Sujet Précédent Sujet Suivant

Affichage bureau

Résolu/Fermé
latche100 Messages postés 28 Date d'inscription mardi 8 octobre 2013 Statut Membre Dernière intervention 29 décembre 2015 - 27 nov. 2013 à 00:09
latche100 Messages postés 28 Date d'inscription mardi 8 octobre 2013 Statut Membre Dernière intervention 29 décembre 2015 - 28 nov. 2013 à 15:41
Bonjour
Aidez moi s'il vous plait .Alors que je démarrais mon ordinateur mon enfant a longuement appuyer sur une dizaine de touche! résultat :je n'ai plus aucun raccourci sur le bureau et j'ai consulter les propriétés du bureau j'ai essayer de recréer d'autres raccourcis mais ils s'affichent pas sur le bureau.
NB;les barres de taches sont présentes j'ai un dell d600

7 réponses

Réponse 1 / 7
demondu36 Messages postés 1172 Date d'inscription jeudi 21 mai 2009 Statut Membre Dernière intervention 6 janvier 2016 231
27 nov. 2013 à 00:10
Depuis combien de temps ce problème est il présent ?
0
Réponse 2 / 7
Utilisateur anonyme
27 nov. 2013 à 00:12
Salut

Essaye un point de restauration

@+
0
Réponse 3 / 7
demondu36 Messages postés 1172 Date d'inscription jeudi 21 mai 2009 Statut Membre Dernière intervention 6 janvier 2016 231
27 nov. 2013 à 00:12
La manipulation la plus simple si aucun fichier important n'a été créer ou modifier depuis l'incident c'est la restauration du système la plus récente qui existe:

Pour utiliser Restauration du système 

Avant de démarrer Restauration du système, enregistrez les fichiers ouverts et fermez tous les programmes. La fonction Restauration du système redémarrera votre PC.

    Ouvrez Restauration du système en cliquant sur le bouton Démarrer Image du bouton Démarrer. Dans la zone de recherche, tapez Restauration du système?, puis cliquez sur Restauration du système dans la liste des résultats. Droits d'administrateur requis  Si vous êtes invité à saisir un mot de passe administrateur ou une confirmation, saisissez le mot de passe ou la confirmation.

    Suivez les étapes de l'Assistant pour choisir un point de restauration et restaurer votre ordinateur.
0
Réponse 4 / 7
latche100 Messages postés 28 Date d'inscription mardi 8 octobre 2013 Statut Membre Dernière intervention 29 décembre 2015
27 nov. 2013 à 00:51
tout allé bien c'est mon enfant qui a eteint la machine je l'ai rallumé alor je voulai l'empecher de rependre son action et la ses mains se sont rabattues sur le clavier et je l'ai laissé faire ne sachant pas qu'une telle chose pouvait se produire .j ai redemarré sans succes le problm est la mais par contre mon compte invite est san problem quand je change d'utilisateur
merci
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 7
latche100 Messages postés 28 Date d'inscription mardi 8 octobre 2013 Statut Membre Dernière intervention 29 décembre 2015
27 nov. 2013 à 00:58
j'ai tenté la restauration mais celle ci ne considere pas ce changement comme significatif et a chaque je recois ce message : votre machine na pas subit de changement.......
0
Réponse 6 / 7
latche100 Messages postés 28 Date d'inscription mardi 8 octobre 2013 Statut Membre Dernière intervention 29 décembre 2015
27 nov. 2013 à 01:28
effectivement j'ai pensé a la restauration mais ca ne marche j ai choisi 4 point differents et meme reponse.vous pensez que cela peut avoir une autre origine que celle que j'ai supposé?
NB:j'ai rien perdu(en tout cas je pas constaté) et tout marche bin sur la machine il y a juste absences des raccourcis et impossibilité d'en creer
0
demondu36 Messages postés 1172 Date d'inscription jeudi 21 mai 2009 Statut Membre Dernière intervention 6 janvier 2016 231
27 nov. 2013 à 11:07
Quel est votre OS ?
0
latche100 Messages postés 28 Date d'inscription mardi 8 octobre 2013 Statut Membre Dernière intervention 29 décembre 2015
27 nov. 2013 à 14:14
bonjour a toutes et tous

