Problém s PC po načítaní web stránky

[Márty84]

Dokumenty a fotky by mely jit dat na flashku v pohode a myslim, ze na flashku by ten rootkit nevlezl, ale jisty si nejsem. Ja jsem se s nim nikdy nesetkal. Proto jsem pozadal o pomoc kolegu.
Jsou ty pocitace propojene do jedne site? Sdileji nejake slozky atd?

stahni http://www.itxassociates.com/OT-Tools/OTLPEStd.exe a vloz prazdne cd do mechaniky.
Spust exe soubor, dojde k vypaleni, po ukonceni nabootuj do otlpe (rategoo edice).


v OTLpe na plose je ikona HXD-spust
- dej otevrit fyzicky disk pro editaci
- hned se otevře nulty sektor
- najdi řadky odpovidajici

Kód: Vybrat vše

0x000001B0   00 00 00 00 00 2C 44 63 77 9F 77 9F 00 00 00 01   .....,Dcw.w.....
0x000001C0   01 00 07 FE FF FF 3F 00 00 00 C1 2F 85 4A 80 FE   ...þ..?...Á/.J.þ
0x000001D0   FF FF 17 FE FF FF 00 30 85 4A A0 52 00 00 00 00   ...þ...0.J.R....
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

oznac cervene znaceny text, prepis/edituj 00 na číslo 80

0x000001B0 00 00 00 00 00 2C 44 63 77 9F 77 9F 00 00 00 01 .....,Dcw.w.....
0x000001C0 01 00 07 FE FF FF 3F 00 00 00 C1 2F 85 4A 80 FE ...þ..?...Á/.J.þ
0x000001D0 FF FF 17 FE FF FF 00 30 85 4A A0 52 00 00 00 00 ...þ...0.J.R....
0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª

opet oznac modry text, kde je 80 a zmen ho na 00

0x000001B0 00 00 00 00 00 2C 44 63 77 9F 77 9F 00 00 00 01 .....,Dcw.w.....
0x000001C0 01 00 07 FE FF FF 3F 00 00 00 C1 2F 85 4A 80 FE ...þ..?...Á/.J.þ
0x000001D0 FF FF 17 FE FF FF 00 30 85 4A A0 52 00 00 00 00 ...þ...0.J.R....
0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª

uloz (staci ukoncit program)
timto zasahem dojde k deaktivaci oddilu patriciho k rootkitu, nabootuj do kalsickych windows a spust tdskiller

[Minmi]

nie, sieť medzi nimi nie je vytvorená, žiadne zdieľanie. idem si teda zazálohovať dáke veci (asi to hodím na nejaký upload server, keď ste si nie istý s USB) a potom sa vrhnem na ten postup a robiť to v núdzovom alebo v normálnom režime? + neviem či nájdem CD, bude problém ak to bude DVD?

[Márty84]

V tom pripade by ten druhy pc mel byt v pohode, aspon myslim
Upload server je dobry napad, jistota je jistota
Pokud to pujde, tak v normalnim.
Nemel by to byt problem

[Minmi]

tak napálil som to na DVD len neviem ako to mám nabootovať do toho OTLPE. mám reštartovať PC a pri nabiehaní tam bude možnosť nabehnúť do toho?

[Márty84]

Zkuste to, pokud ne, budete muset nastavi v BIOSu, aby nejdrive kontroloval mechaniku

[Minmi]

ok, tak som prepísal, hádam úspešne - vo fyzických diskoch boli Hard Drive 1 a 2, v 1. som dané riadky nenašiel, v tom 2. boli v 0. sektore, akurát na začiatku nebolo 0x000001B0 ale 00000001B0, ináč zvyšok sedel

log z tdsskiller:

