu vtedy pouzivanych utlilit. No a co som tym chcel povedat? Ze smejd je vo vyvine a nikde nie je vylucene, ze o par dni tu moze vypunkut doslova epidemia :)

Ak mas zaujem...
Stiahni RootRepeal. Spustis program, kliknes na "Report" -> "Scan" a zafajknes vsetky polozky. Stlac "OK" a spusti sa scan. Po jeho dokonceni klik na "Save Report" a vzniknuty log skopiruj sem.

[wasaw]

TO>pitimir :..souhlasím..jdu na ten log
EDIT: mám udělat scan jen discu C ze kterého nejde spustit XP nebo všech disků?
EDIT2:..tak problém ve Win7 to nejde..sice to nainstaluju a spustím ale scan to neprovede páč to píše chybu http://img1.imgup.eu/Bez_nazvuxqw.png ..není kompatibilní s W7

[pitimir]

Tym padom nam ostali posledne dva naboje...skusime jeden z nich:

Stiahni si RootkitUnhooker. Vypni vsetky spustene aplikacie, extrahuj a spust. Prebehne instalacia (odporucam nic neprestavovat), po nej spust nahodne pomenovany subor (napr. gj8Wtng3Ja01Cj6An.exe) nachadzajuci sa v mieste instalacie. Klikni na "Report" -> "Scan", nechaj vsetko zaskrtnute a klik na "OK". Postupuj podla instrukcii. Zacne sa scan, po jeho skonceni klikni na "File" -> "Save Report". Ulozeny report sem skopiruj.

[wasaw]

TO>pitimir: ..tak sem z5, byl sem pracovně mimo..Log jsem udělal ve Win7 (disk F) a XP které se nerozjedou jsou na disku C..

RkUnhooker report generator v0.7
==============================================
Rootkit Unhooker kernel version: 3.8.380.580
==============================================
Windows Major Version: 6
Windows Minor Version: 1
Windows Build Number: 7600
==============================================
>SSDT State
==============================================
>Shadow
==============================================
>Processes
Process: F:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
Process Id: 112
EPROCESS Address: 0x8682F310

Process: F:\Windows\System32\smss.exe
Process Id: 300
EPROCESS Address: 0x850BD320

Process: F:\Users\Radim\Desktop\MustBeRandomlyNamed\en05aEE5342ixb.exe
Process Id: 396
EPROCESS Address: 0x84A28030

Process: F:\Windows\System32\csrss.exe
Process Id: 540
EPROCESS Address: 0x862DFA68

Process: F:\Windows\System32\csrss.exe
Process Id: 580
EPROCESS Address: 0x86383030

Process: F:\Windows\System32\wininit.exe
Process Id: 588
EPROCESS Address: 0x86388D40

Process: F:\Windows\System32\winlogon.exe
Process Id: 644
EPROCESS Address: 0x863C4030

Process: F:\Windows\System32\services.exe
Process Id: 680
EPROCESS Address: 0x8638ABB0

Process: F:\Windows\System32\lsass.exe
Process Id: 696
EPROCESS Address: 0x864D1030

Process: F:\Windows\System32\lsm.exe
Process Id: 704
EPROCESS Address: 0x864CA030

Process: F:\Windows\System32\svchost.exe
Process Id: 804
EPROCESS Address: 0x862CC030

Process: F:\Windows\System32\svchost.exe
Process Id: 876
EPROCESS Address: 0x86593C18

Process: F:\Windows\System32\drivers\XAudio.exe
Process Id: 892
EPROCESS Address: 0x86786030

Process: F:\Program Files\Microsoft Security Essentials\MsMpEng.exe
Process Id: 940
EPROCESS Address: 0x865A4A18

Process: F:\Windows\System32\svchost.exe
Process Id: 1040
EPROCESS Address: 0x862048F0

Process: F:\Windows\System32\svchost.exe
Process Id: 1100
EPROCESS Address: 0x865EA8D8

Process: F:\Windows\System32\svchost.exe
Process Id: 1168
EPROCESS Address: 0x86640690

Process: F:\Windows\System32\svchost.exe
Process Id: 1312
EPROCESS Address: 0x865C61D8

