Impossible de réactifer le parfeu windows
Joris
-
lilidurhone Messages postés 48926 Date d'inscription Statut Contributeur sécurité Dernière intervention -
lilidurhone Messages postés 48926 Date d'inscription Statut Contributeur sécurité Dernière intervention -
Bonjour,
j'ai voulu hier reactiver le parfeu windoxs et voici mon erreur :
Ils dis que le Pare-Feu n'utilisent pas les paramètres recommandés, et quand je clique sur "mettre les paramètres recommandés." il me met un message d'erreur "Le Pare-Feu ne peut pas modifier certains de vos paramètres 0x80070424".j'ai eu aussi cette erreur Erreur 0x6D9
Avec le commande service.msc il y pas le par feu windows. Dans les registre HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\ je n'est pas de fichier windows firewall
comment resoudre ce probleme ?
merci d'avance
j'ai voulu hier reactiver le parfeu windoxs et voici mon erreur :
Ils dis que le Pare-Feu n'utilisent pas les paramètres recommandés, et quand je clique sur "mettre les paramètres recommandés." il me met un message d'erreur "Le Pare-Feu ne peut pas modifier certains de vos paramètres 0x80070424".j'ai eu aussi cette erreur Erreur 0x6D9
Avec le commande service.msc il y pas le par feu windows. Dans les registre HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\ je n'est pas de fichier windows firewall
comment resoudre ce probleme ?
merci d'avance
A voir également:
- Impossible de réactifer le parfeu windows
- Clé de produit windows 10 - Guide
- Montage video gratuit windows - Guide
- Windows ne démarre pas - Guide
- Windows movie maker - Télécharger - Montage & Édition
- Restauration systeme windows 10 - Guide
5 réponses
* Télécharge sur le bureau RogueKiller
* Quitte tous tes programmes en cours.
* Sous Vista/Seven et windows 8 , clique droit -> lancer en tant qu'administrateur
* Sinon lance simplement RogueKiller.exe
* Patiente pendant le pre-scan, puis clique sur le bouton Scan
* Un rapport RKreport.txt a du se créer sur le bureau, poste-le.
Note : Si le programme a été bloqué, ne pas hésiter à essayer plusieurs fois.
* Quitte tous tes programmes en cours.
* Sous Vista/Seven et windows 8 , clique droit -> lancer en tant qu'administrateur
* Sinon lance simplement RogueKiller.exe
* Patiente pendant le pre-scan, puis clique sur le bouton Scan
* Un rapport RKreport.txt a du se créer sur le bureau, poste-le.
Note : Si le programme a été bloqué, ne pas hésiter à essayer plusieurs fois.
RogueKiller V8.7.7 [Nov 11 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.adlice.com/forum/
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows 8 (6.2.9200 ) 32 bits version
Demarrage : Mode normal
Utilisateur : SEON [Droits d'admin]
Mode : Recherche -- Date : 11/11/2013 14:20:59
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 2 ¤¤¤
[BLPATH] cacaoweb.exe -- C:\Users\SEON\AppData\Roaming\cacaoweb\cacaoweb.exe [-] -> TUÉ [TermProc]
[ZeroAccess][SERVICE] ???etadpug -- "C:\Program Files\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\ \...\?????\{e3072a35-4f20-999f-fabf-c5b004537304}\GoogleUpdate.exe" < [x] -> STOPPÉ
¤¤¤ Entrees de registre : 11 ¤¤¤
[RUN][ZeroAccess] HKCU\[...]\Run : Google Update ("C:\Users\SEON\AppData\Local\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\?????????\?????????\?????\{e3072a35-4f20-999f-fabf-c5b004537304}\GoogleUpdate.exe" >) -> TROUVÉ
[RUN][BLPATH] HKCU\[...]\Run : cacaoweb ("C:\Users\SEON\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer [-]) -> TROUVÉ
[RUN][ZeroAccess] HKUS\S-1-5-21-2477481718-727868231-2274151261-1000\[...]\Run : Google Update ("C:\Users\SEON\AppData\Local\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\?????????\?????????\?????\{e3072a35-4f20-999f-fabf-c5b004537304}\GoogleUpdate.exe" >) -> TROUVÉ
[RUN][BLPATH] HKUS\S-1-5-21-2477481718-727868231-2274151261-1000\[...]\Run : cacaoweb ("C:\Users\SEON\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer [-]) -> TROUVÉ
[SERVICE][ZeroAccess] HKLM\[...]\CCSet\[...]\Services : ???etadpug ("C:\Program Files\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\ \...\?????\{e3072a35-4f20-999f-fabf-c5b004537304}\GoogleUpdate.exe" < [x]) -> TROUVÉ
[SERVICE][ZeroAccess] HKLM\[...]\CS001\[...]\Services : ???etadpug ("C:\Program Files\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\ \...\?????\{e3072a35-4f20-999f-fabf-c5b004537304}\GoogleUpdate.exe" < [x]) -> TROUVÉ
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (hxxp=;ftp=;hxxps=; [Country: (Private Address) (XX), City: (Private Address)]) -> TROUVÉ
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
¤¤¤ Tâches planifiées : 0 ¤¤¤
¤¤¤ Entrées Startup : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][Fichier] Desktop.ini : C:\Windows\assembly\GAC\Desktop.ini [-] --> TROUVÉ
[ZeroAccess][Jonction] fr-FR : C:\Program Files\Windows Defender\fr-FR >> \systemroot\system32\config [-] --> TROUVÉ
[ZeroAccess][Jonction] SymSrv.yes : C:\Program Files\Windows Defender\SymSrv.yes >> \systemroot\system32\config [-] --> TROUVÉ
[ZeroAccess][Repertoire] Install : C:\Users\SEON\AppData\Local\Google\Desktop\Install [-] --> TROUVÉ
[ZeroAccess][Repertoire] Install : C:\Program Files\Google\Desktop\Install [-] --> TROUVÉ
¤¤¤ Driver : [CHARGE] ¤¤¤
[Address] ***@*** (CoTaskMemFree) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D83700)
[Address] ***@*** (CoInitializeEx) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D99DF5)
[Address] ***@*** (CoUninitialize) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D9963D)
[Address] ***@*** (CreateStreamOnHGlobal) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DC97D7)
[Address] ***@*** (CoGetApartmentType) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D9A9CD)
[Address] ***@*** (CoWaitForMultipleHandles) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DC8B73)
[Address] ***@*** (CoFreeUnusedLibraries) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DD2329)
[Address] ***@*** (CoEnableCallCancellation) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DA6635)
[Address] ***@*** (CoDisableCallCancellation) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DA666B)
[Address] ***@*** (CoCancelCall) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74E2E323)
[Address] ***@*** (StringFromGUID2) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D9A428)
[Address] ***@*** (PropVariantClear) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D9AAF0)
[Address] ***@*** (CoMarshalInterThreadInterfaceInStream) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DCF6D4)
[Address] ***@*** (CoReleaseMarshalData) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DA96E2)
[Address] ***@*** (CoCreateInstance) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D9C859)
[Address] ***@*** (CoRevokeClassObject) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DD34F6)
[Address] ***@*** (CoRegisterClassObject) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DD4757)
[Address] ***@*** (CoGetInterfaceAndReleaseStream) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DCF684)
[Address] ***@*** (CoGetMalloc) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D83838)
[Address] ***@*** (CoCreateFreeThreadedMarshaler) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D9D270)
[Address] ***@*** (CoTaskMemAlloc) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D837D7)
[Address] ***@*** (CLSIDFromString) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DC8056)
[Address] ***@*** (CoTaskMemRealloc) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D9AACA)
[Address] ***@*** (InterlockedExchange) : api-ms-win-core-interlocked-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ECEF9)
[Address] ***@*** (InterlockedIncrement) : api-ms-win-core-interlocked-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ECE9B)
[Address] ***@*** (InterlockedCompareExchange) : api-ms-win-core-interlocked-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ECF0C)
[Address] ***@*** (InterlockedDecrement) : api-ms-win-core-interlocked-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ECE8A)
[Address] ***@*** (RegCreateKeyExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7490B580)
[Address] ***@*** (RegEnumValueW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FC5C4)
[Address] ***@*** (RegQueryInfoKeyW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FC171)
[Address] ***@*** (RegQueryValueExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EFBB6)
[Address] ***@*** (RegCloseKey) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EF832)
[Address] ***@*** (RegOpenKeyExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EF625)
[Address] ***@*** (RegGetValueW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F296A)
[Address] ***@*** (RegOpenCurrentUser) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F63B3)
[Address] ***@*** (RegEnumKeyExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FAA19)
[Address] ***@*** (RegDeleteValueW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74901401)
[Address] ***@*** (RegSetValueExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7490B72B)
[Address] ***@*** (OpenProcessToken) : api-ms-win-core-processthreads-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EE647)
[Address] ***@*** (OpenThreadToken) : api-ms-win-core-processthreads-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EE612)
[Address] ***@*** (CloseHandle) : api-ms-win-core-handle-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ED140)
[Address] ***@*** (DuplicateHandle) : api-ms-win-core-handle-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EDA22)
[Address] ***@*** (SetUnhandledExceptionFilter) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x749070D7)
[Address] ***@*** (SetErrorMode) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F2EBF)
[Address] ***@*** (GetLastError) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ECEEF)
[Address] ***@*** (RaiseException) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F1F9B)
[Address] ***@*** (UnhandledExceptionFilter) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7497705F)
[Address] ***@*** (WaitForSingleObject) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748E2151)
[Address] ***@*** (OpenMutexW) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FBACE)
[Address] ***@*** (InitializeCriticalSectionEx) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F53BA)
[Address] ***@*** (WaitForMultipleObjectsEx) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ECFBE)
[Address] ***@*** (SetEvent) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ED08C)
[Address] ***@*** (OpenEventW) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F229A)
[Address] ***@*** (CreateEventW) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ED997)
[Address] ***@*** (ResetEvent) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ED0B2)
[Address] ***@*** (CreateMutexW) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F0EE1)
[Address] ***@*** (ReleaseMutex) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748E1005)
[Address] ***@*** (Sleep) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748E2284)
[Address] ***@*** (CharNextW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F663E)
[Address] ***@*** (CharUpperW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F695B)
[Address] ***@*** (CharPrevW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F9AAC)
[Address] ***@*** (CharLowerW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FE111)
[Address] ***@*** (IsCharAlphaNumericW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FBDE7)
[Address] ***@*** (HeapDestroy) : api-ms-win-core-heap-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F04F7)
[Address] ***@*** (HeapSetInformation) : api-ms-win-core-heap-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F467B)
[Address] ***@*** (GetProcessHeap) : api-ms-win-core-heap-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ECEB1)
[Address] ***@*** (WideCharToMultiByte) : api-ms-win-core-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F1CCD)
[Address] ***@*** (MultiByteToWideChar) : api-ms-win-core-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F0C61)
[Address] ***@*** (CompareStringW) : api-ms-win-core-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EEC17)
[Address] ***@*** (CompareStringOrdinal) : api-ms-win-core-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F7E2F)
[Address] ***@*** (FreeLibrary) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EDD11)
[Address] ***@*** (GetProcAddress) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EFCFE)
[Address] ***@*** (LoadLibraryExW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F273E)
[Address] ***@*** (LockResource) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ED7DF)