15:41:42.0218 3436 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
15:41:42.0578 3436 ============================================================
15:41:42.0578 3436 Current date / time: 2012/03/18 15:41:42.0578
15:41:42.0578 3436 SystemInfo:
15:41:42.0578 3436
15:41:42.0578 3436 OS Version: 5.1.2600 ServicePack: 3.0
15:41:42.0578 3436 Product type: Workstation
15:41:42.0578 3436 ComputerName: MINMI
15:41:42.0578 3436 UserName: Milan
15:41:42.0578 3436 Windows directory: C:\WINDOWS
15:41:42.0578 3436 System windows directory: C:\WINDOWS
15:41:42.0578 3436 Processor architecture: Intel x86
15:41:42.0578 3436 Number of processors: 2
15:41:42.0578 3436 Page size: 0x1000
15:41:42.0578 3436 Boot type: Normal boot
15:41:42.0578 3436 ============================================================
15:41:44.0078 3436 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:41:44.0093 3436 \Device\Harddisk0\DR0:
15:41:44.0093 3436 MBR used
15:41:44.0093 3436 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852FC1
15:41:44.0156 3436 Initialize success
15:41:44.0156 3436 ============================================================
15:42:12.0765 1116 ============================================================
15:42:12.0765 1116 Scan started
15:42:12.0765 1116 Mode: Manual; SigCheck; TDLFS;
15:42:12.0765 1116 ============================================================
15:42:12.0859 1116 Abiosdsk - ok
15:42:12.0875 1116 abp480n5 - ok
15:42:12.0921 1116 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:42:13.0968 1116 ACPI - ok
15:42:14.0062 1116 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:42:14.0187 1116 ACPIEC - ok
15:42:14.0187 1116 adpu160m - ok
15:42:14.0250 1116 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:42:14.0343 1116 aec - ok
15:42:14.0359 1116 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
15:42:14.0437 1116 AFD - ok
15:42:14.0437 1116 Aha154x - ok
15:42:14.0453 1116 aic78u2 - ok
15:42:14.0453 1116 aic78xx - ok
15:42:14.0453 1116 AliIde - ok
15:42:14.0515 1116 AMON (33bea266a2ade5f36ad2683522a7496a) C:\WINDOWS\system32\drivers\amon.sys
15:42:15.0703 1116 AMON - ok
15:42:15.0718 1116 amsint - ok
15:42:15.0750 1116 asc - ok
15:42:15.0750 1116 asc3350p - ok
15:42:15.0765 1116 asc3550 - ok
15:42:15.0796 1116 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:42:15.0890 1116 AsyncMac - ok
15:42:15.0906 1116 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:42:16.0000 1116 atapi - ok
15:42:16.0000 1116 Atdisk - ok
15:42:16.0109 1116 ati2mtag (b70ecb6bd20e13f0ce3c0bc95f5c3a9a) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
15:42:16.0218 1116 ati2mtag - ok
15:42:16.0265 1116 AtiHdmiService (41c8f0eda10da14378d304c20ba6e558) C:\WINDOWS\system32\drivers\AtiHdmi.sys
15:42:16.0296 1116 AtiHdmiService - ok
15:42:16.0343 1116 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:42:16.0437 1116 Atmarpc - ok
15:42:16.0484 1116 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:42:16.0562 1116 audstub - ok
15:42:16.0625 1116 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:42:16.0703 1116 Beep - ok
15:42:16.0750 1116 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:42:16.0859 1116 cbidf2k - ok
15:42:16.0890 1116 CCDECODE (fdc06e2ada8c468ebb161624e03976cf) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:42:16.0937 1116 CCDECODE - ok
15:42:16.0953 1116 cd20xrnt - ok
15:42:17.0000 1116 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:42:17.0093 1116 Cdaudio - ok
15:42:17.0109 1116 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:42:17.0187 1116 Cdfs - ok
15:42:17.0218 1116 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:42:17.0296 1116 Cdrom - ok
15:42:17.0296 1116 Changer - ok
15:42:17.0312 1116 CmdIde - ok
15:42:17.0312 1116 Cpqarray - ok
15:42:17.0328 1116 dac2w2k - ok
15:42:17.0328 1116 dac960nt - ok
15:42:17.0359 1116 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:42:17.0453 1116 Disk - ok
15:42:17.0500 1116 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:42:17.0593 1116 dmboot - ok
15:42:17.0640 1116 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:42:17.0765 1116 dmio - ok
15:42:17.0796 1116 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:42:17.0875 1116 dmload - ok
15:42:17.0906 1116 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:42:17.0984 1116 DMusic - ok
15:42:17.0984 1116 dpti2o - ok