Process: F:\Program Files\Synaptics\SynTP\SynTPHelper.exe
Process Id: 1348
EPROCESS Address: 0x850E33B0

Process: F:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
Process Id: 1408
EPROCESS Address: 0x866EDC88

Process: F:\Windows\System32\svchost.exe
Process Id: 1496
EPROCESS Address: 0x850353F0

Process: F:\Windows\System32\wlanext.exe
Process Id: 1576
EPROCESS Address: 0x866A5748

Process: F:\Windows\System32\conhost.exe
Process Id: 1588
EPROCESS Address: 0x866ABD40

Process: F:\Windows\System32\spoolsv.exe
Process Id: 1664
EPROCESS Address: 0x866D5318

Process: F:\Windows\System32\svchost.exe
Process Id: 1704
EPROCESS Address: 0x86730530

Process: F:\Program Files\Intel\WiFi\bin\EvtEng.exe
Process Id: 1816
EPROCESS Address: 0x867B2D40

Process: F:\Windows\System32\svchost.exe
Process Id: 1908
EPROCESS Address: 0x867E8D40

Process: F:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
Process Id: 2008
EPROCESS Address: 0x8682C768

Process: F:\Program Files\Microsoft Security Essentials\msseces.exe
Process Id: 2080
EPROCESS Address: 0x84316A58

Process: F:\Windows\System32\wbem\unsecapp.exe
Process Id: 2084
EPROCESS Address: 0x8601D508

Process: F:\Windows\System32\igfxsrvc.exe
Process Id: 2188
EPROCESS Address: 0x84359380

Process: F:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Process Id: 2284
EPROCESS Address: 0x84331030

Process: F:\Windows\System32\wbem\WmiPrvSE.exe
Process Id: 2328
EPROCESS Address: 0x8679F530

Process: F:\Windows\System32\SearchIndexer.exe
Process Id: 2824
EPROCESS Address: 0x8627C030

Process: F:\Windows\System32\taskhost.exe
Process Id: 3876
EPROCESS Address: 0x86755150

Process: F:\Windows\System32\dwm.exe
Process Id: 3924
EPROCESS Address: 0x86700A88

Process: F:\Windows\explorer.exe
Process Id: 3932
EPROCESS Address: 0x84AD7D40

Process: F:\Windows\System32\igfxtray.exe
Process Id: 4060
EPROCESS Address: 0x8431C8F0

Process: F:\Windows\System32\hkcmd.exe
Process Id: 4080
EPROCESS Address: 0x8601F340

Process: F:\Windows\System32\igfxpers.exe
Process Id: 4088
EPROCESS Address: 0x84FEFAB0

Process: System
Process Id: 4
EPROCESS Address: 0x84229020

Process: F:\Windows\System32\audiodg.exe
Process Id: 3056
EPROCESS Address: 0x843D7030

==============================================
>Drivers
Driver: F:\Windows\system32\DRIVERS\netw5v32.sys
Address: 0x8D23B000
Size: 6041600 bytes

Driver: F:\Windows\system32\DRIVERS\igdkmd32.sys
Address: 0x8C427000
Size: 5230592 bytes

Driver: F:\Windows\system32\ntkrnlpa.exe
Address: 0x82E0C000
Size: 4259840 bytes

Driver: PnpManager
Address: 0x82E0C000
Size: 4259840 bytes

Driver: RAW
Address: 0x82E0C000
Size: 4259840 bytes

Driver: WMIxWDM
Address: 0x82E0C000
Size: 4259840 bytes

Driver: Win32k
Address: 0x8F150000
Size: 2400256 bytes

Driver: F:\Windows\System32\win32k.sys
Address: 0x8F150000
Size: 2400256 bytes

Driver: F:\Windows\System32\drivers\tcpip.sys
Address: 0x8721A000
Size: 1347584 bytes

Driver: F:\Windows\System32\Drivers\Ntfs.sys
Address: 0x86E03000
Size: 1241088 bytes

Driver: F:\Windows\system32\DRIVERS\HSX_DPV.sys
Address: 0x8CCC3000
Size: 1060864 bytes

Driver: F:\Windows\System32\drivers\dxgkrnl.sys
Address: 0x8C924000
Size: 749568 bytes

