DOS'owski wirus Spirit, co zrobić?

Dla specjalistów Bezpieczeństwo
#1

Witam!

Wczoraj przywlokłem ze szkoły komputer.

Baaardzo stary jeszcze z DOS’em.

Otóż rozkręciłem i znalazłem dysk ATA, jakiś stary bardzo.

Odczepiłem napęd w komputerze (mam tylko jeden port ATA)

i podczepiłem dysk, włączam komputer a tu coś pisze ze dos itd, czarny ekran, taka konsola dos’owska.

Otóż odczepiam, i włączam i po załadowaniu wszystkiego kasperski mi wylatuje z powiadomieniem “znaleziono spirit wirus” i daje usuń ale nie chce się usunąć.

Cofnąłem system do wczoraj i nic.

Cały czas to wyskakuje.

W internecie odkopałem tematy z roku 2000/1/2/3/4 i było coś napisane o dyskietkach. Ale to dla mnie nie możliwe bo nie mam ani stacji dyskietek ani dyskietki ani co najgorsze wejścia na stacje dyskietek w płycie głównej.

Właśnie ściągam najnowszy mksvir_9 i zobacze.

Proszę o jak najszybsze odpowiedzi.

Nie chcę formatować dysku bo mam tam barrrdzo dużo danych, a z tego co wyczytalem format nie pomaga.

Gdy komputer się włącza trwa to 20/30x dłużej niż zwykle i czasami pulpit nie startuje.

Jest on baaaardzo wolny, a mam komputer z praktycznie nowymi częściami mają niecałe 2 miesiące.

Daje logi z programów MBRCheck i TDSSKiller

MbrCheck:

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Home Edition

Windows Information: Dodatek Service Pack 2 (build 2600)

Logical Drives Mask: 0x000007fc

Kernel Drivers (total 128):

0x804D7000 \WINDOWS\system32\ntkrnlpa.exe

0x806E2000 \WINDOWS\system32\hal.dll

0xB85A8000 \WINDOWS\system32\KDCOM.DLL

0xB84B8000 \WINDOWS\system32\BOOTVID.dll

0xB7EB4000 spkt.sys

0xB85AA000 \WINDOWS\System32\Drivers\WMILIB.SYS

0xB7E9C000 \WINDOWS\System32\Drivers\SCSIPORT.SYS

0xB7E6D000 ACPI.sys

0xB7E5C000 pci.sys

0xB80A8000 isapnp.sys

0xB8670000 pciide.sys

0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

0xB80B8000 MountMgr.sys

0xB7E3D000 ftdisk.sys

0xB8330000 PartMgr.sys

0xB80C8000 VolSnap.sys

0xB7E25000 atapi.sys

0xB7DF9000 nvgts.sys

0xB80D8000 disk.sys

0xB80E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

0xB7DDA000 fltMgr.sys

0xB7DC8000 sr.sys

0xB8338000 PxHelp20.sys

0xB7DB1000 KSecDD.sys

0xB7D24000 Ntfs.sys

0xB7CF7000 NDIS.sys

0xB7CDC000 Mup.sys

0xB8340000 mksidsa.sys

0xB8308000 \SystemRoot\system32\DRIVERS\AmdPPM.sys

0xB6D7F000 \SystemRoot\system32\DRIVERS\parport.sys

0xB85F4000 \SystemRoot\system32\DRIVERS\ASACPI.sys

0xB6E5F000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0xB8418000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0xB6D6E000 \SystemRoot\system32\DRIVERS\serial.sys

0xB7CA4000 \SystemRoot\system32\DRIVERS\serenum.sys

0xB8420000 \SystemRoot\system32\DRIVERS\usbohci.sys

0xB6D4B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0xB8428000 \SystemRoot\system32\DRIVERS\usbehci.sys

0xB6D26000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0xB6E4F000 \SystemRoot\system32\DRIVERS\imapi.sys

0xB6E3F000 \SystemRoot\system32\DRIVERS\cdrom.sys

0xB6E2F000 \SystemRoot\system32\DRIVERS\redbook.sys

0xB6D03000 \SystemRoot\system32\DRIVERS\ks.sys

0xB8430000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0xB8438000 \SystemRoot\system32\DRIVERS\nvnetbus.sys

0xB6340000 \SystemRoot\system32\DRIVERS\nv4_mini.sys

0xB623A000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

0xB61C4000 \SystemRoot\System32\Drivers\aq0e30ki.SYS

0xB8757000 \SystemRoot\system32\DRIVERS\audstub.sys

0xB6E0F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0xB8550000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0xB619A000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0xB6DFF000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0xB6DEF000 \SystemRoot\system32\DRIVERS\raspptp.sys

0xB84B0000 \SystemRoot\system32\DRIVERS\TDI.SYS

0xB6189000 \SystemRoot\system32\DRIVERS\psched.sys

0xB6DCF000 \SystemRoot\system32\DRIVERS\msgpc.sys

0xB83D0000 \SystemRoot\system32\DRIVERS\ptilink.sys

0xB83D8000 \SystemRoot\system32\DRIVERS\raspti.sys

0xB81D8000 \SystemRoot\system32\DRIVERS\termdd.sys

0xB8380000 \SystemRoot\system32\DRIVERS\mouclass.sys

0xB860A000 \SystemRoot\system32\DRIVERS\swenum.sys

0xB5C31000 \SystemRoot\system32\DRIVERS\update.sys

0xB6D97000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0xB82B8000 \SystemRoot\system32\DRIVERS\wsimd.sys

