vinholanda
2013-07-10, 11:53
Hi tashi!
I'm having the same problem that My3Angelz. I did a quick rootkit scan too and SD detected MBR: PhysicalDrive0. I've tried to fix this by myself only reading the posts. But I'm not a specialist and I didn't do a backup of my files, so, I'm afraid to do something wrong. Please could you assist me? Thanks a lot!
These are my S&D logs of rootkit scan:
Rootkit Quick Scan log:
RootAlyzer Quick Scan Results
Files in Windows folder
----------------------------------------
114 files were tested.
No hidden files detected.
========================================
Files in System folder
----------------------------------------
2424 files were tested.
No hidden files detected.
========================================
Global run entries
----------------------------------------
No hidden entries detected.
========================================
Winlogon entries
----------------------------------------
No hidden entries detected.
========================================
Invisible processes (from handles)
----------------------------------------
0 handle process IDs for 120 processes.
No hidden processes detected.
========================================
Invisible processes (from threads)
----------------------------------------
120 processes tested.
No hidden processes detected.
========================================
Master Boot Records
----------------------------------------
1 MBRs checked.
Unkown MBRs: PhysicalDrive0
PhysicalDrive0
========================================
..............................................................................................................
The Root Alyzer log:
// info: Rootkit removal help file
// copyright: (c) 2008-2013 Safer-Networking Ltd. All rights reserved.
:: RootAlyzer Results
File:"Unknown ADS","D:\Backups\Imagens\Xurras e otras\MOV06223.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\Cam Leilane\MOV04597.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\Cam Leilane\MOV04674.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\Cam Leilane\MOV04675.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\Cam Leilane\MOV04689.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\Cam Leilane\MOV04706.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\Cam Leilane\MOV04707.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\Acampamento\MOV06522.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\Acampamento\MOV06523.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\Acampamento\MOV06526.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\Acampamento\MOV06537.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\Acampamento\MOV06538.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\Acampamento\MOV06544.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\Acampamento\MOV06545.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\Acampamento\MOV06546.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\31-3-2008\MOV05754.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\31-3-2008\MOV05892.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\31-3-2008\MOV05893.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\31-3-2008\MOV05901.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\31-3-2008\MOV05902.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\21-10-2008(1)\MOV06370.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\21-10-2008(1)\MOV06372.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\21-10-2008\MOV05892.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\21-10-2008\MOV05902.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\21-10-2008\MOV06090.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\21-10-2008\MOV06223.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\21-10-2008\MOV06307.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\21-10-2008\MOV06309.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\21-10-2008\MOV06314.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\21-10-2008\MOV06315.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\21-10-2008\MOV06316.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\15-02-2009\MOV06522.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\15-02-2009\MOV06523.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\15-02-2009\MOV06526.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\15-02-2009\MOV06537.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\15-02-2009\MOV06538.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\15-02-2009\MOV06544.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\15-02-2009\MOV06545.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\15-02-2009\MOV06546.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\15-02-2009\MOV06586.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\Xurras e otras\MOV06223.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\Cam Leilane\MOV04597.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\Cam Leilane\MOV04674.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\Cam Leilane\MOV04675.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\Cam Leilane\MOV04689.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\Cam Leilane\MOV04706.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\Cam Leilane\MOV04707.