Driver: F:\Windows\system32\drivers\ndis.sys
Address: 0x8703F000
Size: 749568 bytes

Driver: F:\Windows\system32\DRIVERS\HSX_CNXT.sys
Address: 0x8CE2F000
Size: 741376 bytes

Driver: F:\Windows\system32\CI.dll
Address: 0x86AFC000
Size: 700416 bytes

Driver: F:\Windows\system32\drivers\peauth.sys
Address: 0xA5804000
Size: 618496 bytes

Driver: F:\Windows\system32\drivers\HTTP.sys
Address: 0xA186E000
Size: 544768 bytes

Driver: F:\Windows\system32\mcupdate_GenuineIntel.dll
Address: 0x86A29000
Size: 491520 bytes

Driver: F:\Windows\system32\drivers\Wdf01000.sys
Address: 0x86C0D000
Size: 462848 bytes

Driver: F:\Windows\system32\drivers\csc.sys
Address: 0x8B238000
Size: 409600 bytes

Driver: F:\Windows\System32\Drivers\cng.sys
Address: 0x86F70000
Size: 380928 bytes

Driver: F:\Windows\system32\drivers\afd.sys
Address: 0x8BAAD000
Size: 368640 bytes

Driver: F:\Windows\system32\DRIVERS\rixdptsk.sys
Address: 0x8CA1D000
Size: 331776 bytes

Driver: F:\Windows\System32\DRIVERS\srv.sys
Address: 0xA592A000
Size: 331776 bytes

Driver: F:\Windows\System32\DRIVERS\srv2.sys
Address: 0xA58DB000
Size: 323584 bytes

Driver: F:\Windows\system32\DRIVERS\USBPORT.SYS
Address: 0x8B33B000
Size: 307200 bytes

Driver: F:\Windows\System32\drivers\volmgrx.sys
Address: 0x86D4E000
Size: 307200 bytes

Driver: F:\Windows\system32\DRIVERS\ACPI.sys
Address: 0x86C8C000
Size: 294912 bytes

Driver: F:\Windows\system32\DRIVERS\nwifi.sys
Address: 0xA1805000
Size: 286720 bytes

Driver: F:\Windows\system32\DRIVERS\usbhub.sys
Address: 0x8B3B2000
Size: 278528 bytes

Driver: F:\Windows\system32\CLFS.SYS
Address: 0x86ABA000
Size: 270336 bytes

Driver: F:\Windows\system32\DRIVERS\rdbss.sys
Address: 0x8BBBB000
Size: 266240 bytes

Driver: F:\Windows\system32\DRIVERS\volsnap.sys
Address: 0x8739D000
Size: 258048 bytes

Driver: F:\Windows\system32\DRIVERS\HSXHWAZL.sys
Address: 0x8CC85000
Size: 253952 bytes

Driver: F:\Windows\system32\drivers\NETIO.SYS
Address: 0x870F6000
Size: 253952 bytes

Driver: F:\Windows\system32\DRIVERS\mrxsmb10.sys
Address: 0xA1941000
Size: 241664 bytes

Driver: F:\Windows\System32\drivers\dxgmms1.sys
Address: 0x8B302000
Size: 233472 bytes

Driver: ACPI_HAL
Address: 0x8321C000
Size: 225280 bytes

Driver: F:\Windows\system32\halmacpi.dll
Address: 0x8321C000
Size: 225280 bytes

Driver: F:\Windows\system32\drivers\fltmgr.sys
Address: 0x86BA7000
Size: 212992 bytes

Driver: F:\Windows\system32\DRIVERS\ks.sys
Address: 0x8CBCC000
Size: 212992 bytes

Driver: F:\Windows\System32\DRIVERS\fvevol.sys
Address: 0x871A6000
Size: 204800 bytes

Driver: F:\Windows\System32\DRIVERS\netbt.sys
Address: 0x8BB07000
Size: 204800 bytes

Driver: F:\Windows\system32\drivers\CHDRT32.sys
Address: 0x8B200000
Size: 200704 bytes

Driver: F:\Windows\System32\drivers\fwpkclnt.sys
Address: 0x87363000
Size: 200704 bytes