demondu36,

je suis sous xp professnel version, 2002 avec comme installation SERVICE pack 3
0
Réponse 7 / 7
latche100 Messages postés 28 Date d'inscription mardi 8 octobre 2013 Statut Membre Dernière intervention 29 décembre 2015
28 nov. 2013 à 15:41
BONJjour mon bureau est revenu apres un scan avec R killer et redemarrage et j'ai le rapport du scan qui ne me dit rien en tout cas je comprends rien [00:04:0456] ***** Global Init *****
[00:04:0596] Has crashed before : 1
[00:04:0827] Create mutex : RogueKiller
[00:04:0997] Mutex Created : 0x22c
[00:05:0488] Fill lists
[00:06:0449] OS Language : French
[00:06:0629] Take Privileges
[00:06:0950] Modify Token
[00:07:0811] Set priority to HIGH
[00:07:0921] Getting Operating System
[00:08:0162] Os Getted : Windows XP (5.1.2600 Service Pack 3) 32 bits version
[00:08:0712] ***** Global Init OK *****
[00:08:0983] ***** GUI Init *****
[00:21:0951] ***** GUI Init OK *****
[00:22:0122] Get build number
[00:22:0162] build number : RogueKiller(TM) v8.7.4 [Oct 16 2013] (x64 : 0)
[00:22:0232] ***** PreScan *****
[00:22:0693] Clear ListViews
[00:22:0913] [Check Window] Menu Démarrer
[00:23:0043] [Check Window] airtel mobile broadband
[00:23:0203] [Check Window] SysFader
[00:23:0313] [Check Window] Settings
[00:23:0383] [Check Window] Antirun
[00:23:0464] [Check Window] NetDDE Agent
[00:24:0064] [Check Window] Affichage bureau - Google Chrome
[00:24:0165] [Check Window] RogueKiller(TM) v8.7.4
[00:24:0295] [Check Window] Timer
[00:24:0645] [Check Window] airtel mobile broadband
[00:24:0675] [Check Window] MCI command handling window
[00:24:0735] [Check Window] DEBUG
[00:25:0066] [Check Window] DEBUG
[00:26:0147] [Check Window] airtel mobile broadband
[00:26:0248] [Check Window] airtel mobile broadband
[00:26:0738] [Check Window] SecureLineTrayIcon
[00:26:0818] [Check Window] CAvastTrayIcon
[00:26:0919] [Check Window] aswServ helper window
[00:26:0969] [Check Window] PCSuite
[00:27:0079] [Check Window] SerLa
[00:27:0269] [Check Window] About Athan (Azan)
[00:27:0640] [Check Window] Journée spéciale islamique
[00:27:0770] [Check Window] Calendrier Islamique
[00:27:0920] [Check Window] Obtenez Athan Pro
[00:28:0030] [Check Window] Options avancées
[00:28:0240] [Check Window] Athan (Azan) software
[00:28:0681] [Check Window] Ajouter une nouvelle ville
[00:28:0881] [Check Window] Temps de prière mensuels
[00:29:0022] [Check Window] Ajuster la date (Hijri)
[00:29:0152] [Check Window] Changer la ville
[00:29:0272] [Check Window] Aide
[00:29:0412] [Check Window] Sélection Athan
[00:29:0502] [Check Window] Convertisseur de dates Grégorien-Hijri
[00:29:0632] [Check Window] Fuseau horaire and Heure d'été
[00:29:0783] [Check Window] Méthode juridique
[00:29:0893] [Check Window] Méthode de calcul (Pour Fajr et Isha)
[00:29:0943] [Check Window] Latitude/longitude
[00:30:0063] [Check Window] Horaires de prières pour 6 millions de villes dans le monde
[00:30:0123] [Check Window] Manually Change the Prayer Times
[00:30:0203] [Check Window] Contrôlez l'utilisateur net
[00:30:0313] [Check Window] DShowContainerTT
[00:30:0524] [Check Window] Personnaliser Athan
[00:30:0624] [Check Window] System Tray
[00:30:0664] [Check Window] DShowContainerTT
[00:30:0754] [Check Window] Récitation du Coran
[00:30:0844] [Check Window] Direction de la Kaaba
[00:30:0904] [Check Window] Ajuster les minutes
[00:31:0065] [Check Window] DShowContainerTT
[00:31:0135] [Check Window] IslamicFinder Athan (Azan) Software - Horaires de prières pour 6 millions de villes dans le monde
[00:31:0185] [Check Window] Athan
[00:31:0415] [Check Window] PCSuite
[00:31:0475] [Check Window] Nokia PC Suite
[00:31:0525] [Check Window] DShowMsgWindow
[00:31:0665] [Check Window] DShowMsgWindow
[00:31:0725] [Check Window] ActiveMovie Window
[00:31:0776] [Check Window] Microsoft Security Essentials
[00:31:0806] [Check Window] DShowMsgWindow
[00:31:0836] [Check Window] Connections Tray
[00:31:0986] [Check Window] Jauge d'énergie
[00:32:0026] [Check Window] MS_WebcheckMonitor
[00:32:0126] [Check Window] ATI video bios poller client
[00:32:0196] [Check Window] ATI video bios poller
[00:32:0326] [Check Window] GDI+ Window
[00:32:0396] [Check Window] GDI+ Window
[00:32:0567] [Check Window] SysFader
[00:32:0837] [Check Window] GDI+ Window
[00:32:0937] [Check Window] Program Manager
[00:32:0977] [Check Window] M
[00:33:0017] [Check Window] Default IME
[00:33:0047] [Check Window] M
[00:33:0097] [Check Window] Default IME
[00:33:0117] [Check Window] M
[00:33:0148] [Check Window] Default IME
[00:33:0178] [Check Window] Default IME
[00:33:0198] [Check Window] M
[00:33:0228] [Check Window] M
[00:33:0298] [Check Window] Default IME
[00:33:0318] [Check Window] M
[00:33:0348] [Check Window] Default IME
[00:33:0368] [Check Window] Default IME
[00:33:0398] [Check Window] Default IME
[00:33:0428] [Check Window] Default IME
[00:33:0448] [Check Window] Default IME
[00:33:0488] [Check Window] Default IME
[00:33:0518] [Check Window] Default IME
[00:33:0538] [Check Window] Default IME
[00:33:0568] [Check Window] Default IME
[00:33:0598] [Check Window] Default IME
[00:33:0618] [Check Window] Default IME
[00:33:0648] [Check Window] Default IME
[00:33:0678] [Check Window] Default IME
[00:33:0748] [Check Window] Default IME
[00:33:0778] [Check Window] Default IME
[00:33:0808] [Check Window] Default IME
[00:33:0829] [Check Window] Default IME
[00:33:0919] [Check Window] Default IME
[00:34:0039] [Check Window] Default IME
[00:34:0089] [Check Window] Default IME
[00:34:0269] [Check Processes] Service PID : 1124
[01:15:0689] [Check Processes] [0][_0] [System Process] :
[01:15:0759] [CHECK] WhiteDLL
[01:15:0789] [CHECK] Whitelist
[01:15:0949] [CHECK] WellKnown
[01:16:0049] [Check Processes] [4][_0] System :
[01:16:0089] [CHECK] WhiteDLL
[01:16:0189] [CHECK] Whitelist
[01:16:0229] [CHECK] WellKnown
[01:16:0400] [Check Processes] [1000][_4] smss.exe : C:\WINDOWS\System32\smss.exe
[01:16:0460] [CHECK] WhiteDLL
[01:16:0560] [CHECK] Whitelist
[01:16:0590] [CHECK] WellKnown
[01:16:0720] [Check Processes] [1048][_1000] csrss.exe : C:\WINDOWS\system32\csrss.exe
[01:16:0770] [CHECK] WhiteDLL
[01:16:0840] [CHECK] Whitelist
[01:16:0910] [CHECK] WellKnown
[01:18:0302] [Check Processes] [1080][_1000] winlogon.exe : C:\WINDOWS\system32\winlogon.exe
[01:18:0322] [CHECK] WhiteDLL
[01:18:0363] [CHECK] Whitelist
[01:18:0393] [CHECK] WellKnown
[01:18:0583] [Check Processes] [1124][_1080] services.exe : C:\WINDOWS\system32\services.exe
[01:18:0713] [CHECK] WhiteDLL
[01:18:0773] [CHECK] Whitelist
[01:18:0803] [CHECK] WellKnown
[01:18:0853] [Check Processes] [1136][_1080] lsass.exe : C:\WINDOWS\system32\lsass.exe
[01:18:0893] [CHECK] WhiteDLL
[01:18:0913] [CHECK] Whitelist
[01:18:0943] [CHECK] WellKnown
[01:19:0554] [Check Processes] [1304][_1124] ati2evxx.exe : C:\WINDOWS\system32\ati2evxx.exe
[01:19:0614] [CHECK] WhiteDLL
[01:19:0644] [CHECK] Whitelist
[01:19:0694] [CHECK] WellKnown
[01:19:0735] [CHECK] WhitelistPath
[01:19:0765] [CHECK] HijackName
[01:19:0795] [CHECK] Signature
[01:19:0855] [PE] Mapping
[01:19:0905] [PE] Parsing
[01:19:0925] [PE] Dos header -> 0x1290000
[01:19:0955] [PE] Nt header (offset : 0xe0) file size 0x65000
[01:19:0975] [PE] pNtHeadersx86 -> 0x12900e0
[01:20:0025] [PE] Chars -> 0x10f
[01:20:0055] [PE] Optional header
[01:20:0085] [PE] Sections : 4
[01:20:0135] [PE] Section : 0 - .text
[01:20:0165] [PE] Section : 1 - .rdata
[01:20:0195] [PE] Section : 2 - .data
[01:20:0225] [PE] Section : 3 - .rsrc
[01:20:0275] [PE] Parse EAT
[01:20:0335] [PE] Parse IAT
[01:20:0405] [PE] Parsing ok
[01:20:0516] [PE] File open : 1
[01:20:0556] [PE] Search sigs
[01:20:0586] [PE] Section[0/3] : 0x1291000
[01:20:0656] [PE] Init AhoCorasick
[01:20:0706] [PE] Start AhoCorasick [0x1291000 - 266240]
[01:20:0756] [PE] Looking results : 0
[01:20:0826] [PE] Section[1/3] : 0x12d2000
[01:20:0876] [PE] Init AhoCorasick
[01:20:0926] [PE] Start AhoCorasick [0x12d2000 - 135168]
[01:20:0996] [PE] Looking results : 0
[01:21:0036] [PE] Section[2/3] : 0x12f3000
