Actualité informatique
Test comparatif matériel informatique
Jeux vidéo
Astuces informatique
Vidéo
Télécharger
Services en ligne
Forum informatique
01Business

|-  SECURITE


|||-  

ordinateur au ralenti

 

lemarin, kev59400, Peter07c
Ajouter une réponse
 

 
Page photos
 
     
Vider la liste des messages à citer
 
 Page :
1
Auteur
 Sujet :

ordinateur au ralenti

Prévenir les modérateurs en cas d'abus 
nono622
nono622
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 24/11/2013 à 20:47:47  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonjour,

Depuis quelque jours mon ordi tourne au ralenti, je pense avoir une infection.

cdt merci de votre aide
Message édité par danakil le 26/11/2013 à 19:00:26
Profil : Equipe sécurité
did80
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés) Helpeur confirmé
  1. Posté le 24/11/2013 à 20:56:58  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
salut nono622

ceci stp

Télécharge AdwCleaner ( d'Xplode ) sur ton bureau.




http://general-changelog-team. [...] adwcleaner


Lance le, clique sur [Scanner] puis patiente le temps du scan.


Une fois le scan fini, cela va débloquer la fonction [Nettoyer] que tu appliqueras pour tout nettoyer, le PC va redémarrer et poste le contenu de ce rapport.

Note : Le rapport est également sauvegardé sous C:\AdwCleaner\AdwCleaner[s0].txt

@++


---------------
l'urgent est fait , l'impossible est en cours
pour les miracles prévoir des délais
(Publicité)
nono622
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 24/11/2013 à 21:17:03  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut did80 merci de ton aide, voila le rapport:

# AdwCleaner v3.013 - Rapport créé le 24/11/2013 à 21:11:21
# Mis à jour le 24/11/2013 par Xplode
# Système d'exploitation : Windows 8 Pro with Media Center (32 bits)
# Nom d'utilisateur : CELINE - LINAELLE
# Exécuté depuis : C:\Users\CELINE\Downloads\adwc​leaner (1).exe
# Option : Nettoyer

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****

Dossier Supprimé : C:\Program Files\Vittalia
Dossier Supprimé : C:\Users\CELINE\AppData\Local\​Bundled software uninstaller
Dossier Supprimé : C:\Users\CELINE\AppData\Local\​FilesFrog Update Checker
Dossier Supprimé : C:\Users\CELINE\AppData\Local\​webplayer
Dossier Supprimé : C:\Users\CELINE\AppData\Roamin​g\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
Fichier Supprimé : C:\Users\CELINE\AppData\Local\​Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhb​blpcellaljokkpfhcjlagemhgjl_0.​localstorage

***** [ Raccourcis ] *****

Raccourci Désinfecté : C:\Users\CELINE\AppData\Roamin​g\Microsoft\Windows\Start Menu\Programs\FLV Player\Uninstall.lnk

***** [ Registre ] *****

Valeur Supprimée : HKCU\Software\Microsoft\Window​s\CurrentVersion\Run [sdp]
Clé Supprimée : HKCU\Software\BI
Clé Supprimée : HKCU\Software\Somoto
Clé Supprimée : HKCU\Software\Webplayer
Clé Supprimée : HKLM\Software\Vittalia
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\Uninstall\bi_​uninstaller
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\Uninstall\Fil​esFrog Update Checker
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\Uninstall\Vit​talia
Clé Supprimée : HKLM\Software\Microsoft\Window​s\CurrentVersion\Installer\Use​rData\S-1-5-18\Components\43C0​98337DB065A49B665D4EA7F16D1C
Clé Supprimée : HKLM\Software\Microsoft\Window​s\CurrentVersion\Installer\Use​rData\S-1-5-18\Components\A719​91503412AEB42838B02C5ED9F9CD

***** [ Navigateurs ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Google Chrome v31.0.1650.57

[ Fichier : C:\Users\CELINE\AppData\Local\​Google\Chrome\User Data\Default\preferences ]

Supprimée : urls_to_restore_on_startup

*************************

AdwCleaner[r0].txt - [2338 octets] - [24/11/2013 21:09:36]
AdwCleaner[s0].txt - [2193 octets] - [24/11/2013 21:11:21]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2253 octets] ##########

Profil : Equipe sécurité
did80
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés) Helpeur confirmé
  1. Posté le 24/11/2013 à 21:21:32  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
ok on va vérifier ton pc selon l'heure peut etre demain après le boulot


ceci stp

Scan du PC et recherche des infections.

* Télécharge [s]OTL[/s] sur ton Bureau.

* Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.

* Fait un double-clic sur l'icône d'OTL pour le lancer.
(Vista/Seven faire un clic-droit sur l'icône d'OTL et choisir "Exécuter en tant qu'administrateur" ;)

* Quand l'interface d'OTL apparaîtra, assure toi que dans la section "Rapport" (en haut à droite) que la case "Rapport minimal" soit cochée.

* Copies et colles le contenu de la citation ci-dessous dans le cadre se nommant "Personnalisation" :
Citation :


netsvcs
msconfig
activex
drivers32
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\​*.sys /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%alluserprofile%\application data\*.
%alluserprofile%\application data\*.exe /s
%appdata%\*.
%appdata%\*.exe /s
%systemdrive%\*.
%systemdrive%\*.exe
%programfiles%\*.
/md5start
explorer.exe
userinit.exe
winlogon.exe
eventlog.dll
netlogon.dll
nvrd32.sys
/md5stop
savembr:0
createrestorepoint

* Cliques sur le bouton "Analyse" (en haut à gauche).

* Laisse le scan aller jusqu'à son terme sans te servir du PC.

* A la fin du scan un ou deux rapports vont s'ouvrir : "OTL.Txt" et "Extras.Txt"(dans certains cas).

Nota : Les rapports sont également présents sur le Bureau et sauvegardés dans le dossier 'C:\_OTL'.

Hébergement des rapports.

1 - Connecte toi ici --> [s]Cjoint.com[/s]

2 - Clique sur le bouton Parcourir... et recherche dans l'arborescence ton premier rapport 'OTL.txt' sur le Bureau et sélectionne le.

3 - Clique ensuite sur le bouton Créer le lien Cjoint et patiente quelques secondes afin d'obtenir le lien de partage que tu devras

me transmettre après avoir effectué un clic droit dessus > Copier le raccourci . Celui-ci ressemblera à ceci : http://cjoint.com/?BHpjGhPqPRB

* Effectue les même étapes pour le rapport 'Extras.txt'.

@++


---------------
l'urgent est fait , l'impossible est en cours
pour les miracles prévoir des délais
nono622
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 24/11/2013 à 21:52:20  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
(Publicité)
Profil : Equipe sécurité
did80
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés) Helpeur confirmé
  1. Posté le 25/11/2013 à 20:34:20  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
salut ceci stp


Ferme toutes les fenêtres actives sur ton PC

Relance OTL > Clic droit dessus > "Exécuter en tant qu'Administrateur".

vérifie que la case "Rapport minimal" soit bien cochée.

Copie et colle le contenu de cette citation dans la fenêtre "Personnalisation:



:otl

PRC - C:\Windows\System32\dasHost.ex​e (Microsoft Corporation)
SRV - (KMService) -- C:\Windows\System32\srvany.exe ()
IE - HKCU\..\SearchScopes,DefaultSc​ope =
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: Google (Enabled)
[1 C:\WINDOWS\System32\drivers\*.​tmp files -> C:\WINDOWS\System32\drivers\*.​tmp -> ]
[2012/11/19 23:17:53 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\srvany.exe



:Commands


[emptytemp]


Clique sur le bouton "Correction".

Ne touche plus au PC avant son redémarrage en mode normal.

A l'ouverture du PC un rapport va s'ouvrir --> 04212011_xxxxxx.log ... Si ce n'est le cas tu le retrouveras sous le même nom sur le Bureau ou alors dans son dossier --> C:\_OTL
Copie et colle ici en réponse le contenu de ce rapport

@++

ps change ta façon de surfer


---------------
l'urgent est fait , l'impossible est en cours
pour les miracles prévoir des délais
nono622
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 26/11/2013 à 13:41:27  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut

All processes killed
========== OTL ==========
No active process named dasHost.ex​e was found!
Service KMService stopped successfully!
Service KMService deleted successfully!
File C:\Windows\System32\srvany.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Internet Explorer\SearchScopes\ deleted successfully.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Folder C:\WINDOWS\System32\drivers\*.​​tmp files -> C:\WINDOWS\System32\drivers\*.​​tmp -> ]\ not found.
File C:\WINDOWS\System32\srvany.exe not found.
========== COMMANDS ==========

[emptytemp]

User: All Users

User: CELINE
->Temp folder emptied: 1035830 bytes
->Temporary Internet Files folder emptied: 3373101 bytes
->Java cache emptied: 5713569 bytes
->Google Chrome cache emptied: 242443602 bytes
->Flash cache emptied: 506 bytes

User: celin_000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 839724 bytes
Windows Temp folder emptied: 1939412 bytes
RecycleBin emptied: 109788 bytes

Total Files Cleaned = 244,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11262013_132626

Files\Folders moved on Reboot...
C:\Users\CELINE\AppData\Local\​Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\WINDOWS\temp\_avast_\Webshl​ock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


peux tu me donner des conseils pour surfer et peux tu m'explique pourquoi .

cdt

Profil : Equipe sécurité
did80
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés) Helpeur confirmé
  1. Posté le 26/11/2013 à 20:48:23  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
salut bollaert

tu avais des keygens :non:

ceci stp

Télécharges sur le Bureau Roguekiller ICI
et pas ailleurs.

pour télécharger il faut cliquer sur le bouton correspondant a ton système

images:

http://www.sur-la-toile.com/Ro​gueKiller/rendu2.png qui se trouve dans le lien


• Quitte tous les programmes en cours.
• Sous Vista/Seven , clic droit -> lancer en tant qu'administrateur

• Sinon lance simplement RogueKiller.exe

Après le préscan cliques sur scan
Le scan fini cliques sur rapport

• Un rapport s'ouvrira (RKreport[1].txt qui se trouve également à côté de l'exécutable),
Copies/colles ce rapport. à++


---------------
l'urgent est fait , l'impossible est en cours
pour les miracles prévoir des délais
(Publicité)
nono622
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 27/11/2013 à 12:11:33  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
RogueKiller V8.7.9 [nov 25 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.adlice.com/forum/
Site Web : http://www.sur-la-toile.com/Ro​gueKiller/
Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation : Windows 8 (6.2.9200 ) 32 bits version
Demarrage : Mode normal
Utilisateur : CELINE [droits d'admin]
Mode : Recherche -- Date : 11/27/2013 12:07:54
| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 1 ¤¤¤
[susp PATH] sm56hlpr.exe -- C:\Windows\sm56hlpr.exe [7] -> TUÉ [termproc]

¤¤¤ Entrees de registre : 7 ¤¤¤
[run] [susp PATH] HKCU\[...]\Run : FLV Player (C:\Users\CELINE\AppData\Local​\WebPlayer\FLV Player\WebPlayer.exe [x] [x]) -> TROUVÉ
[run] [susp PATH] HKUS\S-1-5-21-713995923-283194​1829-1962324074-1001\[...]\Run : FLV Player (C:\Users\CELINE\AppData\Local​\WebPlayer\FLV Player\WebPlayer.exe [x] [x]) -> TROUVÉ
[run] [susp PATH] HKCU\[...]\RunOnce : Del8416828 (cmd.exe /Q /D /c del "C:\Users\CELINE\AppData\Local​\Temp\0.del" [x] [x]) -> TROUVÉ
[run] [susp PATH] HKLM\[...]\RunOnce : Del8416828 (cmd.exe /Q /D /c del "C:\Users\CELINE\AppData\Local​\Temp\0.del" [x] [x]) -> TROUVÉ
[run] [susp PATH] HKUS\S-1-5-21-713995923-283194​1829-1962324074-1001\[...]\RunOnce : Del8416828 (cmd.exe /Q /D /c del "C:\Users\CELINE\AppData\Local​\Temp\0.del" [x] [x]) -> TROUVÉ
[hj DESK] [pum] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595f​e6b30ee} (1) -> TROUVÉ
[hj DESK] [pum] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002​B30309D} (1) -> TROUVÉ

¤¤¤ Tâches planifiées : 2 ¤¤¤
[v1] [susp PATH] MySearchDial.job : C:\Users\CELINE\AppData\Roamin​g\MYSEAR~1\UPDATE~1\UPDATE~1.E​XE - /Check [-] -> TROUVÉ
[v2] [susp PATH] MySearchDial : C:\Users\CELINE\AppData\Roamin​g\MYSEAR~1\UPDATE~1\UPDATE~1.E​XE - /Check [-] -> TROUVÉ

