Sujet Précédent Sujet Suivant

Pages qui s'ouvrent toutes seul sur google chrome

Fermé
diez7 Messages postés 13 Date d'inscription mercredi 17 avril 2013 Statut Membre Dernière intervention 5 février 2014 - 4 févr. 2014 à 16:29
Marou81 Messages postés 4175 Date d'inscription mercredi 13 janvier 2010 Statut Membre Dernière intervention 18 mars 2014 - 5 févr. 2014 à 21:58
salut comme l'indique le titre je n'arrive pas à me débarrasser de ces pages qui s'ouvrent toutes seules des pubs exactement quelqu'un peut m'aider?
et si sa peut aider j'ai fait une analyse voici les rapports:
http://up.security-x.fr/file.php?h=R097dc8f76fa2ec2f338591dc16f60210
http://up.security-x.fr/file.php?h=R5aca3ae551ce8b5bb2a2dd2923932db0
merci d'avance pour votre aide.
A voir également:

9 réponses

Réponse 1 / 9
Marou81 Messages postés 4175 Date d'inscription mercredi 13 janvier 2010 Statut Membre Dernière intervention 18 mars 2014 197
4 févr. 2014 à 20:35
Bonsoir,

▶ Télécharge RogueKiller (de Tigzy) sur le Bureau
▶ Quitte tous tes programmes en cours
▶ Lance le (si tu utilises Windows Vista ou 7 : fais un clic-droit dessus et choisis "Exécuter en tant qu'administrateur")
▶ Patiente pendant le pre-scan, puis clique sur le bouton "Scan"
▶ A la fin, vérifie que tous les éléments sont cochés puis clique sur "Suppression"
▶ Un rapport (RKreport.txt) doit être créé sur le Bureau, poste le dans ta prochaine réponse.
▶ Redémarre le pc

Utilise cet outil de désinfection spécifique aux logiciels publicitaires :

▶ Télécharge AdwCleaner (de Xplode) sur ton Bureau.
▶ Lance le, clique sur Nettoyer puis patiente le temps du scan.
▶ Une fois le nettoyage terminée, un message de prévention va s'afficher, je te conseille de le lire attentivement (n'hésite pas à me poser des questions si tu n'as pas compris certaines choses dans ce message).
▶ Ensuite, le rapport s'ouvrira : poste le dans ta prochaine réponse.

Ensuite télécharge Junk Removal Tool. Suis ce tuto et poste moi le rapport :
https://forum.security-x.fr/tutoriels-317/tutoriel-junkware-removal-tool

Utilise ce logiciel de désinfection généraliste :

▶ Télécharge et installe Malwarebytes' Anti-Malware
▶ A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée. Par contre, il n'est pas nécessaire d'activer l'essai gratuit pour la protection.
▶ Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme)
▶ Puis va dans l'onglet "Recherche", coche "Exécuter un examen rapide" puis "Rechercher"
▶ A la fin de l'analyse, clique sur Afficher les résultats
▶ Coche tous les éléments détectés puis clique sur Supprimer la sélection
▶ S'il t'est demandé de redémarrer l'ordinateur, accepte.
▶ Poste dans ta prochaine réponse le rapport apparaissant après la suppression.

Reparamètre tes navigateurs WEB :

▶ Internet Explorer et modules complémentaires / moteurs de recherche : https://forum.malekal.com/viewtopic.php?t=41399&start=
▶ Firefox : https://www.malekal.com/reparer-firefox/?t=36057&start=
▶ Google Chrome : https://www.malekal.com/reparer-google-chrome/?t=35837&start=

A+
1
Réponse 2 / 9
Marou81 Messages postés 4175 Date d'inscription mercredi 13 janvier 2010 Statut Membre Dernière intervention 18 mars 2014 197
5 févr. 2014 à 19:37
Bonsoir,

Relance rogue killer en mode suppression.

A+
1
Réponse 3 / 9
diez7 Messages postés 13 Date d'inscription mercredi 17 avril 2013 Statut Membre Dernière intervention 5 février 2014 7
5 févr. 2014 à 14:12
salut merci pour ta réponse alors voilà le rapport
RogueKiller V8.8.5 [Feb 3 2014] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : hxxp://forum.adlice.com
Site Web : https://www.luanagames.com/index.fr.html
Blog : https://www.adlice.com/

Systeme d'exploitation : Windows 8 (6.2.9200 ) 32 bits version
Demarrage : Mode normal
Utilisateur : leeroyt [Droits d'admin]
Mode : Recherche -- Date : 02/05/2014 14:06:37
| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 0 ¤¤¤

¤¤¤ Entrees de registre : 3 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\RunOnce : upfst_fr_62.exe (C:\Users\leeroyt\AppData\Local\fst_fr_62\upfst_fr_62.exe -runonce [7]) -> TROUVÉ
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ

¤¤¤ Tâches planifiées : 4 ¤¤¤
[V1][ROGUE ST] Pricora-chromeinstaller.job : C:\Program Files\Pricora\Pricora-chromeinstaller.exe - /installcrx /agentregpath='Pricora' /extensionfilepath='C:\Program Files\Pricora\35329.crx' /appid=35329 /srcid='000152' /subid='0' /zdata='0' /bic=8B744124F9014F0383DDDDDFCB4DC1AFIE /verifier=dba023078be11378ef1e258487ea316f /installerversion=1_27_153 /installerfullversion=1.27.153.7 /installationtime=1376213641 /statsdomain=hxxp://stats.datasrvstats.com /errorsdomain=hxxp://errors.datasrvstats.com /waitforbrowser=300 /extensionid=algmakeomkafjglfhpomolfhjppoojff /extensionversion=1.23.5 /extensionpublickey=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVGFfKfMqSOHK5V/iQNKrDej3WOtf4n7/OkE02iPFepyxWXoU6js0gqcBDZ/sZ55jbExm5hogTjbIviLu9jfpIc8VvupEdaw10bPqe9AsPcZQkFnqAUzxFAmKJn5FxRVe8HnmZ8c/jY9OfmH7IdY8+W7+D/1aSHbijAK+LN4a9kQIDAQAB /allusers /allprofiles /externallog='' [-][x][x][x][x][x] -> TROUVÉ
[V1][SUSP PATH] SaveSense.job : C:\Users\leeroyt\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> TROUVÉ
[V2][ROGUE ST] Pricora-chromeinstaller : C:\Program Files\Pricora\Pricora-chromeinstaller.exe - /installcrx /agentregpath='Pricora' /extensionfilepath='C:\Program Files\Pricora\35329.crx' /appid=35329 /srcid='000152' /subid='0' /zdata='0' /bic=8B744124F9014F0383DDDDDFCB4DC1AFIE /verifier=dba023078be11378ef1e258487ea316f /installerversion=1_27_153 /installerfullversion=1.27.153.7 /installationtime=1376213641 /statsdomain=hxxp://stats.datasrvstats.com /errorsdomain=hxxp://errors.datasrvstats.com /waitforbrowser=300 /extensionid=algmakeomkafjglfhpomolfhjppoojff /extensionversion=1.23.5 /extensionpublickey=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVGFfKfMqSOHK5V/iQNKrDej3WOtf4n7/OkE02iPFepyxWXoU6js0gqcBDZ/sZ55jbExm5hogTjbIviLu9jfpIc8VvupEdaw10bPqe9AsPcZQkFnqAUzxFAmKJn5FxRVe8HnmZ8c/jY9OfmH7IdY8+W7+D/1aSHbijAK+LN4a9kQIDAQAB /allusers /allprofiles /externallog='' [-][x][x][x][x][x] -> TROUVÉ
[V2][SUSP PATH] SaveSense : C:\Users\leeroyt\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> TROUVÉ