[01:21:0076] [PE] Init AhoCorasick
[01:21:0107] [PE] Start AhoCorasick [0x12f3000 - 4096]
[01:21:0167] [PE] Looking results : 0
[01:21:0217] [PE] Section[3/3] : 0x12f4000
[01:21:0367] [PE] Init AhoCorasick
[01:21:0407] [PE] Start AhoCorasick [0x12f4000 - 4096]
[01:21:0437] [PE] Looking results : 0
[01:21:0477] [CHECK] Blacklist
[01:21:0547] [CHECK] BlacklistPath
[01:21:0597] [CHECK] BlacklistMD5
[01:21:0627] [CHECK] MadeNumbers
[01:21:0657] [CHECK] HasUnicode
[01:21:0687] [CHECK] SuspPath
[01:21:0727] [CHECK] ProcessResidue
[01:21:0767] [CHECK] Not found!
[01:21:0868] [Check Processes] [1320][_1124] svchost.exe : C:\WINDOWS\system32\svchost.exe
[01:21:0898] [CHECK] WhiteDLL
[01:21:0928] [CHECK] Whitelist
[01:22:0008] [CHECK] WellKnown
[01:22:0058] [Check Processes] [1384][_1124] svchost.exe : C:\WINDOWS\system32\svchost.exe
[01:22:0088] [CHECK] WhiteDLL
[01:22:0138] [CHECK] Whitelist
[01:22:0198] [CHECK] WellKnown
[01:22:0278] [Check Processes] [1420][_1124] MsMpEng.exe : c:\Program Files\Microsoft Security Client\MsMpEng.exe
[01:22:0298] [CHECK] WhiteDLL
[01:22:0328] [CHECK] Whitelist
[01:22:0358] [CHECK] WellKnown
[01:22:0408] [CHECK] WhitelistPath
[01:22:0438] [CHECK] HijackName
[01:22:0468] [CHECK] Signature
[01:22:0519] [PE] Mapping
[01:22:0579] [PE] Parsing
[01:22:0639] [PE] Dos header -> 0x1290000
[01:22:0699] [PE] Nt header (offset : 0xd0) file size 0x56c0
[01:22:0749] [PE] pNtHeadersx86 -> 0x12900d0
[01:22:0799] [PE] Chars -> 0x102
[01:22:0859] [PE] Optional header
[01:22:0879] [PE] Sections : 5
[01:22:0909] [PE] Section : 0 - .text
[01:22:0949] [PE] Section : 1 - .data
[01:22:0999] [PE] Section : 2 - .idata
[01:23:0029] [PE] Section : 3 - .rsrc
[01:23:0059] [PE] Section : 4 - .reloc
[01:23:0139] [PE] Parse EAT
[01:23:0169] [PE] Parse IAT
[01:23:0200] [PE] Parsing ok
[01:23:0240] [PE] File open : 1
[01:23:0270] [PE] Search sigs
[01:23:0310] [PE] Section[0/4] : 0x1290400
[01:23:0340] [PE] Init AhoCorasick
[01:23:0370] [PE] Start AhoCorasick [0x1290400 - 512]
[01:23:0410] [PE] Looking results : 0
[01:23:0450] [PE] Section[1/4] : 0x1290600
[01:23:0480] [PE] Init AhoCorasick
[01:23:0530] [PE] Start AhoCorasick [0x1290600 - 512]
[01:23:0590] [PE] Looking results : 0
[01:23:0620] [PE] Section[2/4] : 0x1290800
[01:23:0680] [PE] Init AhoCorasick
[01:23:0710] [PE] Start AhoCorasick [0x1290800 - 512]
[01:23:0760] [PE] Looking results : 0
[01:23:0830] [PE] Section[3/4] : 0x1290a00
[01:23:0860] [PE] Init AhoCorasick
[01:23:0891] [PE] Start AhoCorasick [0x1290a00 - 2560]
[01:23:0931] [PE] Looking results : 0
[01:23:0971] [PE] Section[4/4] : 0x1291400
[01:23:0991] [PE] Init AhoCorasick
[01:24:0021] [PE] Start AhoCorasick [0x1291400 - 512]
[01:24:0051] [PE] Looking results : 0
[01:24:0081] [CHECK] Blacklist
[01:24:0111] [CHECK] BlacklistPath
[01:24:0141] [CHECK] BlacklistMD5
[01:24:0171] [CHECK] MadeNumbers
[01:24:0201] [CHECK] HasUnicode
[01:24:0231] [CHECK] SuspPath
[01:24:0261] [CHECK] ProcessResidue
[01:24:0281] [CHECK] Not found!
[01:24:0321] [Check Processes] [1460][_1124] svchost.exe : C:\WINDOWS\system32\svchost.exe
[01:24:0351] [CHECK] WhiteDLL
[01:24:0381] [CHECK] Whitelist
[01:24:0411] [CHECK] WellKnown
[01:24:0451] [Check Processes] [1624][_1080] ati2evxx.exe : C:\WINDOWS\system32\ati2evxx.exe
[01:24:0481] [CHECK] WhiteDLL
[01:24:0511] [CHECK] Whitelist
[01:24:0571] [CHECK] WellKnown
[01:24:0642] [CHECK] WhitelistPath
[01:24:0672] [CHECK] HijackName
[01:24:0722] [CHECK] Signature
[01:24:0802] [PE] Mapping
[01:24:0852] [PE] Parsing
[01:24:0882] [PE] Dos header -> 0x1290000
[01:24:0922] [PE] Nt header (offset : 0xe0) file size 0x65000
[01:24:0982] [PE] pNtHeadersx86 -> 0x12900e0
[01:25:0062] [PE] Chars -> 0x10f
[01:25:0102] [PE] Optional header
[01:25:0152] [PE] Sections : 4
[01:25:0202] [PE] Section : 0 - .text
[01:25:0232] [PE] Section : 1 - .rdata
[01:25:0303] [PE] Section : 2 - .data
[01:25:0393] [PE] Section : 3 - .rsrc
[01:25:0463] [PE] Parse EAT
[01:25:0493] [PE] Parse IAT
[01:25:0573] [PE] Parsing ok
[01:25:0623] [PE] File open : 1
[01:25:0653] [PE] Search sigs
[01:25:0723] [PE] Section[0/3] : 0x1291000
[01:25:0773] [PE] Init AhoCorasick
[01:25:0823] [PE] Start AhoCorasick [0x1291000 - 266240]
[01:25:0903] [PE] Looking results : 0
[01:25:0943] [PE] Section[1/3] : 0x12d2000
[01:26:0064] [PE] Init AhoCorasick
[01:26:0094] [PE] Start AhoCorasick [0x12d2000 - 135168]
[01:26:0144] [PE] Looking results : 0
[01:26:0194] [PE] Section[2/3] : 0x12f3000
[01:26:0244] [PE] Init AhoCorasick
[01:26:0414] [PE] Start AhoCorasick [0x12f3000 - 4096]
[01:26:0514] [PE] Looking results : 0
[01:26:0594] [PE] Section[3/3] : 0x12f4000
[01:26:0664] [PE] Init AhoCorasick
[01:26:0705] [PE] Start AhoCorasick [0x12f4000 - 4096]
[01:26:0755] [PE] Looking results : 0
[01:26:0845] [CHECK] Blacklist
[01:26:0945] [CHECK] BlacklistPath
[01:27:0065] [CHECK] BlacklistMD5
[01:27:0175] [CHECK] MadeNumbers
[01:27:0315] [CHECK] HasUnicode
[01:27:0355] [CHECK] SuspPath
[01:27:0396] [CHECK] ProcessResidue
[01:27:0416] [CHECK] Not found!
[01:34:0085] [Check Processes] [1876][_1660] explorer.exe : C:\WINDOWS\explorer.exe
[01:34:0175] [Check DLLs] Explorer.EXE : C:\WINDOWS\Explorer.EXE
[01:34:0205] [Check DLLs] ntdll.dll : C:\WINDOWS\system32\ntdll.dll
[01:34:0245] [CHECK] WhiteDLL
[01:34:0285] [Check DLLs] kernel32.dll : C:\WINDOWS\system32\kernel32.dll
[01:34:0315] [CHECK] WhiteDLL
[01:34:0336] [Check DLLs] ADVAPI32.dll : C:\WINDOWS\system32\ADVAPI32.dll
[01:34:0366] [CHECK] WhiteDLL
[01:34:0396] [Check DLLs] RPCRT4.dll : C:\WINDOWS\system32\RPCRT4.dll
[01:34:0416] [CHECK] WhiteDLL
[01:34:0486] [CHECK] Whitelist
[01:34:0516] [CHECK] WellKnown
[01:34:0546] [CHECK] WhitelistPath
[01:34:0576] [CHECK] HijackName
[01:34:0596] [CHECK] Signature
[01:35:0357] [PE] Mapping
[01:35:0397] [PE] Parsing
[01:35:0427] [PE] Dos header -> 0x1290000
[01:35:0467] [PE] Nt header (offset : 0xe8) file size 0x8ec00
[01:35:0507] [PE] pNtHeadersx86 -> 0x12900e8
[01:35:0537] [PE] Chars -> 0x210e
[01:35:0607] [PE] Optional header
[01:35:0647] [PE] Sections : 5
[01:35:0758] [PE] Section : 0 - .text
[01:35:0788] [PE] Section : 1 - .orpc
[01:35:0818] [PE] Section : 2 - .data
[01:35:0838] [PE] Section : 3 - .rsrc
[01:35:0868] [PE] Section : 4 - .reloc
[01:35:0978] [PE] Parse EAT
[01:36:0008] [PE] Parse IAT
[01:36:0028] [PE] Parsing ok
[01:36:0068] [PE] File open : 1
[01:36:0098] [PE] Search sigs
[01:36:0158] [PE] Section[0/4] : 0x1290400
[01:36:0178] [PE] Init AhoCorasick
[01:36:0258] [PE] Start AhoCorasick [0x1290400 - 534528]
[01:36:0328] [PE] Looking results : 0
[01:36:0388] [PE] Section[1/4] : 0x1312c00
[01:36:0409] [PE] Init AhoCorasick
[01:36:0439] [PE] Start AhoCorasick [0x1312c00 - 27136]
[01:36:0479] [PE] Looking results : 0
[01:36:0499] [PE] Section[2/4] : 0x1319600
[01:36:0529] [PE] Init AhoCorasick
[01:36:0549] [PE] Start AhoCorasick [0x1319600 - 3072]
[01:36:0589] [PE] Looking results : 0
[01:36:0619] [PE] Section[3/4] : 0x131a200
[01:36:0649] [PE] Init AhoCorasick
[01:36:0679] [PE] Start AhoCorasick [0x131a200 - 1024]
[01:36:0709] [PE] Looking results : 0
[01:36:0749] [PE] Section[4/4] : 0x131a600
[01:36:0839] [PE] Init AhoCorasick
[01:36:0899] [PE] Start AhoCorasick [0x131a600 - 17920]
[01:36:0949] [PE] Looking results : 0
[01:36:0979] [CHECK] Blacklist
[01:37:0029] [CHECK] BlacklistPath
[01:37:0049] [CHECK] BlacklistMD5
[01:37:0079] [CHECK] MadeNumbers
[01:37:0120] [CHECK] HasUnicode
[01:37:0150] [CHECK] SuspPath
[01:37:0190] [CHECK] ProcessResidue
[01:37:0230] [CHECK] Not found!
[01:37:0250] [Check DLLs] Secur32.dll : C:\WINDOWS\system32\Secur32.dll
[01:37:0290] [CHECK] WhiteDLL
[01:37:0320] [CHECK] Whitelist
[01:37:0350] [CHECK] WellKnown
[01:37:0380] [CHECK] WhitelistPath
[01:37:0400] [CHECK] HijackName
[01:37:0440] [CHECK] Signature
[01:37:0710] [PE] Mapping
[01:37:0770] [PE] Parsing
[01:37:0811] [PE] Dos header -> 0x12a0000
[01:37:0841] [PE] Nt header (offset : 0xe0) file size 0xdc00
[01:37:0911] [PE] pNtHeadersx86 -> 0x12a00e0
[01:37:0951] [PE] Chars -> 0x210e