Driver: F:\Windows\system32\DRIVERS\SynTP.sys
Address: 0x8CAD7000
Size: 196608 bytes

Driver: F:\Windows\system32\drivers\portcls.sys
Address: 0x8CC3D000
Size: 192512 bytes

Driver: F:\Windows\System32\drivers\rdyboost.sys
Address: 0x87179000
Size: 184320 bytes

Driver: F:\Windows\system32\DRIVERS\1394ohci.sys
Address: 0x8B386000
Size: 180224 bytes

Driver: F:\Windows\System32\Drivers\msrpc.sys
Address: 0x86F32000
Size: 176128 bytes

Driver: F:\Windows\System32\Drivers\fastfat.SYS
Address: 0x8CF08000
Size: 172032 bytes

Driver: F:\Windows\system32\DRIVERS\pci.sys
Address: 0x86CE5000
Size: 172032 bytes

Driver: F:\Windows\system32\DRIVERS\e100b325.sys
Address: 0x8CA6E000
Size: 159744 bytes

Driver: F:\Windows\system32\DRIVERS\CLASSPNP.SYS
Address: 0x871D8000
Size: 151552 bytes

Driver: F:\Windows\System32\Drivers\ksecpkg.sys
Address: 0x87134000
Size: 151552 bytes

Driver: C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Address: 0x8BB90000
Size: 151552 bytes

Driver: F:\Windows\system32\DRIVERS\ataport.SYS
Address: 0x86DCD000
Size: 143360 bytes

Driver: F:\Windows\system32\DRIVERS\mrxsmb.sys
Address: 0xA191E000
Size: 143360 bytes

Driver: F:\Windows\system32\DRIVERS\MpFilter.sys
Address: 0x86A00000
Size: 139264 bytes

Driver: F:\Windows\system32\DRIVERS\ndiswan.sys
Address: 0x8CB58000
Size: 139264 bytes

Driver: F:\Windows\System32\DRIVERS\srvnet.sys
Address: 0xA58A5000
Size: 135168 bytes

Driver: F:\Windows\system32\DRIVERS\tunnel.sys
Address: 0x8B2C2000
Size: 135168 bytes

Driver: F:\Windows\System32\drivers\VIDEOPRT.SYS
Address: 0x8BA2C000
Size: 135168 bytes

Driver: F:\Windows\system32\DRIVERS\snman380.sys
Address: 0x87159000
Size: 131072 bytes

Driver: F:\Windows\system32\DRIVERS\cdrom.sys
Address: 0x87000000
Size: 126976 bytes

Driver: F:\Windows\system32\DRIVERS\HDAudBus.sys
Address: 0x8C9DB000
Size: 126976 bytes

Driver: F:\Windows\system32\DRIVERS\pacer.sys
Address: 0x8BB40000
Size: 126976 bytes

Driver: F:\Windows\System32\cdd.dll
Address: 0x8F3E0000
Size: 122880 bytes

Driver: F:\Windows\system32\drivers\luafv.sys
Address: 0x8CF7A000
Size: 110592 bytes

Driver: F:\Windows\system32\DRIVERS\mrxsmb20.sys
Address: 0xA197C000
Size: 110592 bytes

Driver: F:\Windows\system32\drivers\WudfPf.sys
Address: 0x8CF95000
Size: 106496 bytes

Driver: F:\Windows\system32\DRIVERS\bowser.sys
Address: 0xA18F3000
Size: 102400 bytes

Driver: F:\Windows\system32\drivers\drmk.sys
Address: 0x8CC6C000
Size: 102400 bytes

Driver: F:\Windows\system32\DRIVERS\sdbus.sys
Address: 0x8D21A000
Size: 102400 bytes

Driver: F:\Windows\System32\Drivers\dfsc.sys
Address: 0x8B29C000
Size: 98304 bytes

Driver: F:\Windows\system32\DRIVERS\i8042prt.sys
Address: 0x8CAB2000
Size: 98304 bytes

Driver: F:\Windows\system32\DRIVERS\rasl2tp.sys
Address: 0x8CB35000
Size: 98304 bytes

Driver: F:\Windows\system32\DRIVERS\raspppoe.sys
Address: 0x8CB7A000
Size: 98304 bytes

