Prosím o kontrolu - rootkit
Napsal: 07 pro 2011 18:59
Dobrý den,
nyní s aktuálními problémy s antivirem AVAST, kdy mi hlásil Rootkit, bych Vás chtěl poprosit jestli byste mi nemohli mrknout na výpis ze scanu RootkitRevealer. Na viry.cz jsem se dočetl, že je vhodné tento scan provést.
(AVAST po aktualizaci již žádný Root nehlásí, ale přesto jsem znejistěl)
Předem moc děkuji
Jirouš J.
HKLM\SOFTWARE\Classes\BDATuner.Sou 23.12.2007 20:19 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\BDATuner.Sou 23.12.2007 20:19 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32* 22.11.2009 19:03 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32* 22.11.2009 19:03 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32* 22.11.2009 19:03 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32* 22.11.2009 19:03 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32* 22.11.2009 19:03 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32* 22.11.2009 19:03 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32* 22.11.2009 19:03 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32* 22.11.2009 19:03 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32* 22.11.2009 19:03 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32* 22.11.2009 19:03 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32* 22.11.2009 19:03 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32* 22.11.2009 19:03 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Pythagoras s.r.o|Testy Auto 12.8.2010 20:27 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Pythagoras s.r.o|Testy Auto 12.8.2010 20:27 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Pythagoras s.r.o|Testy Auto 12.8.2010 20:27 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Pythagoras s.r.o|Testy Auto 12.8.2010 20:27 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Pythagoras s.r.o|Testy Auto 12.8.2010 20:27 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Pythagoras s.r.o|Testy Auto 12.8.2010 20:27 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Pythagoras s.r.o|Testy Auto 12.8.2010 20:27 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Pythagoras s.r.o|Testy Auto 12.8.2010 20:27 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Pythagoras s.r.o|Testy Auto 12.8.2010 20:27 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Pythagoras s.r.o|Testy Auto 12.8.2010 20:27 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Pythagoras s.r.o|Testy Auto 12.8.2010 20:27 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\ 23.10.2009 17:53 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Hints\Jaroslav Jirou 13.10.2010 8:00 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hausaufgaben 28.8.2008 16:15 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\hausaufgaben 28.8.2008 16:15 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Secunia\sua\Check 7.12.2011 18:36 40 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Services\Eventlog\System\Vym 26.8.2008 18:08 0 bytes Key name contains embedded nulls (*)
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 29.11.2011 18:49 0 bytes Access is denied.
HKLM\SYSTEM\ControlSet002\Services\Eventlog\System\Vym 23.12.2007 20:19 0 bytes Key name contains embedded nulls (*)
HKLM\SYSTEM\ControlSet003\Services\Eventlog\System\Vym 26.8.2008 18:08 0 bytes Key name contains embedded nulls (*)
C:\Documents and Settings\Jaroslav Jirou 7.12.2011 18:37 0 bytes Hidden from Windows API.
C:\Documents and Settings\Jaroslav Jirou 7.12.2011 18:37 0 bytes Hidden from Windows API.
C:\Documents and Settings\Jaroslav Jirou 7.12.2011 18:37 0 bytes Hidden from Windows API.
C:\Documents and Settings\Jaroslav Jirou 7.12.2011 18:37 0 bytes Hidden from Windows API.
C:\Documents and Settings\Jaroslav Jirou 7.12.2011 18:37 0 bytes Hidden from Windows API.
C:\Documents and Settings\Jaroslav Jirou 7.12.2011 18:37 0 bytes Hidden from Windows API.
C:\Documents and Settings\Jaroslav Jirou 7.12.2011 18:37 456 bytes Hidden from Windows API.
C:\Documents and Settings\Jaroslav Jirou 7.12.2011 18:37 0 bytes Hidden from Windows API.
C:\Documents and Settings\Jaroslav Jirou 7.12.2011 18:37 132.48 KB Hidden from Windows API.
C:\Documents and Settings\Jaroslav Jirou 7.12.2011 18:37 0 bytes Hidden from Windows API.
C:\Documents and Settings\Jaroslav Jirou 7.12.2011 18:37 60.35 KB Hidden from Windows API.
C:\Documents and Settings\Jaroslav Jirou 7.12.2011 18:37 0 bytes Hidden from Windows API.
C:\Documents and Settings\Jaroslav Jirou 7.12.2011 18:37 35.15 KB Hidden from Windows API.
C:\Documents and Settings\Jaroslav Jirou 7.12.2011 18:37 0 bytes Hidden from Windows API.
C:\Documents and Settings\Jaroslav Jirou 7.12.2011 18:37 17.68 KB Hidden from Windows API.
C:\Program Files\Pinnacle\Studio 11\Plugins\RTFx\HfxXML\ HFX Filter.xml 1.1.1601 8:34 509 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Pinnacle\Studio 11\Plugins\RTFx\HfxXML\ HFX Transition.xml 1.1.1601 8:34 539 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Pinnacle\Studio 11\Plugins\RTFx\HfxXML\HFX Filter.xml 21.7.30046 23:36 509 bytes Hidden from Windows API.
C:\Program Files\Pinnacle\Studio 11\Plugins\RTFx\HfxXML\HFX Transition.xml 21.7.30046 23:36 539 bytes Hidden from Windows API.
