Publicité
Publicité
Format du document : text/x-log
Prévisualisation
RogueKiller V10.0.4.0 (x64) [Oct 29 2014] par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : https://www.surlatoile.org/RogueKiller/
Blog : http://www.adlice.com
Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Démarré en : Mode normal
Utilisateur : Cyril [Administrateur]
Mode : Suppression -- Date : 11/02/2014 21:49:09
¤¤¤ Processus : 0 ¤¤¤
¤¤¤ Registre : 10 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2679234277-3525920427-1927908568-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Remplacé(e) (0)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2679234277-3525920427-1927908568-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Remplacé(e) (0)
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2679234277-3525920427-1927908568-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8080;https=127.0.0.1:8080 -> Supprimé(e)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2679234277-3525920427-1927908568-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8080;https=127.0.0.1:8080 -> ERROR [2]
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Remplacé(e) (2)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Remplacé(e) (2)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Remplacé(e) (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Remplacé(e) (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Remplacé(e) (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Remplacé(e) (0)
¤¤¤ Tâches : 1 ¤¤¤
[Suspicious.Path] \\ASUS Patch 10430001 -- C:\Windows\AsPatch10430001.exe (-e) -> Supprimé(e)
¤¤¤ Fichiers : 0 ¤¤¤
¤¤¤ Fichier Hosts : 0 ¤¤¤
¤¤¤ Antirootkit : 164 (Driver: Chargé) ¤¤¤
[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass2 : \Driver\SynTP @ \Device\000000b4 (\SystemRoot\system32\DRIVERS\nvlddmkm.sys)
[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass0 : \Driver\SynTP @ \Device\00000082 (\SystemRoot\system32\DRIVERS\nvlddmkm.sys)
[IAT:Inl] (firefox.exe @ kernel32.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x75fe1ed9 (jmp 0xfffffffffe542095)
[IAT:Inl] (firefox.exe @ kernel32.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x75fe2ab9 (jmp 0xfffffffffe542e09)
[IAT:Inl] (firefox.exe @ kernel32.dll) ntdll.dll - NtMapViewOfSection : Unknown @ 0x75fe15f1 (jmp 0xfffffffffe5419a1)
[IAT:Inl] (firefox.exe @ kernel32.dll) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x75fe1689 (jmp 0xfffffffffe541a09)
[IAT:Inl] (firefox.exe @ kernel32.dll) ntdll.dll - NtSuspendThread : Unknown @ 0x75fe20a1 (jmp 0xfffffffffe540331)
[IAT:Inl] (firefox.exe @ kernel32.dll) ntdll.dll - NtSetContextThread : Unknown @ 0x75fe1d11 (jmp 0xfffffffffe5403f1)
[IAT:Inl] (firefox.exe @ kernel32.dll) ntdll.dll - NtProtectVirtualMemory : Unknown @ 0x75fe3601 (jmp 0xfffffffffe5435c9)
[IAT:Inl] (firefox.exe @ kernel32.dll) ntdll.dll - NtCreateSection : Unknown @ 0x75fe3991 (jmp 0xfffffffffe5439ed)
[IAT:Inl] (firefox.exe @ kernel32.dll) ntdll.dll - NtSetInformationProcess : Unknown @ 0x75fe2b51 (jmp 0xfffffffffe543029)
[IAT:Inl] (firefox.exe @ kernel32.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x75fe1da9 (jmp 0xfffffffffe542189)
[IAT:Inl] (firefox.exe @ kernel32.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x75fe2c81 (jmp 0xfffffffffe54109d)
[IAT:Inl] (firefox.exe @ kernel32.dll) ntdll.dll - NtSetValueKey : Unknown @ 0x75fe3ac1 (jmp 0xfffffffffe5438fd)
[IAT:Inl] (firefox.exe @ kernel32.dll) ntdll.dll - NtOpenFile : Unknown @ 0x75fe31d9 (jmp 0xfffffffffe543475)
[IAT:Inl] (firefox.exe @ kernel32.dll) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x75fe1c79 (jmp 0xfffffffffe541e65)
[IAT:Inl] (firefox.exe @ kernel32.dll) ntdll.dll - RtlCreateProcessParametersEx : Unknown @ 0x75fe28f1 (jmp 0xfffffffffe501bb6)
[IAT:Inl] (firefox.exe @ KERNELBASE.dll) ntdll.dll - NtSetInformationProcess : Unknown @ 0x75fe2b51 (jmp 0xfffffffffe543029)
[IAT:Inl] (firefox.exe @ KERNELBASE.dll) ntdll.dll - NtOpenFile : Unknown @ 0x75fe31d9 (jmp 0xfffffffffe543475)
[IAT:Inl] (firefox.exe @ KERNELBASE.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x75fe1ed9 (jmp 0xfffffffffe542095)
[IAT:Inl] (firefox.exe @ KERNELBASE.dll) ntdll.dll - NtCreateSection : Unknown @ 0x75fe3991 (jmp 0xfffffffffe5439ed)
[IAT:Inl] (firefox.exe @ KERNELBASE.dll) ntdll.dll - NtOpenSection : Unknown @ 0x75fe38f9 (jmp 0xfffffffffe543b31)
[IAT:Inl] (firefox.exe @ KERNELBASE.dll) ntdll.dll - NtMapViewOfSection : Unknown @ 0x75fe15f1 (jmp 0xfffffffffe5419a1)
[IAT:Inl] (firefox.exe @ KERNELBASE.dll) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x75fe1689 (jmp 0xfffffffffe541a09)
[IAT:Inl] (firefox.exe @ KERNELBASE.dll) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x75fe1c79 (jmp 0xfffffffffe541e65)
[IAT:Inl] (firefox.exe @ KERNELBASE.dll) ntdll.dll - NtProtectVirtualMemory : Unknown @ 0x75fe3601 (jmp 0xfffffffffe5435c9)
[IAT:Inl] (firefox.exe @ KERNELBASE.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x75fe1da9 (jmp 0xfffffffffe542189)
[IAT:Inl] (firefox.exe @ KERNELBASE.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x75fe2ab9 (jmp 0xfffffffffe542e09)
[IAT:Inl] (firefox.exe @ KERNELBASE.dll) ntdll.dll - NtCreateMutant : Unknown @ 0x75fe3861 (jmp 0xfffffffffe5430c5)