[Address] ***@*** (GetModuleHandleW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EDC84)
[Address] ***@*** (LoadResource) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F75B2)
[Address] ***@*** (FindResourceExW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F748B)
[Address] ***@*** (GetModuleFileNameW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EE0AF)
[Address] ***@*** (FreeLibraryAndExitThread) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EE033)
[Address] ***@*** (GetModuleHandleExW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F20DA)
[Address] ***@*** (LoadStringW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F3BD1)
[Address] ***@*** (GetModuleHandleA) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EE3CA)
[Address] ***@*** (GetCurrentDirectoryW) : api-ms-win-core-processenvironment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F54B6)
[Address] ***@*** (GetCommandLineW) : api-ms-win-core-processenvironment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F53E2)
[Address] ***@*** (SearchPathW) : api-ms-win-core-processenvironment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7493C406)
[Address] ***@*** (ExpandEnvironmentStringsW) : api-ms-win-core-processenvironment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EEDE9)
[Address] ***@*** (CallNtPowerInformation) : api-ms-win-power-base-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\powrprof.dll @ 0x74751DCC)
[Address] ***@*** (GetPwrCapabilities) : api-ms-win-power-base-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\powrprof.dll @ 0x7475367D)
[Address] ***@*** (GetTokenInformation) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EE773)
[Address] ***@*** (GetSidSubAuthority) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F6446)
[Address] ***@*** (CreateWellKnownSid) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74902A05)
[Address] ***@*** (GetLengthSid) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EE66F)
[Address] ***@*** (IsValidSid) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EE6D5)
[Address] ***@*** (CopySid) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EE688)
[Address] ***@*** (GetSidSubAuthorityCount) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F645F)
[Address] ***@*** (CheckTokenMembership) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F0329)
[Address] ***@*** (PathCchAddExtension) : api-ms-win-core-path-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7491A8C1)
[Address] ***@*** (PathCchCombine) : api-ms-win-core-path-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F86CF)
[Address] ***@*** (PathCchAppend) : api-ms-win-core-path-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x749011EC)
[Address] ***@*** (GetLongPathNameW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74912C8D)
[Address] ***@*** (ReadFile) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F384C)
[Address] ***@*** (CreateFileW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F26CE)
[Address] ***@*** (WriteFile) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EDA7F)
[Address] ***@*** (GetFileSize) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F02B9)
[Address] ***@*** (FindClose) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F4A48)
[Address] ***@*** (CompareFileTime) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F1648)
[Address] ***@*** (DeleteFileW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F402F)
[Address] ***@*** (FindNextFileW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F4B4D)
[Address] ***@*** (FindFirstFileW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F49EA)
[Address] ***@*** (GetFileAttributesW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F2D76)
[Address] ***@*** (GetTickCount64) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ED21E)
[Address] ***@*** (GetTickCount) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ECE5B)
[Address] ***@*** (GetProductInfo) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7490A3A1)
[Address] ***@*** (GetVersionExW) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EEE47)
[Address] ***@*** (GetSystemDirectoryW) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F43EE)
[Address] ***@*** (GetSystemTimeAsFileTime) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ED306)
[Address] ***@*** (GetSystemTime) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EECE5)
[Address] ***@*** (GetWindowsDirectoryW) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F69A0)
[Address] ***@*** (GetLocalTime) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EF145)
[Address] ***@*** (GetDynamicTimeZoneInformation) : api-ms-win-core-timezone-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74932B27)
[Address] ***@*** (GetTimeZoneInformation) : api-ms-win-core-timezone-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x749000B1)
[Address] ***@*** (SystemTimeToFileTime) : api-ms-win-core-timezone-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F2141)
[Address] ***@*** (GetTimeFormatEx) : api-ms-win-core-datetime-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74902599)
[Address] ***@*** (GetDateFormatEx) : api-ms-win-core-datetime-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x749025C9)
[Address] ***@*** (GetDateFormatW) : api-ms-win-core-datetime-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74912516)
[Address] ***@*** (MapViewOfFile) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F2BB9)
[Address] ***@*** (VirtualAlloc) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ED3DD)
[Address] ***@*** (UnmapViewOfFile) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ED2A3)
[Address] ***@*** (CreateFileMappingW) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F2D4F)
[Address] ***@*** (VirtualFree) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EDD5A)
[Address] ***@*** (StrStrIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FF51E)
[Address] ***@*** (StrTrimW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FDF67)
[Address] ***@*** (StrCmpNICW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7493D843)
[Address] ***@*** (StrCmpNW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7493CC6A)
[Address] ***@*** (StrToIntW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7493DD73)
[Address] ***@*** (StrChrW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7493D80F)
[Address] ***@*** (StrCmpICW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7493D76D)
[Address] ***@*** (StrCmpNIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FF7C6)
[Address] ***@*** (StrRStrIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74937664)
[Address] ***@*** (StrCmpIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x749143B9)
[Address] ***@*** (SHLoadIndirectString) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FFB3B)
[Address] ***@*** (StrChrIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74915923)
[Address] ***@*** (StrCmpW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7493CED7)
[Address] ***@*** (StrCmpCW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F6B0D)
[Address] ***@*** (QISearch) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EDEB8)
[Address] ***@*** (StrCmpICA) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EDF6D)
[Address] ***@*** (GetUserDefaultUILanguage) : api-ms-win-core-localization-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F172A)
[Address] ***@*** (CoRegisterMessageFilter) : api-ms-win-core-com-private-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DC91D2)
[Address] ***@*** (SHRegGetUSValueW) : api-ms-win-core-registryuserspecific-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74910829)
[Address] ***@*** (SHRegGetBoolUSValueW) : api-ms-win-core-registryuserspecific-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74917F7A)
[Address] ***@*** (PathRemoveExtensionW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74901111)
[Address] ***@*** (PathIsFileSpecW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x749174FF)
[Address] ***@*** (PathGetDriveNumberW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7493D9BF)
[Address] ***@*** (PathRemoveFileSpecW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7491208C)
[Address] ***@*** (PathCommonPrefixW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74900BFB)
[Address] ***@*** (PathStripPathW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x749426F0)
[Address] ***@*** (PathStripToRootW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7491224C)
[Address] ***@*** (PathFindExtensionW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F9964)
[Address] ***@*** (PathQuoteSpacesW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74937B36)
[Address] ***@*** (SHExpandEnvironmentStringsW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F9C9B)
[Address] ***@*** (PathFileExistsW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F6B45)
[Address] ***@*** (PathGetArgsW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7493BE61)
[Address] ***@*** (PathRemoveBlanksW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7490A588)
[Address] ***@*** (PathFindFileNameW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7493D899)
[Address] ***@*** (PathCombineW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FE1CF)
[Address] ***@*** (PathParseIconLocationW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74942A5F)
[Address] ***@*** (PathIsRootW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FE367)
[Address] ***@*** (PathIsPrefixW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74900D6E)
[Address] ***@*** (RegCreateKeyW) : api-ms-win-core-registry-l2-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\advapi32.dll @ 0x767F879E)
[Address] ***@*** (SetWindowPos) : USER32.dll -> HOOKED (C:\Program Files\IObit\Start Menu 8\StartMenuDll32.dll @ 0x0CEEE5B4)
[Address] ***@*** (RoGetActivationFactory) : api-ms-win-core-winrt-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DD76B7)
[Address] ***@*** (WindowsDeleteString) : api-ms-win-core-winrt-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DD1360)
[Address] ***@*** (WindowsCreateString) : api-ms-win-core-winrt-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DD15A1)
[Address] ***@*** (WindowsGetStringRawBuffer) : api-ms-win-core-winrt-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DD116D)
[Address] ***@*** (GetLocaleInfoW) : api-ms-win-core-localization-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F3457)
[Address] ***@*** (GetThreadUILanguage) : api-ms-win-core-localization-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74900B2D)
[Address] ***@*** (QueryFullProcessImageNameW) : api-ms-win-core-psapi-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7493E179)
[Address] ***@*** (StopTraceW) : api-ms-win-eventing-controller-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74932934)
[Address] ***@*** (EnableTraceEx2) : api-ms-win-eventing-controller-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7492960E)
[Address] ***@*** (StartTraceW) : api-ms-win-eventing-controller-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74929E6F)
[Address] ***@*** (DeactivateActCtx) : api-ms-win-core-sidebyside-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F029B)
[Address] ***@*** (ReleaseActCtx) : api-ms-win-core-sidebyside-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F025F)
[Address] ***@*** (ActivateActCtx) : api-ms-win-core-sidebyside-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F027D)
[Address] ***@*** (CreateActCtxW) : api-ms-win-core-sidebyside-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F67FF)
[Address] ***@*** (ChangeTimerQueueTimer) : api-ms-win-core-threadpool-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EE072)
[Address] ***@*** (DeleteTimerQueueTimer) : api-ms-win-core-threadpool-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F056D)
[Address] ***@*** (CreateTimerQueueTimer) : api-ms-win-core-threadpool-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F05BA)
[Address] ***@*** (QueueUserWorkItem) : api-ms-win-core-threadpool-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EE81C)
¤¤¤ Ruches Externes: ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200AAJS-22B4A0 ATA Device +++++
--- User ---
[MBR] a6b2c0157ceb6bc0df1aef3564376b74
[BSP] 478a21cc65b76290820884f959b03bbc : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 9993 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20467712 | Size: 147757 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 323074048 | Size: 147493 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[0]_S_11112013_142059.txt >>
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.adlice.com/forum/
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows 8 (6.2.9200 ) 32 bits version
