Welcome to LQ Security. There is nothing wrong with being new and inexperienced. Everyone here was when they began. What is a problem is running a security tool, posting the output asking strangers if there is anything wrong with it. If you are going to run these kinds of tools you need to learn how to use them properly or you will rapidly wind up in quicksand. The rkhunter program has excellent documentation and does explain very clearly how to tweak it for the specifics of your system to avoid false alarms. Be sure to read this documentation.
Now, to address your specific question(s): These tools will identify things that that are potentially suspect. These tools are designed to be conservative and warn judiciously. Pretty much every system will have normal aspects to it that will cause warnings. What you need to do is examine the output of these files, look for warnings, and then research what they mean. For example:
Code:
[09:27:45] Warning: The command '/usr/bin/unhide.rb' has been replaced by a script: /usr/bin/unhide.rb: Ruby script, ASCII text
Is this file legitimate on your system? If there is a question, verify the file date, time, md5sum and compare it against the one in the package repositories. The ubuntu package page has excellent search features and you should be able to easily locate which package this file is located in, download it, and compare these items.
Code:
[09:32:24] Checking for hidden files and directories [ Warning ]
[09:32:24] Warning: Hidden directory found: /etc/.java
[09:32:24] Warning: Hidden directory found: /dev/.udev
Again, Google is your friend. Google these warnings, read the descriptions, and make your own determination.
A word of experience might also be warranted here. In order to properly secure your system, which I assume is your goal, you need to first
identify what it is you are trying to secure against and develop a plan accordingly. While root kit detection is an important aspect of a solid security process, one should not rely on it as a sole measure of whether or not their system is clean. If you aren't already, one of the first things you should be doing is auditing your log files regularly as signs of intrusion and problems will almost always appear there first.