Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Noticeboard
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » [Resolved] Rootkits?

[Fixed] Hijackthis! Logs - [Resolved] Rootkits? posted in the Security & Safety forums; Hi. I used this program and it found this. Am i infected? Log is too long for this post. Thanks! + RKDETECTOR v2.0 Beta (FILESYSTEM DRIVER MODULE) + RKDETECTOR (c) ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 1 of 2 1 2 >
  #1  
Old 01-23-2007
kit kit is offline
Bronze Member
  
Join Date: Jun 2006
Posts: 14
kit - See this Members User comments on their Profile page
Default [Resolved] Rootkits?
Hi.
I used this program and it found this. Am i infected? Log is too long for this post.
Thanks!

+ RKDETECTOR v2.0 Beta (FILESYSTEM DRIVER MODULE)
+ RKDETECTOR (c) Andres Tarasco Acuńa 2003 - 2005
+ Rkdetector - Microsoft Rootkit Detector v2.0 2005 (c)
+ Free for evaluating / personal usage
+ THIS SOFTWARE IS PROVIDED "AS IS". USE IT AT YOUR OWN RISK
ANALIZANDO...
DISABLED IN THIS BETA
FLUSHING DEVICE: \\.\c:
Filesystem: NTFS
ASIGNED: 10760 VCNs, CS= 4096, BPMR = 1024
Reading Device. Found NTFS Partition version 3.1
- WARNING. UNABLE TO BROWSE c:\System Volume Information\*
+ Windows Filesystem exploration Finished (API Calls)
HIDDEN: c:\System Volume Information\MountPointManagerRemoteDatabase
HIDDEN: c:\System Volume Information\tracking.log
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\A0000869.inf
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\A0000852.dll
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\A0000853.inf
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\A0000854.dll
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\A0000855.dll
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\A0000856.dll
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\A0000857.dll
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\A0000858.ocx
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\A0000859.exe
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\A0000860.dll
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\A0000861.dll
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\A0000862.dll
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\A0000863.ocx
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\A0000864.exe
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\A0000865.inf
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\A0000866.PNF
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\A0000867.CAT
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\A0000868.inf
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\A0000870.inf
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\A0000871.inf
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\A0000872.inf
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\A0000873.CAT
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\A0000874.dll
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\A0000875.dll
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\A0000876.dll
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\A0000877.dll
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\A0000878.dll
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\A0000879.dll
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\A0000880.ver
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\A0000881.exe
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\A0000882.exe
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\A0000883.exe
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\A0000884.dll
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\A0000885.dll
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\A0000886.dll
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\A0000887.dll
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\A0000888.dll
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\A0000889.dll
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\A0000890.ocx
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\A0000891.ocx
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\A0000892.ocx
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\A0000893.exe
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\A0000894.exe
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\A0000895.dll
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\change.log.1
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\drivetable.txt
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\RestorePointSize
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\rp.log
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\snapshot
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\snapshot\_REGISTRY_USER_NTUSER_ S-1-5-20
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\snapshot\ComDb.Dat
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\snapshot\domain.txt
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\snapshot\MFEX-1.DAT
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\snapshot\MFEX-10.DAT
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\snapshot\MFEX-11.DAT
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\snapshot\MFEX-2.DAT
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\snapshot\MFEX-3.DAT
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\snapshot\MFEX-4.DAT
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\snapshot\MFEX-5.DAT
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\snapshot\MFEX-6.DAT
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\snapshot\MFEX-7.DAT
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\snapshot\MFEX-8.DAT
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\snapshot\MFEX-9.DAT
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\snapshot\Repository
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\snapshot\Repository\$WinMgmt.CF G
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\snapshot\Repository\FS
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\snapshot\Repository\FS\INDEX.BT R
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\snapshot\Repository\FS\INDEX.MA P
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\snapshot\Repository\FS\MAPPING. VER
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\snapshot\Repository\FS\MAPPING1 .MAP
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\snapshot\Repository\FS\MAPPING2 .MAP
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\snapshot\Repository\FS\OBJECTS. DATA
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\snapshot\Repository\FS\OBJECTS. MAP
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\snapshot\_REGISTRY_MACHINE_SOFT WARE
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\snapshot\_REGISTRY_MACHINE_SAM
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\snapshot\_REGISTRY_MACHINE_SYST EM
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\snapshot\_REGISTRY_MACHINE_SECU RITY
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\snapshot\_REGISTRY_USER_NTUSER_ S-1-5-21-1960408961-1801674531-1400454329-500
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\snapshot\_REGISTRY_USER_USRCLAS S_S-1-5-21-1960408961-1801674531-1400454329-500
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\snapshot\_REGISTRY_USER_NTUSER_ S-1-5-21-1960408961-1801674531-1400454329-1004
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\snapshot\_REGISTRY_USER_.DEFAUL T
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\snapshot\_REGISTRY_USER_NTUSER_ S-1-5-18
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\snapshot\_REGISTRY_USER_NTUSER_ S-1-5-19
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\snapshot\_REGISTRY_USER_USRCLAS S_S-1-5-19
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\snapshot\_REGISTRY_USER_USRCLAS S_S-1-5-20
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP25\snapshot\_REGISTRY_USER_USRCLAS S_S-1-5-21-1960408961-1801674531-1400454329-1004
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\drivetable.txt
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP0
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP0\A0000001.PNF
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP0\A0000002.PNF
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP0\A0000003.PNF
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP0\A0000004.PNF
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP0\A0000005.PNF
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP0\A0000006.PNF
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP0\A0000007.PNF
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP0\A0000008.PNF
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP0\A0000009.PNF
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP0\A0000010.PNF
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP0\change.log.1
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP1
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP1\A0000028.PNF
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP1\A0000011.dll
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP1\A0000012.ini
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP1\A0000013.ini
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP1\A0000014.INI
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP1\A0000015.hhk
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP1\A0000016.hhk
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP1\A0000017.hhk
  #2  
Old 01-23-2007
Hengis's Avatar
PCHF Founder & Owner
My PC
 
