RootkitBuster 2.80.0.1071

リンク元表示にRootkit Busterで検索されていらっしゃる方がいきなり増えて気が付きますた。(^_^;)
readmeはまだ2.52.0.1013のまま。
10/14 追記
Trend Micro(TM) RootkitBuster(TM) 2.80 Beta readme





                                                                                                        • -
Trend Micro RootkitBuster
Module version: 2.80.0.1071
                                                                                                        • -
    • == Dump Hidden MBR and Hidden File on C:\ ==--

[HIDDEN_FILE]:
FullPath : C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\
FullPathLength: 0
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x30
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\Documents and Settings\All Users\Application Data\TEMP\
FullPathLength: 64
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x30
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db
FullPathLength: 77
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x26
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db
FullPathLength: 83
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x26
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\Documents and Settings\noushibou\Favorites\ブックマーク\脳脂肪\インターネット\Java ソフトウェアの無料ダウンロード.url
FullPathLength: 93
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\Documents and Settings\noushibou\Favorites\ブックマーク\脳脂肪\インターネット\Macromedia.url
FullPathLength: 83
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\Documents and Settings\noushibou\Favorites\ブックマーク\脳脂肪\インターネット\セキュリティ\@police.url
FullPathLength: 87
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\Documents and Settings\noushibou\Favorites\ブックマーク\脳脂肪\インターネット\セキュリティ\Kaspersky Labs - antivirus protection - protect your cyberspace.url
FullPathLength: 143
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\Documents and Settings\noushibou\My Documents\DigitalCamera\A1-001\index_1.bmp
FullPathLength: 86
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
FullPath : C:\Documents and Settings\noushibou\My Documents\DigitalCamera\A1-001\PICT0001.JPG
FullPathLength: 87
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\Documents and Settings\noushibou\My Documents\Thumbs.db
FullPathLength: 63
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x26
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\Documents and Settings\noushibou\My Documents\はがきスタジオ\Thumbs.db
FullPathLength: 71
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x26
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\Documents and Settings\noushibou\デスクトップ\Thumbs.db
FullPathLength: 57
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x26
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\InternetDownload\AcrobatUpd713_all_incr.msp
FullPathLength: 46
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\Program Files\Microsoft Office\Home Style\Outlook11\Sample Files\Thumbs.db
FullPathLength: 77
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x26
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\WINDOWS\$NtServicePackUninstall$\rdpclip.exe
FullPathLength: 47
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x800
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\WINDOWS\$NtServicePackUninstall$\tdtcp.sys
FullPathLength: 45
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x800
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\WINDOWS\I386\REGEDIT.EXE
FullPathLength: 27
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\WINDOWS\R.COM
FullPathLength: 16
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\WINDOWS\REGEDIT.COM
FullPathLength: 22
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\WINDOWS\system32\NSCMPS.dll
FullPathLength: 30
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\WINDOWS\system32\ntsd.exe
FullPathLength: 28
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
 ↑"File Streams"にチェックが入っていると[HIDDEN_FILE]が死にそうにいっぱ〜い表示される。(^_^;)
3279 hidden files found.

    • == Dump Hidden Registry Value on HKLM ==--

No hidden registry entries found.

    • == Dump Hidden Process ==--

No hidden processes found.

    • == Dump Hidden Driver ==--

No hidden drivers found.