[IAT:Inl] (firefox.exe @ KERNELBASE.dll) ntdll.dll - NtSuspendThread : Unknown @ 0x75fe20a1 (jmp 0xfffffffffe540331)
[IAT:Inl] (firefox.exe @ KERNELBASE.dll) ntdll.dll - NtQueueApcThread : Unknown @ 0x75fe1e41 (jmp 0xfffffffffe541f1d)
[IAT:Inl] (firefox.exe @ KERNELBASE.dll) ntdll.dll - NtCreateThreadEx : Unknown @ 0x75fe18e9 (jmp 0xfffffffffe541045)
[IAT:Inl] (firefox.exe @ KERNELBASE.dll) ntdll.dll - NtSetValueKey : Unknown @ 0x75fe3ac1 (jmp 0xfffffffffe5438fd)
[IAT:Inl] (firefox.exe @ avcuf32.dll) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x75fe2009 (jmp 0x82ace2)
[IAT:Inl] (firefox.exe @ WINMM.dll) USER32.dll - GetMessageA : Unknown @ 0x75fe2f79 (jmp 0x26b3a6)
[IAT:Inl] (firefox.exe @ WINMM.dll) USER32.dll - PostMessageA : Unknown @ 0x75fe30a9 (jmp 0x25f4ff)
[IAT:Inl] (firefox.exe @ WINMM.dll) USER32.dll - PostMessageW : Unknown @ 0x75fe3141 (jmp 0x261e9c)
[IAT:Inl] (firefox.exe @ USER32.dll) ntdll.dll - NtVdmControl : Unknown @ 0x75fe2e49 (jmp 0xfffffffffe540f61)
[IAT:Inl] (firefox.exe @ USER32.dll) ntdll.dll - NtSetValueKey : Unknown @ 0x75fe3ac1 (jmp 0xfffffffffe5438fd)
[IAT:Inl] (firefox.exe @ USER32.dll) ntdll.dll - NtProtectVirtualMemory : Unknown @ 0x75fe3601 (jmp 0xfffffffffe5435c9)
[IAT:Inl] (firefox.exe @ GDI32.dll) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x75fe1689 (jmp 0xfffffffffe541a09)
[IAT:Inl] (firefox.exe @ GDI32.dll) ntdll.dll - NtMapViewOfSection : Unknown @ 0x75fe15f1 (jmp 0xfffffffffe5419a1)
[IAT:Inl] (firefox.exe @ GDI32.dll) ntdll.dll - NtCreateSection : Unknown @ 0x75fe3991 (jmp 0xfffffffffe5439ed)
[IAT:Inl] (firefox.exe @ GDI32.dll) ntdll.dll - NtOpenFile : Unknown @ 0x75fe31d9 (jmp 0xfffffffffe543475)
[IAT:Inl] (firefox.exe @ GDI32.dll) ntdll.dll - NtVdmControl : Unknown @ 0x75fe2e49 (jmp 0xfffffffffe540f61)
[IAT:Inl] (firefox.exe @ ADVAPI32.dll) ntdll.dll - NtOpenFile : Unknown @ 0x75fe31d9 (jmp 0xfffffffffe543475)
[IAT:Inl] (firefox.exe @ ADVAPI32.dll) ntdll.dll - NtSetValueKey : Unknown @ 0x75fe3ac1 (jmp 0xfffffffffe5438fd)
[IAT:Inl] (firefox.exe @ ADVAPI32.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x75fe1ed9 (jmp 0xfffffffffe542095)
[IAT:Inl] (firefox.exe @ ADVAPI32.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x75fe2c81 (jmp 0xfffffffffe54109d)
[IAT:Inl] (firefox.exe @ sechost.dll) ntdll.dll - NtQueueApcThread : Unknown @ 0x75fe1e41 (jmp 0xfffffffffe541f1d)
[IAT:Inl] (firefox.exe @ sechost.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x75fe2ab9 (jmp 0xfffffffffe542e09)
[IAT:Inl] (firefox.exe @ RPCRT4.dll) ntdll.dll - NtCreateSection : Unknown @ 0x75fe3991 (jmp 0xfffffffffe5439ed)
[IAT:Inl] (firefox.exe @ SspiCli.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x75fe1ed9 (jmp 0xfffffffffe542095)
[IAT:Inl] (firefox.exe @ CRYPTBASE.dll) ntdll.dll - NtOpenFile : Unknown @ 0x75fe31d9 (jmp 0xfffffffffe543475)
[IAT:Inl] (firefox.exe @ WS2_32.dll) ntdll.dll - NtLoadDriver : Unknown @ 0x75fe2be9 (jmp 0xfffffffffe541df5)
[IAT:Inl] (firefox.exe @ WS2_32.dll) ntdll.dll - NtOpenFile : Unknown @ 0x75fe31d9 (jmp 0xfffffffffe543475)
[IAT:Inl] (firefox.exe @ IMM32.DLL) ntdll.dll - NtOpenFile : Unknown @ 0x75fe31d9 (jmp 0xfffffffffe543475)
[IAT:Inl] (firefox.exe @ IMM32.DLL) ntdll.dll - NtSetValueKey : Unknown @ 0x75fe3ac1 (jmp 0xfffffffffe5438fd)
[IAT:Inl] (firefox.exe @ IMM32.DLL) ntdll.dll - NtDuplicateObject : Unknown @ 0x75fe1ed9 (jmp 0xfffffffffe542095)
[IAT:Inl] (firefox.exe @ IMM32.DLL) ntdll.dll - NtSetSystemInformation : Unknown @ 0x75fe2c81 (jmp 0xfffffffffe54109d)
[IAT:Inl] (firefox.exe @ MSCTF.dll) USER32.dll - GetMessageA : Unknown @ 0x75fe2f79 (jmp 0x26b3a6)
[IAT:Inl] (firefox.exe @ MSCTF.dll) USER32.dll - GetMessageW : Unknown @ 0x75fe3011 (jmp 0x26b72f)
[IAT:Inl] (firefox.exe @ MSCTF.dll) USER32.dll - SetWinEventHook : Unknown @ 0x75fe21d1 (jmp 0x2633c8)
[IAT:Inl] (firefox.exe @ MSCTF.dll) USER32.dll - PostMessageW : Unknown @ 0x75fe3141 (jmp 0x261e9c)
[IAT:Inl] (firefox.exe @ ole32.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x75fe2ab9 (jmp 0xfffffffffe542e09)
[IAT:Inl] (firefox.exe @ ole32.dll) ntdll.dll - NtMapViewOfSection : Unknown @ 0x75fe15f1 (jmp 0xfffffffffe5419a1)
[IAT:Inl] (firefox.exe @ ole32.dll) USER32.dll - SetWindowsHookExW : Unknown @ 0x75fe17b9 (jmp 0x25a1b6)
[IAT:Inl] (firefox.exe @ ole32.dll) USER32.dll - GetMessageW : Unknown @ 0x75fe3011 (jmp 0x26b72f)
[IAT:Inl] (firefox.exe @ ole32.dll) USER32.dll - PostMessageW : Unknown @ 0x75fe3141 (jmp 0x261e9c)
[IAT:Inl] (firefox.exe @ xul.dll) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x75fe2009 (jmp 0x82ace2)
[IAT:Inl] (firefox.exe @ xul.dll) USER32.dll - GetMessageW : Unknown @ 0x75fe3011 (jmp 0x26b72f)
[IAT:Inl] (firefox.exe @ xul.dll) USER32.dll - PostMessageW : Unknown @ 0x75fe3141 (jmp 0x261e9c)
[IAT:Inl] (firefox.exe @ xul.dll) USER32.dll - SetWindowsHookExW : Unknown @ 0x75fe17b9 (jmp 0x25a1b6)
[IAT:Inl] (firefox.exe @ xul.dll) ADVAPI32.dll - OpenServiceW : Unknown @ 0x75fe2431 (jmp 0xfffffffffec65a45)
[IAT:Inl] (firefox.exe @ xul.dll) ADVAPI32.dll - CloseServiceHandle : Unknown @ 0x75fe2859 (jmp 0xfffffffffec5f23d)
[IAT:Inl] (firefox.exe @ SHELL32.dll) ntdll.dll - NtOpenFile : Unknown @ 0x75fe31d9 (jmp 0xfffffffffe543475)
[IAT:Inl] (firefox.exe @ SHELL32.dll) USER32.dll - PostMessageW : Unknown @ 0x75fe3141 (jmp 0x261e9c)