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\Acampamento\MOV06522.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\Acampamento\MOV06523.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\Acampamento\MOV06526.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\Acampamento\MOV06537.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\Acampamento\MOV06538.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\Acampamento\MOV06544.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\Acampamento\MOV06545.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\Acampamento\MOV06546.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\31-3-2008\MOV05754.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\31-3-2008\MOV05892.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\31-3-2008\MOV05893.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\31-3-2008\MOV05901.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\31-3-2008\MOV05902.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\21-10-2008(1)\MOV06370.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\21-10-2008(1)\MOV06372.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\21-10-2008\MOV05892.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\21-10-2008\MOV05902.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\21-10-2008\MOV06090.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\21-10-2008\MOV06223.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\21-10-2008\MOV06307.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\21-10-2008\MOV06309.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\21-10-2008\MOV06314.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\21-10-2008\MOV06315.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\21-10-2008\MOV06316.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\15-02-2009\MOV06522.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\15-02-2009\MOV06523.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\15-02-2009\MOV06526.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\15-02-2009\MOV06537.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\15-02-2009\MOV06538.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\15-02-2009\MOV06544.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\15-02-2009\MOV06545.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\15-02-2009\MOV06546.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\15-02-2009\MOV06586.MPG:TOC.WMV:$DATA"
File:"No admin in ACL","C:\Windows\SysWOW64\58D2E81569.sys"
File:"No admin in ACL","C:\Windows\SysWOW64\KGyGaAvL.sys"
File:"No admin in ACL","C:\Windows\System32\58D2E81569.sys"
File:"No admin in ACL","C:\Windows\System32\KGyGaAvL.sys"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\Xurras e otras\MOV06223.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\Cam Leilane\MOV04597.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\Cam Leilane\MOV04674.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\Cam Leilane\MOV04675.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\Cam Leilane\MOV04689.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\Cam Leilane\MOV04706.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\Cam Leilane\MOV04707.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\Acampamento\MOV06522.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\Acampamento\MOV06523.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\Acampamento\MOV06526.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\Acampamento\MOV06537.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\Acampamento\MOV06538.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\Acampamento\MOV06544.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\Acampamento\MOV06545.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\Acampamento\MOV06546.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\31-3-2008\MOV05754.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\31-3-2008\MOV05892.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\31-3-2008\MOV05893.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\31-3-2008\MOV05901.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\31-3-2008\MOV05902.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\21-10-2008(1)\MOV06370.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\21-10-2008(1)\MOV06372.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\21-10-2008\MOV05892.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\21-10-2008\MOV05902.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\21-10-2008\MOV06090.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\21-10-2008\MOV06223.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\21-10-2008\MOV06307.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\21-10-2008\MOV06309.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\21-10-2008\MOV06314.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\21-10-2008\MOV06315.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\21-10-2008\MOV06316.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\15-02-2009\MOV06522.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\15-02-2009\MOV06523.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\15-02-2009\MOV06526.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\15-02-2009\MOV06537.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\15-02-2009\MOV06538.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\15-02-2009\MOV06544.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\15-02-2009\MOV06545.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\15-02-2009\MOV06546.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\15-02-2009\MOV06586.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Favorites\Downloads\SkypeSetupFull.exe:ZONE.IDENTIFIER:$DATA"