¤¤¤ Entrées Startup : 0 ¤¤¤

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [charge] ¤¤¤
[address] IAT @explorer.exe (CoTaskMemFree) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x77023700)
[address] IAT @explorer.exe (CoInitializeEx) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x77039DF5)
[address] IAT @explorer.exe (CoUninitialize) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x7703963D)
[address] IAT @explorer.exe (CreateStreamOnHGlobal) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x770697D7)
[address] IAT @explorer.exe (CoGetApartmentType) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x7703A9CD)
[address] IAT @explorer.exe (CoWaitForMultipleHandles) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x77068B73)
[address] IAT @explorer.exe (CoFreeUnusedLibraries) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x77072329)
[address] IAT @explorer.exe (CoEnableCallCancellation) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x77046635)
[address] IAT @explorer.exe (CoDisableCallCancellation) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x7704666B)
[address] IAT @explorer.exe (CoCancelCall) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x770CE323)
[address] IAT @explorer.exe (StringFromGUID2) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x7703A428)
[address] IAT @explorer.exe (PropVariantClear) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x7703AAF0)
[address] IAT @explorer.exe (CoMarshalInterThreadInterface​InStream) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x7706F6D4)
[address] IAT @explorer.exe (CoReleaseMarshalData) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x770496E2)
[address] IAT @explorer.exe (CoCreateInstance) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x7703C859)
[address] IAT @explorer.exe (CoRevokeClassObject) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x770734F6)
[address] IAT @explorer.exe (CoRegisterClassObject) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x77074757)
[address] IAT @explorer.exe (CoGetInterfaceAndReleaseStrea​m) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x7706F684)
[address] IAT @explorer.exe (CoGetMalloc) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x77023838)
[address] IAT @explorer.exe (CoCreateFreeThreadedMarshaler​) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x7703D270)
[address] IAT @explorer.exe (CoTaskMemAlloc) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x770237D7)
[address] IAT @explorer.exe (CLSIDFromString) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x77068056)
[address] IAT @explorer.exe (CoTaskMemRealloc) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x7703AACA)
[address] IAT @explorer.exe (InterlockedExchange) : api-ms-win-core-interlocked-l1​-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754CCEF9)
[address] IAT @explorer.exe (InterlockedIncrement) : api-ms-win-core-interlocked-l1​-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754CCE9B)
[address] IAT @explorer.exe (InterlockedCompareExchange) : api-ms-win-core-interlocked-l1​-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754CCF0C)
[address] IAT @explorer.exe (InterlockedDecrement) : api-ms-win-core-interlocked-l1​-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754CCE8A)
[address] IAT @explorer.exe (RegCreateKeyExW) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754EB580)
[address] IAT @explorer.exe (RegEnumValueW) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754DC5C4)
[address] IAT @explorer.exe (RegQueryInfoKeyW) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754DC171)
[address] IAT @explorer.exe (RegQueryValueExW) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754CFBB6)
[address] IAT @explorer.exe (RegCloseKey) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754CF832)
[address] IAT @explorer.exe (RegOpenKeyExW) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754CF625)
[address] IAT @explorer.exe (RegGetValueW) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D296A)
[address] IAT @explorer.exe (RegOpenCurrentUser) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D63B3)
[address] IAT @explorer.exe (RegEnumKeyExW) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754DAA19)
[address] IAT @explorer.exe (RegDeleteValueW) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754E1401)
[address] IAT @explorer.exe (RegSetValueExW) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754EB72B)
[address] IAT @explorer.exe (OpenProcessToken) : api-ms-win-core-processthreads​-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754CE647)
[address] IAT @explorer.exe (OpenThreadToken) : api-ms-win-core-processthreads​-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754CE612)
[address] IAT @explorer.exe (CloseHandle) : api-ms-win-core-handle-l1-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754CD140)
[address] IAT @explorer.exe (DuplicateHandle) : api-ms-win-core-handle-l1-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754CDA22)
[address] IAT @explorer.exe (SetUnhandledExceptionFilter) : api-ms-win-core-errorhandling-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754E70D7)
[address] IAT @explorer.exe (SetErrorMode) : api-ms-win-core-errorhandling-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D2EBF)
[address] IAT @explorer.exe (GetLastError) : api-ms-win-core-errorhandling-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754CCEEF)
[address] IAT @explorer.exe (RaiseException) : api-ms-win-core-errorhandling-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D1F9B)
[address] IAT @explorer.exe (UnhandledExceptionFilter) : api-ms-win-core-errorhandling-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x7555705F)
[address] IAT @explorer.exe (WaitForSingleObject) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754C2151)
[address] IAT @explorer.exe (OpenMutexW) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754DBACE)
[address] IAT @explorer.exe (InitializeCriticalSectionEx) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D53BA)
[address] IAT @explorer.exe (WaitForMultipleObjectsEx) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754CCFBE)
[address] IAT @explorer.exe (SetEvent) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754CD08C)
[address] IAT @explorer.exe (OpenEventW) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D229A)
[address] IAT @explorer.exe (CreateEventW) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754CD997)
[address] IAT @explorer.exe (ResetEvent) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754CD0B2)
[address] IAT @explorer.exe (CreateMutexW) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D0EE1)
[address] IAT @explorer.exe (ReleaseMutex) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754C1005)
[address] IAT @explorer.exe (Sleep) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754C2284)
[address] IAT @explorer.exe (CharNextW) : api-ms-win-core-string-l2-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D663E)
[address] IAT @explorer.exe (CharUpperW) : api-ms-win-core-string-l2-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D695B)
[address] IAT @explorer.exe (CharPrevW) : api-ms-win-core-string-l2-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D9AAC)
[address] IAT @explorer.exe (CharLowerW) : api-ms-win-core-string-l2-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754DE111)
[address] IAT @explorer.exe (IsCharAlphaNumericW) : api-ms-win-core-string-l2-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754DBDE7)
[address] IAT @explorer.exe (HeapDestroy) : api-ms-win-core-heap-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D04F7)
[address] IAT @explorer.exe (HeapSetInformation) : api-ms-win-core-heap-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D467B)
[address] IAT @explorer.exe (GetProcessHeap) : api-ms-win-core-heap-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754CCEB1)
[address] IAT @explorer.exe (WideCharToMultiByte) : api-ms-win-core-string-l1-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D1CCD)
[address] IAT @explorer.exe (MultiByteToWideChar) : api-ms-win-core-string-l1-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D0C61)
[address] IAT @explorer.exe (CompareStringW) : api-ms-win-core-string-l1-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754CEC17)
[address] IAT @explorer.exe (CompareStringOrdinal) : api-ms-win-core-string-l1-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D7E2F)
[address] IAT @explorer.exe (FreeLibrary) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754CDD11)
[address] IAT @explorer.exe (GetProcAddress) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754CFCFE)
[address] IAT @explorer.exe (LoadLibraryExW) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D273E)
[address] IAT @explorer.exe (LockResource) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754CD7DF)
[address] IAT @explorer.exe (GetModuleHandleW) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754CDC84)
[address] IAT @explorer.exe (LoadResource) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D75B2)
[address] IAT @explorer.exe (FindResourceExW) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D748B)
[address] IAT @explorer.exe (GetModuleFileNameW) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754CE0AF)
[address] IAT @explorer.exe (FreeLibraryAndExitThread) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754CE033)
[address] IAT @explorer.exe (GetModuleHandleExW) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D20DA)
[address] IAT @explorer.exe (LoadStringW) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D3BD1)
[address] IAT @explorer.exe (GetModuleHandleA) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754CE3CA)
[address] IAT @explorer.exe (GetCurrentDirectoryW) : api-ms-win-core-processenviron​ment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D54B6)
[address] IAT @explorer.exe (GetCommandLineW) : api-ms-win-core-processenviron​ment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D53E2)
[address] IAT @explorer.exe (SearchPathW) : api-ms-win-core-processenviron​ment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x7551C406)
[address] IAT @explorer.exe (ExpandEnvironmentStringsW) : api-ms-win-core-processenviron​ment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754CEDE9)
[address] IAT @explorer.exe (CallNtPowerInformation) : api-ms-win-power-base-l1-1-0.d​ll -> HOOKED (C:\WINDOWS\SYSTEM32\powrprof.​dll @ 0x753B1DCC)
[address] IAT @explorer.exe (GetPwrCapabilities) : api-ms-win-power-base-l1-1-0.d​ll -> HOOKED (C:\WINDOWS\SYSTEM32\powrprof.​dll @ 0x753B367D)
[address] IAT @explorer.exe (GetTokenInformation) : api-ms-win-security-base-l1-2-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754CE773)
[address] IAT @explorer.exe (GetSidSubAuthority) : api-ms-win-security-base-l1-2-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D6446)
[address] IAT @explorer.exe (CreateWellKnownSid) : api-ms-win-security-base-l1-2-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754E2A05)
[address] IAT @explorer.exe (GetLengthSid) : api-ms-win-security-base-l1-2-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754CE66F)
[address] IAT @explorer.exe (IsValidSid) : api-ms-win-security-base-l1-2-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754CE6D5)
[address] IAT @explorer.exe (CopySid) : api-ms-win-security-base-l1-2-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754CE688)
[address] IAT @explorer.exe (GetSidSubAuthorityCount) : api-ms-win-security-base-l1-2-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D645F)
[address] IAT @explorer.exe (CheckTokenMembership) : api-ms-win-security-base-l1-2-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D0329)
[address] IAT @explorer.exe (PathCchAddExtension) : api-ms-win-core-path-l1-1-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754FA8C1)
[address] IAT @explorer.exe (PathCchCombine) : api-ms-win-core-path-l1-1-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D86CF)
[address] IAT @explorer.exe (PathCchAppend) : api-ms-win-core-path-l1-1-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754E11EC)
[address] IAT @explorer.exe (GetLongPathNameW) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754F2C8D)
[address] IAT @explorer.exe (ReadFile) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D384C)
[address] IAT @explorer.exe (CreateFileW) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D26CE)
[address] IAT @explorer.exe (WriteFile) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754CDA7F)
[address] IAT @explorer.exe (GetFileSize) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D02B9)
[address] IAT @explorer.exe (FindClose) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D4A48)
[address] IAT @explorer.exe (CompareFileTime) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D1648)
[address] IAT @explorer.exe (DeleteFileW) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D402F)
[address] IAT @explorer.exe (FindNextFileW) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D4B4D)
[address] IAT @explorer.exe (FindFirstFileW) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D49EA)
[address] IAT @explorer.exe (GetFileAttributesW) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D2D76)
[address] IAT @explorer.exe (GetTickCount64) : api-ms-win-core-sysinfo-l1-2-0​.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754CD21E)
[address] IAT @explorer.exe (GetTickCount) : api-ms-win-core-sysinfo-l1-2-0​.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754CCE5B)
[address] IAT @explorer.exe (GetProductInfo) : api-ms-win-core-sysinfo-l1-2-0​.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754EA3A1)
[address] IAT @explorer.exe (GetVersionExW) : api-ms-win-core-sysinfo-l1-2-0​.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754CEE47)
[address] IAT @explorer.exe (GetSystemDirectoryW) : api-ms-win-core-sysinfo-l1-2-0​.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D43EE)
[address] IAT @explorer.exe (GetSystemTimeAsFileTime) : api-ms-win-core-sysinfo-l1-2-0​.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754CD306)
[address] IAT @explorer.exe (GetSystemTime) : api-ms-win-core-sysinfo-l1-2-0​.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754CECE5)
[address] IAT @explorer.exe (GetWindowsDirectoryW) : api-ms-win-core-sysinfo-l1-2-0​.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D69A0)
[address] IAT @explorer.exe (GetLocalTime) : api-ms-win-core-sysinfo-l1-2-0​.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754CF145)
[address] IAT @explorer.exe (GetDynamicTimeZoneInformation​) : api-ms-win-core-timezone-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x75512B27)
[address] IAT @explorer.exe (GetTimeZoneInformation) : api-ms-win-core-timezone-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754E00B1)
[address] IAT @explorer.exe (SystemTimeToFileTime) : api-ms-win-core-timezone-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D2141)
[address] IAT @explorer.exe (GetTimeFormatEx) : api-ms-win-core-datetime-l1-1-​1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754E2599)
[address] IAT @explorer.exe (GetDateFormatEx) : api-ms-win-core-datetime-l1-1-​1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754E25C9)
[address] IAT @explorer.exe (GetDateFormatW) : api-ms-win-core-datetime-l1-1-​1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754F2516)
[address] IAT @explorer.exe (MapViewOfFile) : api-ms-win-core-memory-l1-1-1.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D2BB9)
[address] IAT @explorer.exe (VirtualAlloc) : api-ms-win-core-memory-l1-1-1.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754CD3DD)
[address] IAT @explorer.exe (UnmapViewOfFile) : api-ms-win-core-memory-l1-1-1.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754CD2A3)
[address] IAT @explorer.exe (CreateFileMappingW) : api-ms-win-core-memory-l1-1-1.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D2D4F)
[address] IAT @explorer.exe (VirtualFree) : api-ms-win-core-memory-l1-1-1.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754CDD5A)
[address] IAT @explorer.exe (StrStrIW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754DF51E)
[address] IAT @explorer.exe (StrTrimW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754DDF67)
[address] IAT @explorer.exe (StrCmpNICW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x7551D843)
[address] IAT @explorer.exe (StrCmpNW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x7551CC6A)
[address] IAT @explorer.exe (StrToIntW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x7551DD73)
[address] IAT @explorer.exe (StrChrW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x7551D80F)
[address] IAT @explorer.exe (StrCmpICW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x7551D76D)
[address] IAT @explorer.exe (StrCmpNIW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754DF7C6)
[address] IAT @explorer.exe (StrRStrIW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x75517664)
[address] IAT @explorer.exe (StrCmpIW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754F43B9)
[address] IAT @explorer.exe (SHLoadIndirectString) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754DFB3B)
[address] IAT @explorer.exe (StrChrIW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754F5923)
[address] IAT @explorer.exe (StrCmpW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x7551CED7)
[address] IAT @explorer.exe (StrCmpCW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D6B0D)
[address] IAT @explorer.exe (QISearch) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754CDEB8)
[address] IAT @explorer.exe (StrCmpICA) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754CDF6D)
[address] IAT @explorer.exe (GetUserDefaultUILanguage) : api-ms-win-core-localization-o​bsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D172A)
[address] IAT @explorer.exe (CoRegisterMessageFilter) : api-ms-win-core-com-private-l1​-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x770691D2)
[address] IAT @explorer.exe (SHRegGetUSValueW) : api-ms-win-core-registryusersp​ecific-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754F0829)
[address] IAT @explorer.exe (SHRegGetBoolUSValueW) : api-ms-win-core-registryusersp​ecific-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754F7F7A)
[address] IAT @explorer.exe (PathRemoveExtensionW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754E1111)
[address] IAT @explorer.exe (PathIsFileSpecW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754F74FF)
[address] IAT @explorer.exe (PathGetDriveNumberW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x7551D9BF)
[address] IAT @explorer.exe (PathRemoveFileSpecW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754F208C)
[address] IAT @explorer.exe (PathCommonPrefixW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754E0BFB)
[address] IAT @explorer.exe (PathStripPathW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x755226F0)
[address] IAT @explorer.exe (PathStripToRootW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754F224C)
[address] IAT @explorer.exe (PathFindExtensionW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D9964)
[address] IAT @explorer.exe (PathQuoteSpacesW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x75517B36)
[address] IAT @explorer.exe (SHExpandEnvironmentStringsW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D9C9B)
[address] IAT @explorer.exe (PathFileExistsW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D6B45)
[address] IAT @explorer.exe (PathGetArgsW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x7551BE61)
[address] IAT @explorer.exe (PathRemoveBlanksW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754EA588)
[address] IAT @explorer.exe (PathFindFileNameW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x7551D899)
[address] IAT @explorer.exe (PathCombineW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754DE1CF)
[address] IAT @explorer.exe (PathParseIconLocationW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x75522A5F)
[address] IAT @explorer.exe (PathIsRootW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754DE367)
[address] IAT @explorer.exe (PathIsPrefixW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754E0D6E)
[address] IAT @explorer.exe (RegCreateKeyW) : api-ms-win-core-registry-l2-1-​0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\advapi32.​dll @ 0x7738879E)
[address] IAT @explorer.exe (RoGetActivationFactory) : api-ms-win-core-winrt-l1-1-0.d​ll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x770776B7)
[address] IAT @explorer.exe (WindowsDeleteString) : api-ms-win-core-winrt-string-l​1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x77071360)
[address] IAT @explorer.exe (WindowsCreateString) : api-ms-win-core-winrt-string-l​1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x770715A1)
[address] IAT @explorer.exe (WindowsGetStringRawBuffer) : api-ms-win-core-winrt-string-l​1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x7707116D)
[address] IAT @explorer.exe (GetLocaleInfoW) : api-ms-win-core-localization-l​1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D3457)
[address] IAT @explorer.exe (GetThreadUILanguage) : api-ms-win-core-localization-l​1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754E0B2D)
[address] IAT @explorer.exe (QueryFullProcessImageNameW) : api-ms-win-core-psapi-l1-1-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x7551E179)
[address] IAT @explorer.exe (StopTraceW) : api-ms-win-eventing-controller​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x75512934)
[address] IAT @explorer.exe (EnableTraceEx2) : api-ms-win-eventing-controller​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x7550960E)
[address] IAT @explorer.exe (StartTraceW) : api-ms-win-eventing-controller​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x75509E6F)
[address] IAT @explorer.exe (DeactivateActCtx) : api-ms-win-core-sidebyside-l1-​1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D029B)
[address] IAT @explorer.exe (ReleaseActCtx) : api-ms-win-core-sidebyside-l1-​1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D025F)
[address] IAT @explorer.exe (ActivateActCtx) : api-ms-win-core-sidebyside-l1-​1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D027D)
[address] IAT @explorer.exe (CreateActCtxW) : api-ms-win-core-sidebyside-l1-​1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D67FF)
[address] IAT @explorer.exe (ChangeTimerQueueTimer) : api-ms-win-core-threadpool-leg​acy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754CE072)
[address] IAT @explorer.exe (DeleteTimerQueueTimer) : api-ms-win-core-threadpool-leg​acy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D056D)
[address] IAT @explorer.exe (CreateTimerQueueTimer) : api-ms-win-core-threadpool-leg​acy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754D05BA)
[address] IAT @explorer.exe (QueueUserWorkItem) : api-ms-win-core-threadpool-leg​acy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x754CE81C)
[inline] EAT @explorer.exe (?UiaHostProviderFromHwnd@Sche​ma@DirectUI@@2P6GJPAUHWND__@@P​APAUIRawElementProviderSimple@​@@ZA) : DUI70.dll -> HOOKED (Unknown @ 0x3C8FE075)

