Author Topic: help with rk scan  (Read 6824 times)

0 Members and 1 Guest are viewing this topic.

April 21, 2014, 03:50:07 PM

shawnaray

  • Guest
help with rk scan
« on: April 21, 2014, 03:50:07 PM »
RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : admin [Admin rights]
Mode : Scan -- Date : 04/21/2014 09:45:20
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] EAT @explorer.exe (DsAddressToSiteNamesA) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93CF80)
[Address] EAT @explorer.exe (DsAddressToSiteNamesExA) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93D3C8)
[Address] EAT @explorer.exe (DsAddressToSiteNamesExW) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93D828)
[Address] EAT @explorer.exe (DsAddressToSiteNamesW) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93D234)
[Address] EAT @explorer.exe (DsDeregisterDnsHostRecordsA) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93F214)
[Address] EAT @explorer.exe (DsDeregisterDnsHostRecordsW) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93F1BC)
[Address] EAT @explorer.exe (DsEnumerateDomainTrustsA) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93EB80)
[Address] EAT @explorer.exe (DsEnumerateDomainTrustsW) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB937A6C)
[Address] EAT @explorer.exe (DsGetDcCloseW) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93C844)
[Address] EAT @explorer.exe (DsGetDcNameA) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93C850)
[Address] EAT @explorer.exe (DsGetDcNameW) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB9314C0)
[Address] EAT @explorer.exe (DsGetDcNameWithAccountA) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93C888)
[Address] EAT @explorer.exe (DsGetDcNameWithAccountW) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93129C)
[Address] EAT @explorer.exe (DsGetDcNextA) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93C75C)
[Address] EAT @explorer.exe (DsGetDcNextW) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93C690)
[Address] EAT @explorer.exe (DsGetDcOpenA) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93C58C)
[Address] EAT @explorer.exe (DsGetDcOpenW) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93C47C)
[Address] EAT @explorer.exe (DsGetDcSiteCoverageA) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93DA9C)
[Address] EAT @explorer.exe (DsGetDcSiteCoverageW) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93DD5C)
[Address] EAT @explorer.exe (DsGetForestTrustInformationW) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93F2EC)
[Address] EAT @explorer.exe (DsGetSiteNameA) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93CEE0)
[Address] EAT @explorer.exe (DsGetSiteNameW) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB937578)
[Address] EAT @explorer.exe (DsMergeForestTrustInformationW) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93F3B0)
[Address] EAT @explorer.exe (DsValidateSubnetNameA) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93CD8C)
[Address] EAT @explorer.exe (DsValidateSubnetNameW) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93CDD8)
[Address] EAT @explorer.exe (I_DsUpdateReadOnlyServerDnsRecords) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93DF08)
[Address] EAT @explorer.exe (I_NetAccountDeltas) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93E6D0)
[Address] EAT @explorer.exe (I_NetAccountSync) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93E6D0)
[Address] EAT @explorer.exe (I_NetChainSetClientAttributes) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93F408)
[Address] EAT @explorer.exe (I_NetChainSetClientAttributes2) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93F48C)
[Address] EAT @explorer.exe (I_NetDatabaseDeltas) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93E6D0)
[Address] EAT @explorer.exe (I_NetDatabaseRedo) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93E6D0)
[Address] EAT @explorer.exe (I_NetDatabaseSync) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93E6D0)
[Address] EAT @explorer.exe (I_NetDatabaseSync2) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93E6D0)
[Address] EAT @explorer.exe (I_NetGetDCList) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93E18C)
[Address] EAT @explorer.exe (I_NetGetForestTrustInformation) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93F350)
[Address] EAT @explorer.exe (I_NetLogonControl) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93E6DC)
[Address] EAT @explorer.exe (I_NetLogonControl2) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93E730)
[Address] EAT @explorer.exe (I_NetLogonGetCapabilities) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB9322D0)
[Address] EAT @explorer.exe (I_NetLogonGetDomainInfo) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB9321DC)
[Address] EAT @explorer.exe (I_NetLogonSamLogoff) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93E460)
[Address] EAT @explorer.exe (I_NetLogonSamLogon) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93E2E8)
[Address] EAT @explorer.exe (I_NetLogonSamLogonEx) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93E394)