¤¤¤ Entrées Startup : 0 ¤¤¤

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Addons navigateur : 0 ¤¤¤

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [CHARGE] ¤¤¤
[Address] SSDT[35] : NtTerminateProcess @ 0x810D248D -> HOOKED (Unknown @ 0x90B5E417)
[Address] SSDT[37] : NtSystemDebugControl @ 0x81164A5B -> HOOKED (Unknown @ 0x90B5E48A)
[Address] SSDT[59] : ExpInterlockedPopEntrySListResume @ 0x811D1DA7 -> HOOKED (Unknown @ 0x90B5E485)
[Address] SSDT[91] : NtSetContextThread @ 0x811DDEAD -> HOOKED (Unknown @ 0x90B5E47B)
[Address] SSDT[109] : NtRequestWaitReplyPort @ 0x8114A324 -> HOOKED (Unknown @ 0x90B5E480)
[Address] SSDT[336] : NtCreateSection @ 0x81078DFF -> HOOKED (Unknown @ 0x90B5E476)
[Address] IAT @explorer.exe (CoTaskMemFree) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D33700)
[Address] IAT @explorer.exe (CoInitializeEx) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D49DF5)
[Address] IAT @explorer.exe (CoUninitialize) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D4963D)
[Address] IAT @explorer.exe (CreateStreamOnHGlobal) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D797D7)
[Address] IAT @explorer.exe (CoGetApartmentType) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D4A9CD)
[Address] IAT @explorer.exe (CoWaitForMultipleHandles) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D78B73)
[Address] IAT @explorer.exe (CoFreeUnusedLibraries) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D82329)
[Address] IAT @explorer.exe (CoEnableCallCancellation) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D56635)
[Address] IAT @explorer.exe (CoDisableCallCancellation) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D5666B)
[Address] IAT @explorer.exe (CoCancelCall) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DDE323)
[Address] IAT @explorer.exe (StringFromGUID2) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D4A428)
[Address] IAT @explorer.exe (PropVariantClear) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D4AAF0)
[Address] IAT @explorer.exe (CoMarshalInterThreadInterfaceInStream) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D7F6D4)
[Address] IAT @explorer.exe (CoReleaseMarshalData) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D596E2)
[Address] IAT @explorer.exe (CoCreateInstance) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D4C859)
[Address] IAT @explorer.exe (CoRevokeClassObject) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D834F6)
[Address] IAT @explorer.exe (CoRegisterClassObject) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D84757)
[Address] IAT @explorer.exe (CoGetInterfaceAndReleaseStream) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D7F684)
[Address] IAT @explorer.exe (CoGetMalloc) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D33838)
[Address] IAT @explorer.exe (CoCreateFreeThreadedMarshaler) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D4D270)
[Address] IAT @explorer.exe (CoTaskMemAlloc) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D337D7)
[Address] IAT @explorer.exe (CLSIDFromString) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D78056)
[Address] IAT @explorer.exe (CoTaskMemRealloc) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D4AACA)
[Address] IAT @explorer.exe (InterlockedExchange) : api-ms-win-core-interlocked-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745ECEF9)
[Address] IAT @explorer.exe (InterlockedIncrement) : api-ms-win-core-interlocked-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745ECE9B)
[Address] IAT @explorer.exe (InterlockedCompareExchange) : api-ms-win-core-interlocked-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745ECF0C)
[Address] IAT @explorer.exe (InterlockedDecrement) : api-ms-win-core-interlocked-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745ECE8A)
[Address] IAT @explorer.exe (RegCreateKeyExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7460B580)
[Address] IAT @explorer.exe (RegEnumValueW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745FC5C4)
[Address] IAT @explorer.exe (RegQueryInfoKeyW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745FC171)
[Address] IAT @explorer.exe (RegQueryValueExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745EFBB6)
[Address] IAT @explorer.exe (RegCloseKey) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745EF832)
[Address] IAT @explorer.exe (RegOpenKeyExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745EF625)
[Address] IAT @explorer.exe (RegGetValueW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F296A)
[Address] IAT @explorer.exe (RegOpenCurrentUser) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F63B3)
[Address] IAT @explorer.exe (RegEnumKeyExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745FAA19)
[Address] IAT @explorer.exe (RegDeleteValueW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74601401)
[Address] IAT @explorer.exe (RegSetValueExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7460B72B)
[Address] IAT @explorer.exe (OpenProcessToken) : api-ms-win-core-processthreads-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745EE647)
[Address] IAT @explorer.exe (OpenThreadToken) : api-ms-win-core-processthreads-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745EE612)
[Address] IAT @explorer.exe (CloseHandle) : api-ms-win-core-handle-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745ED140)
[Address] IAT @explorer.exe (DuplicateHandle) : api-ms-win-core-handle-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745EDA22)
[Address] IAT @explorer.exe (SetUnhandledExceptionFilter) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x746070D7)
[Address] IAT @explorer.exe (SetErrorMode) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F2EBF)
[Address] IAT @explorer.exe (GetLastError) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745ECEEF)
[Address] IAT @explorer.exe (RaiseException) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F1F9B)
[Address] IAT @explorer.exe (UnhandledExceptionFilter) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7467705F)
[Address] IAT @explorer.exe (WaitForSingleObject) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745E2151)
[Address] IAT @explorer.exe (OpenMutexW) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745FBACE)
[Address] IAT @explorer.exe (InitializeCriticalSectionEx) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F53BA)
[Address] IAT @explorer.exe (WaitForMultipleObjectsEx) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745ECFBE)
[Address] IAT @explorer.exe (SetEvent) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745ED08C)
[Address] IAT @explorer.exe (OpenEventW) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F229A)
[Address] IAT @explorer.exe (CreateEventW) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745ED997)
[Address] IAT @explorer.exe (ResetEvent) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745ED0B2)
[Address] IAT @explorer.exe (CreateMutexW) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F0EE1)
[Address] IAT @explorer.exe (ReleaseMutex) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745E1005)
[Address] IAT @explorer.exe (Sleep) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745E2284)
[Address] IAT @explorer.exe (CharNextW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F663E)
[Address] IAT @explorer.exe (CharUpperW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F695B)
[Address] IAT @explorer.exe (CharPrevW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F9AAC)
[Address] IAT @explorer.exe (CharLowerW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745FE111)
[Address] IAT @explorer.exe (IsCharAlphaNumericW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745FBDE7)
[Address] IAT @explorer.exe (HeapDestroy) : api-ms-win-core-heap-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F04F7)
[Address] IAT @explorer.exe (HeapSetInformation) : api-ms-win-core-heap-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F467B)
[Address] IAT @explorer.exe (GetProcessHeap) : api-ms-win-core-heap-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745ECEB1)
[Address] IAT @explorer.exe (WideCharToMultiByte) : api-ms-win-core-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F1CCD)
[Address] IAT @explorer.exe (MultiByteToWideChar) : api-ms-win-core-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F0C61)
[Address] IAT @explorer.exe (CompareStringW) : api-ms-win-core-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745EEC17)
[Address] IAT @explorer.exe (CompareStringOrdinal) : api-ms-win-core-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F7E2F)
[Address] IAT @explorer.exe (FreeLibrary) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745EDD11)
[Address] IAT @explorer.exe (GetProcAddress) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745EFCFE)
[Address] IAT @explorer.exe (LoadLibraryExW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F273E)
[Address] IAT @explorer.exe (LockResource) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745ED7DF)
[Address] IAT @explorer.exe (GetModuleHandleW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745EDC84)
[Address] IAT @explorer.exe (LoadResource) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F75B2)
[Address] IAT @explorer.exe (FindResourceExW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F748B)
[Address] IAT @explorer.exe (GetModuleFileNameW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745EE0AF)
[Address] IAT @explorer.exe (FreeLibraryAndExitThread) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745EE033)
[Address] IAT @explorer.exe (GetModuleHandleExW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F20DA)
[Address] IAT @explorer.exe (LoadStringW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F3BD1)
[Address] IAT @explorer.exe (GetModuleHandleA) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745EE3CA)
[Address] IAT @explorer.exe (GetCurrentDirectoryW) : api-ms-win-core-processenvironment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F54B6)
[Address] IAT @explorer.exe (GetCommandLineW) : api-ms-win-core-processenvironment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F53E2)
[Address] IAT @explorer.exe (SearchPathW) : api-ms-win-core-processenvironment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7463C406)
[Address] IAT @explorer.exe (ExpandEnvironmentStringsW) : api-ms-win-core-processenvironment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745EEDE9)
[Address] IAT @explorer.exe (CallNtPowerInformation) : api-ms-win-power-base-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\powrprof.dll @ 0x74401DCC)
[Address] IAT @explorer.exe (GetPwrCapabilities) : api-ms-win-power-base-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\powrprof.dll @ 0x7440367D)
[Address] IAT @explorer.exe (GetTokenInformation) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745EE773)
[Address] IAT @explorer.exe (GetSidSubAuthority) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F6446)
[Address] IAT @explorer.exe (CreateWellKnownSid) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74602A05)
[Address] IAT @explorer.exe (GetLengthSid) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745EE66F)
[Address] IAT @explorer.exe (IsValidSid) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745EE6D5)
[Address] IAT @explorer.exe (CopySid) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745EE688)
[Address] IAT @explorer.exe (GetSidSubAuthorityCount) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F645F)
[Address] IAT @explorer.exe (CheckTokenMembership) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F0329)
[Address] IAT @explorer.exe (PathCchAddExtension) : api-ms-win-core-path-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7461A8C1)
[Address] IAT @explorer.exe (PathCchCombine) : api-ms-win-core-path-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F86CF)
[Address] IAT @explorer.exe (PathCchAppend) : api-ms-win-core-path-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x746011EC)
[Address] IAT @explorer.exe (GetLongPathNameW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74612C8D)
[Address] IAT @explorer.exe (ReadFile) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F384C)
[Address] IAT @explorer.exe (CreateFileW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F26CE)
[Address] IAT @explorer.exe (WriteFile) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745EDA7F)
[Address] IAT @explorer.exe (GetFileSize) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F02B9)
[Address] IAT @explorer.exe (FindClose) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F4A48)
[Address] IAT @explorer.exe (CompareFileTime) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F1648)
[Address] IAT @explorer.exe (DeleteFileW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F402F)
[Address] IAT @explorer.exe (FindNextFileW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F4B4D)
[Address] IAT @explorer.exe (FindFirstFileW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F49EA)
[Address] IAT @explorer.exe (GetFileAttributesW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F2D76)
[Address] IAT @explorer.exe (GetTickCount64) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745ED21E)
[Address] IAT @explorer.exe (GetTickCount) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745ECE5B)
[Address] IAT @explorer.exe (GetProductInfo) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7460A3A1)
[Address] IAT @explorer.exe (GetVersionExW) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745EEE47)
[Address] IAT @explorer.exe (GetSystemDirectoryW) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F43EE)
[Address] IAT @explorer.exe (GetSystemTimeAsFileTime) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745ED306)
[Address] IAT @explorer.exe (GetSystemTime) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745EECE5)
[Address] IAT @explorer.exe (GetWindowsDirectoryW) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F69A0)
[Address] IAT @explorer.exe (GetLocalTime) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745EF145)
[Address] IAT @explorer.exe (GetDynamicTimeZoneInformation) : api-ms-win-core-timezone-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74632B27)
[Address] IAT @explorer.exe (GetTimeZoneInformation) : api-ms-win-core-timezone-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x746000B1)
[Address] IAT @explorer.exe (SystemTimeToFileTime) : api-ms-win-core-timezone-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F2141)
[Address] IAT @explorer.exe (GetTimeFormatEx) : api-ms-win-core-datetime-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74602599)
[Address] IAT @explorer.exe (GetDateFormatEx) : api-ms-win-core-datetime-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x746025C9)
[Address] IAT @explorer.exe (GetDateFormatW) : api-ms-win-core-datetime-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74612516)
[Address] IAT @explorer.exe (MapViewOfFile) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F2BB9)
[Address] IAT @explorer.exe (VirtualAlloc) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745ED3DD)
[Address] IAT @explorer.exe (UnmapViewOfFile) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745ED2A3)
[Address] IAT @explorer.exe (CreateFileMappingW) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F2D4F)
[Address] IAT @explorer.exe (VirtualFree) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745EDD5A)
[Address] IAT @explorer.exe (StrStrIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745FF51E)
[Address] IAT @explorer.exe (StrTrimW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745FDF67)
[Address] IAT @explorer.exe (StrCmpNICW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7463D843)
[Address] IAT @explorer.exe (StrCmpNW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7463CC6A)
[Address] IAT @explorer.exe (StrToIntW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7463DD73)
[Address] IAT @explorer.exe (StrChrW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7463D80F)
[Address] IAT @explorer.exe (StrCmpICW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7463D76D)
[Address] IAT @explorer.exe (StrCmpNIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745FF7C6)
[Address] IAT @explorer.exe (StrRStrIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74637664)
[Address] IAT @explorer.exe (StrCmpIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x746143B9)
[Address] IAT @explorer.exe (SHLoadIndirectString) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745FFB3B)
[Address] IAT @explorer.exe (StrChrIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74615923)
[Address] IAT @explorer.exe (StrCmpW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7463CED7)
[Address] IAT @explorer.exe (StrCmpCW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F6B0D)
[Address] IAT @explorer.exe (QISearch) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745EDEB8)
[Address] IAT @explorer.exe (StrCmpICA) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745EDF6D)
[Address] IAT @explorer.exe (GetUserDefaultUILanguage) : api-ms-win-core-localization-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F172A)
[Address] IAT @explorer.exe (CoRegisterMessageFilter) : api-ms-win-core-com-private-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D791D2)
[Address] IAT @explorer.exe (SHRegGetUSValueW) : api-ms-win-core-registryuserspecific-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74610829)
[Address] IAT @explorer.exe (SHRegGetBoolUSValueW) : api-ms-win-core-registryuserspecific-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74617F7A)
[Address] IAT @explorer.exe (PathRemoveExtensionW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74601111)
[Address] IAT @explorer.exe (PathIsFileSpecW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x746174FF)
[Address] IAT @explorer.exe (PathGetDriveNumberW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7463D9BF)
[Address] IAT @explorer.exe (PathRemoveFileSpecW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7461208C)
[Address] IAT @explorer.exe (PathCommonPrefixW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74600BFB)
[Address] IAT @explorer.exe (PathStripPathW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x746426F0)
[Address] IAT @explorer.exe (PathStripToRootW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7461224C)
[Address] IAT @explorer.exe (PathFindExtensionW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F9964)
[Address] IAT @explorer.exe (PathQuoteSpacesW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74637B36)
[Address] IAT @explorer.exe (SHExpandEnvironmentStringsW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F9C9B)
[Address] IAT @explorer.exe (PathFileExistsW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F6B45)
[Address] IAT @explorer.exe (PathGetArgsW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7463BE61)
[Address] IAT @explorer.exe (PathRemoveBlanksW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7460A588)
[Address] IAT @explorer.exe (PathFindFileNameW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7463D899)
[Address] IAT @explorer.exe (PathCombineW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745FE1CF)
[Address] IAT @explorer.exe (PathParseIconLocationW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74642A5F)
[Address] IAT @explorer.exe (PathIsRootW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745FE367)
[Address] IAT @explorer.exe (PathIsPrefixW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74600D6E)
[Address] IAT @explorer.exe (RegCreateKeyW) : api-ms-win-core-registry-l2-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\advapi32.dll @ 0x74C8879E)
[Address] IAT @explorer.exe (RoGetActivationFactory) : api-ms-win-core-winrt-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D876B7)
[Address] IAT @explorer.exe (WindowsDeleteString) : api-ms-win-core-winrt-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D81360)
[Address] IAT @explorer.exe (WindowsCreateString) : api-ms-win-core-winrt-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D815A1)
[Address] IAT @explorer.exe (WindowsGetStringRawBuffer) : api-ms-win-core-winrt-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D8116D)
[Address] IAT @explorer.exe (GetLocaleInfoW) : api-ms-win-core-localization-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F3457)
[Address] IAT @explorer.exe (GetThreadUILanguage) : api-ms-win-core-localization-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74600B2D)
[Address] IAT @explorer.exe (QueryFullProcessImageNameW) : api-ms-win-core-psapi-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7463E179)
[Address] IAT @explorer.exe (StopTraceW) : api-ms-win-eventing-controller-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74632934)
[Address] IAT @explorer.exe (EnableTraceEx2) : api-ms-win-eventing-controller-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7462960E)
[Address] IAT @explorer.exe (StartTraceW) : api-ms-win-eventing-controller-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74629E6F)
[Address] IAT @explorer.exe (DeactivateActCtx) : api-ms-win-core-sidebyside-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F029B)
[Address] IAT @explorer.exe (ReleaseActCtx) : api-ms-win-core-sidebyside-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F025F)
[Address] IAT @explorer.exe (ActivateActCtx) : api-ms-win-core-sidebyside-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F027D)
[Address] IAT @explorer.exe (CreateActCtxW) : api-ms-win-core-sidebyside-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F67FF)
[Address] IAT @explorer.exe (ChangeTimerQueueTimer) : api-ms-win-core-threadpool-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745EE072)
[Address] IAT @explorer.exe (DeleteTimerQueueTimer) : api-ms-win-core-threadpool-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F056D)
[Address] IAT @explorer.exe (CreateTimerQueueTimer) : api-ms-win-core-threadpool-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745F05BA)
[Address] IAT @explorer.exe (QueueUserWorkItem) : api-ms-win-core-threadpool-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x745EE81C)
[Inline] EAT @explorer.exe (?UiaHostProviderFromHwnd@Schema@DirectUI@@2P6GJPAUHWND__@@PAPAUIRawElementProviderSimple@@@ZA) : DUI70.dll -> HOOKED (Unknown @ 0xA9F32375)