¤¤¤ Ruches Externes: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\​etc\hosts




¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS541616J9SA00 ATA Device +++++
--- User ---
[mbr] 2cc70d824167d9b7eafaddb7500983​4c
[bsp] 4217d9fb82f43facf66637ca283576​2f : Windows Vista/7/8 MBR Code
Partition table:
0 - [xxxxxx] FAT32-LBA (0x1c) [hidden!] Offset (sectors): 2048 | Size: 7000 Mo
1 - [active] NTFS (0x07) [visible] Offset (sectors): 14338048 | Size: 87376 Mo
2 - [xxxxxx] EXTEN-LBA (0x0f) [visible] Offset (sectors): 193284096 | Size: 58249 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[0]_S_11272013_120754.txt >>



Voila

Profil : Equipe sécurité
did80
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés) Helpeur confirmé
  1. Posté le 27/11/2013 à 21:18:58  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
ok relance le phase suppression
copies/colles le rapport @++


---------------
l'urgent est fait , l'impossible est en cours
pour les miracles prévoir des délais
nono622
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 28/11/2013 à 10:37:38  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
c'est fait:

RogueKiller V8.7.9 [nov 25 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.adlice.com/forum/
Site Web : http://www.sur-la-toile.com/Ro​gueKiller/
Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation : Windows 8 (6.2.9200 ) 32 bits version
Demarrage : Mode normal
Utilisateur : CELINE [droits d'admin]
Mode : Suppression [annulé] -- Date : 11/28/2013 10:35:38
| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 1 ¤¤¤
[susp PATH] sm56hlpr.exe -- C:\Windows\sm56hlpr.exe [7] -> TUÉ [termproc]

¤¤¤ Entrees de registre : 2 ¤¤¤
[run] [susp PATH] HKCU\[...]\Run : FLV Player (C:\Users\CELINE\AppData\Local​\WebPlayer\FLV Player\WebPlayer.exe [x] [x]) -> SUPPRIMÉ
[run] [susp PATH] HKUS\S-1-5-21-713995923-283194​1829-1962324074-1001\[...]\Run : FLV Player (C:\Users\CELINE\AppData\Local​\WebPlayer\FLV Player\WebPlayer.exe [x] [x]) -> [0x2] Le fichier spécifié est introuvable.

¤¤¤ Tâches planifiées : 0 ¤¤¤

¤¤¤ Entrées Startup : 0 ¤¤¤

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [charge] ¤¤¤
[address] IAT @explorer.exe (CoTaskMemFree) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76F73700)
[address] IAT @explorer.exe (CoInitializeEx) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76F89DF5)
[address] IAT @explorer.exe (CoUninitialize) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76F8963D)
[address] IAT @explorer.exe (CreateStreamOnHGlobal) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76FB97D7)
[address] IAT @explorer.exe (CoGetApartmentType) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76F8A9CD)
[address] IAT @explorer.exe (CoWaitForMultipleHandles) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76FB8B73)
[address] IAT @explorer.exe (CoFreeUnusedLibraries) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76FC2329)
[address] IAT @explorer.exe (CoEnableCallCancellation) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76F96635)
[address] IAT @explorer.exe (CoDisableCallCancellation) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76F9666B)
[address] IAT @explorer.exe (CoCancelCall) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x7701E323)
[address] IAT @explorer.exe (StringFromGUID2) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76F8A428)
[address] IAT @explorer.exe (PropVariantClear) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76F8AAF0)
[address] IAT @explorer.exe (CoMarshalInterThreadInterface​InStream) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76FBF6D4)
[address] IAT @explorer.exe (CoReleaseMarshalData) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76F996E2)
[address] IAT @explorer.exe (CoCreateInstance) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76F8C859)
[address] IAT @explorer.exe (CoRevokeClassObject) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76FC34F6)
[address] IAT @explorer.exe (CoRegisterClassObject) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76FC4757)
[address] IAT @explorer.exe (CoGetInterfaceAndReleaseStrea​m) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76FBF684)
[address] IAT @explorer.exe (CoGetMalloc) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76F73838)
[address] IAT @explorer.exe (CoCreateFreeThreadedMarshaler​) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76F8D270)
[address] IAT @explorer.exe (CoTaskMemAlloc) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76F737D7)
[address] IAT @explorer.exe (CLSIDFromString) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76FB8056)
[address] IAT @explorer.exe (CoTaskMemRealloc) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76F8AACA)
[address] IAT @explorer.exe (InterlockedExchange) : api-ms-win-core-interlocked-l1​-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2CEF9)
[address] IAT @explorer.exe (InterlockedIncrement) : api-ms-win-core-interlocked-l1​-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2CE9B)
[address] IAT @explorer.exe (InterlockedCompareExchange) : api-ms-win-core-interlocked-l1​-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2CF0C)
[address] IAT @explorer.exe (InterlockedDecrement) : api-ms-win-core-interlocked-l1​-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2CE8A)
[address] IAT @explorer.exe (RegCreateKeyExW) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A4B580)
[address] IAT @explorer.exe (RegEnumValueW) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3C5C4)
[address] IAT @explorer.exe (RegQueryInfoKeyW) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3C171)
[address] IAT @explorer.exe (RegQueryValueExW) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2FBB6)
[address] IAT @explorer.exe (RegCloseKey) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2F832)
[address] IAT @explorer.exe (RegOpenKeyExW) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2F625)
[address] IAT @explorer.exe (RegGetValueW) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3296A)
[address] IAT @explorer.exe (RegOpenCurrentUser) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A363B3)
[address] IAT @explorer.exe (RegEnumKeyExW) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3AA19)
[address] IAT @explorer.exe (RegDeleteValueW) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A41401)
[address] IAT @explorer.exe (RegSetValueExW) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A4B72B)
[address] IAT @explorer.exe (OpenProcessToken) : api-ms-win-core-processthreads​-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2E647)
[address] IAT @explorer.exe (OpenThreadToken) : api-ms-win-core-processthreads​-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2E612)
[address] IAT @explorer.exe (CloseHandle) : api-ms-win-core-handle-l1-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2D140)
[address] IAT @explorer.exe (DuplicateHandle) : api-ms-win-core-handle-l1-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2DA22)
[address] IAT @explorer.exe (SetUnhandledExceptionFilter) : api-ms-win-core-errorhandling-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A470D7)
[address] IAT @explorer.exe (SetErrorMode) : api-ms-win-core-errorhandling-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A32EBF)
[address] IAT @explorer.exe (GetLastError) : api-ms-win-core-errorhandling-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2CEEF)
[address] IAT @explorer.exe (RaiseException) : api-ms-win-core-errorhandling-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A31F9B)
[address] IAT @explorer.exe (UnhandledExceptionFilter) : api-ms-win-core-errorhandling-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74AB705F)
[address] IAT @explorer.exe (WaitForSingleObject) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A22151)
[address] IAT @explorer.exe (OpenMutexW) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3BACE)
[address] IAT @explorer.exe (InitializeCriticalSectionEx) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A353BA)
[address] IAT @explorer.exe (WaitForMultipleObjectsEx) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2CFBE)
[address] IAT @explorer.exe (SetEvent) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2D08C)
[address] IAT @explorer.exe (OpenEventW) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3229A)
[address] IAT @explorer.exe (CreateEventW) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2D997)
[address] IAT @explorer.exe (ResetEvent) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2D0B2)
[address] IAT @explorer.exe (CreateMutexW) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A30EE1)
[address] IAT @explorer.exe (ReleaseMutex) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A21005)
[address] IAT @explorer.exe (Sleep) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A22284)
[address] IAT @explorer.exe (CharNextW) : api-ms-win-core-string-l2-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3663E)
[address] IAT @explorer.exe (CharUpperW) : api-ms-win-core-string-l2-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3695B)
[address] IAT @explorer.exe (CharPrevW) : api-ms-win-core-string-l2-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A39AAC)
[address] IAT @explorer.exe (CharLowerW) : api-ms-win-core-string-l2-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3E111)
[address] IAT @explorer.exe (IsCharAlphaNumericW) : api-ms-win-core-string-l2-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3BDE7)
[address] IAT @explorer.exe (HeapDestroy) : api-ms-win-core-heap-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A304F7)
[address] IAT @explorer.exe (HeapSetInformation) : api-ms-win-core-heap-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3467B)
[address] IAT @explorer.exe (GetProcessHeap) : api-ms-win-core-heap-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2CEB1)
[address] IAT @explorer.exe (WideCharToMultiByte) : api-ms-win-core-string-l1-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A31CCD)
[address] IAT @explorer.exe (MultiByteToWideChar) : api-ms-win-core-string-l1-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A30C61)
[address] IAT @explorer.exe (CompareStringW) : api-ms-win-core-string-l1-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2EC17)
[address] IAT @explorer.exe (CompareStringOrdinal) : api-ms-win-core-string-l1-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A37E2F)
[address] IAT @explorer.exe (FreeLibrary) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2DD11)
[address] IAT @explorer.exe (GetProcAddress) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2FCFE)
[address] IAT @explorer.exe (LoadLibraryExW) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3273E)
[address] IAT @explorer.exe (LockResource) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2D7DF)
[address] IAT @explorer.exe (GetModuleHandleW) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2DC84)
[address] IAT @explorer.exe (LoadResource) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A375B2)
[address] IAT @explorer.exe (FindResourceExW) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3748B)
[address] IAT @explorer.exe (GetModuleFileNameW) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2E0AF)
[address] IAT @explorer.exe (FreeLibraryAndExitThread) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2E033)
[address] IAT @explorer.exe (GetModuleHandleExW) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A320DA)
[address] IAT @explorer.exe (LoadStringW) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A33BD1)
[address] IAT @explorer.exe (GetModuleHandleA) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2E3CA)
[address] IAT @explorer.exe (GetCurrentDirectoryW) : api-ms-win-core-processenviron​ment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A354B6)
[address] IAT @explorer.exe (GetCommandLineW) : api-ms-win-core-processenviron​ment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A353E2)
[address] IAT @explorer.exe (SearchPathW) : api-ms-win-core-processenviron​ment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A7C406)
[address] IAT @explorer.exe (ExpandEnvironmentStringsW) : api-ms-win-core-processenviron​ment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2EDE9)
[address] IAT @explorer.exe (CallNtPowerInformation) : api-ms-win-power-base-l1-1-0.d​ll -> HOOKED (C:\WINDOWS\SYSTEM32\powrprof.​dll @ 0x74651DCC)
[address] IAT @explorer.exe (GetPwrCapabilities) : api-ms-win-power-base-l1-1-0.d​ll -> HOOKED (C:\WINDOWS\SYSTEM32\powrprof.​dll @ 0x7465367D)
[address] IAT @explorer.exe (GetTokenInformation) : api-ms-win-security-base-l1-2-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2E773)
[address] IAT @explorer.exe (GetSidSubAuthority) : api-ms-win-security-base-l1-2-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A36446)
[address] IAT @explorer.exe (CreateWellKnownSid) : api-ms-win-security-base-l1-2-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A42A05)
[address] IAT @explorer.exe (GetLengthSid) : api-ms-win-security-base-l1-2-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2E66F)
[address] IAT @explorer.exe (IsValidSid) : api-ms-win-security-base-l1-2-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2E6D5)
[address] IAT @explorer.exe (CopySid) : api-ms-win-security-base-l1-2-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2E688)
[address] IAT @explorer.exe (GetSidSubAuthorityCount) : api-ms-win-security-base-l1-2-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3645F)
[address] IAT @explorer.exe (CheckTokenMembership) : api-ms-win-security-base-l1-2-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A30329)
[address] IAT @explorer.exe (PathCchAddExtension) : api-ms-win-core-path-l1-1-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A5A8C1)
[address] IAT @explorer.exe (PathCchCombine) : api-ms-win-core-path-l1-1-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A386CF)
[address] IAT @explorer.exe (PathCchAppend) : api-ms-win-core-path-l1-1-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A411EC)
[address] IAT @explorer.exe (GetLongPathNameW) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A52C8D)
[address] IAT @explorer.exe (ReadFile) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3384C)
[address] IAT @explorer.exe (CreateFileW) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A326CE)
[address] IAT @explorer.exe (WriteFile) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2DA7F)
[address] IAT @explorer.exe (GetFileSize) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A302B9)
[address] IAT @explorer.exe (FindClose) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A34A48)
[address] IAT @explorer.exe (CompareFileTime) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A31648)
[address] IAT @explorer.exe (DeleteFileW) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3402F)
[address] IAT @explorer.exe (FindNextFileW) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A34B4D)
[address] IAT @explorer.exe (FindFirstFileW) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A349EA)
[address] IAT @explorer.exe (GetFileAttributesW) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A32D76)
[address] IAT @explorer.exe (GetTickCount64) : api-ms-win-core-sysinfo-l1-2-0​.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2D21E)
[address] IAT @explorer.exe (GetTickCount) : api-ms-win-core-sysinfo-l1-2-0​.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2CE5B)
[address] IAT @explorer.exe (GetProductInfo) : api-ms-win-core-sysinfo-l1-2-0​.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A4A3A1)
[address] IAT @explorer.exe (GetVersionExW) : api-ms-win-core-sysinfo-l1-2-0​.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2EE47)
[address] IAT @explorer.exe (GetSystemDirectoryW) : api-ms-win-core-sysinfo-l1-2-0​.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A343EE)
[address] IAT @explorer.exe (GetSystemTimeAsFileTime) : api-ms-win-core-sysinfo-l1-2-0​.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2D306)
[address] IAT @explorer.exe (GetSystemTime) : api-ms-win-core-sysinfo-l1-2-0​.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2ECE5)
[address] IAT @explorer.exe (GetWindowsDirectoryW) : api-ms-win-core-sysinfo-l1-2-0​.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A369A0)
[address] IAT @explorer.exe (GetLocalTime) : api-ms-win-core-sysinfo-l1-2-0​.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2F145)
[address] IAT @explorer.exe (GetDynamicTimeZoneInformation​) : api-ms-win-core-timezone-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A72B27)
[address] IAT @explorer.exe (GetTimeZoneInformation) : api-ms-win-core-timezone-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A400B1)
[address] IAT @explorer.exe (SystemTimeToFileTime) : api-ms-win-core-timezone-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A32141)
[address] IAT @explorer.exe (GetTimeFormatEx) : api-ms-win-core-datetime-l1-1-​1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A42599)
[address] IAT @explorer.exe (GetDateFormatEx) : api-ms-win-core-datetime-l1-1-​1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A425C9)
[address] IAT @explorer.exe (GetDateFormatW) : api-ms-win-core-datetime-l1-1-​1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A52516)
[address] IAT @explorer.exe (MapViewOfFile) : api-ms-win-core-memory-l1-1-1.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A32BB9)
[address] IAT @explorer.exe (VirtualAlloc) : api-ms-win-core-memory-l1-1-1.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2D3DD)
[address] IAT @explorer.exe (UnmapViewOfFile) : api-ms-win-core-memory-l1-1-1.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2D2A3)
[address] IAT @explorer.exe (CreateFileMappingW) : api-ms-win-core-memory-l1-1-1.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A32D4F)
[address] IAT @explorer.exe (VirtualFree) : api-ms-win-core-memory-l1-1-1.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2DD5A)
[address] IAT @explorer.exe (StrStrIW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3F51E)
[address] IAT @explorer.exe (StrTrimW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3DF67)
[address] IAT @explorer.exe (StrCmpNICW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A7D843)
[address] IAT @explorer.exe (StrCmpNW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A7CC6A)
[address] IAT @explorer.exe (StrToIntW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A7DD73)
[address] IAT @explorer.exe (StrChrW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A7D80F)
[address] IAT @explorer.exe (StrCmpICW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A7D76D)
[address] IAT @explorer.exe (StrCmpNIW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3F7C6)
[address] IAT @explorer.exe (StrRStrIW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A77664)
[address] IAT @explorer.exe (StrCmpIW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A543B9)
[address] IAT @explorer.exe (SHLoadIndirectString) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3FB3B)
[address] IAT @explorer.exe (StrChrIW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A55923)
[address] IAT @explorer.exe (StrCmpW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A7CED7)
[address] IAT @explorer.exe (StrCmpCW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A36B0D)
[address] IAT @explorer.exe (QISearch) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2DEB8)
[address] IAT @explorer.exe (StrCmpICA) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2DF6D)
[address] IAT @explorer.exe (GetUserDefaultUILanguage) : api-ms-win-core-localization-o​bsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3172A)
[address] IAT @explorer.exe (CoRegisterMessageFilter) : api-ms-win-core-com-private-l1​-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76FB91D2)
[address] IAT @explorer.exe (SHRegGetUSValueW) : api-ms-win-core-registryusersp​ecific-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A50829)
[address] IAT @explorer.exe (SHRegGetBoolUSValueW) : api-ms-win-core-registryusersp​ecific-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A57F7A)
[address] IAT @explorer.exe (PathRemoveExtensionW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A41111)
[address] IAT @explorer.exe (PathIsFileSpecW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A574FF)
[address] IAT @explorer.exe (PathGetDriveNumberW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A7D9BF)
[address] IAT @explorer.exe (PathRemoveFileSpecW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A5208C)
[address] IAT @explorer.exe (PathCommonPrefixW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A40BFB)
[address] IAT @explorer.exe (PathStripPathW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A826F0)
[address] IAT @explorer.exe (PathStripToRootW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A5224C)
[address] IAT @explorer.exe (PathFindExtensionW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A39964)
[address] IAT @explorer.exe (PathQuoteSpacesW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A77B36)
[address] IAT @explorer.exe (SHExpandEnvironmentStringsW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A39C9B)
[address] IAT @explorer.exe (PathFileExistsW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A36B45)
[address] IAT @explorer.exe (PathGetArgsW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A7BE61)
[address] IAT @explorer.exe (PathRemoveBlanksW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A4A588)
[address] IAT @explorer.exe (PathFindFileNameW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A7D899)
[address] IAT @explorer.exe (PathCombineW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3E1CF)
[address] IAT @explorer.exe (PathParseIconLocationW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A82A5F)
[address] IAT @explorer.exe (PathIsRootW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3E367)
[address] IAT @explorer.exe (PathIsPrefixW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A40D6E)
[address] IAT @explorer.exe (RegCreateKeyW) : api-ms-win-core-registry-l2-1-​0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\advapi32.​dll @ 0x751F879E)
[address] IAT @explorer.exe (RoGetActivationFactory) : api-ms-win-core-winrt-l1-1-0.d​ll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76FC76B7)
[address] IAT @explorer.exe (WindowsDeleteString) : api-ms-win-core-winrt-string-l​1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76FC1360)
[address] IAT @explorer.exe (WindowsCreateString) : api-ms-win-core-winrt-string-l​1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76FC15A1)
[address] IAT @explorer.exe (WindowsGetStringRawBuffer) : api-ms-win-core-winrt-string-l​1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76FC116D)
[address] IAT @explorer.exe (GetLocaleInfoW) : api-ms-win-core-localization-l​1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A33457)
[address] IAT @explorer.exe (GetThreadUILanguage) : api-ms-win-core-localization-l​1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A40B2D)
[address] IAT @explorer.exe (QueryFullProcessImageNameW) : api-ms-win-core-psapi-l1-1-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A7E179)
[address] IAT @explorer.exe (StopTraceW) : api-ms-win-eventing-controller​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A72934)
[address] IAT @explorer.exe (EnableTraceEx2) : api-ms-win-eventing-controller​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A6960E)
[address] IAT @explorer.exe (StartTraceW) : api-ms-win-eventing-controller​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A69E6F)
[address] IAT @explorer.exe (DeactivateActCtx) : api-ms-win-core-sidebyside-l1-​1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3029B)
[address] IAT @explorer.exe (ReleaseActCtx) : api-ms-win-core-sidebyside-l1-​1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3025F)
[address] IAT @explorer.exe (ActivateActCtx) : api-ms-win-core-sidebyside-l1-​1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3027D)
[address] IAT @explorer.exe (CreateActCtxW) : api-ms-win-core-sidebyside-l1-​1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A367FF)
[address] IAT @explorer.exe (ChangeTimerQueueTimer) : api-ms-win-core-threadpool-leg​acy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2E072)
[address] IAT @explorer.exe (DeleteTimerQueueTimer) : api-ms-win-core-threadpool-leg​acy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3056D)
[address] IAT @explorer.exe (CreateTimerQueueTimer) : api-ms-win-core-threadpool-leg​acy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A305BA)
[address] IAT @explorer.exe (QueueUserWorkItem) : api-ms-win-core-threadpool-leg​acy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2E81C)
[inline] EAT @explorer.exe (?UiaHostProviderFromHwnd@Sche​ma@DirectUI@@2P6GJPAUHWND__@@P​APAUIRawElementProviderSimple@​@@ZA) : DUI70.dll -> HOOKED (Unknown @ 0xC37EAC75)

