Author Topic: multitude de rootkits (Read 12102 times)

iletet · « **on:** January 12, 2015, 02:01:43 PM »

bonjour, incapable d'analyser un rapport et de faire la différence entre les différentes lignes vertes et oranges apparaissant après un scan uniquement dans l'onglet anti rootkits et nullepart ailleurs est ce que quelqu'un peut analyser ce rapport et me dire s'il y a des lignes à supprimer ou sont ce uniquement des faux positifs? car mbar n'a rien détecté de malicieux.
j'ai des difficultés à demarrer mon pc et dois m'y reprendre à 20 fois pour que windows accroche, celà peut il venir d'ici ?
merci
désolé, je poste en 2 fois (trop de caracrères)

RogueKiller V10.1.2.0 (x64) [Jan 7 2015] par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Démarré en : Mode normal
Utilisateur : Jean Philippe [Administrateur]
Mode : Scan -- Date : 01/12/2015 11:48:21

¤¤¤ Processus : 0 ¤¤¤

¤¤¤ Registre : 0 ¤¤¤

¤¤¤ Tâches : 0 ¤¤¤

¤¤¤ Fichiers : 0 ¤¤¤

¤¤¤ Fichier Hosts : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 342 (Driver: Chargé) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\PxHlpa64 @ Unknown (\SystemRoot\system32\DRIVERS\gzflt.sys)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtDuplicateObject : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c20b5|jmp 0xffffffffffffe6b2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c2e29|jmp 0xffffffffffffdad2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c19c1|jmp 0xffffffffffffef9a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c1a29|jmp 0xffffffffffffef02|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSuspendThread : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c0351|jmp 0xffffffffffffe4ea|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetContextThread : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c0411|jmp 0xffffffffffffe87a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateSection : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c3845|jmp 0xffffffffffffcdc2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetInformationProcess : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c3049|jmp 0xffffffffffffda3a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtOpenProcess : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c21a9|jmp 0xffffffffffffe7e2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c10bd|jmp 0xffffffffffffd90a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetValueKey : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c3755|jmp 0xffffffffffffcc92|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c1e85|jmp 0xffffffffffffe912|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - RtlCreateProcessParametersEx : Unknown @ 0x73c407ae (jmp 0xfffffffffc681bf6|jmp 0xffffffffffffdc9a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtOpenSection : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c3989|jmp 0xffffffffffffce5a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateMutant : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c2f1d|jmp 0xffffffffffffcef2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtQueueApcThread : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c1f3d|jmp 0xffffffffffffe74a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c1065|jmp 0xffffffffffffeca2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x73c407ae (jmp 0xfffffffffd31acc2|jmp 0xffffffffffffe582|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - GetMessageA : Unknown @ 0x73c407ae (jmp 0xfffffffffcf5b866|jmp 0xffffffffffffd152|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - PostMessageA : Unknown @ 0x73c407ae (jmp 0xfffffffffcf4f9bf|jmp 0xffffffffffffd022|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - PostMessageW : Unknown @ 0x73c407ae (jmp 0xfffffffffcf5235c|jmp 0xffffffffffffcf8a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtVdmControl : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c14d9|jmp 0xffffffffffffd1ea|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - MoveFileExW : Unknown @ 0x73c407ae (jmp 0xfffffffffd329464|jmp 0xffffffffffffd612|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - GetMessageW : Unknown @ 0x73c407ae (jmp 0xfffffffffcf5bbef|jmp 0xffffffffffffd0ba|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetWinEventHook : Unknown @ 0x73c407ae (jmp 0xfffffffffcf533c8|jmp 0xffffffffffffe3ba|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetWindowsHookExW : Unknown @ 0x73c407ae (jmp 0xfffffffffcf4a1b6|jmp 0xffffffffffffedd2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) user32.dll - GetMessageW : Unknown @ 0x73c407ae (jmp 0xfffffffffcf5bbef|jmp 0xffffffffffffd0ba|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) user32.dll - SetWindowsHookExW : Unknown @ 0x73c407ae (jmp 0xfffffffffcf4a1b6|jmp 0xffffffffffffedd2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) user32.dll - PostMessageW : Unknown @ 0x73c407ae (jmp 0xfffffffffcf5235c|jmp 0xffffffffffffcf8a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtLoadDriver : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c1e15|jmp 0xffffffffffffd9a2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ADVAPI32.dll - OpenServiceW : Unknown @ 0x73c407ae (jmp 0xfffffffffd2359e5|jmp 0xffffffffffffe15a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ADVAPI32.dll - CloseServiceHandle : Unknown @ 0x73c407ae (jmp 0xfffffffffd22f1bd|jmp 0xffffffffffffdd32|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - GetStartupInfoA : Unknown @ 0x73c407ae (jmp 0xfffffffffd342509|jmp 0xffffffffffffd282|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSystemDebugControl : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c1af5|jmp 0xffffffffffffcd2a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSuspendProcess : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c0405|jmp 0xffffffffffffe452|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ADVAPI32.dll - CreateServiceW : Unknown @ 0x73c407ae (jmp 0xfffffffffd21b8f5|jmp 0xffffffffffffdb6a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ADVAPI32.dll - ChangeServiceConfigW : Unknown @ 0x73c407ae (jmp 0xfffffffffd1ff6c9|jmp 0xffffffffffffddca|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ADVAPI32.dll - DeleteService : Unknown @ 0x73c407ae (jmp 0xfffffffffd21b535|jmp 0xffffffffffffdefa|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ADVAPI32.dll - ControlService : Unknown @ 0x73c407ae (jmp 0xfffffffffd21b4b5|jmp 0xffffffffffffdf92|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtDuplicateObject : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c20b5|jmp 0xffffffffffffe6b2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c2e29|jmp 0xffffffffffffdad2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c19c1|jmp 0xffffffffffffef9a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c1a29|jmp 0xffffffffffffef02|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSuspendThread : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c0351|jmp 0xffffffffffffe4ea|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetContextThread : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c0411|jmp 0xffffffffffffe87a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateSection : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c3845|jmp 0xffffffffffffcdc2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetInformationProcess : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c3049|jmp 0xffffffffffffda3a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtOpenProcess : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c21a9|jmp 0xffffffffffffe7e2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c10bd|jmp 0xffffffffffffd90a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetValueKey : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c3755|jmp 0xffffffffffffcc92|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c1e85|jmp 0xffffffffffffe912|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - RtlCreateProcessParametersEx : Unknown @ 0x73c407ae (jmp 0xfffffffffc681bf6|jmp 0xffffffffffffdc9a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtOpenSection : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c3989|jmp 0xffffffffffffce5a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateMutant : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c2f1d|jmp 0xffffffffffffcef2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtQueueApcThread : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c1f3d|jmp 0xffffffffffffe74a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c1065|jmp 0xffffffffffffeca2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x73c407ae (jmp 0xfffffffffd31acc2|jmp 0xffffffffffffe582|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - GetMessageA : Unknown @ 0x73c407ae (jmp 0xfffffffffcf5b866|jmp 0xffffffffffffd152|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - PostMessageA : Unknown @ 0x73c407ae (jmp 0xfffffffffcf4f9bf|jmp 0xffffffffffffd022|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - PostMessageW : Unknown @ 0x73c407ae (jmp 0xfffffffffcf5235c|jmp 0xffffffffffffcf8a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtVdmControl : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c14d9|jmp 0xffffffffffffd1ea|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - MoveFileExW : Unknown @ 0x73c407ae (jmp 0xfffffffffd329464|jmp 0xffffffffffffd612|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - GetMessageW : Unknown @ 0x73c407ae (jmp 0xfffffffffcf5bbef|jmp 0xffffffffffffd0ba|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetWinEventHook : Unknown @ 0x73c407ae (jmp 0xfffffffffcf533c8|jmp 0xffffffffffffe3ba|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetWindowsHookExW : Unknown @ 0x73c407ae (jmp 0xfffffffffcf4a1b6|jmp 0xffffffffffffedd2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtLoadDriver : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c1e15|jmp 0xffffffffffffd9a2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetWindowsHookExA : Unknown @ 0x73c407ae (jmp 0xfffffffffcf493c5|jmp 0xffffffffffffee6a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ADVAPI32.dll - OpenServiceW : Unknown @ 0x73c407ae (jmp 0xfffffffffd2359e5|jmp 0xffffffffffffe15a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ADVAPI32.dll - CloseServiceHandle : Unknown @ 0x73c407ae (jmp 0xfffffffffd22f1bd|jmp 0xffffffffffffdd32|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtDuplicateObject : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c20b5|jmp 0xffffffffffffe6b2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c2e29|jmp 0xffffffffffffdad2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c19c1|jmp 0xffffffffffffef9a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c1a29|jmp 0xffffffffffffef02|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSuspendThread : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c0351|jmp 0xffffffffffffe4ea|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetContextThread : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c0411|jmp 0xffffffffffffe87a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateSection : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c3845|jmp 0xffffffffffffcdc2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetInformationProcess : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c3049|jmp 0xffffffffffffda3a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtOpenProcess : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c21a9|jmp 0xffffffffffffe7e2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c10bd|jmp 0xffffffffffffd90a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetValueKey : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c3755|jmp 0xffffffffffffcc92|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c1e85|jmp 