Driver: F:\Windows\system32\DRIVERS\raspptp.sys
Address: 0x8CB92000
Size: 94208 bytes

Driver: F:\Windows\system32\DRIVERS\rassstp.sys
Address: 0x8CBA9000
Size: 94208 bytes

Driver: F:\Windows\system32\DRIVERS\tdx.sys
Address: 0x8BA8B000
Size: 94208 bytes

Driver: F:\Windows\system32\DRIVERS\USBSTOR.SYS
Address: 0x8CEF1000
Size: 94208 bytes

Driver: F:\Windows\System32\drivers\mountmgr.sys
Address: 0x86DAE000
Size: 90112 bytes

Driver: F:\Windows\system32\DRIVERS\HIDCLASS.SYS
Address: 0x8CA98000
Size: 77824 bytes

Driver: F:\Windows\System32\Drivers\ksecdd.sys
Address: 0x86F5D000
Size: 77824 bytes

Driver: F:\Windows\system32\DRIVERS\rspndr.sys
Address: 0xA185B000
Size: 77824 bytes

Driver: F:\Windows\system32\DRIVERS\wanarp.sys
Address: 0x8BB6D000
Size: 77824 bytes

Driver: F:\Windows\system32\DRIVERS\AgileVpn.sys
Address: 0x8CB23000
Size: 73728 bytes

Driver: F:\Windows\system32\DRIVERS\intelppm.sys
Address: 0x8B2E3000
Size: 73728 bytes

Driver: F:\Windows\System32\drivers\mpsdrv.sys
Address: 0xA190C000
Size: 73728 bytes

Driver: F:\Windows\system32\DRIVERS\disk.sys
Address: 0x87200000
Size: 69632 bytes

Driver: F:\Windows\System32\Drivers\dump_dumpfve.sys
Address: 0x8CF69000
Size: 69632 bytes

Driver: F:\Windows\system32\drivers\fileinfo.sys
Address: 0x86BDB000
Size: 69632 bytes

Driver: F:\Windows\System32\Drivers\NDProxy.SYS
Address: 0x8C40D000
Size: 69632 bytes

Driver: F:\Windows\System32\drivers\partmgr.sys
Address: 0x86D1A000
Size: 69632 bytes

Driver: F:\Windows\system32\PSHED.dll
Address: 0x86AA1000
Size: 69632 bytes

Driver: F:\Windows\system32\DRIVERS\lltdio.sys
Address: 0x8CFAF000
Size: 65536 bytes

Driver: F:\Windows\System32\Drivers\mup.sys
Address: 0x873E4000
Size: 65536 bytes

Driver: F:\Windows\system32\DRIVERS\ndisuio.sys
Address: 0xA184B000
Size: 65536 bytes

Driver: F:\Windows\system32\DRIVERS\termdd.sys
Address: 0x8BB80000
Size: 65536 bytes

Driver: F:\Windows\system32\DRIVERS\volmgr.sys
Address: 0x86D3E000
Size: 65536 bytes

Driver: F:\Windows\system32\DRIVERS\usbehci.sys
Address: 0x8D20B000
Size: 61440 bytes

Driver: F:\Windows\system32\DRIVERS\blbdrive.sys
Address: 0x8B2B4000
Size: 57344 bytes

Driver: F:\Windows\system32\DRIVERS\netbios.sys
Address: 0x8BB5F000
Size: 57344 bytes

Driver: F:\Windows\System32\Drivers\Npfs.SYS
Address: 0x8BA7D000
Size: 57344 bytes

Driver: F:\Windows\system32\DRIVERS\PCIIDEX.SYS
Address: 0x86DA0000
Size: 57344 bytes

Driver: F:\Windows\System32\drivers\pcw.sys
Address: 0x86FCD000
Size: 57344 bytes

Driver: F:\Windows\system32\DRIVERS\umbus.sys
Address: 0x8CA00000
Size: 57344 bytes

Driver: F:\Windows\system32\drivers\WDFLDR.SYS
Address: 0x86C7E000
Size: 57344 bytes

Driver: F:\Windows\system32\DRIVERS\CompositeBus.sys
Address: 0x8CB16000
Size: 53248 bytes