Demarrage : Mode normal
Utilisateur : SEON [Droits d'admin]
Mode : Recherche -- Date : 11/11/2013 14:20:59
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 2 ¤¤¤
[BLPATH] cacaoweb.exe -- C:\Users\SEON\AppData\Roaming\cacaoweb\cacaoweb.exe [-] -> TUÉ [TermProc]
[ZeroAccess][SERVICE] ???etadpug -- "C:\Program Files\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\ \...\?????\{e3072a35-4f20-999f-fabf-c5b004537304}\GoogleUpdate.exe" < [x] -> STOPPÉ
¤¤¤ Entrees de registre : 11 ¤¤¤
[RUN][ZeroAccess] HKCU\[...]\Run : Google Update ("C:\Users\SEON\AppData\Local\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\?????????\?????????\?????\{e3072a35-4f20-999f-fabf-c5b004537304}\GoogleUpdate.exe" >) -> TROUVÉ
[RUN][BLPATH] HKCU\[...]\Run : cacaoweb ("C:\Users\SEON\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer [-]) -> TROUVÉ
[RUN][ZeroAccess] HKUS\S-1-5-21-2477481718-727868231-2274151261-1000\[...]\Run : Google Update ("C:\Users\SEON\AppData\Local\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\?????????\?????????\?????\{e3072a35-4f20-999f-fabf-c5b004537304}\GoogleUpdate.exe" >) -> TROUVÉ
[RUN][BLPATH] HKUS\S-1-5-21-2477481718-727868231-2274151261-1000\[...]\Run : cacaoweb ("C:\Users\SEON\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer [-]) -> TROUVÉ
[SERVICE][ZeroAccess] HKLM\[...]\CCSet\[...]\Services : ???etadpug ("C:\Program Files\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\ \...\?????\{e3072a35-4f20-999f-fabf-c5b004537304}\GoogleUpdate.exe" < [x]) -> TROUVÉ
[SERVICE][ZeroAccess] HKLM\[...]\CS001\[...]\Services : ???etadpug ("C:\Program Files\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\ \...\?????\{e3072a35-4f20-999f-fabf-c5b004537304}\GoogleUpdate.exe" < [x]) -> TROUVÉ
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (hxxp=;ftp=;hxxps=; [Country: (Private Address) (XX), City: (Private Address)]) -> TROUVÉ
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
¤¤¤ Tâches planifiées : 0 ¤¤¤
¤¤¤ Entrées Startup : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][Fichier] Desktop.ini : C:\Windows\assembly\GAC\Desktop.ini [-] --> TROUVÉ
[ZeroAccess][Jonction] fr-FR : C:\Program Files\Windows Defender\fr-FR >> \systemroot\system32\config [-] --> TROUVÉ
[ZeroAccess][Jonction] SymSrv.yes : C:\Program Files\Windows Defender\SymSrv.yes >> \systemroot\system32\config [-] --> TROUVÉ
[ZeroAccess][Repertoire] Install : C:\Users\SEON\AppData\Local\Google\Desktop\Install [-] --> TROUVÉ
[ZeroAccess][Repertoire] Install : C:\Program Files\Google\Desktop\Install [-] --> TROUVÉ
¤¤¤ Driver : [CHARGE] ¤¤¤
[Address] ***@*** (CoTaskMemFree) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D83700)
[Address] ***@*** (CoInitializeEx) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D99DF5)
[Address] ***@*** (CoUninitialize) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D9963D)
[Address] ***@*** (CreateStreamOnHGlobal) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DC97D7)
[Address] ***@*** (CoGetApartmentType) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D9A9CD)
[Address] ***@*** (CoWaitForMultipleHandles) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DC8B73)
[Address] ***@*** (CoFreeUnusedLibraries) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DD2329)
[Address] ***@*** (CoEnableCallCancellation) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DA6635)
[Address] ***@*** (CoDisableCallCancellation) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DA666B)
[Address] ***@*** (CoCancelCall) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74E2E323)
[Address] ***@*** (StringFromGUID2) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D9A428)
[Address] ***@*** (PropVariantClear) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D9AAF0)
[Address] ***@*** (CoMarshalInterThreadInterfaceInStream) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DCF6D4)
[Address] ***@*** (CoReleaseMarshalData) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DA96E2)
[Address] ***@*** (CoCreateInstance) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D9C859)
[Address] ***@*** (CoRevokeClassObject) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DD34F6)
[Address] ***@*** (CoRegisterClassObject) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DD4757)
[Address] ***@*** (CoGetInterfaceAndReleaseStream) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DCF684)
[Address] ***@*** (CoGetMalloc) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D83838)
[Address] ***@*** (CoCreateFreeThreadedMarshaler) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D9D270)
[Address] ***@*** (CoTaskMemAlloc) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D837D7)
[Address] ***@*** (CLSIDFromString) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DC8056)
[Address] ***@*** (CoTaskMemRealloc) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D9AACA)
[Address] ***@*** (InterlockedExchange) : api-ms-win-core-interlocked-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ECEF9)
[Address] ***@*** (InterlockedIncrement) : api-ms-win-core-interlocked-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ECE9B)
[Address] ***@*** (InterlockedCompareExchange) : api-ms-win-core-interlocked-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ECF0C)
[Address] ***@*** (InterlockedDecrement) : api-ms-win-core-interlocked-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ECE8A)
[Address] ***@*** (RegCreateKeyExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7490B580)
[Address] ***@*** (RegEnumValueW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FC5C4)
[Address] ***@*** (RegQueryInfoKeyW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FC171)
[Address] ***@*** (RegQueryValueExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EFBB6)
[Address] ***@*** (RegCloseKey) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EF832)
[Address] ***@*** (RegOpenKeyExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EF625)
[Address] ***@*** (RegGetValueW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F296A)
[Address] ***@*** (RegOpenCurrentUser) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F63B3)
[Address] ***@*** (RegEnumKeyExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FAA19)
[Address] ***@*** (RegDeleteValueW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74901401)
[Address] ***@*** (RegSetValueExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7490B72B)
[Address] ***@*** (OpenProcessToken) : api-ms-win-core-processthreads-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EE647)
[Address] ***@*** (OpenThreadToken) : api-ms-win-core-processthreads-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EE612)
[Address] ***@*** (CloseHandle) : api-ms-win-core-handle-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ED140)
[Address] ***@*** (DuplicateHandle) : api-ms-win-core-handle-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EDA22)
[Address] ***@*** (SetUnhandledExceptionFilter) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x749070D7)
[Address] ***@*** (SetErrorMode) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F2EBF)
[Address] ***@*** (GetLastError) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ECEEF)
[Address] ***@*** (RaiseException) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F1F9B)
[Address] ***@*** (UnhandledExceptionFilter) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7497705F)
[Address] ***@*** (WaitForSingleObject) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748E2151)
[Address] ***@*** (OpenMutexW) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FBACE)
[Address] ***@*** (InitializeCriticalSectionEx) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F53BA)
[Address] ***@*** (WaitForMultipleObjectsEx) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ECFBE)
[Address] ***@*** (SetEvent) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ED08C)
[Address] ***@*** (OpenEventW) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F229A)
[Address] ***@*** (CreateEventW) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ED997)
[Address] ***@*** (ResetEvent) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ED0B2)
[Address] ***@*** (CreateMutexW) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F0EE1)
[Address] ***@*** (ReleaseMutex) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748E1005)
[Address] ***@*** (Sleep) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748E2284)
[Address] ***@*** (CharNextW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F663E)
[Address] ***@*** (CharUpperW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F695B)
[Address] ***@*** (CharPrevW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F9AAC)
[Address] ***@*** (CharLowerW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FE111)
[Address] ***@*** (IsCharAlphaNumericW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FBDE7)
[Address] ***@*** (HeapDestroy) : api-ms-win-core-heap-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F04F7)
[Address] ***@*** (HeapSetInformation) : api-ms-win-core-heap-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F467B)
[Address] ***@*** (GetProcessHeap) : api-ms-win-core-heap-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ECEB1)
[Address] ***@*** (WideCharToMultiByte) : api-ms-win-core-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F1CCD)
[Address] ***@*** (MultiByteToWideChar) : api-ms-win-core-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F0C61)
[Address] ***@*** (CompareStringW) : api-ms-win-core-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EEC17)
[Address] ***@*** (CompareStringOrdinal) : api-ms-win-core-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F7E2F)
[Address] ***@*** (FreeLibrary) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EDD11)
[Address] ***@*** (GetProcAddress) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EFCFE)
[Address] ***@*** (LoadLibraryExW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F273E)
[Address] ***@*** (LockResource) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ED7DF)
[Address] ***@*** (GetModuleHandleW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EDC84)
[Address] ***@*** (LoadResource) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F75B2)
[Address] ***@*** (FindResourceExW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F748B)
[Address] ***@*** (GetModuleFileNameW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EE0AF)
[Address] ***@*** (FreeLibraryAndExitThread) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EE033)
[Address] ***@*** (GetModuleHandleExW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F20DA)
[Address] ***@*** (LoadStringW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F3BD1)
[Address] ***@*** (GetModuleHandleA) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EE3CA)
[Address] ***@*** (GetCurrentDirectoryW) : api-ms-win-core-processenvironment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F54B6)
[Address] ***@*** (GetCommandLineW) : api-ms-win-core-processenvironment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F53E2)
[Address] ***@*** (SearchPathW) : api-ms-win-core-processenvironment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7493C406)
[Address] ***@*** (ExpandEnvironmentStringsW) : api-ms-win-core-processenvironment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EEDE9)
[Address] ***@*** (CallNtPowerInformation) : api-ms-win-power-base-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\powrprof.dll @ 0x74751DCC)
[Address] ***@*** (GetPwrCapabilities) : api-ms-win-power-base-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\powrprof.dll @ 0x7475367D)
[Address] ***@*** (GetTokenInformation) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EE773)
[Address] ***@*** (GetSidSubAuthority) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F6446)
[Address] ***@*** (CreateWellKnownSid) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74902A05)
[Address] ***@*** (GetLengthSid) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EE66F)
[Address] ***@*** (IsValidSid) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EE6D5)
[Address] ***@*** (CopySid) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EE688)
[Address] ***@*** (GetSidSubAuthorityCount) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F645F)
[Address] ***@*** (CheckTokenMembership) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F0329)
[Address] ***@*** (PathCchAddExtension) : api-ms-win-core-path-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7491A8C1)
[Address] ***@*** (PathCchCombine) : api-ms-win-core-path-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F86CF)