¤¤¤ Ruches Externes: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


54.225.95.126 nikdaiaidiiiogaidkkekcmokcgcdeac


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD800BEVS-22RST0 ATA Device +++++
--- User ---
[MBR] d910d1e63e84b18f65244ecb9cc2fd88
[BSP] 1ef07bb7a8d0fd71bf9081dbdb69ad7e : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 76318 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) PNY USB 2.0 FD USB Device +++++
--- User ---
[MBR] 8501723c126743780449eb919226813d
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 6008 | Size: 7719 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Cette demande n?est pas prise en charge. )

Termine : << RKreport[0]_S_02052014_140637.txt >>
0
Réponse 4 / 9
diez7 Messages postés 13 Date d'inscription mercredi 17 avril 2013 Statut Membre Dernière intervention 5 février 2014 7
5 févr. 2014 à 14:30
voici le deuxième rapport
# AdwCleaner v3.018 - Rapport créé le 05/02/2014 à 14:22:16
# Mis à jour le 28/01/2014 par Xplode
# Système d'exploitation : Windows 8 Pro (32 bits)
# Nom d'utilisateur : leeroyt - CHRISLEE
# Exécuté depuis : C:\Users\leeroyt\Downloads\adwcleaner.exe
# Option : Nettoyer

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****

Dossier Supprimé : C:\Kreapixel
Dossier Supprimé : C:\ProgramData\Babylon
Dossier Supprimé : C:\Program Files\Delta
Dossier Supprimé : C:\Program Files\Nosibay
Dossier Supprimé : C:\Program Files\Pricora
Dossier Supprimé : C:\WINDOWS\system32\Searchprotect
Dossier Supprimé : C:\Users\leeroyt\AppData\Local\Bundled software uninstaller
Dossier Supprimé : C:\Users\leeroyt\AppData\Local\eSupport.com
Dossier Supprimé : C:\Users\leeroyt\AppData\Local\Searchprotect
Dossier Supprimé : C:\Users\leeroyt\AppData\Local\SwvUpdater
Dossier Supprimé : C:\Users\leeroyt\AppData\LocalLow\Delta
Dossier Supprimé : C:\Users\leeroyt\AppData\LocalLow\Softonic
Dossier Supprimé : C:\Users\leeroyt\AppData\Roaming\BabSolution
Dossier Supprimé : C:\Users\leeroyt\AppData\Roaming\Babylon
Dossier Supprimé : C:\Users\leeroyt\AppData\Roaming\Nosibay
Dossier Supprimé : C:\Users\leeroyt\AppData\Roaming\WebPlayerBdd
Dossier Supprimé : C:\Users\leeroyt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Dossier Supprimé : C:\Program Files\Software
Dossier Supprimé : C:\Users\leeroyt\AppData\Local\Google\Chrome\User Data\Default\Extensions\algmakeomkafjglfhpomolfhjppoojff
[!] Dossier Supprimé : C:\Users\leeroyt\AppData\Local\Google\Chrome\User Data\Default\Extensions\algmakeomkafjglfhpomolfhjppoojff
Fichier Supprimé : C:\Users\leeroyt\AppData\Roaming\BabMaint.exe
Fichier Supprimé : C:\Users\leeroyt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Fichier Supprimé : C:\WINDOWS\System32\Tasks\BitGuard
Fichier Supprimé : C:\WINDOWS\Tasks\Pricora-codedownloader.job
Fichier Supprimé : C:\WINDOWS\System32\Tasks\Pricora-codedownloader

