Ce dernier est capable de détecter les processus caché ainsi que les services et drivers.
McAfee Anti-rookit semble être capable de détecter le driver et service du rootkit Pe386
et 
Le programme a la possibilité de renommer ou supprimer le processus ou service détecté.
Il suffit de cocher l'élément dans la liste et cliquer sur le bouton Rename ou Delete.
J'ai essaye de supprimer le rootkit mais au redémarrage (la suppression necessite un redémarrage).
Le service semble avoir été renommé et le service du rootkit est tjrs présent. On voit ici les deux essais des services renommés.
A noter qu'un rapport est créé lors du scan :
Voici un exemple de rapport :
McAfee(R) Rootkit Detective 1.0 Beta scan report
On 08-01-2007 at 21:11:14
OS-Version 5.1.2600
Service Pack 2.0
====================================
Object-Type: Registry-key
Object-Name: pe386fee(R) Rootkit Detective 1.0 Beta scan report
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pe386
Status: Hidden
Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pe386.REN.REN
Status: Unable to access registry key
Object-Type: Registry-key
Object-Name: EnumEM\ControlSet001\Services\pe386.REN.REN
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pe386.REN.REN\Enum
Status: Hidden
Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pe386.REN.REN\Enum
Status: Unable to access registry key
Object-Type: Registry-value
Object-Name: 0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pe386.REN.REN\Enum
Status: Hidden
Object-Type: Registry-value
Object-Name: Count
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pe386.REN.REN\Enum
Status: Hidden
Object-Type: Registry-value
Object-Name: NextInstance
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pe386.REN.REN\Enum
Status: Hidden
Object-Type: Registry-value
Object-Name: Type
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pe386.REN.REN
Status: Hidden
Object-Type: Registry-value
Object-Name: Start
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pe386.REN.REN
Status: Hidden
Object-Type: Registry-value
Object-Name: ErrorControl
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pe386.REN.REN
Status: Hidden
Object-Type: Registry-value
Object-Name: ImagePath
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pe386.REN.REN
Status: Hidden
Object-Type: Registry-value
Object-Name: DisplayName
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pe386.REN.REN
Status: Hidden
Object-Type: Registry-value
Object-Name: Group
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pe386.REN.REN
Status: Hidden
Object-Type: Registry-value
Object-Name: ExtParam
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pe386.REN.REN
Status: Hidden
Object-Type: Registry-key
Object-Name: pe386M\ControlSet001\Services\pe386.REN.REN
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\pe386
Status: Hidden
Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\pe386.REN.REN
Status: Unable to access registry key
Object-Type: Registry-key
Object-Name: pe386M\ControlSet002\Services\pe386.REN.REN
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pe386
Status: Hidden
Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pe386.REN.REN
Status: Unable to access registry key
Object-Type: Registry-key
Object-Name: EnumEM\ControlSet001\Services\pe386.REN.REN
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pe386.REN.REN\Enum
Status: Hidden
Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pe386.REN.REN\Enum
Status: Unable to access registry key
Object-Type: Registry-value
Object-Name: 0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pe386.REN.REN\Enum
Status: Hidden
Object-Type: Registry-value
Object-Name: Count
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pe386.REN.REN\Enum
Status: Hidden
Object-Type: Registry-value
Object-Name: NextInstance
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pe386.REN.REN\Enum
Status: Hidden
Object-Type: Registry-value
Object-Name: Type
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pe386.REN.REN
Status: Hidden
Object-Type: Registry-value
Object-Name: Start
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pe386.REN.REN
Status: Hidden
Object-Type: Registry-value
Object-Name: ErrorControl
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pe386.REN.REN
Status: Hidden
Object-Type: Registry-value
Object-Name: ImagePath
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pe386.REN.REN
Status: Hidden
Object-Type: Registry-value
Object-Name: DisplayName
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pe386.REN.REN
Status: Hidden
Object-Type: Registry-value
Object-Name: Group
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pe386.REN.REN
Status: Hidden
Object-Type: Registry-value
Object-Name: ExtParam
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pe386.REN.REN
Status: Hidden
Object-Type: File/Folder
Object-Name: System Idle Process
Pid: n/a
Object-Path: System Idle Process
Status: Visible
Object-Type: Process
Object-Name: System
Pid: 4
Object-Path:
Status: Visible
Object-Type: Process
Object-Name: svchost.exe
Pid: 1036
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible
Object-Type: Process
Object-Name: wuauclt.exe
Pid: 1804
Object-Path: C:\WINDOWS\system32\wuauclt.exe
Status: Visible
Object-Type: Process
Object-Name: svchost.exe
Pid: 1324
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible
Object-Type: Process
Object-Name: svchost.exe
Pid: 848
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible
Object-Type: Process
Object-Name: spoolsv.exe
Pid: 1632
Object-Path: C:\WINDOWS\system32\spoolsv.exe
Status: Visible
Object-Type: Process
Object-Name: csrss.exe
Pid: 616
Object-Path: C:\WINDOWS\system32\csrss.exe
Status: Visible
Object-Type: Process
Object-Name: smss.exe
Pid: 372
Object-Path: C:\WINDOWS\system32\smss.exe
Status: Visible
Object-Type: Process
Object-Name: winlogon.exe
Pid: 640
Object-Path: C:\WINDOWS\system32\winlogon.exe
Status: Visible
Object-Type: Process
Object-Name: wscntfy.exe
Pid: 1160
Object-Path: C:\WINDOWS\system32\wscntfy.exe
Status: Visible
Object-Type: Process
Object-Name: explorer.exe
Pid: 1424
Object-Path: C:\WINDOWS\explorer.exe
Status: Visible
Object-Type: Process
Object-Name: Rootkit_Detecti
Pid: 168
Object-Path: C:\Documents and Settings\thib\Desktop\Rootkit_Detective.exe
Status: Visible
Object-Type: Process
Object-Name: services.exe
Pid: 684
Object-Path: C:\WINDOWS\system32\services.exe
Status: Visible
Object-Type: Process
Object-Name: svchost.exe
Pid: 940
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible
Object-Type: Process
Object-Name: lsass.exe
Pid: 696
Object-Path: C:\WINDOWS\system32\lsass.exe
Status: Visible
Object-Type: Process
Object-Name: svchost.exe
Pid: 1212
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible
Object-Type: Process
Object-Name: IceSword.exe
Pid: 1740
Object-Path:
Status: Visible
Object-Type: Process
Object-Name: VMwareUser.exe
Pid: 1756
Object-Path: C:\Program Files\VMware\VMware Tools\VMwareUser.exe
Status: Visible
Object-Type: Process
Object-Name: VMwareService.e
Pid: 244
Object-Path: C:\Program Files\VMware\VMware Tools\VMwareService.exe
Status: Visible
Object-Type: Process
Object-Name: ctfmon.exe
Pid: 1784
Object-Path: C:\WINDOWS\system32\ctfmon.exe
Status: Visible
Object-Type: Process
Object-Name: alg.exe
Pid: 1020
Object-Path: C:\WINDOWS\system32\alg.exe
Status: Visible