15:42:18.0000 1116 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:42:18.0078 1116 drmkaud - ok
15:42:18.0125 1116 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:42:18.0218 1116 Fastfat - ok
15:42:18.0234 1116 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
15:42:18.0312 1116 Fdc - ok
15:42:18.0312 1116 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:42:18.0406 1116 Fips - ok
15:42:18.0421 1116 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
15:42:18.0500 1116 Flpydisk - ok
15:42:18.0515 1116 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:42:18.0609 1116 FltMgr - ok
15:42:18.0640 1116 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:42:18.0718 1116 Fs_Rec - ok
15:42:18.0750 1116 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:42:18.0828 1116 Ftdisk - ok
15:42:19.0015 1116 GarenaPEngine - ok
15:42:19.0031 1116 gdrv (5c230948dd6652228f88ca7ae6cb276c) C:\WINDOWS\gdrv.sys
15:42:19.0046 1116 gdrv - ok
15:42:19.0078 1116 GGSAFERDriver - ok
15:42:19.0093 1116 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
15:42:19.0140 1116 giveio ( UnsignedFile.Multi.Generic ) - warning
15:42:19.0140 1116 giveio - detected UnsignedFile.Multi.Generic (1)
15:42:19.0203 1116 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:42:19.0281 1116 Gpc - ok
15:42:19.0312 1116 hamachi (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys
15:42:19.0312 1116 hamachi - ok
15:42:19.0343 1116 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:42:19.0437 1116 HDAudBus - ok
15:42:19.0453 1116 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:42:19.0531 1116 hidusb - ok
15:42:19.0531 1116 hpn - ok
15:42:19.0578 1116 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
15:42:19.0703 1116 HPZid412 - ok
15:42:19.0718 1116 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
15:42:19.0734 1116 HPZipr12 - ok
15:42:19.0781 1116 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
15:42:19.0796 1116 HPZius12 - ok
15:42:19.0812 1116 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
15:42:19.0890 1116 HTTP - ok
15:42:19.0906 1116 i2omgmt - ok
15:42:19.0906 1116 i2omp - ok
15:42:19.0906 1116 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:42:20.0203 1116 i8042prt - ok
15:42:20.0203 1116 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:42:20.0281 1116 Imapi - ok
15:42:20.0281 1116 ini910u - ok
15:42:20.0406 1116 IntcAzAudAddService (557e20484a095d949912883f5ab29e88) C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:42:20.0562 1116 IntcAzAudAddService - ok
15:42:20.0578 1116 IntelIde - ok
15:42:20.0609 1116 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:42:20.0687 1116 intelppm - ok
15:42:20.0718 1116 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:42:20.0812 1116 Ip6Fw - ok
15:42:20.0859 1116 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:42:20.0953 1116 IpFilterDriver - ok
15:42:20.0984 1116 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:42:21.0062 1116 IpInIp - ok
15:42:21.0093 1116 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:42:21.0171 1116 IpNat - ok
15:42:21.0187 1116 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:42:21.0265 1116 IPSec - ok
15:42:21.0281 1116 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:42:21.0359 1116 IRENUM - ok
15:42:21.0390 1116 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:42:21.0484 1116 isapnp - ok
15:42:21.0484 1116 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:42:21.0562 1116 Kbdclass - ok
15:42:21.0625 1116 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:42:21.0703 1116 kmixer - ok
15:42:21.0703 1116 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
15:42:21.0796 1116 KSecDD - ok
15:42:21.0796 1116 L8042Kbd (ac728768de636093b4d5ae6361cfadae) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
15:42:21.0812 1116 L8042Kbd - ok
15:42:21.0812 1116 lbrtfdc - ok
15:42:21.0859 1116 LHidFilt (75415a95c589a07d6c97baa2d4143916) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
15:42:21.0859 1116 LHidFilt - ok
15:42:21.0875 1116 LMouFilt (fcb3f81ac07b8608f921134237823b88) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
15:42:21.0875 1116 LMouFilt - ok
15:42:21.0875 1116 LUsbFilt (ff1c2f90d40a2e52649937854e175987) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
15:42:21.0890 1116 LUsbFilt - ok
15:42:21.0937 1116 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