***** [ Raccourcis ] *****


***** [ Registre ] *****

Valeur Supprimée : HKCU\Software\Mozilla\Firefox\Extensions [speedtestanalysis@SpeedAnalysis.com]
Valeur Supprimée : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [speedtestanalysis@SpeedAnalysis.com]
Clé Supprimée : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
[#] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BitGuard
[#] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57A8F0E6-F682-461F-846F-527818FBF16E}
[#] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{57A8F0E6-F682-461F-846F-527818FBF16E}
[#] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Pricora-codedownloader
[#] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBC19F9B-052B-4096-A349-A5621549AAE3}
[#] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CBC19F9B-052B-4096-A349-A5621549AAE3}
Clé Supprimée : HKLM\SOFTWARE\Classes\Prod.cap
Clé Supprimée : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Clé Supprimée : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Clé Supprimée : HKCU\Software\5c1d7d1e06dbf41
Clé Supprimée : HKLM\SOFTWARE\5c1d7d1e06dbf41
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455415552}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466416652}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444414452}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{23AF19F7-1D5B-442C-B14C-3D1081953C94}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Clé Supprimée : HKCU\Software\BI
Clé Supprimée : HKCU\Software\filescout
Clé Supprimée : HKCU\Software\FreeSoftToday
Clé Supprimée : HKCU\Software\ilivid
Clé Supprimée : HKCU\Software\InstallCore
Clé Supprimée : HKCU\Software\installedbrowserextensions
Clé Supprimée : HKCU\Software\InstalledThirdPartyPrograms
Clé Supprimée : HKCU\Software\lollipop
Clé Supprimée : HKCU\Software\powerpack
Clé Supprimée : HKCU\Software\Tutorials
Clé Supprimée : HKCU\Software\TutoTag
Clé Supprimée : HKCU\Software\AppDataLow\Software\DynConIE
Clé Supprimée : HKCU\Software\AppDataLow\Software\Pricora
Clé Supprimée : HKLM\Software\Babylon
Clé Supprimée : HKLM\Software\Delta
Clé Supprimée : HKLM\Software\InstalledThirdPartyPrograms
Clé Supprimée : HKLM\Software\Pricora
Clé Supprimée : HKLM\Software\SearchProtect
Clé Supprimée : HKLM\Software\Tutorials
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pricora
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375

***** [ Navigateurs ] *****

-\\ Internet Explorer v10.0.9200.16537

Paramètre Restauré : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Google Chrome v32.0.1700.76

[ Fichier : C:\Users\leeroyt\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [12180 octets] - [05/02/2014 14:20:51]
AdwCleaner[S0].txt - [11147 octets] - [05/02/2014 14:22:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11208 octets] ##########
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 9
diez7 Messages postés 13 Date d'inscription mercredi 17 avril 2013 Statut Membre Dernière intervention 5 février 2014 7
5 févr. 2014 à 14:39
voici le troisième
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 8 Pro x86
Ran by leeroyt on 05/02/2014 at 14:36:48,97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon



~~~ Registry Keys



~~~ Files



~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\apn"
Failed to delete: [Folder] "C:\ProgramData\application data\apn"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05/02/2014 at 14:38:14,46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
0
Réponse 6 / 9
diez7 Messages postés 13 Date d'inscription mercredi 17 avril 2013 Statut Membre Dernière intervention 5 février 2014 7
5 févr. 2014 à 15:09
le quatrième
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Version de la base de données: v2014.02.05.05

Windows 8 x86 NTFS
Internet Explorer 10.0.9200.16750
leeroyt :: CHRISLEE [administrateur]

05/02/2014 14:48:55
mbam-log-2014-02-05 (14-48-55).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 202322
Temps écoulé: 10 minute(s), 7 seconde(s)

Processus mémoire détecté(s): 1
C:\Program Files\fst_fr_33\fst_fr_33.exe (PUP.Optional.FreesoftToday) -> 156 -> Suppression au redémarrage.

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 3
HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Mis en quarantaine et supprimé avec succès.
HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Mis en quarantaine et supprimé avec succès.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fst_fr_33_is1 (PUP.Optional.FreesoftToday) -> Mis en quarantaine et supprimé avec succès.

Valeur(s) du Registre détectée(s): 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|fst_fr_33 (PUP.Optional.FreesoftToday) -> Données: "C:\Program Files\fst_fr_33\fst_fr_33.exe" -> Mis en quarantaine et supprimé avec succès.

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 1
C:\Program Files\fst_fr_33 (PUP.Optional.FreesoftToday) -> Suppression au redémarrage.

Fichier(s) détecté(s): 7
C:\Users\leeroyt\AppData\Local\genienext\nengine.dll (PUP.Optional.NextLive.A) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\fst_fr_33\unins000.msg (PUP.Optional.FreesoftToday) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\fst_fr_33\fst_fr_33.exe (PUP.Optional.FreesoftToday) -> Suppression au redémarrage.
C:\Program Files\fst_fr_33\predm.exe (PUP.Optional.FreesoftToday) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\fst_fr_33\unins000.dat (PUP.Optional.FreesoftToday) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\fst_fr_33\unins000.exe (PUP.Optional.FreesoftToday) -> Mis en quarantaine et supprimé avec succès.
C:\Users\leeroyt\AppData\Local\mysearchdial-speeddial.crx (PUP.Optional.MySearchDial.A) -> Mis en quarantaine et supprimé avec succès.

(fin)
0
Réponse 7 / 9
diez7 Messages postés 13 Date d'inscription mercredi 17 avril 2013 Statut Membre Dernière intervention 5 février 2014 7
5 févr. 2014 à 19:49
bonsoir
sa y es j'ai scanné et fait la suppression
sa à l'air d'avoir fait effet tout ça merci
a+
0
Marou81 Messages postés 4175 Date d'inscription mercredi 13 janvier 2010 Statut Membre Dernière intervention 18 mars 2014 197
5 févr. 2014 à 19:56
Faut me donner le rapport :)
0
Réponse 8 / 9
diez7 Messages postés 13 Date d'inscription mercredi 17 avril 2013 Statut Membre Dernière intervention 5 février 2014 7
5 févr. 2014 à 21:14
RogueKiller V8.8.5 [Feb 3 2014] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : hxxp://forum.adlice.com
Site Web : https://www.luanagames.com/index.fr.html
Blog : https://www.adlice.com/

Systeme d'exploitation : Windows 8 (6.2.9200 ) 32 bits version
Demarrage : Mode normal
Utilisateur : leeroyt [Droits d'admin]
Mode : Recherche -- Date : 02/05/2014 19:46:47
| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 1 ¤¤¤
[SUSP PATH] vntldr.exe -- C:\Users\leeroyt\AppData\Local\VNT\vntldr.exe [7] -> TUÉ [TermProc]

