Author Topic: are these false Positives or am I infected ?  (Read 7021 times)

0 Members and 1 Guest are viewing this topic.

May 30, 2015, 01:28:22 AM

TheMuffinman

  • Newbie

  • Offline
  • *

  • 7
  • Reputation:
    0
    • View Profile
are these false Positives or am I infected ?
« on: May 30, 2015, 01:28:22 AM »
Hello ,RogueKiller detected 3 other things in the anti rootkit tab today can you tell me if these are false positives too ? or am I infected ? report :

RogueKiller V10.7.0.0 (x64) [May 25 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : removename [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 05/30/2015  00:18:42

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2632152693-1255202836-1047204-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2632152693-1255202836-1047204-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2632152693-1255202836-1047204-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2632152693-1255202836-1047204-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2632152693-1255202836-1047204-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2632152693-1255202836-1047204-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2632152693-1255202836-1047204-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2632152693-1255202836-1047204-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 3 (Driver: Loaded) ¤¤¤
[IAT:Inl(Hook.IEAT)] (explorer.exe) msvcrt.dll - pow : Unknown @ 0x75900b6 (jmp 0xffffffffffffffb4)
[IAT:Inl(Hook.IEAT)] (explorer.exe) msvcrt.dll - free : Unknown @ 0x783c55d (jmp 0x57|jmp 0x1982b18b)
[IAT:Inl(Hook.IEAT)] (explorer.exe) msvcrt.dll - wcschr : Unknown @ 0x7817fc5 (jmp 0x3|jmp 0x4e)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST2000DM 001-1CH164 SATA Disk Device +++++
--- User ---
[MBR] 3e99d018e8be4f8cb57f623e22c6e299
[BSP] b0d71a947d6636fb01c39676b7efba73 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 1907377 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_05152015_001904.log - RKreport_DEL_05152015_002250.log - RKreport_DEL_05152015_002639.log - RKreport_SCN_05152015_003119.log
RKreport_SCN_05152015_084441.log - RKreport_DEL_05152015_084852.log - RKreport_DEL_05152015_084858.log - RKreport_SCN_05152015_085232.log
RKreport_SCN_05162015_040749.log - RKreport_DEL_05162015_041530.log - RKreport_SCN_05162015_042059.log - RKreport_DEL_05162015_045206.log
RKreport_SCN_05162015_045645.log - RKreport_SCN_05162015_071019.log - RKreport_DEL_05162015_071755.log - RKreport_SCN_05162015_072238.log
RKreport_SCN_05162015_075353.log - RKreport_DEL_05162015_075423.log - RKreport_SCN_05162015_083139.log - RKreport_SCN_05162015_093446.log
RKreport_DEL_05162015_093507.log - RKreport_SCN_05162015_102258.log - RKreport_SCN_05162015_105801.log - RKreport_SCN_05162015_110904.log
RKreport_DEL_05162015_111700.log - RKreport_SCN_05162015_162110.log - RKreport_SCN_05162015_171314.log - RKreport_SCN_05162015_203208.log
RKreport_SCN_05172015_125803.log - RKreport_SCN_05172015_130537.log - RKreport_DEL_05172015_131136.log - RKreport_SCN_05172015_192014.log
RKreport_SCN_05172015_193236.log - RKreport_SCN_05172015_195454.log - RKreport_SCN_05242015_091544.log - RKreport_DEL_05242015_092829.log
RKreport_SCN_05242015_093226.log - RKreport_SCN_05242015_094758.log - RKreport_SCN_05242015_170541.log - RKreport_SCN_05252015_134533.log
RKreport_SCN_05252015_184025.log - RKreport_SCN_05262015_153232.log - RKreport_SCN_05272015_193708.log - RKreport_DEL_05272015_194550.log
RKreport_SCN_05272015_194954.log - RKreport_SCN_05282015_045538.log - RKreport_SCN_05282015_182358.log - RKreport_SCN_05292015_022613.log
RKreport_SCN_05292015_050842.log - RKreport_DEL_05292015_051934.log - RKreport_SCN_05292015_052551.log - RKreport_SCN_05292015_060652.log
RKreport_SCN_05292015_061132.log - RKreport_SCN_05292015_185500.log - RKreport_SCN_05292015_191728.log - RKreport_SCN_05292015_201801.log
RKreport_DEL_05292015_202240.log - RKreport_SCN_05292015_204035.log - RKreport_SCN_05292015_205135.log