¤¤¤ Ruches Externes: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\​etc\hosts




¤¤¤ MBR Verif: ¤¤¤

Termine : << RKreport[0]_D_11282013_103538.txt >>
RKreport[0]_S_11272013_120754.txt



cdt

(Publicité)
Profil : Equipe sécurité
did80
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés) Helpeur confirmé
  1. Posté le 28/11/2013 à 20:00:14  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut nono622

relance le Raccraz copies colles le rapport @++


---------------
l'urgent est fait , l'impossible est en cours
pour les miracles prévoir des délais
nono622
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 29/11/2013 à 11:25:49  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Quel logiciel je dois relancé?
cdt

Profil : Equipe sécurité
did80
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés) Helpeur confirmé
  1. Posté le 29/11/2013 à 20:06:53  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
salut roguekiller @++


---------------
l'urgent est fait , l'impossible est en cours
pour les miracles prévoir des délais
(Publicité)
nono622
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 30/11/2013 à 17:13:06  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
slt

RogueKiller V8.7.9 [nov 25 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.adlice.com/forum/
Site Web : http://www.sur-la-toile.com/Ro​gueKiller/
Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation : Windows 8 (6.2.9200 ) 32 bits version
Demarrage : Mode normal
Utilisateur : CELINE [droits d'admin]
Mode : Recherche -- Date : 11/30/2013 17:12:15
| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 1 ¤¤¤
[susp PATH] sm56hlpr.exe -- C:\Windows\sm56hlpr.exe [7] -> TUÉ [termproc]

¤¤¤ Entrees de registre : 2 ¤¤¤
[hj DESK] [pum] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595f​e6b30ee} (1) -> TROUVÉ
[hj DESK] [pum] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002​B30309D} (1) -> TROUVÉ