15:42:21.0937 1116 MBAMProtector - ok
15:42:21.0953 1116 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:42:22.0062 1116 mnmdd - ok
15:42:22.0078 1116 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:42:22.0156 1116 Modem - ok
15:42:22.0156 1116 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:42:22.0234 1116 Mouclass - ok
15:42:22.0250 1116 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:42:22.0328 1116 mouhid - ok
15:42:22.0328 1116 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:42:22.0406 1116 MountMgr - ok
15:42:22.0421 1116 mraid35x - ok
15:42:22.0421 1116 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:42:22.0500 1116 MRxDAV - ok
15:42:22.0531 1116 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:42:22.0609 1116 MRxSmb - ok
15:42:22.0625 1116 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:42:22.0734 1116 Msfs - ok
15:42:22.0750 1116 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:42:22.0828 1116 MSKSSRV - ok
15:42:22.0859 1116 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:42:22.0968 1116 MSPCLOCK - ok
15:42:22.0984 1116 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:42:23.0062 1116 MSPQM - ok
15:42:23.0093 1116 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:42:23.0171 1116 mssmbios - ok
15:42:23.0218 1116 MSTEE (d5059366b361f0e1124753447af08aa2) C:\WINDOWS\system32\drivers\MSTEE.sys
15:42:23.0250 1116 MSTEE - ok
15:42:23.0250 1116 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
15:42:23.0328 1116 Mup - ok
15:42:23.0375 1116 NABTSFEC (ac31b352ce5e92704056d409834beb74) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:42:23.0390 1116 NABTSFEC - ok
15:42:23.0406 1116 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:42:23.0500 1116 NDIS - ok
15:42:23.0531 1116 NdisIP (abd7629cf2796250f315c1dd0b6cf7a0) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:42:23.0546 1116 NdisIP - ok
15:42:23.0593 1116 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:42:23.0671 1116 NdisTapi - ok
15:42:23.0703 1116 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:42:23.0796 1116 Ndisuio - ok
15:42:23.0796 1116 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:42:23.0875 1116 NdisWan - ok
15:42:23.0890 1116 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
15:42:23.0968 1116 NDProxy - ok
15:42:24.0000 1116 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:42:24.0093 1116 NetBIOS - ok
15:42:24.0109 1116 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:42:24.0187 1116 NetBT - ok
15:42:24.0234 1116 nod32drv (6d6c73913da6454938f6690495c3cb5c) C:\WINDOWS\system32\drivers\nod32drv.sys
15:42:24.0250 1116 nod32drv - ok
15:42:24.0281 1116 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:42:24.0359 1116 Npfs - ok
15:42:24.0390 1116 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:42:24.0484 1116 Ntfs - ok
15:42:24.0531 1116 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:42:24.0625 1116 Null - ok
15:42:24.0656 1116 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:42:24.0750 1116 NwlnkFlt - ok
15:42:24.0750 1116 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:42:24.0843 1116 NwlnkFwd - ok
15:42:24.0890 1116 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:42:24.0968 1116 Parport - ok
15:42:24.0984 1116 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:42:25.0062 1116 PartMgr - ok
15:42:25.0078 1116 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:42:25.0156 1116 ParVdm - ok
15:42:25.0203 1116 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
15:42:25.0265 1116 pccsmcfd - ok
15:42:25.0265 1116 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:42:25.0343 1116 PCI - ok
15:42:25.0343 1116 PCIDump - ok
15:42:25.0359 1116 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:42:25.0468 1116 PCIIde - ok
15:42:25.0515 1116 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:42:25.0609 1116 Pcmcia - ok
15:42:25.0625 1116 PDCOMP - ok
15:42:25.0625 1116 PDFRAME - ok
15:42:25.0625 1116 PDRELI - ok
15:42:25.0640 1116 PDRFRAME - ok
15:42:25.0640 1116 perc2 - ok
15:42:25.0640 1116 perc2hib - ok
15:42:25.0687 1116 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:42:25.0765 1116 PptpMiniport - ok
15:42:25.0765 1116 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:42:25.0859 1116 PSched - ok
15:42:25.0890 1116 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:42:25.0984 1116 Ptilink - ok