Driver: F:\Windows\System32\Drivers\crashdmp.sys
Address: 0x8CF47000
Size: 53248 bytes

Driver: F:\Windows\system32\DRIVERS\kbdclass.sys
Address: 0x8CACA000
Size: 53248 bytes

Driver: F:\Windows\system32\drivers\modem.sys
Address: 0x8CEE4000
Size: 53248 bytes

Driver: F:\Windows\system32\DRIVERS\mouclass.sys
Address: 0x8CB09000
Size: 53248 bytes

Driver: F:\Windows\system32\DRIVERS\rimsptsk.sys
Address: 0x8C400000
Size: 53248 bytes

Driver: F:\Windows\System32\drivers\tcpipreg.sys
Address: 0xA58C6000
Size: 53248 bytes

Driver: F:\Windows\System32\drivers\watchdog.sys
Address: 0x8BA4D000
Size: 53248 bytes

Driver: F:\Windows\System32\drivers\discache.sys
Address: 0x8BA14000
Size: 49152 bytes

Driver: F:\Windows\system32\DRIVERS\kbdhid.sys
Address: 0x8CA0E000
Size: 49152 bytes

Driver: F:\Windows\System32\drivers\vga.sys
Address: 0x87026000
Size: 49152 bytes

Driver: F:\Windows\system32\DRIVERS\BATTC.SYS
Address: 0x86D33000
Size: 45056 bytes

Driver: F:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8CF54000
Size: 45056 bytes

Driver: F:\Windows\system32\DRIVERS\monitor.sys
Address: 0x8CF3C000
Size: 45056 bytes

Driver: F:\Windows\System32\Drivers\Msfs.SYS
Address: 0x8BA72000
Size: 45056 bytes

Driver: F:\Windows\system32\DRIVERS\ndistapi.sys
Address: 0x8CB4D000
Size: 45056 bytes

Driver: F:\Windows\system32\DRIVERS\TDI.SYS
Address: 0x8BAA2000
Size: 45056 bytes

Driver: F:\Windows\system32\DRIVERS\usbuhci.sys
Address: 0x8D200000
Size: 45056 bytes

Driver: F:\Windows\system32\DRIVERS\vdrvroot.sys
Address: 0x86D0F000
Size: 45056 bytes

Driver: F:\Windows\System32\Drivers\dump_msahci.sys
Address: 0x8CF5F000
Size: 40960 bytes

Driver: F:\Windows\System32\drivers\Dxapi.sys
Address: 0x8CF32000
Size: 40960 bytes

Driver: F:\Windows\system32\DRIVERS\msahci.sys
Address: 0x86DF0000
Size: 40960 bytes

Driver: F:\Windows\system32\DRIVERS\mssmbios.sys
Address: 0x8BA0A000
Size: 40960 bytes

Driver: F:\Windows\system32\drivers\nsiproxy.sys
Address: 0x8BA00000
Size: 40960 bytes

Driver: F:\Windows\system32\DRIVERS\rdpbus.sys
Address: 0x8CBC0000
Size: 40960 bytes

Driver: F:\Windows\System32\Drivers\secdrv.SYS
Address: 0xA589B000
Size: 40960 bytes

Driver: F:\Windows\system32\DRIVERS\amdxata.sys
Address: 0x86C00000
Size: 36864 bytes

Driver: F:\Windows\system32\DRIVERS\atapi.sys
Address: 0x86DC4000
Size: 36864 bytes

Driver: F:\Windows\System32\Drivers\Fs_Rec.sys
Address: 0x86FDB000
Size: 36864 bytes

Driver: F:\Windows\system32\DRIVERS\MpNWMon.sys
Address: 0xA59E5000
Size: 36864 bytes

Driver: F:\Windows\System32\TSDDD.dll
Address: 0x8F3B0000
Size: 36864 bytes

Driver: F:\Windows\system32\DRIVERS\vmstorfl.sys
Address: 0x87394000
Size: 36864 bytes

Driver: F:\Windows\system32\DRIVERS\wmiacpi.sys
Address: 0x8B2F9000
Size: 36864 bytes

Driver: F:\Windows\system32\DRIVERS\WMILIB.SYS
Address: 0x86CD4000
Size: 36864 bytes