0xffffffffffffe912|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - RtlCreateProcessParametersEx : Unknown @ 0x73c407ae (jmp 0xfffffffffc681bf6|jmp 0xffffffffffffdc9a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtOpenSection : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c3989|jmp 0xffffffffffffce5a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateMutant : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c2f1d|jmp 0xffffffffffffcef2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtQueueApcThread : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c1f3d|jmp 0xffffffffffffe74a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c1065|jmp 0xffffffffffffeca2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x73c407ae (jmp 0xfffffffffd31acc2|jmp 0xffffffffffffe582|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - GetMessageA : Unknown @ 0x73c407ae (jmp 0xfffffffffcf5b866|jmp 0xffffffffffffd152|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - PostMessageA : Unknown @ 0x73c407ae (jmp 0xfffffffffcf4f9bf|jmp 0xffffffffffffd022|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - PostMessageW : Unknown @ 0x73c407ae (jmp 0xfffffffffcf5235c|jmp 0xffffffffffffcf8a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtVdmControl : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c14d9|jmp 0xffffffffffffd1ea|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - MoveFileExW : Unknown @ 0x73c407ae (jmp 0xfffffffffd329464|jmp 0xffffffffffffd612|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - GetMessageW : Unknown @ 0x73c407ae (jmp 0xfffffffffcf5bbef|jmp 0xffffffffffffd0ba|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetWinEventHook : Unknown @ 0x73c407ae (jmp 0xfffffffffcf533c8|jmp 0xffffffffffffe3ba|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetWindowsHookExW : Unknown @ 0x73c407ae (jmp 0xfffffffffcf4a1b6|jmp 0xffffffffffffedd2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtLoadDriver : Unknown @ 0x73c407ae (jmp 0xfffffffffc6c1e15|jmp 0xffffffffffffd9a2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtDuplicateObject : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad20b5|jmp 0xffffffffffffe6b2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad2e29|jmp 0xffffffffffffdad2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad19c1|jmp 0xffffffffffffef9a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad1a29|jmp 0xffffffffffffef02|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSuspendThread : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad0351|jmp 0xffffffffffffe4ea|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetContextThread : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad0411|jmp 0xffffffffffffe87a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad3979|jmp 0xffffffffffffcbfa|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateSection : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad41c5|jmp 0xffffffffffffc442|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetInformationProcess : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad3049|jmp 0xffffffffffffda3a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtOpenProcess : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad21a9|jmp 0xffffffffffffe7e2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad10bd|jmp 0xffffffffffffd90a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetValueKey : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad40d5|jmp 0xffffffffffffc312|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateFile : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad3a2d|jmp 0xffffffffffffcaca|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad1e85|jmp 0xffffffffffffe912|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - RtlCreateProcessParametersEx : Unknown @ 0x5d0507ae (jmp 0xffffffffe5a91bf6|jmp 0xffffffffffffdc9a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtOpenSection : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad4309|jmp 0xffffffffffffc4da|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateMutant : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad389d|jmp 0xffffffffffffc572|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtQueueApcThread : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad1f3d|jmp 0xffffffffffffe74a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad1065|jmp 0xffffffffffffeca2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x5d0507ae (jmp 0xffffffffe672acc2|jmp 0xffffffffffffe582|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - GetMessageA : Unknown @ 0x5d0507ae (jmp 0xffffffffe636b866|jmp 0xffffffffffffd152|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - PostMessageA : Unknown @ 0x5d0507ae (jmp 0xffffffffe635f9bf|jmp 0xffffffffffffd022|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - PostMessageW : Unknown @ 0x5d0507ae (jmp 0xffffffffe636235c|jmp 0xffffffffffffcf8a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtVdmControl : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad14d9|jmp 0xffffffffffffd1ea|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - MoveFileExW : Unknown @ 0x5d0507ae (jmp 0xffffffffe6739464|jmp 0xffffffffffffd612|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - GetMessageW : Unknown @ 0x5d0507ae (jmp 0xffffffffe636bbef|jmp 0xffffffffffffd0ba|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetWinEventHook : Unknown @ 0x5d0507ae (jmp 0xffffffffe63633c8|jmp 0xffffffffffffe3ba|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetWindowsHookExW : Unknown @ 0x5d0507ae (jmp 0xffffffffe635a1b6|jmp 0xffffffffffffedd2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) WS2_32.dll - WSASend : Unknown @ 0x5d0507ae (jmp 0xffffffffe7dff32b|jmp 0xffffffffffffce5a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtLoadDriver : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad1e15|jmp 0xffffffffffffd9a2|call 0x1fe)