[Address] ***@*** (PathCchAppend) : api-ms-win-core-path-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x749011EC)
[Address] ***@*** (GetLongPathNameW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74912C8D)
[Address] ***@*** (ReadFile) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F384C)
[Address] ***@*** (CreateFileW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F26CE)
[Address] ***@*** (WriteFile) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EDA7F)
[Address] ***@*** (GetFileSize) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F02B9)
[Address] ***@*** (FindClose) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F4A48)
[Address] ***@*** (CompareFileTime) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F1648)
[Address] ***@*** (DeleteFileW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F402F)
[Address] ***@*** (FindNextFileW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F4B4D)
[Address] ***@*** (FindFirstFileW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F49EA)
[Address] ***@*** (GetFileAttributesW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F2D76)
[Address] ***@*** (GetTickCount64) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ED21E)
[Address] ***@*** (GetTickCount) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ECE5B)
[Address] ***@*** (GetProductInfo) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7490A3A1)
[Address] ***@*** (GetVersionExW) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EEE47)
[Address] ***@*** (GetSystemDirectoryW) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F43EE)
[Address] ***@*** (GetSystemTimeAsFileTime) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ED306)
[Address] ***@*** (GetSystemTime) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EECE5)
[Address] ***@*** (GetWindowsDirectoryW) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F69A0)
[Address] ***@*** (GetLocalTime) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EF145)
[Address] ***@*** (GetDynamicTimeZoneInformation) : api-ms-win-core-timezone-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74932B27)
[Address] ***@*** (GetTimeZoneInformation) : api-ms-win-core-timezone-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x749000B1)
[Address] ***@*** (SystemTimeToFileTime) : api-ms-win-core-timezone-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F2141)
[Address] ***@*** (GetTimeFormatEx) : api-ms-win-core-datetime-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74902599)
[Address] ***@*** (GetDateFormatEx) : api-ms-win-core-datetime-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x749025C9)
[Address] ***@*** (GetDateFormatW) : api-ms-win-core-datetime-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74912516)
[Address] ***@*** (MapViewOfFile) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F2BB9)
[Address] ***@*** (VirtualAlloc) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ED3DD)
[Address] ***@*** (UnmapViewOfFile) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ED2A3)
[Address] ***@*** (CreateFileMappingW) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F2D4F)
[Address] ***@*** (VirtualFree) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EDD5A)
[Address] ***@*** (StrStrIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FF51E)
[Address] ***@*** (StrTrimW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FDF67)
[Address] ***@*** (StrCmpNICW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7493D843)
[Address] ***@*** (StrCmpNW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7493CC6A)
[Address] ***@*** (StrToIntW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7493DD73)
[Address] ***@*** (StrChrW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7493D80F)
[Address] ***@*** (StrCmpICW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7493D76D)
[Address] ***@*** (StrCmpNIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FF7C6)
[Address] ***@*** (StrRStrIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74937664)
[Address] ***@*** (StrCmpIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x749143B9)
[Address] ***@*** (SHLoadIndirectString) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FFB3B)
[Address] ***@*** (StrChrIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74915923)
[Address] ***@*** (StrCmpW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7493CED7)
[Address] ***@*** (StrCmpCW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F6B0D)
[Address] ***@*** (QISearch) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EDEB8)
[Address] ***@*** (StrCmpICA) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EDF6D)
[Address] ***@*** (GetUserDefaultUILanguage) : api-ms-win-core-localization-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F172A)
[Address] ***@*** (CoRegisterMessageFilter) : api-ms-win-core-com-private-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DC91D2)
[Address] ***@*** (SHRegGetUSValueW) : api-ms-win-core-registryuserspecific-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74910829)
[Address] ***@*** (SHRegGetBoolUSValueW) : api-ms-win-core-registryuserspecific-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74917F7A)
[Address] ***@*** (PathRemoveExtensionW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74901111)
[Address] ***@*** (PathIsFileSpecW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x749174FF)
[Address] ***@*** (PathGetDriveNumberW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7493D9BF)
[Address] ***@*** (PathRemoveFileSpecW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7491208C)
[Address] ***@*** (PathCommonPrefixW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74900BFB)
[Address] ***@*** (PathStripPathW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x749426F0)
[Address] ***@*** (PathStripToRootW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7491224C)
[Address] ***@*** (PathFindExtensionW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F9964)
[Address] ***@*** (PathQuoteSpacesW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74937B36)
[Address] ***@*** (SHExpandEnvironmentStringsW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F9C9B)
[Address] ***@*** (PathFileExistsW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F6B45)
[Address] ***@*** (PathGetArgsW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7493BE61)
[Address] ***@*** (PathRemoveBlanksW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7490A588)
[Address] ***@*** (PathFindFileNameW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7493D899)
[Address] ***@*** (PathCombineW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FE1CF)
[Address] ***@*** (PathParseIconLocationW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74942A5F)
[Address] ***@*** (PathIsRootW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FE367)
[Address] ***@*** (PathIsPrefixW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74900D6E)
[Address] ***@*** (RegCreateKeyW) : api-ms-win-core-registry-l2-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\advapi32.dll @ 0x767F879E)
[Address] ***@*** (SetWindowPos) : USER32.dll -> HOOKED (C:\Program Files\IObit\Start Menu 8\StartMenuDll32.dll @ 0x0CEEE5B4)
[Address] ***@*** (RoGetActivationFactory) : api-ms-win-core-winrt-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DD76B7)
[Address] ***@*** (WindowsDeleteString) : api-ms-win-core-winrt-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DD1360)
[Address] ***@*** (WindowsCreateString) : api-ms-win-core-winrt-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DD15A1)
[Address] ***@*** (WindowsGetStringRawBuffer) : api-ms-win-core-winrt-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DD116D)
[Address] ***@*** (GetLocaleInfoW) : api-ms-win-core-localization-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F3457)
[Address] ***@*** (GetThreadUILanguage) : api-ms-win-core-localization-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74900B2D)
[Address] ***@*** (QueryFullProcessImageNameW) : api-ms-win-core-psapi-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7493E179)
[Address] ***@*** (StopTraceW) : api-ms-win-eventing-controller-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74932934)
[Address] ***@*** (EnableTraceEx2) : api-ms-win-eventing-controller-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7492960E)
[Address] ***@*** (StartTraceW) : api-ms-win-eventing-controller-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74929E6F)
[Address] ***@*** (DeactivateActCtx) : api-ms-win-core-sidebyside-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F029B)
[Address] ***@*** (ReleaseActCtx) : api-ms-win-core-sidebyside-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F025F)
[Address] ***@*** (ActivateActCtx) : api-ms-win-core-sidebyside-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F027D)
[Address] ***@*** (CreateActCtxW) : api-ms-win-core-sidebyside-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F67FF)
[Address] ***@*** (ChangeTimerQueueTimer) : api-ms-win-core-threadpool-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EE072)
[Address] ***@*** (DeleteTimerQueueTimer) : api-ms-win-core-threadpool-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F056D)
[Address] ***@*** (CreateTimerQueueTimer) : api-ms-win-core-threadpool-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F05BA)
[Address] ***@*** (QueueUserWorkItem) : api-ms-win-core-threadpool-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EE81C)
¤¤¤ Ruches Externes: ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200AAJS-22B4A0 ATA Device +++++
--- User ---
[MBR] a6b2c0157ceb6bc0df1aef3564376b74
[BSP] 478a21cc65b76290820884f959b03bbc : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 9993 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20467712 | Size: 147757 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 323074048 | Size: 147493 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[0]_S_11112013_142059.txt >>
* Quitte tous tes programmes en cours
* Sous Vista/Seven , clique droit -> lancer en tant qu'administrateur
* Sinon lance simplement RogueKiller.exe
* Patiente pendant le pre-scan, clique sur Scan
* Vérifie que tous les éléments sont cochés puis clique sur Suppression
* Poste le rapport RKreport.txt présent sur le bureau.
Ensuite passe
http://www.security-helpzone.com/gen-hackman/pre_scan-2/canned-speech/
* Sous Vista/Seven , clique droit -> lancer en tant qu'administrateur
* Sinon lance simplement RogueKiller.exe
* Patiente pendant le pre-scan, clique sur Scan
* Vérifie que tous les éléments sont cochés puis clique sur Suppression
* Poste le rapport RKreport.txt présent sur le bureau.
Ensuite passe
http://www.security-helpzone.com/gen-hackman/pre_scan-2/canned-speech/
RogueKiller V8.7.7 [Nov 11 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.adlice.com/forum/
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows 8 (6.2.9200 ) 32 bits version
Demarrage : Mode normal
Utilisateur : SEON [Droits d'admin]
Mode : Suppression -- Date : 11/11/2013 14:38:33
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 1 ¤¤¤
[ZeroAccess][SERVICE] ???etadpug -- "C:\Program Files\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\ \...\?????\{e3072a35-4f20-999f-fabf-c5b004537304}\GoogleUpdate.exe" < [x] -> STOPPÉ
¤¤¤ Entrees de registre : 10 ¤¤¤
[RUN][ZeroAccess] HKCU\[...]\Run : Google Update ("C:\Users\SEON\AppData\Local\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\?????????\?????????\?????\{e3072a35-4f20-999f-fabf-c5b004537304}\GoogleUpdate.exe" >) -> SUPPRIMÉ
[RUN][BLPATH] HKCU\[...]\Run : cacaoweb ("C:\Users\SEON\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer [-]) -> SUPPRIMÉ
[RUN][ZeroAccess] HKUS\S-1-5-21-2477481718-727868231-2274151261-1000\[...]\Run : Google Update ("C:\Users\SEON\AppData\Local\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\?????????\?????????\?????\{e3072a35-4f20-999f-fabf-c5b004537304}\GoogleUpdate.exe" >) -> [0xc0000034] Unknown error
[RUN][BLPATH] HKUS\S-1-5-21-2477481718-727868231-2274151261-1000\[...]\Run : cacaoweb ("C:\Users\SEON\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer [-]) -> [0x2] Le fichier spécifié est introuvable.
[SERVICE][ZeroAccess] HKLM\[...]\CCSet\[...]\Services : ???etadpug ("C:\Program Files\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\ \...\?????\{e3072a35-4f20-999f-fabf-c5b004537304}\GoogleUpdate.exe" < [x]) -> SUPPRIMÉ
[SERVICE][ZeroAccess] HKLM\[...]\CS001\[...]\Services : ???etadpug ("C:\Program Files\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\ \...\?????\{e3072a35-4f20-999f-fabf-c5b004537304}\GoogleUpdate.exe" < [x]) -> [0x2] Le fichier spécifié est introuvable.