Scan complete: 53 discrepancies found
nyní s aktuálními problémy s antivirem AVAST, kdy mi hlásil Rootkit, bych Vás chtěl poprosit jestli byste mi nemohli mrknout na výpis ze scanu RootkitRevealer. Na viry.cz jsem se dočetl, že je vhodné tento scan provést.
(AVAST po aktualizaci již žádný Root nehlásí, ale přesto jsem znejistěl)
Předem moc děkuji
Jirouš J.
HKLM\SOFTWARE\Classes\BDATuner.Sou 23.12.2007 20:19 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\BDATuner.Sou 23.12.2007 20:19 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32* 22.11.2009 19:03 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32* 22.11.2009 19:03 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32* 22.11.2009 19:03 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32* 22.11.2009 19:03 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32* 22.11.2009 19:03 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32* 22.11.2009 19:03 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32* 22.11.2009 19:03 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32* 22.11.2009 19:03 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32* 22.11.2009 19:03 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32* 22.11.2009 19:03 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32* 22.11.2009 19:03 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32* 22.11.2009 19:03 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Pythagoras s.r.o|Testy Auto 12.8.2010 20:27 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Pythagoras s.r.o|Testy Auto 12.8.2010 20:27 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Pythagoras s.r.o|Testy Auto 12.8.2010 20:27 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Pythagoras s.r.o|Testy Auto 12.8.2010 20:27 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Pythagoras s.r.o|Testy Auto 12.8.2010 20:27 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Pythagoras s.r.o|Testy Auto 12.8.2010 20:27 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Pythagoras s.r.o|Testy Auto 12.8.2010 20:27 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Pythagoras s.r.o|Testy Auto 12.8.2010 20:27 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Pythagoras s.r.o|Testy Auto 12.8.2010 20:27 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Pythagoras s.r.o|Testy Auto 12.8.2010 20:27 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Pythagoras s.r.o|Testy Auto 12.8.2010 20:27 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\ 23.10.2009 17:53 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Hints\Jaroslav Jirou 13.10.2010 8:00 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hausaufgaben 28.8.2008 16:15 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\hausaufgaben 28.8.2008 16:15 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Secunia\sua\Check 7.12.2011 18:36 40 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Services\Eventlog\System\Vym 26.8.2008 18:08 0 bytes Key name contains embedded nulls (*)
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 29.11.2011 18:49 0 bytes Access is denied.
HKLM\SYSTEM\ControlSet002\Services\Eventlog\System\Vym 23.12.2007 20:19 0 bytes Key name contains embedded nulls (*)
HKLM\SYSTEM\ControlSet003\Services\Eventlog\System\Vym 26.8.2008 18:08 0 bytes Key name contains embedded nulls (*)
C:\Documents and Settings\Jaroslav Jirou 7.12.2011 18:37 0 bytes Hidden from Windows API.
C:\Documents and Settings\Jaroslav Jirou 7.12.2011 18:37 0 bytes Hidden from Windows API.
C:\Documents and Settings\Jaroslav Jirou 7.12.2011 18:37 0 bytes Hidden from Windows API.
C:\Documents and Settings\Jaroslav Jirou 7.12.2011 18:37 0 bytes Hidden from Windows API.
C:\Documents and Settings\Jaroslav Jirou 7.12.2011 18:37 0 bytes Hidden from Windows API.
C:\Documents and Settings\Jaroslav Jirou 7.12.2011 18:37 0 bytes Hidden from Windows API.
C:\Documents and Settings\Jaroslav Jirou 7.12.2011 18:37 456 bytes Hidden from Windows API.
C:\Documents and Settings\Jaroslav Jirou 7.12.2011 18:37 0 bytes Hidden from Windows API.
C:\Documents and Settings\Jaroslav Jirou 7.12.2011 18:37 132.48 KB Hidden from Windows API.
C:\Documents and Settings\Jaroslav Jirou 7.12.2011 18:37 0 bytes Hidden from Windows API.
C:\Documents and Settings\Jaroslav Jirou 7.12.2011 18:37 60.35 KB Hidden from Windows API.
C:\Documents and Settings\Jaroslav Jirou 7.12.2011 18:37 0 bytes Hidden from Windows API.
C:\Documents and Settings\Jaroslav Jirou 7.12.2011 18:37 35.15 KB Hidden from Windows API.
C:\Documents and Settings\Jaroslav Jirou 7.12.2011 18:37 0 bytes Hidden from Windows API.
C:\Documents and Settings\Jaroslav Jirou 7.12.2011 18:37 17.68 KB Hidden from Windows API.
C:\Program Files\Pinnacle\Studio 11\Plugins\RTFx\HfxXML\ HFX Filter.xml 1.1.1601 8:34 509 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Pinnacle\Studio 11\Plugins\RTFx\HfxXML\ HFX Transition.xml 1.1.1601 8:34 539 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Pinnacle\Studio 11\Plugins\RTFx\HfxXML\HFX Filter.xml 21.7.30046 23:36 509 bytes Hidden from Windows API.
C:\Program Files\Pinnacle\Studio 11\Plugins\RTFx\HfxXML\HFX Transition.xml 21.7.30046 23:36 539 bytes Hidden from Windows API.
Scan complete: 53 discrepancies found
