« previous next »
Pages: [1]

Author Topic: Weird entry  (Read 5905 times)

0 Members and 1 Guest are viewing this topic.

June 23, 2015, 10:29:26 AM

Casek

  • Newbie
  • Offline
  • *
  • 2
  • Reputation:
    0
    • View Profile
Weird entry
« on: June 23, 2015, 10:29:26 AM »
Hi,

is AVG TuneUP Utilities 2015  really Malware?

Bitdefender and Emsisoft and Malwarebytes and HitmanPro dont find something.

And the rest? Bitdefender and Emsisoft and Malwarebytes and HitmanPro really dont find something on my PC.

Here is the full report:          THANK YOU!!!!!!!!!!!!! Greetings from Germany.


RogueKiller V10.8.6.0 [Jun 22 2015] by Adlice Software
Mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Betriebssystem : Windows 8.1 (6.3.9200 ) 32 bits version
gestarted in : normaler Modus
User : User [Administrator]
Started from : C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\IE\BJ9Y95IZ\RogueKiller.exe
Modus : Scannen -- Datum : 06/23/2015  09:46:29

¤¤¤ Prozesse : 1 ¤¤¤
[AV.Killer] TuneUpUtilitiesService32.exe(2644) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe[7] -> beendet [TermProc]

¤¤¤ Registry : 2 ¤¤¤
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TsUsbFlt (System32\drivers\tsusbflt.sys) -> Gefunden
[PUM.HomePage] HKEY_USERS\S-1-5-21-2252380842-1786902203-280015242-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://ixquick.com/  -> Gefunden

¤¤¤ Aufgaben : 0 ¤¤¤

¤¤¤ Dateien : 0 ¤¤¤

¤¤¤ Host Dateien : 0 ¤¤¤

¤¤¤ Antirootkit : 74 (Driver: geladen) ¤¤¤
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtOpenProcessToken : Unknown @ 0x7f583939 (jmp 0x81c8579|jmp 0xffffcb62|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtQueryInformationToken : Unknown @ 0x7f5839d1 (jmp 0x81c8bf1|jmp 0xffffcaca|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x7f582b91 (jmp 0x81c8c71|jmp 0xffffd90a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtSetInformationProcess : Unknown @ 0x7f582a61 (jmp 0x81c88c1|jmp 0xffffda3a|call 0x1fe)
[IAT:Addr(Hook.IEAT)] (explorer.exe) USER32.dll - SetWindowPos : C:\Program Files\IObit\Start Menu 8\StartMenuDll.dll @ 0xce2e300
[IAT:Inl(Hook.IEAT)] (explorer.exe) USER32.dll - SetWinEventHook : Unknown @ 0x7f582049 (jmp 0x87e9799|jmp 0xffffe452|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) USER32.dll - GetMessageW : Unknown @ 0x7f583d61 (jmp 0x87fadd1|jmp 0xffffc73a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) USER32.dll - SetWindowsHookExW : Unknown @ 0x7f5816c9 (jmp 0x87ee599|jmp 0xffffedd2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x7f581e81 (jmp 0x83d4bf1|jmp 0xffffe61a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0x7f581501 (jmp 0x81c5e61|jmp 0xffffef9a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x7f581599 (jmp 0x81c7b09|jmp 0xffffef02|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtProtectVirtualMemory : C:\Windows\system32\hmpalert.dll @ 0x6fa48d80 (jmp 0xf868dce0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - RtlEqualSid : Unknown @ 0x7f583a69 (jmp 0x8215cf9|jmp 0xffffca32|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtCreateSection : Unknown @ 0x7f584059 (jmp 0x81c7e69|jmp 0xffffc442|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtFreeVirtualMemory : C:\Windows\system32\hmpalert.dll @ 0x6fa48ea0 (jmp 0xf868d370)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtAllocateVirtualMemory : C:\Windows\system32\hmpalert.dll @ 0x6fa48cf0 (jmp 0xf868c220)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtCreateFile : Unknown @ 0x7f5830e9 (jmp 0x81c6c79|jmp 0xffffd3b2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtTerminateProcess : Unknown @ 0x7f5829c9 (jmp 0x81c8d69|jmp 0xffffdad2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) KERNELBASE.dll - CreateProcessInternalW : Unknown @ 0x7f581a59 (jmp 0xa8a2cf9|jmp 0xffffea42|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtDuplicateObject : Unknown @ 0x7f581d51 (jmp 0x81c5f71|jmp 0xffffe74a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - RtlCreateProcessParametersEx : Unknown @ 0x7f582801 (jmp 0x81ef5b1|jmp 0xffffdc9a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtAdjustPrivilegesToken : Unknown @ 0x7f583051 (jmp 0x81c6481|jmp 0xffffd44a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x7f581af1 (jmp 0x81c8261|jmp 0xffffe9aa|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtCreateMutant : Unknown @ 0x7f583f29 (jmp 0x81c7bf9|jmp 0xffffc572|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtOpenProcess : Unknown @ 0x7f581c21 (jmp 0x81c6841|jmp 0xffffe87a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtOpenSection : Unknown @ 0x7f583fc1 (jmp 0x81c8c61|jmp 0xffffc4da|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0x7f5817f9 (jmp 0x81c5689|jmp 0xffffeca2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtSuspendThread : Unknown @ 0x7f581f19 (jmp 0x81c8259|jmp 0xffffe582|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtSetContextThread : Unknown @ 0x7f581b89 (jmp 0x81c77c9|jmp 0xffffe912|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtQueueApcThread : Unknown @ 0x7f581cb9 (jmp 0x81c7309|jmp 0xffffe7e2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtVdmControl : Unknown @ 0x7f583c31 (jmp 0x81ca201|jmp 0xffffc86a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) USER32.dll - GetMessageA : Unknown @ 0x7f583cc9 (jmp 0x87ef8c9|jmp 0xffffc7d2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) advapi32.dll - CryptAcquireContextW : Unknown @ 0x7f5833e1 (jmp 0x82a9b81|jmp 0xffffd0ba|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtLoadDriver : Unknown @ 0x7f582af9 (jmp 0x81c72b9|jmp 0xffffd9a2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) advapi32.dll - CryptGetHashParam : Unknown @ 0x7f5836d9 (jmp 0x829ca29|jmp 0xffffcdc2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) advapi32.dll - CryptHashData : Unknown @ 0x7f583771 (jmp 0x829cb01|jmp 0xffffcd2a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) advapi32.dll - CryptCreateHash : Unknown @ 0x7f5835a9 (jmp 0x829c919|jmp 0xffffcef2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) KERNEL32.dll - GetStartupInfoA : Unknown @ 0x7f583b99 (jmp 0x8402b89|jmp 0xffffc902|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) advapi32.dll - CryptImportKey : Unknown @ 0x7f583809 (jmp 0x829cb19|jmp 0xffffcc92|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x7f681e81 (jmp 0x84d4bf1|jmp 0xffffe61a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0x7f681501 (jmp 0x82c5e61|jmp 0xffffef9a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x7f681599 (jmp 0x82c7b09|jmp 0xffffef02|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - RtlEqualSid : Unknown @ 0x7f6839d1 (jmp 0x8315c61|jmp 0xffffcaca|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtQueryInformationToken : Unknown @ 0x7f683939 (jmp 0x82c8b59|jmp 0xffffcb62|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtCreateSection : Unknown @ 0x7f684a71 (jmp 0x82c8881|jmp 0xffffba2a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtSetInformationProcess : Unknown @ 0x7f6829c9 (jmp 0x82c8829|jmp 0xffffdad2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtOpenProcessToken : Unknown @ 0x7f6838a1 (jmp 0x82c84e1|jmp 0xffffcbfa|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtFreeVirtualMemory : C:\Windows\system32\hmpalert.dll @ 0x6fa48ea0 (jmp 0xf868d370)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x7f682af9 (jmp 0x82c8bd9|jmp 0xffffd9a2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtOpenFile : Unknown @ 0x7f683f29 (jmp 0x82c89e9|jmp 0xffffc572|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtTerminateProcess : Unknown @ 0x7f682931 (jmp 0x82c8cd1|jmp 0xffffdb6a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) KERNELBASE.dll - CreateProcessInternalW : Unknown @ 0x7f681a59 (jmp 0xa9a2cf9|jmp 0xffffea42|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtDuplicateObject : Unknown @ 0x7f681d51 (jmp 0x82c5f71|jmp 0xffffe74a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - RtlCreateProcessParametersEx : Unknown @ 0x7f682769 (jmp 0x82ef519|jmp 0xffffdd32|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtAdjustPrivilegesToken : Unknown @ 0x7f682fb9 (jmp 0x82c63e9|jmp 0xffffd4e2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x7f681af1 (jmp 0x82c8261|jmp 0xffffe9aa|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtCreateMutant : Unknown @ 0x7f684941 (jmp 0x82c8611|jmp 0xffffbb5a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtOpenProcess : Unknown @ 0x7f681c21 (jmp 0x82c6841|jmp 0xffffe87a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtOpenSection : Unknown @ 0x7f6849d9 (jmp 0x82c9679|jmp 0xffffbac2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0x7f6817f9 (jmp 0x82c5689|jmp 0xffffeca2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtSuspendThread : Unknown @ 0x7f681f19 (jmp 0x82c8259|jmp 0xffffe582|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtSetContextThread : Unknown @ 0x7f681b89 (jmp 0x82c77c9|jmp 0xffffe912|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtQueueApcThread : Unknown @ 0x7f681cb9 (jmp 0x82c7309|jmp 0xffffe7e2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtCreateFile : Unknown @ 0x7f683fc1 (jmp 0x82c7b51|jmp 0xffffc4da|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtLoadDriver : Unknown @ 0x7f682a61 (jmp 0x82c7221|jmp 0xffffda3a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtVdmControl : Unknown @ 0x7f683b99 (jmp 0x82ca169|jmp 0xffffc902|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) USER32.dll - SetWinEventHook : Unknown @ 0x7f682049 (jmp 0x88e9799|jmp 0xffffe452|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) USER32.dll - GetMessageW : Unknown @ 0x7f683d61 (jmp 0x88fadd1|jmp 0xffffc73a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) USER32.dll - GetMessageA : Unknown @ 0x7f683cc9 (jmp 0x88ef8c9|jmp 0xffffc7d2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) MSVCR120.dll - fopen : Unknown @ 0x7f684811 (jmp 0x1b902a4d|jmp 0xffffbc8a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) nss3.dll - sqlite3_mutex_enter : Unknown @ 0x0 (jmp dword [0x5e66f84c])
[IAT:Inl(Hook.IEAT)] (firefox.exe) nss3.dll - sqlite3_mutex_leave : Unknown @ 0x0 (jmp dword [0x5e66f854])
[IAT:Inl(Hook.IEAT)] (firefox.exe) ADVAPI32.dll - CryptAcquireContextW : Unknown @ 0x7f683349 (jmp 0x83a9ae9|jmp 0xffffd152|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ADVAPI32.dll - CryptAcquireContextA : Unknown @ 0x7f6832b1 (jmp 0x839c461|jmp 0xffffd1ea|call 0x1fe)

¤¤¤ Web Browser : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] 07oji3j2.default : user_pref("browser.startup.homepage", "https://ixquick.com/"); -> Gefunden

¤¤¤ MBR Überprüfung : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AZRX-00A8LB0 +++++
--- User ---
[MBR] 070fcc997f8e2c55a76f18693582f614
[BSP] ede3d597197f644a295c29636bf380d8 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476488 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 975849472 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic Flash HS-CF USB Device +++++
Error reading User MBR! ([15] Das Gerät ist nicht bereit. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Die Anforderung wird nicht unterstützt. )

+++++ PhysicalDrive2: Generic Flash HS-MS/SD USB Device +++++
Error reading User MBR! ([15] Das Gerät ist nicht bereit. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Die Anforderung wird nicht unterstützt. )

+++++ PhysicalDrive3: Generic Flash HS-SM USB Device +++++
Error reading User MBR! ([15] Das Gerät ist nicht bereit. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Die Anforderung wird nicht unterstützt. )


============================================
RKreport_SCN_02272015_182733.log - RKreport_SCN_04022015_141030.log
Logged
Reply #1June 24, 2015, 10:39:05 PM

Curson

  • Global Moderator
  • Hero Member
  • Offline
  • *****
  • 2809
  • Reputation:
    100
    • View Profile
Re: Weird entry
« Reply #1 on: June 24, 2015, 10:39:05 PM »
Hi Casek,

Welcome to Adlice.com Forum.

This entry is a false positive. Thanks for bringing it to our attention.
It will be fixed as soon as possible.

Regards.
Logged
Reply #2June 25, 2015, 08:46:56 PM

Casek

  • Newbie
  • Offline
  • *
  • 2
  • Reputation:
    0
    • View Profile
Re: Weird entry
« Reply #2 on: June 25, 2015, 08:46:56 PM »
 :)THANK YOU! :)
Logged
Reply #3June 25, 2015, 10:27:28 PM

Curson

  • Global Moderator
  • Hero Member
  • Offline
  • *****
  • 2809
  • Reputation:
    100
    • View Profile
Re: Weird entry
« Reply #3 on: June 25, 2015, 10:27:28 PM »
Hi Casek,

You are very welcome. :)

Regards.
Logged
Pages: [1]
« previous next »