[IAT:Inl] (firefox.exe @ SHELL32.dll) USER32.dll - GetMessageW : Unknown @ 0x75fe3011 (jmp 0x26b72f)
[IAT:Inl] (firefox.exe @ SHELL32.dll) USER32.dll - SetWindowsHookExW : Unknown @ 0x75fe17b9 (jmp 0x25a1b6)
[IAT:Inl] (firefox.exe @ SHELL32.dll) USER32.dll - SetWinEventHook : Unknown @ 0x75fe21d1 (jmp 0x2633c8)
[IAT:Inl] (firefox.exe @ SHLWAPI.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x75fe1ed9 (jmp 0xfffffffffe542095)
[IAT:Inl] (firefox.exe @ UxTheme.dll) USER32.dll - SetWindowsHookExW : Unknown @ 0x75fe17b9 (jmp 0x25a1b6)
[IAT:Inl] (firefox.exe @ UxTheme.dll) USER32.dll - PostMessageW : Unknown @ 0x75fe3141 (jmp 0x261e9c)
[IAT:Inl] (firefox.exe @ SETUPAPI.dll) USER32.dll - PostMessageW : Unknown @ 0x75fe3141 (jmp 0x261e9c)
[IAT:Inl] (firefox.exe @ CFGMGR32.dll) ADVAPI32.dll - OpenServiceW : Unknown @ 0x75fe2431 (jmp 0xfffffffffec65a45)
[IAT:Inl] (firefox.exe @ CFGMGR32.dll) ADVAPI32.dll - CloseServiceHandle : Unknown @ 0x75fe2859 (jmp 0xfffffffffec5f23d)
[IAT:Inl] (firefox.exe @ OLEAUT32.dll) USER32.dll - GetMessageA : Unknown @ 0x75fe2f79 (jmp 0x26b3a6)
[IAT:Inl] (firefox.exe @ OLEAUT32.dll) USER32.dll - GetMessageW : Unknown @ 0x75fe3011 (jmp 0x26b72f)
[IAT:Inl] (firefox.exe @ OLEAUT32.dll) USER32.dll - PostMessageW : Unknown @ 0x75fe3141 (jmp 0x261e9c)
[IAT:Inl] (firefox.exe @ dwmapi.dll) ntdll.dll - NtCreateSection : Unknown @ 0x75fe3991 (jmp 0xfffffffffe5439ed)
[IAT:Inl] (firefox.exe @ dwmapi.dll) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x75fe1689 (jmp 0xfffffffffe541a09)
[IAT:Inl] (firefox.exe @ dwmapi.dll) ntdll.dll - NtMapViewOfSection : Unknown @ 0x75fe15f1 (jmp 0xfffffffffe5419a1)
[IAT:Inl] (firefox.exe @ dwmapi.dll) USER32.dll - SetWinEventHook : Unknown @ 0x75fe21d1 (jmp 0x2633c8)
[IAT:Inl] (firefox.exe @ dwrite.dll) ADVAPI32.dll - OpenServiceW : Unknown @ 0x75fe2431 (jmp 0xfffffffffec65a45)
[IAT:Inl] (firefox.exe @ dwrite.dll) ADVAPI32.dll - CloseServiceHandle : Unknown @ 0x75fe2859 (jmp 0xfffffffffec5f23d)
[IAT:Inl] (firefox.exe @ lgscroll.dll) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x75fe2009 (jmp 0x82ace2)
[IAT:Inl] (firefox.exe @ lgscroll.dll) USER32.dll - SetWindowsHookExW : Unknown @ 0x75fe17b9 (jmp 0x25a1b6)
[IAT:Inl] (firefox.exe @ lgscroll.dll) USER32.dll - PostMessageW : Unknown @ 0x75fe3141 (jmp 0x261e9c)
[IAT:Inl] (firefox.exe @ MSVCR80.dll) KERNEL32.dll - GetStartupInfoA : Unknown @ 0x75fe2db1 (jmp 0x851fb1)
[IAT:Inl] (firefox.exe @ ntmarta.dll) ntdll.dll - NtOpenSection : Unknown @ 0x75fe38f9 (jmp 0xfffffffffe543b31)
[IAT:Inl] (firefox.exe @ ntmarta.dll) ntdll.dll - NtOpenFile : Unknown @ 0x75fe31d9 (jmp 0xfffffffffe543475)
[IAT:Inl] (firefox.exe @ ntmarta.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x75fe1da9 (jmp 0xfffffffffe542189)
[IAT:Inl] (firefox.exe @ WLDAP32.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x75fe1ed9 (jmp 0xfffffffffe542095)
[IAT:Inl] (firefox.exe @ WLDAP32.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x75fe2ab9 (jmp 0xfffffffffe542e09)
[IAT:Inl] (firefox.exe @ WLDAP32.dll) ntdll.dll - NtMapViewOfSection : Unknown @ 0x75fe15f1 (jmp 0xfffffffffe5419a1)
[IAT:Inl] (firefox.exe @ WLDAP32.dll) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x75fe1689 (jmp 0xfffffffffe541a09)
[IAT:Inl] (firefox.exe @ WLDAP32.dll) ntdll.dll - NtSuspendThread : Unknown @ 0x75fe20a1 (jmp 0xfffffffffe540331)
[IAT:Inl] (firefox.exe @ WLDAP32.dll) ntdll.dll - NtSetContextThread : Unknown @ 0x75fe1d11 (jmp 0xfffffffffe5403f1)
[IAT:Inl] (firefox.exe @ WLDAP32.dll) ntdll.dll - NtProtectVirtualMemory : Unknown @ 0x75fe3601 (jmp 0xfffffffffe5435c9)
[IAT:Inl] (firefox.exe @ WLDAP32.dll) ntdll.dll - NtCreateSection : Unknown @ 0x75fe3991 (jmp 0xfffffffffe5439ed)
[IAT:Inl] (firefox.exe @ WLDAP32.dll) ntdll.dll - NtSetInformationProcess : Unknown @ 0x75fe2b51 (jmp 0xfffffffffe543029)
[IAT:Inl] (firefox.exe @ WLDAP32.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x75fe1da9 (jmp 0xfffffffffe542189)
[IAT:Inl] (firefox.exe @ WLDAP32.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x75fe2c81 (jmp 0xfffffffffe54109d)
[IAT:Inl] (firefox.exe @ WLDAP32.dll) ntdll.dll - NtSetValueKey : Unknown @ 0x75fe3ac1 (jmp 0xfffffffffe5438fd)
[IAT:Inl] (firefox.exe @ WLDAP32.dll) ntdll.dll - NtOpenFile : Unknown @ 0x75fe31d9 (jmp 0xfffffffffe543475)
[IAT:Inl] (firefox.exe @ WLDAP32.dll) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x75fe1c79 (jmp 0xfffffffffe541e65)
[IAT:Inl] (firefox.exe @ WLDAP32.dll) ntdll.dll - RtlCreateProcessParametersEx : Unknown @ 0x75fe28f1 (jmp 0xfffffffffe501bb6)
[IAT:Inl] (firefox.exe @ comctl32.dll) USER32.dll - GetMessageW : Unknown @ 0x75fe3011 (jmp 0x26b72f)
[IAT:Inl] (firefox.exe @ comctl32.dll) USER32.dll - PostMessageW : Unknown @ 0x75fe3141 (jmp 0x261e9c)
[IAT:Inl] (firefox.exe @ comctl32.dll) USER32.dll - SetWindowsHookExW : Unknown @ 0x75fe17b9 (jmp 0x25a1b6)
[IAT:Inl] (firefox.exe @ CLBCatQ.DLL) ntdll.dll - NtVdmControl : Unknown @ 0x75fe2e49 (jmp 0xfffffffffe540f61)
[IAT:Inl] (firefox.exe @ CLBCatQ.DLL) ntdll.dll - NtSetValueKey : Unknown @ 0x75fe3ac1 (jmp 0xfffffffffe5438fd)
[IAT:Inl] (firefox.exe @ CLBCatQ.DLL) ntdll.dll - NtProtectVirtualMemory : Unknown @ 0x75fe3601 (jmp 0xfffffffffe5435c9)
[IAT:Inl] (firefox.exe @ mswsock.dll) ntdll.dll - NtLoadDriver : Unknown @ 0x75fe2be9 (jmp 0xfffffffffe541df5)
