Jump to content

security_concerned

Members
  • Posts

    2
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I wanted to get a second opinion from you guys on some results from the Malwarebytes Anti-Rootkit scanner we have used on several Windows machines on our network. We noticed some issues with odd behavior on our network, and got them cleaned up we believe for the most part with MSE and Malwarebytes Malware Scanner (not mbar). To be extra thorough we decided to scan some of the Windows servers with the MWB Anti-Rootkit scanner for extra assurance. We found a handful of computers with positive results from MBAR. All of the results came up with "Unknown.rootkit.Driver" across a variety of files in C:\windows\system32\drivers, which MBAR reported as "Forged File". However we took the files and uploaded them to virustotal.com which is run by Kaspersky which checks the hashes of the files against known good file. All of the positive results we got were for Windows 2003 Servers, no other servers appear to be yeilding results from mbar. My questions are this: -How does mbar classify files as a "forged file"? -Are there ways these files can be coming up as good on virustotal.com but still be infected with rootkits? -Does anyone here with the know how still believe these infections are legit? The mbar results for one of these servers are below: --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1007 © Malwarebytes Corporation 2011-2012 OS version: 5.2.3790 Windows Server 2003 Service Pack 2 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_13 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 2.327000 GHz Memory total: 2142724096, free: 1236303872 Downloaded database version: v2013.11.22.09 Downloaded database version: v2013.10.11.02 ======================================= Initializing... ------------ Kernel report ------------ 11/22/2013 09:46:17 ------------ Loaded modules ----------- \WINDOWS\system32\ntkrnlpa.exe \WINDOWS\system32\hal.dll \WINDOWS\system32\KDCOM.DLL \WINDOWS\system32\BOOTVID.dll ACPI.sys \WINDOWS\system32\DRIVERS\WMILIB.SYS pci.sys isapnp.sys pciide.sys \WINDOWS\system32\DRIVERS\PCIIDEX.SYS intelide.sys MountMgr.sys ftdisk.sys dmload.sys dmio.sys volsnap.sys PartMgr.sys xevtchn.sys \WINDOWS\system32\DRIVERS\XENUTIL.SYS xenvif.sys atapi.sys perc2.sys \WINDOWS\system32\drivers\SCSIPORT.SYS xenvbd.sys scsifilt.sys disk.sys \WINDOWS\system32\DRIVERS\CLASSPNP.SYS fltmgr.sys MpFilter.sys Dfs.sys KSecDD.sys Ntfs.sys NDIS.sys xennet.sys r1vssfltr.sys r1fltr.sys Mup.sys crcdisk.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\fdc.sys \SystemRoot\system32\DRIVERS\serial.sys \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\system32\DRIVERS\parport.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\cirrus.sys \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS \SystemRoot\system32\DRIVERS\watchdog.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\audstub.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\ptilink.sys \SystemRoot\system32\DRIVERS\raspti.sys \SystemRoot\system32\DRIVERS\rdpdr.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\update.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\system32\DRIVERS\xeniface.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\System32\Drivers\mnmdd.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\ipsec.sys \SystemRoot\system32\DRIVERS\msgpc.sys \SystemRoot\system32\DRIVERS\tcpip.sys \SystemRoot\system32\DRIVERS\netbt.sys \SystemRoot\System32\drivers\afd.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\System32\Drivers\Fips.SYS \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\System32\Drivers\Cdfs.SYS \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_xenvbd.sys \SystemRoot\System32\Drivers\dump_XENUTIL.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\drivers\dxgthk.sys \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\DRIVERS\parvdm.sys \SystemRoot\System32\Drivers\HTTP.sys \SystemRoot\system32\DRIVERS\srv.sys \SystemRoot\System32\Drivers\TDTCP.SYS \SystemRoot\System32\Drivers\RDPWD.SYS \SystemRoot\System32\RDPDD.dll \SystemRoot\System32\cirrus.dll \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys \WINDOWS\system32\ntdll.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff89ffd9a8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Scsi\xenvbd1Port2Path0Target0Lun0\ Lower Device Object: 0xffffffff89f09030 Lower Device Driver Name: \Driver\xenvbd\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff89ffd9a8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff89f0ab80, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff89ffd9a8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff89faccf8, DeviceName: Unknown, DriverName: \Driver\scsifilt\ DevicePointer: 0xffffffff89f09030, DeviceName: \Device\Scsi\xenvbd1Port2Path0Target0Lun0\, DriverName: \Driver\xenvbd\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 512, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 512, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 512, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Read File: File "C:\WINDOWS\system32\drivers\smb.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\smb.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\smclib.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\sonydcam.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\sonydcam.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\srv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\srv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\storport.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\storport.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\stream.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\stream.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\swenum.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\tape.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\tape.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\tcpip.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\tcpip.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\tcpip6.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\tcpip6.sys" is compressed (flags = 1) File C:\WINDOWS\SYSTEM32\drivers\tcpip6.sys --> [Forged file] Replacement file found for a file C:\WINDOWS\SYSTEM32\drivers\tcpip6.sys Read File: File "C:\WINDOWS\system32\drivers\tcpip6.sys" is compressed (flags = 1) Infected: C:\WINDOWS\SYSTEM32\drivers\tcpip6.sys --> [unknown.Rootkit.Driver] Read File: File "C:\WINDOWS\system32\drivers\tdi.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\tdi.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\tdpipe.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\tdpipe.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\tdtcp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\tdtcp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\termdd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\termdd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\tunmp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\tunmp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\uagp35.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\uagp35.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\udfs.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\udfs.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\uliagpkx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\uliagpkx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\fastfat.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\fastfat.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\fdc.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\fips.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\fips.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\flpydisk.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\fltmgr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\fltmgr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\fsvga.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\fs_rec.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\fs_rec.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ftdisk.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ftdisk.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\gagp30kx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\gagp30kx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\hdaudbus.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\hdaudio.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\hdaudio.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\hidclass.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\hidparse.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\hidusb.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\hpcisss.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\hpcisss.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\http.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\http.