[Address] EAT @explorer.exe (I_NetLogonSamLogonWithFlags) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB937D2C)
[Address] EAT @explorer.exe (I_NetLogonSendToSam) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93E4C8)
[Address] EAT @explorer.exe (I_NetLogonUasLogoff) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93E2A8)
[Address] EAT @explorer.exe (I_NetLogonUasLogon) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93E268)
[Address] EAT @explorer.exe (I_NetServerAuthenticate) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93E528)
[Address] EAT @explorer.exe (I_NetServerAuthenticate2) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93E588)
[Address] EAT @explorer.exe (I_NetServerAuthenticate3) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB932260)
[Address] EAT @explorer.exe (I_NetServerGetTrustInfo) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93F0F4)
[Address] EAT @explorer.exe (I_NetServerPasswordGet) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93F010)
[Address] EAT @explorer.exe (I_NetServerPasswordSet) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93E5F4)
[Address] EAT @explorer.exe (I_NetServerPasswordSet2) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93E660)
[Address] EAT @explorer.exe (I_NetServerReqChallenge) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB931FB4)
[Address] EAT @explorer.exe (I_NetServerTrustPasswordsGet) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93F07C)
[Address] EAT @explorer.exe (I_NetlogonComputeClientDigest) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB937630)
[Address] EAT @explorer.exe (I_NetlogonComputeServerDigest) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93EFB0)
[Address] EAT @explorer.exe (I_NetlogonGetTrustRid) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB9375C4)
[Address] EAT @explorer.exe (I_RpcExtInitializeExtensionPoint) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93FA78)
[Address] EAT @explorer.exe (NetAddServiceAccount) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93F510)
[Address] EAT @explorer.exe (NetEnumerateServiceAccounts) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93F59C)
[Address] EAT @explorer.exe (NetEnumerateTrustedDomains) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93E864)
[Address] EAT @explorer.exe (NetGetAnyDCName) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93CD4C)
[Address] EAT @explorer.exe (NetGetDCName) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB937B14)
[Address] EAT @explorer.exe (NetIsServiceAccount) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93F63C)
[Address] EAT @explorer.exe (NetLogonGetTimeServiceParentDomain) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93F17C)
[Address] EAT @explorer.exe (NetLogonSetServiceBits) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB9375FC)
[Address] EAT @explorer.exe (NetQueryServiceAccount) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93F69C)
[Address] EAT @explorer.exe (NetRemoveServiceAccount) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB93F558)
[Address] EAT @explorer.exe (NlBindingAddServerToCache) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB931FF0)
[Address] EAT @explorer.exe (NlBindingRemoveServerFromCache) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB937A00)
[Address] EAT @explorer.exe (NlBindingSetAuthInfo) : DNSAPI.dll -> HOOKED (C:\Windows\system32\LOGONCLI.DLL @ 0xFB931F20)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS725032A9A364 +++++
--- User ---
[MBR] f161517b7e592ef3b2bf9c3a44598507
[BSP] e8f54dba0a0567898fa8d649484e9b5a : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27265024 | Size: 84 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27469824 | Size: 291831 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_04212014_094520.txt >>
RKreport[0]_D_04062014_131418.txt;RKreport[0]_D_11082013_171321.txt;RKreport[0]_S_03012014_083643.txt
RKreport[0]_S_03012014_083828.txt;RKreport[0]_S_04042014_114440.txt;RKreport[0]_S_04062014_123918.txt
RKreport[0]_S_04062014_131105.txt;RKreport[0]_S_04062014_131306.txt;RKreport[0]_S_04182014_122242.txt
RKreport[0]_S_04182014_122650.txt;RKreport[0]_S_04182014_123146.txt;RKreport[0]_S_04212014_094025.txt
RKreport[0]_S_10012013_065250.txt;RKreport[0]_S_10122013_051007.txt;RKreport[0]_S_10122013_055149.txt
RKreport[0]_S_10302013_083045.txt;RKreport[0]_S_11082013_163846.txt;RKreport[0]_S_11102013_070558.txt
RKreport[0]_S_12302013_081049.txt



Reply #1April 21, 2014, 03:53:03 PM

shawnaray

  • Guest
Re: help with rk scan
« Reply #1 on: April 21, 2014, 03:53:03 PM »
I am not sure what to do. I have scanned my computer with rk many times and I have turned off my anti-virus software too. I would like to have someone to look at the results and let me know what I should do. I would be really appreciate it greatly. Thanks in advance Shawna

Reply #2April 28, 2014, 08:22:39 AM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: help with rk scan
« Reply #2 on: April 28, 2014, 08:22:39 AM »
Hello
Nothing to do :)
That false positive will be addressed in next release