0xB82C8000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xB3DFE000 \SystemRoot\system32\DRIVERS\usbhub.sys

0xB85B0000 \SystemRoot\system32\DRIVERS\USBD.SYS

0xB3DBE000 \SystemRoot\system32\drivers\nvhda32.sys

0xB1A1E000 \SystemRoot\system32\drivers\portcls.sys

0xB3DAE000 \SystemRoot\system32\drivers\drmk.sys

0xAEB6E000 \SystemRoot\system32\drivers\viahduaa.sys

0xB3F91000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xB869B000 \SystemRoot\System32\Drivers\Null.SYS

0xB3F8F000 \SystemRoot\System32\Drivers\Beep.SYS

0xAE695000 \SystemRoot\system32\DRIVERS\ehdrv.sys

0xB3E0E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0xB1E7E000 \SystemRoot\System32\drivers\vga.sys

0xB3945000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xB3943000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xB1E76000 \SystemRoot\System32\Drivers\Msfs.SYS

0xB1E6E000 \SystemRoot\System32\Drivers\Npfs.SYS

0xB3B00000 \SystemRoot\system32\DRIVERS\rasacd.sys

0xAE612000 \SystemRoot\system32\DRIVERS\ipsec.sys

0xAE5BA000 \SystemRoot\system32\DRIVERS\tcpip.sys

0xB1E66000 ??\C:\WINDOWS\system32\mksfwallt.sys

0xAE599000 \SystemRoot\system32\DRIVERS\ipnat.sys

0xAE571000 \SystemRoot\system32\DRIVERS\netbt.sys

0xB38B5000 \SystemRoot\system32\DRIVERS\wanarp.sys

0xAE559000 \SystemRoot\system32\DRIVERS\epfwtdir.sys

0xAE537000 \SystemRoot\System32\drivers\afd.sys

0xB3895000 \SystemRoot\system32\DRIVERS\netbios.sys

0xAE4E3000 \SystemRoot\system32\DRIVERS\rdbss.sys

0xAE474000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xB1E5E000 ??\C:\WINDOWS\system32\mksfwallf.sys

0xB1F0D000 \SystemRoot\System32\Drivers\Fips.SYS

0xB3AE4000 \SystemRoot\system32\DRIVERS\hidusb.sys

0xB0929000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0xB86DC000 \SystemRoot\system32\drivers\AsIO.sys

0xACF45000 \SystemRoot\system32\DRIVERS\athuw.sys

0xAE52F000 \SystemRoot\system32\DRIVERS\mouhid.sys

0xB19A6000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0xB08F9000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xB1EAA000 \SystemRoot\System32\Drivers\dump_diskdump.sys

0xA5FDD000 \SystemRoot\System32\Drivers\dump_nvgts.sys

0xBF800000 \SystemRoot\System32\win32k.sys

0xB4228000 \SystemRoot\System32\drivers\Dxapi.sys

0xAE63D000 \SystemRoot\System32\watchdog.sys

0xBD000000 \SystemRoot\System32\drivers\dxg.sys

0xA744B000 \SystemRoot\System32\drivers\dxgthk.sys

0xBD012000 \SystemRoot\System32\nv4_disp.dll

0xA5D36000 \SystemRoot\system32\DRIVERS\eamon.sys

0xAE50F000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0xA5D09000 \SystemRoot\system32\DRIVERS\mrxdav.sys

0xAA57B000 \SystemRoot\System32\Drivers\ParVdm.SYS

0xAA579000 \SystemRoot\System32\Drivers\TBPanel.SYS

0xA5C9E000 \SystemRoot\system32\DRIVERS\atksgt.sys

0xB83C8000 \SystemRoot\system32\DRIVERS\lirsgt.sys

0xA5BF7000 \SystemRoot\system32\DRIVERS\srv.sys

0xB8460000 ??\C:\Program Files\mks_vir_9\bin\MksMonFd.sys

0xA58EA000 ??\C:\Program Files\mks_vir_9\bin\MksMonEn.sys

0xA58CE000 ??\C:\Program Files\mks_vir_9\bin\MksMonEv.sys

0xA57F1000 \SystemRoot\system32\drivers\wdmaud.sys

0xA5B17000 \SystemRoot\system32\drivers\sysaudio.sys

0xA5559000 \SystemRoot\System32\Drivers\HTTP.sys

0xA3F24000 \SystemRoot\system32\drivers\kmixer.sys

0x7C900000 \WINDOWS\system32\ntdll.dll

0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll

Processes (total 53):

