Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Kaitengiri

Pages: [1]
1
RogueKiller / Re: ===> False Positives <===
« on: October 07, 2015, 11:07:41 AM »
Are these a legit... code... whatever... Or is it just a false alert? Im confused cause roguekiller suddenly found these IAT hooks on my pc... Copypasting the log...
Please help a confused fellah ;__;

RogueKiller V10.10.9.0 (x64) [Oct  5 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Niko [Administrator]
Started from : C:\Users\Niko\Downloads\RogueKillerX64.exe
Mode : Scan -- Date : 10/07/2015 11:40:24

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 3 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ALSysIO (\??\C:\Users\Niko\AppData\Local\Temp\ALSysIO64.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALSysIO (\??\C:\Users\Niko\AppData\Local\Temp\ALSysIO64.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ALSysIO (\??\C:\Users\Niko\AppData\Local\Temp\ALSysIO64.sys) -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 30 (Driver: Loaded) ¤¤¤
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x772201e0 (jmp 0x161140|jmp 0xfffffffffffffe19|call 0x5)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x772203a0 (jmp 0x162650|jmp 0xfffffffffffffc59|call 0x5)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x77220380 (jmp 0x162610|jmp 0xfffffffffffffc79|call 0x5)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x772202c0 (jmp 0x162490|jmp 0xfffffffffffffd39|call 0x5)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll.dll - NtNotifyChangeKey : Unknown @ 0x77220480 (jmp 0x161bf0|jmp 0xfffffffffffffb79|call 0x5)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x772203d0 (jmp 0x162760|jmp 0xfffffffffffffc29|call 0x5)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x772202d0 (jmp 0x162520|jmp 0xfffffffffffffd29|call 0x5)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll.dll - NtAssignProcessToJobObject : Unknown @ 0x77220390 (jmp 0x162160|jmp 0xfffffffffffffc69|call 0x5)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll.dll - NtSetContextThread : Unknown @ 0x772203f0 (jmp 0x161510|jmp 0xfffffffffffffc09|call 0x5)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll.dll - NtCreateSection : Unknown @ 0x77220300 (jmp 0x1624b0|jmp 0xfffffffffffffcf9|call 0x5)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x77220360 (jmp 0x162750|jmp 0xfffffffffffffc99|call 0x5)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll.dll - NtNotifyChangeMultipleKeys : Unknown @ 0x77220490 (jmp 0x161bf0|jmp 0xfffffffffffffb69|call 0x5)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x77220440 (jmp 0x162990|jmp 0xfffffffffffffbb9|call 0x5)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateIoCompletion : Unknown @ 0x77220340 (jmp 0x162020|jmp 0xfffffffffffffcb9|call 0x5)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenSection : Unknown @ 0x77220310 (jmp 0x1625f0|jmp 0xfffffffffffffce9|call 0x5)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateSemaphore : Unknown @ 0x772202a0 (jmp 0x161e90|jmp 0xfffffffffffffd59|call 0x5)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenSemaphore : Unknown @ 0x772202b0 (jmp 0x161920|jmp 0xfffffffffffffd49|call 0x5)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateMutant : Unknown @ 0x77220280 (jmp 0x161f00|jmp 0xfffffffffffffd79|call 0x5)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenMutant : Unknown @ 0x77220290 (jmp 0x161950|jmp 0xfffffffffffffd69|call 0x5)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateTimer : Unknown @ 0x77220320 (jmp 0x161ee0|jmp 0xfffffffffffffcd9|call 0x5)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenTimer : Unknown @ 0x77220330 (jmp 0x161960|jmp 0xfffffffffffffcc9|call 0x5)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateThreadEx : Unknown @ 0x772203c0 (jmp 0x161f90|jmp 0xfffffffffffffc39|call 0x5)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtTerminateThread : Unknown @ 0x772203e0 (jmp 0x162500|jmp 0xfffffffffffffc19|call 0x5)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenThread : Unknown @ 0x77220370 (jmp 0x1619b0|jmp 0xfffffffffffffc89|call 0x5)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtSuspendThread : Unknown @ 0x77220420 (jmp 0x161290|jmp 0xfffffffffffffbd9|call 0x5)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ RPCRT4.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x77220470 (jmp 0x162270|jmp 0xfffffffffffffb89|call 0x5)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ RPCRT4.dll) ntdll.dll - NtQueueApcThreadEx : Unknown @ 0x77220430 (jmp 0x161770|jmp 0xfffffffffffffbc9|call 0x5)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ GDI32.dll) ntdll.dll - NtVdmControl : Unknown @ 0x77220270 (jmp 0x160ff0|jmp 0xfffffffffffffd89|call 0x5)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenEventPair : Unknown @ 0x772202f0 (jmp 0x161a20|jmp 0xfffffffffffffd09|call 0x5)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ WS2_32.dll) ntdll.dll - NtLoadDriver : Unknown @ 0x772201d0 (jmp 0x161a30|jmp 0xfffffffffffffe29|call 0x5)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-75M2NA0 ATA Device +++++
--- User ---
[MBR] 6bff5770c03e7cd9ad8c283232419a35
[BSP] 073100360ba840d05d0fb98b809d619c : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


Pages: [1]