File:"No admin in ACL","C:\Users\Todos os Usuários\Real\setup\config.ini"
File:"No admin in ACL","C:\Users\Todos os Usuários\LG Software\LG Smart Share\subtitles"
File:"Unknown ADS","C:\Users\Todos os Usuários\AVG2013\Chjw\4c92873192871f18.dat:c5272721-b041-4f0e-9e56-f5041ed6a83a:$DATA"
File:"Unknown ADS","C:\Users\Todos os Usuários\AVG2013\Chjw\8884366784365840.dat:17d90527-9dc9-4b5b-8812-404eac8d5010:$DATA"
File:"Unknown ADS","C:\Users\Todos os Usuários\AVG2013\Chjw\8884366784365840.dat:7d939d40-d366-4046-9020-d11e1b36db63:$DATA"
File:"Unknown ADS","C:\Users\Todos os Usuários\AVG2013\Chjw\acd88ad0d88a986a.dat:1e6db47c-5599-4448-8647-8a352de6e507:$DATA"
File:"Unknown ADS","C:\Users\Todos os Usuários\AVG2013\Chjw\ea0c9fac0c9f71f5.dat:6648c82e-a3ee-402f-bc68-3066551bae17:$DATA"
File:"Unknown ADS","C:\Users\Todos os Usuários\AVG2013\Chjw\ea0c9fac0c9f71f5.dat:6daf8e38-71e0-474c-b988-462a61232874:$DATA"
File:"Unknown ADS","C:\Users\Todos os Usuários\AVG2013\Chjw\ea0c9fac0c9f71f5.dat:f51f0a77-20a7-4c33-99f8-592f8ef56277:$DATA"
File:"No admin in ACL","C:\Users\All Users\Real\setup\config.ini"
File:"No admin in ACL","C:\Users\All Users\LG Software\LG Smart Share\subtitles"
File:"Unknown ADS","C:\Users\All Users\AVG2013\Chjw\4c92873192871f18.dat:c5272721-b041-4f0e-9e56-f5041ed6a83a:$DATA"
File:"Unknown ADS","C:\Users\All Users\AVG2013\Chjw\8884366784365840.dat:17d90527-9dc9-4b5b-8812-404eac8d5010:$DATA"
File:"Unknown ADS","C:\Users\All Users\AVG2013\Chjw\8884366784365840.dat:7d939d40-d366-4046-9020-d11e1b36db63:$DATA"
File:"Unknown ADS","C:\Users\All Users\AVG2013\Chjw\acd88ad0d88a986a.dat:1e6db47c-5599-4448-8647-8a352de6e507:$DATA"
File:"Unknown ADS","C:\Users\All Users\AVG2013\Chjw\ea0c9fac0c9f71f5.dat:6648c82e-a3ee-402f-bc68-3066551bae17:$DATA"
File:"Unknown ADS","C:\Users\All Users\AVG2013\Chjw\ea0c9fac0c9f71f5.dat:6daf8e38-71e0-474c-b988-462a61232874:$DATA"
File:"Unknown ADS","C:\Users\All Users\AVG2013\Chjw\ea0c9fac0c9f71f5.dat:f51f0a77-20a7-4c33-99f8-592f8ef56277:$DATA"
File:"No admin in ACL","C:\ProgramData\Real\setup\config.ini"
File:"No admin in ACL","C:\ProgramData\LG Software\LG Smart Share\subtitles"
File:"Unknown ADS","C:\ProgramData\AVG2013\Chjw\4c92873192871f18.dat:c5272721-b041-4f0e-9e56-f5041ed6a83a:$DATA"
File:"Unknown ADS","C:\ProgramData\AVG2013\Chjw\8884366784365840.dat:17d90527-9dc9-4b5b-8812-404eac8d5010:$DATA"
File:"Unknown ADS","C:\ProgramData\AVG2013\Chjw\8884366784365840.dat:7d939d40-d366-4046-9020-d11e1b36db63:$DATA"
File:"Unknown ADS","C:\ProgramData\AVG2013\Chjw\acd88ad0d88a986a.dat:1e6db47c-5599-4448-8647-8a352de6e507:$DATA"
File:"Unknown ADS","C:\ProgramData\AVG2013\Chjw\ea0c9fac0c9f71f5.dat:6648c82e-a3ee-402f-bc68-3066551bae17:$DATA"
File:"Unknown ADS","C:\ProgramData\AVG2013\Chjw\ea0c9fac0c9f71f5.dat:6daf8e38-71e0-474c-b988-462a61232874:$DATA"
File:"Unknown ADS","C:\ProgramData\AVG2013\Chjw\ea0c9fac0c9f71f5.dat:f51f0a77-20a7-4c33-99f8-592f8ef56277:$DATA"
RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Applets\SysTray\BattMeter\","Flyout"
RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Wow6432Node\Microsoft\Security Center\","Svc"
I've ran aswMBR and it found a unknown mbr code! Here's the log:
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-07-10 03:41:43
-----------------------------
03:41:43.600 OS Version: Windows x64 6.1.7601 Service Pack 1
03:41:43.600 Number of processors: 4 586 0x3A09
03:41:43.601 ComputerName: VINÍCIUS-PC UserName: Vinícius
03:41:43.744 Initialze error 1
03:41:56.179 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
03:41:56.182 Disk 0 Vendor: TOSHIBA_ AX00 Size: 476940MB BusType: 3
03:41:56.217 Disk 0 MBR read successfully
03:41:56.220 Disk 0 MBR scan
03:41:56.224 Disk 0 unknown MBR code
03:41:56.238 Disk 0 Partition 1 00 EE GPT 476940 MB offset 1
03:41:56.243 Disk 0 scanning C:\Windows\system32\drivers
03:41:56.247 Service scanning
03:41:56.811 Modules scanning
03:41:56.816 Disk 0 trace - called modules:
03:41:56.822 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
03:41:56.827 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065b3790]
03:41:56.833 3 CLASSPNP.SYS[fffff88001cec43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80065b2050]
03:41:56.838 Scan finished successfully
03:54:57.524 Disk 0 MBR has been saved successfully to "C:\Users\Vinícius\Desktop\MBR.dat"
03:54:57.531 The log file has been saved successfully to "C:\Users\Vinícius\Desktop\aswMBR.txt"
I'm having the same problem that My3Angelz. I did a quick rootkit scan too and SD detected MBR: PhysicalDrive0. I've tried to fix this by myself only reading the posts. But I'm not a specialist and I didn't do a backup of my files, so, I'm afraid to do something wrong. Please could you assist me? Thanks a lot!