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)
¤¤¤ Tâches planifiées : 0 ¤¤¤
¤¤¤ Entrées Startup : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][Fichier] Desktop.ini : C:\Windows\assembly\GAC\Desktop.ini [-] --> SUPPRIMÉ
[ZeroAccess][Jonction] fr-FR : C:\Program Files\Windows Defender\fr-FR >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] SymSrv.yes : C:\Program Files\Windows Defender\SymSrv.yes >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Repertoire] Install : C:\Users\SEON\AppData\Local\Google\Desktop\Install [-] --> SUPPRIMÉ
[ZeroAccess][Repertoire] Install : C:\Program Files\Google\Desktop\Install [-] --> SUPPRIMÉ
[ZeroAccess][Fichier] @ : C:\Users\SEON\AppData\Local\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\?????????\?????????\?????\{e3072a35-4f20-999f-fabf-c5b004537304}\@ [-] --> SUPPRIMÉ
[ZeroAccess][Repertoire] L : C:\Users\SEON\AppData\Local\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\?????????\?????????\?????\{e3072a35-4f20-999f-fabf-c5b004537304}\L [-] --> SUPPRIMÉ
[ZeroAccess][Repertoire] U : C:\Users\SEON\AppData\Local\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\?????????\?????????\?????\{e3072a35-4f20-999f-fabf-c5b004537304}\U [-] --> SUPPRIMÉ
[ZeroAccess][Repertoire] {e3072a35-4f20-999f-fabf-c5b004537304} : C:\Users\SEON\AppData\Local\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\?????????\?????????\?????\{e3072a35-4f20-999f-fabf-c5b004537304} [-] --> SUPPRIMÉ
[ZeroAccess][Repertoire] ????? : C:\Users\SEON\AppData\Local\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\?????????\?????????\????? [-] --> SUPPRIMÉ
[ZeroAccess][Repertoire] ????????? : C:\Users\SEON\AppData\Local\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\?????????\????????? [-] --> SUPPRIMÉ
[ZeroAccess][Repertoire] ????????? : C:\Users\SEON\AppData\Local\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\????????? [-] --> SUPPRIMÉ
[ZeroAccess][Repertoire] {e3072a35-4f20-999f-fabf-c5b004537304} : C:\Users\SEON\AppData\Local\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304} [-] --> SUPPRIMÉ
[ZeroAccess][Fichier] @ : C:\Program Files\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\ \...\?????\{e3072a35-4f20-999f-fabf-c5b004537304}\@ [-] --> SUPPRIMÉ
[ZeroAccess][Fichier] 00000004.@ : C:\Program Files\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\ \...\?????\{e3072a35-4f20-999f-fabf-c5b004537304}\L\00000004.@ [-] --> SUPPRIMÉ
[ZeroAccess][Repertoire] L : C:\Program Files\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\ \...\?????\{e3072a35-4f20-999f-fabf-c5b004537304}\L [-] --> SUPPRIMÉ
[ZeroAccess][Fichier] trzA1D9.tmp : C:\Program Files\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\ \...\?????\{e3072a35-4f20-999f-fabf-c5b004537304}\trzA1D9.tmp [-] --> SUPPRIMÉ
[ZeroAccess][Fichier] 00000004.@ : C:\Program Files\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\ \...\?????\{e3072a35-4f20-999f-fabf-c5b004537304}\U\00000004.@ [-] --> SUPPRIMÉ
[ZeroAccess][Fichier] 00000008.@ : C:\Program Files\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\ \...\?????\{e3072a35-4f20-999f-fabf-c5b004537304}\U\00000008.@ [-] --> SUPPRIMÉ
[ZeroAccess][Fichier] 000000cb.@ : C:\Program Files\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\ \...\?????\{e3072a35-4f20-999f-fabf-c5b004537304}\U\000000cb.@ [-] --> SUPPRIMÉ
[ZeroAccess][Fichier] 80000000.@ : C:\Program Files\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\ \...\?????\{e3072a35-4f20-999f-fabf-c5b004537304}\U\80000000.@ [-] --> SUPPRIMÉ
[ZeroAccess][Repertoire] U : C:\Program Files\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\ \...\?????\{e3072a35-4f20-999f-fabf-c5b004537304}\U [-] --> SUPPRIMÉ
[ZeroAccess][Repertoire] {e3072a35-4f20-999f-fabf-c5b004537304} : C:\Program Files\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\ \...\?????\{e3072a35-4f20-999f-fabf-c5b004537304} [-] --> SUPPRIMÉ
[ZeroAccess][Repertoire] ????? : C:\Program Files\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\ \...\????? [-] --> SUPPRIMÉ
[ZeroAccess][Repertoire] ... : C:\Program Files\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\ \... [-] --> SUPPRIMÉ
[ZeroAccess][Repertoire] : C:\Program Files\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\ [-] --> SUPPRIMÉ
[ZeroAccess][Repertoire] {e3072a35-4f20-999f-fabf-c5b004537304} : C:\Program Files\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304} [-] --> SUPPRIMÉ
¤¤¤ Driver : [CHARGE] ¤¤¤
[Address] ***@*** (CoTaskMemFree) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D83700)
[Address] ***@*** (CoInitializeEx) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D99DF5)
[Address] ***@*** (CoUninitialize) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D9963D)
[Address] ***@*** (CreateStreamOnHGlobal) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DC97D7)
[Address] ***@*** (CoGetApartmentType) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D9A9CD)
[Address] ***@*** (CoWaitForMultipleHandles) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DC8B73)
[Address] ***@*** (CoFreeUnusedLibraries) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DD2329)
[Address] ***@*** (CoEnableCallCancellation) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DA6635)
[Address] ***@*** (CoDisableCallCancellation) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DA666B)
[Address] ***@*** (CoCancelCall) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74E2E323)
[Address] ***@*** (StringFromGUID2) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D9A428)
[Address] ***@*** (PropVariantClear) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D9AAF0)
[Address] ***@*** (CoMarshalInterThreadInterfaceInStream) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DCF6D4)
[Address] ***@*** (CoReleaseMarshalData) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DA96E2)
[Address] ***@*** (CoCreateInstance) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D9C859)
[Address] ***@*** (CoRevokeClassObject) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DD34F6)
[Address] ***@*** (CoRegisterClassObject) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DD4757)
[Address] ***@*** (CoGetInterfaceAndReleaseStream) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DCF684)
[Address] ***@*** (CoGetMalloc) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D83838)
[Address] ***@*** (CoCreateFreeThreadedMarshaler) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D9D270)
[Address] ***@*** (CoTaskMemAlloc) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D837D7)
[Address] ***@*** (CLSIDFromString) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DC8056)
[Address] ***@*** (CoTaskMemRealloc) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D9AACA)
[Address] ***@*** (InterlockedExchange) : api-ms-win-core-interlocked-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ECEF9)
[Address] ***@*** (InterlockedIncrement) : api-ms-win-core-interlocked-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ECE9B)
[Address] ***@*** (InterlockedCompareExchange) : api-ms-win-core-interlocked-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ECF0C)
[Address] ***@*** (InterlockedDecrement) : api-ms-win-core-interlocked-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ECE8A)
[Address] ***@*** (RegCreateKeyExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7490B580)
[Address] ***@*** (RegEnumValueW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FC5C4)
[Address] ***@*** (RegQueryInfoKeyW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FC171)
[Address] ***@*** (RegQueryValueExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EFBB6)
[Address] ***@*** (RegCloseKey) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EF832)
[Address] ***@*** (RegOpenKeyExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EF625)
[Address] ***@*** (RegGetValueW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F296A)
[Address] ***@*** (RegOpenCurrentUser) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F63B3)
[Address] ***@*** (RegEnumKeyExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FAA19)
[Address] ***@*** (RegDeleteValueW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74901401)
[Address] ***@*** (RegSetValueExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7490B72B)
[Address] ***@*** (OpenProcessToken) : api-ms-win-core-processthreads-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EE647)
[Address] ***@*** (OpenThreadToken) : api-ms-win-core-processthreads-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EE612)
[Address] ***@*** (CloseHandle) : api-ms-win-core-handle-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ED140)
[Address] ***@*** (DuplicateHandle) : api-ms-win-core-handle-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EDA22)
[Address] ***@*** (SetUnhandledExceptionFilter) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x749070D7)
[Address] ***@*** (SetErrorMode) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F2EBF)
[Address] ***@*** (GetLastError) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ECEEF)
[Address] ***@*** (RaiseException) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F1F9B)
[Address] ***@*** (UnhandledExceptionFilter) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7497705F)
[Address] ***@*** (WaitForSingleObject) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748E2151)
[Address] ***@*** (OpenMutexW) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FBACE)
[Address] ***@*** (InitializeCriticalSectionEx) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F53BA)
[Address] ***@*** (WaitForMultipleObjectsEx) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ECFBE)
[Address] ***@*** (SetEvent) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ED08C)
[Address] ***@*** (OpenEventW) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F229A)
[Address] ***@*** (CreateEventW) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ED997)
[Address] ***@*** (ResetEvent) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ED0B2)
[Address] ***@*** (CreateMutexW) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F0EE1)
[Address] ***@*** (ReleaseMutex) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748E1005)
[Address] ***@*** (Sleep) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748E2284)
[Address] ***@*** (CharNextW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F663E)
[Address] ***@*** (CharUpperW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F695B)
[Address] ***@*** (CharPrevW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F9AAC)
[Address] ***@*** (CharLowerW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FE111)
[Address] ***@*** (IsCharAlphaNumericW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FBDE7)
[Address] ***@*** (HeapDestroy) : api-ms-win-core-heap-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F04F7)
[Address] ***@*** (HeapSetInformation) : api-ms-win-core-heap-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F467B)
[Address] ***@*** (GetProcessHeap) : api-ms-win-core-heap-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ECEB1)
[Address] ***@*** (WideCharToMultiByte) : api-ms-win-core-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F1CCD)
[Address] ***@*** (MultiByteToWideChar) : api-ms-win-core-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F0C61)
[Address] ***@*** (CompareStringW) : api-ms-win-core-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EEC17)
[Address] ***@*** (CompareStringOrdinal) : api-ms-win-core-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F7E2F)
[Address] ***@*** (FreeLibrary) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EDD11)
[Address] ***@*** (GetProcAddress) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EFCFE)
[Address] ***@*** (LoadLibraryExW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F273E)
[Address] ***@*** (LockResource) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ED7DF)
[Address] ***@*** (GetModuleHandleW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EDC84)
[Address] ***@*** (LoadResource) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F75B2)
[Address] ***@*** (FindResourceExW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F748B)
[Address] ***@*** (GetModuleFileNameW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EE0AF)
[Address] ***@*** (FreeLibraryAndExitThread) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EE033)
[Address] ***@*** (GetModuleHandleExW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F20DA)
[Address] ***@*** (LoadStringW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F3BD1)
[Address] ***@*** (GetModuleHandleA) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EE3CA)
[Address] ***@*** (GetCurrentDirectoryW) : api-ms-win-core-processenvironment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F54B6)
[Address] ***@*** (GetCommandLineW) : api-ms-win-core-processenvironment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F53E2)
