Bonsoir.
Je me suis rensiegné sur les rootkits et sur wikipedia j’ai touvé le logiciel RootkitReveal, et il a touvé baucoups de trucs, je poste le rapport :
HKU.DEFAULT\Control Panel\International 25/09/2007 14:18 0 bytes Security mismatch.
HKU.DEFAULT\Control Panel\International\Geo 25/09/2007 14:18 0 bytes Security mismatch.
HKU\S-1-5-21-1620409137-3323615136-1270699501-1005\Control Panel\International 25/09/2007 14:18 0 bytes Security mismatch.
HKU\S-1-5-21-1620409137-3323615136-1270699501-1005\Control Panel\International\Geo 25/09/2007 14:18 0 bytes Security mismatch.
HKU\S-1-5-21-1620409137-3323615136-1270699501-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{77CC5F22-418A-4940-9644-CC0B6B450878}* 13/08/2007 19:27 0 bytes Key name contains embedded nulls (*)
HKU\S-1-5-21-1620409137-3323615136-1270699501-1005\Software\SecuROM!CAUTION! NEVER DELETE OR CHANGE ANY KEY* 10/07/2007 21:24 0 bytes Key name contains embedded nulls (*)
HKU\S-1-5-18\Control Panel\International 25/09/2007 14:18 0 bytes Security mismatch.
HKU\S-1-5-18\Control Panel\International\Geo 25/09/2007 14:18 0 bytes Security mismatch.
HKLM\SECURITY\Policy\Secrets\SAC* 05/10/2006 10:27 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 05/10/2006 10:27 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Zone Labs\ZoneAlarm\IncomingCount 29/09/2007 21:05 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Zone Labs\ZoneAlarm\BlockCount 29/09/2007 21:05 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 16/12/2006 17:14 0 bytes Access is denied.
C:\Documents and Settings\Camille\Local Settings\Application Data\Microsoft\Messenger\leventquipasse@hotmail.com\SharingMetadata\kodaigo59@hotmail.com\DFSR\Staging\CS{F4B05A45-408F-C750-C881-C14373714B10}\01\15-{F4B05A45-408F-C750-C881-C14373714B10}-v1-{3 18/09/2007 21:07 8 bytes Hidden from Windows API.
C:\Documents and Settings\Camille\Local Settings\Application Data\Microsoft\Messenger\leventquipasse@hotmail.com\SharingMetadata\kodaigo59@hotmail.com\DFSR\Staging\CS{F4B05A45-408F-C750-C881-C14373714B10}\80\13-{309B5158-CFD7-45C8-B5EC-7FA6C25D1E6C}-v380- 22/08/2007 11:35 38.75 KB Hidden from Windows API.
C:\Documents and Settings\Camille\Local Settings\Application Data\Microsoft\Messenger\leventquipasse@hotmail.com\SharingMetadata\kodaigo59@hotmail.com\DFSR\Staging\CS{F4B05A45-408F-C750-C881-C14373714B10}\80\13-{309B5158-CFD7-45C8-B5EC-7FA6C25D1E6C}-v380- 22/08/2007 11:35 4.23 KB Hidden from Windows API.
C:\Documents and Settings\Camille\Local Settings\Application Data\Microsoft\Messenger\leventquipasse@hotmail.com\SharingMetadata\super_wizzeur@hotmail.fr\DFSR\Staging\CS{FB41DC71-5399-6DA5-840E-0237BAAC454C}\01\14-{FB41DC71-5399-6DA5-840E-0237BAAC454C}-v1 18/09/2007 21:00 8 bytes Hidden from Windows API.
C:\Documents and Settings\Camille\Local Settings\Application Data\Microsoft\Messenger\leventquipasse@hotmail.com\SharingMetadata\super_wizzeur@hotmail.fr\DFSR\Staging\CS{FB41DC71-5399-6DA5-840E-0237BAAC454C}\90\90-{A629DF1B-0F66-466B-9855-BCF58D223DDE}-v9 10/08/2007 13:07 92.23 KB Hidden from Windows API.
C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll 10/07/2007 21:18 252.00 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll 10/07/2007 21:18 111.50 KB Visible in Windows API, but not in MFT or directory index.
Es ce que vous povez me dire ce que je fait avec tout ça ?
Merci.
@++.