[IAT:Inl] (firefox.exe @ mswsock.dll) ntdll.dll - NtQueueApcThread : Unknown @ 0x75fe1e41 (jmp 0xfffffffffe541f1d)
[IAT:Inl] (firefox.exe @ NLAapi.dll) ntdll.dll - NtQueueApcThread : Unknown @ 0x75fe1e41 (jmp 0xfffffffffe541f1d)
[IAT:Inl] (firefox.exe @ pnrpnsp.dll) ntdll.dll - NtQueueApcThread : Unknown @ 0x75fe1e41 (jmp 0xfffffffffe541f1d)
[IAT:Inl] (firefox.exe @ WLIDNSP.DLL) KERNEL32.dll - GetStartupInfoA : Unknown @ 0x75fe2db1 (jmp 0x851fb1)
[IAT:Inl] (firefox.exe @ WINSTA.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x75fe2ab9 (jmp 0xfffffffffe542e09)
[IAT:Inl] (firefox.exe @ WINSTA.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x75fe1da9 (jmp 0xfffffffffe542189)
[IAT:Inl] (firefox.exe @ bdsecurepass.dll) USER32.dll - SetWindowsHookExW : Unknown @ 0x75fe17b9 (jmp 0x25a1b6)
[IAT:Inl] (firefox.exe @ bdsecurepass.dll) USER32.dll - PostMessageW : Unknown @ 0x75fe3141 (jmp 0x261e9c)
[IAT:Inl] (firefox.exe @ OLEACC.dll) USER32.dll - GetMessageW : Unknown @ 0x75fe3011 (jmp 0x26b72f)
[IAT:Inl] (firefox.exe @ OLEACC.dll) USER32.dll - SetWindowsHookExW : Unknown @ 0x75fe17b9 (jmp 0x25a1b6)
[IAT:Inl] (firefox.exe @ OLEACC.dll) USER32.dll - PostMessageW : Unknown @ 0x75fe3141 (jmp 0x261e9c)
[IAT:Inl] (firefox.exe @ MMDevApi.dll) USER32.dll - PostMessageW : Unknown @ 0x75fe3141 (jmp 0x261e9c)
[IAT:Inl] (firefox.exe @ dxgi.dll) USER32.dll - SetWindowsHookExA : Unknown @ 0x75fe1721 (jmp 0x2593c5)
[IAT:Inl] (firefox.exe @ dxgi.dll) USER32.dll - PostMessageA : Unknown @ 0x75fe30a9 (jmp 0x25f4ff)
[IAT:Inl] (firefox.exe @ nvwgf2um.dll) USER32.dll - PostMessageA : Unknown @ 0x75fe30a9 (jmp 0x25f4ff)
[IAT:Inl] (firefox.exe @ nvwgf2um.dll) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x75fe2009 (jmp 0x82ace2)
[IAT:Inl] (firefox.exe @ Nv3DVStreaming.dll) KERNEL32.dll - GetStartupInfoA : Unknown @ 0x75fe2db1 (jmp 0x851fb1)
[IAT:Inl] (firefox.exe @ nvapi.dll) ADVAPI32.dll - CloseServiceHandle : Unknown @ 0x75fe2859 (jmp 0xfffffffffec5f23d)
[IAT:Inl] (firefox.exe @ nvapi.dll) ADVAPI32.dll - ControlService : Unknown @ 0x75fe25f9 (jmp 0xfffffffffec4b51d)
[IAT:Inl] (firefox.exe @ nvapi.dll) ADVAPI32.dll - OpenServiceA : Unknown @ 0x75fe2399 (jmp 0xfffffffffec5f829)
[IAT:Inl] (firefox.exe @ nvapi.dll) USER32.dll - GetMessageA : Unknown @ 0x75fe2f79 (jmp 0x26b3a6)
[IAT:Inl] (firefox.exe @ nvapi.dll) USER32.dll - PostMessageA : Unknown @ 0x75fe30a9 (jmp 0x25f4ff)
[IAT:Inl] (firefox.exe @ nvStereoApiI.dll) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x75fe2009 (jmp 0x82ace2)
[IAT:Inl] (firefox.exe @ nvStereoApiI.dll) KERNEL32.dll - GetStartupInfoA : Unknown @ 0x75fe2db1 (jmp 0x851fb1)
[IAT:Inl] (firefox.exe @ nvSCPAPI.dll) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x75fe2009 (jmp 0x82ace2)
[IAT:Inl] (firefox.exe @ nvSCPAPI.dll) KERNEL32.dll - GetStartupInfoA : Unknown @ 0x75fe2db1 (jmp 0x851fb1)
[IAT:Inl] (firefox.exe @ nvSCPAPI.dll) USER32.dll - SetWindowsHookExA : Unknown @ 0x75fe1721 (jmp 0x2593c5)
[IAT:Inl] (firefox.exe @ nvSCPAPI.dll) USER32.dll - PostMessageA : Unknown @ 0x75fe30a9 (jmp 0x25f4ff)
[IAT:Inl] (firefox.exe @ nvSCPAPI.dll) ADVAPI32.dll - OpenServiceA : Unknown @ 0x75fe2399 (jmp 0xfffffffffec5f829)
[IAT:Inl] (firefox.exe @ nvSCPAPI.dll) ADVAPI32.dll - CloseServiceHandle : Unknown @ 0x75fe2859 (jmp 0xfffffffffec5f23d)
[IAT:Inl] (firefox.exe @ explorerframe.dll) USER32.dll - SetWindowsHookExW : Unknown @ 0x75fe17b9 (jmp 0x25a1b6)
[IAT:Inl] (firefox.exe @ explorerframe.dll) USER32.dll - PostMessageW : Unknown @ 0x75fe3141 (jmp 0x261e9c)
[IAT:Inl] (firefox.exe @ DUser.dll) USER32.dll - GetMessageW : Unknown @ 0x75fe3011 (jmp 0x26b72f)
[IAT:Inl] (firefox.exe @ DUser.dll) USER32.dll - GetMessageA : Unknown @ 0x75fe2f79 (jmp 0x26b3a6)
[IAT:Inl] (firefox.exe @ DUI70.dll) USER32.dll - GetMessageW : Unknown @ 0x75fe3011 (jmp 0x26b72f)
[IAT:Inl] (firefox.exe @ DUI70.dll) USER32.dll - PostMessageW : Unknown @ 0x75fe3141 (jmp 0x261e9c)
[IAT:Inl] (firefox.exe @ wship6.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x75fe2ab9 (jmp 0xfffffffffe542e09)
[IAT:Inl] (firefox.exe @ AVRT.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x75fe2ab9 (jmp 0xfffffffffe542e09)
[IAT:Inl] (firefox.exe @ ntshrui.dll) ntdll.dll - NtOpenFile : Unknown @ 0x75fe31d9 (jmp 0xfffffffffe543475)
[IAT:Inl] (firefox.exe @ ntshrui.dll) USER32.dll - PostMessageW : Unknown @ 0x75fe3141 (jmp 0x261e9c)
¤¤¤ Navigateurs web : 5 ¤¤¤
[FIREFX:Addon] 4fxhn38u.default : Adblock Plus [{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}] -> Supprimé(e)
[FIREFX:Addon] 4fxhn38u.default : Bitdefender Wallet [ffpwdman@bitdefender.com] -> Supprimé(e)
[FIREFX:Addon] 4fxhn38u.default : Blockulicious [{91A6D6AB-3E9A-4C00-A3CF-B08CBE803A2E}] -> Supprimé(e)
[FIREFX:Addon] 4fxhn38u.default : Skype Click to Call [{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}] -> Supprimé(e)
[PUM.Proxy][FIREFX:Config] 4fxhn38u.default : user_pref("network.proxy.type", 4); -> Remplacé(e) (0)
¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: ST9750420AS +++++
--- User ---
[MBR] 132408b2b25a3db063cd1ae8cd1c941b
[BSP] 6038da5abdb86a32e945c2c6aa172f56 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 52430848 | Size: 286161 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 638488576 | Size: 403641 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_11022014_211948.log
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : https://www.surlatoile.org/RogueKiller/
Blog : http://www.adlice.com
Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Démarré en : Mode normal
Utilisateur : Cyril [Administrateur]
Mode : Suppression -- Date : 11/02/2014 21:49:09
¤¤¤ Processus : 0 ¤¤¤
¤¤¤ Registre : 10 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2679234277-3525920427-1927908568-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Remplacé(e) (0)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2679234277-3525920427-1927908568-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Remplacé(e) (0)
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2679234277-3525920427-1927908568-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8080;https=127.0.0.1:8080 -> Supprimé(e)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2679234277-3525920427-1927908568-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8080;https=127.0.0.1:8080 -> ERROR [2]
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Remplacé(e) (2)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Remplacé(e) (2)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Remplacé(e) (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Remplacé(e) (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Remplacé(e) (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Remplacé(e) (0)
¤¤¤ Tâches : 1 ¤¤¤
[Suspicious.Path] \\ASUS Patch 10430001 -- C:\Windows\AsPatch10430001.exe (-e) -> Supprimé(e)
¤¤¤ Fichiers : 0 ¤¤¤
¤¤¤ Fichier Hosts : 0 ¤¤¤
¤¤¤ Antirootkit : 164 (Driver: Chargé) ¤¤¤
[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass2 : \Driver\SynTP @ \Device\000000b4 (\SystemRoot\system32\DRIVERS\nvlddmkm.sys)
[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass0 : \Driver\SynTP @ \Device\00000082 (\SystemRoot\system32\DRIVERS\nvlddmkm.sys)
[IAT:Inl] (firefox.exe @ kernel32.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x75fe1ed9 (jmp 0xfffffffffe542095)
[IAT:Inl] (firefox.exe @ kernel32.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x75fe2ab9 (jmp 0xfffffffffe542e09)
[IAT:Inl] (firefox.exe @ kernel32.dll) ntdll.dll - NtMapViewOfSection : Unknown @ 0x75fe15f1 (jmp 0xfffffffffe5419a1)
[IAT:Inl] (firefox.exe @ kernel32.dll) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x75fe1689 (jmp 0xfffffffffe541a09)
[IAT:Inl] (firefox.exe @ kernel32.dll) ntdll.dll - NtSuspendThread : Unknown @ 0x75fe20a1 (jmp 0xfffffffffe540331)
[IAT:Inl] (firefox.exe @ kernel32.dll) ntdll.dll - NtSetContextThread : Unknown @ 0x75fe1d11 (jmp 0xfffffffffe5403f1)
[IAT:Inl] (firefox.exe @ kernel32.dll) ntdll.dll - NtProtectVirtualMemory : Unknown @ 0x75fe3601 (jmp 0xfffffffffe5435c9)
[IAT:Inl] (firefox.exe @ kernel32.dll) ntdll.dll - NtCreateSection : Unknown @ 0x75fe3991 (jmp 0xfffffffffe5439ed)
[IAT:Inl] (firefox.exe @ kernel32.dll) ntdll.dll - NtSetInformationProcess : Unknown @ 0x75fe2b51 (jmp 0xfffffffffe543029)
[IAT:Inl] (firefox.exe @ kernel32.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x75fe1da9 (jmp 0xfffffffffe542189)
[IAT:Inl] (firefox.exe @ kernel32.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x75fe2c81 (jmp 0xfffffffffe54109d)
[IAT:Inl] (firefox.exe @ kernel32.dll) ntdll.dll - NtSetValueKey : Unknown @ 0x75fe3ac1 (jmp 0xfffffffffe5438fd)
[IAT:Inl] (firefox.exe @ kernel32.dll) ntdll.dll - NtOpenFile : Unknown @ 0x75fe31d9 (jmp 0xfffffffffe543475)
[IAT:Inl] (firefox.exe @ kernel32.dll) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x75fe1c79 (jmp 0xfffffffffe541e65)
[IAT:Inl] (firefox.exe @ kernel32.dll) ntdll.dll - RtlCreateProcessParametersEx : Unknown @ 0x75fe28f1 (jmp 0xfffffffffe501bb6)
[IAT:Inl] (firefox.exe @ KERNELBASE.dll) ntdll.dll - NtSetInformationProcess : Unknown @ 0x75fe2b51 (jmp 0xfffffffffe543029)
[IAT:Inl] (firefox.exe @ KERNELBASE.dll) ntdll.dll - NtOpenFile : Unknown @ 0x75fe31d9 (jmp 0xfffffffffe543475)
[IAT:Inl] (firefox.exe @ KERNELBASE.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x75fe1ed9 (jmp 0xfffffffffe542095)
[IAT:Inl] (firefox.exe @ KERNELBASE.dll) ntdll.dll - NtCreateSection : Unknown @ 0x75fe3991 (jmp 0xfffffffffe5439ed)
[IAT:Inl] (firefox.exe @ KERNELBASE.dll) ntdll.dll - NtOpenSection : Unknown @ 0x75fe38f9 (jmp 0xfffffffffe543b31)
[IAT:Inl] (firefox.exe @ KERNELBASE.dll) ntdll.dll - NtMapViewOfSection : Unknown @ 0x75fe15f1 (jmp 0xfffffffffe5419a1)
[IAT:Inl] (firefox.exe @ KERNELBASE.dll) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x75fe1689 (jmp 0xfffffffffe541a09)
[IAT:Inl] (firefox.exe @ KERNELBASE.dll) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x75fe1c79 (jmp 0xfffffffffe541e65)
[IAT:Inl] (firefox.exe @ KERNELBASE.dll) ntdll.dll - NtProtectVirtualMemory : Unknown @ 0x75fe3601 (jmp 0xfffffffffe5435c9)
[IAT:Inl] (firefox.exe @ KERNELBASE.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x75fe1da9 (jmp 0xfffffffffe542189)
[IAT:Inl] (firefox.exe @ KERNELBASE.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x75fe2ab9 (jmp 0xfffffffffe542e09)
[IAT:Inl] (firefox.exe @ KERNELBASE.dll) ntdll.dll - NtCreateMutant : Unknown @ 0x75fe3861 (jmp 0xfffffffffe5430c5)
[IAT:Inl] (firefox.exe @ KERNELBASE.dll) ntdll.dll - NtSuspendThread : Unknown @ 0x75fe20a1 (jmp 0xfffffffffe540331)
[IAT:Inl] (firefox.exe @ KERNELBASE.dll) ntdll.dll - NtQueueApcThread : Unknown @ 0x75fe1e41 (jmp 0xfffffffffe541f1d)
[IAT:Inl] (firefox.exe @ KERNELBASE.dll) ntdll.dll - NtCreateThreadEx : Unknown @ 0x75fe18e9 (jmp 0xfffffffffe541045)
[IAT:Inl] (firefox.exe @ KERNELBASE.dll) ntdll.dll - NtSetValueKey : Unknown @ 0x75fe3ac1 (jmp 0xfffffffffe5438fd)
[IAT:Inl] (firefox.exe @ avcuf32.dll) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x75fe2009 (jmp 0x82ace2)
[IAT:Inl] (firefox.exe @ WINMM.dll) USER32.dll - GetMessageA : Unknown @ 0x75fe2f79 (jmp 0x26b3a6)
[IAT:Inl] (firefox.exe @ WINMM.dll) USER32.dll - PostMessageA : Unknown @ 0x75fe30a9 (jmp 0x25f4ff)
[IAT:Inl] (firefox.exe @ WINMM.dll) USER32.dll - PostMessageW : Unknown @ 0x75fe3141 (jmp 0x261e9c)
[IAT:Inl] (firefox.exe @ USER32.dll) ntdll.dll - NtVdmControl : Unknown @ 0x75fe2e49 (jmp 0xfffffffffe540f61)
[IAT:Inl] (firefox.exe @ USER32.dll) ntdll.dll - NtSetValueKey : Unknown @ 0x75fe3ac1 (jmp 0xfffffffffe5438fd)
[IAT:Inl] (firefox.exe @ USER32.dll) ntdll.dll - NtProtectVirtualMemory : Unknown @ 0x75fe3601 (jmp 0xfffffffffe5435c9)
[IAT:Inl] (firefox.exe @ GDI32.dll) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x75fe1689 (jmp 0xfffffffffe541a09)
[IAT:Inl] (firefox.exe @ GDI32.dll) ntdll.dll - NtMapViewOfSection : Unknown @ 0x75fe15f1 (jmp 0xfffffffffe5419a1)
[IAT:Inl] (firefox.exe @ GDI32.dll) ntdll.dll - NtCreateSection : Unknown @ 0x75fe3991 (jmp 0xfffffffffe5439ed)
[IAT:Inl] (firefox.exe @ GDI32.dll) ntdll.dll - NtOpenFile : Unknown @ 0x75fe31d9 (jmp 0xfffffffffe543475)
[IAT:Inl] (firefox.exe @ GDI32.dll) ntdll.dll - NtVdmControl : Unknown @ 0x75fe2e49 (jmp 0xfffffffffe540f61)
[IAT:Inl] (firefox.exe @ ADVAPI32.dll) ntdll.dll - NtOpenFile : Unknown @ 0x75fe31d9 (jmp 0xfffffffffe543475)
[IAT:Inl] (firefox.exe @ ADVAPI32.dll) ntdll.dll - NtSetValueKey : Unknown @ 0x75fe3ac1 (jmp 0xfffffffffe5438fd)
[IAT:Inl] (firefox.exe @ ADVAPI32.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x75fe1ed9 (jmp 0xfffffffffe542095)
[IAT:Inl] (firefox.exe @ ADVAPI32.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x75fe2c81 (jmp 0xfffffffffe54109d)
[IAT:Inl] (firefox.exe @ sechost.dll) ntdll.dll - NtQueueApcThread : Unknown @ 0x75fe1e41 (jmp 0xfffffffffe541f1d)
[IAT:Inl] (firefox.exe @ sechost.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x75fe2ab9 (jmp 0xfffffffffe542e09)
[IAT:Inl] (firefox.exe @ RPCRT4.dll) ntdll.dll - NtCreateSection : Unknown @ 0x75fe3991 (jmp 0xfffffffffe5439ed)
[IAT:Inl] (firefox.exe @ SspiCli.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x75fe1ed9 (jmp 0xfffffffffe542095)
[IAT:Inl] (firefox.exe @ CRYPTBASE.dll) ntdll.dll - NtOpenFile : Unknown @ 0x75fe31d9 (jmp 0xfffffffffe543475)
[IAT:Inl] (firefox.exe @ WS2_32.dll) ntdll.dll - NtLoadDriver : Unknown @ 0x75fe2be9 (jmp 0xfffffffffe541df5)
[IAT:Inl] (firefox.exe @ WS2_32.dll) ntdll.dll - NtOpenFile : Unknown @ 0x75fe31d9 (jmp 0xfffffffffe543475)
[IAT:Inl] (firefox.exe @ IMM32.DLL) ntdll.dll - NtOpenFile : Unknown @ 0x75fe31d9 (jmp 0xfffffffffe543475)
[IAT:Inl] (firefox.exe @ IMM32.DLL) ntdll.dll - NtSetValueKey : Unknown @ 0x75fe3ac1 (jmp 0xfffffffffe5438fd)
[IAT:Inl] (firefox.exe @ IMM32.DLL) ntdll.dll - NtDuplicateObject : Unknown @ 0x75fe1ed9 (jmp 0xfffffffffe542095)
[IAT:Inl] (firefox.exe @ IMM32.DLL) ntdll.dll - NtSetSystemInformation : Unknown @ 0x75fe2c81 (jmp 0xfffffffffe54109d)
[IAT:Inl] (firefox.exe @ MSCTF.dll) USER32.dll - GetMessageA : Unknown @ 0x75fe2f79 (jmp 0x26b3a6)
[IAT:Inl] (firefox.exe @ MSCTF.dll) USER32.dll - GetMessageW : Unknown @ 0x75fe3011 (jmp 0x26b72f)
[IAT:Inl] (firefox.exe @ MSCTF.dll) USER32.dll - SetWinEventHook : Unknown @ 0x75fe21d1 (jmp 0x2633c8)
[IAT:Inl] (firefox.exe @ MSCTF.dll) USER32.dll - PostMessageW : Unknown @ 0x75fe3141 (jmp 0x261e9c)
[IAT:Inl] (firefox.exe @ ole32.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x75fe2ab9 (jmp 0xfffffffffe542e09)
[IAT:Inl] (firefox.exe @ ole32.dll) ntdll.dll - NtMapViewOfSection : Unknown @ 0x75fe15f1 (jmp 0xfffffffffe5419a1)
[IAT:Inl] (firefox.exe @ ole32.dll) USER32.dll - SetWindowsHookExW : Unknown @ 0x75fe17b9 (jmp 0x25a1b6)
[IAT:Inl] (firefox.exe @ ole32.dll) USER32.dll - GetMessageW : Unknown @ 0x75fe3011 (jmp 0x26b72f)
[IAT:Inl] (firefox.exe @ ole32.dll) USER32.dll - PostMessageW : Unknown @ 0x75fe3141 (jmp 0x261e9c)
[IAT:Inl] (firefox.exe @ xul.dll) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x75fe2009 (jmp 0x82ace2)
[IAT:Inl] (firefox.exe @ xul.dll) USER32.dll - GetMessageW : Unknown @ 0x75fe3011 (jmp 0x26b72f)
[IAT:Inl] (firefox.exe @ xul.dll) USER32.dll - PostMessageW : Unknown @ 0x75fe3141 (jmp 0x261e9c)
[IAT:Inl] (firefox.exe @ xul.dll) USER32.dll - SetWindowsHookExW : Unknown @ 0x75fe17b9 (jmp 0x25a1b6)
[IAT:Inl] (firefox.exe @ xul.dll) ADVAPI32.dll - OpenServiceW : Unknown @ 0x75fe2431 (jmp 0xfffffffffec65a45)
[IAT:Inl] (firefox.exe @ xul.dll) ADVAPI32.dll - CloseServiceHandle : Unknown @ 0x75fe2859 (jmp 0xfffffffffec5f23d)
[IAT:Inl] (firefox.exe @ SHELL32.dll) ntdll.dll - NtOpenFile : Unknown @ 0x75fe31d9 (jmp 0xfffffffffe543475)
[IAT:Inl] (firefox.exe @ SHELL32.dll) USER32.dll - PostMessageW : Unknown @ 0x75fe3141 (jmp 0x261e9c)
[IAT:Inl] (firefox.exe @ SHELL32.dll) USER32.dll - GetMessageW : Unknown @ 0x75fe3011 (jmp 0x26b72f)