iletet · « **Reply #1 on:** January 12, 2015, 02:06:09 PM »

suite1 du rapport:

[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtDuplicateObject : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad20b5|jmp 0xffffffffffffe6b2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtTerminateProcess : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad2e29|jmp 0xffffffffffffdad2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad19c1|jmp 0xffffffffffffef9a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad1a29|jmp 0xffffffffffffef02|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtSuspendThread : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad0351|jmp 0xffffffffffffe4ea|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtSetContextThread : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad0411|jmp 0xffffffffffffe87a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtCreateSection : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad3975|jmp 0xffffffffffffcc92|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtSetInformationProcess : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad3049|jmp 0xffffffffffffda3a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtOpenProcess : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad21a9|jmp 0xffffffffffffe7e2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad10bd|jmp 0xffffffffffffd90a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtSetValueKey : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad3885|jmp 0xffffffffffffcb62|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtCreateFile : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad2c85|jmp 0xffffffffffffd872|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad1e85|jmp 0xffffffffffffe912|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - RtlCreateProcessParametersEx : Unknown @ 0x5d0507ae (jmp 0xffffffffe5a91bf6|jmp 0xffffffffffffdc9a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtOpenSection : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad3ab9|jmp 0xffffffffffffcd2a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtCreateMutant : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad304d|jmp 0xffffffffffffcdc2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtQueueApcThread : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad1f3d|jmp 0xffffffffffffe74a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad1065|jmp 0xffffffffffffeca2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x5d0507ae (jmp 0xffffffffe672acc2|jmp 0xffffffffffffe582|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - PostMessageW : Unknown @ 0x5d0507ae (jmp 0xffffffffe636248c|jmp 0xffffffffffffce5a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtVdmControl : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad1571|jmp 0xffffffffffffd152|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - GetMessageA : Unknown @ 0x5d0507ae (jmp 0xffffffffe636b996|jmp 0xffffffffffffd022|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - PostMessageA : Unknown @ 0x5d0507ae (jmp 0xffffffffe635faef|jmp 0xffffffffffffcef2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - GetMessageW : Unknown @ 0x5d0507ae (jmp 0xffffffffe636bd1f|jmp 0xffffffffffffcf8a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - SetWinEventHook : Unknown @ 0x5d0507ae (jmp 0xffffffffe63633c8|jmp 0xffffffffffffe3ba|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - SetWindowsHookExW : Unknown @ 0x5d0507ae (jmp 0xffffffffe635a1b6|jmp 0xffffffffffffedd2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.dll - MoveFileExW : Unknown @ 0x5d0507ae (jmp 0xffffffffe67394fc|jmp 0xffffffffffffd57a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtLoadDriver : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad1e15|jmp 0xffffffffffffd9a2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ADVAPI32.dll - OpenServiceW : Unknown @ 0x5d0507ae (jmp 0xffffffffe66459e5|jmp 0xffffffffffffe15a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ADVAPI32.dll - CloseServiceHandle : Unknown @ 0x5d0507ae (jmp 0xffffffffe663f1bd|jmp 0xffffffffffffdd32|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ADVAPI32.dll - CreateServiceW : Unknown @ 0x5d0507ae (jmp 0xffffffffe662b8f5|jmp 0xffffffffffffdb6a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ADVAPI32.dll - ChangeServiceConfigW : Unknown @ 0x5d0507ae (jmp 0xffffffffe660f6c9|jmp 0xffffffffffffddca|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ADVAPI32.dll - DeleteService : Unknown @ 0x5d0507ae (jmp 0xffffffffe662b535|jmp 0xffffffffffffdefa|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ADVAPI32.dll - ControlService : Unknown @ 0x5d0507ae (jmp 0xffffffffe662b4b5|jmp 0xffffffffffffdf92|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.dll - GetStartupInfoA : Unknown @ 0x5d0507ae (jmp 0xffffffffe67525a1|jmp 0xffffffffffffd1ea|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtDuplicateObject : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad20b5|jmp 0xffffffffffffe6b2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad2e29|jmp 0xffffffffffffdad2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad19c1|jmp 0xffffffffffffef9a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad1a29|jmp 0xffffffffffffef02|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSuspendThread : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad0351|jmp 0xffffffffffffe4ea|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetContextThread : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad0411|jmp 0xffffffffffffe87a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad3979|jmp 0xffffffffffffcbfa|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateSection : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad41c5|jmp 