Join Date: Jan 2004
Location: Southern England
Posts: 11,316
PC Experience: Always learning
Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page
Send a message via Skype™ to Hengis
Default
Moved to HJT Section for analysis by the PC Security Team.


__________________
> Pre-Work > System File Checker
> Did we help you? If we did, please consider A Donation
  #3  
Old 01-24-2007
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,594
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default
Hi..

What you now need to do is turn off your System Restore,reboot,turn it back on and creat a new
restore point.
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Select the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.
Turn on System Restore
To turn on System Restore, follow these steps: 1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Clear the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.

Reboot and re-run your Rootkit Detector


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #4  
Old 01-24-2007
kit kit is offline
Bronze Member
  
Join Date: Jun 2006
Posts: 14
kit - See this Members User comments on their Profile page
Default
Here is log.
+ RKDETECTOR v2.0 Beta (FILESYSTEM DRIVER MODULE)
+ RKDETECTOR (c) Andres Tarasco Acuńa 2003 - 2005
+ Rkdetector - Microsoft Rootkit Detector v2.0 2005 (c)
+ Free for evaluating / personal usage
+ THIS SOFTWARE IS PROVIDED "AS IS". USE IT AT YOUR OWN RISK
FLUSHING DEVICE: \\.\c:
Filesystem: NTFS
ASIGNED: 10760 VCNs, CS= 4096, BPMR = 1024
Reading Device. Found NTFS Partition version 3.1
- WARNING. UNABLE TO BROWSE c:\System Volume Information\*
+ Windows Filesystem exploration Finished (API Calls)
HIDDEN: c:\System Volume Information\MountPointManagerRemoteDatabase
HIDDEN: c:\System Volume Information\tracking.log
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\drivetable.txt
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP1
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP1\drivetable.txt
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP1\RestorePointSize
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP1\rp.log
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP1\snapshot
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP1\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP1\snapshot\ComDb.Dat
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP1\snapshot\domain.txt
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP1\snapshot\Repository
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP1\snapshot\Repository\$WinMgmt.CFG
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP1\snapshot\Repository\FS
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP1\snapshot\Repository\FS\INDEX.BTR
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP1\snapshot\Repository\FS\INDEX.MAP
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP1\snapshot\Repository\FS\MAPPING.V ER
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP1\snapshot\Repository\FS\MAPPING1. MAP
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP1\snapshot\Repository\FS\MAPPING2. MAP
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP1\snapshot\Repository\FS\OBJECTS.D ATA
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP1\snapshot\Repository\FS\OBJECTS.M AP
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP1\snapshot\_REGISTRY_MACHINE_SOFTW ARE
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP1\snapshot\_REGISTRY_MACHINE_SAM
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP1\snapshot\_REGISTRY_MACHINE_SYSTE M
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP1\snapshot\_REGISTRY_MACHINE_SECUR ITY
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP1\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1960408961-1801674531-1400454329-500
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP1\snapshot\_REGISTRY_USER_USRCLASS _S-1-5-21-1960408961-1801674531-1400454329-500
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP1\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1960408961-1801674531-1400454329-1004
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP1\snapshot\_REGISTRY_USER_.DEFAULT
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP1\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP1\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP1\snapshot\_REGISTRY_USER_USRCLASS _S-1-5-19
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP1\snapshot\_REGISTRY_USER_USRCLASS _S-1-5-20
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP1\snapshot\_REGISTRY_USER_USRCLASS _S-1-5-21-1960408961-1801674531-1400454329-1004
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP2
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP2\A0000001.ini
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP2\A0000002.ini
