|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Windows NT/2000/2003 Server Find support for Windows NT/2000/2003 Server editions. |
 |
|
|
Thread Tools |
05-07-2008, 04:14 AM
|
#1 (permalink) |
|
Registered User
Join Date: May 2008
Posts: 1
OS: Windows 2000
|
Rootkit Log
Could someone please take alook at this log below, to see if there is any rootkits installed.
Many thanks Jason HKLM\SECURITY\Policy\Secrets\SAC* 4/6/2003 4:13 PM 0 bytes Key name contains embedded nulls (*) HKLM\SECURITY\Policy\Secrets\SAI* 4/6/2003 4:13 PM 0 bytes Key name contains embedded nulls (*) HKLM\SECURITY\Policy\Secrets\SCM:{32B7E16F-061D-4769-A507-9402E8C020AC}* 2/9/2005 3:55 PM 0 bytes Key name contains embedded nulls (*) HKLM\SECURITY\Policy\Secrets\SCM:{3D14228D-FBE1-11D0-995D-00C04FD919C1}* 4/2/2003 5:12 AM 0 bytes Key name contains embedded nulls (*) HKLM\SECURITY\Policy\Secrets\SCM:{4ABABDDF-B4AA-40fb-B0F3-DE3021506472}* 2/9/2005 3:55 PM 0 bytes Key name contains embedded nulls (*) HKLM\SECURITY\Policy\Secrets\TS:InternetConnectorPswd* 4/2/2003 5:11 AM 0 bytes Key name contains embedded nulls (*) HKLM\SECURITY\Policy\Secrets\XATM:374423e1-6cf5-4348-8e4a-0630a98706ad* 4/6/2003 9:56 PM 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\BKUPEXEC\MSSQLServer\uptime_time_utc 5/7/2008 11:45 AM 8 bytes Data mismatch between Windows API and raw hive data. HKLM\SOFTWARE\Microsoft\MSSQLServer\MSSQLServer\uptime_time_utc 5/7/2008 11:45 AM 8 bytes Data mismatch between Windows API and raw hive data. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System* 3/15/2005 10:25 PM 0 bytes Key name contains embedded nulls (*) C:\Documents and Settings\Administrator.RCS1\Application Data\Mozilla\Firefox\Profiles\mlplvwgz.default\parent.lock 5/7/2008 11:49 AM 0 bytes Hidden from Windows API. C:\Documents and Settings\Administrator.RCS1\Local Settings\Temp\Rar$EX00.843 5/7/2008 11:57 AM 0 bytes Hidden from Windows API. C:\Documents and Settings\Administrator.RCS1\Local Settings\Temp\Rar$EX00.843\Eula.txt 5/7/2008 11:57 AM 6.84 KB Hidden from Windows API. C:\Documents and Settings\Administrator.RCS1\Local Settings\Temp\Rar$EX00.843\tcpvcon.exe 5/7/2008 11:57 AM 129.04 KB Hidden from Windows API. C:\Documents and Settings\Administrator.RCS1\Local Settings\Temp\Rar$EX00.843\tcpview.chm 5/7/2008 11:57 AM 39.08 KB Hidden from Windows API. C:\Documents and Settings\Administrator.RCS1\Local Settings\Temp\Rar$EX00.843\Tcpview.exe 5/7/2008 11:57 AM 145.04 KB Hidden from Windows API. C:\Documents and Settings\Administrator.RCS1\Recent\TcpView.zip.lnk 5/7/2008 11:56 AM 470 bytes Hidden from Windows API. C:\WINNT\system32\Perflib_Perfdata_abc.dat 5/7/2008 11:45 AM 16.00 KB Visible in Windows API, but not in MFT or directory index. D:\cumbsupp\LPT1:BCH857.WRK 9/12/2003 12:43 AM 1.53 KB Hidden from Windows API. D:\User Files\comp\Profiles\Program Files\d2000\LPT1:BCH633.WRK 4/8/2006 7:48 PM 1.52 KB Hidden from Windows API. D:\User Files\comp\Profiles\Program Files\d2000\LPT1:BCH635.WRK 4/8/2006 7:48 PM 1.52 KB Hidden from Windows API. |
|
     
|
|
| Thread Tools | |
|
|