[Address] ***@*** (SearchPathW) : api-ms-win-core-processenvironment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7493C406)
[Address] ***@*** (ExpandEnvironmentStringsW) : api-ms-win-core-processenvironment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EEDE9)
[Address] ***@*** (CallNtPowerInformation) : api-ms-win-power-base-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\powrprof.dll @ 0x74751DCC)
[Address] ***@*** (GetPwrCapabilities) : api-ms-win-power-base-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\powrprof.dll @ 0x7475367D)
[Address] ***@*** (GetTokenInformation) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EE773)
[Address] ***@*** (GetSidSubAuthority) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F6446)
[Address] ***@*** (CreateWellKnownSid) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74902A05)
[Address] ***@*** (GetLengthSid) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EE66F)
[Address] ***@*** (IsValidSid) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EE6D5)
[Address] ***@*** (CopySid) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EE688)
[Address] ***@*** (GetSidSubAuthorityCount) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F645F)
[Address] ***@*** (CheckTokenMembership) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F0329)
[Address] ***@*** (PathCchAddExtension) : api-ms-win-core-path-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7491A8C1)
[Address] ***@*** (PathCchCombine) : api-ms-win-core-path-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F86CF)
[Address] ***@*** (PathCchAppend) : api-ms-win-core-path-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x749011EC)
[Address] ***@*** (GetLongPathNameW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74912C8D)
[Address] ***@*** (ReadFile) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F384C)
[Address] ***@*** (CreateFileW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F26CE)
[Address] ***@*** (WriteFile) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EDA7F)
[Address] ***@*** (GetFileSize) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F02B9)
[Address] ***@*** (FindClose) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F4A48)
[Address] ***@*** (CompareFileTime) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F1648)
[Address] ***@*** (DeleteFileW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F402F)
[Address] ***@*** (FindNextFileW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F4B4D)
[Address] ***@*** (FindFirstFileW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F49EA)
[Address] ***@*** (GetFileAttributesW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F2D76)
[Address] ***@*** (GetTickCount64) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ED21E)
[Address] ***@*** (GetTickCount) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ECE5B)
[Address] ***@*** (GetProductInfo) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7490A3A1)
[Address] ***@*** (GetVersionExW) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EEE47)
[Address] ***@*** (GetSystemDirectoryW) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F43EE)
[Address] ***@*** (GetSystemTimeAsFileTime) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ED306)
[Address] ***@*** (GetSystemTime) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EECE5)
[Address] ***@*** (GetWindowsDirectoryW) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F69A0)
[Address] ***@*** (GetLocalTime) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EF145)
[Address] ***@*** (GetDynamicTimeZoneInformation) : api-ms-win-core-timezone-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74932B27)
[Address] ***@*** (GetTimeZoneInformation) : api-ms-win-core-timezone-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x749000B1)
[Address] ***@*** (SystemTimeToFileTime) : api-ms-win-core-timezone-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F2141)
[Address] ***@*** (GetTimeFormatEx) : api-ms-win-core-datetime-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74902599)
[Address] ***@*** (GetDateFormatEx) : api-ms-win-core-datetime-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x749025C9)
[Address] ***@*** (GetDateFormatW) : api-ms-win-core-datetime-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74912516)
[Address] ***@*** (MapViewOfFile) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F2BB9)
[Address] ***@*** (VirtualAlloc) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ED3DD)
[Address] ***@*** (UnmapViewOfFile) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ED2A3)
[Address] ***@*** (CreateFileMappingW) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F2D4F)
[Address] ***@*** (VirtualFree) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EDD5A)
[Address] ***@*** (StrStrIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FF51E)
[Address] ***@*** (StrTrimW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FDF67)
[Address] ***@*** (StrCmpNICW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7493D843)
[Address] ***@*** (StrCmpNW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7493CC6A)
[Address] ***@*** (StrToIntW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7493DD73)
[Address] ***@*** (StrChrW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7493D80F)
[Address] ***@*** (StrCmpICW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7493D76D)
[Address] ***@*** (StrCmpNIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FF7C6)
[Address] ***@*** (StrRStrIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74937664)
[Address] ***@*** (StrCmpIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x749143B9)
[Address] ***@*** (SHLoadIndirectString) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FFB3B)
[Address] ***@*** (StrChrIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74915923)
[Address] ***@*** (StrCmpW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7493CED7)
[Address] ***@*** (StrCmpCW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F6B0D)
[Address] ***@*** (QISearch) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EDEB8)
[Address] ***@*** (StrCmpICA) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EDF6D)
[Address] ***@*** (GetUserDefaultUILanguage) : api-ms-win-core-localization-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F172A)
[Address] ***@*** (CoRegisterMessageFilter) : api-ms-win-core-com-private-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DC91D2)
[Address] ***@*** (SHRegGetUSValueW) : api-ms-win-core-registryuserspecific-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74910829)
[Address] ***@*** (SHRegGetBoolUSValueW) : api-ms-win-core-registryuserspecific-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74917F7A)
[Address] ***@*** (PathRemoveExtensionW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74901111)
[Address] ***@*** (PathIsFileSpecW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x749174FF)
[Address] ***@*** (PathGetDriveNumberW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7493D9BF)
[Address] ***@*** (PathRemoveFileSpecW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7491208C)
[Address] ***@*** (PathCommonPrefixW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74900BFB)
[Address] ***@*** (PathStripPathW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x749426F0)
[Address] ***@*** (PathStripToRootW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7491224C)
[Address] ***@*** (PathFindExtensionW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F9964)
[Address] ***@*** (PathQuoteSpacesW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74937B36)
[Address] ***@*** (SHExpandEnvironmentStringsW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F9C9B)
[Address] ***@*** (PathFileExistsW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F6B45)
[Address] ***@*** (PathGetArgsW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7493BE61)
[Address] ***@*** (PathRemoveBlanksW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7490A588)
[Address] ***@*** (PathFindFileNameW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7493D899)
[Address] ***@*** (PathCombineW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FE1CF)
[Address] ***@*** (PathParseIconLocationW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74942A5F)
[Address] ***@*** (PathIsRootW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FE367)
[Address] ***@*** (PathIsPrefixW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74900D6E)
[Address] ***@*** (RegCreateKeyW) : api-ms-win-core-registry-l2-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\advapi32.dll @ 0x767F879E)
[Address] ***@*** (SetWindowPos) : USER32.dll -> HOOKED (C:\Program Files\IObit\Start Menu 8\StartMenuDll32.dll @ 0x0CEEE5B4)
[Address] ***@*** (RoGetActivationFactory) : api-ms-win-core-winrt-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DD76B7)
[Address] ***@*** (WindowsDeleteString) : api-ms-win-core-winrt-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DD1360)
[Address] ***@*** (WindowsCreateString) : api-ms-win-core-winrt-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DD15A1)
[Address] ***@*** (WindowsGetStringRawBuffer) : api-ms-win-core-winrt-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DD116D)
[Address] ***@*** (GetLocaleInfoW) : api-ms-win-core-localization-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F3457)
[Address] ***@*** (GetThreadUILanguage) : api-ms-win-core-localization-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74900B2D)
[Address] ***@*** (QueryFullProcessImageNameW) : api-ms-win-core-psapi-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7493E179)
[Address] ***@*** (StopTraceW) : api-ms-win-eventing-controller-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74932934)
[Address] ***@*** (EnableTraceEx2) : api-ms-win-eventing-controller-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7492960E)
[Address] ***@*** (StartTraceW) : api-ms-win-eventing-controller-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74929E6F)
[Address] ***@*** (DeactivateActCtx) : api-ms-win-core-sidebyside-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F029B)
[Address] ***@*** (ReleaseActCtx) : api-ms-win-core-sidebyside-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F025F)
[Address] ***@*** (ActivateActCtx) : api-ms-win-core-sidebyside-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F027D)
[Address] ***@*** (CreateActCtxW) : api-ms-win-core-sidebyside-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F67FF)
[Address] ***@*** (ChangeTimerQueueTimer) : api-ms-win-core-threadpool-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EE072)
[Address] ***@*** (DeleteTimerQueueTimer) : api-ms-win-core-threadpool-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F056D)
[Address] ***@*** (CreateTimerQueueTimer) : api-ms-win-core-threadpool-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F05BA)
[Address] ***@*** (QueueUserWorkItem) : api-ms-win-core-threadpool-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EE81C)
¤¤¤ Ruches Externes: ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200AAJS-22B4A0 ATA Device +++++
--- User ---
[MBR] a6b2c0157ceb6bc0df1aef3564376b74
[BSP] 478a21cc65b76290820884f959b03bbc : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 9993 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20467712 | Size: 147757 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 323074048 | Size: 147493 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[0]_D_11112013_143833.txt >>
RKreport[0]_S_11112013_142059.txt;RKreport[0]_S_11112013_143751.txt
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.adlice.com/forum/
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows 8 (6.2.9200 ) 32 bits version
Demarrage : Mode normal
Utilisateur : SEON [Droits d'admin]
Mode : Suppression -- Date : 11/11/2013 14:38:33
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 1 ¤¤¤
[ZeroAccess][SERVICE] ???etadpug -- "C:\Program Files\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\ \...\?????\{e3072a35-4f20-999f-fabf-c5b004537304}\GoogleUpdate.exe" < [x] -> STOPPÉ
¤¤¤ Entrees de registre : 10 ¤¤¤
[RUN][ZeroAccess] HKCU\[...]\Run : Google Update ("C:\Users\SEON\AppData\Local\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\?????????\?????????\?????\{e3072a35-4f20-999f-fabf-c5b004537304}\GoogleUpdate.exe" >) -> SUPPRIMÉ
[RUN][BLPATH] HKCU\[...]\Run : cacaoweb ("C:\Users\SEON\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer [-]) -> SUPPRIMÉ
[RUN][ZeroAccess] HKUS\S-1-5-21-2477481718-727868231-2274151261-1000\[...]\Run : Google Update ("C:\Users\SEON\AppData\Local\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\?????????\?????????\?????\{e3072a35-4f20-999f-fabf-c5b004537304}\GoogleUpdate.exe" >) -> [0xc0000034] Unknown error
[RUN][BLPATH] HKUS\S-1-5-21-2477481718-727868231-2274151261-1000\[...]\Run : cacaoweb ("C:\Users\SEON\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer [-]) -> [0x2] Le fichier spécifié est introuvable.