Driver: F:\Windows\system32\BOOTVID.dll
Address: 0x86AB2000
Size: 32768 bytes

Driver: F:\Windows\system32\DRIVERS\compbatt.sys
Address: 0x86D2B000
Size: 32768 bytes

Driver: F:\Windows\System32\drivers\hwpolicy.sys
Address: 0x873F4000
Size: 32768 bytes

Driver: F:\Windows\system32\kdcom.dll
Address: 0x80BBD000
Size: 32768 bytes

Driver: F:\Windows\system32\DRIVERS\msisadrv.sys
Address: 0x86CDD000
Size: 32768 bytes

Driver: F:\Windows\System32\DRIVERS\RDPCDD.sys
Address: 0x8BA5A000
Size: 32768 bytes

Driver: F:\Windows\system32\drivers\rdpencdd.sys
Address: 0x8BA62000
Size: 32768 bytes

Driver: F:\Windows\system32\drivers\rdprefmp.sys
Address: 0x8BA6A000
Size: 32768 bytes

Driver: F:\Windows\system32\DRIVERS\rimmptsk.sys
Address: 0x8D233000
Size: 32768 bytes

Driver: F:\Windows\System32\Drivers\spldr.sys
Address: 0x873DC000
Size: 32768 bytes

Driver: F:\Windows\System32\Drivers\svenbowm.SYS
Address: 0xA5983000
Size: 32768 bytes

Driver: F:\Windows\system32\DRIVERS\xaudio.sys
Address: 0xA58D3000
Size: 32768 bytes

Driver: F:\Windows\System32\Drivers\Beep.SYS
Address: 0x8701F000
Size: 28672 bytes

Driver: F:\Windows\system32\DRIVERS\HIDPARSE.SYS
Address: 0x8CAAB000
Size: 28672 bytes

Driver: F:\Windows\system32\DRIVERS\intelide.sys
Address: 0x86D99000
Size: 28672 bytes

Driver: F:\Windows\System32\Drivers\Null.SYS
Address: 0x87211000
Size: 28672 bytes

Driver: F:\Windows\system32\DRIVERS\wfplwf.sys
Address: 0x8BB39000
Size: 28672 bytes

Driver: C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Address: 0x8BBB5000
Size: 24576 bytes

Driver: F:\Windows\system32\DRIVERS\CmBatt.sys
Address: 0x8B2F5000
Size: 16384 bytes

Driver: F:\Windows\system32\DRIVERS\mdmxsdk.sys
Address: 0xA19AF000
Size: 16384 bytes

Driver: F:\Windows\system32\DRIVERS\cpqbttn.sys
Address: 0x8CA95000
Size: 12288 bytes

Driver: F:\Windows\system32\DRIVERS\swenum.sys
Address: 0x8CBCA000
Size: 8192 bytes

Driver: F:\Windows\system32\DRIVERS\USBD.SYS
Address: 0x8CB07000
Size: 8192 bytes

==============================================
>Stealth

Unknown thread object [ ETHREAD 0x84FA3D48 ] TID: 2056
Address: 0xA59A5F2E
Size: 592
==============================================
>Files

Suspect File: C:\Documents and Settings\Default User\Data aplikací\Microsoft\Internet Explorer\brndlog.bak Status: Hidden


Suspect File: C:\Documents and Settings\Radim\Data aplikací\Intel\Wireless\WLANProfiles\Profiles.enc.bak Status: Hidden


Suspect File: C:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\m9csgia1.default\prefs.bak Status: Hidden


Suspect File: C:\Documents and Settings\Radim\Local Settings\Data aplikací\HP\Digital Imaging\db\imageTable.bak Status: Hidden


Suspect File: C:\Documents and Settings\Radim\Local Settings\Data aplikací\HP\Digital Imaging\db\keywordImagesTable.bak Status: Hidden


Suspect File: C:\Documents and Settings\Radim\Local Settings\Data aplikací\HP\Digital Imaging\db\keywordTable.bak Status: Hidden


Suspect File: C:\Documents and Settings\Radim\Local Settings\Data aplikací\HP\Digital Imaging\db\managedFolderTable.bak Status: Hidden