¤¤¤ Entrees de registre : 0 ¤¤¤

¤¤¤ Tâches planifiées : 0 ¤¤¤

¤¤¤ Entrées Startup : 0 ¤¤¤

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Addons navigateur : 0 ¤¤¤

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [CHARGE] ¤¤¤
[Address] SSDT[35] : NtTerminateProcess @ 0x8191848D -> HOOKED (Unknown @ 0x8B026E87)
[Address] SSDT[37] : NtSystemDebugControl @ 0x819AAA5B -> HOOKED (Unknown @ 0x8B026EFA)
[Address] SSDT[59] : ExpInterlockedPopEntrySListResume @ 0x81A17DA7 -> HOOKED (Unknown @ 0x8B026EF5)
[Address] SSDT[91] : NtSetContextThread @ 0x81A23EAD -> HOOKED (Unknown @ 0x8B026EEB)
[Address] SSDT[109] : NtRequestWaitReplyPort @ 0x81990324 -> HOOKED (Unknown @ 0x8B026EF0)
[Address] SSDT[336] : NtCreateSection @ 0x818BEDFF -> HOOKED (Unknown @ 0x8B026EE6)
[Address] IAT @explorer.exe (CoTaskMemFree) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75EE3700)
[Address] IAT @explorer.exe (CoInitializeEx) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75EF9DF5)
[Address] IAT @explorer.exe (CoUninitialize) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75EF963D)
[Address] IAT @explorer.exe (CreateStreamOnHGlobal) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75F297D7)
[Address] IAT @explorer.exe (CoGetApartmentType) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75EFA9CD)
[Address] IAT @explorer.exe (CoWaitForMultipleHandles) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75F28B73)
[Address] IAT @explorer.exe (CoFreeUnusedLibraries) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75F32329)
[Address] IAT @explorer.exe (CoEnableCallCancellation) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75F06635)
[Address] IAT @explorer.exe (CoDisableCallCancellation) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75F0666B)
[Address] IAT @explorer.exe (CoCancelCall) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75F8E323)
[Address] IAT @explorer.exe (StringFromGUID2) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75EFA428)
[Address] IAT @explorer.exe (PropVariantClear) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75EFAAF0)
[Address] IAT @explorer.exe (CoMarshalInterThreadInterfaceInStream) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75F2F6D4)
[Address] IAT @explorer.exe (CoReleaseMarshalData) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75F096E2)
[Address] IAT @explorer.exe (CoCreateInstance) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75EFC859)
[Address] IAT @explorer.exe (CoRevokeClassObject) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75F334F6)
[Address] IAT @explorer.exe (CoRegisterClassObject) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75F34757)
[Address] IAT @explorer.exe (CoGetInterfaceAndReleaseStream) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75F2F684)
[Address] IAT @explorer.exe (CoGetMalloc) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75EE3838)
[Address] IAT @explorer.exe (CoCreateFreeThreadedMarshaler) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75EFD270)
[Address] IAT @explorer.exe (CoTaskMemAlloc) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75EE37D7)
[Address] IAT @explorer.exe (CLSIDFromString) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75F28056)
[Address] IAT @explorer.exe (CoTaskMemRealloc) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75EFAACA)
[Address] IAT @explorer.exe (InterlockedExchange) : api-ms-win-core-interlocked-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FCEF9)
[Address] IAT @explorer.exe (InterlockedIncrement) : api-ms-win-core-interlocked-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FCE9B)
[Address] IAT @explorer.exe (InterlockedCompareExchange) : api-ms-win-core-interlocked-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FCF0C)
[Address] IAT @explorer.exe (InterlockedDecrement) : api-ms-win-core-interlocked-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FCE8A)
[Address] IAT @explorer.exe (RegCreateKeyExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7521B580)
[Address] IAT @explorer.exe (RegEnumValueW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520C5C4)
[Address] IAT @explorer.exe (RegQueryInfoKeyW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520C171)
[Address] IAT @explorer.exe (RegQueryValueExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FFBB6)
[Address] IAT @explorer.exe (RegCloseKey) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FF832)
[Address] IAT @explorer.exe (RegOpenKeyExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FF625)
[Address] IAT @explorer.exe (RegGetValueW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520296A)
[Address] IAT @explorer.exe (RegOpenCurrentUser) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x752063B3)
[Address] IAT @explorer.exe (RegEnumKeyExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520AA19)
[Address] IAT @explorer.exe (RegDeleteValueW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75211401)
[Address] IAT @explorer.exe (RegSetValueExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7521B72B)
[Address] IAT @explorer.exe (OpenProcessToken) : api-ms-win-core-processthreads-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FE647)
[Address] IAT @explorer.exe (OpenThreadToken) : api-ms-win-core-processthreads-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FE612)
[Address] IAT @explorer.exe (CloseHandle) : api-ms-win-core-handle-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FD140)
[Address] IAT @explorer.exe (DuplicateHandle) : api-ms-win-core-handle-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FDA22)
[Address] IAT @explorer.exe (SetUnhandledExceptionFilter) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x752170D7)
[Address] IAT @explorer.exe (SetErrorMode) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75202EBF)
[Address] IAT @explorer.exe (GetLastError) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FCEEF)
[Address] IAT @explorer.exe (RaiseException) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75201F9B)
[Address] IAT @explorer.exe (UnhandledExceptionFilter) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7528705F)
[Address] IAT @explorer.exe (WaitForSingleObject) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751F2151)
[Address] IAT @explorer.exe (OpenMutexW) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520BACE)
[Address] IAT @explorer.exe (InitializeCriticalSectionEx) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x752053BA)
[Address] IAT @explorer.exe (WaitForMultipleObjectsEx) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FCFBE)
[Address] IAT @explorer.exe (SetEvent) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FD08C)
[Address] IAT @explorer.exe (OpenEventW) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520229A)
[Address] IAT @explorer.exe (CreateEventW) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FD997)
[Address] IAT @explorer.exe (ResetEvent) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FD0B2)
[Address] IAT @explorer.exe (CreateMutexW) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75200EE1)
[Address] IAT @explorer.exe (ReleaseMutex) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751F1005)
[Address] IAT @explorer.exe (Sleep) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751F2284)
[Address] IAT @explorer.exe (CharNextW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520663E)
[Address] IAT @explorer.exe (CharUpperW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520695B)
[Address] IAT @explorer.exe (CharPrevW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75209AAC)
[Address] IAT @explorer.exe (CharLowerW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520E111)
[Address] IAT @explorer.exe (IsCharAlphaNumericW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520BDE7)
[Address] IAT @explorer.exe (HeapDestroy) : api-ms-win-core-heap-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x752004F7)
[Address] IAT @explorer.exe (HeapSetInformation) : api-ms-win-core-heap-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520467B)
[Address] IAT @explorer.exe (GetProcessHeap) : api-ms-win-core-heap-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FCEB1)
[Address] IAT @explorer.exe (WideCharToMultiByte) : api-ms-win-core-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75201CCD)
[Address] IAT @explorer.exe (MultiByteToWideChar) : api-ms-win-core-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75200C61)
[Address] IAT @explorer.exe (CompareStringW) : api-ms-win-core-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FEC17)
[Address] IAT @explorer.exe (CompareStringOrdinal) : api-ms-win-core-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75207E2F)
[Address] IAT @explorer.exe (FreeLibrary) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FDD11)
[Address] IAT @explorer.exe (GetProcAddress) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FFCFE)
[Address] IAT @explorer.exe (LoadLibraryExW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520273E)
[Address] IAT @explorer.exe (LockResource) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FD7DF)
[Address] IAT @explorer.exe (GetModuleHandleW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FDC84)
[Address] IAT @explorer.exe (LoadResource) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x752075B2)
[Address] IAT @explorer.exe (FindResourceExW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520748B)
[Address] IAT @explorer.exe (GetModuleFileNameW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FE0AF)
[Address] IAT @explorer.exe (FreeLibraryAndExitThread) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FE033)
[Address] IAT @explorer.exe (GetModuleHandleExW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x752020DA)
[Address] IAT @explorer.exe (LoadStringW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75203BD1)
[Address] IAT @explorer.exe (GetModuleHandleA) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FE3CA)
[Address] IAT @explorer.exe (GetCurrentDirectoryW) : api-ms-win-core-processenvironment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x752054B6)
[Address] IAT @explorer.exe (GetCommandLineW) : api-ms-win-core-processenvironment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x752053E2)
[Address] IAT @explorer.exe (SearchPathW) : api-ms-win-core-processenvironment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7524C406)
[Address] IAT @explorer.exe (ExpandEnvironmentStringsW) : api-ms-win-core-processenvironment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FEDE9)
[Address] IAT @explorer.exe (CallNtPowerInformation) : api-ms-win-power-base-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\powrprof.dll @ 0x74A51DCC)
[Address] IAT @explorer.exe (GetPwrCapabilities) : api-ms-win-power-base-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\powrprof.dll @ 0x74A5367D)
[Address] IAT @explorer.exe (GetTokenInformation) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FE773)
[Address] IAT @explorer.exe (GetSidSubAuthority) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75206446)
[Address] IAT @explorer.exe (CreateWellKnownSid) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75212A05)
[Address] IAT @explorer.exe (GetLengthSid) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FE66F)
[Address] IAT @explorer.exe (IsValidSid) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FE6D5)
[Address] IAT @explorer.exe (CopySid) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FE688)
[Address] IAT @explorer.exe (GetSidSubAuthorityCount) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520645F)
[Address] IAT @explorer.exe (CheckTokenMembership) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75200329)
[Address] IAT @explorer.exe (PathCchAddExtension) : api-ms-win-core-path-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7522A8C1)
[Address] IAT @explorer.exe (PathCchCombine) : api-ms-win-core-path-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x752086CF)
[Address] IAT @explorer.exe (PathCchAppend) : api-ms-win-core-path-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x752111EC)
[Address] IAT @explorer.exe (GetLongPathNameW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75222C8D)
[Address] IAT @explorer.exe (ReadFile) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520384C)
[Address] IAT @explorer.exe (CreateFileW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x752026CE)
[Address] IAT @explorer.exe (WriteFile) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FDA7F)
[Address] IAT @explorer.exe (GetFileSize) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x752002B9)
[Address] IAT @explorer.exe (FindClose) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75204A48)
[Address] IAT @explorer.exe (CompareFileTime) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75201648)
[Address] IAT @explorer.exe (DeleteFileW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520402F)
[Address] IAT @explorer.exe (FindNextFileW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75204B4D)
[Address] IAT @explorer.exe (FindFirstFileW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x752049EA)
[Address] IAT @explorer.exe (GetFileAttributesW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75202D76)
[Address] IAT @explorer.exe (GetTickCount64) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FD21E)
[Address] IAT @explorer.exe (GetTickCount) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FCE5B)
[Address] IAT @explorer.exe (GetProductInfo) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7521A3A1)
[Address] IAT @explorer.exe (GetVersionExW) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FEE47)
[Address] IAT @explorer.exe (GetSystemDirectoryW) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x752043EE)
[Address] IAT @explorer.exe (GetSystemTimeAsFileTime) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FD306)
[Address] IAT @explorer.exe (GetSystemTime) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FECE5)
[Address] IAT @explorer.exe (GetWindowsDirectoryW) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x752069A0)
[Address] IAT @explorer.exe (GetLocalTime) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FF145)
[Address] IAT @explorer.exe (GetDynamicTimeZoneInformation) : api-ms-win-core-timezone-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75242B27)
[Address] IAT @explorer.exe (GetTimeZoneInformation) : api-ms-win-core-timezone-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x752100B1)
[Address] IAT @explorer.exe (SystemTimeToFileTime) : api-ms-win-core-timezone-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75202141)
[Address] IAT @explorer.exe (GetTimeFormatEx) : api-ms-win-core-datetime-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75212599)
[Address] IAT @explorer.exe (GetDateFormatEx) : api-ms-win-core-datetime-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x752125C9)
[Address] IAT @explorer.exe (GetDateFormatW) : api-ms-win-core-datetime-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75222516)
[Address] IAT @explorer.exe (MapViewOfFile) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75202BB9)
[Address] IAT @explorer.exe (VirtualAlloc) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FD3DD)
[Address] IAT @explorer.exe (UnmapViewOfFile) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FD2A3)
[Address] IAT @explorer.exe (CreateFileMappingW) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75202D4F)
[Address] IAT @explorer.exe (VirtualFree) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FDD5A)
[Address] IAT @explorer.exe (StrStrIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520F51E)
[Address] IAT @explorer.exe (StrTrimW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520DF67)
[Address] IAT @explorer.exe (StrCmpNICW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7524D843)
[Address] IAT @explorer.exe (StrCmpNW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7524CC6A)
[Address] IAT @explorer.exe (StrToIntW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7524DD73)
[Address] IAT @explorer.exe (StrChrW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7524D80F)
[Address] IAT @explorer.exe (StrCmpICW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7524D76D)
[Address] IAT @explorer.exe (StrCmpNIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520F7C6)
[Address] IAT @explorer.exe (StrRStrIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75247664)
[Address] IAT @explorer.exe (StrCmpIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x752243B9)
[Address] IAT @explorer.exe (SHLoadIndirectString) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520FB3B)
[Address] IAT @explorer.exe (StrChrIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75225923)
[Address] IAT @explorer.exe (StrCmpW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7524CED7)
[Address] IAT @explorer.exe (StrCmpCW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75206B0D)
[Address] IAT @explorer.exe (QISearch) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FDEB8)
[Address] IAT @explorer.exe (StrCmpICA) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FDF6D)
[Address] IAT @explorer.exe (GetUserDefaultUILanguage) : api-ms-win-core-localization-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520172A)
[Address] IAT @explorer.exe (CoRegisterMessageFilter) : api-ms-win-core-com-private-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75F291D2)
[Address] IAT @explorer.exe (SHRegGetUSValueW) : api-ms-win-core-registryuserspecific-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75220829)
[Address] IAT @explorer.exe (SHRegGetBoolUSValueW) : api-ms-win-core-registryuserspecific-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75227F7A)
[Address] IAT @explorer.exe (PathRemoveExtensionW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75211111)
[Address] IAT @explorer.exe (PathIsFileSpecW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x752274FF)
[Address] IAT @explorer.exe (PathGetDriveNumberW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7524D9BF)
[Address] IAT @explorer.exe (PathRemoveFileSpecW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7522208C)
[Address] IAT @explorer.exe (PathCommonPrefixW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75210BFB)
[Address] IAT @explorer.exe (PathStripPathW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x752526F0)
[Address] IAT @explorer.exe (PathStripToRootW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7522224C)
[Address] IAT @explorer.exe (PathFindExtensionW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75209964)
[Address] IAT @explorer.exe (PathQuoteSpacesW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75247B36)
[Address] IAT @explorer.exe (SHExpandEnvironmentStringsW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75209C9B)
[Address] IAT @explorer.exe (PathFileExistsW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75206B45)
[Address] IAT @explorer.exe (PathGetArgsW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7524BE61)
[Address] IAT @explorer.exe (PathRemoveBlanksW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7521A588)
[Address] IAT @explorer.exe (PathFindFileNameW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7524D899)
[Address] IAT @explorer.exe (PathCombineW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520E1CF)
[Address] IAT @explorer.exe (PathParseIconLocationW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75252A5F)
[Address] IAT @explorer.exe (PathIsRootW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520E367)
[Address] IAT @explorer.exe (PathIsPrefixW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75210D6E)
[Address] IAT @explorer.exe (RegCreateKeyW) : api-ms-win-core-registry-l2-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\advapi32.dll @ 0x75DF879E)
[Address] IAT @explorer.exe (RoGetActivationFactory) : api-ms-win-core-winrt-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75F376B7)
[Address] IAT @explorer.exe (WindowsDeleteString) : api-ms-win-core-winrt-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75F31360)
[Address] IAT @explorer.exe (WindowsCreateString) : api-ms-win-core-winrt-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75F315A1)
[Address] IAT @explorer.exe (WindowsGetStringRawBuffer) : api-ms-win-core-winrt-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75F3116D)
[Address] IAT @explorer.exe (GetLocaleInfoW) : api-ms-win-core-localization-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75203457)
[Address] IAT @explorer.exe (GetThreadUILanguage) : api-ms-win-core-localization-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75210B2D)
[Address] IAT @explorer.exe (QueryFullProcessImageNameW) : api-ms-win-core-psapi-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7524E179)
[Address] IAT @explorer.exe (StopTraceW) : api-ms-win-eventing-controller-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75242934)
[Address] IAT @explorer.exe (EnableTraceEx2) : api-ms-win-eventing-controller-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7523960E)
[Address] IAT @explorer.exe (StartTraceW) : api-ms-win-eventing-controller-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75239E6F)
[Address] IAT @explorer.exe (DeactivateActCtx) : api-ms-win-core-sidebyside-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520029B)
[Address] IAT @explorer.exe (ReleaseActCtx) : api-ms-win-core-sidebyside-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520025F)
[Address] IAT @explorer.exe (ActivateActCtx) : api-ms-win-core-sidebyside-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520027D)
[Address] IAT @explorer.exe (CreateActCtxW) : api-ms-win-core-sidebyside-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x752067FF)
[Address] IAT @explorer.exe (ChangeTimerQueueTimer) : api-ms-win-core-threadpool-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FE072)
[Address] IAT @explorer.exe (DeleteTimerQueueTimer) : api-ms-win-core-threadpool-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520056D)
[Address] IAT @explorer.exe (CreateTimerQueueTimer) : api-ms-win-core-threadpool-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x752005BA)
[Address] IAT @explorer.exe (QueueUserWorkItem) : api-ms-win-core-threadpool-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FE81C)
[Inline] EAT @explorer.exe (?UiaHostProviderFromHwnd@Schema@DirectUI@@2P6GJPAUHWND__@@PAPAUIRawElementProviderSimple@@@ZA) : DUI70.dll -> HOOKED (Unknown @ 0x91834F75)