15:42:25.0984 1116 ql1080 - ok
15:42:26.0000 1116 Ql10wnt - ok
15:42:26.0000 1116 ql12160 - ok
15:42:26.0000 1116 ql1240 - ok
15:42:26.0015 1116 ql1280 - ok
15:42:26.0015 1116 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:42:26.0109 1116 RasAcd - ok
15:42:26.0109 1116 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:42:26.0187 1116 Rasl2tp - ok
15:42:26.0203 1116 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:42:26.0281 1116 RasPppoe - ok
15:42:26.0281 1116 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:42:26.0359 1116 Raspti - ok
15:42:26.0390 1116 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:42:26.0468 1116 Rdbss - ok
15:42:26.0484 1116 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:42:26.0562 1116 RDPCDD - ok
15:42:26.0609 1116 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:42:26.0718 1116 rdpdr - ok
15:42:26.0750 1116 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
15:42:26.0828 1116 RDPWD - ok
15:42:26.0859 1116 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:42:26.0937 1116 redbook - ok
15:42:26.0968 1116 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
15:42:27.0062 1116 ROOTMODEM - ok
15:42:27.0125 1116 rspndr (0e11b35e972796042044bc27ce13b065) C:\WINDOWS\system32\DRIVERS\rspndr.sys
15:42:27.0140 1116 rspndr ( UnsignedFile.Multi.Generic ) - warning
15:42:27.0140 1116 rspndr - detected UnsignedFile.Multi.Generic (1)
15:42:27.0187 1116 RTLE8023xp (839141088ad7ee90f5b441b2d1afd22c) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
15:42:27.0265 1116 RTLE8023xp - ok
15:42:27.0281 1116 SbFw (419883201ca9ad697ccfb8fc46dd6f78) C:\WINDOWS\system32\drivers\SbFw.sys
15:42:27.0296 1116 SbFw - ok
15:42:27.0328 1116 SBFWIMCL (f01b8409a11c319e3c5b9dd418676d2c) C:\WINDOWS\system32\DRIVERS\sbfwim.sys
15:42:27.0328 1116 SBFWIMCL - ok
15:42:27.0375 1116 sbhips (31ca701f26ea66468ad3c3c6498755ce) C:\WINDOWS\system32\drivers\sbhips.sys
15:42:27.0390 1116 sbhips - ok
15:42:27.0421 1116 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:42:27.0500 1116 Secdrv - ok
15:42:27.0515 1116 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:42:27.0593 1116 serenum - ok
15:42:27.0609 1116 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:42:27.0687 1116 Serial - ok
15:42:27.0703 1116 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:42:27.0796 1116 Sfloppy - ok
15:42:27.0796 1116 Simbad - ok
15:42:27.0843 1116 SLIP (1ffc44d6787ec1ea9a2b1440a90fa5c1) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:42:27.0859 1116 SLIP - ok
15:42:27.0875 1116 Sparrow - ok
15:42:27.0921 1116 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
15:42:27.0968 1116 speedfan ( UnsignedFile.Multi.Generic ) - warning
15:42:27.0968 1116 speedfan - detected UnsignedFile.Multi.Generic (1)
15:42:27.0984 1116 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:42:28.0062 1116 splitter - ok
15:42:28.0109 1116 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
15:42:28.0109 1116 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
15:42:28.0109 1116 sptd ( LockedFile.Multi.Generic ) - warning
15:42:28.0109 1116 sptd - detected LockedFile.Multi.Generic (1)
15:42:28.0171 1116 sp_rsdrv2 (7b426b8e809edf081d771ef429345528) C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
15:42:28.0171 1116 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - warning
15:42:28.0171 1116 sp_rsdrv2 - detected UnsignedFile.Multi.Generic (1)
15:42:28.0187 1116 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:42:28.0296 1116 sr - ok
15:42:28.0296 1116 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
15:42:28.0390 1116 Srv - ok
15:42:28.0406 1116 streamip (a9f9fd0212e572b84edb9eb661f6bc04) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:42:28.0437 1116 streamip - ok
15:42:28.0453 1116 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:42:28.0531 1116 swenum - ok
15:42:28.0562 1116 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:42:28.0656 1116 swmidi - ok
15:42:28.0671 1116 symc810 - ok
15:42:28.0671 1116 symc8xx - ok
15:42:28.0671 1116 sym_hi - ok
15:42:28.0687 1116 sym_u3 - ok
15:42:28.0703 1116 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:42:28.0781 1116 sysaudio - ok
15:42:28.0796 1116 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:42:28.0890 1116 Tcpip - ok
15:42:28.0921 1116 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:42:29.0000 1116 TDPIPE - ok