[IAT:Inl] (firefox.exe @ SHELL32.dll) USER32.dll - SetWindowsHookExW : Unknown @ 0x75fe17b9 (jmp 0x25a1b6)
[IAT:Inl] (firefox.exe @ SHELL32.dll) USER32.dll - SetWinEventHook : Unknown @ 0x75fe21d1 (jmp 0x2633c8)
[IAT:Inl] (firefox.exe @ SHLWAPI.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x75fe1ed9 (jmp 0xfffffffffe542095)
[IAT:Inl] (firefox.exe @ UxTheme.dll) USER32.dll - SetWindowsHookExW : Unknown @ 0x75fe17b9 (jmp 0x25a1b6)
[IAT:Inl] (firefox.exe @ UxTheme.dll) USER32.dll - PostMessageW : Unknown @ 0x75fe3141 (jmp 0x261e9c)
[IAT:Inl] (firefox.exe @ SETUPAPI.dll) USER32.dll - PostMessageW : Unknown @ 0x75fe3141 (jmp 0x261e9c)
[IAT:Inl] (firefox.exe @ CFGMGR32.dll) ADVAPI32.dll - OpenServiceW : Unknown @ 0x75fe2431 (jmp 0xfffffffffec65a45)
[IAT:Inl] (firefox.exe @ CFGMGR32.dll) ADVAPI32.dll - CloseServiceHandle : Unknown @ 0x75fe2859 (jmp 0xfffffffffec5f23d)
[IAT:Inl] (firefox.exe @ OLEAUT32.dll) USER32.dll - GetMessageA : Unknown @ 0x75fe2f79 (jmp 0x26b3a6)
[IAT:Inl] (firefox.exe @ OLEAUT32.dll) USER32.dll - GetMessageW : Unknown @ 0x75fe3011 (jmp 0x26b72f)
[IAT:Inl] (firefox.exe @ OLEAUT32.dll) USER32.dll - PostMessageW : Unknown @ 0x75fe3141 (jmp 0x261e9c)
[IAT:Inl] (firefox.exe @ dwmapi.dll) ntdll.dll - NtCreateSection : Unknown @ 0x75fe3991 (jmp 0xfffffffffe5439ed)
[IAT:Inl] (firefox.exe @ dwmapi.dll) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x75fe1689 (jmp 0xfffffffffe541a09)
[IAT:Inl] (firefox.exe @ dwmapi.dll) ntdll.dll - NtMapViewOfSection : Unknown @ 0x75fe15f1 (jmp 0xfffffffffe5419a1)
[IAT:Inl] (firefox.exe @ dwmapi.dll) USER32.dll - SetWinEventHook : Unknown @ 0x75fe21d1 (jmp 0x2633c8)
[IAT:Inl] (firefox.exe @ dwrite.dll) ADVAPI32.dll - OpenServiceW : Unknown @ 0x75fe2431 (jmp 0xfffffffffec65a45)
[IAT:Inl] (firefox.exe @ dwrite.dll) ADVAPI32.dll - CloseServiceHandle : Unknown @ 0x75fe2859 (jmp 0xfffffffffec5f23d)
[IAT:Inl] (firefox.exe @ lgscroll.dll) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x75fe2009 (jmp 0x82ace2)
[IAT:Inl] (firefox.exe @ lgscroll.dll) USER32.dll - SetWindowsHookExW : Unknown @ 0x75fe17b9 (jmp 0x25a1b6)
[IAT:Inl] (firefox.exe @ lgscroll.dll) USER32.dll - PostMessageW : Unknown @ 0x75fe3141 (jmp 0x261e9c)
[IAT:Inl] (firefox.exe @ MSVCR80.dll) KERNEL32.dll - GetStartupInfoA : Unknown @ 0x75fe2db1 (jmp 0x851fb1)
[IAT:Inl] (firefox.exe @ ntmarta.dll) ntdll.dll - NtOpenSection : Unknown @ 0x75fe38f9 (jmp 0xfffffffffe543b31)
[IAT:Inl] (firefox.exe @ ntmarta.dll) ntdll.dll - NtOpenFile : Unknown @ 0x75fe31d9 (jmp 0xfffffffffe543475)
[IAT:Inl] (firefox.exe @ ntmarta.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x75fe1da9 (jmp 0xfffffffffe542189)
[IAT:Inl] (firefox.exe @ WLDAP32.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x75fe1ed9 (jmp 0xfffffffffe542095)
[IAT:Inl] (firefox.exe @ WLDAP32.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x75fe2ab9 (jmp 0xfffffffffe542e09)
[IAT:Inl] (firefox.exe @ WLDAP32.dll) ntdll.dll - NtMapViewOfSection : Unknown @ 0x75fe15f1 (jmp 0xfffffffffe5419a1)
[IAT:Inl] (firefox.exe @ WLDAP32.dll) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x75fe1689 (jmp 0xfffffffffe541a09)
[IAT:Inl] (firefox.exe @ WLDAP32.dll) ntdll.dll - NtSuspendThread : Unknown @ 0x75fe20a1 (jmp 0xfffffffffe540331)
[IAT:Inl] (firefox.exe @ WLDAP32.dll) ntdll.dll - NtSetContextThread : Unknown @ 0x75fe1d11 (jmp 0xfffffffffe5403f1)
[IAT:Inl] (firefox.exe @ WLDAP32.dll) ntdll.dll - NtProtectVirtualMemory : Unknown @ 0x75fe3601 (jmp 0xfffffffffe5435c9)
[IAT:Inl] (firefox.exe @ WLDAP32.dll) ntdll.dll - NtCreateSection : Unknown @ 0x75fe3991 (jmp 0xfffffffffe5439ed)
[IAT:Inl] (firefox.exe @ WLDAP32.dll) ntdll.dll - NtSetInformationProcess : Unknown @ 0x75fe2b51 (jmp 0xfffffffffe543029)
[IAT:Inl] (firefox.exe @ WLDAP32.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x75fe1da9 (jmp 0xfffffffffe542189)
[IAT:Inl] (firefox.exe @ WLDAP32.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x75fe2c81 (jmp 0xfffffffffe54109d)
[IAT:Inl] (firefox.exe @ WLDAP32.dll) ntdll.dll - NtSetValueKey : Unknown @ 0x75fe3ac1 (jmp 0xfffffffffe5438fd)
[IAT:Inl] (firefox.exe @ WLDAP32.dll) ntdll.dll - NtOpenFile : Unknown @ 0x75fe31d9 (jmp 0xfffffffffe543475)
[IAT:Inl] (firefox.exe @ WLDAP32.dll) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x75fe1c79 (jmp 0xfffffffffe541e65)
[IAT:Inl] (firefox.exe @ WLDAP32.dll) ntdll.dll - RtlCreateProcessParametersEx : Unknown @ 0x75fe28f1 (jmp 0xfffffffffe501bb6)
[IAT:Inl] (firefox.exe @ comctl32.dll) USER32.dll - GetMessageW : Unknown @ 0x75fe3011 (jmp 0x26b72f)
[IAT:Inl] (firefox.exe @ comctl32.dll) USER32.dll - PostMessageW : Unknown @ 0x75fe3141 (jmp 0x261e9c)
[IAT:Inl] (firefox.exe @ comctl32.dll) USER32.dll - SetWindowsHookExW : Unknown @ 0x75fe17b9 (jmp 0x25a1b6)
[IAT:Inl] (firefox.exe @ CLBCatQ.DLL) ntdll.dll - NtVdmControl : Unknown @ 0x75fe2e49 (jmp 0xfffffffffe540f61)
[IAT:Inl] (firefox.exe @ CLBCatQ.DLL) ntdll.dll - NtSetValueKey : Unknown @ 0x75fe3ac1 (jmp 0xfffffffffe5438fd)
[IAT:Inl] (firefox.exe @ CLBCatQ.DLL) ntdll.dll - NtProtectVirtualMemory : Unknown @ 0x75fe3601 (jmp 0xfffffffffe5435c9)
[IAT:Inl] (firefox.exe @ mswsock.dll) ntdll.dll - NtLoadDriver : Unknown @ 0x75fe2be9 (jmp 0xfffffffffe541df5)
