www.MegaLab.it

da **dario-vr** » mer nov 18, 2009 8:54 pm

il log di RootkitBuster:

+----------------------------------------------------
| Trend Micro RootkitBuster
| Module version: 2.80.0.1071
+----------------------------------------------------

--== Dump Hidden MBR and Hidden File on C:\ ==--
[HIDDEN_FILE]:
FullPath : C:\acqmod
FullPathLength: 9
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\Documents and Settings\All Users\Dati applicazioni\TEMP\
FullPathLength: 71
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x30
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\Documents and Settings\Utente\Documenti\File ricevuti\Thumbs.db
FullPathLength: 66
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x826
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\Documents and Settings\Utente\Documenti\funrecent.fmp
FullPathLength: 56
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x800
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\Documents and Settings\Utente\Documenti\Immagini\Kodak Pictures\Parigi-Eurodisney2008\Thumbs.db
FullPathLength: 98
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x826
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\Documents and Settings\Utente\Documenti\Musica\Canzoni\Gianluca Grignani - La Mia Storia Tra Le Dita.mp3
FullPathLength: 107
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x800
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\Documents and Settings\Utente\Documenti\Musica\Canzoni\Renato Zero - Ovunque Sei.mp3
FullPathLength: 87
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x800
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\Documents and Settings\Utente\Documenti\Musica\Canzoni\Thumbs.db
FullPathLength: 67
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x826
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\Documents and Settings\Utente\Documenti\Musica\iTunes\iTunes Music\Thumbs.db
FullPathLength: 79
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x826
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\Documents and Settings\Utente\Documenti\Musica\Thumbs.db
FullPathLength: 59
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x806
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\Documents and Settings\Utente\Documenti\RegRun2\Regrun2.rr2
FullPathLength: 62
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x800
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\Documents and Settings\Utente\Preferiti\빐£gnalibri non catalogati\Aggiungi account.URL
FullPathLength: 89
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\Documents and Settings\Utente\Preferiti\빐£gnalibri non catalogati\Il mio eBay oggetti che osservi.URL
FullPathLength: 105
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\HijackThis\HijackThis.exe
FullPathLength: 28
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x820
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\Programmi\Windows Media Player\Network Sharing\Thumbs.db
FullPathLength: 59
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x826
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\RegSeeker\RegSeeker\Languages\Afrik.bmp
FullPathLength: 42
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x820
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\RegSeeker\RegSeeker\Languages\Arabic.BMP
FullPathLength: 43
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x820
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\RegSeeker\RegSeeker\Languages\Catalan.bmp
FullPathLength: 44
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x820
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\RegSeeker\RegSeeker\Languages\Chinese.bmp
FullPathLength: 44
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x820
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\RegSeeker\RegSeeker\Languages\Czech.bmp
FullPathLength: 42
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x820
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\RegSeeker\RegSeeker\Languages\Deutsch.bmp
FullPathLength: 44
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x820
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\RegSeeker\RegSeeker\Languages\Dutch.bmp
FullPathLength: 42
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x820
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\RegSeeker\RegSeeker\Languages\English.bmp
FullPathLength: 44
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x820
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\RegSeeker\RegSeeker\Languages\Español.bmp
FullPathLength: 44
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x820
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\RegSeeker\RegSeeker\Languages\Finnish.bmp
FullPathLength: 44
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x820
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\RegSeeker\RegSeeker\Languages\French.bmp
FullPathLength: 43
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x820
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\RegSeeker\RegSeeker\Languages\frisian.bmp
FullPathLength: 44
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x820
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\RegSeeker\RegSeeker\Languages\Galego.bmp
FullPathLength: 43
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x820
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\RegSeeker\RegSeeker\Languages\Hungarian.bmp
FullPathLength: 46
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x820
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\RegSeeker\RegSeeker\Languages\Indonesian.bmp
FullPathLength: 47
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x820
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\RegSeeker\RegSeeker\Languages\Italiano.bmp
FullPathLength: 45
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x820
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\RegSeeker\RegSeeker\Languages\Korean.bmp
FullPathLength: 43
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x820
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\RegSeeker\RegSeeker\Languages\Lithuanian.bmp
FullPathLength: 47
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x820
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\RegSeeker\RegSeeker\Languages\Malagasy.bmp
FullPathLength: 45
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x820
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\RegSeeker\RegSeeker\Languages\Norwegian.bmp
FullPathLength: 46
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x820
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\RegSeeker\RegSeeker\Languages\persian.bmp
FullPathLength: 44
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x820
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\RegSeeker\RegSeeker\Languages\Polish.bmp
FullPathLength: 43
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x820
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\RegSeeker\RegSeeker\Languages\Português-BR.bmp
FullPathLength: 49
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x820
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\RegSeeker\RegSeeker\Languages\Romana.bmp
FullPathLength: 43
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x820
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\RegSeeker\RegSeeker\Languages\Serbian.bmp
FullPathLength: 44
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x820
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\RegSeeker\RegSeeker\Languages\Turkish.bmp
FullPathLength: 44
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x820
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\RegSeeker\RegSeeker\Languages\unknown.bmp
FullPathLength: 44
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x820
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\RegSeeker\RegSeeker\license.rtf
FullPathLength: 34
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x820
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\RegSeeker\RegSeeker\mycookies.ini
FullPathLength: 36
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x820
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\RegSeeker\RegSeeker\Order.doc
FullPathLength: 32
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x820
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\RegSeeker\RegSeeker\RegHist.txt
FullPathLength: 34
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x820
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\RegSeeker\RegSeeker\RegSeeker.exe
FullPathLength: 36
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x820
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\RegSeeker\RegSeeker\Thumbs.db
FullPathLength: 32
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x826
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
FullPathLength: 46
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x800
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
FullPathLength: 45
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x800
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\WINDOWS\$NtServicePackUninstall$\sens.dll
FullPathLength: 44
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x800
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\WINDOWS\AvDetected.ini
FullPathLength: 25
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x820
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\WINDOWS\bootstat.dat
FullPathLength: 23
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x24
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\WINDOWS\Provisioning\Schemas\branding.xdr
FullPathLength: 44
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x820
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\WINDOWS\security\templates\setup security.inf
FullPathLength: 48
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x820
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\WINDOWS\system32\drivers\etc\lmhosts.sam
FullPathLength: 43
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\WINDOWS\system32\drivers\regguard.sys
FullPathLength: 40
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x820
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\WINDOWS\system32\nwiz.exe
FullPathLength: 28
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x820
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\WINDOWS\system32\ScsiAccess.EXE
FullPathLength: 34
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\WINDOWS\system32\wvc1dmod.dll
FullPathLength: 32
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x820
ShareAccess : 0x0
Type : 0x0
75 hidden files found.

--== Dump Hidden Registry Value on HKLM ==--
No hidden registry entries found.

--== Dump Hidden Process ==--
No hidden processes found.

--== Dump Hidden Driver ==--
No hidden drivers found.

uso wilkised perché non riesco a postare il log di Prevx:
log prevx.log

Cosa ne pensi? il computer funziona egregiamente. I programmi di sicurezza installati si aggiornano regolarmente.
Per cui non so... ho letto in giro che quel che scrive mbr.exe potrebe trattarsi anche solo di un residuo di informazione del rootkit rimosso con le precedenti pulizie.

www.MegaLab.it

Ripristinare MBR da infezione rootkit

Re: Ripristinare MBR da infezione rootkit

Chi c’è in linea