瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 【求助】电脑是不是中了rootkit病毒?
网络笨羊 - 2005-11-18 10:00:00
我的电脑是不是中了ROOTKIT?下面是我用ROOTKITREVEAL.EXE扫描的日志.请哪位看看,有没有问题?
网络笨羊 - 2005-11-18 10:01:00
日志:
C:\Documents and Settings\Bluewater\Application Data\Kingsoft\PowerWord2005-11-17 21:500 bytesHidden from Windows API.
C:\Documents and Settings\Bluewater\Application Data\Kingsoft\PowerWord\UserDict2005-11-17 21:500 bytesHidden from Windows API.
C:\Documents and Settings\Bluewater\Application Data\Microsoft\Speech2005-11-17 21:500 bytesHidden from Windows API.
C:\Documents and Settings\Bluewater\Application Data\Microsoft\Speech\Files2005-11-17 21:500 bytesHidden from Windows API.
C:\Documents and Settings\Bluewater\Application Data\Microsoft\Speech\Files\UserLexicons2005-11-17 21:500 bytesHidden from Windows API.
C:\Documents and Settings\Bluewater\Application Data\Microsoft\Speech\Files\UserLexicons\SP_DEDAAEFC9782454699780984CF00E000.dat2005-11-17 21:50940 bytesHidden from Windows API.
C:\Documents and Settings\Bluewater\Local Settings\Temporary Internet Files\Content.IE5\DIAXNLVV\sysinternals[1].htm2005-11-17 21:5212.36 KBHidden from Windows API.
C:\Documents and Settings\Bluewater\Local Settings\Temporary I
网络笨羊 - 2005-11-18 10:03:00
对不起,前面的日志贴得不完整,这个才是完整的:
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\    2005-11-16 12:23    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\    2005-8-18 9:20    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\BDATuner.    2005-9-18 22:18    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\BDATuner.    2005-9-18 22:18    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\Save    2005-8-18 9:20    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-9-18 22:58    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:20    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:22    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:20    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:22    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:20    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:22    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:22    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:22    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:22    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:22    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:20    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:20    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:22    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:20    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:20    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:20    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:20    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:22    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:22    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:22    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:22    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:20    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:22    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:22    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:22    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:22    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:22    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:22    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:22    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:22    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:20    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:22    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:22    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:20    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:20    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:20    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:22    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:22    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:22    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:22    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:22    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:22    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:22    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:22    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:22    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:22    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:22    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:22    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:22    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:22    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:22    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:22    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:22    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\    2005-8-18 9:22    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Lenovo\    2005-9-18 17:28    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Lenovo\    2005-9-18 17:21    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Lenovo\    2005-9-18 17:34    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Lenovo\    2005-9-18 17:07    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Lenovo\    2005-8-18 10:00    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Lenovo\    2005-9-18 17:05    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^    2005-11-17 11:33    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Adobe Photoshop 7.0     2005-9-25 0:02    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\    2003-10-20 11:34    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Photoshop 7.0     2005-9-19 21:41    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesProcessed    2005-11-17 21:21    4 bytes    Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesSuccessful    2005-11-17 21:21    4 bytes    Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\ODBC\ODBCINST.INI\Conversor de p    2005-9-18 17:24    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\ODBC\ODBCINST.INI\MS Code Page-    2005-9-18 17:24    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\Ulead Systems\    2005-9-18 17:33    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\YingSoft\YingInstall\http://www.mmsk.cn\    2005-11-17 11:33    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\    2005-8-18 9:31    0 bytes    Key name contains embedded nulls (*)
HKLM\SOFTWARE\    2005-8-18 10:01    0 bytes    Key name contains embedded nulls (*)
C:\Documents and Settings\Bluewater\Application Data\Kingsoft    2005-11-17 21:50    0 bytes    Hidden from Windows API.
C:\Documents and Settings\Bluewater\Application Data\Kingsoft\PowerWord    2005-11-17 21:50    0 bytes    Hidden from Windows API.
C:\Documents and Settings\Bluewater\Application Data\Kingsoft\PowerWord\UserDict    2005-11-17 21:50    0 bytes    Hidden from Windows API.
C:\Documents and Settings\Bluewater\Application Data\Microsoft\Speech    2005-11-17 21:50    0 bytes    Hidden from Windows API.
C:\Documents and Settings\Bluewater\Application Data\Microsoft\Speech\Files    2005-11-17 21:50    0 bytes    Hidden from Windows API.
C:\Documents and Settings\Bluewater\Application Data\Microsoft\Speech\Files\UserLexicons    2005-11-17 21:50    0 bytes    Hidden from Windows API.
C:\Documents and Settings\Bluewater\Application Data\Microsoft\Speech\Files\UserLexicons\SP_DEDAAEFC9782454699780984CF00E000.dat    2005-11-17 21:50    940 bytes    Hidden from Windows API.
C:\Documents and Settings\Bluewater\Local Settings\Temporary Internet Files\Content.IE5\DIAXNLVV\sysinternals[1].htm    2005-11-17 21:52    12.36 KB    Hidden from Windows API.
C:\Documents and Settings\Bluewater\Local Settings\Temporary I
BlackStone - 2005-11-18 10:36:00
从日志上看没问题
网络笨羊 - 2005-11-18 10:49:00
【回复“BlackStone”的帖子】
C:\Documents and Settings\Bluewater\Application Data\Kingsoft 2005-11-17 21:50 0 bytes Hidden from Windows API.
C:\Documents and Settings\Bluewater\Application Data\Kingsoft\PowerWord 2005-11-17 21:50 0 bytes Hidden from Windows API.
C:\Documents and Settings\Bluewater\Application Data\Kingsoft\PowerWord\UserDict 2005-11-17 21:50 0 bytes Hidden from Windows API.
C:\Documents and Settings\Bluewater\Application Data\Microsoft\Speech 2005-11-17 21:50 0 bytes Hidden from Windows API.
C:\Documents and Settings\Bluewater\Application Data\Microsoft\Speech\Files 2005-11-17 21:50 0 bytes Hidden from Windows API.
C:\Documents and Settings\Bluewater\Application Data\Microsoft\Speech\Files\UserLexicons 2005-11-17 21:50 0 bytes Hidden from Windows API.
C:\Documents and Settings\Bluewater\Application Data\Microsoft\Speech\Files\UserLexicons\SP_DEDAAEFC9782454699780984CF00E000.dat 2005-11-17 21:50 940 bytes Hidden from Windows API.
C:\Documents and Settings\Bluewater\Local Settings\Temporary Internet Files\Content.IE5\DIAXNLVV\sysinternals[1].htm 2005-11-17 21:52 12.36 KB Hidden from Windows API.
这几项是怎么回事?看不明白.哪位能指点一下?另外哪位斑竹或高手能撰文详细介绍一下,怎么识别有没有rootkit?
BlackStone - 2005-11-18 10:52:00
去作者社区看看

http://www.sysinternals.com/forum/forum_topics.asp?FID=15
网络笨羊 - 2005-11-18 11:02:00
【回复“BlackStone”的帖子】
不好意思啊!刚刚上了你推荐的网站,可那是个英文站点啊老兄!我的英文还没到那个水平啊!能不能把相关文章翻译一下呢?拜托了!我想许多人肯定和我一样的!帮帮忙啊!先谢谢你了!
网络笨羊 - 2005-11-18 12:08:00
有没有哪位高手详细说明的?
1
查看完整版本: 【求助】电脑是不是中了rootkit病毒?
© 2000 - 2026 Rising Corp. Ltd.