Suspect File: C:\Documents and Settings\Radim\Local Settings\Data aplikací\HP\Digital Imaging\db\pathnameTable.bak Status: Hidden


Suspect File: C:\Documents and Settings\Radim\Local Settings\Temp\CR_569E.tmp\SETUP_PATCH.PACKED.7Z Status: Hidden


Suspect File: C:\Documents and Settings\Radim\Local Settings\Temp\gj97F15.tmp Status: Hidden


Suspect File: C:\Documents and Settings\Radim\Local Settings\Temp\GLBDB1.tmp Status: Hidden


Suspect File: C:\Documents and Settings\Radim\Local Settings\Temp\set148E.tmp Status: Hidden


Suspect File: C:\Documents and Settings\Radim\Local Settings\Temp\Set9B.tmp Status: Hidden


Suspect File: C:\Documents and Settings\Radim\Local Settings\Temp\SetA9.tmp Status: Hidden


Suspect File: C:\nsj10A.tmp Status: Hidden


Suspect File: C:\pagefile.sys Status: Hidden


Suspect File: C:\Program Files\AV Vcs 6.0 DIAMOND\Vcs5rt1111967046.tmp Status: Hidden


Suspect File: C:\Program Files\AV Vcs 6.0 DIAMOND\Vcs5rt1111967046.tmp Status: Hidden


Suspect File: C:\Program Files\AV Vcs 6.0 DIAMOND\Vcs5rt1129271877.tmp Status: Hidden


Suspect File: C:\Program Files\AV Vcs 6.0 DIAMOND\Vcs5rt1129271877.tmp Status: Hidden


Suspect File: C:\Program Files\AV Vcs 6.0 DIAMOND\Vcs5rt1296253535.tmp Status: Hidden


Suspect File: C:\Program Files\AV Vcs 6.0 DIAMOND\Vcs5rt1296253535.tmp Status: Hidden


Suspect File: C:\Program Files\AV Vcs 6.0 DIAMOND\Vcs5rt1347178573.tmp Status: Hidden


Suspect File: C:\Program Files\AV Vcs 6.0 DIAMOND\Vcs5rt1347178573.tmp Status: Hidden


Suspect File: C:\Program Files\Xfire\xfire_games.bak Status: Hidden


Suspect File: C:\Program Files\Xfire\xfire_games.bak Status: Hidden


Suspect File: C:\temp\driverinst.log.bak Status: Hidden


Suspect File: C:\temp\driverinst.log.bak Status: Hidden


Suspect File: C:\temp\printerinst.log.bak Status: Hidden


Suspect File: C:\temp\printerinst.log.bak Status: Hidden


Suspect File: C:\WINDOWS\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\wlt16D5.tmp Status: Hidden


Suspect File: C:\WINDOWS\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\wlt16D5.tmp Status: Hidden


Suspect File: C:\WINDOWS\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\wlt16D5.tmp Status: Hidden


Suspect File: C:\WINDOWS\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\wlt16D5.tmp Status: Hidden


Suspect File: C:\WINDOWS\system32\config\systemprofile\Data aplikací\Microsoft\Internet Explorer\brndlog.bak Status: Hidden


Suspect File: C:\WINDOWS\system32\config\systemprofile\Data aplikací\Microsoft\Internet Explorer\brndlog.bak Status: Hidden


Suspect File: C:\WINDOWS\system32\config\systemprofile\Data aplikací\Microsoft\Internet Explorer\brndlog.bak Status: Hidden


Suspect File: C:\WINDOWS\system32\config\systemprofile\Data aplikací\Microsoft\Internet Explorer\brndlog.bak Status: Hidden


Suspect File: C:\WINDOWS\system32\SET1334.tmp Status: Hidden


Suspect File: C:\WINDOWS\system32\SET1334.tmp Status: Hidden


Suspect File: C:\WINDOWS\system32\SET1334.tmp Status: Hidden


Suspect File: C:\WINDOWS\system32\SET1334.tmp Status: Hidden

==============================================
>Hooks

[pitimir]

Podla tohto je to ciste...este cosi:

Skusal si zadat z Recovery Console prikazy fixmbr a fixboot?