0 System Idle Process

4 System

776 C:\WINDOWS\system32\smss.exe

824 csrss.exe

852 C:\WINDOWS\system32\winlogon.exe

896 C:\WINDOWS\system32\services.exe

908 C:\WINDOWS\system32\lsass.exe

1068 C:\WINDOWS\system32\nvsvc32.exe

1092 C:\WINDOWS\system32\svchost.exe

1140 svchost.exe

1180 C:\WINDOWS\system32\svchost.exe

1280 svchost.exe

1312 svchost.exe

1660 C:\WINDOWS\system32\spoolsv.exe

1708 C:\WINDOWS\system32\acs.exe

1756 svchost.exe

1796 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

1808 C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe

1836 C:\Program Files\Bonjour\mDNSResponder.exe

1860 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

1904 C:\Program Files\Java\jre6\bin\jqs.exe

1932 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

612 HP1006MC.EXE

772 alg.exe

2248 C:\WINDOWS\system32\wscntfy.exe

2936 C:\WINDOWS\explorer.exe

3348 wmiprvse.exe

3664 C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe

3680 C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe

3740 C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe

3792 C:\Program Files\iTunes\iTunesHelper.exe

3864 C:\Program Files\Real\RealPlayer\Update\realsched.exe

3896 C:\WINDOWS\system32\rundll32.exe

3968 C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

4056 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

2720 C:\Program Files\Common Files\Java\Java Update\jusched.exe

3708 C:\WINDOWS\system32\wuauclt.exe

2420 C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe

2820 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

1536 C:\Program Files\mks_vir_9\bin\mks_9.exe

2972 C:\WINDOWS\system32\ctfmon.exe

3008 C:\WINDOWS\system32\wbem\unsecapp.exe

248 C:\Program Files\Vtune\TBPANEL.exe

3132 C:\Program Files\Messenger\msmsgs.exe

1452 C:\Program Files\GameShadow\GameShadow.exe

3692 wmiprvse.exe

3840 C:\Program Files\iPod\bin\iPodService.exe

2196 C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe

2152 C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe

2352 C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe

3816 C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe

3756 C:\Program Files\Picasa2\Picasa3.exe

676 C:\Documents and Settings\Kuba\Pulpit\MBRCheck.exe

\.\C: --> \.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

\.\D: --> \.\PhysicalDrive0 at offset 0x00000030`d3cbae00 (NTFS)

\.\E: --> \.\PhysicalDrive0 at offset 0x00000061`a796de00 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000AADS-00M2B0, Rev: 01.00A01

Size Device Name MBR Status

465 GB \.\PhysicalDrive0 Unknown MBR code

SHA1: 6D503C32A6BB5ECDCCB9EFDD3E113856E145005C

Found non-standard or infected MBR.

Enter ‘Y’ and hit ENTER for more options, or ‘N’ to exit:

Done!

TDSSKiller:

2011/05/13 20:28:46.0109 0748 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29

2011/05/13 20:28:46.0359 0748 ================================================================================

2011/05/13 20:28:46.0359 0748 SystemInfo:

2011/05/13 20:28:46.0359 0748

2011/05/13 20:28:46.0359 0748 OS Version: 5.1.2600 ServicePack: 2.0

2011/05/13 20:28:46.0359 0748 Product type: Workstation

2011/05/13 20:28:46.0359 0748 ComputerName: KUBUS

2011/05/13 20:28:46.0359 0748 UserName: Kuba

2011/05/13 20:28:46.0359 0748 Windows directory: C:\WINDOWS

2011/05/13 20:28:46.0359 0748 System windows directory: C:\WINDOWS

2011/05/13 20:28:46.0359 0748 Processor architecture: Intel x86

2011/05/13 20:28:46.0359 0748 Number of processors: 2

2011/05/13 20:28:46.0359 0748 Page size: 0x1000

2011/05/13 20:28:46.0359 0748 Boot type: Normal boot

2011/05/13 20:28:46.0359 0748 ================================================================================

2011/05/13 20:28:47.0000 0748 Initialize success

2011/05/13 20:28:49.0781 1228 ================================================================================

2011/05/13 20:28:49.0781 1228 Scan started

2011/05/13 20:28:49.0781 1228 Mode: Manual;

2011/05/13 20:28:49.0781 1228 ================================================================================

2011/05/13 20:28:50.0750 1228 ACPI (a966410ecf83b81f3b0b8e07a71957d4) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/05/13 20:28:50.0796 1228 ACPIEC (66a42b7db194e24b973bbcce840a0f3f) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/05/13 20:28:50.0843 1228 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys

2011/05/13 20:28:50.0906 1228 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys

2011/05/13 20:28:50.0984 1228 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys

2011/05/13 20:28:51.0046 1228 AR9271 (8e2257584b2c52d44b4cb1949947d885) C:\WINDOWS\system32\DRIVERS\athuw.sys

2011/05/13 20:28:51.0093 1228 AsIO (9d8cb58b9a9e177ddd599791a58a654d) C:\WINDOWS\system32\drivers\AsIO.sys

2011/05/13 20:28:51.0125 1228 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/05/13 20:28:51.0140 1228 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/05/13 20:28:51.0234 1228 atksgt (3c4b9850a2631c2263507400d029057b) C:\WINDOWS\system32\DRIVERS\atksgt.sys

2011/05/13 20:28:51.0281 1228 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/05/13 20:28:51.0328 1228 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/05/13 20:28:51.0359 1228 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/05/13 20:28:51.0390 1228 Cardex (04e1c782cf14b7282ebc633b0fd3ed16) C:\WINDOWS\system32\drivers\TBPANEL.SYS

2011/05/13 20:28:51.0421 1228 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/05/13 20:28:51.0593 1228 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/05/13 20:28:51.0625 1228 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/05/13 20:28:51.0671 1228 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/05/13 20:28:51.0765 1228 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/05/13 20:28:51.0828 1228 dmboot (3b809ffad55dcebdb156d5ca1bd3da65) C:\WINDOWS\system32\drivers\dmboot.sys