Reply #1May 30, 2015, 01:44:19 AM

TheMuffinman

  • Newbie

  • Offline
  • *

  • 7
  • Reputation:
    0
    • View Profile
Re: are these false Positives or am I infected ?
« Reply #1 on: May 30, 2015, 01:44:19 AM »
Rouge Killer detected another thing. but the other 3 are gone ? for some random reason here is the report after I did another scan 5 minutes after :
RogueKiller V10.7.0.0 (x64) [May 25 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : removedname [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 05/30/2015  00:41:05

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2632152693-1255202836-1047204-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2632152693-1255202836-1047204-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2632152693-1255202836-1047204-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2632152693-1255202836-1047204-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2632152693-1255202836-1047204-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2632152693-1255202836-1047204-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2632152693-1255202836-1047204-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2632152693-1255202836-1047204-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 1 (Driver: Loaded) ¤¤¤
[IAT:Inl(Hook.IEAT)] (explorer.exe) msvcrt.dll - floorf : Unknown @ 0xffffffffb8fa9a84 (jmp 0xffffffffb0f52a84)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST2000DM 001-1CH164 SATA Disk Device +++++
--- User ---
[MBR] 3e99d018e8be4f8cb57f623e22c6e299
[BSP] b0d71a947d6636fb01c39676b7efba73 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 1907377 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_05152015_001904.log - RKreport_DEL_05152015_002250.log - RKreport_DEL_05152015_002639.log - RKreport_SCN_05152015_003119.log
RKreport_SCN_05152015_084441.log - RKreport_DEL_05152015_084852.log - RKreport_DEL_05152015_084858.log - RKreport_SCN_05152015_085232.log
RKreport_SCN_05162015_040749.log - RKreport_DEL_05162015_041530.log - RKreport_SCN_05162015_042059.log - RKreport_DEL_05162015_045206.log
RKreport_SCN_05162015_045645.log - RKreport_SCN_05162015_071019.log - RKreport_DEL_05162015_071755.log - RKreport_SCN_05162015_072238.log
RKreport_SCN_05162015_075353.log - RKreport_DEL_05162015_075423.log - RKreport_SCN_05162015_083139.log - RKreport_SCN_05162015_093446.log
RKreport_DEL_05162015_093507.log - RKreport_SCN_05162015_102258.log - RKreport_SCN_05162015_105801.log - RKreport_SCN_05162015_110904.log
RKreport_DEL_05162015_111700.log - RKreport_SCN_05162015_162110.log - RKreport_SCN_05162015_171314.log - RKreport_SCN_05162015_203208.log
RKreport_SCN_05172015_125803.log - RKreport_SCN_05172015_130537.log - RKreport_DEL_05172015_131136.log - RKreport_SCN_05172015_192014.log
RKreport_SCN_05172015_193236.log - RKreport_SCN_05172015_195454.log - RKreport_SCN_05242015_091544.log - RKreport_DEL_05242015_092829.log
RKreport_SCN_05242015_093226.log - RKreport_SCN_05242015_094758.log - RKreport_SCN_05242015_170541.log - RKreport_SCN_05252015_134533.log
RKreport_SCN_05252015_184025.log - RKreport_SCN_05262015_153232.log - RKreport_SCN_05272015_193708.log - RKreport_DEL_05272015_194550.log
RKreport_SCN_05272015_194954.log - RKreport_SCN_05282015_045538.log - RKreport_SCN_05282015_182358.log - RKreport_SCN_05292015_022613.log
RKreport_SCN_05292015_050842.log - RKreport_DEL_05292015_051934.log - RKreport_SCN_05292015_052551.log - RKreport_SCN_05292015_060652.log
RKreport_SCN_05292015_061132.log - RKreport_SCN_05292015_185500.log - RKreport_SCN_05292015_191728.log - RKreport_SCN_05292015_201801.log
RKreport_DEL_05292015_202240.log - RKreport_SCN_05292015_204035.log - RKreport_SCN_05292015_205135.log - RKreport_SCN_05302015_001841.log

Reply #2June 03, 2015, 12:25:05 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: are these false Positives or am I infected ?
« Reply #2 on: June 03, 2015, 12:25:05 PM »
Hi TheMuffinman,

Your computer is clean.
This hook is perfectly legit.

Regards.

Reply #3June 04, 2015, 10:10:21 PM

TheMuffinman

  • Newbie

  • Offline
  • *

  • 7
  • Reputation:
    0
    • View Profile
Re: are these false Positives or am I infected ?
« Reply #3 on: June 04, 2015, 10:10:21 PM »
thanks

Reply #4June 14, 2015, 05:19:42 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: are these false Positives or am I infected ?
« Reply #4 on: June 14, 2015, 05:19:42 PM »
Hi TheMuffinman,

You are very welcome.

Regards.