I was hoping you could help my understand the Antirootkit results I'm getting on this system. Thanks!
RogueKiller V9.2.3.0 [Jul 11 2014] by Adlice Software
mail :
http://www.adlice.com/contact/Feedback :
http://forum.adlice.comWebsite :
http://www.adlice.com/softwares/roguekiller/Blog :
http://www.adlice.comOperating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : diana [Admin rights]
Mode : Scan -- Date : 07/16/2014 11:49:30
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 8 ¤¤¤
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{08F46703-A7D7-478D-A637-B3B69C52CEBC} | DhcpNameServer : 10.0.0.1 -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{08F46703-A7D7-478D-A637-B3B69C52CEBC} | DhcpNameServer : 10.0.0.1 -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{08F46703-A7D7-478D-A637-B3B69C52CEBC} | DhcpNameServer : 10.0.0.1 -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ HOSTS File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost
¤¤¤ Antirootkit : 45 (Driver: LOADED) ¤¤¤
[SSDT:Addr(Hook.SSDT)] NtAlertResumeThread[13] : Unknown @ 0x8803b410
[SSDT:Addr(Hook.SSDT)] NtAlertThread[14] : Unknown @ 0x8803b4a8
[SSDT:Addr(Hook.SSDT)] NtAllocateVirtualMemory[18] : Unknown @ 0x87adb140
[SSDT:Addr(Hook.SSDT)] NtAlpcConnectPort[21] : Unknown @ 0x87a7b2c8
[SSDT:Addr(Hook.SSDT)] NtAssignProcessToJobObject[42] : Unknown @ 0x880bcd88
[SSDT:Addr(Hook.SSDT)] NtCreateMutant[67] : Unknown @ 0x8803b238
[SSDT:Addr(Hook.SSDT)] NtCreateSymbolicLinkObject[77] : Unknown @ 0x880bcb80
[SSDT:Addr(Hook.SSDT)] NtCreateThread[78] : Unknown @ 0x88265850
[SSDT:Addr(Hook.SSDT)] NtDebugActiveProcess[116] : Unknown @ 0x880bce20
[SSDT:Addr(Hook.SSDT)] NtDuplicateObject[129] : Unknown @ 0x87ead0f8
[SSDT:Addr(Hook.SSDT)] NtFreeVirtualMemory[147] : Unknown @ 0x8815fe38
[SSDT:Addr(Hook.SSDT)] NtImpersonateAnonymousToken[156] : Unknown @ 0x8803b2e0
[SSDT:Addr(Hook.SSDT)] NtImpersonateThread[158] : Unknown @ 0x8803b378
[SSDT:Addr(Hook.SSDT)] NtLoadDriver[165] : Unknown @ 0x87a7bc98
[SSDT:Addr(Hook.SSDT)] NtMapViewOfSection[177] : Unknown @ 0x8815fda0
[SSDT:Addr(Hook.SSDT)] NtOpenEvent[184] : Unknown @ 0x8803b1a0
[SSDT:Addr(Hook.SSDT)] NtOpenProcess[194] : Unknown @ 0x8815f458
[SSDT:Addr(Hook.SSDT)] NtOpenProcessToken[195] : Unknown @ 0x87ead060
[SSDT:Addr(Hook.SSDT)] NtOpenSection[197] : Unknown @ 0x880bcf70
[SSDT:Addr(Hook.SSDT)] NtOpenThread[201] : Unknown @ 0x87ead180
[SSDT:Addr(Hook.SSDT)] NtProtectVirtualMemory[210] : Unknown @ 0x880bcce0
[SSDT:Addr(Hook.SSDT)] NtResumeThread[282] : Unknown @ 0x8803b540
[SSDT:Addr(Hook.SSDT)] NtSetContextThread[289] : Unknown @ 0x8815fbc8
[SSDT:Addr(Hook.SSDT)] NtSetInformationProcess[305] : Unknown @ 0x8815fc60
[SSDT:Addr(Hook.SSDT)] NtSetSystemInformation[317] : Unknown @ 0x880bceb8
[SSDT:Addr(Hook.SSDT)] NtSuspendProcess[330] : Unknown @ 0x8803b108
[SSDT:Addr(Hook.SSDT)] NtSuspendThread[331] : Unknown @ 0x8815fa98
[SSDT:Addr(Hook.SSDT)] NtTerminateProcess[334] : Unknown @ 0x88265b18
[SSDT:Addr(Hook.SSDT)] NtTerminateThread[335] : Unknown @ 0x8815fb30
[SSDT:Addr(Hook.SSDT)] NtUnmapViewOfSection[348] : Unknown @ 0x8815fd08
[SSDT:Addr(Hook.SSDT)] NtWriteVirtualMemory[358] : Unknown @ 0x87adb078
[SSDT:Addr(Hook.SSDT)] NtCreateThreadEx[382] : Unknown @ 0x880bcc28
[ShwSSDT:Addr(Hook.Shadow)] NtUserAttachThreadInput[317] : Unknown @ 0x87cab7b0
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetAsyncKeyState[397] : Unknown @ 0x87b67e40
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyboardState[428] : Unknown @ 0x87cab190
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyState[430] : Unknown @ 0x87b556c8
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetRawInputData[442] : Unknown @ 0x87b674c0
[ShwSSDT:Addr(Hook.Shadow)] NtUserMessageCall[479] : Unknown @ 0x87f6e6a0
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostMessage[497] : Unknown @ 0x87b67798
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostThreadMessage[498] : Unknown @ 0x87b88ee8
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[573] : Unknown @ 0x87b672b0
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[576] : Unknown @ 0x87b6a070
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\Ide\IdeDeviceP1T0L0-1 : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\system32\DRIVERS\CmBatt.sys)
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\Harddisk0\DR0 : \Driver\partmgr @ Unknown (\SystemRoot\system32\drivers\mpio.sys)
[Filter(Kernel.Filter)] \Driver\disk @ \Device\Harddisk0\DR0 : \Driver\partmgr @ Unknown (\SystemRoot\system32\drivers\mpio.sys)
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS543225L9A300 ATA Device +++++
--- User ---
[MBR] 84844a4b486bf8541b64da704b9617d0
[BSP] c76b7854869366d011f8060bf0bf5bc0 : Toshiba MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 227288 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 465487872 | Size: 11183 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_DEL_07162014_112609.log - RKreport_SCN_07162014_112233.log
Topic: Need help understanding Antirootkit findings (Read 5236 times)
