Rootkit / malware ?

Hi,
i need your help on this please:

I ran some ARKs (RootRepeal, Tizer Rootkit Razor free, GMER, Rootkit Unhooker LE) and all show this:

unknown NtCreateThread 0xF7A95294 0x80586C45
unknown NtLoadKey 0xF7A952B2 0x805CE7ED
unknown NtReplaceKey 0xF7A952BC 0x806564EC
unknown NtRestoreKey 0xF7A952B7 0x80656081

All other "hooks" (?) shown in the report are listed with the name of the software (ZoneAlarm, GesWall, ThreatFire), but these entries only show "unknown" ?

Antivir and several anti-malware scanners didn't find anything (OS + UBCD4win-CD).

thank you ! your help is appreciated !

 

Avira Antivir has SSDT hooks that are reported as unknown. To be certain you can either uninstall Antivir or use something like Autoruns to temporarily disable the start up of anything to do with Antivir.

If you're familiar with WinDbg, you can trace the hook redirections.

 

Thank you stackz for the hint.

 

Hello gambla
maybe you'll find more information here :
http://www.microsoft.com/security/p...aspx?query=NtRestoreKey 0xF7A952B7 0x80656081
and here :
http://www.microsoft.com/security/p...aspx?query=NtReplaceKey 0xF7A952BC 0x806564EC

regards