15:42:29.0031 1116 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:42:29.0093 1116 TDTCP - ok
15:42:29.0156 1116 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:42:29.0234 1116 TermDD - ok
15:42:29.0234 1116 TosIde - ok
15:42:29.0265 1116 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:42:29.0343 1116 Udfs - ok
15:42:29.0546 1116 ultra - ok
15:42:29.0578 1116 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:42:29.0656 1116 Update - ok
15:42:29.0703 1116 usb2vcom (ac38ade382e768bc4a68bb5b4cf22245) C:\WINDOWS\system32\DRIVERS\usb2vcom.sys
15:42:29.0718 1116 usb2vcom ( UnsignedFile.Multi.Generic ) - warning
15:42:29.0718 1116 usb2vcom - detected UnsignedFile.Multi.Generic (1)
15:42:29.0750 1116 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:42:29.0843 1116 usbccgp - ok
15:42:29.0890 1116 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:42:29.0968 1116 usbehci - ok
15:42:29.0984 1116 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:42:30.0062 1116 usbhub - ok
15:42:30.0109 1116 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:42:30.0187 1116 usbprint - ok
15:42:30.0203 1116 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:42:30.0281 1116 usbscan - ok
15:42:30.0312 1116 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:42:30.0390 1116 USBSTOR - ok
15:42:30.0406 1116 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:42:30.0484 1116 usbuhci - ok
15:42:30.0500 1116 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
15:42:30.0578 1116 usbvideo - ok
15:42:30.0609 1116 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:42:30.0703 1116 VgaSave - ok
15:42:30.0703 1116 ViaIde - ok
15:42:30.0734 1116 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:42:30.0812 1116 VolSnap - ok
15:42:30.0828 1116 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:42:30.0906 1116 Wanarp - ok
15:42:30.0953 1116 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
15:42:30.0968 1116 Wdf01000 - ok
15:42:30.0984 1116 WDICA - ok
15:42:31.0000 1116 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:42:31.0078 1116 wdmaud - ok
15:42:31.0109 1116 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:42:31.0203 1116 WS2IFSL - ok
15:42:31.0234 1116 WSTCODEC (233cdd1c06942115802eb7ce6669e099) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:42:31.0250 1116 WSTCODEC - ok
15:42:31.0281 1116 WudfPf (50eb9e21963b4f06fd010d007d54351b) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:42:31.0375 1116 WudfPf - ok
15:42:31.0375 1116 WudfRd (6e209664bdea8a15b5e8e480d6c607c2) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:42:31.0406 1116 WudfRd - ok
15:42:31.0437 1116 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:42:31.0625 1116 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
15:42:31.0625 1116 \Device\Harddisk0\DR0 - detected TDSS File System (1)
15:42:31.0625 1116 Boot (0x1200) (324ff0f9a760559bb217127109afa68b) \Device\Harddisk0\DR0\Partition0
15:42:31.0625 1116 \Device\Harddisk0\DR0\Partition0 - ok
15:42:31.0625 1116 ============================================================
15:42:31.0625 1116 Scan finished
15:42:31.0625 1116 ============================================================
15:42:31.0750 0512 Detected object count: 7
15:42:31.0750 0512 Actual detected object count: 7
15:42:55.0703 0512 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
15:42:55.0703 0512 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:42:55.0703 0512 rspndr ( UnsignedFile.Multi.Generic ) - skipped by user
15:42:55.0703 0512 rspndr ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:42:55.0703 0512 speedfan ( UnsignedFile.Multi.Generic ) - skipped by user
15:42:55.0703 0512 speedfan ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:42:55.0703 0512 sptd ( LockedFile.Multi.Generic ) - skipped by user
15:42:55.0703 0512 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
15:42:55.0703 0512 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - skipped by user
15:42:55.0703 0512 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:42:55.0703 0512 usb2vcom ( UnsignedFile.Multi.Generic ) - skipped by user
15:42:55.0703 0512 usb2vcom ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:42:55.0703 0512 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
15:42:55.0703 0512 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
15:43:06.0187 0352 Deinitialize success