2011/05/13 20:28:51.0875 1228 dmio (27725b6501201c3080ba73048bce389a) C:\WINDOWS\system32\drivers\dmio.sys

2011/05/13 20:28:51.0906 1228 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/05/13 20:28:51.0937 1228 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

2011/05/13 20:28:51.0968 1228 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/05/13 20:28:52.0000 1228 eamon (1ceb779239965000b8f6adee17d4515b) C:\WINDOWS\system32\DRIVERS\eamon.sys

2011/05/13 20:28:52.0031 1228 ehdrv (7d300a43a7bd8769e0f901bf9e1ae367) C:\WINDOWS\system32\DRIVERS\ehdrv.sys

2011/05/13 20:28:52.0109 1228 epfwtdir (ecd5f68e32ff5c6a728eb03dc892ae7f) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys

2011/05/13 20:28:52.0156 1228 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/05/13 20:28:52.0203 1228 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys

2011/05/13 20:28:52.0218 1228 Fips (c5fb298257c0a6514ea17835e774ea0a) C:\WINDOWS\system32\drivers\Fips.sys

2011/05/13 20:28:52.0250 1228 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/05/13 20:28:52.0281 1228 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2011/05/13 20:28:52.0343 1228 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/05/13 20:28:52.0359 1228 Ftdisk (ed6d921d8ab423138fb35beee6d6a6cb) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/05/13 20:28:52.0421 1228 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/05/13 20:28:52.0453 1228 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/05/13 20:28:52.0484 1228 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/05/13 20:28:52.0531 1228 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/05/13 20:28:52.0593 1228 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/05/13 20:28:52.0687 1228 i8042prt (2656fdfe0a7916c3a16f374454c55dd9) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/05/13 20:28:52.0718 1228 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/05/13 20:28:52.0781 1228 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2011/05/13 20:28:52.0859 1228 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/05/13 20:28:52.0906 1228 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/05/13 20:28:52.0953 1228 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/05/13 20:28:53.0015 1228 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/05/13 20:28:53.0062 1228 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/05/13 20:28:53.0093 1228 isapnp (01a9e68528f4f34e5702123d27c67bd4) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/05/13 20:28:53.0109 1228 Kbdclass (cc13db862f929ae33f64c3bedc01cd31) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/05/13 20:28:53.0187 1228 kbdhid (831be9197bdace6bdcac1bfdbe1c380f) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/05/13 20:28:53.0250 1228 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys

2011/05/13 20:28:53.0281 1228 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/05/13 20:28:53.0328 1228 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\WINDOWS\system32\DRIVERS\lirsgt.sys

2011/05/13 20:28:53.0390 1228 mksfwallf (4ae370a4cbd06479489e042b249b8892) C:\WINDOWS\system32\mksfwallf.sys

2011/05/13 20:28:53.0453 1228 mksfwallt (2be7459ccd859b96d76c4cf63feafe49) C:\WINDOWS\system32\mksfwallt.sys

2011/05/13 20:28:53.0484 1228 mksidsa (b6e21caf31be4870ae75bf46c80d8404) C:\WINDOWS\system32\mksidsa.sys

2011/05/13 20:28:53.0625 1228 MksMonEn (cd0122f8ee4ae987791ce87ae0094844) C:\Program Files\mks_vir_9\bin\MksMonEn.sys

2011/05/13 20:28:53.0671 1228 MksMonEv (6478c0660b2a3806c26d941460871536) C:\Program Files\mks_vir_9\bin\MksMonEv.sys

2011/05/13 20:28:53.0687 1228 MksMonFd (3bfae9bf6a2fc76d33985e64b4948dc6) C:\Program Files\mks_vir_9\bin\MksMonFd.sys

2011/05/13 20:28:53.0734 1228 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/05/13 20:28:53.0781 1228 Modem (15f33d12d604d0198ce5561f102cd9c5) C:\WINDOWS\system32\drivers\Modem.sys

2011/05/13 20:28:53.0828 1228 Mouclass (69c12b99ae8b6b99ec314e9b99833728) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/05/13 20:28:53.0890 1228 mouhid (ecec1e6cd558ab80f944f31326e9d3b5) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/05/13 20:28:53.0937 1228 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/05/13 20:28:53.0984 1228 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/05/13 20:28:54.0031 1228 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/05/13 20:28:54.0093 1228 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

2011/05/13 20:28:54.0140 1228 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/05/13 20:28:54.0187 1228 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/05/13 20:28:54.0203 1228 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/05/13 20:28:54.0203 1228 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/05/13 20:28:54.0234 1228 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys

2011/05/13 20:28:54.0250 1228 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

2011/05/13 20:28:54.0328 1228 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

2011/05/13 20:28:54.0390 1228 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/05/13 20:28:54.0406 1228 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/05/13 20:28:54.0437 1228 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/05/13 20:28:54.0484 1228 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/05/13 20:28:54.0515 1228 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/05/13 20:28:54.0546 1228 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/05/13 20:28:54.0671 1228 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