These are my S&D logs of rootkit scan:
Rootkit Quick Scan log:
RootAlyzer Quick Scan Results
Files in Windows folder
----------------------------------------
114 files were tested.
No hidden files detected.
========================================
Files in System folder
----------------------------------------
2424 files were tested.
No hidden files detected.
========================================
Global run entries
----------------------------------------
No hidden entries detected.
========================================
Winlogon entries
----------------------------------------
No hidden entries detected.
========================================
Invisible processes (from handles)
----------------------------------------
0 handle process IDs for 120 processes.
No hidden processes detected.
========================================
Invisible processes (from threads)
----------------------------------------
120 processes tested.
No hidden processes detected.
========================================
Master Boot Records
----------------------------------------
1 MBRs checked.
Unkown MBRs: PhysicalDrive0
PhysicalDrive0
========================================
..............................................................................................................
The Root Alyzer log:
// info: Rootkit removal help file
// copyright: (c) 2008-2013 Safer-Networking Ltd. All rights reserved.
:: RootAlyzer Results
File:"Unknown ADS","D:\Backups\Imagens\Xurras e otras\MOV06223.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\Cam Leilane\MOV04597.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\Cam Leilane\MOV04674.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\Cam Leilane\MOV04675.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\Cam Leilane\MOV04689.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\Cam Leilane\MOV04706.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\Cam Leilane\MOV04707.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\Acampamento\MOV06522.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\Acampamento\MOV06523.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\Acampamento\MOV06526.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\Acampamento\MOV06537.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\Acampamento\MOV06538.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\Acampamento\MOV06544.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\Acampamento\MOV06545.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\Acampamento\MOV06546.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\31-3-2008\MOV05754.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\31-3-2008\MOV05892.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\31-3-2008\MOV05893.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\31-3-2008\MOV05901.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\31-3-2008\MOV05902.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\21-10-2008(1)\MOV06370.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\21-10-2008(1)\MOV06372.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\21-10-2008\MOV05892.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\21-10-2008\MOV05902.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\21-10-2008\MOV06090.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\21-10-2008\MOV06223.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\21-10-2008\MOV06307.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\21-10-2008\MOV06309.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\21-10-2008\MOV06314.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\21-10-2008\MOV06315.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\21-10-2008\MOV06316.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\15-02-2009\MOV06522.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\15-02-2009\MOV06523.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\15-02-2009\MOV06526.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\15-02-2009\MOV06537.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\15-02-2009\MOV06538.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\15-02-2009\MOV06544.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\15-02-2009\MOV06545.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\15-02-2009\MOV06546.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\15-02-2009\MOV06586.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\Xurras e otras\MOV06223.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\Cam Leilane\MOV04597.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\Cam Leilane\MOV04674.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\Cam Leilane\MOV04675.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\Cam Leilane\MOV04689.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\Cam Leilane\MOV04706.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\Cam Leilane\MOV04707.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\Acampamento\MOV06522.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\Acampamento\MOV06523.