Author Topic: Need Help To Verfiy (Read 6957 times)

Crazykid · « **on:** April 03, 2014, 04:27:48 PM »

First of all thank you for creating Roguekiller! It really is a big help especially in a University where most PC's are full of all sorts of malware and other viruses.

I would like to know if these are truly legit .dlls and just a Roguekiller error (I have experienced it before but I am really somewhat obsessive about keeping my machine in top performing condition)

This is my log file:

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9600 ) 64 bits version
Started in : Safe mode
User : LanYamato [Admin rights]
Mode : Scan -- Date : 04/03/2014 22:09:59
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] EAT @explorer.exe (DllCanUnloadNow) : NetworkStatus.dll -> HOOKED (C:\WINDOWS\System32\shacct.dll @ 0x396A1010)
[Address] EAT @explorer.exe (DllGetClassObject) : NetworkStatus.dll -> HOOKED (C:\WINDOWS\System32\shacct.dll @ 0x396A1130)
[Address] EAT @explorer.exe (AccConvertAccessMaskToActrlAccess) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x3871FA0C)
[Address] EAT @explorer.exe (AccConvertAccessToSD) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x3871FB80)
[Address] EAT @explorer.exe (AccConvertAccessToSecurityDescriptor) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x3871FD3C)
[Address] EAT @explorer.exe (AccConvertAclToAccess) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x3871FE90)
[Address] EAT @explorer.exe (AccConvertSDToAccess) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x3871FF2C)
[Address] EAT @explorer.exe (AccFreeIndexArray) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x38710D80)
[Address] EAT @explorer.exe (AccGetAccessForTrustee) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x387201A8)
[Address] EAT @explorer.exe (AccGetExplicitEntries) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x38720288)
[Address] EAT @explorer.exe (AccGetInheritanceSource) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x38710EA0)
[Address] EAT @explorer.exe (AccLookupAccountName) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x38720348)
[Address] EAT @explorer.exe (AccLookupAccountSid) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x38720648)
[Address] EAT @explorer.exe (AccLookupAccountTrustee) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x387209CC)
[Address] EAT @explorer.exe (AccProvCancelOperation) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x3871CAFC)
[Address] EAT @explorer.exe (AccProvGetAccessInfoPerObjectType) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x3871CB74)
[Address] EAT @explorer.exe (AccProvGetAllRights) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x3871CC1C)
[Address] EAT @explorer.exe (AccProvGetCapabilities) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x38708100)
[Address] EAT @explorer.exe (AccProvGetOperationResults) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x3871CDF8)
[Address] EAT @explorer.exe (AccProvGetTrusteesAccess) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x3871CF38)
[Address] EAT @explorer.exe (AccProvGrantAccessRights) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x3871D040)
[Address] EAT @explorer.exe (AccProvHandleGetAccessInfoPerObjectType) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x3871D1B0)
[Address] EAT @explorer.exe (AccProvHandleGetAllRights) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x3871D298)
[Address] EAT @explorer.exe (AccProvHandleGetTrusteesAccess) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x3871D410)
[Address] EAT @explorer.exe (AccProvHandleGrantAccessRights) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x3871C4D0)
[Address] EAT @explorer.exe (AccProvHandleIsAccessAudited) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x3871D48C)
[Address] EAT @explorer.exe (AccProvHandleIsObjectAccessible) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x3871D524)
[Address] EAT @explorer.exe (AccProvHandleRevokeAccessRights) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x3871D660)
[Address] EAT @explorer.exe (AccProvHandleRevokeAuditRights) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x3871D738)
[Address] EAT @explorer.exe (AccProvHandleSetAccessRights) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x3871D810)
[Address] EAT @explorer.exe (AccProvIsAccessAudited) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x3871D910)
[Address] EAT @explorer.exe (AccProvIsObjectAccessible) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x3871DA24)
[Address] EAT @explorer.exe (AccProvRevokeAccessRights) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x3871DE74)
[Address] EAT @explorer.exe (AccProvRevokeAuditRights) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x3871DFB0)
[Address] EAT @explorer.exe (AccProvSetAccessRights) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x3871E0EC)
[Address] EAT @explorer.exe (AccRewriteGetExplicitEntriesFromAcl) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x38707BD4)
[Address] EAT @explorer.exe (AccRewriteGetHandleRights) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x38711510)
[Address] EAT @explorer.exe (AccRewriteGetNamedRights) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x38711680)
[Address] EAT @explorer.exe (AccRewriteSetEntriesInAcl) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x38703070)
[Address] EAT @explorer.exe (AccRewriteSetHandleRights) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x38702270)
[Address] EAT @explorer.exe (AccRewriteSetNamedRights) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x38703BA0)
[Address] EAT @explorer.exe (AccSetEntriesInAList) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x38720AD4)
[Address] EAT @explorer.exe (AccTreeResetNamedSecurityInfo) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x387058A0)
[Address] EAT @explorer.exe (EventGuidToName) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x3870DE68)
[Address] EAT @explorer.exe (EventNameFree) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x3870DEF4)
[Address] EAT @explorer.exe (GetExplicitEntriesFromAclW) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x38707BCC)
[Address] EAT @explorer.exe (GetMartaExtensionInterface) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x38703600)
[Address] EAT @explorer.exe (GetNamedSecurityInfoW) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x38702680)
[Address] EAT @explorer.exe (GetSecurityInfo) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x38701390)
[Address] EAT @explorer.exe (SetEntriesInAclW) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x38703060)
[Address] EAT @explorer.exe (SetNamedSecurityInfoW) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x38703E64)
[Address] EAT @explorer.exe (SetSecurityInfo) : nlaapi.dll -> HOOKED (C:\WINDOWS\SYSTEM32\ntmarta.dll @ 0x387021B0)
[Address] EAT @explorer.exe (DllCanUnloadNow) : tbs.dll -> HOOKED (C:\WINDOWS\system32\twinui.dll @ 0x37471598)
[Address] EAT @explorer.exe (DllGetActivationFactory) : tbs.dll -> HOOKED (C:\WINDOWS\system32\twinui.dll @ 0x374FC13C)
[Address] EAT @explorer.exe (DllGetClassObject) : tbs.dll -> HOOKED (C:\WINDOWS\system32\twinui.dll @ 0x3749C540)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS545050A7E380 +++++
--- User ---
[MBR] 349e38587d586de91a46bf864a56e4dd
[BSP] a4a8aa4dd53b613db3654ee9f099e922 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_04032014_220959.txt >>

Please help thanks! ^_^

Tigzy · « **Reply #1 on:** April 03, 2014, 05:54:14 PM »

Hello

Looks like those DLLs are legit.
They will be whitelisted in the next release, which will be the version.... 9! (well, in some months)
Please be patient, I don't forget you

Crazykid · « **Reply #2 on:** April 03, 2014, 06:07:56 PM »

Thanks

That put me at ease ^_^~ Wish I'd given programming a shot when I had a chance haha

Author Topic: Need Help To Verfiy (Read 6957 times)

Crazykid

Need Help To Verfiy

Tigzy

Re: Need Help To Verfiy

Crazykid

Re: Need Help To Verfiy