¤¤¤ Ruches Externes: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


54.225.95.126 nikdaiaidiiiogaidkkekcmokcgcdeac


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD800BEVS-22RST0 ATA Device +++++
--- User ---
[MBR] d910d1e63e84b18f65244ecb9cc2fd88
[BSP] 1ef07bb7a8d0fd71bf9081dbdb69ad7e : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 76318 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) PNY USB 2.0 FD USB Device +++++
--- User ---
[MBR] 8501723c126743780449eb919226813d
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 6008 | Size: 7719 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Cette demande n?est pas prise en charge. )

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) Samsung M3 Portable USB Device +++++
--- User ---
[MBR] 209d6c6dd75d7b18bc4259549b42f127
[BSP] 0bd1ec51c1e000f4050c3dd0992b188b : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 64 | Size: 953859 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Cette demande n?est pas prise en charge. )

Termine : << RKreport[0]_S_02052014_194647.txt >>
RKreport[0]_D_02052014_140914.txt;RKreport[0]_S_02052014_140637.txt
0
Réponse 9 / 9
diez7 Messages postés 13 Date d'inscription mercredi 17 avril 2013 Statut Membre Dernière intervention 5 février 2014 7
5 févr. 2014 à 21:15
RogueKiller V8.8.5 [Feb 3 2014] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : hxxp://forum.adlice.com
Site Web : https://www.luanagames.com/index.fr.html
Blog : https://www.adlice.com/

Systeme d'exploitation : Windows 8 (6.2.9200 ) 32 bits version
Demarrage : Mode normal
Utilisateur : leeroyt [Droits d'admin]
Mode : Suppression -- Date : 02/05/2014 19:46:59
| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 1 ¤¤¤
[SUSP PATH] vntldr.exe -- C:\Users\leeroyt\AppData\Local\VNT\vntldr.exe [7] -> TUÉ [TermProc]