¤¤¤ Tâches planifiées : 0 ¤¤¤

¤¤¤ Entrées Startup : 0 ¤¤¤

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [charge] ¤¤¤
[address] IAT @explorer.exe (CoTaskMemFree) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x75DA3700)
[address] IAT @explorer.exe (CoInitializeEx) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x75DB9DF5)
[address] IAT @explorer.exe (CoUninitialize) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x75DB963D)
[address] IAT @explorer.exe (CreateStreamOnHGlobal) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x75DE97D7)
[address] IAT @explorer.exe (CoGetApartmentType) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x75DBA9CD)
[address] IAT @explorer.exe (CoWaitForMultipleHandles) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x75DE8B73)
[address] IAT @explorer.exe (CoFreeUnusedLibraries) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x75DF2329)
[address] IAT @explorer.exe (CoEnableCallCancellation) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x75DC6635)
[address] IAT @explorer.exe (CoDisableCallCancellation) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x75DC666B)
[address] IAT @explorer.exe (CoCancelCall) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x75E4E323)
[address] IAT @explorer.exe (StringFromGUID2) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x75DBA428)
[address] IAT @explorer.exe (PropVariantClear) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x75DBAAF0)
[address] IAT @explorer.exe (CoMarshalInterThreadInterface​InStream) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x75DEF6D4)
[address] IAT @explorer.exe (CoReleaseMarshalData) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x75DC96E2)
[address] IAT @explorer.exe (CoCreateInstance) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x75DBC859)
[address] IAT @explorer.exe (CoRevokeClassObject) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x75DF34F6)
[address] IAT @explorer.exe (CoRegisterClassObject) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x75DF4757)
[address] IAT @explorer.exe (CoGetInterfaceAndReleaseStrea​m) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x75DEF684)
[address] IAT @explorer.exe (CoGetMalloc) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x75DA3838)
[address] IAT @explorer.exe (CoCreateFreeThreadedMarshaler​) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x75DBD270)
[address] IAT @explorer.exe (CoTaskMemAlloc) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x75DA37D7)
[address] IAT @explorer.exe (CLSIDFromString) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x75DE8056)
[address] IAT @explorer.exe (CoTaskMemRealloc) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x75DBAACA)
[address] IAT @explorer.exe (InterlockedExchange) : api-ms-win-core-interlocked-l1​-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B3CEF9)
[address] IAT @explorer.exe (InterlockedIncrement) : api-ms-win-core-interlocked-l1​-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B3CE9B)
[address] IAT @explorer.exe (InterlockedCompareExchange) : api-ms-win-core-interlocked-l1​-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B3CF0C)
[address] IAT @explorer.exe (InterlockedDecrement) : api-ms-win-core-interlocked-l1​-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B3CE8A)
[address] IAT @explorer.exe (RegCreateKeyExW) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B5B580)
[address] IAT @explorer.exe (RegEnumValueW) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B4C5C4)
[address] IAT @explorer.exe (RegQueryInfoKeyW) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B4C171)
[address] IAT @explorer.exe (RegQueryValueExW) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B3FBB6)
[address] IAT @explorer.exe (RegCloseKey) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B3F832)
[address] IAT @explorer.exe (RegOpenKeyExW) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B3F625)
[address] IAT @explorer.exe (RegGetValueW) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B4296A)
[address] IAT @explorer.exe (RegOpenCurrentUser) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B463B3)
[address] IAT @explorer.exe (RegEnumKeyExW) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B4AA19)
[address] IAT @explorer.exe (RegDeleteValueW) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B51401)
[address] IAT @explorer.exe (RegSetValueExW) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B5B72B)
[address] IAT @explorer.exe (OpenProcessToken) : api-ms-win-core-processthreads​-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B3E647)
[address] IAT @explorer.exe (OpenThreadToken) : api-ms-win-core-processthreads​-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B3E612)
[address] IAT @explorer.exe (CloseHandle) : api-ms-win-core-handle-l1-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B3D140)
[address] IAT @explorer.exe (DuplicateHandle) : api-ms-win-core-handle-l1-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B3DA22)
[address] IAT @explorer.exe (SetUnhandledExceptionFilter) : api-ms-win-core-errorhandling-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B570D7)
[address] IAT @explorer.exe (SetErrorMode) : api-ms-win-core-errorhandling-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B42EBF)
[address] IAT @explorer.exe (GetLastError) : api-ms-win-core-errorhandling-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B3CEEF)
[address] IAT @explorer.exe (RaiseException) : api-ms-win-core-errorhandling-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B41F9B)
[address] IAT @explorer.exe (UnhandledExceptionFilter) : api-ms-win-core-errorhandling-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74BC705F)
[address] IAT @explorer.exe (WaitForSingleObject) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B32151)
[address] IAT @explorer.exe (OpenMutexW) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B4BACE)
[address] IAT @explorer.exe (InitializeCriticalSectionEx) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B453BA)
[address] IAT @explorer.exe (WaitForMultipleObjectsEx) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B3CFBE)
[address] IAT @explorer.exe (SetEvent) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B3D08C)
[address] IAT @explorer.exe (OpenEventW) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B4229A)
[address] IAT @explorer.exe (CreateEventW) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B3D997)
[address] IAT @explorer.exe (ResetEvent) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B3D0B2)
[address] IAT @explorer.exe (CreateMutexW) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B40EE1)
[address] IAT @explorer.exe (ReleaseMutex) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B31005)
[address] IAT @explorer.exe (Sleep) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B32284)
[address] IAT @explorer.exe (CharNextW) : api-ms-win-core-string-l2-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B4663E)
[address] IAT @explorer.exe (CharUpperW) : api-ms-win-core-string-l2-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B4695B)
[address] IAT @explorer.exe (CharPrevW) : api-ms-win-core-string-l2-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B49AAC)
[address] IAT @explorer.exe (CharLowerW) : api-ms-win-core-string-l2-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B4E111)
[address] IAT @explorer.exe (IsCharAlphaNumericW) : api-ms-win-core-string-l2-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B4BDE7)
[address] IAT @explorer.exe (HeapDestroy) : api-ms-win-core-heap-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B404F7)
[address] IAT @explorer.exe (HeapSetInformation) : api-ms-win-core-heap-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B4467B)
[address] IAT @explorer.exe (GetProcessHeap) : api-ms-win-core-heap-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B3CEB1)
[address] IAT @explorer.exe (WideCharToMultiByte) : api-ms-win-core-string-l1-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B41CCD)
[address] IAT @explorer.exe (MultiByteToWideChar) : api-ms-win-core-string-l1-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B40C61)
[address] IAT @explorer.exe (CompareStringW) : api-ms-win-core-string-l1-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B3EC17)
[address] IAT @explorer.exe (CompareStringOrdinal) : api-ms-win-core-string-l1-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B47E2F)
[address] IAT @explorer.exe (FreeLibrary) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B3DD11)
[address] IAT @explorer.exe (GetProcAddress) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B3FCFE)
[address] IAT @explorer.exe (LoadLibraryExW) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B4273E)
[address] IAT @explorer.exe (LockResource) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B3D7DF)
[address] IAT @explorer.exe (GetModuleHandleW) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B3DC84)
[address] IAT @explorer.exe (LoadResource) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B475B2)
[address] IAT @explorer.exe (FindResourceExW) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B4748B)
[address] IAT @explorer.exe (GetModuleFileNameW) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B3E0AF)
[address] IAT @explorer.exe (FreeLibraryAndExitThread) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B3E033)
[address] IAT @explorer.exe (GetModuleHandleExW) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B420DA)
[address] IAT @explorer.exe (LoadStringW) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B43BD1)
[address] IAT @explorer.exe (GetModuleHandleA) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B3E3CA)
[address] IAT @explorer.exe (GetCurrentDirectoryW) : api-ms-win-core-processenviron​ment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B454B6)
[address] IAT @explorer.exe (GetCommandLineW) : api-ms-win-core-processenviron​ment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B453E2)
[address] IAT @explorer.exe (SearchPathW) : api-ms-win-core-processenviron​ment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B8C406)
[address] IAT @explorer.exe (ExpandEnvironmentStringsW) : api-ms-win-core-processenviron​ment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B3EDE9)
[address] IAT @explorer.exe (CallNtPowerInformation) : api-ms-win-power-base-l1-1-0.d​ll -> HOOKED (C:\WINDOWS\SYSTEM32\powrprof.​dll @ 0x748B1DCC)
[address] IAT @explorer.exe (GetPwrCapabilities) : api-ms-win-power-base-l1-1-0.d​ll -> HOOKED (C:\WINDOWS\SYSTEM32\powrprof.​dll @ 0x748B367D)
[address] IAT @explorer.exe (GetTokenInformation) : api-ms-win-security-base-l1-2-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B3E773)
[address] IAT @explorer.exe (GetSidSubAuthority) : api-ms-win-security-base-l1-2-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B46446)
[address] IAT @explorer.exe (CreateWellKnownSid) : api-ms-win-security-base-l1-2-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B52A05)
[address] IAT @explorer.exe (GetLengthSid) : api-ms-win-security-base-l1-2-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B3E66F)
[address] IAT @explorer.exe (IsValidSid) : api-ms-win-security-base-l1-2-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B3E6D5)
[address] IAT @explorer.exe (CopySid) : api-ms-win-security-base-l1-2-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B3E688)
[address] IAT @explorer.exe (GetSidSubAuthorityCount) : api-ms-win-security-base-l1-2-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B4645F)
[address] IAT @explorer.exe (CheckTokenMembership) : api-ms-win-security-base-l1-2-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B40329)
[address] IAT @explorer.exe (PathCchAddExtension) : api-ms-win-core-path-l1-1-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B6A8C1)
[address] IAT @explorer.exe (PathCchCombine) : api-ms-win-core-path-l1-1-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B486CF)
[address] IAT @explorer.exe (PathCchAppend) : api-ms-win-core-path-l1-1-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B511EC)
[address] IAT @explorer.exe (GetLongPathNameW) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B62C8D)
[address] IAT @explorer.exe (ReadFile) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B4384C)
[address] IAT @explorer.exe (CreateFileW) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B426CE)
[address] IAT @explorer.exe (WriteFile) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B3DA7F)
[address] IAT @explorer.exe (GetFileSize) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B402B9)
[address] IAT @explorer.exe (FindClose) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B44A48)
[address] IAT @explorer.exe (CompareFileTime) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B41648)
[address] IAT @explorer.exe (DeleteFileW) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B4402F)
[address] IAT @explorer.exe (FindNextFileW) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B44B4D)
[address] IAT @explorer.exe (FindFirstFileW) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B449EA)
[address] IAT @explorer.exe (GetFileAttributesW) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B42D76)
[address] IAT @explorer.exe (GetTickCount64) : api-ms-win-core-sysinfo-l1-2-0​.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B3D21E)
[address] IAT @explorer.exe (GetTickCount) : api-ms-win-core-sysinfo-l1-2-0​.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B3CE5B)
[address] IAT @explorer.exe (GetProductInfo) : api-ms-win-core-sysinfo-l1-2-0​.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B5A3A1)
[address] IAT @explorer.exe (GetVersionExW) : api-ms-win-core-sysinfo-l1-2-0​.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B3EE47)
[address] IAT @explorer.exe (GetSystemDirectoryW) : api-ms-win-core-sysinfo-l1-2-0​.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B443EE)
[address] IAT @explorer.exe (GetSystemTimeAsFileTime) : api-ms-win-core-sysinfo-l1-2-0​.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B3D306)
[address] IAT @explorer.exe (GetSystemTime) : api-ms-win-core-sysinfo-l1-2-0​.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B3ECE5)
[address] IAT @explorer.exe (GetWindowsDirectoryW) : api-ms-win-core-sysinfo-l1-2-0​.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B469A0)
[address] IAT @explorer.exe (GetLocalTime) : api-ms-win-core-sysinfo-l1-2-0​.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B3F145)
[address] IAT @explorer.exe (GetDynamicTimeZoneInformation​) : api-ms-win-core-timezone-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B82B27)
[address] IAT @explorer.exe (GetTimeZoneInformation) : api-ms-win-core-timezone-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B500B1)
[address] IAT @explorer.exe (SystemTimeToFileTime) : api-ms-win-core-timezone-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B42141)
[address] IAT @explorer.exe (GetTimeFormatEx) : api-ms-win-core-datetime-l1-1-​1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B52599)
[address] IAT @explorer.exe (GetDateFormatEx) : api-ms-win-core-datetime-l1-1-​1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B525C9)
[address] IAT @explorer.exe (GetDateFormatW) : api-ms-win-core-datetime-l1-1-​1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B62516)
[address] IAT @explorer.exe (MapViewOfFile) : api-ms-win-core-memory-l1-1-1.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B42BB9)
[address] IAT @explorer.exe (VirtualAlloc) : api-ms-win-core-memory-l1-1-1.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B3D3DD)
[address] IAT @explorer.exe (UnmapViewOfFile) : api-ms-win-core-memory-l1-1-1.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B3D2A3)
[address] IAT @explorer.exe (CreateFileMappingW) : api-ms-win-core-memory-l1-1-1.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B42D4F)
[address] IAT @explorer.exe (VirtualFree) : api-ms-win-core-memory-l1-1-1.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B3DD5A)
[address] IAT @explorer.exe (StrStrIW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B4F51E)
[address] IAT @explorer.exe (StrTrimW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B4DF67)
[address] IAT @explorer.exe (StrCmpNICW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B8D843)
[address] IAT @explorer.exe (StrCmpNW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B8CC6A)
[address] IAT @explorer.exe (StrToIntW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B8DD73)
[address] IAT @explorer.exe (StrChrW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B8D80F)
[address] IAT @explorer.exe (StrCmpICW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B8D76D)
[address] IAT @explorer.exe (StrCmpNIW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B4F7C6)
[address] IAT @explorer.exe (StrRStrIW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B87664)
[address] IAT @explorer.exe (StrCmpIW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B643B9)
[address] IAT @explorer.exe (SHLoadIndirectString) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B4FB3B)
[address] IAT @explorer.exe (StrChrIW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B65923)
[address] IAT @explorer.exe (StrCmpW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B8CED7)
[address] IAT @explorer.exe (StrCmpCW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B46B0D)
[address] IAT @explorer.exe (QISearch) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B3DEB8)
[address] IAT @explorer.exe (StrCmpICA) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B3DF6D)
[address] IAT @explorer.exe (GetUserDefaultUILanguage) : api-ms-win-core-localization-o​bsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B4172A)
[address] IAT @explorer.exe (CoRegisterMessageFilter) : api-ms-win-core-com-private-l1​-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x75DE91D2)
[address] IAT @explorer.exe (SHRegGetUSValueW) : api-ms-win-core-registryusersp​ecific-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B60829)
[address] IAT @explorer.exe (SHRegGetBoolUSValueW) : api-ms-win-core-registryusersp​ecific-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B67F7A)
[address] IAT @explorer.exe (PathRemoveExtensionW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B51111)
[address] IAT @explorer.exe (PathIsFileSpecW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B674FF)
[address] IAT @explorer.exe (PathGetDriveNumberW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B8D9BF)
[address] IAT @explorer.exe (PathRemoveFileSpecW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B6208C)
[address] IAT @explorer.exe (PathCommonPrefixW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B50BFB)
[address] IAT @explorer.exe (PathStripPathW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B926F0)
[address] IAT @explorer.exe (PathStripToRootW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B6224C)
[address] IAT @explorer.exe (PathFindExtensionW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B49964)
[address] IAT @explorer.exe (PathQuoteSpacesW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B87B36)
[address] IAT @explorer.exe (SHExpandEnvironmentStringsW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B49C9B)
[address] IAT @explorer.exe (PathFileExistsW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B46B45)
[address] IAT @explorer.exe (PathGetArgsW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B8BE61)
[address] IAT @explorer.exe (PathRemoveBlanksW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B5A588)
[address] IAT @explorer.exe (PathFindFileNameW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B8D899)
[address] IAT @explorer.exe (PathCombineW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B4E1CF)
[address] IAT @explorer.exe (PathParseIconLocationW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B92A5F)
[address] IAT @explorer.exe (PathIsRootW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B4E367)
[address] IAT @explorer.exe (PathIsPrefixW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B50D6E)
[address] IAT @explorer.exe (RegCreateKeyW) : api-ms-win-core-registry-l2-1-​0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\advapi32.​dll @ 0x7540879E)
[address] IAT @explorer.exe (RoGetActivationFactory) : api-ms-win-core-winrt-l1-1-0.d​ll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x75DF76B7)
[address] IAT @explorer.exe (WindowsDeleteString) : api-ms-win-core-winrt-string-l​1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x75DF1360)
[address] IAT @explorer.exe (WindowsCreateString) : api-ms-win-core-winrt-string-l​1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x75DF15A1)
[address] IAT @explorer.exe (WindowsGetStringRawBuffer) : api-ms-win-core-winrt-string-l​1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x75DF116D)
[address] IAT @explorer.exe (GetLocaleInfoW) : api-ms-win-core-localization-l​1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B43457)
[address] IAT @explorer.exe (GetThreadUILanguage) : api-ms-win-core-localization-l​1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B50B2D)
[address] IAT @explorer.exe (QueryFullProcessImageNameW) : api-ms-win-core-psapi-l1-1-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B8E179)
[address] IAT @explorer.exe (StopTraceW) : api-ms-win-eventing-controller​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B82934)
[address] IAT @explorer.exe (EnableTraceEx2) : api-ms-win-eventing-controller​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B7960E)
[address] IAT @explorer.exe (StartTraceW) : api-ms-win-eventing-controller​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B79E6F)
[address] IAT @explorer.exe (DeactivateActCtx) : api-ms-win-core-sidebyside-l1-​1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B4029B)
[address] IAT @explorer.exe (ReleaseActCtx) : api-ms-win-core-sidebyside-l1-​1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B4025F)
[address] IAT @explorer.exe (ActivateActCtx) : api-ms-win-core-sidebyside-l1-​1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B4027D)
[address] IAT @explorer.exe (CreateActCtxW) : api-ms-win-core-sidebyside-l1-​1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B467FF)
[address] IAT @explorer.exe (ChangeTimerQueueTimer) : api-ms-win-core-threadpool-leg​acy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B3E072)
[address] IAT @explorer.exe (DeleteTimerQueueTimer) : api-ms-win-core-threadpool-leg​acy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B4056D)
[address] IAT @explorer.exe (CreateTimerQueueTimer) : api-ms-win-core-threadpool-leg​acy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B405BA)
[address] IAT @explorer.exe (QueueUserWorkItem) : api-ms-win-core-threadpool-leg​acy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74B3E81C)
[inline] EAT @explorer.exe (?UiaHostProviderFromHwnd@Sche​ma@DirectUI@@2P6GJPAUHWND__@@P​APAUIRawElementProviderSimple@​@@ZA) : DUI70.dll -> HOOKED (Unknown @ 0x0BA12D75)

¤¤¤ Ruches Externes: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\​etc\hosts




¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS541616J9SA00 ATA Device +++++
--- User ---
[mbr] 2cc70d824167d9b7eafaddb7500983​4c
[bsp] 4217d9fb82f43facf66637ca283576​2f : Windows Vista/7/8 MBR Code
Partition table:
0 - [xxxxxx] FAT32-LBA (0x1c) [hidden!] Offset (sectors): 2048 | Size: 7000 Mo
1 - [active] NTFS (0x07) [visible] Offset (sectors): 14338048 | Size: 87376 Mo
2 - [xxxxxx] EXTEN-LBA (0x0f) [visible] Offset (sectors): 193284096 | Size: 58249 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[0]_S_11302013_171215.txt >>
RKreport[0]_D_11282013_103538.txt;RKrep​or​t[0]_S_11272013_120754.txt

Profil : Equipe sécurité
did80
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés) Helpeur confirmé
  1. Posté le 30/11/2013 à 18:25:24  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
salut relance roguekiller phase suppression copies/colles

le rapport @++


---------------
l'urgent est fait , l'impossible est en cours
pour les miracles prévoir des délais
Profil : Equipe sécurité
did80
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés) Helpeur confirmé
  1. Posté le 30/11/2013 à 18:26:15  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
salut relance roguekiller phase suppression copies/colles

le rapport @++


---------------
l'urgent est fait , l'impossible est en cours
pour les miracles prévoir des délais
nono622
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 01/12/2013 à 17:29:04  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
salut

RogueKiller V8.7.9 [nov 25 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.adlice.com/forum/
Site Web : http://www.sur-la-toile.com/Ro​gueKiller/
Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation : Windows 8 (6.2.9200 ) 32 bits version
Demarrage : Mode normal
Utilisateur : CELINE [droits d'admin]
Mode : Suppression -- Date : 12/01/2013 17:28:25
| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 2 ¤¤¤
[susp PATH] sm56hlpr.exe -- C:\Windows\sm56hlpr.exe [7] -> TUÉ [termproc]
[susp PATH] sm56hlpr.exe -- C:\Windows\sm56hlpr.exe [7] -> TUÉ [termproc]

¤¤¤ Entrees de registre : 2 ¤¤¤
[hj DESK] [pum] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595f​e6b30ee} (1) -> REMPLACÉ (0)
[hj DESK] [pum] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002​B30309D} (1) -> REMPLACÉ (0)

¤¤¤ Tâches planifiées : 0 ¤¤¤

¤¤¤ Entrées Startup : 0 ¤¤¤

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [charge] ¤¤¤
[address] IAT @explorer.exe (CoTaskMemFree) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C13700)
[address] IAT @explorer.exe (CoInitializeEx) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C29DF5)
[address] IAT @explorer.exe (CoUninitialize) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C2963D)
[address] IAT @explorer.exe (CreateStreamOnHGlobal) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C597D7)
[address] IAT @explorer.exe (CoGetApartmentType) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C2A9CD)
[address] IAT @explorer.exe (CoWaitForMultipleHandles) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C58B73)
[address] IAT @explorer.exe (CoFreeUnusedLibraries) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C62329)
[address] IAT @explorer.exe (CoEnableCallCancellation) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C36635)
[address] IAT @explorer.exe (CoDisableCallCancellation) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C3666B)
[address] IAT @explorer.exe (CoCancelCall) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76CBE323)
[address] IAT @explorer.exe (StringFromGUID2) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C2A428)
[address] IAT @explorer.exe (PropVariantClear) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C2AAF0)
[address] IAT @explorer.exe (CoMarshalInterThreadInterface​InStream) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C5F6D4)
[address] IAT @explorer.exe (CoReleaseMarshalData) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C396E2)
[address] IAT @explorer.exe (CoCreateInstance) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C2C859)
[address] IAT @explorer.exe (CoRevokeClassObject) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C634F6)
[address] IAT @explorer.exe (CoRegisterClassObject) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C64757)
[address] IAT @explorer.exe (CoGetInterfaceAndReleaseStrea​m) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C5F684)
[address] IAT @explorer.exe (CoGetMalloc) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C13838)
[address] IAT @explorer.exe (CoCreateFreeThreadedMarshaler​) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C2D270)
[address] IAT @explorer.exe (CoTaskMemAlloc) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C137D7)
[address] IAT @explorer.exe (CLSIDFromString) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C58056)
[address] IAT @explorer.exe (CoTaskMemRealloc) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C2AACA)
[address] IAT @explorer.exe (InterlockedExchange) : api-ms-win-core-interlocked-l1​-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2CEF9)
[address] IAT @explorer.exe (InterlockedIncrement) : api-ms-win-core-interlocked-l1​-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2CE9B)
[address] IAT @explorer.exe (InterlockedCompareExchange) : api-ms-win-core-interlocked-l1​-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2CF0C)
[address] IAT @explorer.exe (InterlockedDecrement) : api-ms-win-core-interlocked-l1​-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2CE8A)
[address] IAT @explorer.exe (RegCreateKeyExW) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A4B580)
[address] IAT @explorer.exe (RegEnumValueW) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3C5C4)
[address] IAT @explorer.exe (RegQueryInfoKeyW) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3C171)
[address] IAT @explorer.exe (RegQueryValueExW) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2FBB6)
[address] IAT @explorer.exe (RegCloseKey) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2F832)
[address] IAT @explorer.exe (RegOpenKeyExW) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2F625)
[address] IAT @explorer.exe (RegGetValueW) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3296A)
[address] IAT @explorer.exe (RegOpenCurrentUser) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A363B3)
[address] IAT @explorer.exe (RegEnumKeyExW) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3AA19)
[address] IAT @explorer.exe (RegDeleteValueW) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A41401)
[address] IAT @explorer.exe (RegSetValueExW) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A4B72B)
[address] IAT @explorer.exe (OpenProcessToken) : api-ms-win-core-processthreads​-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2E647)
[address] IAT @explorer.exe (OpenThreadToken) : api-ms-win-core-processthreads​-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2E612)
[address] IAT @explorer.exe (CloseHandle) : api-ms-win-core-handle-l1-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2D140)
[address] IAT @explorer.exe (DuplicateHandle) : api-ms-win-core-handle-l1-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2DA22)
[address] IAT @explorer.exe (SetUnhandledExceptionFilter) : api-ms-win-core-errorhandling-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A470D7)
[address] IAT @explorer.exe (SetErrorMode) : api-ms-win-core-errorhandling-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A32EBF)
[address] IAT @explorer.exe (GetLastError) : api-ms-win-core-errorhandling-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2CEEF)
[address] IAT @explorer.exe (RaiseException) : api-ms-win-core-errorhandling-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A31F9B)
[address] IAT @explorer.exe (UnhandledExceptionFilter) : api-ms-win-core-errorhandling-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74AB705F)
[address] IAT @explorer.exe (WaitForSingleObject) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A22151)
[address] IAT @explorer.exe (OpenMutexW) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3BACE)
[address] IAT @explorer.exe (InitializeCriticalSectionEx) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A353BA)
[address] IAT @explorer.exe (WaitForMultipleObjectsEx) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2CFBE)
[address] IAT @explorer.exe (SetEvent) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2D08C)
[address] IAT @explorer.exe (OpenEventW) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3229A)
[address] IAT @explorer.exe (CreateEventW) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2D997)
[address] IAT @explorer.exe (ResetEvent) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2D0B2)
[address] IAT @explorer.exe (CreateMutexW) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A30EE1)
[address] IAT @explorer.exe (ReleaseMutex) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A21005)
[address] IAT @explorer.exe (Sleep) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A22284)
[address] IAT @explorer.exe (CharNextW) : api-ms-win-core-string-l2-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3663E)
[address] IAT @explorer.exe (CharUpperW) : api-ms-win-core-string-l2-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3695B)
[address] IAT @explorer.exe (CharPrevW) : api-ms-win-core-string-l2-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A39AAC)
[address] IAT @explorer.exe (CharLowerW) : api-ms-win-core-string-l2-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3E111)
[address] IAT @explorer.exe (IsCharAlphaNumericW) : api-ms-win-core-string-l2-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3BDE7)
[address] IAT @explorer.exe (HeapDestroy) : api-ms-win-core-heap-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A304F7)
[address] IAT @explorer.exe (HeapSetInformation) : api-ms-win-core-heap-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3467B)
[address] IAT @explorer.exe (GetProcessHeap) : api-ms-win-core-heap-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2CEB1)
[address] IAT @explorer.exe (WideCharToMultiByte) : api-ms-win-core-string-l1-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A31CCD)
[address] IAT @explorer.exe (MultiByteToWideChar) : api-ms-win-core-string-l1-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A30C61)
[address] IAT @explorer.exe (CompareStringW) : api-ms-win-core-string-l1-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2EC17)
[address] IAT @explorer.exe (CompareStringOrdinal) : api-ms-win-core-string-l1-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A37E2F)
[address] IAT @explorer.exe (FreeLibrary) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2DD11)
[address] IAT @explorer.exe (GetProcAddress) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2FCFE)
[address] IAT @explorer.exe (LoadLibraryExW) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3273E)
[address] IAT @explorer.exe (LockResource) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2D7DF)
[address] IAT @explorer.exe (GetModuleHandleW) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2DC84)
[address] IAT @explorer.exe (LoadResource) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A375B2)
[address] IAT @explorer.exe (FindResourceExW) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3748B)
[address] IAT @explorer.exe (GetModuleFileNameW) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2E0AF)
[address] IAT @explorer.exe (FreeLibraryAndExitThread) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2E033)
[address] IAT @explorer.exe (GetModuleHandleExW) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A320DA)
[address] IAT @explorer.exe (LoadStringW) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A33BD1)
[address] IAT @explorer.exe (GetModuleHandleA) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2E3CA)
[address] IAT @explorer.exe (GetCurrentDirectoryW) : api-ms-win-core-processenviron​ment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A354B6)
[address] IAT @explorer.exe (GetCommandLineW) : api-ms-win-core-processenviron​ment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A353E2)
[address] IAT @explorer.exe (SearchPathW) : api-ms-win-core-processenviron​ment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A7C406)
[address] IAT @explorer.exe (ExpandEnvironmentStringsW) : api-ms-win-core-processenviron​ment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2EDE9)
[address] IAT @explorer.exe (CallNtPowerInformation) : api-ms-win-power-base-l1-1-0.d​ll -> HOOKED (C:\WINDOWS\SYSTEM32\powrprof.​dll @ 0x746C1DCC)
[address] IAT @explorer.exe (GetPwrCapabilities) : api-ms-win-power-base-l1-1-0.d​ll -> HOOKED (C:\WINDOWS\SYSTEM32\powrprof.​dll @ 0x746C367D)
[address] IAT @explorer.exe (GetTokenInformation) : api-ms-win-security-base-l1-2-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2E773)
[address] IAT @explorer.exe (GetSidSubAuthority) : api-ms-win-security-base-l1-2-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A36446)
[address] IAT @explorer.exe (CreateWellKnownSid) : api-ms-win-security-base-l1-2-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A42A05)
[address] IAT @explorer.exe (GetLengthSid) : api-ms-win-security-base-l1-2-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2E66F)
[address] IAT @explorer.exe (IsValidSid) : api-ms-win-security-base-l1-2-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2E6D5)
[address] IAT @explorer.exe (CopySid) : api-ms-win-security-base-l1-2-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2E688)
[address] IAT @explorer.exe (GetSidSubAuthorityCount) : api-ms-win-security-base-l1-2-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3645F)
[address] IAT @explorer.exe (CheckTokenMembership) : api-ms-win-security-base-l1-2-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A30329)
[address] IAT @explorer.exe (PathCchAddExtension) : api-ms-win-core-path-l1-1-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A5A8C1)
[address] IAT @explorer.exe (PathCchCombine) : api-ms-win-core-path-l1-1-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A386CF)
[address] IAT @explorer.exe (PathCchAppend) : api-ms-win-core-path-l1-1-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A411EC)
[address] IAT @explorer.exe (GetLongPathNameW) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A52C8D)
[address] IAT @explorer.exe (ReadFile) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3384C)
[address] IAT @explorer.exe (CreateFileW) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A326CE)
[address] IAT @explorer.exe (WriteFile) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2DA7F)
[address] IAT @explorer.exe (GetFileSize) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A302B9)
[address] IAT @explorer.exe (FindClose) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A34A48)
[address] IAT @explorer.exe (CompareFileTime) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A31648)
[address] IAT @explorer.exe (DeleteFileW) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3402F)
[address] IAT @explorer.exe (FindNextFileW) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A34B4D)
[address] IAT @explorer.exe (FindFirstFileW) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A349EA)
[address] IAT @explorer.exe (GetFileAttributesW) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A32D76)
[address] IAT @explorer.exe (GetTickCount64) : api-ms-win-core-sysinfo-l1-2-0​.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2D21E)
[address] IAT @explorer.exe (GetTickCount) : api-ms-win-core-sysinfo-l1-2-0​.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2CE5B)
[address] IAT @explorer.exe (GetProductInfo) : api-ms-win-core-sysinfo-l1-2-0​.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A4A3A1)
[address] IAT @explorer.exe (GetVersionExW) : api-ms-win-core-sysinfo-l1-2-0​.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2EE47)
[address] IAT @explorer.exe (GetSystemDirectoryW) : api-ms-win-core-sysinfo-l1-2-0​.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A343EE)
[address] IAT @explorer.exe (GetSystemTimeAsFileTime) : api-ms-win-core-sysinfo-l1-2-0​.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2D306)
[address] IAT @explorer.exe (GetSystemTime) : api-ms-win-core-sysinfo-l1-2-0​.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2ECE5)
[address] IAT @explorer.exe (GetWindowsDirectoryW) : api-ms-win-core-sysinfo-l1-2-0​.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A369A0)
[address] IAT @explorer.exe (GetLocalTime) : api-ms-win-core-sysinfo-l1-2-0​.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2F145)
[address] IAT @explorer.exe (GetDynamicTimeZoneInformation​) : api-ms-win-core-timezone-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A72B27)
[address] IAT @explorer.exe (GetTimeZoneInformation) : api-ms-win-core-timezone-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A400B1)
[address] IAT @explorer.exe (SystemTimeToFileTime) : api-ms-win-core-timezone-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A32141)
[address] IAT @explorer.exe (GetTimeFormatEx) : api-ms-win-core-datetime-l1-1-​1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A42599)
[address] IAT @explorer.exe (GetDateFormatEx) : api-ms-win-core-datetime-l1-1-​1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A425C9)
[address] IAT @explorer.exe (GetDateFormatW) : api-ms-win-core-datetime-l1-1-​1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A52516)
[address] IAT @explorer.exe (MapViewOfFile) : api-ms-win-core-memory-l1-1-1.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A32BB9)
[address] IAT @explorer.exe (VirtualAlloc) : api-ms-win-core-memory-l1-1-1.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2D3DD)
[address] IAT @explorer.exe (UnmapViewOfFile) : api-ms-win-core-memory-l1-1-1.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2D2A3)
[address] IAT @explorer.exe (CreateFileMappingW) : api-ms-win-core-memory-l1-1-1.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A32D4F)
[address] IAT @explorer.exe (VirtualFree) : api-ms-win-core-memory-l1-1-1.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2DD5A)
[address] IAT @explorer.exe (StrStrIW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3F51E)
[address] IAT @explorer.exe (StrTrimW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3DF67)
[address] IAT @explorer.exe (StrCmpNICW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A7D843)
[address] IAT @explorer.exe (StrCmpNW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A7CC6A)
[address] IAT @explorer.exe (StrToIntW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A7DD73)
[address] IAT @explorer.exe (StrChrW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A7D80F)
[address] IAT @explorer.exe (StrCmpICW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A7D76D)
[address] IAT @explorer.exe (StrCmpNIW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3F7C6)
[address] IAT @explorer.exe (StrRStrIW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A77664)
[address] IAT @explorer.exe (StrCmpIW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A543B9)
[address] IAT @explorer.exe (SHLoadIndirectString) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3FB3B)
[address] IAT @explorer.exe (StrChrIW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A55923)
[address] IAT @explorer.exe (StrCmpW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A7CED7)
[address] IAT @explorer.exe (StrCmpCW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A36B0D)
[address] IAT @explorer.exe (QISearch) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2DEB8)
[address] IAT @explorer.exe (StrCmpICA) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2DF6D)
[address] IAT @explorer.exe (GetUserDefaultUILanguage) : api-ms-win-core-localization-o​bsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3172A)
[address] IAT @explorer.exe (CoRegisterMessageFilter) : api-ms-win-core-com-private-l1​-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C591D2)
[address] IAT @explorer.exe (SHRegGetUSValueW) : api-ms-win-core-registryusersp​ecific-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A50829)
[address] IAT @explorer.exe (SHRegGetBoolUSValueW) : api-ms-win-core-registryusersp​ecific-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A57F7A)
[address] IAT @explorer.exe (PathRemoveExtensionW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A41111)
[address] IAT @explorer.exe (PathIsFileSpecW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A574FF)
[address] IAT @explorer.exe (PathGetDriveNumberW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A7D9BF)
[address] IAT @explorer.exe (PathRemoveFileSpecW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A5208C)
[address] IAT @explorer.exe (PathCommonPrefixW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A40BFB)
[address] IAT @explorer.exe (PathStripPathW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A826F0)
[address] IAT @explorer.exe (PathStripToRootW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A5224C)
[address] IAT @explorer.exe (PathFindExtensionW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A39964)
[address] IAT @explorer.exe (PathQuoteSpacesW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A77B36)
[address] IAT @explorer.exe (SHExpandEnvironmentStringsW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A39C9B)
[address] IAT @explorer.exe (PathFileExistsW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A36B45)
[address] IAT @explorer.exe (PathGetArgsW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A7BE61)
[address] IAT @explorer.exe (PathRemoveBlanksW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A4A588)
[address] IAT @explorer.exe (PathFindFileNameW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A7D899)
[address] IAT @explorer.exe (PathCombineW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3E1CF)
[address] IAT @explorer.exe (PathParseIconLocationW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A82A5F)
[address] IAT @explorer.exe (PathIsRootW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3E367)
[address] IAT @explorer.exe (PathIsPrefixW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A40D6E)
[address] IAT @explorer.exe (RegCreateKeyW) : api-ms-win-core-registry-l2-1-​0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\advapi32.​dll @ 0x74B5879E)
[address] IAT @explorer.exe (RoGetActivationFactory) : api-ms-win-core-winrt-l1-1-0.d​ll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C676B7)
[address] IAT @explorer.exe (WindowsDeleteString) : api-ms-win-core-winrt-string-l​1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C61360)
[address] IAT @explorer.exe (WindowsCreateString) : api-ms-win-core-winrt-string-l​1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C615A1)
[address] IAT @explorer.exe (WindowsGetStringRawBuffer) : api-ms-win-core-winrt-string-l​1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C6116D)
[address] IAT @explorer.exe (GetLocaleInfoW) : api-ms-win-core-localization-l​1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A33457)
[address] IAT @explorer.exe (GetThreadUILanguage) : api-ms-win-core-localization-l​1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A40B2D)
[address] IAT @explorer.exe (QueryFullProcessImageNameW) : api-ms-win-core-psapi-l1-1-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A7E179)
[address] IAT @explorer.exe (StopTraceW) : api-ms-win-eventing-controller​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A72934)
[address] IAT @explorer.exe (EnableTraceEx2) : api-ms-win-eventing-controller​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A6960E)
[address] IAT @explorer.exe (StartTraceW) : api-ms-win-eventing-controller​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A69E6F)
[address] IAT @explorer.exe (DeactivateActCtx) : api-ms-win-core-sidebyside-l1-​1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3029B)
[address] IAT @explorer.exe (ReleaseActCtx) : api-ms-win-core-sidebyside-l1-​1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3025F)
[address] IAT @explorer.exe (ActivateActCtx) : api-ms-win-core-sidebyside-l1-​1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3027D)
[address] IAT @explorer.exe (CreateActCtxW) : api-ms-win-core-sidebyside-l1-​1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A367FF)
[address] IAT @explorer.exe (ChangeTimerQueueTimer) : api-ms-win-core-threadpool-leg​acy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2E072)
[address] IAT @explorer.exe (DeleteTimerQueueTimer) : api-ms-win-core-threadpool-leg​acy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3056D)
[address] IAT @explorer.exe (CreateTimerQueueTimer) : api-ms-win-core-threadpool-leg​acy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A305BA)
[address] IAT @explorer.exe (QueueUserWorkItem) : api-ms-win-core-threadpool-leg​acy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2E81C)
[inline] EAT @explorer.exe (LpkEditControl) : GDI32.dll -> HOOKED (Unknown @ 0x6005B99D)
[inline] EAT @explorer.exe (?UiaHostProviderFromHwnd@Sche​ma@DirectUI@@2P6GJPAUHWND__@@P​APAUIRawElementProviderSimple@​@@ZA) : DUI70.dll -> HOOKED (Unknown @ 0xB3BE0E75)