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP2\A0000003.ini
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP2\A0000004.ini
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP2\A0000005.hlp
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP2\A0000006.hlp
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP2\A0000007.hlp
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP2\change.log
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP2\change.log.1
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP2\RestorePointSize
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP2\rp.log
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP2\snapshot
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP2\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP2\snapshot\ComDb.Dat
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP2\snapshot\domain.txt
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP2\snapshot\Repository
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP2\snapshot\Repository\$WinMgmt.CFG
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP2\snapshot\Repository\FS
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP2\snapshot\Repository\FS\INDEX.BTR
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP2\snapshot\Repository\FS\INDEX.MAP
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP2\snapshot\Repository\FS\MAPPING.V ER
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP2\snapshot\Repository\FS\MAPPING1. MAP
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP2\snapshot\Repository\FS\MAPPING2. MAP
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP2\snapshot\Repository\FS\OBJECTS.D ATA
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP2\snapshot\Repository\FS\OBJECTS.M AP
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP2\snapshot\_REGISTRY_MACHINE_SOFTW ARE
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP2\snapshot\_REGISTRY_MACHINE_SAM
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP2\snapshot\_REGISTRY_MACHINE_SYSTE M
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP2\snapshot\_REGISTRY_MACHINE_SECUR ITY
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP2\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1960408961-1801674531-1400454329-500
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP2\snapshot\_REGISTRY_USER_USRCLASS _S-1-5-21-1960408961-1801674531-1400454329-500
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP2\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1960408961-1801674531-1400454329-1004
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP2\snapshot\_REGISTRY_USER_.DEFAULT
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP2\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP2\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP2\snapshot\_REGISTRY_USER_USRCLASS _S-1-5-19
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP2\snapshot\_REGISTRY_USER_USRCLASS _S-1-5-20
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\RP2\snapshot\_REGISTRY_USER_USRCLASS _S-1-5-21-1960408961-1801674531-1400454329-1004
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\_driver.cfg
HIDDEN: c:\System Volume Information\_restore{FBCE4D91-E489-4DC1-ACD9-569C6DF44E1D}\_filelst.cfg
  #5  
Old 01-24-2007
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,594
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default
I dont think this is a rootkit....I dont recognise it.

Run this and post its log..

Download RootkitRevealer 1.71 - RootkitRevealer is an advanced root kit detection utility - Softpedia


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #6  
Old 01-24-2007
kit kit is offline
Bronze Member
  
Join Date: Jun 2006
Posts: 14
kit - See this Members User comments on their Profile page
Default
Rootkitrevealer log.I'm using this program from time to time, but never found exe files.
HKLM\SECURITY\Policy\Secrets\SAC* 11.12.2006 15:00 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 11.12.2006 15:00 0 bytes Key name contains embedded nulls (*)

Why are all exe files gone after reboot shown by rkdetector?
  #7  
Old 01-24-2007
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,594
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default
Well that shows you do not have any infections...


__________________
  • An Australian Member of
  • and
My real name is Eddy

Reply
Satellite TV on your PC - over 3000 Channels! Click Here!
Page 1 of 2 1 2 >

Bookmarks

« [Closed] could someone have a look at this log? | [Closed] Somthing Wierd »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

Contact Us - PC Help Forum - Site Map - Privacy Statement - Top
All times are GMT +1. The time now is 11:20 PM.
Powered by vBulletin
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 RC7
All Graphics & Content Copyright © 2004-2008 - PC Help Forum.com


Back to Top