Unsolved
This post is more than 5 years old
1.1K Posts
0
7632
Rootkit revealer log
I have a log from the program rootkit revealer, I would go to the offical forum, but it seems that the place has been revieving a lot of spam so I can't post a new topic there. The log is listed below, is there anything that I should be concerned about?
HKU\.DEFAULT\Control Panel\International 1/30/2007 2:23 PM 0 bytes Security mismatch.
HKU\.DEFAULT\Control Panel\International\Geo 1/30/2007 2:23 PM 0 bytes Security mismatch.
HKU\S-1-5-21-2745831510-1764736546-1148512468-1006\Control Panel\International 1/30/2007 2:23 PM 0 bytes Security mismatch.
HKU\S-1-5-21-2745831510-1764736546-1148512468-1006\Control Panel\International\Geo 1/30/2007 2:23 PM 0 bytes Security mismatch.
HKU\S-1-5-21-2745831510-1764736546-1148512468-1006\Software\Microsoft\Command Processor 1/30/2007 2:23 PM 0 bytes Security mismatch.
HKU\S-1-5-18\Control Panel\International 1/30/2007 2:23 PM 0 bytes Security mismatch.
HKU\S-1-5-18\Control Panel\International\Geo 1/30/2007 2:23 PM 0 bytes Security mismatch.
HKLM\SECURITY\Policy\Secrets\SAC* 9/3/2002 7:18 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 9/3/2002 7:18 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\webcal\URL Protocol 8/18/2004 12:13 PM 13 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Command Processor 1/30/2007 2:23 PM 0 bytes Security mismatch.
C:\Documents and Settings\The Boone Family\My Documents\sharp1025\Small Business\Personal\Songs\Please Mr Postman....:Zone.Identifier 4/4/2007 9:27 PM 26 bytes Hidden from Windows API.
HKU\.DEFAULT\Control Panel\International\Geo 1/30/2007 2:23 PM 0 bytes Security mismatch.
HKU\S-1-5-21-2745831510-1764736546-1148512468-1006\Control Panel\International 1/30/2007 2:23 PM 0 bytes Security mismatch.
HKU\S-1-5-21-2745831510-1764736546-1148512468-1006\Control Panel\International\Geo 1/30/2007 2:23 PM 0 bytes Security mismatch.
HKU\S-1-5-21-2745831510-1764736546-1148512468-1006\Software\Microsoft\Command Processor 1/30/2007 2:23 PM 0 bytes Security mismatch.
HKU\S-1-5-18\Control Panel\International 1/30/2007 2:23 PM 0 bytes Security mismatch.
HKU\S-1-5-18\Control Panel\International\Geo 1/30/2007 2:23 PM 0 bytes Security mismatch.
HKLM\SECURITY\Policy\Secrets\SAC* 9/3/2002 7:18 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 9/3/2002 7:18 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\webcal\URL Protocol 8/18/2004 12:13 PM 13 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Command Processor 1/30/2007 2:23 PM 0 bytes Security mismatch.
C:\Documents and Settings\The Boone Family\My Documents\sharp1025\Small Business\Personal\Songs\Please Mr Postman....:Zone.Identifier 4/4/2007 9:27 PM 26 bytes Hidden from Windows API.
Bugbatter
20.5K Posts
0
April 6th, 2007 02:00
The rest look normal.
If you still have questions, you can post at either of these forums:
http://forum.sysinternals.com/forum_topics.asp?FID=17
http://www.castlecops.com/f233-Rootkit_Revelations.html
2350
1.1K Posts
0
April 6th, 2007 03:00