[01:37:0991] [PE] Optional header
[01:38:0021] [PE] Sections : 4
[01:38:0051] [PE] Section : 0 - .text
[01:38:0091] [PE] Section : 1 - .data
[01:38:0131] [PE] Section : 2 - .rsrc
[01:38:0171] [PE] Section : 3 - .reloc
[01:38:0211] [PE] Parse EAT
[01:38:0261] [PE] Parse IAT
[01:38:0311] [PE] Parsing ok
[01:38:0371] [PE] File open : 1
[01:38:0421] [PE] Search sigs
[01:38:0481] [PE] Section[0/3] : 0x12a0400
[01:38:0512] [PE] Init AhoCorasick
[01:38:0552] [PE] Start AhoCorasick [0x12a0400 - 49664]
[01:38:0602] [PE] Looking results : 0
[01:38:0632] [PE] Section[1/3] : 0x12ac600
[01:38:0662] [PE] Init AhoCorasick
[01:38:0692] [PE] Start AhoCorasick [0x12ac600 - 1536]
[01:38:0802] [PE] Looking results : 0
[01:38:0822] [PE] Section[2/3] : 0x12acc00
[01:38:0852] [PE] Init AhoCorasick
[01:38:0882] [PE] Start AhoCorasick [0x12acc00 - 1536]
[01:38:0902] [PE] Looking results : 0
[01:38:0932] [PE] Section[3/3] : 0x12ad200
[01:38:0962] [PE] Init AhoCorasick
[01:38:0992] [PE] Start AhoCorasick [0x12ad200 - 2560]
[01:39:0012] [PE] Looking results : 0
[01:39:0042] [CHECK] Blacklist
[01:39:0062] [CHECK] BlacklistPath
[01:39:0092] [CHECK] BlacklistMD5
[01:39:0132] [CHECK] MadeNumbers
[01:39:0152] [CHECK] HasUnicode
[01:39:0193] [CHECK] SuspPath
[01:39:0213] [CHECK] ProcessResidue
[01:39:0233] [CHECK] Not found!
[01:39:0263] [Check DLLs] BROWSEUI.dll : C:\WINDOWS\system32\BROWSEUI.dll
[01:39:0283] [CHECK] WhiteDLL
[01:39:0313] [CHECK] Whitelist
[01:39:0343] [CHECK] WellKnown
[01:39:0363] [CHECK] WhitelistPath
[01:39:0393] [CHECK] HijackName
[01:39:0423] [CHECK] Signature
[01:41:0636] [PE] Mapping
[01:41:0736] [PE] Parsing
[01:41:0766] [PE] Dos header -> 0x2210000
[01:41:0796] [PE] Nt header (offset : 0xf0) file size 0x104e00
[01:41:0816] [PE] pNtHeadersx86 -> 0x22100f0
[01:41:0846] [PE] Chars -> 0x210e
[01:41:0886] [PE] Optional header
[01:42:0007] [PE] Sections : 4
[01:42:0037] [PE] Section : 0 - .text
[01:42:0067] [PE] Section : 1 - .data
[01:42:0087] [PE] Section : 2 - .rsrc
[01:42:0117] [PE] Section : 3 - .reloc
[01:42:0147] [PE] Parse EAT
[01:42:0167] [PE] Parse IAT
[01:42:0207] [PE] Parsing ok
[01:42:0227] [PE] File open : 1
[01:42:0257] [PE] Search sigs
[01:42:0287] [PE] Section[0/3] : 0x2210400
[01:42:0317] [PE] Init AhoCorasick
[01:42:0347] [PE] Start AhoCorasick [0x2210400 - 548352]
[01:42:0407] [PE] Looking results : 0
[01:42:0437] [PE] Section[1/3] : 0x2296200
[01:42:0487] [PE] Init AhoCorasick
[01:42:0768] [PE] Start AhoCorasick [0x2296200 - 3584]
[01:42:0808] [PE] Looking results : 0
[01:42:0828] [PE] Section[2/3] : 0x2297000
[01:42:0888] [PE] Init AhoCorasick
[01:42:0938] [PE] Start AhoCorasick [0x2297000 - 484352]
[01:43:0048] [PE] Looking results : 0
[01:43:0078] [PE] Section[3/3] : 0x230d400
[01:43:0098] [PE] Init AhoCorasick
[01:43:0128] [PE] Start AhoCorasick [0x230d400 - 31232]
[01:43:0248] [PE] Looking results : 0
[01:43:0328] [CHECK] Blacklist
[01:43:0348] [CHECK] BlacklistPath
[01:43:0379] [CHECK] BlacklistMD5
[01:43:0409] [CHECK] MadeNumbers
[01:43:0469] [CHECK] HasUnicode
[01:43:0559] [CHECK] SuspPath
[01:43:0629] [CHECK] ProcessResidue
[01:43:0759] [CHECK] Not found!
[01:43:0789] [Check DLLs] GDI32.dll : C:\WINDOWS\system32\GDI32.dll
[01:43:0819] [CHECK] WhiteDLL
[01:43:0869] [CHECK] Whitelist
[01:43:0929] [CHECK] WellKnown
[01:43:0959] [CHECK] WhitelistPath
[01:44:0120] [CHECK] HijackName
[01:44:0150] [CHECK] Signature
[01:45:0742] [PE] Mapping
[01:45:0802] [PE] Parsing
[01:45:0832] [PE] Dos header -> 0x12a0000
[01:45:0852] [PE] Nt header (offset : 0xe0) file size 0x45a00
[01:45:0882] [PE] pNtHeadersx86 -> 0x12a00e0
[01:45:0902] [PE] Chars -> 0x210e
[01:45:0932] [PE] Optional header
[01:46:0022] [PE] Sections : 4
[01:46:0243] [PE] Section : 0 - .text
[01:46:0263] [PE] Section : 1 - .data
[01:46:0293] [PE] Section : 2 - .rsrc
[01:46:0313] [PE] Section : 3 - .reloc
[01:46:0343] [PE] Parse EAT
[01:46:0373] [PE] Parse IAT
[01:46:0393] [PE] Parsing ok
[01:46:0433] [PE] File open : 1
[01:46:0453] [PE] Search sigs
[01:46:0483] [PE] Section[0/3] : 0x12a0400
[01:46:0513] [PE] Init AhoCorasick
[01:46:0543] [PE] Start AhoCorasick [0x12a0400 - 271872]
[01:46:0593] [PE] Looking results : 0
[01:47:0044] [PE] Section[1/3] : 0x12e2a00
[01:47:0134] [PE] Init AhoCorasick
[01:47:0164] [PE] Start AhoCorasick [0x12e2a00 - 4608]
[01:47:0204] [PE] Looking results : 0
[01:47:0224] [PE] Section[2/3] : 0x12e3c00
[01:47:0304] [PE] Init AhoCorasick
[01:47:0404] [PE] Start AhoCorasick [0x12e3c00 - 1024]
[01:47:0535] [PE] Looking results : 0
[01:47:0565] [PE] Section[3/3] : 0x12e4000
[01:47:0585] [PE] Init AhoCorasick
[01:47:0615] [PE] Start AhoCorasick [0x12e4000 - 6656]
[01:47:0645] [PE] Looking results : 0
[01:47:0675] [CHECK] Blacklist
[01:47:0705] [CHECK] BlacklistPath
[01:47:0755] [CHECK] BlacklistMD5
[01:47:0785] [CHECK] MadeNumbers
[01:47:0815] [CHECK] HasUnicode
[01:47:0845] [CHECK] SuspPath
[01:47:0885] [CHECK] ProcessResidue
[01:47:0915] [CHECK] Not found!
[01:47:0945] [Check DLLs] USER32.dll : C:\WINDOWS\system32\USER32.dll
[01:47:0965] [CHECK] WhiteDLL
[01:47:0995] [Check DLLs] msvcrt.dll : C:\WINDOWS\system32\msvcrt.dll
[01:48:0025] [CHECK] WhiteDLL
[01:48:0055] [CHECK] Whitelist
[01:48:0075] [CHECK] WellKnown
[01:48:0105] [CHECK] WhitelistPath
[01:48:0135] [CHECK] HijackName
[01:48:0155] [CHECK] Signature
[01:50:0539] [PE] Mapping
[01:50:0599] [PE] Parsing
[01:51:0130] [PE] Dos header -> 0x12a0000
[01:51:0470] [PE] Nt header (offset : 0xe8) file size 0x53c00
[01:51:0490] [PE] pNtHeadersx86 -> 0x12a00e8
[01:51:0520] [PE] Chars -> 0x210e
[01:51:0550] [PE] Optional header
[01:51:0570] [PE] Sections : 4
[01:51:0600] [PE] Section : 0 - .text
[01:51:0791] [PE] Section : 1 - .data
[01:51:0951] [PE] Section : 2 - .rsrc
[01:52:0281] [PE] Section : 3 - .reloc
[01:52:0301] [PE] Parse EAT
[01:52:0331] [PE] Parse IAT
[01:52:0381] [PE] Parsing ok
[01:52:0462] [PE] File open : 1
[01:52:0512] [PE] Search sigs
[01:53:0032] [PE] Section[0/3] : 0x12a0400
[01:53:0072] [PE] Init AhoCorasick
[01:53:0103] [PE] Start AhoCorasick [0x12a0400 - 310784]
[01:53:0163] [PE] Looking results : 0
[01:53:0203] [PE] Section[1/3] : 0x12ec200
[01:53:0233] [PE] Init AhoCorasick
[01:53:0273] [PE] Start AhoCorasick [0x12ec200 - 18432]
[01:53:0323] [PE] Looking results : 0
[01:53:0473] [PE] Section[2/3] : 0x12f0a00
[01:53:0623] [PE] Init AhoCorasick
[01:53:0693] [PE] Start AhoCorasick [0x12f0a00 - 1024]
[01:53:0743] [PE] Looking results : 0
[01:53:0804] [PE] Section[3/3] : 0x12f0e00
[01:53:0834] [PE] Init AhoCorasick
[01:53:0894] [PE] Start AhoCorasick [0x12f0e00 - 11776]
[01:54:0094] [PE] Looking results : 0
[01:54:0264] [CHECK] Blacklist
[01:54:0304] [CHECK] BlacklistPath
[01:54:0374] [CHECK] BlacklistMD5
[01:54:0404] [CHECK] MadeNumbers
[01:54:0795] [CHECK] HasUnicode
[01:54:0875] [CHECK] SuspPath
[01:54:0965] [CHECK] ProcessResidue
[01:55:0005] [CHECK] Not found!
[01:55:0035] [Check DLLs] ole32.dll : C:\WINDOWS\system32\ole32.dll
[01:55:0065] [CHECK] WhiteDLL
[01:55:0095] [CHECK] Whitelist
[01:55:0125] [CHECK] WellKnown
[01:55:0155] [CHECK] WhitelistPath
[01:55:0226] [CHECK] HijackName
[01:55:0256] [CHECK] Signature
[01:55:0606] [PE] Mapping
[01:55:0666] [PE] Parsing
[01:55:0706] [PE] Dos header -> 0x2210000
[01:55:0796] [PE] Nt header (offset : 0xe8) file size 0x13a400
[01:55:0836] [PE] pNtHeadersx86 -> 0x22100e8
[01:55:0897] [PE] Chars -> 0x210e
[01:55:0937] [PE] Optional header
[01:55:0967] [PE] Sections : 5
[01:55:0997] [PE] Section : 0 - .text
[01:56:0047] [PE] Section : 1 - .orpc
[01:56:0067] [PE] Section : 2 - .data
[01:56:0167] [PE] Section : 3 - .rsrc
[01:56:0227] [PE] Section : 4 - .reloc
[01:56:0257] [PE] Parse EAT
[01:56:0327] [PE] Parse IAT
[01:56:0377] [PE] Parsing ok
[01:56:0417] [PE] File open : 1
[01:56:0447] [PE] Search sigs
[01:56:0477] [PE] Section[0/4] : 0x2210400
[01:56:0578] [PE] Init AhoCorasick
[01:56:0688] [PE] Start AhoCorasick [0x2210400 - 1175552]
[01:56:0798] [PE] Looking results : 0
[01:56:0948] [PE] Section[1/4] : 0x232f400
[01:56:0998] [PE] Init AhoCorasick
[01:57:0028] [PE] Start AhoCorasick [0x232f400 - 24576]
[01:57:0058] [PE] Looking results : 0
[01:57:0148] [PE] Section[2/4] : 0x2335400
[01:57:0178] [PE] Init AhoCorasick
[01:57:0208] [PE] Start AhoCorasick [0x2335400 - 26112]
[01:57:0248] [PE] Looking results : 0
[01:57:0309] [PE] Section[3/4] : 0x233ba00
[01:57:0359] [PE] Init AhoCorasick
[01:57:0459] [PE] Start AhoCorasick [0x233ba00 - 6144]
[01:57:0529] [PE] Looking results : 0
[01:57:0639] [PE] Section[4/4] : 0x233d200
[01:57:0719] [PE] Init AhoCorasick
[01:57:0759] [PE] Start AhoCorasick [0x233d200 - 53760]
[01:57:0809] [PE] Looking results : 0
[01:57:0849] [CHECK] Blacklist
[01:57:0889] [CHECK] BlacklistPath
[01:57:0949] [CHECK] BlacklistMD5
[01:57:0990] [CHECK] MadeNumbers
[01:58:0040] [CHECK] HasUnicode
[01:58:0110] [CHECK] SuspPath
[01:58:0190] [CHECK] ProcessResidue
[01:58:0240] [CHECK] Not found!
[01:58:0280] [Check DLLs] SHLWAPI.dll : C:\WINDOWS\system32\SHLWAPI.dll
[01:58:0310] [CHECK] WhiteDLL
[01:58:0370] [CHECK] Whitelist
[01:58:0420] [CHECK] WellKnown
[01:58:0490] [CHECK] WhitelistPath
[01:58:0550] [CHECK] HijackName
[01:58:0661] [CHECK] Signature
[01:58:0831] [PE] Mapping
[01:58:0911] [PE] Parsing
[01:58:0951] [PE] Dos header -> 0x12a0000
[01:58:0981] [PE] Nt header (offset : 0x100) file size 0x79e00
[01:59:0021] [PE] pNtHeadersx86 -> 0x12a0100
[01:59:0071] [PE] Chars -> 0x210e
[01:59:0111] [PE] Optional header
[01:59:0151] [PE] Sections : 4
[01:59:0211] [PE] Section : 0 - .text
[01:59:0241] [PE] Section : 1 - .data
[01:59:0271] [PE] Section : 2 - .rsrc
[01:59:0301] [PE] Section : 3 - .reloc
[01:59:0331] [PE] Parse EAT
[01:59:0362] [PE] Parse IAT
[01:59:0392] [PE] Parsing ok
[01:59:0422] [PE] File open : 1
[01:59:0452] [PE] Search sigs
[01:59:0482] [PE] Section[0/3] : 0x12a0400
[01:59:0502] [PE] Init AhoCorasick
[01:59:0532] [PE] Start AhoCorasick [0x12a0400 - 441344]
[01:59:0662] [PE] Looking results : 0
[01:59:0712] [PE] Section[1/3] : 0x130c000
[01:59:0752] [PE] Init AhoCorasick
[01:59:0802] [PE] Start AhoCorasick [0x130c000 - 3072]
[01:59:0852] [PE] Looking results : 0
[02:00:0854] [PE] Section[2/3] : 0x130cc00
[02:01:0094] [PE] Init AhoCorasick
[02:01:0134] [PE] Start AhoCorasick [0x130cc00 - 30720]
[02:01:0164] [PE] Looking results : 0
[02:01:0194] [PE] Section[3/3] : 0x1314400
[02:01:0234] [PE] Init AhoCorasick
[02:01:0264] [PE] Start AhoCorasick [0x1314400 - 23040]
[02:01:0294] [PE] Looking results : 0
[02:01:0324] [CHECK] Blacklist
[02:01:0344] [CHECK] BlacklistPath
[02:01:0374] [CHECK] BlacklistMD5
[02:01:0404] [CHECK] MadeNumbers
[02:01:0424] [CHECK] HasUnicode
[02:01:0455] [CHECK] SuspPath
[02:01:0515] [CHECK] ProcessResidue
[02:01:0565] [CHECK] Not found!
[02:01:0605] [Check DLLs] OLEAUT32.dll : C:\WINDOWS\system32\OLEAUT32.dll
[02:01:0635] [CHECK] WhiteDLL
[02:01:0695] [CHECK] Whitelist
[02:02:0095] [CHECK] WellKnown
[02:02:0146] [CHECK] WhitelistPath
[02:02:0176] [CHECK] HijackName
[02:02:0206] [CHECK] Signature
[02:02:0466] [PE] Mapping
[02:03:0407] [PE] Parsing
[02:03:0437] [PE] Dos header -> 0x12a0000
[02:03:0538] [PE] Nt header (offset : 0xe8) file size 0x86c00
[02:03:0588] [PE] pNtHeadersx86 -> 0x12a00e8
[02:03:0648] [PE] Chars -> 0x210e
[02:03:0698] [PE] Optional header
[02:03:0758] [PE] Sections : 5
[02:03:0858] [PE] Section : 0 - .text
[02:04:0078] [PE] Section : 1 - .orpc
[02:04:0118] [PE] Section : 2 - .data
[02:04:0158] [PE] Section : 3 - .rsrc
[02:04:0178] [PE] Section : 4 - .reloc
[02:04:0208] [PE] Parse EAT
[02:04:0239] [PE] Parse IAT
[02:04:0279] [PE] Parsing ok
[02:04:0299] [PE] File open : 1
[02:04:0329] [PE] Search sigs
[02:04:0359] [PE] Section[0/4] : 0x12a0400
[02:04:0379] [PE] Init AhoCorasick
[02:04:0419] [PE] Start AhoCorasick [0x12a0400 - 518656]
[02:04:0479] [PE] Looking results : 0
[02:04:0519] [PE] Section[1/4] : 0x131ee00
[02:04:0539] [PE] Init AhoCorasick
[02:04:0569] [PE] Start AhoCorasick [0x131ee00 - 1024]
[02:04:0599] [PE] Looking results : 0
[02:04:0629] [PE] Section[2/4] : 0x131f200
[02:04:0649] [PE] Init AhoCorasick
[02:04:0679] [PE] Start AhoCorasick [0x131f200 - 8192]
[02:04:0719] [PE] Looking results : 0
[02:04:0739] [PE] Section[3/4] : 0x1321200
[02:04:0769] [PE] Init AhoCorasick
[02:04:0799] [PE] Start AhoCorasick [0x1321200 - 1024]
[02:04:0829] [PE] Looking results : 0
[02:04:0859] [PE] Section[4/4] : 0x1321600
[02:04:0940] [PE] Init AhoCorasick
[02:04:0980] [PE] Start AhoCorasick [0x1321600 - 22016]
[02:05:0010] [PE] Looking results : 0
[02:05:0040] [CHECK] Blacklist
[02:05:0080] [CHECK] BlacklistPath
[02:05:0120] [CHECK] BlacklistMD5
[02:05:0150] [CHECK] MadeNumbers
[02:05:0190] [CHECK] HasUnicode
[02:05:0220] [CHECK] SuspPath
[02:05:0250] [CHECK] ProcessResidue
[02:05:0280] [CHECK] Not found!
[02:05:0320] [Check DLLs] SHDOCVW.dll : C:\WINDOWS\system32\SHDOCVW.dll
[02:05:0350] [CHECK] WhiteDLL
[02:05:0380] [CHECK] Whitelist
[02:05:0410] [CHECK] WellKnown
[02:05:0450] [CHECK] WhitelistPath
[02:05:0480] [CHECK] HijackName
[02:05:0510] [CHECK] Signature
[02:06:0572] [PE] Mapping
[02:06:0962] [PE] Parsing
[02:07:0053] [PE] Dos header -> 0x2210000
[02:07:0103] [PE] Nt header (offset : 0xf0) file size 0x1c8a00
[02:07:0253] [PE] pNtHeadersx86 -> 0x22100f0
[02:07:0313] [PE] Chars -> 0x210e
[02:07:0413] [PE] Optional header
[02:07:0483] [PE] Sections : 4
[02:07:0523] [PE] Section : 0 - .text
[02:07:0553] [PE] Section : 1 - .data
[02:07:0583] [PE] Section : 2 - .rsrc
[02:07:0623] [PE] Section : 3 - .reloc
[02:07:0673] [PE] Parse EAT
[02:07:0704] [PE] Parse IAT
[02:07:0734] [PE] Parsing ok
[02:07:0784] [PE] File open : 1
[02:07:0824] [PE] Search sigs
[02:07:0854] [PE] Section[0/3] : 0x2210400
[02:07:0894] [PE] Init AhoCorasick
[02:08:0014] [PE] Start AhoCorasick [0x2210400 - 886272]
[02:08:0124] [PE] Looking results : 0
[02:08:0154] [PE] Section[1/3] : 0x22e8a00
[02:08:0184] [PE] Init AhoCorasick
[02:08:0224] [PE] Start AhoCorasick [0x22e8a00 - 6144]
[02:08:0304] [PE] Looking results : 0
[02:08:0344] [PE] Section[2/3] : 0x22ea200
[02:08:0374] [PE] Init AhoCorasick
[02:08:0405] [PE] Start AhoCorasick [0x22ea200 - 931328]
[02:08:0485] [PE] Looking results : 0
[02:08:0535] [PE] Section[3/3] : 0x23cd800
[02:08:0555] [PE] Init AhoCorasick
[02:08:0585] [PE] Start AhoCorasick [0x23cd800 - 45568]
[02:08:0625] [PE] Looking results : 0
[02:08:0675] [CHECK] Blacklist
[02:08:0705] [CHECK] BlacklistPath
[02:08:0795] [CHECK] BlacklistMD5
[02:08:0855] [CHECK] MadeNumbers
[02:09:0075] [CHECK] HasUnicode
[02:09:0106] [CHECK] SuspPath
[02:09:0316] [CHECK] ProcessResidue
[02:09:0346] [CHECK] Not found!
[02:09:0366] [Check DLLs] CRYPT32.dll : C:\WINDOWS\system32\CRYPT32.dll
[02:09:0396] [CHECK] WhiteDLL
[02:09:0436] [CHECK] Whitelist
[02:09:0456] [CHECK] WellKnown
[02:09:0506] [CHECK] WhitelistPath
[02:09:0536] [CHECK] HijackName
[02:09:0566] [CHECK] Signature
[02:10:0357] [PE] Mapping
[02:10:0397] [PE] Parsing
[02:10:0437] [PE] Dos header -> 0x12a0000
[02:10:0457] [PE] Nt header (offset : 0xf0) file size 0x94000
[02:10:0488] [PE] pNtHeadersx86 -> 0x12a00f0
[02:10:0518] [PE] Chars -> 0x210e
[02:10:0548] [PE] Optional header
[02:10:0568] [PE] Sections : 4
[02:10:0598] [PE] Section : 0 - .text
[02:10:0618] [PE] Section : 1 - .data
[02:10:0648] [PE] Section : 2 - .rsrc
[02:10:0678] [PE] Section : 3 - .reloc
[02:10:0698] [PE] Parse EAT
[02:10:0728] [PE] Parse IAT
[02:10:0768] [PE] Parsing ok
[02:10:0788] [PE] File open : 1
[02:10:0818] [PE] Search sigs
[02:10:0848] [PE] Section[0/3] : 0x12a0400
[02:10:0878] [PE] Init AhoCorasick
[02:10:0898] [PE] Start AhoCorasick [0x12a0400 - 541696]
[02:11:0008] [PE] Looking results : 0
[02:11:0038] [PE] Section[1/3] : 0x1324800
[02:11:0078] [PE] Init AhoCorasick
[02:11:0108] [PE] Start AhoCorasick [0x1324800 - 9216]
[02:11:0128] [PE] Looking results : 0
[02:11:0158] [PE] Section[2/3] : 0x1326c00
[02:11:0189] [PE] Init AhoCorasick
[02:11:0209] [PE] Start AhoCorasick [0x1326c00 - 33792]
[02:11:0239] [PE] Looking results : 0
[02:11:0279] [PE] Section[3/3] : 0x132f000
[02:11:0329] [PE] Init AhoCorasick
[02:11:0369] [PE] Start AhoCorasick [0x132f000 - 20480]
[02:11:0469] [PE] Looking results : 0
[02:11:0499] [CHECK] Blacklist
[02:11:0519] [CHECK] BlacklistPath
[02:11:0589] [CHECK] BlacklistMD5
[02:11:0619] [CHECK] MadeNumbers
[02:11:0649] [CHECK] HasUnicode
[02:11:0669] [CHECK] SuspPath
[02:11:0699] [CHECK] ProcessResidue
[02:11:0719] [CHECK] Not found!
[02:11:0749] [Check DLLs] MSASN1.dll : C:\WINDOWS\system32\MSASN1.dll
[02:11:0779] [CHECK] WhiteDLL
[02:11:0799] [CHECK] Whitelist
[02:11:0829] [CHECK] WellKnown
[02:11:0859] [CHECK] WhitelistPath
[02:11:0890] [CHECK] HijackName
[02:11:0990] [CHECK] Signature
[02:13:0181] [PE] Mapping
[02:13:0241] [PE] Parsing
[02:13:0282] [PE] Dos header -> 0x12a0000
[02:13:0312] [PE] Nt header (offset : 0xd8) file size 0xe000
[02:13:0352] [PE] pNtHeadersx86 -> 0x12a00d8
[02:13:0412] [PE] Chars -> 0x210e
[02:13:0472] [PE] Optional header
[02:13:0512] [PE] Sections : 4
[02:13:0562] [PE] Section : 0 - .text
[02:13:0612] [PE] Section : 1 - .data
[02:13:0662] [PE] Section : 2 - .rsrc
[02:13:0782] [PE] Section : 3 - .reloc
[02:13:0852] [PE] Parse EAT
[02:13:0963] [PE] Parse IAT
[02:14:0093] [PE] Parsing ok
[02:14:0143] [PE] File open : 1
[02:14:0183] [PE] Search sigs
[02:14:0213] [PE] Section[0/3] : 0x12a0400
[02:14:0243] [PE] Init AhoCorasick
[02:14:0273] [PE] Start AhoCorasick [0x12a0400 - 53760]
[02:14:0303] [PE] Looking results : 0
[02:14:0333] [PE] Section[1/3] : 0x12ad600
[02:14:0393] [PE] Init AhoCorasick
[02:14:0423] [PE] Start AhoCorasick [0x12ad600 - 512]
[02:14:0463] [PE] Looking results : 0
[02:14:0493] [PE] Section[2/3] : 0x12ad800
[02:14:0513] [PE] Init AhoCorasick
[02:14:0543] [PE] Start AhoCorasick [0x12ad800 - 1024]
[02:14:0643] [PE] Looking results : 0
[02:14:0714] [PE] Section[3/3] : 0x12adc00
[02:14:0744] [PE] Init AhoCorasick
[02:14:0774] [PE] Start AhoCorasick [0x12adc00 - 1024]
[02:14:0794] [PE] Looking results : 0
[02:14:0834] [CHECK] Blacklist
[02:14:0864] [CHECK] BlacklistPath
[02:14:0904] [CHECK] BlacklistMD5
[02:14:0934] [CHECK] MadeNumbers
[02:14:0964] [CHECK] HasUnicode
[02:14:0994] [CHECK] SuspPath
[02:15:0024] [CHECK] ProcessResidue
[02:15:0054] [CHECK] Not found!
[02:15:0084] [Check DLLs] CRYPTUI.dll : C:\WINDOWS\system32\CRYPTUI.dll
[02:15:0134] [CHECK] WhiteDLL
[02:15:0174] [CHECK] Whitelist
[02:15:0204] [CHECK] WellKnown
[02:15:0234] [CHECK] WhitelistPath
[02:15:0284] [CHECK] HijackName
[02:15:0365] [CHECK] Signature
[02:17:0798] [PE] Mapping
[02:17:0868] [PE] Parsing
[02:17:0938] [PE] Dos header -> 0x2210000
[02:17:0998] [PE] Nt header (offset : 0xe8) file size 0x113200
[02:18:0048] [PE] pNtHeadersx86 -> 0x22100e8
[02:18:0078] [PE] Chars -> 0x210e
[02:18:0128] [PE] Optional header
[02:18:0169] [PE] Sections : 4
[02:18:0359] [PE] Section : 0 - .text
[02:18:0389] [PE] Section : 1 - .data
[02:18:0429] [PE] Section : 2 - .rsrc
[02:18:0469] [PE] Section : 3 - .reloc
[02:18:0509] [PE] Parse EAT
[02:18:0549] [PE] Parse IAT
[02:18:0599] [PE] Parsing ok
[02:18:0629] [PE] File open : 1
[02:18:0659] [PE] Search sigs
[02:18:0689] [PE] Section[0/3] : 0x2210400
[02:18:0719] [PE] Init AhoCorasick
[02:18:0759] [PE] Start AhoCorasick [0x2210400 - 291840]
[02:18:0809] [PE] Looking results : 0
[02:18:0830] [PE] Section[1/3] : 0x2257800
[02:18:0860] [PE] Init AhoCorasick
[02:18:0890] [PE] Start AhoCorasick [0x2257800 - 1024]
[02:19:0040] [PE] Looking results : 0
[02:19:0090] [PE] Section[2/3] : 0x2257c00
[02:19:0120] [PE] Init AhoCorasick
[02:19:0160] [PE] Start AhoCorasick [0x2257c00 - 821760]
[02:19:0230] [PE] Looking results : 0
[02:19:0310] [PE] Section[3/3] : 0x2320600
[02:19:0340] [PE] Init AhoCorasick
[02:19:0370] [PE] Start AhoCorasick [0x2320600 - 11264]
[02:19:0400] [PE] Looking results : 0
[02:19:0440] [CHECK] Blacklist
[02:19:0480] [CHECK] BlacklistPath
[02:19:0510] [CHECK] BlacklistMD5
[02:19:0561] [CHECK] MadeNumbers
[02:19:0591] [CHECK] HasUnicode
[02:19:0621] [CHECK] SuspPath
[02:19:0661] [CHECK] ProcessResidue
[02:19:0691] [CHECK] Not found!
[02:19:0721] [Check DLLs] NETAPI32.dll : C:\WINDOWS\system32\NETAPI32.dll
[02:19:0761] [CHECK] WhiteDLL
[02:19:0801] [CHECK] Whitelist
[02:19:0891] [CHECK] WellKnown
[02:19:0991] [CHECK] WhitelistPath
[02:20:0041] [CHECK] HijackName
[02:20:0071] [CHECK] Signature
[02:20:0332] [PE] Mapping
[02:20:0372] [PE] Parsing
[02:20:0422] [PE] Dos header -> 0x12a0000
[02:20:0452] [PE] Nt header (offset : 0xe0) file size 0x52600
[02:20:0492] [PE] pNtHeadersx86 -> 0x12a00e0
[02:20:0532] [PE] Chars -> 0x210e
[02:20:0562] [PE] Optional header
[02:20:0612] [PE] Sections : 4
[02:20:0642] [PE] Section : 0 - .text
[02:20:0682] [PE] Section : 1 - .data
[02:20:0712] [PE] Section : 2 - .rsrc
[02:20:0752] [PE] Section : 3 - .reloc
[02:20:0782] [PE] Parse EAT
[02:20:0832] [PE] Parse IAT
[02:20:0872] [PE] Parsing ok
[02:20:0933] [PE] File open : 1
[02:20:0983] [PE] Search sigs
[02:21:0023] [PE] Section[0/3] : 0x12a0400
[02:21:0143] [PE] Init AhoCorasick
[02:21:0213] [PE] Start AhoCorasick [0x12a0400 - 314368]
[02:21:0303] [PE] Looking results : 0
[02:21:0373] [PE] Section[1/3] : 0x12ed000
[02:21:0423] [PE] Init AhoCorasick
[02:21:0463] [PE] Start AhoCorasick [0x12ed000 - 10240]
[02:21:0573] [PE] Looking results : 0
[02:21:0704] [PE] Section[2/3] : 0x12ef800
[02:21:0754] [PE] Init AhoCorasick
[02:21:0794] [PE] Start AhoCorasick [0x12ef800 - 1024]
[02:21:0824] [PE] Looking results : 0
[02:21:0904] [PE] Section[3/3] : 0x12efc00
[02:22:0034] [PE] Init AhoCorasick
[02:22:0064] [PE] Start AhoCorasick [0x12efc00 - 10752]
[02:22:0114] [PE] Looking results : 0
[02:22:0164] [CHECK] Blacklist
[02:22:0204] [CHECK] BlacklistPath
[02:22:0244] [CHECK] BlacklistMD5
[02:22:0284] [CHECK] MadeNumbers
[02:22:0325] [CHECK] HasUnicode
[02:22:0355] [CHECK] SuspPath
[02:22:0405] [CHECK] ProcessResidue
[02:22:0445] [CHECK] Not found!
[02:22:0495] [Check DLLs] VERSION.dll : C:\WINDOWS\system32\VERSION.dll
[02:22:0545] [CHECK] WhiteDLL
[02:22:0585] [CHECK] Whitelist
[02:22:0635] [CHECK] WellKnown
[02:22:0675] [CHECK] WhitelistPath
[02:22:0725] [CHECK] HijackName
[02:22:0765] [CHECK] Signature
[02:22:0835] [PE] Mapping
[02:22:0885] [PE] Parsing
[02:22:0935] [PE] Dos header -> 0x12a0000
[02:22:0965] [PE] Nt header (offset : 0xd8) file size 0x4a00
[02:23:0016] [PE] pNtHeadersx86 -> 0x12a00d8
[02:23:0046] [PE] Chars -> 0x210e
[02:23:0086] [PE] Optional header
[02:23:0146] [PE] Sections : 4
[02:23:0286] [PE] Section : 0 - .text
[02:23:0516] [PE] Section : 1 - .data
[02:23:0566] [PE] Section : 2 - .rsrc
[02:23:0616] [PE] Section : 3 - .reloc
[02:23:0646] [PE] Parse EAT
[02:23:0696] [PE] Parse IAT
[02:23:0767] [PE] Parsing ok
[02:23:0797] [PE] File open : 1
[02:23:0837] [PE] Search sigs
[02:23:0867] [PE] Section[0/3] : 0x12a0400
[02:23:0897] [PE] Init AhoCorasick
[02:24:0037] [PE] Start AhoCorasick [0x12a0400 - 14848]
[02:24:0067] [PE] Looking results : 0
[02:24:0127] [PE] Section[1/3] : 0x12a3e00
[02:24:0177] [PE] Init AhoCorasick
[02:24:0257] [PE] Start AhoCorasick [0x12a3e00 - 512]
[02:24:0307] [PE] Looking results : 0
[02:24:0538] [PE] Section[2/3] : 0x12a4000
[02:24:0648] [PE] Init AhoCorasick
[02:24:0718] [PE] Start AhoCorasick [0x12a4000 - 1536]
[02:24:0778] [PE] Looking results : 0
[02:24:0838] [PE] Section[3/3] : 0x12a4600
[02:24:0888] [PE] Init AhoCorasick
[02:25:0008] [PE] Start AhoCorasick [0x12a4600 - 1024]
[02:25:0078] [PE] Looking results : 0
[02:25:0139] [CHECK] Blacklist
[02:25:0319] [CHECK] BlacklistPath
[02:25:0399] [CHECK] BlacklistMD5
[02:25:0499] [CHECK] MadeNumbers
[02:25:0539] [CHECK] HasUnicode
[02:25:0699] [CHECK] SuspPath
[02:25:0820] [CHECK] ProcessResidue
[02:25:0890] [CHECK] Not found!
[02:26:0000] [Check DLLs] WININET.dll : C:\WINDOWS\system32\WININET.dll
[02:26:0120] [CHECK] WhiteDLL
[02:26:0250] [CHECK] Whitelist
[02:26:0330] [CHECK] WellKnown
[02:26:0360] [CHECK] WhitelistPath
[02:26:0400] [CHECK] HijackName
[02:26:0450] [CHECK] Signature
[02:26:0721] [PE] Mapping
[02:26:0761] [PE] Parsing
[02:26:0791] [PE] Dos header -> 0x1e10000
[02:26:0821] [PE] Nt header (offset : 0xf8) file size 0xdf600
[02:26:0861] [PE] pNtHeadersx86 -> 0x1e100f8
[02:26:0901] [PE] Chars -> 0x2102
[02:27:0041] [PE] Optional header
[02:27:0091] [PE] Sections : 4
[02:27:0131] [PE] Section : 0 - .text
[02:27:0161] [PE] Section : 1 - .data
[02:27:0192] [PE] Section : 2 - .rsrc
[02:27:0222] [PE] Section : 3 - .reloc
[02:27:0262] [PE] Parse EAT
[02:27:0302] [PE] Parse IAT
[02:27:0342] [PE] Parsing ok
[02:27:0372] [PE] File open : 1
[02:27:0412] [PE] Search sigs
[02:27:0442] [PE] Section[0/3] : 0x1e10400
[02:27:0472] [PE] Init AhoCorasick
[02:27:0502] [PE] Start AhoCorasick [0x1e10400 - 717824]
[02:27:0602] [PE] Looking results : 0
[02:27:0682] [PE] Section[1/3] : 0x1ebf800
[02:27:0712] [PE] Init AhoCorasick
[02:27:0742] [PE] Start AhoCorasick [0x1ebf800 - 13312]
[02:27:0772] [PE] Looking results : 0
[02:27:0822] [PE] Section[2/3] : 0x1ec2c00
[02:27:0873] [PE] Init AhoCorasick
[02:27:0963] [PE] Start AhoCorasick [0x1ec2c00 - 156160]
[02:28:0083] [PE] Looking results : 0
[02:28:0143] [PE] Section[3/3] : 0x1ee8e00
[02:28:0173] [PE] Init AhoCorasick
[02:28:0213] [PE] Start AhoCorasick [0x1ee8e00 - 26624]
[02:28:0253] [PE] Looking results : 0
[02:28:0303] [CHECK] Blacklist
[02:28:0373] [CHECK] BlacklistPath
[02:28:0403] [CHECK] BlacklistMD5
[02:28:0443] [CHECK] MadeNumbers
[02:28:0483] [CHECK] HasUnicode
[02:28:0513] [CHECK] SuspPath
[02:28:0553] [CHECK] ProcessResidue
[02:28:0594] [CHECK] Not found!
[02:28:0624] [Check DLLs] Normaliz.dll : C:\WINDOWS\system32\Normaliz.dll
[02:28:0664] [CHECK] WhiteDLL
[02:28:0704] [CHECK] Whitelist
[02:28:0744] [CHECK] WellKnown
[02:28:0774] [CHECK] WhitelistPath
[02:28:0814] [CHECK] HijackName
[02:28:0844] [CHECK] Signature
[02:28:0944] [PE] Mapping
[02:29:0054] [PE] Parsing
[02:29:0084] [PE] Dos header -> 0x12a0000
[02:29:0114] [PE] Nt header (offset : 0xe8) file size 0x5c00
[02:29:0144] [PE] pNtHeadersx86 -> 0x12a00e8
[02:29:0174] [PE] Chars -> 0x2102
[02:29:0214] [PE] Optional header
[02:29:0254] [PE] Sections : 4
[02:29:0285] [PE] Section : 0 - .text
[02:29:0315] [PE] Section : 1 - .data
[02:29:0345] [PE] Section : 2 - .rsrc
[02:29:0385] [PE] Section : 3 - .reloc
[02:29:0415] [PE] Parse EAT
[02:29:0455] [PE] Parse IAT
[02:29:0495] [PE] Parsing ok
[02:29:0525] [PE] File open : 1
[02:29:0565] [PE] Search sigs
[02:29:0595] [PE] Section[0/3] : 0x12a0400
[02:29:0625] [PE] Init AhoCorasick
[02:29:0685] [PE] Start AhoCorasick [0x12a0400 - 18944]
[02:29:0996] [PE] Looking results : 0
[02:32:0139] [PE] Section[1/3] : 0x12a4e00
[02:32:0259] [PE] Init AhoCorasick
[02:32:0329] [PE] Start AhoCorasick [0x12a4e00 - 1024]
[02:32:0389] [PE] Looking results : 0
[02:32:0459] [PE] Section[2/3] : 0x12a5200
[02:32:0539] [PE] Init AhoCorasick
[02:32:0619] [PE] Start AhoCorasick [0x12a5200 - 1024]
[02:32:0729] [PE] Looking results : 0
[02:32:0810] [PE] Section[3/3] : 0x12a5600
[02:32:0870] [PE] Init AhoCorasick
[02:32:0940] [PE] Start AhoCorasick [0x12a5600 - 1536]
[02:32:0980] [PE] Looking results : 0
[02:33:0050] [CHECK] Blacklist
[02:33:0090] [CHECK] BlacklistPath
[02:33:0140] [CHECK] BlacklistMD5
[02:33:0190] [CHECK] MadeNumbers
[02:33:0240] [CHECK] HasUnicode
[02:33:0300] [CHECK] SuspPath
[02:33:0390] [CHECK] ProcessResidue
[02:33:0430] [CHECK] Not found!
[02:33:0471] [Check DLLs] urlmon.dll : C:\WINDOWS\system32\urlmon.dll
[02:33:0561] [CHECK] WhiteDLL
[02:33:0601] [CHECK] Whitelist
[02:33:0651] [CHECK] WellKnown
[02:33:0701] [CHECK] WhitelistPath
[02:33:0751] [CHECK] HijackName
[02:33:0801] [CHECK] Signature
[02:34:0162] [PE] Mapping
[02:34:0252] [PE] Parsing
[02:34:0302] [PE] Dos header -> 0x2210000
[02:34:0342] [PE] Nt header (offset : 0xf0) file size 0x126a00
[02:34:0422] [PE] pNtHeadersx86 -> 0x22100f0
[02:34:0492] [PE] Chars -> 0x2102
[02:34:0562] [PE] Optional header
[02:34:0642] [PE] Sections : 5
[02:34:0742] [PE] Section : 0 - .text
[02:34:0782] [PE] Section : 1 - .orpc
[02:34:0822] [PE] Section : 2 - .data
[02:34:0863] [PE] Section : 3 - .rsrc
[02:34:0913] [PE] Section : 4 - .reloc
[02:35:0013] [PE] Parse EAT
[02:35:0083] [PE] Parse IAT
[02:35:0233] [PE] Parsing ok
[02:35:0343] [PE] File open : 1
[02:35:0433] [PE] Search sigs
[02:35:0483] [PE] Section[0/4] : 0x2210400
[02:35:0524] [PE] Init AhoCorasick
[02:35:0584] [PE] Start AhoCorasick [0x2210400 - 808960]
[02:35:0694] [PE] Looking results : 0
[02:35:0744] [PE] Section[1/4] : 0x22d5c00
[02:35:0824] [PE] Init AhoCorasick
[02:35:0894] [PE] Start AhoCorasick [0x22d5c00 - 4608]
[02:35:0944] [PE] Looking results : 0
[02:35:0984] [PE] Section[2/4] : 0x22d6e00
[02:36:0014] [PE] Init AhoCorasick
[02:36:0044] [PE] Start AhoCorasick [0x22d6e00 - 15360]
[02:36:0064] [PE] Looking results : 0
[02:36:0094] [PE] Section[3/4] : 0x22daa00
[02:36:0124] [PE] Init AhoCorasick
[02:36:0184] [PE] Start AhoCorasick [0x22daa00 - 346112]
[02:36:0245] [PE] Looking results : 0
[02:36:0285] [PE] Section[4/4] : 0x232f200
[02:36:0325] [PE] Init AhoCorasick
[02:36:0385] [PE] Start AhoCorasick [0x232f200 - 30720]
[02:36:0485] [PE] Looking results : 0
[02:36:0525] [CHECK] Blacklist
[02:36:0635] [CHECK] BlacklistPath
[02:36:0675] [CHECK] BlacklistMD5
[02:36:0715] [CHECK] MadeNumbers
[02:36:0745] [CHECK] HasUnicode
[02:36:0785] [CHECK] SuspPath
[02:36:0835] [CHECK] ProcessResidue
[02:36:0885] [CHECK] Not found!
[02:37:0376] [Check DLLs] iertutil.dll : C:\WINDOWS\system32\iertutil.dll
[02:37:0416] [CHECK] WhiteDLL
[02:37:0446] [CHECK] Whitelist
[02:37:0486] [CHECK] WellKnown
[02:37:0516] [CHECK] WhitelistPath
[02:37:0556] [CHECK] HijackName
[02:37:0586] [CHECK] Signature
[02:38:0167] [PE] Mapping
[02:38:0237] [PE] Parsing
[02:38:0277] [PE] Dos header -> 0x2210000
[02:38:0378] [PE] Nt header (offset : 0xe8) file size 0x1e4a00
[02:38:0448] [PE] pNtHeadersx86 -> 0x22100e8
[02:38:0488] [PE] Chars -> 0x2102
[02:38:0528] [PE] Optional header
[02:38:0558] [PE] Sections : 4
[02:38:0598] [PE] Section : 0 - .text
[02:38:0638] [PE] Section : 1 - .data
[02:38:0668] [PE] Section : 2 - .rsrc
[02:38:0728] [PE] Section : 3 - .reloc
[02:38:0768] [PE] Parse EAT
[02:38:0808] [PE] Parse IAT
[02:38:0848] [PE] Parsing ok
[02:38:0878] [PE] File open : 1
[02:38:0928] [PE] Search sigs
[02:38:0958] [PE] Section[0/3] : 0x2210400
[02:38:0999] [PE] Init AhoCorasick
[02:39:0029] [PE] Start AhoCorasick [0x2210400 - 1872384]
[02:39:0179] [PE] Looking results : 0
[02:39:0229] [PE] Section[1/3] : 0x23d9600
[02:39:0329] [PE] Init AhoCorasick
[02:39:0379] [PE] Start AhoCorasick [0x23d9600 - 16896]
[02:39:0419] [PE] Looking results : 0
[02:39:0499] [PE] Section[2/3] : 0x23dd800
[02:39:0549] [PE] Init AhoCorasick
[02:39:0589] [PE] Start AhoCorasick [0x23dd800 - 1536]
[02:39:0629] [PE] Looking results : 0
[02:39:0679] [PE] Section[3/3] : 0x23dde00
[02:39:0720] [PE] Init AhoCorasick
[02:39:0770] [PE] Start AhoCorasick [0x23dde00 - 93184]
[02:39:0810] [PE] Looking results : 0
[02:39:0860] [CHECK] Blacklist
[02:39:0930] [CHECK] BlacklistPath
[02:39:0980] [CHECK] BlacklistMD5
[02:40:0020] [CHECK] MadeNumbers
[02:40:0060] [CHECK] HasUnicode
[02:40:0110] [CHECK] SuspPath
[02:40:0160] [CHECK] ProcessResidue
[02:40:0190] [CHECK] Not found!
[02:40:0260] [Check DLLs] WINTRUST.dll : C:\WINDOWS\system32\WINTRUST.dll
[02:40:0340] [CHECK] WhiteDLL
[02:40:0411] [CHECK] Whitelist
[02:40:0461] [CHECK] WellKnown
[02:40:0491] [CHECK] WhitelistPath
[02:40:0531] [CHECK] HijackName
[02:40:0571] [CHECK] Signature
[02:40:0621] [PE] Mapping
[02:40:0661] [PE] Parsing
[02:40:0711] [PE] Dos header -> 0x12a0000
[02:40:0741] [PE] Nt header (offset : 0xf0) file size 0x2c600
[02:40:0781] [PE] pNtHeadersx86 -> 0x12a00f0
[02:40:0821] [PE] Chars -> 0x210e
[02:40:0881] [PE] Optional header
[02:40:0961] [PE] Sections : 4
[02:41:0001] [PE] Section : 0 - .text
[02:41:0041] [PE] Section : 1 - .data
[02:41:0081] [PE] Section : 2 - .rsrc
[02:41:0122] [PE] Section : 3 - .reloc
[02:41:0152] [PE] Parse EAT
[02:41:0272] [PE] Parse IAT
[02:41:0362] [PE] Parsing ok
[02:41:0462] [PE] File open : 1
[02:41:0562] [PE] Search sigs
[02:41:0612] [PE] Section[0/3] : 0x12a0400
[02:41:0662] [PE] Init AhoCorasick
[02:41:0692] [PE] Start AhoCorasick [0x12a0400 - 164864]
[02:41:0742] [PE] Looking results : 0
[02:41:0793] [PE] Section[1/3] : 0x12c8800
[02:41:0823] [PE] Init AhoCorasick
[02:41:0863] [PE] Start AhoCorasick [0x12c8800 - 1024]
[02:41:0903] [PE] Looking results : 0
[02:41:0973] [PE] Section[2/3] : 0x12c8c00
[02:42:0063] [PE] Init AhoCorasick
[02:42:0153] [PE] Start AhoCorasick [0x12c8c00 - 9216]
[02:42:0293] [PE] Looking results : 0
[02:42:0413] [PE] Section[3/3] : 0x12cb000
[02:42:0514] [PE] Init AhoCorasick
[02:42:0634] [PE] Start AhoCorasick [0x12cb000 - 5632]
[02:42:0754] [PE] Looking results : 0
[02:42:0864] [CHECK] Blacklist
[02:42:0944] [CHECK] BlacklistPath
[02:43:0024] [CHECK] BlacklistMD5
[02:43:0144] [CHECK] MadeNumbers
[02:43:0235] [CHECK] HasUnicode
[02:43:0325] [CHECK] SuspPath
[02:43:0455] [CHECK] ProcessResidue
[02:43:0545] [CHECK] Not found!
[02:43:0635] [Check DLLs] IMAGEHLP.dll : C:\WINDOWS\system32\IMAGEHLP.dll
[02:43:0755] [CHECK] WhiteDLL
[02:43:0845] [CHECK] Whitelist
[02:43:0936] [CHECK] WellKnown
[02:44:0036] [CHECK] WhitelistPath
[02:44:0116] [CHECK] HijackName
[02:44:0186] [CHECK] Signature
[02:44:0276] [PE] Mapping
[02:44:0396] [PE] Parsing
[02:44:0546] [PE] Dos header -> 0x12a0000
[02:44:0647] [PE] Nt header (offset : 0x108) file size 0x23400
[02:44:0757] [PE] pNtHeadersx86 -> 0x12a0108
[02:44:0947] [PE] Chars -> 0x210e
[02:45:0077] [PE] Optional header
[02:45:0167] [PE] Sections : 4
[02:45:0268] [PE] Section : 0 - .text
[02:45:0388] [PE] Section : 1 - .data
[02:45:0548] [PE] Section : 2 - .rsrc
[02:45:0688] [PE] Section : 3 - .reloc
[02:45:0798] [PE] Parse EAT
[02:45:0898] [PE] Parse IAT
[02:45:0999] [PE] Parsing ok
[02:46:0099] [PE] File open : 1
[02:46:0189] [PE] Search sigs
[02:46:0279] [PE] Section[0/3] : 0x12a0400
[02:46:0409] [PE] Init AhoCorasick
[02:46:0529] [PE] Start AhoCorasick [0x12a0400 - 135680]
[02:46:0629] [PE] Looking results : 0
[02:46:0740] [PE] Section[1/3] : 0x12c1600
[02:46:0860] [PE] Init AhoCorasick
[02:46:0970] [PE] Start AhoCorasick [0x12c1600 - 2048]
[02:47:0050] [PE] Looking results : 0
[02:47:0130] [PE] Section[2/3] : 0x12c1e00
[02:47:0250] [PE] Init AhoCorasick
[02:47:0340] [PE] Start AhoCorasick [0x12c1e00 - 1024]
[02:47:0431] [PE] Looking results : 0
[02:48:0252] [PE] Section[3/3] : 0x12c2200
[02:48:0312] [PE] Init AhoCorasick
[02:48:0342] [PE] Start AhoCorasick [0x12c2200 - 4608]
[02:48:0382] [PE] Looking results : 0
[02:48:0442] [CHECK] Blacklist
[02:48:0492] [CHECK] BlacklistPath
[02:48:0522] [CHECK] BlacklistMD5
[02:48:0612] [CHECK] MadeNumbers
[02:48:0652] [CHECK] HasUnicode
[02:48:0702] [CHECK] SuspPath
[02:48:0732] [CHECK] ProcessResidue
[02:48:0773] [CHECK] Not found!
[02:48:0813] [Check DLLs] WLDAP32.dll : C:\WINDOWS\system32\WLDAP32.dll
[02:48:0873] [CHECK] WhiteDLL
[02:48:0953] [CHECK] Whitelist
[02:49:0003] [CHECK] WellKnown
[02:49:0033] [CHECK] WhitelistPath
[02:49:0063] [CHECK] HijackName
[02:49:0133] [CHECK] Signature
[02:49:0403] [PE] Mapping
[02:49:0544] [PE] Parsing
[02:49:0574] [PE] Dos header -> 0x12a0000
[02:49:0734] [PE] Nt header (offset : 0xf0) file size 0x2a200
[02:49:0824] [PE] pNtHeadersx86 -> 0x12a00f0
[02:49:0864] [PE] Chars -> 0x210e
[02:49:0934] [PE] Optional header
[02:49:0984] [PE] Sections : 4
[02:50:0034] [PE] Section : 0 - .text
[02:50:0104] [PE] Section : 1 - .data
[02:50:0175] [PE] Section : 2 - .rsrc
[02:50:0225] [PE] Section : 3 - .reloc
[02:50:0255] [PE] Parse EAT
[02:50:0315] [PE] Parse IAT
[02:50:0395] [PE] Parsing ok
[02:50:0585] [PE] File open : 1
[02:50:0685] [PE] Search sigs
[02:50:0765] [PE] Section[0/3] : 0x12a0400
[02:50:0836] [PE] Init AhoCorasick
[02:50:0886] [PE] Start AhoCorasick [0x12a0400 - 131072]
[02:50:0946] [PE] Looking results : 0
[02:50:0986] [PE] Section[1/3] : 0x12c0400
[02:51:0056] [PE] Init AhoCorasick
[02:51:0096] [PE] Start AhoCorasick [0x12c0400 - 30720]
[02:51:0156] [PE] Looking results : 0
[02:51:0266] [PE] Section[2/3] : 0x12c7c00
[02:51:0296] [PE] Init AhoCorasick
[02:51:0386] [PE] Start AhoCorasick [0x12c7c00 - 4608]
[02:51:0426] [PE] Looking results : 0
[02:51:0476] [PE] Section[3/3] : 0x12c8e00
[02:51:0537] [PE] Init AhoCorasick
[02:51:0587] [PE] Start AhoCorasick [0x12c8e00 - 5120]
[02:51:0617] [PE] Looking results : 0
[02:51:0657] [CHECK] Blacklist
[02:51:0707] [CHECK] BlacklistPath
[02:51:0737] [CHECK] BlacklistMD5
[02:51:0877] [CHECK] MadeNumbers
[02:52:0047] [CHECK] HasUnicode
[02:52:0228] [CHECK] SuspPath
[02:52:0388] [CHECK] ProcessResidue
[02:52:0508] [CHECK] Not found!
[02:52:0638] [Check DLLs] SHELL32.dll : C:\WINDOWS\system32\SHELL32.dll
[02:52:0708] [CHECK] WhiteDLL
[02:52:0788] [CHECK] Whitelist
[02:52:0838] [CHECK] WellKnown
[02:52:0909] [CHECK] WhitelistPath
[02:52:0969] [CHECK] HijackName
[02:53:0009] [CHECK] Signature
[02:55:0622] [CHECK] Blacklist
[02:55:0753] [CHECK] BlacklistPath
[02:55:0933] [CHECK] BlacklistMD5
[02:56:0163] [CHECK] MadeNumbers
[02:56:0934] [CHECK] HasUnicode
[02:57:0004] [CHECK] SuspPath
[02:57:0145] [CHECK] ProcessResidue
[02:57:0345] [CHECK] Not found!
[02:57:0535] [Check DLLs] UxTheme.dll : C:\WINDOWS\system32\UxTheme.dll
[02:57:0585] [CHECK] WhiteDLL
[02:57:0705] [CHECK] Whitelist
[02:57:0786] [CHECK] WellKnown
[02:57:0876] [CHECK] WhitelistPath
[02:57:0936] [CHECK] HijackName
[02:57:0976] [CHECK] Signature
[02:58:0036] [PE] Mapping
[02:58:0146] [PE] Parsing
[02:58:0236] [PE] Dos header -> 0x12a0000
[02:58:0286] [PE] Nt header (offset : 0xe8) file size 0x35a00
[02:58:0346] [PE] pNtHeadersx86 -> 0x12a00e8
[02:58:0386] [PE] Chars -> 0x210e
[02:58:0416] [PE] Optional header
[02:58:0466] [PE] Sections : 4
[02:58:0507] [PE] Section : 0 - .text
[02:58:0557] [PE] Section : 1 - .data
[02:58:0617] [PE] Section : 2 - .rsrc
[02:58:0697] [PE] Section : 3 - .reloc
[02:58:0737] [PE] Parse EAT
[02:58:0777] [PE] Parse IAT
[02:58:0847] [PE] Parsing ok
[02:58:0887] [PE] File open : 1
[02:58:0917] [PE] Search sigs
[02:58:0957] [PE] Section[0/3] : 0x12a0400
[02:59:0027] [PE] Init AhoCorasick
[02:59:0168] [PE] Start AhoCorasick [0x12a0400 - 193024]
[02:59:0338] [PE] Looking results : 0
[02:59:0458] [PE] Section[1/3] : 0x12cf600
[02:59:0508] [PE] Init AhoCorasick
[02:59:0568] [PE] Start AhoCorasick [0x12cf600 - 4096]
[02:59:0618] [PE] Looking results : 0
[02:59:0708] [PE] Section[2/3] : 0x12d0600
[02:59:0778] [PE] Init AhoCorasick
[02:59:0808] [PE] Start AhoCorasick [0x12d0600 - 14848]
[02:59:0848] [PE] Looking results : 0
[02:59:0899] [PE] Section[3/3] : 0x12d4000
[02:59:0969] [PE] Init AhoCorasick
[03:00:0009] [PE] Start AhoCorasick [0x12d4000 - 6656]
[03:00:0119] [PE] Looking results : 0
[03:00:0169] [CHECK] Blacklist
[03:00:0219] [CHECK] BlacklistPath
[03:00:0259] [CHECK] BlacklistMD5
[03:00:0299] [CHECK] MadeNumbers
[03:00:0349] [CHECK] HasUnicode
[03:00:0409] [CHECK] SuspPath
[03:00:0469] [CHECK] ProcessResidue
[03:00:0509] [CHECK] Not found!
[03:00:0549] [Check DLLs] ShimEng.dll : C:\WINDOWS\system32\ShimEng.dll
[03:00:0590] [CHECK] WhiteDLL
[03:00:0640] [CHECK] Whitelist
[03:00:0670] [CHECK] WellKnown
[03:00:0710] [CHECK] WhitelistPath
[03:00:0770] [CHECK] HijackName
[03:00:0810] [CHECK] Signature
[03:03:0474] [PE] Mapping
[03:03:0594] [PE] Parsing
[03:03:0644] [PE] Dos header -> 0x12a0000
[03:03:0674] [PE] Nt header (offset : 0xe8) file size 0xfe00
[03:03:0714] [PE] pNtHeadersx86 -> 0x12a00e8
[03:03:0754] [PE] Chars -> 0x210e
[03:03:0794] [PE] Optional header
[03:03:0874] [PE] Sections : 4
[03:04:0115] [PE] Section : 0 - .text
[03:04:0245] [PE] Section : 1 - .data
[03:04:0295] [PE] Section : 2 - .rsrc
[03:04:0335] [PE] Section : 3 - .reloc
[03:04:0385] [PE] Parse EAT
[03:04:0425] [P
0

Discussions similaires

Julien Lepers m'annonce que j'ai gagné 500K€. C'est une blague ?
Lilie du sud -
arlette -

27 réponses
adele
marine carnet-pantier -
irongege -

2 réponses
Que signifie arrivé au centre de transport de départ ?
AlphaFurryWolf -
baladur13 -

3 réponses
supprimer une icône du bureau
johnpaul1402 -
didmed -

3 réponses
Leboncoin : j'ai un problème d'affichage
maria1508 -
msi123 -

5 réponses