Kontrola logu RootkitReveal - DÍKY
Napsal: 08 črc 2010 19:29
Prosím o kontrolu z programu RootkitReveal. Na zasaženým počítači klasicky nejde otevřít regedit a správce úloh. Díky moc.
HKLM\SECURITY\Policy\Secrets\SAC* 11.9.2007 14:53 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 11.9.2007 14:53 0 bytes Key name contains embedded nulls (*)
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 23.6.2008 17:38 0 bytes Access is denied.
C:\$AttrDef 11.9.2007 15:03 2.50 KB Hidden from Windows API.
C:\$BadClus 11.9.2007 15:03 0 bytes Hidden from Windows API.
C:\$BadClus:$Bad 11.9.2007 15:03 37.26 GB Hidden from Windows API.
C:\$Bitmap 11.9.2007 15:03 1.16 MB Hidden from Windows API.
C:\$Boot 11.9.2007 15:03 8.00 KB Hidden from Windows API.
C:\$Extend 11.9.2007 15:03 0 bytes Hidden from Windows API.
C:\$Extend\$ObjId 11.9.2007 15:03 0 bytes Hidden from Windows API.
C:\$Extend\$Quota 11.9.2007 15:03 0 bytes Hidden from Windows API.
C:\$Extend\$Reparse 11.9.2007 15:03 0 bytes Hidden from Windows API.
C:\$LogFile 11.9.2007 15:03 64.00 MB Hidden from Windows API.
C:\$MFT 11.9.2007 15:03 115.92 MB Hidden from Windows API.
C:\$MFTMirr 11.9.2007 15:03 4.00 KB Hidden from Windows API.
C:\$Secure 11.9.2007 15:03 0 bytes Hidden from Windows API.
C:\$UpCase 11.9.2007 15:03 128.00 KB Hidden from Windows API.
C:\$Volume 11.9.2007 15:03 0 bytes Hidden from Windows API.
C:\Documents and Settings\Adélka\Local Settings\Temporary Internet Files\Content.IE5\3X6I8GFR\asd[1].exe 5.6.2010 14:10 104.00 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Adélka\Plocha\IM845754564366.JPG-www.facebook.com.exe 24.5.2010 17:09 108.50 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ESET\ESET NOD32 Antivirus\Quarantine\2EC9E8F2718A24A54DD1DE94747AC4CC18C8104E.NDF 8.7.2010 19:29 726 bytes Hidden from Windows API.
C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ESET\ESET NOD32 Antivirus\Quarantine\2EC9E8F2718A24A54DD1DE94747AC4CC18C8104E.NQF 8.7.2010 19:29 41.16 KB Hidden from Windows API.
C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ESET\ESET NOD32 Antivirus\Quarantine\301CCCCD8D16BB65E0D20D223F7B71E5AC0EB6BC.NDF 8.7.2010 19:17 694 bytes Hidden from Windows API.
C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ESET\ESET NOD32 Antivirus\Quarantine\301CCCCD8D16BB65E0D20D223F7B71E5AC0EB6BC.NQF 8.7.2010 19:17 104.00 KB Hidden from Windows API.
C:\Documents and Settings\Miroslav Filip\Local Settings\Temporary Internet Files\Content.IE5\ZF2KM66Z\set[1].jpg 4.6.2010 5:42 41.16 KB Visible in Windows API, but not in MFT or directory index.
C:\fafafak.exe 27.6.2010 13:31 71.00 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{4D73E9AE-51D6-4AF8-BF0E-BCF30A46A543}\RP227\A0096871.exe 24.5.2010 17:28 108.50 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{4D73E9AE-51D6-4AF8-BF0E-BCF30A46A543}\RP236\A0099441.exe 24.5.2010 17:09 108.50 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{4D73E9AE-51D6-4AF8-BF0E-BCF30A46A543}\RP236\A0099442.exe 27.6.2010 13:31 71.00 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{4D73E9AE-51D6-4AF8-BF0E-BCF30A46A543}\RP236\A0099443.ver 8.7.2010 18:48 37.26 KB Hidden from Windows API.
C:\System Volume Information\_restore{4D73E9AE-51D6-4AF8-BF0E-BCF30A46A543}\RP236\A0099444.ver 8.7.2010 13:48 37.26 KB Hidden from Windows API.
C:\System Volume Information\_restore{4D73E9AE-51D6-4AF8-BF0E-BCF30A46A543}\RP236\A0099445.ver 8.7.2010 18:48 37.26 KB Hidden from Windows API.
C:\WINDOWS\Prefetch\MAGICW~1.SCR-143924B4.pf 8.7.2010 19:15 27.13 KB Hidden from Windows API.