¤¤¤ Ruches Externes: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\​etc\hosts




¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS541616J9SA00 ATA Device +++++
--- User ---
[mbr] 2cc70d824167d9b7eafaddb7500983​4c
[bsp] 4217d9fb82f43facf66637ca283576​2f : Windows Vista/7/8 MBR Code
Partition table:
0 - [xxxxxx] FAT32-LBA (0x1c) [hidden!] Offset (sectors): 2048 | Size: 7000 Mo
1 - [active] NTFS (0x07) [visible] Offset (sectors): 14338048 | Size: 87376 Mo
2 - [xxxxxx] EXTEN-LBA (0x0f) [visible] Offset (sectors): 193284096 | Size: 58249 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[0]_D_12012013_172825.txt >>
RKreport[0]_D_11282013_103538.txt;RKrep​or​t[0]_S_11272013_120754.txt;​RKrepor​t[0]_S_11302013_171215​.txt
RKreport[0]_S_12012013_172804.txt

Profil : Equipe sécurité
did80
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés) Helpeur confirmé
  1. Posté le 01/12/2013 à 20:45:55  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
salut relance le raccraz

copies/colles le rapport @++


---------------
l'urgent est fait , l'impossible est en cours
pour les miracles prévoir des délais
nono622
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 01/12/2013 à 22:30:59  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Re

RogueKiller V8.7.9 [nov 25 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.adlice.com/forum/
Site Web : http://www.sur-la-toile.com/Ro​gueKiller/
Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation : Windows 8 (6.2.9200 ) 32 bits version
Demarrage : Mode normal
Utilisateur : CELINE [droits d'admin]
Mode : Recherche -- Date : 12/01/2013 22:30:21
| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 0 ¤¤¤