2011/05/13 20:28:54.0703 1228 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/05/13 20:28:54.0750 1228 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/05/13 20:28:54.0937 1228 nv (cd9ed87b4fc6ec41d3b5be0b923843fc) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/05/13 20:28:55.0296 1228 NVENETFD (c61927d27b75ed56723f2508f1a6b1be) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

2011/05/13 20:28:55.0328 1228 nvgts (52dce3b30c9d61c8e20fe3c6da4bdfb7) C:\WINDOWS\system32\DRIVERS\nvgts.sys

2011/05/13 20:28:55.0359 1228 NVHDA (2d2b7b3ad297c659efa1d02852ca9860) C:\WINDOWS\system32\drivers\nvhda32.sys

2011/05/13 20:28:55.0390 1228 nvnetbus (c529b614ef88be0f62b886c67b516550) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

2011/05/13 20:28:55.0437 1228 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/05/13 20:28:55.0468 1228 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/05/13 20:28:55.0546 1228 Parport (2ff48d8fdc815a8492fb2bd81e6999c2) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/05/13 20:28:55.0593 1228 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/05/13 20:28:55.0625 1228 ParVdm (453ec2c2a20a1382f564541918520eeb) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/05/13 20:28:55.0656 1228 PCI (5fd05c92ec56f696eaa50b68cef1b84a) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/05/13 20:28:55.0703 1228 PCIIde (548cf2d6369eae441a4c6baa75bc4f0a) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/05/13 20:28:55.0734 1228 Pcmcia (2849812217ecec059cb45f80eb6e52d4) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/05/13 20:28:55.0875 1228 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/05/13 20:28:55.0921 1228 Processor (0914733fb2fc58f69cda0e929bf2df22) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/05/13 20:28:55.0953 1228 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/05/13 20:28:56.0015 1228 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/05/13 20:28:56.0046 1228 PxHelp20 (183ef96bcc2ec3d5294cb2c2c0ecbcd1) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/05/13 20:28:56.0140 1228 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/05/13 20:28:56.0156 1228 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/05/13 20:28:56.0187 1228 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/05/13 20:28:56.0218 1228 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/05/13 20:28:56.0234 1228 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/05/13 20:28:56.0359 1228 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/05/13 20:28:56.0390 1228 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/05/13 20:28:56.0421 1228 redbook (bddcece9acdad26841c987d10376f6f7) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/05/13 20:28:56.0484 1228 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/05/13 20:28:56.0515 1228 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/05/13 20:28:56.0531 1228 Serial (859bc6f8c3d58cfda9181e9926c7ddb9) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/05/13 20:28:56.0593 1228 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/05/13 20:28:56.0671 1228 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys

2011/05/13 20:28:56.0734 1228 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys

2011/05/13 20:28:56.0734 1228 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505

2011/05/13 20:28:56.0734 1228 sptd - detected LockedFile.Multi.Generic (1)

2011/05/13 20:28:56.0734 1228 sr (6145ca23bccda679a772ec0af42d6eb5) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/05/13 20:28:56.0796 1228 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/05/13 20:28:56.0828 1228 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/05/13 20:28:56.0843 1228 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

2011/05/13 20:28:56.0921 1228 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/05/13 20:28:56.0984 1228 TBPanel (04e1c782cf14b7282ebc633b0fd3ed16) C:\WINDOWS\system32\drivers\TBPanel.sys

2011/05/13 20:28:57.0031 1228 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/05/13 20:28:57.0125 1228 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/05/13 20:28:57.0156 1228 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/05/13 20:28:57.0187 1228 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/05/13 20:28:57.0250 1228 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

2011/05/13 20:28:57.0312 1228 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys

2011/05/13 20:28:57.0343 1228 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/05/13 20:28:57.0390 1228 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/05/13 20:28:57.0406 1228 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/05/13 20:28:57.0421 1228 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2011/05/13 20:28:57.0453 1228 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/05/13 20:28:57.0500 1228 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/05/13 20:28:57.0531 1228 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

2011/05/13 20:28:57.0609 1228 VIAHdAudAddService (cbc1ce0a1fce0deed4f6f093be91d132) C:\WINDOWS\system32\drivers\viahduaa.sys

2011/05/13 20:28:57.0687 1228 VolSnap (ecd173739b8ec10a814cc18653df5a36) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/05/13 20:28:57.0734 1228 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/05/13 20:28:57.0812 1228 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys

2011/05/13 20:28:57.0875 1228 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/05/13 20:28:57.0921 1228 WSIMD (0091d78c5f8fde0cdf2b214823de6e48) C:\WINDOWS\system32\DRIVERS\wsimd.sys

2011/05/13 20:28:57.0968 1228 xusb21 (09e5340bd9b2cb730bf4dc6be7721291) C:\WINDOWS\system32\DRIVERS\xusb21.sys

2011/05/13 20:28:58.0140 1228 \HardDisk0 - detected Rootkit.Win32.BackBoot.gen (1)

2011/05/13 20:28:58.0140 1228 ================================================================================

2011/05/13 20:28:58.0140 1228 Scan finished

2011/05/13 20:28:58.0140 1228 ================================================================================

2011/05/13 20:28:58.0140 2596 Detected object count: 2

2011/05/13 20:29:28.0218 2596 LockedFile.Multi.Generic(sptd) - User select action: Skip

2011/05/13 20:29:28.0218 2596 Rootkit.Win32.BackBoot.gen(\HardDisk0) - User select action: Skip