0xffffffffffffc442|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetInformationProcess : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad3049|jmp 0xffffffffffffda3a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtOpenProcess : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad21a9|jmp 0xffffffffffffe7e2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad10bd|jmp 0xffffffffffffd90a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetValueKey : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad40d5|jmp 0xffffffffffffc312|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateFile : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad3a2d|jmp 0xffffffffffffcaca|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad1e85|jmp 0xffffffffffffe912|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - RtlCreateProcessParametersEx : Unknown @ 0x5d0507ae (jmp 0xffffffffe5a91bf6|jmp 0xffffffffffffdc9a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtOpenSection : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad4309|jmp 0xffffffffffffc4da|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateMutant : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad389d|jmp 0xffffffffffffc572|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtQueueApcThread : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad1f3d|jmp 0xffffffffffffe74a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad1065|jmp 0xffffffffffffeca2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x5d0507ae (jmp 0xffffffffe672acc2|jmp 0xffffffffffffe582|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - GetMessageA : Unknown @ 0x5d0507ae (jmp 0xffffffffe636b866|jmp 0xffffffffffffd152|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - PostMessageA : Unknown @ 0x5d0507ae (jmp 0xffffffffe635f9bf|jmp 0xffffffffffffd022|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - PostMessageW : Unknown @ 0x5d0507ae (jmp 0xffffffffe636235c|jmp 0xffffffffffffcf8a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtVdmControl : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad14d9|jmp 0xffffffffffffd1ea|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - MoveFileExW : Unknown @ 0x5d0507ae (jmp 0xffffffffe6739464|jmp 0xffffffffffffd612|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - GetMessageW : Unknown @ 0x5d0507ae (jmp 0xffffffffe636bbef|jmp 0xffffffffffffd0ba|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetWinEventHook : Unknown @ 0x5d0507ae (jmp 0xffffffffe63633c8|jmp 0xffffffffffffe3ba|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetWindowsHookExW : Unknown @ 0x5d0507ae (jmp 0xffffffffe635a1b6|jmp 0xffffffffffffedd2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) WS2_32.dll - WSASend : Unknown @ 0x5d0507ae (jmp 0xffffffffe7dff32b|jmp 0xffffffffffffce5a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtLoadDriver : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad1e15|jmp 0xffffffffffffd9a2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtDuplicateObject : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad20b5|jmp 0xffffffffffffe6b2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad2e29|jmp 0xffffffffffffdad2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad19c1|jmp 0xffffffffffffef9a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad1a29|jmp 0xffffffffffffef02|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSuspendThread : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad0351|jmp 0xffffffffffffe4ea|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetContextThread : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad0411|jmp 0xffffffffffffe87a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad3979|jmp 0xffffffffffffcbfa|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateSection : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad41c5|jmp 0xffffffffffffc442|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetInformationProcess : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad3049|jmp 0xffffffffffffda3a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtOpenProcess : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad21a9|jmp 0xffffffffffffe7e2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad10bd|jmp 0xffffffffffffd90a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetValueKey : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad40d5|jmp 0xffffffffffffc312|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateFile : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad3a2d|jmp 0xffffffffffffcaca|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad1e85|jmp 0xffffffffffffe912|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - RtlCreateProcessParametersEx : Unknown @ 0x5d0507ae (jmp 0xffffffffe5a91bf6|jmp 0xffffffffffffdc9a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtOpenSection : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad4309|jmp 0xffffffffffffc4da|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateMutant : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad389d|jmp 0xffffffffffffc572|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtQueueApcThread : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad1f3d|jmp 0xffffffffffffe74a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad1065|jmp 0xffffffffffffeca2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x5d0507ae (jmp 0xffffffffe672acc2|jmp 0xffffffffffffe582|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - GetMessageA : Unknown @ 0x5d0507ae (jmp 0xffffffffe636b866|jmp 0xffffffffffffd152|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - PostMessageA : Unknown @ 0x5d0507ae (jmp 0xffffffffe635f9bf|jmp 0xffffffffffffd022|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - PostMessageW : Unknown @ 0x5d0507ae (jmp 0xffffffffe636235c|jmp 