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\Acampamento\MOV06526.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\Acampamento\MOV06537.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\Acampamento\MOV06538.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\Acampamento\MOV06544.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\Acampamento\MOV06545.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\Acampamento\MOV06546.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\31-3-2008\MOV05754.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\31-3-2008\MOV05892.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\31-3-2008\MOV05893.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\31-3-2008\MOV05901.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\31-3-2008\MOV05902.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\21-10-2008(1)\MOV06370.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\21-10-2008(1)\MOV06372.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\21-10-2008\MOV05892.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\21-10-2008\MOV05902.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\21-10-2008\MOV06090.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\21-10-2008\MOV06223.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\21-10-2008\MOV06307.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\21-10-2008\MOV06309.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\21-10-2008\MOV06314.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\21-10-2008\MOV06315.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\21-10-2008\MOV06316.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\15-02-2009\MOV06522.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\15-02-2009\MOV06523.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\15-02-2009\MOV06526.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\15-02-2009\MOV06537.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\15-02-2009\MOV06538.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\15-02-2009\MOV06544.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\15-02-2009\MOV06545.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\15-02-2009\MOV06546.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\15-02-2009\MOV06586.MPG:TOC.WMV:$DATA"
File:"No admin in ACL","C:\Windows\SysWOW64\58D2E81569.sys"
File:"No admin in ACL","C:\Windows\SysWOW64\KGyGaAvL.sys"
File:"No admin in ACL","C:\Windows\System32\58D2E81569.sys"
File:"No admin in ACL","C:\Windows\System32\KGyGaAvL.sys"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\Xurras e otras\MOV06223.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\Cam Leilane\MOV04597.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\Cam Leilane\MOV04674.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\Cam Leilane\MOV04675.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\Cam Leilane\MOV04689.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\Cam Leilane\MOV04706.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\Cam Leilane\MOV04707.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\Acampamento\MOV06522.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\Acampamento\MOV06523.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\Acampamento\MOV06526.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\Acampamento\MOV06537.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\Acampamento\MOV06538.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\Acampamento\MOV06544.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\Acampamento\MOV06545.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\Acampamento\MOV06546.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\31-3-2008\MOV05754.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\31-3-2008\MOV05892.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\31-3-2008\MOV05893.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\31-3-2008\MOV05901.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\31-3-2008\MOV05902.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\21-10-2008(1)\MOV06370.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\21-10-2008(1)\MOV06372.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\21-10-2008\MOV05892.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\21-10-2008\MOV05902.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\21-10-2008\MOV06090.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\21-10-2008\MOV06223.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\21-10-2008\MOV06307.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\21-10-2008\MOV06309.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\21-10-2008\MOV06314.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\21-10-2008\MOV06315.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\21-10-2008\MOV06316.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\15-02-2009\MOV06522.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\15-02-2009\MOV06523.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\15-02-2009\MOV06526.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\15-02-2009\MOV06537.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\15-02-2009\MOV06538.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\15-02-2009\MOV06544.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\15-02-2009\MOV06545.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\15-02-2009\MOV06546.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\15-02-2009\MOV06586.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Favorites\Downloads\SkypeSetupFull.exe:ZONE.IDENTIFIER:$DATA"