2011/05/13 20:29:33.0593 0692 ================================================================================

2011/05/13 20:29:33.0593 0692 Scan started

2011/05/13 20:29:33.0593 0692 Mode: Manual;

2011/05/13 20:29:33.0593 0692 ================================================================================

2011/05/13 20:29:34.0093 0692 ACPI (a966410ecf83b81f3b0b8e07a71957d4) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/05/13 20:29:34.0125 0692 ACPIEC (66a42b7db194e24b973bbcce840a0f3f) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/05/13 20:29:34.0156 0692 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys

2011/05/13 20:29:34.0203 0692 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys

2011/05/13 20:29:34.0250 0692 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys

2011/05/13 20:29:34.0296 0692 AR9271 (8e2257584b2c52d44b4cb1949947d885) C:\WINDOWS\system32\DRIVERS\athuw.sys

2011/05/13 20:29:34.0343 0692 AsIO (9d8cb58b9a9e177ddd599791a58a654d) C:\WINDOWS\system32\drivers\AsIO.sys

2011/05/13 20:29:34.0375 0692 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/05/13 20:29:34.0375 0692 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/05/13 20:29:34.0421 0692 atksgt (3c4b9850a2631c2263507400d029057b) C:\WINDOWS\system32\DRIVERS\atksgt.sys

2011/05/13 20:29:34.0437 0692 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/05/13 20:29:34.0468 0692 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/05/13 20:29:34.0515 0692 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/05/13 20:29:34.0531 0692 Cardex (04e1c782cf14b7282ebc633b0fd3ed16) C:\WINDOWS\system32\drivers\TBPANEL.SYS

2011/05/13 20:29:34.0562 0692 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/05/13 20:29:34.0593 0692 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/05/13 20:29:34.0593 0692 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/05/13 20:29:34.0625 0692 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/05/13 20:29:34.0687 0692 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/05/13 20:29:34.0718 0692 dmboot (3b809ffad55dcebdb156d5ca1bd3da65) C:\WINDOWS\system32\drivers\dmboot.sys

2011/05/13 20:29:34.0750 0692 dmio (27725b6501201c3080ba73048bce389a) C:\WINDOWS\system32\drivers\dmio.sys

2011/05/13 20:29:34.0765 0692 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/05/13 20:29:34.0812 0692 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

2011/05/13 20:29:34.0828 0692 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/05/13 20:29:34.0859 0692 eamon (1ceb779239965000b8f6adee17d4515b) C:\WINDOWS\system32\DRIVERS\eamon.sys

2011/05/13 20:29:34.0875 0692 ehdrv (7d300a43a7bd8769e0f901bf9e1ae367) C:\WINDOWS\system32\DRIVERS\ehdrv.sys

2011/05/13 20:29:34.0890 0692 epfwtdir (ecd5f68e32ff5c6a728eb03dc892ae7f) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys

2011/05/13 20:29:34.0921 0692 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/05/13 20:29:34.0937 0692 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys

2011/05/13 20:29:34.0953 0692 Fips (c5fb298257c0a6514ea17835e774ea0a) C:\WINDOWS\system32\drivers\Fips.sys

2011/05/13 20:29:34.0968 0692 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/05/13 20:29:34.0984 0692 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2011/05/13 20:29:35.0000 0692 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/05/13 20:29:35.0015 0692 Ftdisk (ed6d921d8ab423138fb35beee6d6a6cb) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/05/13 20:29:35.0031 0692 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/05/13 20:29:35.0109 0692 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/05/13 20:29:35.0140 0692 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/05/13 20:29:35.0203 0692 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/05/13 20:29:35.0250 0692 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/05/13 20:29:35.0296 0692 i8042prt (2656fdfe0a7916c3a16f374454c55dd9) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/05/13 20:29:35.0312 0692 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/05/13 20:29:35.0359 0692 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2011/05/13 20:29:35.0375 0692 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/05/13 20:29:35.0390 0692 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/05/13 20:29:35.0406 0692 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/05/13 20:29:35.0437 0692 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/05/13 20:29:35.0453 0692 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/05/13 20:29:35.0500 0692 isapnp (01a9e68528f4f34e5702123d27c67bd4) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/05/13 20:29:35.0500 0692 Kbdclass (cc13db862f929ae33f64c3bedc01cd31) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/05/13 20:29:35.0546 0692 kbdhid (831be9197bdace6bdcac1bfdbe1c380f) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/05/13 20:29:35.0562 0692 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys

2011/05/13 20:29:35.0578 0692 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/05/13 20:29:35.0625 0692 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\WINDOWS\system32\DRIVERS\lirsgt.sys

2011/05/13 20:29:35.0671 0692 mksfwallf (4ae370a4cbd06479489e042b249b8892) C:\WINDOWS\system32\mksfwallf.sys

2011/05/13 20:29:35.0687 0692 mksfwallt (2be7459ccd859b96d76c4cf63feafe49) C:\WINDOWS\system32\mksfwallt.sys

2011/05/13 20:29:35.0718 0692 mksidsa (b6e21caf31be4870ae75bf46c80d8404) C:\WINDOWS\system32\mksidsa.sys

