Author Topic: Need some help. Is this log clean or not? (Read 4476 times)

ryuk · « **on:** April 06, 2015, 09:05:35 AM »

Hey guys. My friend told me to use this program and I tried it.
This is the result. There are some Drivers in Antirootkit. I dont know what or if they are suspicous. Also some entrys in the registry.
I hope you can help me! Thank you.

RogueKiller V10.5.8.0 (x64) [Mar 30 2015] by Adlice Software
Mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Betriebssystem : Windows 8.1 (6.3.9200 ) 64 bits version
gestarted in : normaler Modus
User : Loki [Administrator]
Started from : C:\Users\Loki\Downloads\RogueKillerX64_10.5.8.exe
Modus : Scannen -- Datum : 04/06/2015 08:36:02

¤¤¤ Prozesse : 0 ¤¤¤

¤¤¤ Registry : 13 ¤¤¤
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp13.msn.com -> Gefunden
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp13.msn.com -> Gefunden
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp13.msn.com -> Gefunden
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp13.msn.com -> Gefunden
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp13.msn.com -> Gefunden
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.1.1 [(Private Address) (XX)] -> Gefunden
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.1.1 [(Private Address) (XX)] -> Gefunden
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C2BB67FC-2769-47B0-9392-9836A50EE91B} | DhcpNameServer : 10.0.1.1 [(Private Address) (XX)] -> Gefunden
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C2BB67FC-2769-47B0-9392-9836A50EE91B} | DhcpNameServer : 10.0.1.1 [(Private Address) (XX)] -> Gefunden
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Gefunden
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Gefunden
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Gefunden
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Gefunden

¤¤¤ Aufgaben : 0 ¤¤¤

¤¤¤ Dateien : 0 ¤¤¤

¤¤¤ Host Dateien : 0 ¤¤¤

¤¤¤ Antirootkit : 43 (Driver: geladen) ¤¤¤
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - VirtualProtect : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - CreateProcessW : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - GetProcAddress : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtProtectVirtualMemory : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - LdrGetProcedureAddress : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - LdrLoadDll : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - LoadLibraryW : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - LoadLibraryA : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - OpenProcess : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - ReadProcessMemory : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - HeapCreate : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - WinExec : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - CreateFileA : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetReadFile : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - VirtualProtect : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - CreateProcessW : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - GetProcAddress : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtProtectVirtualMemory : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - LdrGetProcedureAddress : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - LdrLoadDll : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - LoadLibraryW : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - LoadLibraryA : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - OpenProcess : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - ReadProcessMemory : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - HeapCreate : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - WinExec : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - CreateFileA : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetReadFile : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - VirtualProtect : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - CreateProcessW : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - GetProcAddress : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtProtectVirtualMemory : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - LdrGetProcedureAddress : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - LdrLoadDll : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - LoadLibraryW : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - LoadLibraryA : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - OpenProcess : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - ReadProcessMemory : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - HeapCreate : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - WinExec : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - CreateFileA : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetReadFile : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetOpenA : @ 0x0 ()

¤¤¤ Web Browser : 0 ¤¤¤

¤¤¤ MBR Überprüfung : ¤¤¤
+++++ PhysicalDrive0: ST1000DM003-1ER162 +++++
--- User ---
[MBR] 091c67ea48fe30a32da0cb362674ef48
[BSP] 8e0868ad6f608ec2999b5a0d59029d6f : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1023 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2097152 | Size: 360 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2834432 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 3096576 | Size: 934592 MB
4 - [SYSTEM] Basic data partition | Offset (sectors): 1917140992 | Size: 17765 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SanDisk SDSA6GM-016G-1006 +++++
--- User ---
[MBR] 146f370b86a841ee9c96d72f50847355
[BSP] cf628ee5afa2811b97371212e2c176f4 : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK

EDIT1: I also ran Malwarebytes Anti-Malware and two different Antiviruses (Avira Free and McAfee Internet Security) on my computer. Those three show nothing suspicious. Especially Malwarebytes says that my system is clean. If, then I would have expected some warning by Malwarebytes since many people say it is really good for checking Registry, Rootkits etc.
Still waiting for your help. Thank you.

Curson · « **Reply #1 on:** April 06, 2015, 04:38:57 PM »

Hi ryuk,

Welcome to Adlice.com Forum.
Your report is clean.

Regards.

Note : This thread has been moved to the "RogueKiller" section for clarity.

Author Topic: Need some help. Is this log clean or not? (Read 4476 times)

ryuk

Need some help. Is this log clean or not?

Curson

Re: Need some help. Is this log clean or not?