File:"No admin in ACL","C:\Users\Todos os Usuários\Real\setup\config.ini"
File:"No admin in ACL","C:\Users\Todos os Usuários\LG Software\LG Smart Share\subtitles"
File:"Unknown ADS","C:\Users\Todos os Usuários\AVG2013\Chjw\4c92873192871f18.dat:c5272721-b041-4f0e-9e56-f5041ed6a83a:$DATA"
File:"Unknown ADS","C:\Users\Todos os Usuários\AVG2013\Chjw\8884366784365840.dat:17d90527-9dc9-4b5b-8812-404eac8d5010:$DATA"
File:"Unknown ADS","C:\Users\Todos os Usuários\AVG2013\Chjw\8884366784365840.dat:7d939d40-d366-4046-9020-d11e1b36db63:$DATA"
File:"Unknown ADS","C:\Users\Todos os Usuários\AVG2013\Chjw\acd88ad0d88a986a.dat:1e6db47c-5599-4448-8647-8a352de6e507:$DATA"
File:"Unknown ADS","C:\Users\Todos os Usuários\AVG2013\Chjw\ea0c9fac0c9f71f5.dat:6648c82e-a3ee-402f-bc68-3066551bae17:$DATA"
File:"Unknown ADS","C:\Users\Todos os Usuários\AVG2013\Chjw\ea0c9fac0c9f71f5.dat:6daf8e38-71e0-474c-b988-462a61232874:$DATA"
File:"Unknown ADS","C:\Users\Todos os Usuários\AVG2013\Chjw\ea0c9fac0c9f71f5.dat:f51f0a77-20a7-4c33-99f8-592f8ef56277:$DATA"
File:"No admin in ACL","C:\Users\All Users\Real\setup\config.ini"
File:"No admin in ACL","C:\Users\All Users\LG Software\LG Smart Share\subtitles"
File:"Unknown ADS","C:\Users\All Users\AVG2013\Chjw\4c92873192871f18.dat:c5272721-b041-4f0e-9e56-f5041ed6a83a:$DATA"
File:"Unknown ADS","C:\Users\All Users\AVG2013\Chjw\8884366784365840.dat:17d90527-9dc9-4b5b-8812-404eac8d5010:$DATA"
File:"Unknown ADS","C:\Users\All Users\AVG2013\Chjw\8884366784365840.dat:7d939d40-d366-4046-9020-d11e1b36db63:$DATA"
File:"Unknown ADS","C:\Users\All Users\AVG2013\Chjw\acd88ad0d88a986a.dat:1e6db47c-5599-4448-8647-8a352de6e507:$DATA"
File:"Unknown ADS","C:\Users\All Users\AVG2013\Chjw\ea0c9fac0c9f71f5.dat:6648c82e-a3ee-402f-bc68-3066551bae17:$DATA"
File:"Unknown ADS","C:\Users\All Users\AVG2013\Chjw\ea0c9fac0c9f71f5.dat:6daf8e38-71e0-474c-b988-462a61232874:$DATA"
File:"Unknown ADS","C:\Users\All Users\AVG2013\Chjw\ea0c9fac0c9f71f5.dat:f51f0a77-20a7-4c33-99f8-592f8ef56277:$DATA"
File:"No admin in ACL","C:\ProgramData\Real\setup\config.ini"
File:"No admin in ACL","C:\ProgramData\LG Software\LG Smart Share\subtitles"
File:"Unknown ADS","C:\ProgramData\AVG2013\Chjw\4c92873192871f18.dat:c5272721-b041-4f0e-9e56-f5041ed6a83a:$DATA"
File:"Unknown ADS","C:\ProgramData\AVG2013\Chjw\8884366784365840.dat:17d90527-9dc9-4b5b-8812-404eac8d5010:$DATA"
File:"Unknown ADS","C:\ProgramData\AVG2013\Chjw\8884366784365840.dat:7d939d40-d366-4046-9020-d11e1b36db63:$DATA"
File:"Unknown ADS","C:\ProgramData\AVG2013\Chjw\acd88ad0d88a986a.dat:1e6db47c-5599-4448-8647-8a352de6e507:$DATA"
File:"Unknown ADS","C:\ProgramData\AVG2013\Chjw\ea0c9fac0c9f71f5.dat:6648c82e-a3ee-402f-bc68-3066551bae17:$DATA"
File:"Unknown ADS","C:\ProgramData\AVG2013\Chjw\ea0c9fac0c9f71f5.dat:6daf8e38-71e0-474c-b988-462a61232874:$DATA"
File:"Unknown ADS","C:\ProgramData\AVG2013\Chjw\ea0c9fac0c9f71f5.dat:f51f0a77-20a7-4c33-99f8-592f8ef56277:$DATA"
RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Applets\SysTray\BattMeter\","Flyout"
RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Wow6432Node\Microsoft\Security Center\","Svc"
I've ran aswMBR and it found a unknown mbr code! Here's the log:
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-07-10 03:41:43
-----------------------------
03:41:43.600 OS Version: Windows x64 6.1.7601 Service Pack 1
03:41:43.600 Number of processors: 4 586 0x3A09
03:41:43.601 ComputerName: VINÍCIUS-PC UserName: Vinícius
03:41:43.744 Initialze error 1
03:41:56.179 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
03:41:56.182 Disk 0 Vendor: TOSHIBA_ AX00 Size: 476940MB BusType: 3
03:41:56.217 Disk 0 MBR read successfully
03:41:56.220 Disk 0 MBR scan
03:41:56.224 Disk 0 unknown MBR code
03:41:56.238 Disk 0 Partition 1 00 EE GPT 476940 MB offset 1
03:41:56.243 Disk 0 scanning C:\Windows\system32\drivers
03:41:56.247 Service scanning
03:41:56.811 Modules scanning
03:41:56.816 Disk 0 trace - called modules:
03:41:56.822 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
03:41:56.827 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065b3790]
03:41:56.833 3 CLASSPNP.SYS[fffff88001cec43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80065b2050]
03:41:56.838 Scan finished successfully
03:54:57.524 Disk 0 MBR has been saved successfully to "C:\Users\Vinícius\Desktop\MBR.dat"
03:54:57.531 The log file has been saved successfully to "C:\Users\Vinícius\Desktop\aswMBR.txt"