C:\WINDOWS\Prefetch\RUNDLL32.EXE-2576181F.pf 8.7.2010 19:15 85.19 KB Hidden from Windows API.
HKLM\SECURITY\Policy\Secrets\SAC* 11.9.2007 14:53 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 11.9.2007 14:53 0 bytes Key name contains embedded nulls (*)
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 23.6.2008 17:38 0 bytes Access is denied.
C:\$AttrDef 11.9.2007 15:03 2.50 KB Hidden from Windows API.
C:\$BadClus 11.9.2007 15:03 0 bytes Hidden from Windows API.
C:\$BadClus:$Bad 11.9.2007 15:03 37.26 GB Hidden from Windows API.
C:\$Bitmap 11.9.2007 15:03 1.16 MB Hidden from Windows API.
C:\$Boot 11.9.2007 15:03 8.00 KB Hidden from Windows API.
C:\$Extend 11.9.2007 15:03 0 bytes Hidden from Windows API.
C:\$Extend\$ObjId 11.9.2007 15:03 0 bytes Hidden from Windows API.
C:\$Extend\$Quota 11.9.2007 15:03 0 bytes Hidden from Windows API.
C:\$Extend\$Reparse 11.9.2007 15:03 0 bytes Hidden from Windows API.
C:\$LogFile 11.9.2007 15:03 64.00 MB Hidden from Windows API.
C:\$MFT 11.9.2007 15:03 115.92 MB Hidden from Windows API.
C:\$MFTMirr 11.9.2007 15:03 4.00 KB Hidden from Windows API.
C:\$Secure 11.9.2007 15:03 0 bytes Hidden from Windows API.
C:\$UpCase 11.9.2007 15:03 128.00 KB Hidden from Windows API.
C:\$Volume 11.9.2007 15:03 0 bytes Hidden from Windows API.
C:\Documents and Settings\Adélka\Local Settings\Temporary Internet Files\Content.IE5\3X6I8GFR\asd[1].exe 5.6.2010 14:10 104.00 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Adélka\Plocha\IM845754564366.JPG-www.facebook.com.exe 24.5.2010 17:09 108.50 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ESET\ESET NOD32 Antivirus\Quarantine\2EC9E8F2718A24A54DD1DE94747AC4CC18C8104E.NDF 8.7.2010 19:29 726 bytes Hidden from Windows API.
C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ESET\ESET NOD32 Antivirus\Quarantine\2EC9E8F2718A24A54DD1DE94747AC4CC18C8104E.NQF 8.7.2010 19:29 41.16 KB Hidden from Windows API.
C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ESET\ESET NOD32 Antivirus\Quarantine\301CCCCD8D16BB65E0D20D223F7B71E5AC0EB6BC.NDF 8.7.2010 19:17 694 bytes Hidden from Windows API.
C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ESET\ESET NOD32 Antivirus\Quarantine\301CCCCD8D16BB65E0D20D223F7B71E5AC0EB6BC.NQF 8.7.2010 19:17 104.00 KB Hidden from Windows API.
C:\Documents and Settings\Miroslav Filip\Local Settings\Temporary Internet Files\Content.IE5\ZF2KM66Z\set[1].jpg 4.6.2010 5:42 41.16 KB Visible in Windows API, but not in MFT or directory index.
C:\fafafak.exe 27.6.2010 13:31 71.00 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{4D73E9AE-51D6-4AF8-BF0E-BCF30A46A543}\RP227\A0096871.exe 24.5.2010 17:28 108.50 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{4D73E9AE-51D6-4AF8-BF0E-BCF30A46A543}\RP236\A0099441.exe 24.5.2010 17:09 108.50 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{4D73E9AE-51D6-4AF8-BF0E-BCF30A46A543}\RP236\A0099442.exe 27.6.2010 13:31 71.00 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{4D73E9AE-51D6-4AF8-BF0E-BCF30A46A543}\RP236\A0099443.ver 8.7.2010 18:48 37.26 KB Hidden from Windows API.
C:\System Volume Information\_restore{4D73E9AE-51D6-4AF8-BF0E-BCF30A46A543}\RP236\A0099444.ver 8.7.2010 13:48 37.26 KB Hidden from Windows API.
C:\System Volume Information\_restore{4D73E9AE-51D6-4AF8-BF0E-BCF30A46A543}\RP236\A0099445.ver 8.7.2010 18:48 37.26 KB Hidden from Windows API.
C:\WINDOWS\Prefetch\MAGICW~1.SCR-143924B4.pf 8.7.2010 19:15 27.13 KB Hidden from Windows API.
C:\WINDOWS\Prefetch\RUNDLL32.EXE-2576181F.pf 8.7.2010 19:15 85.19 KB Hidden from Windows API.