2011/05/13 20:29:35.0843 0692 MksMonEn (cd0122f8ee4ae987791ce87ae0094844) C:\Program Files\mks_vir_9\bin\MksMonEn.sys

2011/05/13 20:29:35.0875 0692 MksMonEv (6478c0660b2a3806c26d941460871536) C:\Program Files\mks_vir_9\bin\MksMonEv.sys

2011/05/13 20:29:35.0890 0692 MksMonFd (3bfae9bf6a2fc76d33985e64b4948dc6) C:\Program Files\mks_vir_9\bin\MksMonFd.sys

2011/05/13 20:29:35.0921 0692 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/05/13 20:29:35.0953 0692 Modem (15f33d12d604d0198ce5561f102cd9c5) C:\WINDOWS\system32\drivers\Modem.sys

2011/05/13 20:29:35.0984 0692 Mouclass (69c12b99ae8b6b99ec314e9b99833728) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/05/13 20:29:36.0015 0692 mouhid (ecec1e6cd558ab80f944f31326e9d3b5) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/05/13 20:29:36.0046 0692 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/05/13 20:29:36.0062 0692 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/05/13 20:29:36.0093 0692 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/05/13 20:29:36.0109 0692 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

2011/05/13 20:29:36.0140 0692 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/05/13 20:29:36.0171 0692 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/05/13 20:29:36.0187 0692 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/05/13 20:29:36.0187 0692 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/05/13 20:29:36.0203 0692 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys

2011/05/13 20:29:36.0218 0692 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

2011/05/13 20:29:36.0218 0692 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

2011/05/13 20:29:36.0250 0692 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/05/13 20:29:36.0265 0692 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/05/13 20:29:36.0281 0692 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/05/13 20:29:36.0281 0692 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/05/13 20:29:36.0296 0692 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/05/13 20:29:36.0312 0692 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/05/13 20:29:36.0328 0692 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

2011/05/13 20:29:36.0343 0692 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/05/13 20:29:36.0375 0692 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/05/13 20:29:36.0562 0692 nv (cd9ed87b4fc6ec41d3b5be0b923843fc) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/05/13 20:29:36.0640 0692 NVENETFD (c61927d27b75ed56723f2508f1a6b1be) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

2011/05/13 20:29:36.0640 0692 nvgts (52dce3b30c9d61c8e20fe3c6da4bdfb7) C:\WINDOWS\system32\DRIVERS\nvgts.sys

2011/05/13 20:29:36.0671 0692 NVHDA (2d2b7b3ad297c659efa1d02852ca9860) C:\WINDOWS\system32\drivers\nvhda32.sys

2011/05/13 20:29:36.0703 0692 nvnetbus (c529b614ef88be0f62b886c67b516550) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

2011/05/13 20:29:36.0734 0692 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/05/13 20:29:36.0750 0692 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/05/13 20:29:36.0781 0692 Parport (2ff48d8fdc815a8492fb2bd81e6999c2) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/05/13 20:29:36.0796 0692 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/05/13 20:29:36.0812 0692 ParVdm (453ec2c2a20a1382f564541918520eeb) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/05/13 20:29:36.0843 0692 PCI (5fd05c92ec56f696eaa50b68cef1b84a) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/05/13 20:29:36.0875 0692 PCIIde (548cf2d6369eae441a4c6baa75bc4f0a) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/05/13 20:29:36.0890 0692 Pcmcia (2849812217ecec059cb45f80eb6e52d4) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/05/13 20:29:36.0984 0692 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/05/13 20:29:37.0000 0692 Processor (0914733fb2fc58f69cda0e929bf2df22) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/05/13 20:29:37.0015 0692 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/05/13 20:29:37.0015 0692 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/05/13 20:29:37.0046 0692 PxHelp20 (183ef96bcc2ec3d5294cb2c2c0ecbcd1) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/05/13 20:29:37.0109 0692 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/05/13 20:29:37.0125 0692 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/05/13 20:29:37.0125 0692 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/05/13 20:29:37.0140 0692 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/05/13 20:29:37.0156 0692 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/05/13 20:29:37.0171 0692 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/05/13 20:29:37.0203 0692 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/05/13 20:29:37.0218 0692 redbook (bddcece9acdad26841c987d10376f6f7) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/05/13 20:29:37.0250 0692 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/05/13 20:29:37.0265 0692 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/05/13 20:29:37.0281 0692 Serial (859bc6f8c3d58cfda9181e9926c7ddb9) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/05/13 20:29:37.0296 0692 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/05/13 20:29:37.0359 0692 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys

2011/05/13 20:29:37.0390 0692 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys

2011/05/13 20:29:37.0390 0692 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505

2011/05/13 20:29:37.0390 0692 sptd - detected LockedFile.Multi.Generic (1)

2011/05/13 20:29:37.0406 0692 sr (6145ca23bccda679a772ec0af42d6eb5) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/05/13 20:29:37.0437 0692 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/05/13 20:29:37.0468 0692 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/05/13 20:29:37.0500 0692 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

2011/05/13 20:29:37.0562 0692 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/05/13 20:29:37.0609 0692 TBPanel (04e1c782cf14b7282ebc633b0fd3ed16) C:\WINDOWS\system32\drivers\TBPanel.sys

2011/05/13 20:29:37.0656 0692 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/05/13 20:29:37.0671 0692 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/05/13 20:29:37.0687 0692 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/05/13 20:29:37.0718 0692 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/05/13 20:29:37.0765 0692 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

