VIRY.CZ

Zdravím... AVPTool nic nenašel. PC ale pracuje dobře a Avast už nic nehlásí. Díky.

Dobré ráno, díky za odpověď. Avast bohužel pořád hlásí přítomnost MBR:\\.\PHYSICALDRIVE0
Zde jsou logy z RSIT:

info.txt logfile of random's system information tool 1.09 2011-09-16 09:24:44

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->MsiExec ...

Opět jsem byl pár dní mimo... Zde je log a díky:

ComboFix 11-09-11.05 - user 09/16/2011 0:31.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1455 [GMT 2:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
Command switches used :: c:\documents and ...

MBR a Combofix logy... Diky...

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD2500BEKT-00F3T0 rev.11.01A11 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace ...

Něco to našlo... TDSSKiller log:

2011/09/11 21:53:36.0890 4992 TDSS rootkit removing tool 2.5.21.0 Sep 10 2011 21:07:05
2011/09/11 21:53:38.0468 4992 ================================================================================
2011/09/11 21:53:38.0468 4992 SystemInfo:
2011/09/11 21:53:38.0468 ...

Zdravím... bohužel jsem byl na pár dní pryč... Avast stále hlásí přítomnost MBR. Zde je log z RSIT a děkuji...

Logfile of random's system information tool 1.09 (written by random/random)
Run by user at 2011-09-11 21:40:12
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 101 GB ...

Zde je log z aswMBR. PC jde dobře, ale Avast před chvílí opět napsal, že něco našel, ale když jsem dal test, tak nic nevyběhlo. Kdybych objevil nějaké další problémy, ještě bych napsal. Mockrát děkuji - pomoc byla/ je perfektní... :worship:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software ...

MBR log... Díky.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD2500BEKT-00F3T0 rev.11.01A11 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules ...

Zde je log z MBR:

¨Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR

Disk ...

Díky. Zfixnuto a zde je nový log z aswMBR:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-05 19:05:17
-----------------------------
19:05:17.453 OS Version: Windows 5.1.2600 Service Pack 3
19:05:17.453 Number of processors: 2 586 0xF0D
19:05:17.453 ComputerName: USER ...

Zde je požadovaný log - našel toho dost...

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-05 16:57:35
-----------------------------
16:57:35.500 OS Version: Windows 5.1.2600 Service Pack 3
16:57:35.500 Number of processors: 2 586 0xF0D
16:57:35.500 ComputerName: USER ...

Grub ani jiný bootloader nepoužívám... Zde je log z Bootkit remover... Díky.

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset ...

Zde je log z TDSSKiller, nic nenasel:

2011/09/05 16:30:37.0781 0640 TDSS rootkit removing tool 2.5.18.0 Sep 5 2011 09:53:09
2011/09/05 16:30:39.0250 0640 ================================================================================
2011/09/05 16:30:39.0250 0640 SystemInfo:
2011/09/05 16:30:39 ...

Zde je log z MBR. Díky.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR ...