Publicité
Publicité
Format du document : text/x-log
Prévisualisation
RogueKiller V10.0.2.0 (x64) [Oct 16 2014] par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : https://www.surlatoile.org/RogueKiller/
Blog : http://www.adlice.com
Système d'exploitation : Windows 8.1 (6.3.9200 ) 64 bits version
Démarré en : Mode normal
Utilisateur : Jean Pierre [Administrateur]
Mode : Scan -- Date : 10/22/2014 10:48:01
¤¤¤ Processus : 3 ¤¤¤
[Suspicious.Path] StartMenuIndexer.exe -- C:\Users\Jean Pierre\AppData\Local\Pokki\Engine\StartMenuIndexer.exe[7] -> Tué(e) [TermProc]
[Suspicious.Path] HostAppService.exe -- C:\Users\Jean Pierre\AppData\Local\Pokki\Engine\HostAppService.exe[7] -> Tué(e) [TermProc]
[Suspicious.Path] HostAppService.exe -- C:\Users\Jean Pierre\AppData\Local\Pokki\Engine\HostAppService.exe[7] -> Tué(e) [TermThr]
¤¤¤ Registre : 10 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1317349164-1927255835-30155241-1001\Software\Microsoft\Windows\CurrentVersion\Run | Pokki : C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform -> Trouvé(e)
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1317349164-1927255835-30155241-1001\Software\Microsoft\Windows\CurrentVersion\Run | Pokki : C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.30.1 0.0.0.0 -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.30.1 0.0.0.0 -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E42C3B73-C255-4DCA-B10F-57880AE4F981} | DhcpNameServer : 192.168.30.1 0.0.0.0 -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E42C3B73-C255-4DCA-B10F-57880AE4F981} | DhcpNameServer : 192.168.30.1 0.0.0.0 -> Trouvé(e)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trouvé(e)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Trouvé(e)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trouvé(e)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Trouvé(e)
¤¤¤ Tâches : 0 ¤¤¤
¤¤¤ Fichiers : 0 ¤¤¤
¤¤¤ Fichier Hosts : 0 ¤¤¤
¤¤¤ Antirootkit : 51 (Driver: Chargé) ¤¤¤
[IAT:Addr] (explorer.exe) dwmapi.dll - : Unknown @ 0xc540040
[IAT:Addr] (explorer.exe) dwmapi.dll - : Unknown @ 0xc540020
[IAT:Addr] (explorer.exe) dwmapi.dll - : Unknown @ 0xc540000
[IAT:Addr] (explorer.exe @ Bcp47Langs.dll) api-ms-win-appmodel-runtime-l1-1-0.dll - GetCurrentPackageFamilyName : C:\windows\SYSTEM32\kernel.appcore.dll @ 0x7ffa40e42604
[IAT:Addr] (explorer.exe @ DEVOBJ.dll) api-ms-win-devices-config-l1-1-1.dll - CM_Set_Class_Registry_PropertyW : C:\windows\SYSTEM32\cfgmgr32.dll @ 0x7ffa4222f470
[IAT:Addr] (explorer.exe @ DEVOBJ.dll) api-ms-win-devices-config-l1-1-1.dll - CM_Get_Class_Registry_PropertyW : C:\windows\SYSTEM32\cfgmgr32.dll @ 0x7ffa4222e350
[IAT:Addr] (explorer.exe @ DEVOBJ.dll) api-ms-win-devices-config-l1-1-1.dll - CM_Get_Device_IDW : C:\windows\SYSTEM32\cfgmgr32.dll @ 0x7ffa42203c7c
[IAT:Addr] (explorer.exe @ DEVOBJ.dll) api-ms-win-devices-query-l1-1-1.dll - DevCreateObjectQuery : C:\windows\SYSTEM32\cfgmgr32.dll @ 0x7ffa4220a060
[IAT:Addr] (explorer.exe @ DEVOBJ.dll) api-ms-win-devices-query-l1-1-1.dll - DevCloseObjectQuery : C:\windows\SYSTEM32\cfgmgr32.dll @ 0x7ffa42208848
[IAT:Addr] (explorer.exe @ twinui.dll) api-ms-win-core-biplmapi-l1-1-1.dll - BiUpdateLockScreenApplications : C:\windows\SYSTEM32\twinapi.appcore.dll @ 0x7ffa3691c418
[IAT:Addr] (explorer.exe @ twinui.dll) api-ms-win-core-biplmapi-l1-1-1.dll - BiChangeSessionState : C:\windows\SYSTEM32\twinapi.appcore.dll @ 0x7ffa36902b90
[IAT:Addr] (explorer.exe @ twinui.dll) api-ms-win-appmodel-runtime-internal-l1-1-0.dll - GetAppModelVersion : C:\windows\SYSTEM32\kernel.appcore.dll @ 0x7ffa40e425bc
[IAT:Addr] (explorer.exe @ twinui.dll) api-ms-win-core-biptcltapi-l1-1-1.dll - BiPtAssociateActivationProxy : C:\windows\SYSTEM32\twinapi.appcore.dll @ 0x7ffa36906c7c
[IAT:Addr] (explorer.exe @ twinui.dll) api-ms-win-core-biptcltapi-l1-1-1.dll - BiPtDisassociateWorkItem : C:\windows\SYSTEM32\twinapi.appcore.dll @ 0x7ffa3691c964
[IAT:Addr] (explorer.exe @ WINMMBASE.dll) api-ms-win-devices-config-l1-1-1.dll - CM_Get_DevNode_Status : C:\windows\SYSTEM32\cfgmgr32.dll @ 0x7ffa42203d80
[IAT:Addr] (explorer.exe @ twinui.appcore.dll) api-ms-win-core-biptcltapi-l1-1-1.dll - BiPtActivateWorkItem : C:\windows\SYSTEM32\twinapi.appcore.dll @ 0x7ffa3691c730
[IAT:Addr] (explorer.exe @ twinui.appcore.dll) api-ms-win-core-biptcltapi-l1-1-1.dll - BiPtFreeMemory : C:\windows\SYSTEM32\twinapi.appcore.dll @ 0x7ffa36908d98
[IAT:Addr] (explorer.exe @ twinui.appcore.dll) api-ms-win-core-biptcltapi-l1-1-1.dll - BiPtQueryWorkItem : C:\windows\SYSTEM32\twinapi.appcore.dll @ 0x7ffa3691caf8
[IAT:Addr] (explorer.exe @ twinui.appcore.dll) api-ms-win-core-biptcltapi-l1-1-1.dll - BiPtEnumerateWorkItemsForPackageName : C:\windows\SYSTEM32\twinapi.appcore.dll @ 0x7ffa3691ca08
[IAT:Addr] (explorer.exe @ wpncore.dll) api-ms-win-appmodel-runtime-l1-1-1.dll - PackageFamilyNameFromFullName : C:\windows\SYSTEM32\kernel.appcore.dll @ 0x7ffa40e4282c
[IAT:Addr] (explorer.exe @ ClassicStartMenuDLL.dll) NETAPI32.dll - NetApiBufferFree : C:\windows\SYSTEM32\netutils.dll @ 0x7ffa412a1010
[IAT:Addr] (explorer.exe @ WSShared.dll) api-ms-win-appmodel-runtime-internal-l1-1-0.dll - GetAppModelVersion : C:\windows\SYSTEM32\kernel.appcore.dll @ 0x7ffa40e425bc
[IAT:Addr] (explorer.exe @ WSShared.dll) api-ms-win-appmodel-runtime-internal-l1-1-0.dll - GetPackageInstallTime : C:\windows\SYSTEM32\kernel.appcore.dll @ 0x7ffa40e426dc
[IAT:Addr] (explorer.exe @ WSShared.dll) api-ms-win-devices-query-l1-1-1.dll - DevFreeObjectProperties : C:\windows\SYSTEM32\cfgmgr32.dll @ 0x7ffa42209200
[IAT:Addr] (explorer.exe @ WSShared.dll) api-ms-win-devices-query-l1-1-1.dll - DevGetObjectProperties : C:\windows\SYSTEM32\cfgmgr32.dll @ 0x7ffa422094c4
[IAT:Addr] (explorer.exe @ WSShared.dll) SLC.dll - SLClose : C:\windows\SYSTEM32\sppc.dll @ 0x7ffa3ef4566c
[IAT:Addr] (explorer.exe @ WSShared.dll) SLC.dll - SLOpen : C:\windows\SYSTEM32\sppc.dll @ 0x7ffa3ef478e8
[IAT:Addr] (explorer.exe @ WSSync.dll) api-ms-win-appmodel-runtime-l1-1-1.dll - PackageFamilyNameFromFullName : C:\windows\SYSTEM32\kernel.appcore.dll @ 0x7ffa40e4282c
[IAT:Addr] (explorer.exe @ bthprops.cpl) api-ms-win-devices-query-l1-1-1.dll - DevCreateObjectQuery : C:\windows\SYSTEM32\cfgmgr32.dll @ 0x7ffa4220a060
[IAT:Addr] (explorer.exe @ bthprops.cpl) api-ms-win-devices-query-l1-1-1.dll - DevCloseObjectQuery : C:\windows\SYSTEM32\cfgmgr32.dll @ 0x7ffa42208848
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) api-ms-win-appmodel-runtime-internal-l1-1-0.dll - GetAppModelVersion : C:\windows\SYSTEM32\kernel.appcore.dll @ 0x7ffa40e425bc
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) api-ms-win-appmodel-runtime-internal-l1-1-0.dll - GetCurrentPackageApplicationContext : C:\windows\SYSTEM32\kernel.appcore.dll @ 0x7ffa40e425e0
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) api-ms-win-appmodel-runtime-internal-l1-1-0.dll - GetPackageOSMaxVersionTested : C:\windows\SYSTEM32\kernel.appcore.dll @ 0x7ffa40e426e8
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) api-ms-win-appmodel-runtime-internal-l1-1-0.dll - GetCurrentPackageContext : C:\windows\SYSTEM32\kernel.appcore.dll @ 0x7ffa40e425f8
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) api-ms-win-appmodel-runtime-internal-l1-1-0.dll - GetPackageApplicationPropertyString : C:\windows\SYSTEM32\kernel.appcore.dll @ 0x7ffa40e42688
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) api-ms-win-core-winrt-robuffer-l1-1-0.dll - RoGetBufferMarshaler : C:\Windows\System32\WinTypes.dll @ 0x7ffa34e5bf60
[IAT:Addr] (explorer.exe @ PRIVAM~1.DLL) psapi - GetModuleInformation : C:\windows\system32\psapi.DLL @ 0x7ffa42621450
[IAT:Addr] (explorer.exe @ acppage.dll) sfc.dll - SfcIsFileProtected : C:\windows\system32\sfc_os.DLL @ 0x7ffa3b9414c0
[IAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevCreateObjectQueryFromIdEx : C:\windows\SYSTEM32\cfgmgr32.dll @ 0x7ffa4220b384
[IAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevCloseObjectQuery : C:\windows\SYSTEM32\cfgmgr32.dll @ 0x7ffa42208848
[IAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevFreeObjects : C:\windows\SYSTEM32\cfgmgr32.dll @ 0x7ffa42209730
[IAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevGetObjects : C:\windows\SYSTEM32\cfgmgr32.dll @ 0x7ffa422097e8
[IAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevFreeObjectProperties : C:\windows\SYSTEM32\cfgmgr32.dll @ 0x7ffa42209200
[IAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevGetObjectProperties : C:\windows\SYSTEM32\cfgmgr32.dll @ 0x7ffa422094c4
[IAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevSetObjectProperties : C:\windows\SYSTEM32\cfgmgr32.dll @ 0x7ffa4220b074
[IAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevFindProperty : C:\windows\SYSTEM32\cfgmgr32.dll @ 0x7ffa4220c434
[IAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevCreateObjectQueryFromIdsEx : C:\windows\SYSTEM32\cfgmgr32.dll @ 0x7ffa422393d4
[IAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevCreateObjectQueryEx : C:\windows\SYSTEM32\cfgmgr32.dll @ 0x7ffa42209d20
[IAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevCreateObjectQuery : C:\windows\SYSTEM32\cfgmgr32.dll @ 0x7ffa4220a060
[IAT:Addr] (explorer.exe @ ClassicExplorer64.dll) NETAPI32.dll - NetShareEnum : C:\windows\SYSTEM32\srvcli.dll @ 0x7ffa41c51b00
[IAT:Addr] (explorer.exe @ ClassicExplorer64.dll) NETAPI32.dll - NetApiBufferFree : C:\windows\SYSTEM32\netutils.dll @ 0x7ffa412a1010
¤¤¤ Navigateurs web : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] 0sfb8vdr.default : user_pref("browser.startup.homepage", "https://startpage.com/fra/"); -> Trouvé(e)
¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: ST2000DM001-1ER164 +++++
--- User ---
[MBR] ede399c38cbb2179a0cedd3ed38f311e
[BSP] cea31ed5596a7aacb934dbfc9c1511e2 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: WD 6400AAK External USB Device +++++
--- User ---
[MBR] 3f9702d70b60c97087314a200ff2a8fd
[BSP] 2f6b85d256594f4c3a3709bde9ca8996 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 610477 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : https://www.surlatoile.org/RogueKiller/
Blog : http://www.adlice.com
Système d'exploitation : Windows 8.1 (6.3.9200 ) 64 bits version
Démarré en : Mode normal
Utilisateur : Jean Pierre [Administrateur]
Mode : Scan -- Date : 10/22/2014 10:48:01
¤¤¤ Processus : 3 ¤¤¤
[Suspicious.Path] StartMenuIndexer.exe -- C:\Users\Jean Pierre\AppData\Local\Pokki\Engine\StartMenuIndexer.exe[7] -> Tué(e) [TermProc]
[Suspicious.Path] HostAppService.exe -- C:\Users\Jean Pierre\AppData\Local\Pokki\Engine\HostAppService.exe[7] -> Tué(e) [TermProc]
[Suspicious.Path] HostAppService.exe -- C:\Users\Jean Pierre\AppData\Local\Pokki\Engine\HostAppService.exe[7] -> Tué(e) [TermThr]
¤¤¤ Registre : 10 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1317349164-1927255835-30155241-1001\Software\Microsoft\Windows\CurrentVersion\Run | Pokki : C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform -> Trouvé(e)
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1317349164-1927255835-30155241-1001\Software\Microsoft\Windows\CurrentVersion\Run | Pokki : C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.30.1 0.0.0.0 -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.30.1 0.0.0.0 -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E42C3B73-C255-4DCA-B10F-57880AE4F981} | DhcpNameServer : 192.168.30.1 0.0.0.0 -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E42C3B73-C255-4DCA-B10F-57880AE4F981} | DhcpNameServer : 192.168.30.1 0.0.0.0 -> Trouvé(e)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trouvé(e)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Trouvé(e)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trouvé(e)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Trouvé(e)
¤¤¤ Tâches : 0 ¤¤¤
¤¤¤ Fichiers : 0 ¤¤¤
¤¤¤ Fichier Hosts : 0 ¤¤¤
¤¤¤ Antirootkit : 51 (Driver: Chargé) ¤¤¤
[IAT:Addr] (explorer.exe) dwmapi.dll - : Unknown @ 0xc540040
[IAT:Addr] (explorer.exe) dwmapi.dll - : Unknown @ 0xc540020
[IAT:Addr] (explorer.exe) dwmapi.dll - : Unknown @ 0xc540000
[IAT:Addr] (explorer.exe @ Bcp47Langs.dll) api-ms-win-appmodel-runtime-l1-1-0.dll - GetCurrentPackageFamilyName : C:\windows\SYSTEM32\kernel.appcore.dll @ 0x7ffa40e42604
[IAT:Addr] (explorer.exe @ DEVOBJ.dll) api-ms-win-devices-config-l1-1-1.dll - CM_Set_Class_Registry_PropertyW : C:\windows\SYSTEM32\cfgmgr32.dll @ 0x7ffa4222f470
[IAT:Addr] (explorer.exe @ DEVOBJ.dll) api-ms-win-devices-config-l1-1-1.dll - CM_Get_Class_Registry_PropertyW : C:\windows\SYSTEM32\cfgmgr32.dll @ 0x7ffa4222e350
[IAT:Addr] (explorer.exe @ DEVOBJ.dll) api-ms-win-devices-config-l1-1-1.dll - CM_Get_Device_IDW : C:\windows\SYSTEM32\cfgmgr32.dll @ 0x7ffa42203c7c
[IAT:Addr] (explorer.exe @ DEVOBJ.dll) api-ms-win-devices-query-l1-1-1.dll - DevCreateObjectQuery : C:\windows\SYSTEM32\cfgmgr32.dll @ 0x7ffa4220a060
[IAT:Addr] (explorer.exe @ DEVOBJ.dll) api-ms-win-devices-query-l1-1-1.dll - DevCloseObjectQuery : C:\windows\SYSTEM32\cfgmgr32.dll @ 0x7ffa42208848
[IAT:Addr] (explorer.exe @ twinui.dll) api-ms-win-core-biplmapi-l1-1-1.dll - BiUpdateLockScreenApplications : C:\windows\SYSTEM32\twinapi.appcore.dll @ 0x7ffa3691c418
[IAT:Addr] (explorer.exe @ twinui.dll) api-ms-win-core-biplmapi-l1-1-1.dll - BiChangeSessionState : C:\windows\SYSTEM32\twinapi.appcore.dll @ 0x7ffa36902b90
[IAT:Addr] (explorer.exe @ twinui.dll) api-ms-win-appmodel-runtime-internal-l1-1-0.dll - GetAppModelVersion : C:\windows\SYSTEM32\kernel.appcore.dll @ 0x7ffa40e425bc
[IAT:Addr] (explorer.exe @ twinui.dll) api-ms-win-core-biptcltapi-l1-1-1.dll - BiPtAssociateActivationProxy : C:\windows\SYSTEM32\twinapi.appcore.dll @ 0x7ffa36906c7c
[IAT:Addr] (explorer.exe @ twinui.dll) api-ms-win-core-biptcltapi-l1-1-1.dll - BiPtDisassociateWorkItem : C:\windows\SYSTEM32\twinapi.appcore.dll @ 0x7ffa3691c964
[IAT:Addr] (explorer.exe @ WINMMBASE.dll) api-ms-win-devices-config-l1-1-1.dll - CM_Get_DevNode_Status : C:\windows\SYSTEM32\cfgmgr32.dll @ 0x7ffa42203d80
[IAT:Addr] (explorer.exe @ twinui.appcore.dll) api-ms-win-core-biptcltapi-l1-1-1.dll - BiPtActivateWorkItem : C:\windows\SYSTEM32\twinapi.appcore.dll @ 0x7ffa3691c730
[IAT:Addr] (explorer.exe @ twinui.appcore.dll) api-ms-win-core-biptcltapi-l1-1-1.dll - BiPtFreeMemory : C:\windows\SYSTEM32\twinapi.appcore.dll @ 0x7ffa36908d98
[IAT:Addr] (explorer.exe @ twinui.appcore.dll) api-ms-win-core-biptcltapi-l1-1-1.dll - BiPtQueryWorkItem : C:\windows\SYSTEM32\twinapi.appcore.dll @ 0x7ffa3691caf8
[IAT:Addr] (explorer.exe @ twinui.appcore.dll) api-ms-win-core-biptcltapi-l1-1-1.dll - BiPtEnumerateWorkItemsForPackageName : C:\windows\SYSTEM32\twinapi.appcore.dll @ 0x7ffa3691ca08
[IAT:Addr] (explorer.exe @ wpncore.dll) api-ms-win-appmodel-runtime-l1-1-1.dll - PackageFamilyNameFromFullName : C:\windows\SYSTEM32\kernel.appcore.dll @ 0x7ffa40e4282c
[IAT:Addr] (explorer.exe @ ClassicStartMenuDLL.dll) NETAPI32.dll - NetApiBufferFree : C:\windows\SYSTEM32\netutils.dll @ 0x7ffa412a1010
[IAT:Addr] (explorer.exe @ WSShared.dll) api-ms-win-appmodel-runtime-internal-l1-1-0.dll - GetAppModelVersion : C:\windows\SYSTEM32\kernel.appcore.dll @ 0x7ffa40e425bc
[IAT:Addr] (explorer.exe @ WSShared.dll) api-ms-win-appmodel-runtime-internal-l1-1-0.dll - GetPackageInstallTime : C:\windows\SYSTEM32\kernel.appcore.dll @ 0x7ffa40e426dc
[IAT:Addr] (explorer.exe @ WSShared.dll) api-ms-win-devices-query-l1-1-1.dll - DevFreeObjectProperties : C:\windows\SYSTEM32\cfgmgr32.dll @ 0x7ffa42209200
[IAT:Addr] (explorer.exe @ WSShared.dll) api-ms-win-devices-query-l1-1-1.dll - DevGetObjectProperties : C:\windows\SYSTEM32\cfgmgr32.dll @ 0x7ffa422094c4
[IAT:Addr] (explorer.exe @ WSShared.dll) SLC.dll - SLClose : C:\windows\SYSTEM32\sppc.dll @ 0x7ffa3ef4566c
[IAT:Addr] (explorer.exe @ WSShared.dll) SLC.dll - SLOpen : C:\windows\SYSTEM32\sppc.dll @ 0x7ffa3ef478e8
[IAT:Addr] (explorer.exe @ WSSync.dll) api-ms-win-appmodel-runtime-l1-1-1.dll - PackageFamilyNameFromFullName : C:\windows\SYSTEM32\kernel.appcore.dll @ 0x7ffa40e4282c
[IAT:Addr] (explorer.exe @ bthprops.cpl) api-ms-win-devices-query-l1-1-1.dll - DevCreateObjectQuery : C:\windows\SYSTEM32\cfgmgr32.dll @ 0x7ffa4220a060
[IAT:Addr] (explorer.exe @ bthprops.cpl) api-ms-win-devices-query-l1-1-1.dll - DevCloseObjectQuery : C:\windows\SYSTEM32\cfgmgr32.dll @ 0x7ffa42208848
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) api-ms-win-appmodel-runtime-internal-l1-1-0.dll - GetAppModelVersion : C:\windows\SYSTEM32\kernel.appcore.dll @ 0x7ffa40e425bc
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) api-ms-win-appmodel-runtime-internal-l1-1-0.dll - GetCurrentPackageApplicationContext : C:\windows\SYSTEM32\kernel.appcore.dll @ 0x7ffa40e425e0