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\i8042prt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\imapi.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\imapi.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\acpi.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\acpiec.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\afd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\afd.sys" is compressed (flags = 1) File C:\WINDOWS\SYSTEM32\drivers\afd.sys --> [Forged file] Replacement file found for a file C:\WINDOWS\SYSTEM32\drivers\afd.sys Read File: File "C:\WINDOWS\system32\drivers\afd.sys" is compressed (flags = 1) Infected: C:\WINDOWS\SYSTEM32\drivers\afd.sys --> [unknown.Rootkit.Driver] Read File: File "C:\WINDOWS\system32\drivers\amdide.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\amdide.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\amdk6.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\amdk6.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\amdk7.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\amdk7.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\amdk8.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\arc.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\arc.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\asyncmac.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\asyncmac.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atapi.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati2mpad.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati2mpad.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atmarpc.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\atmarpc.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atmarps.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\atmarps.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\atmepvc.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atmlane.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\atmlane.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\atmuni.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\audstub.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\audstub.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mouhid.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mountmgr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\mountmgr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\MpFilter.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\MpFilter.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mqac.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\mqac.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mrxdav.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\mrxdav.sys" is compressed (flags = 1) File C:\WINDOWS\SYSTEM32\drivers\mrxdav.sys --> [Forged file] Replacement file found for a file C:\WINDOWS\SYSTEM32\drivers\mrxdav.sys Read File: File "C:\WINDOWS\system32\drivers\mrxdav.sys" is compressed (flags = 1) Infected: C:\WINDOWS\SYSTEM32\drivers\mrxdav.sys --> [unknown.Rootkit.Driver] Read File: File "C:\WINDOWS\system32\drivers\mrxsmb.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\mrxsmb.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\msfs.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\msfs.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\msgpc.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\msgpc.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mssmbios.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mup.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\mup.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ndis.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ndis.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ndistapi.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ndistapi.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ndisuio.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ndisuio.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ndiswan.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ndiswan.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ndproxy.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ndproxy.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\netbios.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\netbios.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\netbt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\netbt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nmnt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\nmnt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\npfs.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\npfs.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ntfs.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ntfs.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rasl2tp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\rasl2tp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\raspppoe.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\raspppoe.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\raspptp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\raspptp.sys" is compressed (flags = 1) File C:\WINDOWS\SYSTEM32\drivers\raspptp.sys --> [Forged file] Replacement file found for a file C:\WINDOWS\SYSTEM32\drivers\raspptp.sys Read File: File "C:\WINDOWS\system32\drivers\raspptp.sys" is compressed (flags = 1) Infected: C:\WINDOWS\SYSTEM32\drivers\raspptp.sys --> [unknown.Rootkit.Driver] Read File: File "C:\WINDOWS\system32\drivers\raspti.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\raspti.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\rawwan.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rdbss.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\rdbss.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rdpcdd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\rdpcdd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rdpdr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\rdpdr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rdpwd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\rdpwd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\redbook.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\redbook.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rmcast.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\rmcast.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rndismp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\rndismp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rndismpx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\rndismpx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\rootmdm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\RTL8139.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\RTL8139.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\sacdrv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\sacdrv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\scsifilt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\scsifilt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\scsiport.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\scsiport.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\secdrv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\secdrv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\serenum.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\serial.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\beep.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\beep.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\intelide.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\intelide.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mouclass.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\null.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\null.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rasacd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\rasacd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\sfloppy.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\update.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\update.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usb8023.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\usb8023.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usb8023x.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\usb8023x.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usbcamd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbcamd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usbcamd2.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbcamd2.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usbccgp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usbccid.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbccid.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usbd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usbhub.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbhub.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usbintel.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbintel.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usbohci.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usbport.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usbuhci.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usbvideo.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbvideo.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\vdmindvd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\vga.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\vga.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\videoprt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\videoprt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\volsnap.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wanarp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\wanarp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\watchdog.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\watchdog.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wlbs.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\wlbs.sys" is compressed (flags = 1) File C:\WINDOWS\SYSTEM32\drivers\wlbs.sys --> [Forged file] Replacement file found for a file C:\WINDOWS\SYSTEM32\drivers\wlbs.sys Read File: File "C:\WINDOWS\system32\drivers\wlbs.sys" is compressed (flags = 1) Infected: C:\WINDOWS\SYSTEM32\drivers\wlbs.sys --> [unknown.Rootkit.Driver] Read File: File "C:\WINDOWS\system32\drivers\wmilib.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\wmilib.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wpdusb.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\wpdusb.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ws2ifsl.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\xeniface.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\xeniface.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\xennet.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\xennet.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\xenutil.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\xenutil.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\xenvbd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\xenvbd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\xenvif.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\xenvif.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\xevtchn.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\xevtchn.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nv_agp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\nv_agp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nwlnkipx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\nwlnkipx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\nwlnknb.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\nwlnkspx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nwrdr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\nwrdr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\oprghdlr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\p3.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\p3.sys" is compressed (flags = 1) File C:\WINDOWS\SYSTEM32\drivers\p3.sys --> [Forged file] Replacement file found for a file C:\WINDOWS\SYSTEM32\drivers\p3.sys Read File: File "C:\WINDOWS\system32\drivers\p3.sys" is compressed (flags = 1) Infected: C:\WINDOWS\SYSTEM32\drivers\p3.sys --> [unknown.Rootkit.Driver] Read File: File "C:\WINDOWS\system32\drivers\parport.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\partmgr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\partmgr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\parvdm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\parvdm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\pci.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\pciide.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\pciidex.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\pcmcia.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\perc2.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\perc2.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\perc2cin.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\perc2cin.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\perc2evt.exe" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\perc2evt.exe" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\processr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\psched.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\psched.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ptilink.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ptilink.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\r1fltr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\r1fltr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\r1vssfltr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\r1vssfltr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\bridge.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\bridge.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cbidf2k.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\cbidf2k.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cdfs.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\cdfs.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cdrom.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cirrus.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\cirrus.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\classpnp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\classpnp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\crcdisk.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\crcdisk.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\crusoe.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\crusoe.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\dfs.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\dfs.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\disk.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\diskdump.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\diskdump.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\dmboot.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\dmboot.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\dmio.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\dmio.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\dmload.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\dmload.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\dxapi.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\dxapi.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\dxgthk.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\dxgthk.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\e1000325.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\e1000325.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\intelppm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ip6fw.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ip6fw.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ipfltdrv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ipfltdrv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ipnat.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ipnat.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ipsec.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ipsec.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\isapnp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\kbdclass.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\kbdhid.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ks.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ks.sys" is compressed (flags = 1) File C:\WINDOWS\SYSTEM32\drivers\ks.sys --> [Forged file] Replacement file found for a file C:\WINDOWS\SYSTEM32\drivers\ks.sys Read File: File "C:\WINDOWS\system32\drivers\ks.sys" is compressed (flags = 1) Infected: C:\WINDOWS\SYSTEM32\drivers\ks.sys --> [unknown.Rootkit.Driver] Too many forged files. Probable DDA driver failure. Driver scan terminated, results discarded. Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 6FEB239E Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 64197 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 64260 Numsec = 20563200 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 20627460 Numsec = 266084595 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 214758850560 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-419430880-419450880)... Done! Read File: File "C:\WINDOWS\system32\config\AppEvent.Evt" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\config\SecEvent.Evt" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\config\SysEvent.Evt" is compressed (flags = 1) Read File: File "C:\Documents and Settings\******\Cookies\index.dat" is compressed (flags = 1) Read File: File "C:\WINDOWS\WindowsUpdate.log" is compressed (flags = 1) Read File: File "C:\Documents and Settings\******\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1) Scan finished Thanks, Security_Concerned
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.