[SERVICE][ZeroAccess] HKLM\[...]\CCSet\[...]\Services : ???etadpug ("C:\Program Files\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\ \...\?????\{e3072a35-4f20-999f-fabf-c5b004537304}\GoogleUpdate.exe" < [x]) -> SUPPRIMÉ
[SERVICE][ZeroAccess] HKLM\[...]\CS001\[...]\Services : ???etadpug ("C:\Program Files\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\ \...\?????\{e3072a35-4f20-999f-fabf-c5b004537304}\GoogleUpdate.exe" < [x]) -> [0x2] Le fichier spécifié est introuvable.
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)
¤¤¤ Tâches planifiées : 0 ¤¤¤
¤¤¤ Entrées Startup : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][Fichier] Desktop.ini : C:\Windows\assembly\GAC\Desktop.ini [-] --> SUPPRIMÉ
[ZeroAccess][Jonction] fr-FR : C:\Program Files\Windows Defender\fr-FR >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] SymSrv.yes : C:\Program Files\Windows Defender\SymSrv.yes >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Repertoire] Install : C:\Users\SEON\AppData\Local\Google\Desktop\Install [-] --> SUPPRIMÉ
[ZeroAccess][Repertoire] Install : C:\Program Files\Google\Desktop\Install [-] --> SUPPRIMÉ
[ZeroAccess][Fichier] @ : C:\Users\SEON\AppData\Local\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\?????????\?????????\?????\{e3072a35-4f20-999f-fabf-c5b004537304}\@ [-] --> SUPPRIMÉ
[ZeroAccess][Repertoire] L : C:\Users\SEON\AppData\Local\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\?????????\?????????\?????\{e3072a35-4f20-999f-fabf-c5b004537304}\L [-] --> SUPPRIMÉ
[ZeroAccess][Repertoire] U : C:\Users\SEON\AppData\Local\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\?????????\?????????\?????\{e3072a35-4f20-999f-fabf-c5b004537304}\U [-] --> SUPPRIMÉ
[ZeroAccess][Repertoire] {e3072a35-4f20-999f-fabf-c5b004537304} : C:\Users\SEON\AppData\Local\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\?????????\?????????\?????\{e3072a35-4f20-999f-fabf-c5b004537304} [-] --> SUPPRIMÉ
[ZeroAccess][Repertoire] ????? : C:\Users\SEON\AppData\Local\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\?????????\?????????\????? [-] --> SUPPRIMÉ
[ZeroAccess][Repertoire] ????????? : C:\Users\SEON\AppData\Local\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\?????????\????????? [-] --> SUPPRIMÉ
[ZeroAccess][Repertoire] ????????? : C:\Users\SEON\AppData\Local\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\????????? [-] --> SUPPRIMÉ
[ZeroAccess][Repertoire] {e3072a35-4f20-999f-fabf-c5b004537304} : C:\Users\SEON\AppData\Local\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304} [-] --> SUPPRIMÉ
[ZeroAccess][Fichier] @ : C:\Program Files\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\ \...\?????\{e3072a35-4f20-999f-fabf-c5b004537304}\@ [-] --> SUPPRIMÉ
[ZeroAccess][Fichier] 00000004.@ : C:\Program Files\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\ \...\?????\{e3072a35-4f20-999f-fabf-c5b004537304}\L\00000004.@ [-] --> SUPPRIMÉ
[ZeroAccess][Repertoire] L : C:\Program Files\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\ \...\?????\{e3072a35-4f20-999f-fabf-c5b004537304}\L [-] --> SUPPRIMÉ
[ZeroAccess][Fichier] trzA1D9.tmp : C:\Program Files\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\ \...\?????\{e3072a35-4f20-999f-fabf-c5b004537304}\trzA1D9.tmp [-] --> SUPPRIMÉ
[ZeroAccess][Fichier] 00000004.@ : C:\Program Files\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\ \...\?????\{e3072a35-4f20-999f-fabf-c5b004537304}\U\00000004.@ [-] --> SUPPRIMÉ
[ZeroAccess][Fichier] 00000008.@ : C:\Program Files\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\ \...\?????\{e3072a35-4f20-999f-fabf-c5b004537304}\U\00000008.@ [-] --> SUPPRIMÉ
[ZeroAccess][Fichier] 000000cb.@ : C:\Program Files\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\ \...\?????\{e3072a35-4f20-999f-fabf-c5b004537304}\U\000000cb.@ [-] --> SUPPRIMÉ
[ZeroAccess][Fichier] 80000000.@ : C:\Program Files\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\ \...\?????\{e3072a35-4f20-999f-fabf-c5b004537304}\U\80000000.@ [-] --> SUPPRIMÉ
[ZeroAccess][Repertoire] U : C:\Program Files\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\ \...\?????\{e3072a35-4f20-999f-fabf-c5b004537304}\U [-] --> SUPPRIMÉ
[ZeroAccess][Repertoire] {e3072a35-4f20-999f-fabf-c5b004537304} : C:\Program Files\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\ \...\?????\{e3072a35-4f20-999f-fabf-c5b004537304} [-] --> SUPPRIMÉ
[ZeroAccess][Repertoire] ????? : C:\Program Files\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\ \...\????? [-] --> SUPPRIMÉ
[ZeroAccess][Repertoire] ... : C:\Program Files\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\ \... [-] --> SUPPRIMÉ
[ZeroAccess][Repertoire] : C:\Program Files\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304}\ [-] --> SUPPRIMÉ
[ZeroAccess][Repertoire] {e3072a35-4f20-999f-fabf-c5b004537304} : C:\Program Files\Google\Desktop\Install\{e3072a35-4f20-999f-fabf-c5b004537304} [-] --> SUPPRIMÉ
¤¤¤ Driver : [CHARGE] ¤¤¤
[Address] ***@*** (CoTaskMemFree) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D83700)
[Address] ***@*** (CoInitializeEx) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D99DF5)
[Address] ***@*** (CoUninitialize) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D9963D)
[Address] ***@*** (CreateStreamOnHGlobal) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DC97D7)
[Address] ***@*** (CoGetApartmentType) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D9A9CD)
[Address] ***@*** (CoWaitForMultipleHandles) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DC8B73)
[Address] ***@*** (CoFreeUnusedLibraries) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DD2329)
[Address] ***@*** (CoEnableCallCancellation) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DA6635)
[Address] ***@*** (CoDisableCallCancellation) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DA666B)
[Address] ***@*** (CoCancelCall) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74E2E323)
[Address] ***@*** (StringFromGUID2) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D9A428)
[Address] ***@*** (PropVariantClear) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D9AAF0)
[Address] ***@*** (CoMarshalInterThreadInterfaceInStream) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DCF6D4)
[Address] ***@*** (CoReleaseMarshalData) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DA96E2)
[Address] ***@*** (CoCreateInstance) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D9C859)
[Address] ***@*** (CoRevokeClassObject) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DD34F6)
[Address] ***@*** (CoRegisterClassObject) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DD4757)
[Address] ***@*** (CoGetInterfaceAndReleaseStream) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DCF684)
[Address] ***@*** (CoGetMalloc) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D83838)
[Address] ***@*** (CoCreateFreeThreadedMarshaler) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D9D270)
[Address] ***@*** (CoTaskMemAlloc) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D837D7)
[Address] ***@*** (CLSIDFromString) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DC8056)
[Address] ***@*** (CoTaskMemRealloc) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74D9AACA)
[Address] ***@*** (InterlockedExchange) : api-ms-win-core-interlocked-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ECEF9)
[Address] ***@*** (InterlockedIncrement) : api-ms-win-core-interlocked-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ECE9B)
[Address] ***@*** (InterlockedCompareExchange) : api-ms-win-core-interlocked-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ECF0C)
[Address] ***@*** (InterlockedDecrement) : api-ms-win-core-interlocked-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ECE8A)
[Address] ***@*** (RegCreateKeyExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7490B580)
[Address] ***@*** (RegEnumValueW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FC5C4)
[Address] ***@*** (RegQueryInfoKeyW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FC171)
[Address] ***@*** (RegQueryValueExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EFBB6)
[Address] ***@*** (RegCloseKey) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EF832)
[Address] ***@*** (RegOpenKeyExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EF625)
[Address] ***@*** (RegGetValueW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F296A)
[Address] ***@*** (RegOpenCurrentUser) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F63B3)
[Address] ***@*** (RegEnumKeyExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FAA19)
[Address] ***@*** (RegDeleteValueW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74901401)
[Address] ***@*** (RegSetValueExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7490B72B)
[Address] ***@*** (OpenProcessToken) : api-ms-win-core-processthreads-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EE647)
[Address] ***@*** (OpenThreadToken) : api-ms-win-core-processthreads-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EE612)
[Address] ***@*** (CloseHandle) : api-ms-win-core-handle-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ED140)
[Address] ***@*** (DuplicateHandle) : api-ms-win-core-handle-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EDA22)
[Address] ***@*** (SetUnhandledExceptionFilter) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x749070D7)
[Address] ***@*** (SetErrorMode) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F2EBF)
[Address] ***@*** (GetLastError) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ECEEF)
[Address] ***@*** (RaiseException) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F1F9B)
[Address] ***@*** (UnhandledExceptionFilter) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7497705F)
[Address] ***@*** (WaitForSingleObject) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748E2151)
[Address] ***@*** (OpenMutexW) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FBACE)
[Address] ***@*** (InitializeCriticalSectionEx) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F53BA)
[Address] ***@*** (WaitForMultipleObjectsEx) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ECFBE)
[Address] ***@*** (SetEvent) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ED08C)
[Address] ***@*** (OpenEventW) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F229A)
[Address] ***@*** (CreateEventW) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ED997)
[Address] ***@*** (ResetEvent) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ED0B2)
[Address] ***@*** (CreateMutexW) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F0EE1)
[Address] ***@*** (ReleaseMutex) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748E1005)
[Address] ***@*** (Sleep) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748E2284)
[Address] ***@*** (CharNextW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F663E)
[Address] ***@*** (CharUpperW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F695B)
[Address] ***@*** (CharPrevW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F9AAC)
[Address] ***@*** (CharLowerW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FE111)
[Address] ***@*** (IsCharAlphaNumericW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FBDE7)
[Address] ***@*** (HeapDestroy) : api-ms-win-core-heap-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F04F7)
[Address] ***@*** (HeapSetInformation) : api-ms-win-core-heap-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F467B)
[Address] ***@*** (GetProcessHeap) : api-ms-win-core-heap-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ECEB1)
[Address] ***@*** (WideCharToMultiByte) : api-ms-win-core-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F1CCD)
[Address] ***@*** (MultiByteToWideChar) : api-ms-win-core-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F0C61)
[Address] ***@*** (CompareStringW) : api-ms-win-core-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EEC17)
[Address] ***@*** (CompareStringOrdinal) : api-ms-win-core-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F7E2F)
[Address] ***@*** (FreeLibrary) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EDD11)
[Address] ***@*** (GetProcAddress) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EFCFE)
[Address] ***@*** (LoadLibraryExW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F273E)
[Address] ***@*** (LockResource) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ED7DF)
[Address] ***@*** (GetModuleHandleW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EDC84)
[Address] ***@*** (LoadResource) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F75B2)