¤¤¤ Entrees de registre : 0 ¤¤¤

¤¤¤ Tâches planifiées : 0 ¤¤¤

¤¤¤ Entrées Startup : 0 ¤¤¤

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Addons navigateur : 0 ¤¤¤

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [CHARGE] ¤¤¤
[Address] SSDT[35] : NtTerminateProcess @ 0x8191848D -> HOOKED (Unknown @ 0x8B026E87)
[Address] SSDT[37] : NtSystemDebugControl @ 0x819AAA5B -> HOOKED (Unknown @ 0x8B026EFA)
[Address] SSDT[59] : ExpInterlockedPopEntrySListResume @ 0x81A17DA7 -> HOOKED (Unknown @ 0x8B026EF5)
[Address] SSDT[91] : NtSetContextThread @ 0x81A23EAD -> HOOKED (Unknown @ 0x8B026EEB)
[Address] SSDT[109] : NtRequestWaitReplyPort @ 0x81990324 -> HOOKED (Unknown @ 0x8B026EF0)
[Address] SSDT[336] : NtCreateSection @ 0x818BEDFF -> HOOKED (Unknown @ 0x8B026EE6)
[Address] IAT @explorer.exe (CoTaskMemFree) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75EE3700)
[Address] IAT @explorer.exe (CoInitializeEx) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75EF9DF5)
[Address] IAT @explorer.exe (CoUninitialize) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75EF963D)
[Address] IAT @explorer.exe (CreateStreamOnHGlobal) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75F297D7)
[Address] IAT @explorer.exe (CoGetApartmentType) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75EFA9CD)
[Address] IAT @explorer.exe (CoWaitForMultipleHandles) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75F28B73)
[Address] IAT @explorer.exe (CoFreeUnusedLibraries) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75F32329)
[Address] IAT @explorer.exe (CoEnableCallCancellation) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75F06635)
[Address] IAT @explorer.exe (CoDisableCallCancellation) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75F0666B)
[Address] IAT @explorer.exe (CoCancelCall) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75F8E323)
[Address] IAT @explorer.exe (StringFromGUID2) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75EFA428)
[Address] IAT @explorer.exe (PropVariantClear) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75EFAAF0)
[Address] IAT @explorer.exe (CoMarshalInterThreadInterfaceInStream) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75F2F6D4)
[Address] IAT @explorer.exe (CoReleaseMarshalData) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75F096E2)
[Address] IAT @explorer.exe (CoCreateInstance) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75EFC859)
[Address] IAT @explorer.exe (CoRevokeClassObject) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75F334F6)
[Address] IAT @explorer.exe (CoRegisterClassObject) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75F34757)
[Address] IAT @explorer.exe (CoGetInterfaceAndReleaseStream) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75F2F684)
[Address] IAT @explorer.exe (CoGetMalloc) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75EE3838)
[Address] IAT @explorer.exe (CoCreateFreeThreadedMarshaler) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75EFD270)
[Address] IAT @explorer.exe (CoTaskMemAlloc) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75EE37D7)
[Address] IAT @explorer.exe (CLSIDFromString) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75F28056)
[Address] IAT @explorer.exe (CoTaskMemRealloc) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75EFAACA)
[Address] IAT @explorer.exe (InterlockedExchange) : api-ms-win-core-interlocked-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FCEF9)
[Address] IAT @explorer.exe (InterlockedIncrement) : api-ms-win-core-interlocked-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FCE9B)
[Address] IAT @explorer.exe (InterlockedCompareExchange) : api-ms-win-core-interlocked-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FCF0C)
[Address] IAT @explorer.exe (InterlockedDecrement) : api-ms-win-core-interlocked-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FCE8A)
[Address] IAT @explorer.exe (RegCreateKeyExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7521B580)
[Address] IAT @explorer.exe (RegEnumValueW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520C5C4)
[Address] IAT @explorer.exe (RegQueryInfoKeyW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520C171)
[Address] IAT @explorer.exe (RegQueryValueExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FFBB6)
[Address] IAT @explorer.exe (RegCloseKey) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FF832)
[Address] IAT @explorer.exe (RegOpenKeyExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FF625)
[Address] IAT @explorer.exe (RegGetValueW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520296A)
[Address] IAT @explorer.exe (RegOpenCurrentUser) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x752063B3)
[Address] IAT @explorer.exe (RegEnumKeyExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520AA19)
[Address] IAT @explorer.exe (RegDeleteValueW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75211401)
[Address] IAT @explorer.exe (RegSetValueExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7521B72B)
[Address] IAT @explorer.exe (OpenProcessToken) : api-ms-win-core-processthreads-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FE647)
[Address] IAT @explorer.exe (OpenThreadToken) : api-ms-win-core-processthreads-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FE612)
[Address] IAT @explorer.exe (CloseHandle) : api-ms-win-core-handle-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FD140)
[Address] IAT @explorer.exe (DuplicateHandle) : api-ms-win-core-handle-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FDA22)
[Address] IAT @explorer.exe (SetUnhandledExceptionFilter) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x752170D7)
[Address] IAT @explorer.exe (SetErrorMode) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75202EBF)
[Address] IAT @explorer.exe (GetLastError) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FCEEF)
[Address] IAT @explorer.exe (RaiseException) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75201F9B)
[Address] IAT @explorer.exe (UnhandledExceptionFilter) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7528705F)
[Address] IAT @explorer.exe (WaitForSingleObject) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751F2151)
[Address] IAT @explorer.exe (OpenMutexW) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520BACE)
[Address] IAT @explorer.exe (InitializeCriticalSectionEx) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x752053BA)
[Address] IAT @explorer.exe (WaitForMultipleObjectsEx) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FCFBE)
[Address] IAT @explorer.exe (SetEvent) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FD08C)
[Address] IAT @explorer.exe (OpenEventW) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520229A)
[Address] IAT @explorer.exe (CreateEventW) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FD997)
[Address] IAT @explorer.exe (ResetEvent) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FD0B2)
[Address] IAT @explorer.exe (CreateMutexW) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75200EE1)
[Address] IAT @explorer.exe (ReleaseMutex) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751F1005)
[Address] IAT @explorer.exe (Sleep) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751F2284)
[Address] IAT @explorer.exe (CharNextW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520663E)
[Address] IAT @explorer.exe (CharUpperW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520695B)
[Address] IAT @explorer.exe (CharPrevW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75209AAC)
[Address] IAT @explorer.exe (CharLowerW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520E111)
[Address] IAT @explorer.exe (IsCharAlphaNumericW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520BDE7)
[Address] IAT @explorer.exe (HeapDestroy) : api-ms-win-core-heap-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x752004F7)
[Address] IAT @explorer.exe (HeapSetInformation) : api-ms-win-core-heap-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520467B)
[Address] IAT @explorer.exe (GetProcessHeap) : api-ms-win-core-heap-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FCEB1)
[Address] IAT @explorer.exe (WideCharToMultiByte) : api-ms-win-core-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75201CCD)
[Address] IAT @explorer.exe (MultiByteToWideChar) : api-ms-win-core-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75200C61)
[Address] IAT @explorer.exe (CompareStringW) : api-ms-win-core-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FEC17)
[Address] IAT @explorer.exe (CompareStringOrdinal) : api-ms-win-core-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75207E2F)
[Address] IAT @explorer.exe (FreeLibrary) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FDD11)
[Address] IAT @explorer.exe (GetProcAddress) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FFCFE)
[Address] IAT @explorer.exe (LoadLibraryExW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520273E)
[Address] IAT @explorer.exe (LockResource) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FD7DF)
[Address] IAT @explorer.exe (GetModuleHandleW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FDC84)
[Address] IAT @explorer.exe (LoadResource) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x752075B2)
[Address] IAT @explorer.exe (FindResourceExW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520748B)
[Address] IAT @explorer.exe (GetModuleFileNameW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FE0AF)
[Address] IAT @explorer.exe (FreeLibraryAndExitThread) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FE033)
[Address] IAT @explorer.exe (GetModuleHandleExW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x752020DA)
[Address] IAT @explorer.exe (LoadStringW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75203BD1)
[Address] IAT @explorer.exe (GetModuleHandleA) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FE3CA)
[Address] IAT @explorer.exe (GetCurrentDirectoryW) : api-ms-win-core-processenvironment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x752054B6)
[Address] IAT @explorer.exe (GetCommandLineW) : api-ms-win-core-processenvironment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x752053E2)
[Address] IAT @explorer.exe (SearchPathW) : api-ms-win-core-processenvironment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7524C406)
[Address] IAT @explorer.exe (ExpandEnvironmentStringsW) : api-ms-win-core-processenvironment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FEDE9)
[Address] IAT @explorer.exe (CallNtPowerInformation) : api-ms-win-power-base-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\powrprof.dll @ 0x74A51DCC)
[Address] IAT @explorer.exe (GetPwrCapabilities) : api-ms-win-power-base-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\powrprof.dll @ 0x74A5367D)
[Address] IAT @explorer.exe (GetTokenInformation) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FE773)
[Address] IAT @explorer.exe (GetSidSubAuthority) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75206446)
[Address] IAT @explorer.exe (CreateWellKnownSid) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75212A05)
[Address] IAT @explorer.exe (GetLengthSid) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FE66F)
[Address] IAT @explorer.exe (IsValidSid) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FE6D5)
[Address] IAT @explorer.exe (CopySid) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FE688)
[Address] IAT @explorer.exe (GetSidSubAuthorityCount) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520645F)
[Address] IAT @explorer.exe (CheckTokenMembership) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75200329)
[Address] IAT @explorer.exe (PathCchAddExtension) : api-ms-win-core-path-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7522A8C1)
[Address] IAT @explorer.exe (PathCchCombine) : api-ms-win-core-path-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x752086CF)
[Address] IAT @explorer.exe (PathCchAppend) : api-ms-win-core-path-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x752111EC)
[Address] IAT @explorer.exe (GetLongPathNameW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75222C8D)
[Address] IAT @explorer.exe (ReadFile) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520384C)
[Address] IAT @explorer.exe (CreateFileW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x752026CE)
[Address] IAT @explorer.exe (WriteFile) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FDA7F)
[Address] IAT @explorer.exe (GetFileSize) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x752002B9)
[Address] IAT @explorer.exe (FindClose) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75204A48)
[Address] IAT @explorer.exe (CompareFileTime) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75201648)
[Address] IAT @explorer.exe (DeleteFileW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520402F)
[Address] IAT @explorer.exe (FindNextFileW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75204B4D)
[Address] IAT @explorer.exe (FindFirstFileW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x752049EA)
[Address] IAT @explorer.exe (GetFileAttributesW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75202D76)
[Address] IAT @explorer.exe (GetTickCount64) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FD21E)
[Address] IAT @explorer.exe (GetTickCount) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FCE5B)
[Address] IAT @explorer.exe (GetProductInfo) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7521A3A1)
[Address] IAT @explorer.exe (GetVersionExW) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FEE47)
[Address] IAT @explorer.exe (GetSystemDirectoryW) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x752043EE)
[Address] IAT @explorer.exe (GetSystemTimeAsFileTime) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FD306)
[Address] IAT @explorer.exe (GetSystemTime) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FECE5)
[Address] IAT @explorer.exe (GetWindowsDirectoryW) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x752069A0)
[Address] IAT @explorer.exe (GetLocalTime) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FF145)
[Address] IAT @explorer.exe (GetDynamicTimeZoneInformation) : api-ms-win-core-timezone-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75242B27)
[Address] IAT @explorer.exe (GetTimeZoneInformation) : api-ms-win-core-timezone-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x752100B1)
[Address] IAT @explorer.exe (SystemTimeToFileTime) : api-ms-win-core-timezone-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75202141)
[Address] IAT @explorer.exe (GetTimeFormatEx) : api-ms-win-core-datetime-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75212599)
[Address] IAT @explorer.exe (GetDateFormatEx) : api-ms-win-core-datetime-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x752125C9)
[Address] IAT @explorer.exe (GetDateFormatW) : api-ms-win-core-datetime-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75222516)
[Address] IAT @explorer.exe (MapViewOfFile) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75202BB9)
[Address] IAT @explorer.exe (VirtualAlloc) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FD3DD)
[Address] IAT @explorer.exe (UnmapViewOfFile) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FD2A3)
[Address] IAT @explorer.exe (CreateFileMappingW) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75202D4F)
[Address] IAT @explorer.exe (VirtualFree) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FDD5A)
[Address] IAT @explorer.exe (StrStrIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520F51E)
[Address] IAT @explorer.exe (StrTrimW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520DF67)
[Address] IAT @explorer.exe (StrCmpNICW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7524D843)
[Address] IAT @explorer.exe (StrCmpNW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7524CC6A)
[Address] IAT @explorer.exe (StrToIntW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7524DD73)
[Address] IAT @explorer.exe (StrChrW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7524D80F)
[Address] IAT @explorer.exe (StrCmpICW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7524D76D)
[Address] IAT @explorer.exe (StrCmpNIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520F7C6)
[Address] IAT @explorer.exe (StrRStrIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75247664)
[Address] IAT @explorer.exe (StrCmpIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x752243B9)
[Address] IAT @explorer.exe (SHLoadIndirectString) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520FB3B)
[Address] IAT @explorer.exe (StrChrIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75225923)
[Address] IAT @explorer.exe (StrCmpW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7524CED7)
[Address] IAT @explorer.exe (StrCmpCW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75206B0D)
[Address] IAT @explorer.exe (QISearch) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FDEB8)
[Address] IAT @explorer.exe (StrCmpICA) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FDF6D)
[Address] IAT @explorer.exe (GetUserDefaultUILanguage) : api-ms-win-core-localization-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520172A)
[Address] IAT @explorer.exe (CoRegisterMessageFilter) : api-ms-win-core-com-private-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75F291D2)
[Address] IAT @explorer.exe (SHRegGetUSValueW) : api-ms-win-core-registryuserspecific-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75220829)
[Address] IAT @explorer.exe (SHRegGetBoolUSValueW) : api-ms-win-core-registryuserspecific-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75227F7A)
[Address] IAT @explorer.exe (PathRemoveExtensionW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75211111)
[Address] IAT @explorer.exe (PathIsFileSpecW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x752274FF)
[Address] IAT @explorer.exe (PathGetDriveNumberW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7524D9BF)
[Address] IAT @explorer.exe (PathRemoveFileSpecW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7522208C)
[Address] IAT @explorer.exe (PathCommonPrefixW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75210BFB)
[Address] IAT @explorer.exe (PathStripPathW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x752526F0)
[Address] IAT @explorer.exe (PathStripToRootW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7522224C)
[Address] IAT @explorer.exe (PathFindExtensionW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75209964)
[Address] IAT @explorer.exe (PathQuoteSpacesW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75247B36)
[Address] IAT @explorer.exe (SHExpandEnvironmentStringsW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75209C9B)
[Address] IAT @explorer.exe (PathFileExistsW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75206B45)
[Address] IAT @explorer.exe (PathGetArgsW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7524BE61)
[Address] IAT @explorer.exe (PathRemoveBlanksW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7521A588)
[Address] IAT @explorer.exe (PathFindFileNameW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7524D899)
[Address] IAT @explorer.exe (PathCombineW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520E1CF)
[Address] IAT @explorer.exe (PathParseIconLocationW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75252A5F)
[Address] IAT @explorer.exe (PathIsRootW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520E367)
[Address] IAT @explorer.exe (PathIsPrefixW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75210D6E)
[Address] IAT @explorer.exe (RegCreateKeyW) : api-ms-win-core-registry-l2-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\advapi32.dll @ 0x75DF879E)
[Address] IAT @explorer.exe (RoGetActivationFactory) : api-ms-win-core-winrt-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75F376B7)
[Address] IAT @explorer.exe (WindowsDeleteString) : api-ms-win-core-winrt-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75F31360)
[Address] IAT @explorer.exe (WindowsCreateString) : api-ms-win-core-winrt-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75F315A1)
[Address] IAT @explorer.exe (WindowsGetStringRawBuffer) : api-ms-win-core-winrt-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x75F3116D)
[Address] IAT @explorer.exe (GetLocaleInfoW) : api-ms-win-core-localization-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75203457)
[Address] IAT @explorer.exe (GetThreadUILanguage) : api-ms-win-core-localization-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75210B2D)
[Address] IAT @explorer.exe (QueryFullProcessImageNameW) : api-ms-win-core-psapi-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7524E179)
[Address] IAT @explorer.exe (StopTraceW) : api-ms-win-eventing-controller-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75242934)
[Address] IAT @explorer.exe (EnableTraceEx2) : api-ms-win-eventing-controller-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7523960E)
[Address] IAT @explorer.exe (StartTraceW) : api-ms-win-eventing-controller-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x75239E6F)
[Address] IAT @explorer.exe (DeactivateActCtx) : api-ms-win-core-sidebyside-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520029B)
[Address] IAT @explorer.exe (ReleaseActCtx) : api-ms-win-core-sidebyside-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520025F)
[Address] IAT @explorer.exe (ActivateActCtx) : api-ms-win-core-sidebyside-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520027D)
[Address] IAT @explorer.exe (CreateActCtxW) : api-ms-win-core-sidebyside-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x752067FF)
[Address] IAT @explorer.exe (ChangeTimerQueueTimer) : api-ms-win-core-threadpool-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FE072)
[Address] IAT @explorer.exe (DeleteTimerQueueTimer) : api-ms-win-core-threadpool-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7520056D)
[Address] IAT @explorer.exe (CreateTimerQueueTimer) : api-ms-win-core-threadpool-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x752005BA)
[Address] IAT @explorer.exe (QueueUserWorkItem) : api-ms-win-core-threadpool-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x751FE81C)
[Inline] EAT @explorer.exe (?UiaHostProviderFromHwnd@Schema@DirectUI@@2P6GJPAUHWND__@@PAPAUIRawElementProviderSimple@@@ZA) : DUI70.dll -> HOOKED (Unknown @ 0x91834F75)