2011/05/13 20:29:37.0796 0692 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys

2011/05/13 20:29:37.0843 0692 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/05/13 20:29:37.0843 0692 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/05/13 20:29:37.0859 0692 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/05/13 20:29:37.0875 0692 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2011/05/13 20:29:37.0890 0692 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/05/13 20:29:37.0921 0692 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/05/13 20:29:37.0937 0692 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

2011/05/13 20:29:38.0015 0692 VIAHdAudAddService (cbc1ce0a1fce0deed4f6f093be91d132) C:\WINDOWS\system32\drivers\viahduaa.sys

2011/05/13 20:29:38.0078 0692 VolSnap (ecd173739b8ec10a814cc18653df5a36) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/05/13 20:29:38.0093 0692 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/05/13 20:29:38.0140 0692 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys

2011/05/13 20:29:38.0187 0692 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/05/13 20:29:38.0234 0692 WSIMD (0091d78c5f8fde0cdf2b214823de6e48) C:\WINDOWS\system32\DRIVERS\wsimd.sys

2011/05/13 20:29:38.0281 0692 xusb21 (09e5340bd9b2cb730bf4dc6be7721291) C:\WINDOWS\system32\DRIVERS\xusb21.sys

2011/05/13 20:29:38.0437 0692 \HardDisk0 - detected Rootkit.Win32.BackBoot.gen (1)

2011/05/13 20:29:38.0437 0692 ================================================================================

2011/05/13 20:29:38.0437 0692 Scan finished

2011/05/13 20:29:38.0437 0692 ================================================================================

2011/05/13 20:29:38.0453 1396 Detected object count: 2

2011/05/13 20:34:28.0453 1396 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys

2011/05/13 20:34:28.0453 1396 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505

2011/05/13 20:34:28.0453 1396 C:\WINDOWS\system32\Drivers\sptd.sys - copied to quarantine

2011/05/13 20:34:28.0562 1396 LockedFile.Multi.Generic(sptd) - User select action: Quarantine

2011/05/13 20:34:28.0640 1396 \HardDisk0 - copied to quarantine

2011/05/13 20:34:28.0656 1396 Rootkit.Win32.BackBoot.gen(\HardDisk0) - User select action: Quarantine

Ja nic z tego nie rozumiem więc mam nadzieję że Wy mi pomożecie.

Gdy teraz włączałem komputer włączał się 20x dłużej niż zwykle.

Macie screena co wykrywa antywirus nod.

Mogę dodać screena jak ktoś chce.

Dysk ten stary co go podczepiłem jest już odczepiony i teraz wszystko chodzi na moim SATA WD 500gb.

A na tamtym dysku nic nie chodziło pojawiła się tylko ta konsola dos’sowska

#2

przeskanuj tym http://www.dobreprogramy.pl/Malwarebyte … 13117.html

oraz tym http://www.dobreprogramy.pl/Dr.WEB-Cure … 12976.html

i jeszcze jedno czy ty masz 2 antywirusy ? jesli tak to zostaw jeden a drugi usuń

#3

Wykonaj skan za pomocą VIPRE Rescude - http://live.sunbeltsoftware.com/. Po rozpakowaniu program rozpocznie procedurę skanowania. Powtórzyć po restarcie komputera w trybie awaryjnym.

Wykonaj ponowny skan programem Kaspersky Rescude Disk ( obraz ISO / CD ) - http://www.dobreprogramy.pl/Kaspersky-R … 12771.html

Dodane 14.05.2011 (So) 10:37

Spróbuj uruchomić wersję NOD32DOS. Musisz go uruchomić z CD-ROM, ponieważ nie mieści się na 1 dyskietce.

http://www.avdisk.org/ http://www.avdisk.org/pages/en/download.html // AVDisk version 9.3c.

#4

przeskanowałem komputer programem Cureit i wykryło tego wirusa. Otóż po skanowaniu wyświetlił się komunikat żeby go wyleczyć i zrestartować komputer , tak też zrobiłem i po restarcie nic nie wykrywa żaden antywir. Ale komputer po restarcie nadal się długo ładował. Zaraz zrestartuje jeszcze raz i zobacze jaki będzie efekt.

#5

może usuń zbędne pliki i programy i zdefragmentuj dysk

#6

już się włącza normalnie, to była wina antywirusa.

Czyli już nie mam tego wirusa skoro ponowne skanowanie itd nic nie wykrywa?

#7

Rozumiem, że ten dysk z DOS jest odłączony. Jaki masz zainstalowany program antywirusowy?

W logach widoczna jest obecność rootkitów dlatego zaleciłem wykonanie skanu programem Vipre Rescude - http://live.sunbeltsoftware.com/. Skaner ten jest ustawiony głownie pod kątem wyszukiwania rootkitów. Nie wymaga instalacji. Na podanej stronie co 24 godz dostępna jest nowa wersja tego skanera. Skanowanie całego dysku jest wykonywane w trybie kontekstowym.

#8

Otóż użyłem Vipre Rescude coś tam wykrył ale nie bardzo wiem co, usunął.

W konsoli odzyskiwania xp wpisałem komendę mbrfix i chyba zresetowałem mbr dysku.

#9

pacpac - Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=213350