rootkit
Publié par Anonyme le 02/03/2006 11:29:38
en fait rootkitrevealer ne fais que scanner , alors voici ce qu il a trouvé :
HKLM\SOFTWARE\Zone Labs\ZoneAlarm\BlockCount 02/03/2006 11:12 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Zone Labs\ZoneAlarm\HackCount 02/03/2006 11:12 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Zone Labs\ZoneAlarm\IncomingCount 02/03/2006 11:12 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\s0 27/02/2006 05:19 4 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\s1 27/02/2006 05:19 4 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\s2 27/02/2006 05:19 4 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\g0 27/02/2006 05:19 32 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\h0 27/02/2006 05:19 4 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 27/02/2006 10:20 0 bytes Hidden from Windows API
je suppose que pour zone alarm je ne dois rien supprimer
mais pour les HKLM\SYSTEM\ControlSet001 puis je les supprimer dans le registre ?
merci , bye
HKLM\SOFTWARE\Zone Labs\ZoneAlarm\BlockCount 02/03/2006 11:12 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Zone Labs\ZoneAlarm\HackCount 02/03/2006 11:12 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Zone Labs\ZoneAlarm\IncomingCount 02/03/2006 11:12 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\s0 27/02/2006 05:19 4 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\s1 27/02/2006 05:19 4 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\s2 27/02/2006 05:19 4 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\g0 27/02/2006 05:19 32 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\h0 27/02/2006 05:19 4 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 27/02/2006 10:20 0 bytes Hidden from Windows API
je suppose que pour zone alarm je ne dois rien supprimer
mais pour les HKLM\SYSTEM\ControlSet001 puis je les supprimer dans le registre ?
merci , bye
Cette contribution était de : http://www.gratilog.net/xoops/newbb/viewtopic.php?forum=2&topic_id=1259&post_id=5204