¤¤¤ Ruches Externes: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


54.225.95.126 nikdaiaidiiiogaidkkekcmokcgcdeac


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD800BEVS-22RST0 ATA Device +++++
--- User ---
[MBR] d910d1e63e84b18f65244ecb9cc2fd88
[BSP] 1ef07bb7a8d0fd71bf9081dbdb69ad7e : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 76318 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) PNY USB 2.0 FD USB Device +++++
--- User ---
[MBR] 8501723c126743780449eb919226813d
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 6008 | Size: 7719 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Cette demande n?est pas prise en charge. )

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) Samsung M3 Portable USB Device +++++
--- User ---
[MBR] 209d6c6dd75d7b18bc4259549b42f127
[BSP] 0bd1ec51c1e000f4050c3dd0992b188b : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 64 | Size: 953859 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Cette demande n?est pas prise en charge. )

Termine : << RKreport[0]_D_02052014_194659.txt >>
RKreport[0]_D_02052014_140914.txt;RKreport[0]_S_02052014_140637.txt;RKreport[0]_S_02052014_194647.txt
0
Marou81 Messages postés 4175 Date d'inscription mercredi 13 janvier 2010 Statut Membre Dernière intervention 18 mars 2014 197
5 févr. 2014 à 21:58
ok
0

Discussions similaires

Prélèvement Google Ireland Limited
jaffa1961 -
gill34051 -

32 réponses
Virus Android page internet qui s'ouvre
Maxibaer -
Gars sympa -

3 réponses