[IAT:Inl] (firefox.exe @ mswsock.dll) ntdll.dll - NtQueueApcThread : Unknown @ 0x75fe1e41 (jmp 0xfffffffffe541f1d)
[IAT:Inl] (firefox.exe @ NLAapi.dll) ntdll.dll - NtQueueApcThread : Unknown @ 0x75fe1e41 (jmp 0xfffffffffe541f1d)
[IAT:Inl] (firefox.exe @ pnrpnsp.dll) ntdll.dll - NtQueueApcThread : Unknown @ 0x75fe1e41 (jmp 0xfffffffffe541f1d)
[IAT:Inl] (firefox.exe @ WLIDNSP.DLL) KERNEL32.dll - GetStartupInfoA : Unknown @ 0x75fe2db1 (jmp 0x851fb1)
[IAT:Inl] (firefox.exe @ WINSTA.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x75fe2ab9 (jmp 0xfffffffffe542e09)
[IAT:Inl] (firefox.exe @ WINSTA.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x75fe1da9 (jmp 0xfffffffffe542189)
[IAT:Inl] (firefox.exe @ bdsecurepass.dll) USER32.dll - SetWindowsHookExW : Unknown @ 0x75fe17b9 (jmp 0x25a1b6)
[IAT:Inl] (firefox.exe @ bdsecurepass.dll) USER32.dll - PostMessageW : Unknown @ 0x75fe3141 (jmp 0x261e9c)
[IAT:Inl] (firefox.exe @ OLEACC.dll) USER32.dll - GetMessageW : Unknown @ 0x75fe3011 (jmp 0x26b72f)
[IAT:Inl] (firefox.exe @ OLEACC.dll) USER32.dll - SetWindowsHookExW : Unknown @ 0x75fe17b9 (jmp 0x25a1b6)
[IAT:Inl] (firefox.exe @ OLEACC.dll) USER32.dll - PostMessageW : Unknown @ 0x75fe3141 (jmp 0x261e9c)
[IAT:Inl] (firefox.exe @ MMDevApi.dll) USER32.dll - PostMessageW : Unknown @ 0x75fe3141 (jmp 0x261e9c)
[IAT:Inl] (firefox.exe @ dxgi.dll) USER32.dll - SetWindowsHookExA : Unknown @ 0x75fe1721 (jmp 0x2593c5)
[IAT:Inl] (firefox.exe @ dxgi.dll) USER32.dll - PostMessageA : Unknown @ 0x75fe30a9 (jmp 0x25f4ff)
[IAT:Inl] (firefox.exe @ nvwgf2um.dll) USER32.dll - PostMessageA : Unknown @ 0x75fe30a9 (jmp 0x25f4ff)
[IAT:Inl] (firefox.exe @ nvwgf2um.dll) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x75fe2009 (jmp 0x82ace2)
[IAT:Inl] (firefox.exe @ Nv3DVStreaming.dll) KERNEL32.dll - GetStartupInfoA : Unknown @ 0x75fe2db1 (jmp 0x851fb1)
[IAT:Inl] (firefox.exe @ nvapi.dll) ADVAPI32.dll - CloseServiceHandle : Unknown @ 0x75fe2859 (jmp 0xfffffffffec5f23d)
[IAT:Inl] (firefox.exe @ nvapi.dll) ADVAPI32.dll - ControlService : Unknown @ 0x75fe25f9 (jmp 0xfffffffffec4b51d)
[IAT:Inl] (firefox.exe @ nvapi.dll) ADVAPI32.dll - OpenServiceA : Unknown @ 0x75fe2399 (jmp 0xfffffffffec5f829)
[IAT:Inl] (firefox.exe @ nvapi.dll) USER32.dll - GetMessageA : Unknown @ 0x75fe2f79 (jmp 0x26b3a6)
[IAT:Inl] (firefox.exe @ nvapi.dll) USER32.dll - PostMessageA : Unknown @ 0x75fe30a9 (jmp 0x25f4ff)
[IAT:Inl] (firefox.exe @ nvStereoApiI.dll) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x75fe2009 (jmp 0x82ace2)
[IAT:Inl] (firefox.exe @ nvStereoApiI.dll) KERNEL32.dll - GetStartupInfoA : Unknown @ 0x75fe2db1 (jmp 0x851fb1)
[IAT:Inl] (firefox.exe @ nvSCPAPI.dll) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x75fe2009 (jmp 0x82ace2)
[IAT:Inl] (firefox.exe @ nvSCPAPI.dll) KERNEL32.dll - GetStartupInfoA : Unknown @ 0x75fe2db1 (jmp 0x851fb1)
[IAT:Inl] (firefox.exe @ nvSCPAPI.dll) USER32.dll - SetWindowsHookExA : Unknown @ 0x75fe1721 (jmp 0x2593c5)
[IAT:Inl] (firefox.exe @ nvSCPAPI.dll) USER32.dll - PostMessageA : Unknown @ 0x75fe30a9 (jmp 0x25f4ff)
[IAT:Inl] (firefox.exe @ nvSCPAPI.dll) ADVAPI32.dll - OpenServiceA : Unknown @ 0x75fe2399 (jmp 0xfffffffffec5f829)
[IAT:Inl] (firefox.exe @ nvSCPAPI.dll) ADVAPI32.dll - CloseServiceHandle : Unknown @ 0x75fe2859 (jmp 0xfffffffffec5f23d)
[IAT:Inl] (firefox.exe @ explorerframe.dll) USER32.dll - SetWindowsHookExW : Unknown @ 0x75fe17b9 (jmp 0x25a1b6)
[IAT:Inl] (firefox.exe @ explorerframe.dll) USER32.dll - PostMessageW : Unknown @ 0x75fe3141 (jmp 0x261e9c)
[IAT:Inl] (firefox.exe @ DUser.dll) USER32.dll - GetMessageW : Unknown @ 0x75fe3011 (jmp 0x26b72f)
[IAT:Inl] (firefox.exe @ DUser.dll) USER32.dll - GetMessageA : Unknown @ 0x75fe2f79 (jmp 0x26b3a6)
[IAT:Inl] (firefox.exe @ DUI70.dll) USER32.dll - GetMessageW : Unknown @ 0x75fe3011 (jmp 0x26b72f)
[IAT:Inl] (firefox.exe @ DUI70.dll) USER32.dll - PostMessageW : Unknown @ 0x75fe3141 (jmp 0x261e9c)
[IAT:Inl] (firefox.exe @ wship6.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x75fe2ab9 (jmp 0xfffffffffe542e09)
[IAT:Inl] (firefox.exe @ AVRT.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x75fe2ab9 (jmp 0xfffffffffe542e09)
[IAT:Inl] (firefox.exe @ ntshrui.dll) ntdll.dll - NtOpenFile : Unknown @ 0x75fe31d9 (jmp 0xfffffffffe543475)
[IAT:Inl] (firefox.exe @ ntshrui.dll) USER32.dll - PostMessageW : Unknown @ 0x75fe3141 (jmp 0x261e9c)
¤¤¤ Navigateurs web : 5 ¤¤¤
[FIREFX:Addon] 4fxhn38u.default : Adblock Plus [{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}] -> Supprimé(e)
[FIREFX:Addon] 4fxhn38u.default : Bitdefender Wallet [ffpwdman@bitdefender.com] -> Supprimé(e)
[FIREFX:Addon] 4fxhn38u.default : Blockulicious [{91A6D6AB-3E9A-4C00-A3CF-B08CBE803A2E}] -> Supprimé(e)
[FIREFX:Addon] 4fxhn38u.default : Skype Click to Call [{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}] -> Supprimé(e)
[PUM.Proxy][FIREFX:Config] 4fxhn38u.default : user_pref("network.proxy.type", 4); -> Remplacé(e) (0)
¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: ST9750420AS +++++
--- User ---
[MBR] 132408b2b25a3db063cd1ae8cd1c941b
[BSP] 6038da5abdb86a32e945c2c6aa172f56 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 52430848 | Size: 286161 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 638488576 | Size: 403641 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_11022014_211948.log