0xffffffffffffcf8a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtVdmControl : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad14d9|jmp 0xffffffffffffd1ea|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - MoveFileExW : Unknown @ 0x5d0507ae (jmp 0xffffffffe6739464|jmp 0xffffffffffffd612|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - GetMessageW : Unknown @ 0x5d0507ae (jmp 0xffffffffe636bbef|jmp 0xffffffffffffd0ba|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetWinEventHook : Unknown @ 0x5d0507ae (jmp 0xffffffffe63633c8|jmp 0xffffffffffffe3ba|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetWindowsHookExW : Unknown @ 0x5d0507ae (jmp 0xffffffffe635a1b6|jmp 0xffffffffffffedd2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) WS2_32.dll - WSASend : Unknown @ 0x5d0507ae (jmp 0xffffffffe7dff32b|jmp 0xffffffffffffce5a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtLoadDriver : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad1e15|jmp 0xffffffffffffd9a2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtDuplicateObject : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad20b5|jmp 0xffffffffffffe6b2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad2e29|jmp 0xffffffffffffdad2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad19c1|jmp 0xffffffffffffef9a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad1a29|jmp 0xffffffffffffef02|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSuspendThread : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad0351|jmp 0xffffffffffffe4ea|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetContextThread : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad0411|jmp 0xffffffffffffe87a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad3979|jmp 0xffffffffffffcbfa|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateSection : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad41c5|jmp 0xffffffffffffc442|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetInformationProcess : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad3049|jmp 0xffffffffffffda3a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtOpenProcess : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad21a9|jmp 0xffffffffffffe7e2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad10bd|jmp 0xffffffffffffd90a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetValueKey : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad40d5|jmp 0xffffffffffffc312|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateFile : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad3a2d|jmp 0xffffffffffffcaca|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad1e85|jmp 0xffffffffffffe912|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - RtlCreateProcessParametersEx : Unknown @ 0x5d0507ae (jmp 0xffffffffe5a91bf6|jmp 0xffffffffffffdc9a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtOpenSection : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad4309|jmp 0xffffffffffffc4da|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateMutant : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad389d|jmp 0xffffffffffffc572|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtQueueApcThread : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad1f3d|jmp 0xffffffffffffe74a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad1065|jmp 0xffffffffffffeca2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x5d0507ae (jmp 0xffffffffe672acc2|jmp 0xffffffffffffe582|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - GetMessageA : Unknown @ 0x5d0507ae (jmp 0xffffffffe636b866|jmp 0xffffffffffffd152|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - PostMessageA : Unknown @ 0x5d0507ae (jmp 0xffffffffe635f9bf|jmp 0xffffffffffffd022|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - PostMessageW : Unknown @ 0x5d0507ae (jmp 0xffffffffe636235c|jmp 0xffffffffffffcf8a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtVdmControl : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad14d9|jmp 0xffffffffffffd1ea|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - MoveFileExW : Unknown @ 0x5d0507ae (jmp 0xffffffffe6739464|jmp 0xffffffffffffd612|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - GetMessageW : Unknown @ 0x5d0507ae (jmp 0xffffffffe636bbef|jmp 0xffffffffffffd0ba|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetWinEventHook : Unknown @ 0x5d0507ae (jmp 0xffffffffe63633c8|jmp 0xffffffffffffe3ba|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetWindowsHookExW : Unknown @ 0x5d0507ae (jmp 0xffffffffe635a1b6|jmp 0xffffffffffffedd2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) WS2_32.dll - WSASend : Unknown @ 0x5d0507ae (jmp 0xffffffffe7dff32b|jmp 0xffffffffffffce5a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtLoadDriver : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad1e15|jmp 0xffffffffffffd9a2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtDuplicateObject : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad20b5|jmp 0xffffffffffffe6b2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad2e29|jmp 0xffffffffffffdad2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad19c1|jmp 0xffffffffffffef9a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad1a29|jmp 0xffffffffffffef02|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSuspendThread : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad0351|jmp 0xffffffffffffe4ea|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetContextThread : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad0411|jmp 0xffffffffffffe87a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad3979|jmp 0xffffffffffffcbfa|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateSection : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad41c5|jmp 0xffffffffffffc442|call 0x1fe)