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) api-ms-win-appmodel-runtime-internal-l1-1-0.dll - GetPackageOSMaxVersionTested : C:\windows\SYSTEM32\kernel.appcore.dll @ 0x7ffa40e426e8
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) api-ms-win-appmodel-runtime-internal-l1-1-0.dll - GetCurrentPackageContext : C:\windows\SYSTEM32\kernel.appcore.dll @ 0x7ffa40e425f8
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) api-ms-win-appmodel-runtime-internal-l1-1-0.dll - GetPackageApplicationPropertyString : C:\windows\SYSTEM32\kernel.appcore.dll @ 0x7ffa40e42688
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) api-ms-win-core-winrt-robuffer-l1-1-0.dll - RoGetBufferMarshaler : C:\Windows\System32\WinTypes.dll @ 0x7ffa34e5bf60
[IAT:Addr] (explorer.exe @ PRIVAM~1.DLL) psapi - GetModuleInformation : C:\windows\system32\psapi.DLL @ 0x7ffa42621450
[IAT:Addr] (explorer.exe @ acppage.dll) sfc.dll - SfcIsFileProtected : C:\windows\system32\sfc_os.DLL @ 0x7ffa3b9414c0
[IAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevCreateObjectQueryFromIdEx : C:\windows\SYSTEM32\cfgmgr32.dll @ 0x7ffa4220b384
[IAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevCloseObjectQuery : C:\windows\SYSTEM32\cfgmgr32.dll @ 0x7ffa42208848
[IAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevFreeObjects : C:\windows\SYSTEM32\cfgmgr32.dll @ 0x7ffa42209730
[IAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevGetObjects : C:\windows\SYSTEM32\cfgmgr32.dll @ 0x7ffa422097e8
[IAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevFreeObjectProperties : C:\windows\SYSTEM32\cfgmgr32.dll @ 0x7ffa42209200
[IAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevGetObjectProperties : C:\windows\SYSTEM32\cfgmgr32.dll @ 0x7ffa422094c4
[IAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevSetObjectProperties : C:\windows\SYSTEM32\cfgmgr32.dll @ 0x7ffa4220b074
[IAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevFindProperty : C:\windows\SYSTEM32\cfgmgr32.dll @ 0x7ffa4220c434
[IAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevCreateObjectQueryFromIdsEx : C:\windows\SYSTEM32\cfgmgr32.dll @ 0x7ffa422393d4
[IAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevCreateObjectQueryEx : C:\windows\SYSTEM32\cfgmgr32.dll @ 0x7ffa42209d20
[IAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevCreateObjectQuery : C:\windows\SYSTEM32\cfgmgr32.dll @ 0x7ffa4220a060
[IAT:Addr] (explorer.exe @ ClassicExplorer64.dll) NETAPI32.dll - NetShareEnum : C:\windows\SYSTEM32\srvcli.dll @ 0x7ffa41c51b00
[IAT:Addr] (explorer.exe @ ClassicExplorer64.dll) NETAPI32.dll - NetApiBufferFree : C:\windows\SYSTEM32\netutils.dll @ 0x7ffa412a1010
¤¤¤ Navigateurs web : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] 0sfb8vdr.default : user_pref("browser.startup.homepage", "https://startpage.com/fra/"); -> Trouvé(e)
¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: ST2000DM001-1ER164 +++++
--- User ---
[MBR] ede399c38cbb2179a0cedd3ed38f311e
[BSP] cea31ed5596a7aacb934dbfc9c1511e2 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: WD 6400AAK External USB Device +++++
--- User ---
[MBR] 3f9702d70b60c97087314a200ff2a8fd
[BSP] 2f6b85d256594f4c3a3709bde9ca8996 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 610477 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )