Navigateur
therasson
Messages postés
29
Date d'inscription
Statut
Membre
Dernière intervention
-
lilidurhone Messages postés 43355 Date d'inscription Statut Contributeur sécurité Dernière intervention -
lilidurhone Messages postés 43355 Date d'inscription Statut Contributeur sécurité Dernière intervention -
bonjour a tous.j'ai un probleme sur mon ordi.mes navigateur affichent impossible de se connecter au serveur proxy.
A voir également:
- Navigateur
- Navigateur web - Guide
- Extension de navigateur - Guide
- Navigateur privé - Guide
- Www.office.com dans le navigateur edge - Guide
- Navigateur apk - Télécharger - Navigateurs
5 réponses
* Télécharge sur le bureau RogueKiller
* Quitte tous tes programmes en cours.
* Sous Vista/Seven et windows 8 , clique droit -> lancer en tant qu'administrateur
* Sinon lance simplement RogueKiller.exe
* Patiente pendant le pre-scan, puis clique sur le bouton Scan
* Un rapport RKreport.txt a du se créer sur le bureau, poste-le.
Note : Si le programme a été bloqué, ne pas hésiter à essayer plusieurs fois.
* Quitte tous tes programmes en cours.
* Sous Vista/Seven et windows 8 , clique droit -> lancer en tant qu'administrateur
* Sinon lance simplement RogueKiller.exe
* Patiente pendant le pre-scan, puis clique sur le bouton Scan
* Un rapport RKreport.txt a du se créer sur le bureau, poste-le.
Note : Si le programme a été bloqué, ne pas hésiter à essayer plusieurs fois.
RogueKiller V8.8.7 [Feb 11 2014] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : https://forum.adlice.com/
Site Web : https://www.luanagames.com/index.fr.html
Blog : https://www.adlice.com/
Systeme d'exploitation : Windows 8 (6.2.9200 ) 32 bits version
Demarrage : Mode normal
Utilisateur : OLIVIER KONAN [Droits d'admin]
Mode : Recherche -- Date : 02/17/2014 17:33:52
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 1 ¤¤¤
[SUSP PATH][DLL] rundll32.exe -- C:\Users\OLIVIER KONAN\AppData\Roaming\newnext.me\nengine.dll [-] -> rundll32.exe TUÉ [TermProc]
¤¤¤ Entrees de registre : 38 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : iLivid ("C:\Users\OLIVIER KONAN\AppData\Local\iLivid\iLivid.exe" -autorun [x]) -> TROUVÉ
[RUN][SUSP PATH] HKCU\[...]\Run : NextLive (C:\Windows\system32\rundll32.exe "C:\Users\OLIVIER KONAN\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l [-][-][x]) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-4107783962-4124286572-2519654401-1001\[...]\Run : iLivid ("C:\Users\OLIVIER KONAN\AppData\Local\iLivid\iLivid.exe" -autorun [x]) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-4107783962-4124286572-2519654401-1001\[...]\Run : NextLive (C:\Windows\system32\rundll32.exe "C:\Users\OLIVIER KONAN\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l [-][-][x]) -> TROUVÉ
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:8888;hxxps=127.0.0.1:8888 [Country: , City: ]) -> TROUVÉ
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyEnable (1) -> TROUVÉ
[IFEO] HKLM\[...]\bitguard.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\bprotect.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\bpsvc.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\browsemngr.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\browserdefender.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\browsermngr.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\browserprotect.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\browsersafeguard.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\bundlesweetimsetup.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\cltmngsvc.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\delta babylon.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\delta tb.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\delta2.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\deltainstaller.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\deltasetup.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\deltatb.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\deltatb_2501-c733154b.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\dprotectsvc.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\iminentsetup.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\protectedsearch.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\rjatydimofu.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\searchprotection.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\searchprotector.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\snapdo.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\stinst32.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\stinst64.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\sweetimsetup.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\tbdelta.exetoolbar783881609.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\utiljumpflip.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
[APPINIT][SUSP PATH] HKLM\[...]\Windows : AppInit_DLLs (C:\PROGRA~2\Wincert\WIN32C~1.DLL C:\PROGRA~1\MOVIES~1\Datamngr\mgrldr.dll [-][7]) -> TROUVÉ
¤¤¤ Tâches planifiées : 3 ¤¤¤
[V1][SUSP PATH] Bonanza.job : C:\Users\OLIVIE~1\AppData\Roaming\Bonanza\UPDATE~1\UPDATE~1.EXE - /Check [-] -> TROUVÉ
[V2][SUSP PATH] Bonanza : C:\Users\OLIVIE~1\AppData\Roaming\Bonanza\UPDATE~1\UPDATE~1.EXE - /Check [-] -> TROUVÉ
[V2][SUSP PATH] EPUpdater : C:\Users\OLIVIE~1\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [7] -> TROUVÉ
¤¤¤ Entrées Startup : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Addons navigateur : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [CHARGE] ¤¤¤
[Address] IAT @explorer.exe (CoTaskMemFree) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CA3700)
[Address] IAT @explorer.exe (CoInitializeEx) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CB9DF5)
[Address] IAT @explorer.exe (CoUninitialize) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CB963D)
[Address] IAT @explorer.exe (CreateStreamOnHGlobal) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CE97D7)
[Address] IAT @explorer.exe (CoGetApartmentType) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CBA9CD)
[Address] IAT @explorer.exe (CoWaitForMultipleHandles) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CE8B73)
[Address] IAT @explorer.exe (CoFreeUnusedLibraries) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CF2329)
[Address] IAT @explorer.exe (CoEnableCallCancellation) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CC6635)
[Address] IAT @explorer.exe (CoDisableCallCancellation) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CC666B)
[Address] IAT @explorer.exe (CoCancelCall) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76D4E323)
[Address] IAT @explorer.exe (StringFromGUID2) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CBA428)
[Address] IAT @explorer.exe (PropVariantClear) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CBAAF0)
[Address] IAT @explorer.exe (CoMarshalInterThreadInterfaceInStream) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CEF6D4)
[Address] IAT @explorer.exe (CoReleaseMarshalData) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CC96E2)
[Address] IAT @explorer.exe (CoCreateInstance) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CBC859)
[Address] IAT @explorer.exe (CoRevokeClassObject) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CF34F6)
[Address] IAT @explorer.exe (CoRegisterClassObject) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CF4757)
[Address] IAT @explorer.exe (CoGetInterfaceAndReleaseStream) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CEF684)
[Address] IAT @explorer.exe (CoGetMalloc) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CA3838)
[Address] IAT @explorer.exe (CoCreateFreeThreadedMarshaler) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CBD270)
[Address] IAT @explorer.exe (CoTaskMemAlloc) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CA37D7)
[Address] IAT @explorer.exe (CLSIDFromString) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CE8056)
[Address] IAT @explorer.exe (CoTaskMemRealloc) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CBAACA)
[Address] IAT @explorer.exe (InterlockedExchange) : api-ms-win-core-interlocked-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6CEF9)
[Address] IAT @explorer.exe (InterlockedIncrement) : api-ms-win-core-interlocked-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6CE9B)
[Address] IAT @explorer.exe (InterlockedCompareExchange) : api-ms-win-core-interlocked-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6CF0C)
[Address] IAT @explorer.exe (InterlockedDecrement) : api-ms-win-core-interlocked-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6CE8A)
[Address] IAT @explorer.exe (RegCreateKeyExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A8B580)
[Address] IAT @explorer.exe (RegEnumValueW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7C5C4)
[Address] IAT @explorer.exe (RegQueryInfoKeyW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7C171)
[Address] IAT @explorer.exe (RegQueryValueExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6FBB6)
[Address] IAT @explorer.exe (RegCloseKey) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6F832)
[Address] IAT @explorer.exe (RegOpenKeyExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6F625)
[Address] IAT @explorer.exe (RegGetValueW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7296A)
[Address] IAT @explorer.exe (RegOpenCurrentUser) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A763B3)
[Address] IAT @explorer.exe (RegEnumKeyExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7AA19)
[Address] IAT @explorer.exe (RegDeleteValueW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A81401)
[Address] IAT @explorer.exe (RegSetValueExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A8B72B)
[Address] IAT @explorer.exe (OpenProcessToken) : api-ms-win-core-processthreads-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6E647)
[Address] IAT @explorer.exe (OpenThreadToken) : api-ms-win-core-processthreads-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6E612)
[Address] IAT @explorer.exe (CloseHandle) : api-ms-win-core-handle-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6D140)
[Address] IAT @explorer.exe (DuplicateHandle) : api-ms-win-core-handle-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6DA22)
[Address] IAT @explorer.exe (SetUnhandledExceptionFilter) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A870D7)
[Address] IAT @explorer.exe (SetErrorMode) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A72EBF)
[Address] IAT @explorer.exe (GetLastError) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6CEEF)
[Address] IAT @explorer.exe (RaiseException) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A71F9B)
[Address] IAT @explorer.exe (UnhandledExceptionFilter) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74AF705F)
[Address] IAT @explorer.exe (WaitForSingleObject) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A62151)
[Address] IAT @explorer.exe (OpenMutexW) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7BACE)
[Address] IAT @explorer.exe (InitializeCriticalSectionEx) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A753BA)
[Address] IAT @explorer.exe (WaitForMultipleObjectsEx) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6CFBE)
[Address] IAT @explorer.exe (SetEvent) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6D08C)
[Address] IAT @explorer.exe (OpenEventW) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7229A)
[Address] IAT @explorer.exe (CreateEventW) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6D997)
[Address] IAT @explorer.exe (ResetEvent) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6D0B2)
[Address] IAT @explorer.exe (CreateMutexW) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A70EE1)
[Address] IAT @explorer.exe (ReleaseMutex) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A61005)
[Address] IAT @explorer.exe (Sleep) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A62284)
[Address] IAT @explorer.exe (CharNextW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7663E)
[Address] IAT @explorer.exe (CharUpperW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7695B)
[Address] IAT @explorer.exe (CharPrevW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A79AAC)
[Address] IAT @explorer.exe (CharLowerW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7E111)
[Address] IAT @explorer.exe (IsCharAlphaNumericW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7BDE7)
[Address] IAT @explorer.exe (HeapDestroy) : api-ms-win-core-heap-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A704F7)
[Address] IAT @explorer.exe (HeapSetInformation) : api-ms-win-core-heap-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7467B)
[Address] IAT @explorer.exe (GetProcessHeap) : api-ms-win-core-heap-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6CEB1)
[Address] IAT @explorer.exe (WideCharToMultiByte) : api-ms-win-core-string-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A71CCD)
[Address] IAT @explorer.exe (MultiByteToWideChar) : api-ms-win-core-string-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A70C61)
[Address] IAT @explorer.exe (CompareStringW) : api-ms-win-core-string-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6EC17)
[Address] IAT @explorer.exe (CompareStringOrdinal) : api-ms-win-core-string-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A77E2F)
[Address] IAT @explorer.exe (FreeLibrary) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6DD11)
[Address] IAT @explorer.exe (GetProcAddress) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6FCFE)
[Address] IAT @explorer.exe (LoadLibraryExW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7273E)
[Address] IAT @explorer.exe (LockResource) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6D7DF)
[Address] IAT @explorer.exe (GetModuleHandleW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6DC84)
[Address] IAT @explorer.exe (LoadResource) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A775B2)
[Address] IAT @explorer.exe (FindResourceExW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7748B)
[Address] IAT @explorer.exe (GetModuleFileNameW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6E0AF)
[Address] IAT @explorer.exe (FreeLibraryAndExitThread) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6E033)
[Address] IAT @explorer.exe (GetModuleHandleExW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A720DA)
[Address] IAT @explorer.exe (LoadStringW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A73BD1)
[Address] IAT @explorer.exe (GetModuleHandleA) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6E3CA)
[Address] IAT @explorer.exe (GetCurrentDirectoryW) : api-ms-win-core-processenvironment-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A754B6)
[Address] IAT @explorer.exe (GetCommandLineW) : api-ms-win-core-processenvironment-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A753E2)
[Address] IAT @explorer.exe (SearchPathW) : api-ms-win-core-processenvironment-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74ABC406)
[Address] IAT @explorer.exe (ExpandEnvironmentStringsW) : api-ms-win-core-processenvironment-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6EDE9)
[Address] IAT @explorer.exe (CallNtPowerInformation) : api-ms-win-power-base-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\powrprof.dll @ 0x748C1DCC)
[Address] IAT @explorer.exe (GetPwrCapabilities) : api-ms-win-power-base-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\powrprof.dll @ 0x748C367D)
[Address] IAT @explorer.exe (GetTokenInformation) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6E773)
[Address] IAT @explorer.exe (GetSidSubAuthority) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A76446)
[Address] IAT @explorer.exe (CreateWellKnownSid) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A82A05)
[Address] IAT @explorer.exe (GetLengthSid) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6E66F)
[Address] IAT @explorer.exe (IsValidSid) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6E6D5)
[Address] IAT @explorer.exe (CopySid) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6E688)
[Address] IAT @explorer.exe (GetSidSubAuthorityCount) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7645F)
[Address] IAT @explorer.exe (CheckTokenMembership) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A70329)
[Address] IAT @explorer.exe (PathCchAddExtension) : api-ms-win-core-path-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A9A8C1)
[Address] IAT @explorer.exe (PathCchCombine) : api-ms-win-core-path-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A786CF)
[Address] IAT @explorer.exe (PathCchAppend) : api-ms-win-core-path-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A811EC)
[Address] IAT @explorer.exe (GetLongPathNameW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A92C8D)
[Address] IAT @explorer.exe (ReadFile) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7384C)
[Address] IAT @explorer.exe (CreateFileW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A726CE)
[Address] IAT @explorer.exe (WriteFile) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6DA7F)
[Address] IAT @explorer.exe (GetFileSize) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A702B9)
[Address] IAT @explorer.exe (FindClose) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A74A48)
[Address] IAT @explorer.exe (CompareFileTime) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A71648)
[Address] IAT @explorer.exe (DeleteFileW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7402F)
[Address] IAT @explorer.exe (FindNextFileW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A74B4D)
[Address] IAT @explorer.exe (FindFirstFileW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A749EA)
[Address] IAT @explorer.exe (GetFileAttributesW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A72D76)
[Address] IAT @explorer.exe (GetTickCount64) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6D21E)
[Address] IAT @explorer.exe (GetTickCount) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6CE5B)
[Address] IAT @explorer.exe (GetProductInfo) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A8A3A1)
[Address] IAT @explorer.exe (GetVersionExW) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6EE47)
[Address] IAT @explorer.exe (GetSystemDirectoryW) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A743EE)
[Address] IAT @explorer.exe (GetSystemTimeAsFileTime) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6D306)
[Address] IAT @explorer.exe (GetSystemTime) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6ECE5)
[Address] IAT @explorer.exe (GetWindowsDirectoryW) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A769A0)
[Address] IAT @explorer.exe (GetLocalTime) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6F145)
[Address] IAT @explorer.exe (GetDynamicTimeZoneInformation) : api-ms-win-core-timezone-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74AB2B27)
[Address] IAT @explorer.exe (GetTimeZoneInformation) : api-ms-win-core-timezone-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A800B1)
[Address] IAT @explorer.exe (SystemTimeToFileTime) : api-ms-win-core-timezone-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A72141)
[Address] IAT @explorer.exe (GetTimeFormatEx) : api-ms-win-core-datetime-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A82599)
[Address] IAT @explorer.exe (GetDateFormatEx) : api-ms-win-core-datetime-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A825C9)
[Address] IAT @explorer.exe (GetDateFormatW) : api-ms-win-core-datetime-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A92516)
[Address] IAT @explorer.exe (MapViewOfFile) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A72BB9)
[Address] IAT @explorer.exe (VirtualAlloc) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6D3DD)
[Address] IAT @explorer.exe (UnmapViewOfFile) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6D2A3)
[Address] IAT @explorer.exe (CreateFileMappingW) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A72D4F)
[Address] IAT @explorer.exe (VirtualFree) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6DD5A)
[Address] IAT @explorer.exe (StrStrIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7F51E)
[Address] IAT @explorer.exe (StrTrimW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7DF67)
[Address] IAT @explorer.exe (StrCmpNICW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74ABD843)
[Address] IAT @explorer.exe (StrCmpNW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74ABCC6A)
[Address] IAT @explorer.exe (StrToIntW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74ABDD73)
[Address] IAT @explorer.exe (StrChrW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74ABD80F)
[Address] IAT @explorer.exe (StrCmpICW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74ABD76D)
[Address] IAT @explorer.exe (StrCmpNIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7F7C6)
[Address] IAT @explorer.exe (StrRStrIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74AB7664)
[Address] IAT @explorer.exe (StrCmpIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A943B9)
[Address] IAT @explorer.exe (SHLoadIndirectString) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7FB3B)
[Address] IAT @explorer.exe (StrChrIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A95923)
[Address] IAT @explorer.exe (StrCmpW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74ABCED7)
[Address] IAT @explorer.exe (StrCmpCW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A76B0D)
[Address] IAT @explorer.exe (QISearch) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6DEB8)
[Address] IAT @explorer.exe (StrCmpICA) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6DF6D)
[Address] IAT @explorer.exe (GetUserDefaultUILanguage) : api-ms-win-core-localization-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7172A)
[Address] IAT @explorer.exe (CoRegisterMessageFilter) : api-ms-win-core-com-private-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CE91D2)
[Address] IAT @explorer.exe (SHRegGetUSValueW) : api-ms-win-core-registryuserspecific-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A90829)
[Address] IAT @explorer.exe (SHRegGetBoolUSValueW) : api-ms-win-core-registryuserspecific-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A97F7A)
[Address] IAT @explorer.exe (PathRemoveExtensionW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A81111)
[Address] IAT @explorer.exe (PathIsFileSpecW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A974FF)
[Address] IAT @explorer.exe (PathGetDriveNumberW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74ABD9BF)
[Address] IAT @explorer.exe (PathRemoveFileSpecW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A9208C)
[Address] IAT @explorer.exe (PathCommonPrefixW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A80BFB)
[Address] IAT @explorer.exe (PathStripPathW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74AC26F0)
[Address] IAT @explorer.exe (PathStripToRootW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A9224C)
[Address] IAT @explorer.exe (PathFindExtensionW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A79964)
[Address] IAT @explorer.exe (PathQuoteSpacesW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74AB7B36)
[Address] IAT @explorer.exe (SHExpandEnvironmentStringsW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A79C9B)
[Address] IAT @explorer.exe (PathFileExistsW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A76B45)
[Address] IAT @explorer.exe (PathGetArgsW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74ABBE61)
[Address] IAT @explorer.exe (PathRemoveBlanksW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A8A588)
[Address] IAT @explorer.exe (PathFindFileNameW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74ABD899)
[Address] IAT @explorer.exe (PathCombineW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7E1CF)
[Address] IAT @explorer.exe (PathParseIconLocationW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74AC2A5F)
[Address] IAT @explorer.exe (PathIsRootW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7E367)
[Address] IAT @explorer.exe (PathIsPrefixW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A80D6E)
[Address] IAT @explorer.exe (RegCreateKeyW) : api-ms-win-core-registry-l2-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\advapi32.dll @ 0x7668879E)
[Address] IAT @explorer.exe (RoGetActivationFactory) : api-ms-win-core-winrt-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CF76B7)
[Address] IAT @explorer.exe (WindowsDeleteString) : api-ms-win-core-winrt-string-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CF1360)
[Address] IAT @explorer.exe (WindowsCreateString) : api-ms-win-core-winrt-string-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CF15A1)
[Address] IAT @explorer.exe (WindowsGetStringRawBuffer) : api-ms-win-core-winrt-string-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CF116D)
[Address] IAT @explorer.exe (GetLocaleInfoW) : api-ms-win-core-localization-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A73457)
[Address] IAT @explorer.exe (GetThreadUILanguage) : api-ms-win-core-localization-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A80B2D)
[Address] IAT @explorer.exe (QueryFullProcessImageNameW) : api-ms-win-core-psapi-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74ABE179)
[Address] IAT @explorer.exe (StopTraceW) : api-ms-win-eventing-controller-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74AB2934)
[Address] IAT @explorer.exe (EnableTraceEx2) : api-ms-win-eventing-controller-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74AA960E)
[Address] IAT @explorer.exe (StartTraceW) : api-ms-win-eventing-controller-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74AA9E6F)
[Address] IAT @explorer.exe (DeactivateActCtx) : api-ms-win-core-sidebyside-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7029B)
[Address] IAT @explorer.exe (ReleaseActCtx) : api-ms-win-core-sidebyside-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7025F)
[Address] IAT @explorer.exe (ActivateActCtx) : api-ms-win-core-sidebyside-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7027D)
[Address] IAT @explorer.exe (CreateActCtxW) : api-ms-win-core-sidebyside-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A767FF)
[Address] IAT @explorer.exe (ChangeTimerQueueTimer) : api-ms-win-core-threadpool-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6E072)
[Address] IAT @explorer.exe (DeleteTimerQueueTimer) : api-ms-win-core-threadpool-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7056D)
[Address] IAT @explorer.exe (CreateTimerQueueTimer) : api-ms-win-core-threadpool-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A705BA)
[Address] IAT @explorer.exe (QueueUserWorkItem) : api-ms-win-core-threadpool-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6E81C)
[Inline] EAT @explorer.exe (NtQueryLicenseValue) : ntdll.dll -> HOOKED (C:\Windows\System32\SLCHook.dll @ 0x71AF3B70)
[Inline] EAT @explorer.exe (ZwQueryLicenseValue) : ntdll.dll -> HOOKED (C:\Windows\System32\SLCHook.dll @ 0x71AF3B70)
[Inline] EAT @explorer.exe (GetModuleFileNameW) : KERNELBASE.dll -> HOOKED (C:\Windows\System32\SLCHook.dll @ 0x71AF4240)
[Inline] EAT @explorer.exe (SLIsWindowsGenuineLocal) : slc.dll -> HOOKED (C:\Windows\System32\SLCHook.dll @ 0x71AF3CC0)
[Inline] EAT @explorer.exe (SLIsGenuineLocalEx) : sppc.dll -> HOOKED (C:\Windows\System32\SLCHook.dll @ 0x71AF3CE0)
[Inline] EAT @firefox.exe (NtClose) : ntdll.dll -> HOOKED (C:\Program Files\Movies Toolbar\Datamngr\Datamngr.dll @ 0x65D57E00)
[Inline] EAT @firefox.exe (NtCreateFile) : ntdll.dll -> HOOKED (C:\Program Files\Movies Toolbar\Datamngr\Datamngr.dll @ 0x65D57C40)
[Inline] EAT @firefox.exe (NtFlushBuffersFile) : ntdll.dll -> HOOKED (C:\Program Files\Movies Toolbar\Datamngr\Datamngr.dll @ 0x65D77010)
[Inline] EAT @firefox.exe (NtLockFile) : ntdll.dll -> HOOKED (C:\Program Files\Movies Toolbar\Datamngr\Datamngr.dll @ 0x65D77100)
[Inline] EAT @firefox.exe (NtOpenFile) : ntdll.dll -> HOOKED (C:\Program Files\Movies Toolbar\Datamngr\Datamngr.dll @ 0x65D57BB0)
[Inline] EAT @firefox.exe (NtQueryInformationFile) : ntdll.dll -> HOOKED (C:\Program Files\Movies Toolbar\Datamngr\Datamngr.dll @ 0x65D57E80)
[Inline] EAT @firefox.exe (NtReadFile) : ntdll.dll -> HOOKED (C:\Program Files\Movies Toolbar\Datamngr\Datamngr.dll @ 0x65D57CE0)
[Inline] EAT @firefox.exe (NtSetInformationFile) : ntdll.dll -> HOOKED (C:\Program Files\Movies Toolbar\Datamngr\Datamngr.dll @ 0x65D57F10)
[Inline] EAT @firefox.exe (NtUnlockFile) : ntdll.dll -> HOOKED (C:\Program Files\Movies Toolbar\Datamngr\Datamngr.dll @ 0x65D77190)
[Inline] EAT @firefox.exe (NtWriteFile) : ntdll.dll -> HOOKED (C:\Program Files\Movies Toolbar\Datamngr\Datamngr.dll @ 0x65D57D70)
[Inline] EAT @firefox.exe (ZwClose) : ntdll.dll -> HOOKED (C:\Program Files\Movies Toolbar\Datamngr\Datamngr.dll @ 0x65D57E00)
[Inline] EAT @firefox.exe (ZwCreateFile) : ntdll.dll -> HOOKED (C:\Program Files\Movies Toolbar\Datamngr\Datamngr.dll @ 0x65D57C40)
[Inline] EAT @firefox.exe (ZwFlushBuffersFile) : ntdll.dll -> HOOKED (C:\Program Files\Movies Toolbar\Datamngr\Datamngr.dll @ 0x65D77010)
[Inline] EAT @firefox.exe (ZwLockFile) : ntdll.dll -> HOOKED (C:\Program Files\Movies Toolbar\Datamngr\Datamngr.dll @ 0x65D77100)
[Inline] EAT @firefox.exe (ZwOpenFile) : ntdll.dll -> HOOKED (C:\Program Files\Movies Toolbar\Datamngr\Datamngr.dll @ 0x65D57BB0)
[Inline] EAT @firefox.exe (ZwQueryInformationFile) : ntdll.dll -> HOOKED (C:\Program Files\Movies Toolbar\Datamngr\Datamngr.dll @ 0x65D57E80)
[Inline] EAT @firefox.exe (ZwReadFile) : ntdll.dll -> HOOKED (C:\Program Files\Movies Toolbar\Datamngr\Datamngr.dll @ 0x65D57CE0)
[Inline] EAT @firefox.exe (ZwSetInformationFile) : ntdll.dll -> HOOKED (C:\Program Files\Movies Toolbar\Datamngr\Datamngr.dll @ 0x65D57F10)
[Inline] EAT @firefox.exe (ZwUnlockFile) : ntdll.dll -> HOOKED (C:\Program Files\Movies Toolbar\Datamngr\Datamngr.dll @ 0x65D77190)
[Inline] EAT @firefox.exe (ZwWriteFile) : ntdll.dll -> HOOKED (C:\Program Files\Movies Toolbar\Datamngr\Datamngr.dll @ 0x65D57D70)
¤¤¤ Ruches Externes: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST320LT020-9YG142 +++++
--- User ---
[MBR] 8dc5458dce415143debfeb452e65627d
[BSP] c069ba1a7337231e562626d93a9fa0ec : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 350 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 718848 | Size: 161076 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 330602496 | Size: 143817 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[0]_S_02172014_173352.txt >>
mail : tigzyRK<at>gmail<dot>com
Remontees : https://forum.adlice.com/
Site Web : https://www.luanagames.com/index.fr.html
Blog : https://www.adlice.com/
Systeme d'exploitation : Windows 8 (6.2.9200 ) 32 bits version
Demarrage : Mode normal
Utilisateur : OLIVIER KONAN [Droits d'admin]
Mode : Recherche -- Date : 02/17/2014 17:33:52
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 1 ¤¤¤
[SUSP PATH][DLL] rundll32.exe -- C:\Users\OLIVIER KONAN\AppData\Roaming\newnext.me\nengine.dll [-] -> rundll32.exe TUÉ [TermProc]
¤¤¤ Entrees de registre : 38 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : iLivid ("C:\Users\OLIVIER KONAN\AppData\Local\iLivid\iLivid.exe" -autorun [x]) -> TROUVÉ
[RUN][SUSP PATH] HKCU\[...]\Run : NextLive (C:\Windows\system32\rundll32.exe "C:\Users\OLIVIER KONAN\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l [-][-][x]) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-4107783962-4124286572-2519654401-1001\[...]\Run : iLivid ("C:\Users\OLIVIER KONAN\AppData\Local\iLivid\iLivid.exe" -autorun [x]) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-4107783962-4124286572-2519654401-1001\[...]\Run : NextLive (C:\Windows\system32\rundll32.exe "C:\Users\OLIVIER KONAN\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l [-][-][x]) -> TROUVÉ
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:8888;hxxps=127.0.0.1:8888 [Country: , City: ]) -> TROUVÉ
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyEnable (1) -> TROUVÉ
[IFEO] HKLM\[...]\bitguard.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\bprotect.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\bpsvc.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\browsemngr.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\browserdefender.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\browsermngr.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\browserprotect.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\browsersafeguard.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\bundlesweetimsetup.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\cltmngsvc.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\delta babylon.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\delta tb.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\delta2.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\deltainstaller.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\deltasetup.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\deltatb.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\deltatb_2501-c733154b.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\dprotectsvc.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\iminentsetup.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\protectedsearch.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\rjatydimofu.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\searchprotection.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\searchprotector.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\snapdo.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\stinst32.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\stinst64.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\sweetimsetup.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\tbdelta.exetoolbar783881609.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[IFEO] HKLM\[...]\utiljumpflip.exe : Debugger (tasklist.exe [x]) -> TROUVÉ
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
[APPINIT][SUSP PATH] HKLM\[...]\Windows : AppInit_DLLs (C:\PROGRA~2\Wincert\WIN32C~1.DLL C:\PROGRA~1\MOVIES~1\Datamngr\mgrldr.dll [-][7]) -> TROUVÉ
¤¤¤ Tâches planifiées : 3 ¤¤¤
[V1][SUSP PATH] Bonanza.job : C:\Users\OLIVIE~1\AppData\Roaming\Bonanza\UPDATE~1\UPDATE~1.EXE - /Check [-] -> TROUVÉ
[V2][SUSP PATH] Bonanza : C:\Users\OLIVIE~1\AppData\Roaming\Bonanza\UPDATE~1\UPDATE~1.EXE - /Check [-] -> TROUVÉ
[V2][SUSP PATH] EPUpdater : C:\Users\OLIVIE~1\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [7] -> TROUVÉ
¤¤¤ Entrées Startup : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Addons navigateur : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [CHARGE] ¤¤¤
[Address] IAT @explorer.exe (CoTaskMemFree) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CA3700)
[Address] IAT @explorer.exe (CoInitializeEx) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CB9DF5)
[Address] IAT @explorer.exe (CoUninitialize) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CB963D)
[Address] IAT @explorer.exe (CreateStreamOnHGlobal) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CE97D7)
[Address] IAT @explorer.exe (CoGetApartmentType) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CBA9CD)
[Address] IAT @explorer.exe (CoWaitForMultipleHandles) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CE8B73)
[Address] IAT @explorer.exe (CoFreeUnusedLibraries) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CF2329)
[Address] IAT @explorer.exe (CoEnableCallCancellation) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CC6635)
[Address] IAT @explorer.exe (CoDisableCallCancellation) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CC666B)
[Address] IAT @explorer.exe (CoCancelCall) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76D4E323)
[Address] IAT @explorer.exe (StringFromGUID2) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CBA428)
[Address] IAT @explorer.exe (PropVariantClear) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CBAAF0)
[Address] IAT @explorer.exe (CoMarshalInterThreadInterfaceInStream) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CEF6D4)
[Address] IAT @explorer.exe (CoReleaseMarshalData) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CC96E2)
[Address] IAT @explorer.exe (CoCreateInstance) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CBC859)
[Address] IAT @explorer.exe (CoRevokeClassObject) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CF34F6)
[Address] IAT @explorer.exe (CoRegisterClassObject) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CF4757)
[Address] IAT @explorer.exe (CoGetInterfaceAndReleaseStream) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CEF684)
[Address] IAT @explorer.exe (CoGetMalloc) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CA3838)
[Address] IAT @explorer.exe (CoCreateFreeThreadedMarshaler) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CBD270)
[Address] IAT @explorer.exe (CoTaskMemAlloc) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CA37D7)
[Address] IAT @explorer.exe (CLSIDFromString) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CE8056)
[Address] IAT @explorer.exe (CoTaskMemRealloc) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CBAACA)
[Address] IAT @explorer.exe (InterlockedExchange) : api-ms-win-core-interlocked-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6CEF9)
[Address] IAT @explorer.exe (InterlockedIncrement) : api-ms-win-core-interlocked-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6CE9B)
[Address] IAT @explorer.exe (InterlockedCompareExchange) : api-ms-win-core-interlocked-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6CF0C)
[Address] IAT @explorer.exe (InterlockedDecrement) : api-ms-win-core-interlocked-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6CE8A)
[Address] IAT @explorer.exe (RegCreateKeyExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A8B580)
[Address] IAT @explorer.exe (RegEnumValueW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7C5C4)
[Address] IAT @explorer.exe (RegQueryInfoKeyW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7C171)
[Address] IAT @explorer.exe (RegQueryValueExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6FBB6)
[Address] IAT @explorer.exe (RegCloseKey) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6F832)
[Address] IAT @explorer.exe (RegOpenKeyExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6F625)
[Address] IAT @explorer.exe (RegGetValueW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7296A)
[Address] IAT @explorer.exe (RegOpenCurrentUser) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A763B3)
[Address] IAT @explorer.exe (RegEnumKeyExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7AA19)
[Address] IAT @explorer.exe (RegDeleteValueW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A81401)
[Address] IAT @explorer.exe (RegSetValueExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A8B72B)
[Address] IAT @explorer.exe (OpenProcessToken) : api-ms-win-core-processthreads-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6E647)
[Address] IAT @explorer.exe (OpenThreadToken) : api-ms-win-core-processthreads-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6E612)
[Address] IAT @explorer.exe (CloseHandle) : api-ms-win-core-handle-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6D140)
[Address] IAT @explorer.exe (DuplicateHandle) : api-ms-win-core-handle-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6DA22)
[Address] IAT @explorer.exe (SetUnhandledExceptionFilter) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A870D7)
[Address] IAT @explorer.exe (SetErrorMode) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A72EBF)
[Address] IAT @explorer.exe (GetLastError) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6CEEF)
[Address] IAT @explorer.exe (RaiseException) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A71F9B)
[Address] IAT @explorer.exe (UnhandledExceptionFilter) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74AF705F)
[Address] IAT @explorer.exe (WaitForSingleObject) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A62151)
[Address] IAT @explorer.exe (OpenMutexW) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7BACE)
[Address] IAT @explorer.exe (InitializeCriticalSectionEx) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A753BA)
[Address] IAT @explorer.exe (WaitForMultipleObjectsEx) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6CFBE)
[Address] IAT @explorer.exe (SetEvent) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6D08C)
[Address] IAT @explorer.exe (OpenEventW) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7229A)
[Address] IAT @explorer.exe (CreateEventW) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6D997)
[Address] IAT @explorer.exe (ResetEvent) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6D0B2)
[Address] IAT @explorer.exe (CreateMutexW) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A70EE1)
[Address] IAT @explorer.exe (ReleaseMutex) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A61005)
[Address] IAT @explorer.exe (Sleep) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A62284)
[Address] IAT @explorer.exe (CharNextW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7663E)
[Address] IAT @explorer.exe (CharUpperW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7695B)
[Address] IAT @explorer.exe (CharPrevW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A79AAC)
[Address] IAT @explorer.exe (CharLowerW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7E111)
[Address] IAT @explorer.exe (IsCharAlphaNumericW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7BDE7)
[Address] IAT @explorer.exe (HeapDestroy) : api-ms-win-core-heap-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A704F7)
[Address] IAT @explorer.exe (HeapSetInformation) : api-ms-win-core-heap-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7467B)
[Address] IAT @explorer.exe (GetProcessHeap) : api-ms-win-core-heap-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6CEB1)
[Address] IAT @explorer.exe (WideCharToMultiByte) : api-ms-win-core-string-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A71CCD)
[Address] IAT @explorer.exe (MultiByteToWideChar) : api-ms-win-core-string-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A70C61)
[Address] IAT @explorer.exe (CompareStringW) : api-ms-win-core-string-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6EC17)
[Address] IAT @explorer.exe (CompareStringOrdinal) : api-ms-win-core-string-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A77E2F)
[Address] IAT @explorer.exe (FreeLibrary) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6DD11)
[Address] IAT @explorer.exe (GetProcAddress) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6FCFE)
[Address] IAT @explorer.exe (LoadLibraryExW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7273E)
[Address] IAT @explorer.exe (LockResource) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6D7DF)
[Address] IAT @explorer.exe (GetModuleHandleW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6DC84)
[Address] IAT @explorer.exe (LoadResource) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A775B2)
[Address] IAT @explorer.exe (FindResourceExW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7748B)
[Address] IAT @explorer.exe (GetModuleFileNameW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6E0AF)
[Address] IAT @explorer.exe (FreeLibraryAndExitThread) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6E033)
[Address] IAT @explorer.exe (GetModuleHandleExW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A720DA)
[Address] IAT @explorer.exe (LoadStringW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A73BD1)
[Address] IAT @explorer.exe (GetModuleHandleA) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6E3CA)
[Address] IAT @explorer.exe (GetCurrentDirectoryW) : api-ms-win-core-processenvironment-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A754B6)
[Address] IAT @explorer.exe (GetCommandLineW) : api-ms-win-core-processenvironment-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A753E2)
[Address] IAT @explorer.exe (SearchPathW) : api-ms-win-core-processenvironment-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74ABC406)
[Address] IAT @explorer.exe (ExpandEnvironmentStringsW) : api-ms-win-core-processenvironment-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6EDE9)
[Address] IAT @explorer.exe (CallNtPowerInformation) : api-ms-win-power-base-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\powrprof.dll @ 0x748C1DCC)
[Address] IAT @explorer.exe (GetPwrCapabilities) : api-ms-win-power-base-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\powrprof.dll @ 0x748C367D)
[Address] IAT @explorer.exe (GetTokenInformation) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6E773)
[Address] IAT @explorer.exe (GetSidSubAuthority) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A76446)
[Address] IAT @explorer.exe (CreateWellKnownSid) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A82A05)
[Address] IAT @explorer.exe (GetLengthSid) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6E66F)
[Address] IAT @explorer.exe (IsValidSid) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6E6D5)
[Address] IAT @explorer.exe (CopySid) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6E688)
[Address] IAT @explorer.exe (GetSidSubAuthorityCount) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7645F)
[Address] IAT @explorer.exe (CheckTokenMembership) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A70329)
[Address] IAT @explorer.exe (PathCchAddExtension) : api-ms-win-core-path-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A9A8C1)
[Address] IAT @explorer.exe (PathCchCombine) : api-ms-win-core-path-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A786CF)
[Address] IAT @explorer.exe (PathCchAppend) : api-ms-win-core-path-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A811EC)
[Address] IAT @explorer.exe (GetLongPathNameW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A92C8D)
[Address] IAT @explorer.exe (ReadFile) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7384C)
[Address] IAT @explorer.exe (CreateFileW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A726CE)
[Address] IAT @explorer.exe (WriteFile) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6DA7F)
[Address] IAT @explorer.exe (GetFileSize) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A702B9)
[Address] IAT @explorer.exe (FindClose) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A74A48)
[Address] IAT @explorer.exe (CompareFileTime) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A71648)
[Address] IAT @explorer.exe (DeleteFileW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7402F)
[Address] IAT @explorer.exe (FindNextFileW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A74B4D)
[Address] IAT @explorer.exe (FindFirstFileW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A749EA)
[Address] IAT @explorer.exe (GetFileAttributesW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A72D76)
[Address] IAT @explorer.exe (GetTickCount64) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6D21E)
[Address] IAT @explorer.exe (GetTickCount) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6CE5B)
[Address] IAT @explorer.exe (GetProductInfo) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A8A3A1)
[Address] IAT @explorer.exe (GetVersionExW) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6EE47)
[Address] IAT @explorer.exe (GetSystemDirectoryW) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A743EE)
[Address] IAT @explorer.exe (GetSystemTimeAsFileTime) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6D306)
[Address] IAT @explorer.exe (GetSystemTime) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6ECE5)
[Address] IAT @explorer.exe (GetWindowsDirectoryW) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A769A0)
[Address] IAT @explorer.exe (GetLocalTime) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6F145)
[Address] IAT @explorer.exe (GetDynamicTimeZoneInformation) : api-ms-win-core-timezone-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74AB2B27)
[Address] IAT @explorer.exe (GetTimeZoneInformation) : api-ms-win-core-timezone-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A800B1)
[Address] IAT @explorer.exe (SystemTimeToFileTime) : api-ms-win-core-timezone-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A72141)
[Address] IAT @explorer.exe (GetTimeFormatEx) : api-ms-win-core-datetime-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A82599)
[Address] IAT @explorer.exe (GetDateFormatEx) : api-ms-win-core-datetime-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A825C9)
[Address] IAT @explorer.exe (GetDateFormatW) : api-ms-win-core-datetime-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A92516)
[Address] IAT @explorer.exe (MapViewOfFile) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A72BB9)
[Address] IAT @explorer.exe (VirtualAlloc) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6D3DD)
[Address] IAT @explorer.exe (UnmapViewOfFile) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6D2A3)
[Address] IAT @explorer.exe (CreateFileMappingW) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A72D4F)
[Address] IAT @explorer.exe (VirtualFree) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6DD5A)
[Address] IAT @explorer.exe (StrStrIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7F51E)
[Address] IAT @explorer.exe (StrTrimW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7DF67)
[Address] IAT @explorer.exe (StrCmpNICW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74ABD843)
[Address] IAT @explorer.exe (StrCmpNW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74ABCC6A)
[Address] IAT @explorer.exe (StrToIntW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74ABDD73)
[Address] IAT @explorer.exe (StrChrW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74ABD80F)
[Address] IAT @explorer.exe (StrCmpICW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74ABD76D)
[Address] IAT @explorer.exe (StrCmpNIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7F7C6)
[Address] IAT @explorer.exe (StrRStrIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74AB7664)
[Address] IAT @explorer.exe (StrCmpIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A943B9)
[Address] IAT @explorer.exe (SHLoadIndirectString) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7FB3B)
[Address] IAT @explorer.exe (StrChrIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A95923)
[Address] IAT @explorer.exe (StrCmpW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74ABCED7)
[Address] IAT @explorer.exe (StrCmpCW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A76B0D)
[Address] IAT @explorer.exe (QISearch) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6DEB8)
[Address] IAT @explorer.exe (StrCmpICA) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6DF6D)
[Address] IAT @explorer.exe (GetUserDefaultUILanguage) : api-ms-win-core-localization-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7172A)
[Address] IAT @explorer.exe (CoRegisterMessageFilter) : api-ms-win-core-com-private-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CE91D2)
[Address] IAT @explorer.exe (SHRegGetUSValueW) : api-ms-win-core-registryuserspecific-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A90829)
[Address] IAT @explorer.exe (SHRegGetBoolUSValueW) : api-ms-win-core-registryuserspecific-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A97F7A)
[Address] IAT @explorer.exe (PathRemoveExtensionW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A81111)
[Address] IAT @explorer.exe (PathIsFileSpecW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A974FF)
[Address] IAT @explorer.exe (PathGetDriveNumberW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74ABD9BF)
[Address] IAT @explorer.exe (PathRemoveFileSpecW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A9208C)
[Address] IAT @explorer.exe (PathCommonPrefixW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A80BFB)
[Address] IAT @explorer.exe (PathStripPathW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74AC26F0)
[Address] IAT @explorer.exe (PathStripToRootW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A9224C)
[Address] IAT @explorer.exe (PathFindExtensionW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A79964)
[Address] IAT @explorer.exe (PathQuoteSpacesW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74AB7B36)
[Address] IAT @explorer.exe (SHExpandEnvironmentStringsW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A79C9B)
[Address] IAT @explorer.exe (PathFileExistsW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A76B45)
[Address] IAT @explorer.exe (PathGetArgsW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74ABBE61)
[Address] IAT @explorer.exe (PathRemoveBlanksW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A8A588)
[Address] IAT @explorer.exe (PathFindFileNameW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74ABD899)
[Address] IAT @explorer.exe (PathCombineW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7E1CF)
[Address] IAT @explorer.exe (PathParseIconLocationW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74AC2A5F)
[Address] IAT @explorer.exe (PathIsRootW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7E367)
[Address] IAT @explorer.exe (PathIsPrefixW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A80D6E)
[Address] IAT @explorer.exe (RegCreateKeyW) : api-ms-win-core-registry-l2-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\advapi32.dll @ 0x7668879E)
[Address] IAT @explorer.exe (RoGetActivationFactory) : api-ms-win-core-winrt-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CF76B7)
[Address] IAT @explorer.exe (WindowsDeleteString) : api-ms-win-core-winrt-string-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CF1360)
[Address] IAT @explorer.exe (WindowsCreateString) : api-ms-win-core-winrt-string-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CF15A1)
[Address] IAT @explorer.exe (WindowsGetStringRawBuffer) : api-ms-win-core-winrt-string-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x76CF116D)
[Address] IAT @explorer.exe (GetLocaleInfoW) : api-ms-win-core-localization-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A73457)
[Address] IAT @explorer.exe (GetThreadUILanguage) : api-ms-win-core-localization-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A80B2D)
[Address] IAT @explorer.exe (QueryFullProcessImageNameW) : api-ms-win-core-psapi-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74ABE179)
[Address] IAT @explorer.exe (StopTraceW) : api-ms-win-eventing-controller-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74AB2934)
[Address] IAT @explorer.exe (EnableTraceEx2) : api-ms-win-eventing-controller-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74AA960E)
[Address] IAT @explorer.exe (StartTraceW) : api-ms-win-eventing-controller-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74AA9E6F)
[Address] IAT @explorer.exe (DeactivateActCtx) : api-ms-win-core-sidebyside-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7029B)
[Address] IAT @explorer.exe (ReleaseActCtx) : api-ms-win-core-sidebyside-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7025F)
[Address] IAT @explorer.exe (ActivateActCtx) : api-ms-win-core-sidebyside-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7027D)
[Address] IAT @explorer.exe (CreateActCtxW) : api-ms-win-core-sidebyside-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A767FF)
[Address] IAT @explorer.exe (ChangeTimerQueueTimer) : api-ms-win-core-threadpool-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6E072)
[Address] IAT @explorer.exe (DeleteTimerQueueTimer) : api-ms-win-core-threadpool-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A7056D)
[Address] IAT @explorer.exe (CreateTimerQueueTimer) : api-ms-win-core-threadpool-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A705BA)
[Address] IAT @explorer.exe (QueueUserWorkItem) : api-ms-win-core-threadpool-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74A6E81C)
[Inline] EAT @explorer.exe (NtQueryLicenseValue) : ntdll.dll -> HOOKED (C:\Windows\System32\SLCHook.dll @ 0x71AF3B70)
[Inline] EAT @explorer.exe (ZwQueryLicenseValue) : ntdll.dll -> HOOKED (C:\Windows\System32\SLCHook.dll @ 0x71AF3B70)
[Inline] EAT @explorer.exe (GetModuleFileNameW) : KERNELBASE.dll -> HOOKED (C:\Windows\System32\SLCHook.dll @ 0x71AF4240)
[Inline] EAT @explorer.exe (SLIsWindowsGenuineLocal) : slc.dll -> HOOKED (C:\Windows\System32\SLCHook.dll @ 0x71AF3CC0)
[Inline] EAT @explorer.exe (SLIsGenuineLocalEx) : sppc.dll -> HOOKED (C:\Windows\System32\SLCHook.dll @ 0x71AF3CE0)
[Inline] EAT @firefox.exe (NtClose) : ntdll.dll -> HOOKED (C:\Program Files\Movies Toolbar\Datamngr\Datamngr.dll @ 0x65D57E00)
[Inline] EAT @firefox.exe (NtCreateFile) : ntdll.dll -> HOOKED (C:\Program Files\Movies Toolbar\Datamngr\Datamngr.dll @ 0x65D57C40)
[Inline] EAT @firefox.exe (NtFlushBuffersFile) : ntdll.dll -> HOOKED (C:\Program Files\Movies Toolbar\Datamngr\Datamngr.dll @ 0x65D77010)
[Inline] EAT @firefox.exe (NtLockFile) : ntdll.dll -> HOOKED (C:\Program Files\Movies Toolbar\Datamngr\Datamngr.dll @ 0x65D77100)
[Inline] EAT @firefox.exe (NtOpenFile) : ntdll.dll -> HOOKED (C:\Program Files\Movies Toolbar\Datamngr\Datamngr.dll @ 0x65D57BB0)
[Inline] EAT @firefox.exe (NtQueryInformationFile) : ntdll.dll -> HOOKED (C:\Program Files\Movies Toolbar\Datamngr\Datamngr.dll @ 0x65D57E80)
[Inline] EAT @firefox.exe (NtReadFile) : ntdll.dll -> HOOKED (C:\Program Files\Movies Toolbar\Datamngr\Datamngr.dll @ 0x65D57CE0)
[Inline] EAT @firefox.exe (NtSetInformationFile) : ntdll.dll -> HOOKED (C:\Program Files\Movies Toolbar\Datamngr\Datamngr.dll @ 0x65D57F10)
[Inline] EAT @firefox.exe (NtUnlockFile) : ntdll.dll -> HOOKED (C:\Program Files\Movies Toolbar\Datamngr\Datamngr.dll @ 0x65D77190)
[Inline] EAT @firefox.exe (NtWriteFile) : ntdll.dll -> HOOKED (C:\Program Files\Movies Toolbar\Datamngr\Datamngr.dll @ 0x65D57D70)
[Inline] EAT @firefox.exe (ZwClose) : ntdll.dll -> HOOKED (C:\Program Files\Movies Toolbar\Datamngr\Datamngr.dll @ 0x65D57E00)
[Inline] EAT @firefox.exe (ZwCreateFile) : ntdll.dll -> HOOKED (C:\Program Files\Movies Toolbar\Datamngr\Datamngr.dll @ 0x65D57C40)
[Inline] EAT @firefox.exe (ZwFlushBuffersFile) : ntdll.dll -> HOOKED (C:\Program Files\Movies Toolbar\Datamngr\Datamngr.dll @ 0x65D77010)
[Inline] EAT @firefox.exe (ZwLockFile) : ntdll.dll -> HOOKED (C:\Program Files\Movies Toolbar\Datamngr\Datamngr.dll @ 0x65D77100)
[Inline] EAT @firefox.exe (ZwOpenFile) : ntdll.dll -> HOOKED (C:\Program Files\Movies Toolbar\Datamngr\Datamngr.dll @ 0x65D57BB0)
[Inline] EAT @firefox.exe (ZwQueryInformationFile) : ntdll.dll -> HOOKED (C:\Program Files\Movies Toolbar\Datamngr\Datamngr.dll @ 0x65D57E80)
[Inline] EAT @firefox.exe (ZwReadFile) : ntdll.dll -> HOOKED (C:\Program Files\Movies Toolbar\Datamngr\Datamngr.dll @ 0x65D57CE0)
[Inline] EAT @firefox.exe (ZwSetInformationFile) : ntdll.dll -> HOOKED (C:\Program Files\Movies Toolbar\Datamngr\Datamngr.dll @ 0x65D57F10)
[Inline] EAT @firefox.exe (ZwUnlockFile) : ntdll.dll -> HOOKED (C:\Program Files\Movies Toolbar\Datamngr\Datamngr.dll @ 0x65D77190)
[Inline] EAT @firefox.exe (ZwWriteFile) : ntdll.dll -> HOOKED (C:\Program Files\Movies Toolbar\Datamngr\Datamngr.dll @ 0x65D57D70)
¤¤¤ Ruches Externes: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST320LT020-9YG142 +++++
--- User ---
[MBR] 8dc5458dce415143debfeb452e65627d
[BSP] c069ba1a7337231e562626d93a9fa0ec : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 350 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 718848 | Size: 161076 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 330602496 | Size: 143817 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[0]_S_02172014_173352.txt >>
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
* Quitte tous tes programmes en cours
* Sous Vista/Seven , clique droit -> lancer en tant qu'administrateur
* Sinon lance simplement RogueKiller.exe
* Patiente pendant le pre-scan, clique sur Scan
* Vérifie que tous les éléments sont cochés puis clique sur Suppression
* Poste le rapport RKreport.txt présent sur le bureau.
* Sous Vista/Seven , clique droit -> lancer en tant qu'administrateur
* Sinon lance simplement RogueKiller.exe
* Patiente pendant le pre-scan, clique sur Scan
* Vérifie que tous les éléments sont cochés puis clique sur Suppression
* Poste le rapport RKreport.txt présent sur le bureau.