¤¤¤ Entrees de registre : 0 ¤¤¤

¤¤¤ Tâches planifiées : 0 ¤¤¤

¤¤¤ Entrées Startup : 0 ¤¤¤

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [charge] ¤¤¤
[address] IAT @explorer.exe (CoTaskMemFree) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C13700)
[address] IAT @explorer.exe (CoInitializeEx) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C29DF5)
[address] IAT @explorer.exe (CoUninitialize) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C2963D)
[address] IAT @explorer.exe (CreateStreamOnHGlobal) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C597D7)
[address] IAT @explorer.exe (CoGetApartmentType) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C2A9CD)
[address] IAT @explorer.exe (CoWaitForMultipleHandles) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C58B73)
[address] IAT @explorer.exe (CoFreeUnusedLibraries) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C62329)
[address] IAT @explorer.exe (CoEnableCallCancellation) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C36635)
[address] IAT @explorer.exe (CoDisableCallCancellation) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C3666B)
[address] IAT @explorer.exe (CoCancelCall) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76CBE323)
[address] IAT @explorer.exe (StringFromGUID2) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C2A428)
[address] IAT @explorer.exe (PropVariantClear) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C2AAF0)
[address] IAT @explorer.exe (CoMarshalInterThreadInterface​InStream) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C5F6D4)
[address] IAT @explorer.exe (CoReleaseMarshalData) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C396E2)
[address] IAT @explorer.exe (CoCreateInstance) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C2C859)
[address] IAT @explorer.exe (CoRevokeClassObject) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C634F6)
[address] IAT @explorer.exe (CoRegisterClassObject) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C64757)
[address] IAT @explorer.exe (CoGetInterfaceAndReleaseStrea​m) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C5F684)
[address] IAT @explorer.exe (CoGetMalloc) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C13838)
[address] IAT @explorer.exe (CoCreateFreeThreadedMarshaler​) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C2D270)
[address] IAT @explorer.exe (CoTaskMemAlloc) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C137D7)
[address] IAT @explorer.exe (CLSIDFromString) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C58056)
[address] IAT @explorer.exe (CoTaskMemRealloc) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C2AACA)
[address] IAT @explorer.exe (InterlockedExchange) : api-ms-win-core-interlocked-l1​-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2CEF9)
[address] IAT @explorer.exe (InterlockedIncrement) : api-ms-win-core-interlocked-l1​-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2CE9B)
[address] IAT @explorer.exe (InterlockedCompareExchange) : api-ms-win-core-interlocked-l1​-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2CF0C)
[address] IAT @explorer.exe (InterlockedDecrement) : api-ms-win-core-interlocked-l1​-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2CE8A)
[address] IAT @explorer.exe (RegCreateKeyExW) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A4B580)
[address] IAT @explorer.exe (RegEnumValueW) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3C5C4)
[address] IAT @explorer.exe (RegQueryInfoKeyW) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3C171)
[address] IAT @explorer.exe (RegQueryValueExW) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2FBB6)
[address] IAT @explorer.exe (RegCloseKey) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2F832)
[address] IAT @explorer.exe (RegOpenKeyExW) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2F625)
[address] IAT @explorer.exe (RegGetValueW) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3296A)
[address] IAT @explorer.exe (RegOpenCurrentUser) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A363B3)
[address] IAT @explorer.exe (RegEnumKeyExW) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3AA19)
[address] IAT @explorer.exe (RegDeleteValueW) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A41401)
[address] IAT @explorer.exe (RegSetValueExW) : api-ms-win-core-registry-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A4B72B)
[address] IAT @explorer.exe (OpenProcessToken) : api-ms-win-core-processthreads​-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2E647)
[address] IAT @explorer.exe (OpenThreadToken) : api-ms-win-core-processthreads​-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2E612)
[address] IAT @explorer.exe (CloseHandle) : api-ms-win-core-handle-l1-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2D140)
[address] IAT @explorer.exe (DuplicateHandle) : api-ms-win-core-handle-l1-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2DA22)
[address] IAT @explorer.exe (SetUnhandledExceptionFilter) : api-ms-win-core-errorhandling-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A470D7)
[address] IAT @explorer.exe (SetErrorMode) : api-ms-win-core-errorhandling-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A32EBF)
[address] IAT @explorer.exe (GetLastError) : api-ms-win-core-errorhandling-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2CEEF)
[address] IAT @explorer.exe (RaiseException) : api-ms-win-core-errorhandling-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A31F9B)
[address] IAT @explorer.exe (UnhandledExceptionFilter) : api-ms-win-core-errorhandling-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74AB705F)
[address] IAT @explorer.exe (WaitForSingleObject) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A22151)
[address] IAT @explorer.exe (OpenMutexW) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3BACE)
[address] IAT @explorer.exe (InitializeCriticalSectionEx) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A353BA)
[address] IAT @explorer.exe (WaitForMultipleObjectsEx) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2CFBE)
[address] IAT @explorer.exe (SetEvent) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2D08C)
[address] IAT @explorer.exe (OpenEventW) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3229A)
[address] IAT @explorer.exe (CreateEventW) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2D997)
[address] IAT @explorer.exe (ResetEvent) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2D0B2)
[address] IAT @explorer.exe (CreateMutexW) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A30EE1)
[address] IAT @explorer.exe (ReleaseMutex) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A21005)
[address] IAT @explorer.exe (Sleep) : api-ms-win-core-synch-l1-2-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A22284)
[address] IAT @explorer.exe (CharNextW) : api-ms-win-core-string-l2-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3663E)
[address] IAT @explorer.exe (CharUpperW) : api-ms-win-core-string-l2-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3695B)
[address] IAT @explorer.exe (CharPrevW) : api-ms-win-core-string-l2-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A39AAC)
[address] IAT @explorer.exe (CharLowerW) : api-ms-win-core-string-l2-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3E111)
[address] IAT @explorer.exe (IsCharAlphaNumericW) : api-ms-win-core-string-l2-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3BDE7)
[address] IAT @explorer.exe (HeapDestroy) : api-ms-win-core-heap-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A304F7)
[address] IAT @explorer.exe (HeapSetInformation) : api-ms-win-core-heap-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3467B)
[address] IAT @explorer.exe (GetProcessHeap) : api-ms-win-core-heap-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2CEB1)
[address] IAT @explorer.exe (WideCharToMultiByte) : api-ms-win-core-string-l1-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A31CCD)
[address] IAT @explorer.exe (MultiByteToWideChar) : api-ms-win-core-string-l1-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A30C61)
[address] IAT @explorer.exe (CompareStringW) : api-ms-win-core-string-l1-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2EC17)
[address] IAT @explorer.exe (CompareStringOrdinal) : api-ms-win-core-string-l1-1-0.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A37E2F)
[address] IAT @explorer.exe (FreeLibrary) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2DD11)
[address] IAT @explorer.exe (GetProcAddress) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2FCFE)
[address] IAT @explorer.exe (LoadLibraryExW) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3273E)
[address] IAT @explorer.exe (LockResource) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2D7DF)
[address] IAT @explorer.exe (GetModuleHandleW) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2DC84)
[address] IAT @explorer.exe (LoadResource) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A375B2)
[address] IAT @explorer.exe (FindResourceExW) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3748B)
[address] IAT @explorer.exe (GetModuleFileNameW) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2E0AF)
[address] IAT @explorer.exe (FreeLibraryAndExitThread) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2E033)
[address] IAT @explorer.exe (GetModuleHandleExW) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A320DA)
[address] IAT @explorer.exe (LoadStringW) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A33BD1)
[address] IAT @explorer.exe (GetModuleHandleA) : api-ms-win-core-libraryloader-​l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2E3CA)
[address] IAT @explorer.exe (GetCurrentDirectoryW) : api-ms-win-core-processenviron​ment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A354B6)
[address] IAT @explorer.exe (GetCommandLineW) : api-ms-win-core-processenviron​ment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A353E2)
[address] IAT @explorer.exe (SearchPathW) : api-ms-win-core-processenviron​ment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A7C406)
[address] IAT @explorer.exe (ExpandEnvironmentStringsW) : api-ms-win-core-processenviron​ment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2EDE9)
[address] IAT @explorer.exe (CallNtPowerInformation) : api-ms-win-power-base-l1-1-0.d​ll -> HOOKED (C:\WINDOWS\SYSTEM32\powrprof.​dll @ 0x746C1DCC)
[address] IAT @explorer.exe (GetPwrCapabilities) : api-ms-win-power-base-l1-1-0.d​ll -> HOOKED (C:\WINDOWS\SYSTEM32\powrprof.​dll @ 0x746C367D)
[address] IAT @explorer.exe (GetTokenInformation) : api-ms-win-security-base-l1-2-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2E773)
[address] IAT @explorer.exe (GetSidSubAuthority) : api-ms-win-security-base-l1-2-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A36446)
[address] IAT @explorer.exe (CreateWellKnownSid) : api-ms-win-security-base-l1-2-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A42A05)
[address] IAT @explorer.exe (GetLengthSid) : api-ms-win-security-base-l1-2-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2E66F)
[address] IAT @explorer.exe (IsValidSid) : api-ms-win-security-base-l1-2-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2E6D5)
[address] IAT @explorer.exe (CopySid) : api-ms-win-security-base-l1-2-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2E688)
[address] IAT @explorer.exe (GetSidSubAuthorityCount) : api-ms-win-security-base-l1-2-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3645F)
[address] IAT @explorer.exe (CheckTokenMembership) : api-ms-win-security-base-l1-2-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A30329)
[address] IAT @explorer.exe (PathCchAddExtension) : api-ms-win-core-path-l1-1-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A5A8C1)
[address] IAT @explorer.exe (PathCchCombine) : api-ms-win-core-path-l1-1-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A386CF)
[address] IAT @explorer.exe (PathCchAppend) : api-ms-win-core-path-l1-1-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A411EC)
[address] IAT @explorer.exe (GetLongPathNameW) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A52C8D)
[address] IAT @explorer.exe (ReadFile) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3384C)
[address] IAT @explorer.exe (CreateFileW) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A326CE)
[address] IAT @explorer.exe (WriteFile) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2DA7F)
[address] IAT @explorer.exe (GetFileSize) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A302B9)
[address] IAT @explorer.exe (FindClose) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A34A48)
[address] IAT @explorer.exe (CompareFileTime) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A31648)
[address] IAT @explorer.exe (DeleteFileW) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3402F)
[address] IAT @explorer.exe (FindNextFileW) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A34B4D)
[address] IAT @explorer.exe (FindFirstFileW) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A349EA)
[address] IAT @explorer.exe (GetFileAttributesW) : api-ms-win-core-file-l1-2-0.dl​l -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A32D76)
[address] IAT @explorer.exe (GetTickCount64) : api-ms-win-core-sysinfo-l1-2-0​.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2D21E)
[address] IAT @explorer.exe (GetTickCount) : api-ms-win-core-sysinfo-l1-2-0​.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2CE5B)
[address] IAT @explorer.exe (GetProductInfo) : api-ms-win-core-sysinfo-l1-2-0​.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A4A3A1)
[address] IAT @explorer.exe (GetVersionExW) : api-ms-win-core-sysinfo-l1-2-0​.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2EE47)
[address] IAT @explorer.exe (GetSystemDirectoryW) : api-ms-win-core-sysinfo-l1-2-0​.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A343EE)
[address] IAT @explorer.exe (GetSystemTimeAsFileTime) : api-ms-win-core-sysinfo-l1-2-0​.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2D306)
[address] IAT @explorer.exe (GetSystemTime) : api-ms-win-core-sysinfo-l1-2-0​.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2ECE5)
[address] IAT @explorer.exe (GetWindowsDirectoryW) : api-ms-win-core-sysinfo-l1-2-0​.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A369A0)
[address] IAT @explorer.exe (GetLocalTime) : api-ms-win-core-sysinfo-l1-2-0​.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2F145)
[address] IAT @explorer.exe (GetDynamicTimeZoneInformation​) : api-ms-win-core-timezone-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A72B27)
[address] IAT @explorer.exe (GetTimeZoneInformation) : api-ms-win-core-timezone-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A400B1)
[address] IAT @explorer.exe (SystemTimeToFileTime) : api-ms-win-core-timezone-l1-1-​0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A32141)
[address] IAT @explorer.exe (GetTimeFormatEx) : api-ms-win-core-datetime-l1-1-​1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A42599)
[address] IAT @explorer.exe (GetDateFormatEx) : api-ms-win-core-datetime-l1-1-​1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A425C9)
[address] IAT @explorer.exe (GetDateFormatW) : api-ms-win-core-datetime-l1-1-​1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A52516)
[address] IAT @explorer.exe (MapViewOfFile) : api-ms-win-core-memory-l1-1-1.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A32BB9)
[address] IAT @explorer.exe (VirtualAlloc) : api-ms-win-core-memory-l1-1-1.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2D3DD)
[address] IAT @explorer.exe (UnmapViewOfFile) : api-ms-win-core-memory-l1-1-1.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2D2A3)
[address] IAT @explorer.exe (CreateFileMappingW) : api-ms-win-core-memory-l1-1-1.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A32D4F)
[address] IAT @explorer.exe (VirtualFree) : api-ms-win-core-memory-l1-1-1.​dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2DD5A)
[address] IAT @explorer.exe (StrStrIW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3F51E)
[address] IAT @explorer.exe (StrTrimW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3DF67)
[address] IAT @explorer.exe (StrCmpNICW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A7D843)
[address] IAT @explorer.exe (StrCmpNW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A7CC6A)
[address] IAT @explorer.exe (StrToIntW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A7DD73)
[address] IAT @explorer.exe (StrChrW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A7D80F)
[address] IAT @explorer.exe (StrCmpICW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A7D76D)
[address] IAT @explorer.exe (StrCmpNIW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3F7C6)
[address] IAT @explorer.exe (StrRStrIW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A77664)
[address] IAT @explorer.exe (StrCmpIW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A543B9)
[address] IAT @explorer.exe (SHLoadIndirectString) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3FB3B)
[address] IAT @explorer.exe (StrChrIW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A55923)
[address] IAT @explorer.exe (StrCmpW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A7CED7)
[address] IAT @explorer.exe (StrCmpCW) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A36B0D)
[address] IAT @explorer.exe (QISearch) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2DEB8)
[address] IAT @explorer.exe (StrCmpICA) : api-ms-win-core-shlwapi-obsole​te-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2DF6D)
[address] IAT @explorer.exe (GetUserDefaultUILanguage) : api-ms-win-core-localization-o​bsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3172A)
[address] IAT @explorer.exe (CoRegisterMessageFilter) : api-ms-win-core-com-private-l1​-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C591D2)
[address] IAT @explorer.exe (SHRegGetUSValueW) : api-ms-win-core-registryusersp​ecific-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A50829)
[address] IAT @explorer.exe (SHRegGetBoolUSValueW) : api-ms-win-core-registryusersp​ecific-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A57F7A)
[address] IAT @explorer.exe (PathRemoveExtensionW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A41111)
[address] IAT @explorer.exe (PathIsFileSpecW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A574FF)
[address] IAT @explorer.exe (PathGetDriveNumberW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A7D9BF)
[address] IAT @explorer.exe (PathRemoveFileSpecW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A5208C)
[address] IAT @explorer.exe (PathCommonPrefixW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A40BFB)
[address] IAT @explorer.exe (PathStripPathW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A826F0)
[address] IAT @explorer.exe (PathStripToRootW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A5224C)
[address] IAT @explorer.exe (PathFindExtensionW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A39964)
[address] IAT @explorer.exe (PathQuoteSpacesW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A77B36)
[address] IAT @explorer.exe (SHExpandEnvironmentStringsW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A39C9B)
[address] IAT @explorer.exe (PathFileExistsW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A36B45)
[address] IAT @explorer.exe (PathGetArgsW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A7BE61)
[address] IAT @explorer.exe (PathRemoveBlanksW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A4A588)
[address] IAT @explorer.exe (PathFindFileNameW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A7D899)
[address] IAT @explorer.exe (PathCombineW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3E1CF)
[address] IAT @explorer.exe (PathParseIconLocationW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A82A5F)
[address] IAT @explorer.exe (PathIsRootW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3E367)
[address] IAT @explorer.exe (PathIsPrefixW) : api-ms-win-core-shlwapi-legacy​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A40D6E)
[address] IAT @explorer.exe (RegCreateKeyW) : api-ms-win-core-registry-l2-1-​0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\advapi32.​dll @ 0x74B5879E)
[address] IAT @explorer.exe (RoGetActivationFactory) : api-ms-win-core-winrt-l1-1-0.d​ll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C676B7)
[address] IAT @explorer.exe (WindowsDeleteString) : api-ms-win-core-winrt-string-l​1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C61360)
[address] IAT @explorer.exe (WindowsCreateString) : api-ms-win-core-winrt-string-l​1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C615A1)
[address] IAT @explorer.exe (WindowsGetStringRawBuffer) : api-ms-win-core-winrt-string-l​1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.d​ll @ 0x76C6116D)
[address] IAT @explorer.exe (GetLocaleInfoW) : api-ms-win-core-localization-l​1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A33457)
[address] IAT @explorer.exe (GetThreadUILanguage) : api-ms-win-core-localization-l​1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A40B2D)
[address] IAT @explorer.exe (QueryFullProcessImageNameW) : api-ms-win-core-psapi-l1-1-0.d​ll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A7E179)
[address] IAT @explorer.exe (StopTraceW) : api-ms-win-eventing-controller​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A72934)
[address] IAT @explorer.exe (EnableTraceEx2) : api-ms-win-eventing-controller​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A6960E)
[address] IAT @explorer.exe (StartTraceW) : api-ms-win-eventing-controller​-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A69E6F)
[address] IAT @explorer.exe (DeactivateActCtx) : api-ms-win-core-sidebyside-l1-​1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3029B)
[address] IAT @explorer.exe (ReleaseActCtx) : api-ms-win-core-sidebyside-l1-​1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3025F)
[address] IAT @explorer.exe (ActivateActCtx) : api-ms-win-core-sidebyside-l1-​1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3027D)
[address] IAT @explorer.exe (CreateActCtxW) : api-ms-win-core-sidebyside-l1-​1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A367FF)
[address] IAT @explorer.exe (ChangeTimerQueueTimer) : api-ms-win-core-threadpool-leg​acy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2E072)
[address] IAT @explorer.exe (DeleteTimerQueueTimer) : api-ms-win-core-threadpool-leg​acy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A3056D)
[address] IAT @explorer.exe (CreateTimerQueueTimer) : api-ms-win-core-threadpool-leg​acy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A305BA)
[address] IAT @explorer.exe (QueueUserWorkItem) : api-ms-win-core-threadpool-leg​acy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBAS​E.dll @ 0x74A2E81C)
[inline] EAT @explorer.exe (LpkEditControl) : GDI32.dll -> HOOKED (Unknown @ 0x6005B99D)
[inline] EAT @explorer.exe (?UiaHostProviderFromHwnd@Sche​ma@DirectUI@@2P6GJPAUHWND__@@P​APAUIRawElementProviderSimple@​@@ZA) : DUI70.dll -> HOOKED (Unknown @ 0xB3BE0E75)

¤¤¤ Ruches Externes: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\​etc\hosts




¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS541616J9SA00 ATA Device +++++
--- User ---
[mbr] 2cc70d824167d9b7eafaddb7500983​4c
[bsp] 4217d9fb82f43facf66637ca283576​2f : Windows Vista/7/8 MBR Code
Partition table:
0 - [xxxxxx] FAT32-LBA (0x1c) [hidden!] Offset (sectors): 2048 | Size: 7000 Mo
1 - [active] NTFS (0x07) [visible] Offset (sectors): 14338048 | Size: 87376 Mo
2 - [xxxxxx] EXTEN-LBA (0x0f) [visible] Offset (sectors): 193284096 | Size: 58249 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[0]_S_12012013_223021.txt >>
RKreport[0]_D_11282013_103538.txt;RKrep​or​t[0]_D_12012013_172825.txt;​RKrepor​t[0]_S_11272013_120754​.txt
RKreport[0]_S_11302013_171215.txt;RKrep​or​t[0]_S_12012013_172804.txt

nono622
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 23/12/2013 à 20:05:59  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Slt j'ai des pubs qui s'affichent tout le temp!!

pouvez vous m'aider

merci

 Page :
1

Aller à :
 

Sujets relatifs
pc ralenti,pubs sans cesse et demande mise a jour Ordinateur infesté, publicité intempestive, pc qui rame
Mon ordinateur est infecté par websearch.pu-results.info RESOLU comment supprimer 22find de mon ordinateur?
ordinateur bloqué; (ukash, ministère de l'intérieur) Résolu: Ordinateur lent et mots soulignées en vert
Plus de sujets relatifs à : ordinateur au ralenti

Les 5 sujets de discussion précédents Nombre de réponses Dernier message
infection ? 39
Trop de RAM utilisée au démarrage 19
Pare feu sous win 8.1 inactivable 1
un appel bizarre 3
Kaspersky internet Sécurity / Malwarebytes Antimalware ? 3