Zeskanowałem kompa programem RootkitRevealer, do wykrywania rootkit’ów i taki mam tego wynik:
HKLM\SOFTWARE\Classes\BDATuner.Sk 2005-01-25 01:10 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\BDATuner.Sk 2005-01-25 01:10 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\Directory\shell\Wiersz polece 2005-02-04 21:44 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Creative Tech\Devcon\ConfigSets\{59639116-D955-11D1-9D9D-00A0C98E7F73}\Effects\{EBCD6860-0522-11D2-B724-444553540000}\ROM Preset\Default D 2005-09-19 19:33 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Creative Tech\Devcon\ConfigSets\{B591EC40-DBC3-11D1-9D9D-00A0C98E7F73}\Effects\{EBCD6860-0522-11D2-B724-444553540000}\ROM Preset\Default D 2005-09-19 20:08 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\€ 2005-01-25 00:38 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\{7c963514f-b8-7343d9-6b-408c914c62a89} 2005-10-01 17:51 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Control\MediaProperties\PrivateProperties\Midi\Ports\Urz 2005-09-21 00:11 0 bytes Key name contains embedded nulls (*)
HKLM\SYSTEM\ControlSet001\Control\MediaProperties\PrivateProperties\Midi\WDMPort\Urz 2005-09-21 00:11 0 bytes Key name contains embedded nulls (*)
HKLM\SYSTEM\ControlSet001\Control\MediaProperties\PrivateProperties\Midi\WDMPort\Urz 2005-09-21 00:11 0 bytes Key name contains embedded nulls (*)
HKLM\SYSTEM\ControlSet001\Control\Print\Monitors\Monitor j 2005-01-25 20:53 0 bytes Key name contains embedded nulls (*)
HKLM\SYSTEM\ControlSet001\Services\Eventlog\System\Mened 2005-01-25 00:24 0 bytes Key name contains embedded nulls (*)
HKLM\SYSTEM\ControlSet001\Services\Eventlog\System\Us 2005-01-25 00:26 0 bytes Key name contains embedded nulls (*)
HKLM\SYSTEM\ControlSet002\Control\Print\Monitors\Monitor j 2005-01-25 20:53 0 bytes Key name contains embedded nulls (*)
HKLM\SYSTEM\ControlSet002\Services\Eventlog\System\Mened 2005-01-25 00:24 0 bytes Key name contains embedded nulls (*)
HKLM\SYSTEM\ControlSet002\Services\Eventlog\System\Us 2005-01-25 00:26 0 bytes Key name contains embedded nulls (*)
HKLM\SYSTEM\ControlSet004\Control\MediaProperties\PrivateProperties\Midi\Ports\Urz 2005-09-21 00:11 0 bytes Key name contains embedded nulls (*)
HKLM\SYSTEM\ControlSet004\Control\MediaProperties\PrivateProperties\Midi\WDMPort\Urz 2005-09-21 00:11 0 bytes Key name contains embedded nulls (*)
HKLM\SYSTEM\ControlSet004\Control\MediaProperties\PrivateProperties\Midi\WDMPort\Urz 2005-09-21 00:11 0 bytes Key name contains embedded nulls (*)
HKLM\SYSTEM\ControlSet004\Control\Print\Monitors\Monitor j 2005-01-25 20:53 0 bytes Key name contains embedded nulls (*)
HKLM\SYSTEM\ControlSet004\Services\Eventlog\System\Mened 2005-01-25 00:24 0 bytes Key name contains embedded nulls (*)
HKLM\SYSTEM\ControlSet004\Services\Eventlog\System\Us 2005-01-25 00:26 0 bytes Key name contains embedded nulls (*)
C:\Documents and Settings\MARCIN\Ustawienia lokalne\Temp\0000025A 2005-10-01 19:05 6.81 MB Hidden from Windows API.
Jeżeli ktoś posiada tak elementarną wiedzę, by zidentyfikować wszystko, co napisane jest wyżje i wykryć szkodliwe rootkit’y - to będę bardzo wdzięczny za pomoc!