[Address] ***@*** (FindResourceExW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F748B)
[Address] ***@*** (GetModuleFileNameW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EE0AF)
[Address] ***@*** (FreeLibraryAndExitThread) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EE033)
[Address] ***@*** (GetModuleHandleExW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F20DA)
[Address] ***@*** (LoadStringW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F3BD1)
[Address] ***@*** (GetModuleHandleA) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EE3CA)
[Address] ***@*** (GetCurrentDirectoryW) : api-ms-win-core-processenvironment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F54B6)
[Address] ***@*** (GetCommandLineW) : api-ms-win-core-processenvironment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F53E2)
[Address] ***@*** (SearchPathW) : api-ms-win-core-processenvironment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7493C406)
[Address] ***@*** (ExpandEnvironmentStringsW) : api-ms-win-core-processenvironment-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EEDE9)
[Address] ***@*** (CallNtPowerInformation) : api-ms-win-power-base-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\powrprof.dll @ 0x74751DCC)
[Address] ***@*** (GetPwrCapabilities) : api-ms-win-power-base-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\powrprof.dll @ 0x7475367D)
[Address] ***@*** (GetTokenInformation) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EE773)
[Address] ***@*** (GetSidSubAuthority) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F6446)
[Address] ***@*** (CreateWellKnownSid) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74902A05)
[Address] ***@*** (GetLengthSid) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EE66F)
[Address] ***@*** (IsValidSid) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EE6D5)
[Address] ***@*** (CopySid) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EE688)
[Address] ***@*** (GetSidSubAuthorityCount) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F645F)
[Address] ***@*** (CheckTokenMembership) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F0329)
[Address] ***@*** (PathCchAddExtension) : api-ms-win-core-path-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7491A8C1)
[Address] ***@*** (PathCchCombine) : api-ms-win-core-path-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F86CF)
[Address] ***@*** (PathCchAppend) : api-ms-win-core-path-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x749011EC)
[Address] ***@*** (GetLongPathNameW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74912C8D)
[Address] ***@*** (ReadFile) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F384C)
[Address] ***@*** (CreateFileW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F26CE)
[Address] ***@*** (WriteFile) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EDA7F)
[Address] ***@*** (GetFileSize) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F02B9)
[Address] ***@*** (FindClose) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F4A48)
[Address] ***@*** (CompareFileTime) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F1648)
[Address] ***@*** (DeleteFileW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F402F)
[Address] ***@*** (FindNextFileW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F4B4D)
[Address] ***@*** (FindFirstFileW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F49EA)
[Address] ***@*** (GetFileAttributesW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F2D76)
[Address] ***@*** (GetTickCount64) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ED21E)
[Address] ***@*** (GetTickCount) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ECE5B)
[Address] ***@*** (GetProductInfo) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7490A3A1)
[Address] ***@*** (GetVersionExW) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EEE47)
[Address] ***@*** (GetSystemDirectoryW) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F43EE)
[Address] ***@*** (GetSystemTimeAsFileTime) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ED306)
[Address] ***@*** (GetSystemTime) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EECE5)
[Address] ***@*** (GetWindowsDirectoryW) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F69A0)
[Address] ***@*** (GetLocalTime) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EF145)
[Address] ***@*** (GetDynamicTimeZoneInformation) : api-ms-win-core-timezone-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74932B27)
[Address] ***@*** (GetTimeZoneInformation) : api-ms-win-core-timezone-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x749000B1)
[Address] ***@*** (SystemTimeToFileTime) : api-ms-win-core-timezone-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F2141)
[Address] ***@*** (GetTimeFormatEx) : api-ms-win-core-datetime-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74902599)
[Address] ***@*** (GetDateFormatEx) : api-ms-win-core-datetime-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x749025C9)
[Address] ***@*** (GetDateFormatW) : api-ms-win-core-datetime-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74912516)
[Address] ***@*** (MapViewOfFile) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F2BB9)
[Address] ***@*** (VirtualAlloc) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ED3DD)
[Address] ***@*** (UnmapViewOfFile) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748ED2A3)
[Address] ***@*** (CreateFileMappingW) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F2D4F)
[Address] ***@*** (VirtualFree) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EDD5A)
[Address] ***@*** (StrStrIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FF51E)
[Address] ***@*** (StrTrimW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FDF67)
[Address] ***@*** (StrCmpNICW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7493D843)
[Address] ***@*** (StrCmpNW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7493CC6A)
[Address] ***@*** (StrToIntW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7493DD73)
[Address] ***@*** (StrChrW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7493D80F)
[Address] ***@*** (StrCmpICW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7493D76D)
[Address] ***@*** (StrCmpNIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FF7C6)
[Address] ***@*** (StrRStrIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74937664)
[Address] ***@*** (StrCmpIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x749143B9)
[Address] ***@*** (SHLoadIndirectString) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FFB3B)
[Address] ***@*** (StrChrIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74915923)
[Address] ***@*** (StrCmpW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7493CED7)
[Address] ***@*** (StrCmpCW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F6B0D)
[Address] ***@*** (QISearch) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EDEB8)
[Address] ***@*** (StrCmpICA) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EDF6D)
[Address] ***@*** (GetUserDefaultUILanguage) : api-ms-win-core-localization-obsolete-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F172A)
[Address] ***@*** (CoRegisterMessageFilter) : api-ms-win-core-com-private-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DC91D2)
[Address] ***@*** (SHRegGetUSValueW) : api-ms-win-core-registryuserspecific-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74910829)
[Address] ***@*** (SHRegGetBoolUSValueW) : api-ms-win-core-registryuserspecific-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74917F7A)
[Address] ***@*** (PathRemoveExtensionW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74901111)
[Address] ***@*** (PathIsFileSpecW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x749174FF)
[Address] ***@*** (PathGetDriveNumberW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7493D9BF)
[Address] ***@*** (PathRemoveFileSpecW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7491208C)
[Address] ***@*** (PathCommonPrefixW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74900BFB)
[Address] ***@*** (PathStripPathW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x749426F0)
[Address] ***@*** (PathStripToRootW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7491224C)
[Address] ***@*** (PathFindExtensionW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F9964)
[Address] ***@*** (PathQuoteSpacesW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74937B36)
[Address] ***@*** (SHExpandEnvironmentStringsW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F9C9B)
[Address] ***@*** (PathFileExistsW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F6B45)
[Address] ***@*** (PathGetArgsW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7493BE61)
[Address] ***@*** (PathRemoveBlanksW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7490A588)
[Address] ***@*** (PathFindFileNameW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7493D899)
[Address] ***@*** (PathCombineW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FE1CF)
[Address] ***@*** (PathParseIconLocationW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74942A5F)
[Address] ***@*** (PathIsRootW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748FE367)
[Address] ***@*** (PathIsPrefixW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74900D6E)
[Address] ***@*** (RegCreateKeyW) : api-ms-win-core-registry-l2-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\advapi32.dll @ 0x767F879E)
[Address] ***@*** (SetWindowPos) : USER32.dll -> HOOKED (C:\Program Files\IObit\Start Menu 8\StartMenuDll32.dll @ 0x0CEEE5B4)
[Address] ***@*** (RoGetActivationFactory) : api-ms-win-core-winrt-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DD76B7)
[Address] ***@*** (WindowsDeleteString) : api-ms-win-core-winrt-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DD1360)
[Address] ***@*** (WindowsCreateString) : api-ms-win-core-winrt-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DD15A1)
[Address] ***@*** (WindowsGetStringRawBuffer) : api-ms-win-core-winrt-string-l1-1-0.dll -> HOOKED (C:\WINDOWS\SYSTEM32\combase.dll @ 0x74DD116D)
[Address] ***@*** (GetLocaleInfoW) : api-ms-win-core-localization-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F3457)
[Address] ***@*** (GetThreadUILanguage) : api-ms-win-core-localization-l1-2-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74900B2D)
[Address] ***@*** (QueryFullProcessImageNameW) : api-ms-win-core-psapi-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7493E179)
[Address] ***@*** (StopTraceW) : api-ms-win-eventing-controller-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74932934)
[Address] ***@*** (EnableTraceEx2) : api-ms-win-eventing-controller-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x7492960E)
[Address] ***@*** (StartTraceW) : api-ms-win-eventing-controller-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x74929E6F)
[Address] ***@*** (DeactivateActCtx) : api-ms-win-core-sidebyside-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F029B)
[Address] ***@*** (ReleaseActCtx) : api-ms-win-core-sidebyside-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F025F)
[Address] ***@*** (ActivateActCtx) : api-ms-win-core-sidebyside-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F027D)
[Address] ***@*** (CreateActCtxW) : api-ms-win-core-sidebyside-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F67FF)
[Address] ***@*** (ChangeTimerQueueTimer) : api-ms-win-core-threadpool-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EE072)
[Address] ***@*** (DeleteTimerQueueTimer) : api-ms-win-core-threadpool-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F056D)
[Address] ***@*** (CreateTimerQueueTimer) : api-ms-win-core-threadpool-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748F05BA)
[Address] ***@*** (QueueUserWorkItem) : api-ms-win-core-threadpool-legacy-l1-1-0.dll -> HOOKED (C:\WINDOWS\system32\KERNELBASE.dll @ 0x748EE81C)
¤¤¤ Ruches Externes: ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200AAJS-22B4A0 ATA Device +++++
--- User ---
[MBR] a6b2c0157ceb6bc0df1aef3564376b74
[BSP] 478a21cc65b76290820884f959b03bbc : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 9993 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20467712 | Size: 147757 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 323074048 | Size: 147493 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[0]_D_11112013_143833.txt >>
RKreport[0]_S_11112013_142059.txt;RKreport[0]_S_11112013_143751.txt
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question