« previous next »
Pages: [1]

Author Topic: False positive ?  (Read 4740 times)

0 Members and 1 Guest are viewing this topic.

February 03, 2016, 02:51:33 PM

Troisquatre

  • Newbie
  • Offline
  • *
  • 2
  • Reputation:
    0
    • View Profile
False positive ?
« on: February 03, 2016, 02:51:33 PM »
Hi,  I ran RogueKiller and found this, is my report full of false positives ?

Thanks in advance

RogueKiller V11.0.10.0 (x64) [Feb  1 2016] (Gratuit) par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Démarré en  : Mode normal
Utilisateur : H [Administrateur]
Démarré depuis : C:\Users\H\Desktop\RogueKillerX64.exe
Mode : Scan -- Date : 02/03/2016 14:12:18

¤¤¤ Processus : 6 ¤¤¤
[Proc.RunPE] steamwebhelper.exe(8348) -- C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[7] -> Tué(e) [TermProc]
[Proc.RunPE] steamwebhelper.exe(7684) -- C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[7] -> Tué(e) [TermProc]
[Proc.RunPE] steamwebhelper.exe(7696) -- C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[7] -> Tué(e) [TermProc]
[Proc.RunPE] steamwebhelper.exe(8280) -- C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[7] -> Tué(e) [TermProc]
[Proc.RunPE] steamwebhelper.exe(12524) -- C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[7] -> Tué(e) [TermProc]
[Proc.RunPE] steamwebhelper.exe(11420) -- C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[7] -> Tué(e) [TermProc]

¤¤¤ Registre : 0 ¤¤¤

¤¤¤ Tâches : 0 ¤¤¤

¤¤¤ Fichiers : 0 ¤¤¤

¤¤¤ Fichier Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 30 (Driver: Chargé) ¤¤¤
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll!NtSetSystemInformation : Unknown @ 0x701e0 (jmp 0xffffffff88ed0f40|jmp 0xfffffffffffffe19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtWriteVirtualMemory : Unknown @ 0x703a0 (jmp 0xffffffff88ed2450|jmp 0xfffffffffffffc59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtDuplicateObject : Unknown @ 0x70380 (jmp 0xffffffff88ed2410|jmp 0xfffffffffffffc79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtCreateEvent : Unknown @ 0x702c0 (jmp 0xffffffff88ed2290|jmp 0xfffffffffffffd39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtNotifyChangeKey : Unknown @ 0x70480 (jmp 0xffffffff88ed19f0|jmp 0xfffffffffffffb79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtTerminateProcess : Unknown @ 0x703d0 (jmp 0xffffffff88ed2560|jmp 0xfffffffffffffc29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtOpenEvent : Unknown @ 0x702d0 (jmp 0xffffffff88ed2320|jmp 0xfffffffffffffd29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtAssignProcessToJobObject : Unknown @ 0x70390 (jmp 0xffffffff88ed1f60|jmp 0xfffffffffffffc69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtSetContextThread : Unknown @ 0x703f0 (jmp 0xffffffff88ed1310|jmp 0xfffffffffffffc09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtCreateSection : Unknown @ 0x70300 (jmp 0xffffffff88ed22b0|jmp 0xfffffffffffffcf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtOpenProcess : Unknown @ 0x70360 (jmp 0xffffffff88ed2550|jmp 0xfffffffffffffc99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtNotifyChangeMultipleKeys : Unknown @ 0x70490 (jmp 0xffffffff88ed19f0|jmp 0xfffffffffffffb69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtQueryObject : Unknown @ 0x70440 (jmp 0xffffffff88ed2790|jmp 0xfffffffffffffbb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateIoCompletion : Unknown @ 0x70340 (jmp 0xffffffff88ed1e20|jmp 0xfffffffffffffcb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenSection : Unknown @ 0x70310 (jmp 0xffffffff88ed23f0|jmp 0xfffffffffffffce9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateSemaphore : Unknown @ 0x702a0 (jmp 0xffffffff88ed1c90|jmp 0xfffffffffffffd59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenSemaphore : Unknown @ 0x702b0 (jmp 0xffffffff88ed1720|jmp 0xfffffffffffffd49|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateMutant : Unknown @ 0x70280 (jmp 0xffffffff88ed1d00|jmp 0xfffffffffffffd79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenMutant : Unknown @ 0x70290 (jmp 0xffffffff88ed1750|jmp 0xfffffffffffffd69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateTimer : Unknown @ 0x70320 (jmp 0xffffffff88ed1ce0|jmp 0xfffffffffffffcd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenTimer : Unknown @ 0x70330 (jmp 0xffffffff88ed1760|jmp 0xfffffffffffffcc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateThreadEx : Unknown @ 0x703c0 (jmp 0xffffffff88ed1d90|jmp 0xfffffffffffffc39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtTerminateThread : Unknown @ 0x703e0 (jmp 0xffffffff88ed2300|jmp 0xfffffffffffffc19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenThread : Unknown @ 0x70370 (jmp 0xffffffff88ed17b0|jmp 0xfffffffffffffc89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtSuspendThread : Unknown @ 0x70420 (jmp 0xffffffff88ed1090|jmp 0xfffffffffffffbd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ rpcrt4.dll) ntdll!NtAlpcSendWaitReceivePort : Unknown @ 0x70470 (jmp 0xffffffff88ed2070|jmp 0xfffffffffffffb89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ rpcrt4.dll) ntdll!NtQueueApcThreadEx : Unknown @ 0x70430 (jmp 0xffffffff88ed1570|jmp 0xfffffffffffffbc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ gdi32.dll) ntdll!NtVdmControl : Unknown @ 0x70270 (jmp 0xffffffff88ed0df0|jmp 0xfffffffffffffd89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ ntmarta.dll) ntdll!NtOpenEventPair : Unknown @ 0x702f0 (jmp 0xffffffff88ed1820|jmp 0xfffffffffffffd09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ ws2_32.dll) ntdll!NtLoadDriver : Unknown @ 0x701d0 (jmp 0xffffffff88ed1830|jmp 0xfffffffffffffe29|jmp 0x19b)

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: ST31000524AS ATA Device +++++
--- User ---
[MBR] 849a7e583bbcf7f4f01632c4711579de
[BSP] 89809920061dd3e232d48f98d9e08775 : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 206848 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 468992 | Size: 953640 MB
User = LL1 ... OK
User = LL2 ... OK
Logged
Reply #1February 03, 2016, 04:45:59 PM

Curson

  • Global Moderator
  • Hero Member
  • Offline
  • *****
  • 2809
  • Reputation:
    100
    • View Profile
Re: False positive ?
« Reply #1 on: February 03, 2016, 04:45:59 PM »
Hi Troisquatre,

Welcome to Adlice.com Forum.

These detections are indeed false positives.
We will fix this as soon as possible.

Regards.
Logged
Reply #2February 03, 2016, 05:13:02 PM

Troisquatre

  • Newbie
  • Offline
  • *
  • 2
  • Reputation:
    0
    • View Profile
Re: False positive ?
« Reply #2 on: February 03, 2016, 05:13:02 PM »
Thanks for the help :)
Logged
Reply #3February 03, 2016, 05:46:33 PM

Curson

  • Global Moderator
  • Hero Member
  • Offline
  • *****
  • 2809
  • Reputation:
    100
    • View Profile
Re: False positive ?
« Reply #3 on: February 03, 2016, 05:46:33 PM »
Hi Troisquatre,

You are welcome.

Regards.
Logged
Pages: [1]
« previous next »