[Márty84]

Zkuste ted udelat ten aswMBR

[Minmi]

This application can use the Avast! Free Antivirus for scanning. It is recommended to download it for better detection results. Would you like to download latest Avast! virus definitions? - dal som nie



aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-18 15:21:18
-----------------------------
15:21:18.016 OS Version: Windows 5.1.2600 Service Pack 3
15:21:18.016 Number of processors: 2 586 0x1706
15:21:18.016 ComputerName: MINMI UserName: Milan
15:21:18.985 Initialize success
15:24:14.251 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-16
15:24:14.251 Disk 0 Vendor: WDC_WD6400AAKS-65A7B0 01.03B01 Size: 610480MB BusType: 3
15:24:14.266 Disk 0 MBR read successfully
15:24:14.266 Disk 0 MBR scan
15:24:14.266 Disk 0 Windows XP default MBR code
15:24:14.266 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 610469 MB offset 63
15:24:14.298 Disk 0 Partition 2 00 17 Hidd HPFS/NTFS NTFS 10 MB offset 1250242560
15:24:14.298 Disk 0 scanning sectors +1250263712
15:24:14.376 Disk 0 scanning C:\WINDOWS\system32\drivers
15:24:21.532 Service scanning
15:24:26.501 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
15:24:28.548 Modules scanning
15:24:31.438 Disk 0 trace - called modules:
15:24:31.470 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spvj.sys >>UNKNOWN [0x8afe4938]<<
15:24:31.470 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8af6aab8]
15:24:31.470 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000007c[0x8b0020b8]
15:24:31.470 5 ACPI.sys[b9e66620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-16[0x8aecdd98]
15:24:31.470 Scan finished successfully
15:24:39.641 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Milan\Desktop\MBR.dat"
15:24:39.673 The log file has been saved successfully to "C:\Documents and Settings\Milan\Desktop\aswMBR.txt"

[Márty84]

Budeme muset pockat, az se tu ukaze Naughty. Ja si postupem nejsem uplne jisty a nerad bych toho hajzlika (toho rootkita, ne Naughtyho, aby bylo jasno ) zase nejak probudil

[Márty84]

Tak to bylo rychleji, nez jsem cekal

logy ma ok!

staci aby ve spravci disku smazal ten pidi oddil patrici haveti a je to vse,

Takze to smazte a napiste, jak se chova pocitac

[Minmi]

mohli by ste mi prosím dať podrobnejší postup?

[Minmi]

myslím, že som to našiel, computer management -> storage -> disk management a tam sú 2 partition, 1 disk 519,16GB, druhé 10MB unknown partition, tak len normálne pravým a zmazať?

[Márty84]

Ano, nez jsem sesmolil odpoved, nasel jste si to sam

[Minmi]

ok vymazané, takže už je to čisté?

[Márty84]

No ten smejd je definitivne mrtvy. Ted jeste pro jistotu udelejte novou uplnou kontrolu s MBAM, pak dejte novy log z RSIT a hlavne napiste, jak se chova pocitac