iletet · « **Reply #2 on:** January 12, 2015, 02:06:54 PM »

suite2:

[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetInformationProcess : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad3049|jmp 0xffffffffffffda3a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtOpenProcess : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad21a9|jmp 0xffffffffffffe7e2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad10bd|jmp 0xffffffffffffd90a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetValueKey : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad40d5|jmp 0xffffffffffffc312|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateFile : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad3a2d|jmp 0xffffffffffffcaca|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad1e85|jmp 0xffffffffffffe912|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - RtlCreateProcessParametersEx : Unknown @ 0x5d0507ae (jmp 0xffffffffe5a91bf6|jmp 0xffffffffffffdc9a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtOpenSection : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad4309|jmp 0xffffffffffffc4da|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateMutant : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad389d|jmp 0xffffffffffffc572|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtQueueApcThread : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad1f3d|jmp 0xffffffffffffe74a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad1065|jmp 0xffffffffffffeca2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x5d0507ae (jmp 0xffffffffe672acc2|jmp 0xffffffffffffe582|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - GetMessageA : Unknown @ 0x5d0507ae (jmp 0xffffffffe636b866|jmp 0xffffffffffffd152|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - PostMessageA : Unknown @ 0x5d0507ae (jmp 0xffffffffe635f9bf|jmp 0xffffffffffffd022|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - PostMessageW : Unknown @ 0x5d0507ae (jmp 0xffffffffe636235c|jmp 0xffffffffffffcf8a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtVdmControl : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad14d9|jmp 0xffffffffffffd1ea|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - MoveFileExW : Unknown @ 0x5d0507ae (jmp 0xffffffffe6739464|jmp 0xffffffffffffd612|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - GetMessageW : Unknown @ 0x5d0507ae (jmp 0xffffffffe636bbef|jmp 0xffffffffffffd0ba|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetWinEventHook : Unknown @ 0x5d0507ae (jmp 0xffffffffe63633c8|jmp 0xffffffffffffe3ba|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetWindowsHookExW : Unknown @ 0x5d0507ae (jmp 0xffffffffe635a1b6|jmp 0xffffffffffffedd2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) WS2_32.dll - WSASend : Unknown @ 0x5d0507ae (jmp 0xffffffffe7dff32b|jmp 0xffffffffffffce5a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtLoadDriver : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad1e15|jmp 0xffffffffffffd9a2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtDuplicateObject : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad20b5|jmp 0xffffffffffffe6b2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad2e29|jmp 0xffffffffffffdad2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad19c1|jmp 0xffffffffffffef9a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad1a29|jmp 0xffffffffffffef02|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSuspendThread : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad0351|jmp 0xffffffffffffe4ea|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetContextThread : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad0411|jmp 0xffffffffffffe87a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad3979|jmp 0xffffffffffffcbfa|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateSection : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad41c5|jmp 0xffffffffffffc442|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetInformationProcess : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad3049|jmp 0xffffffffffffda3a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtOpenProcess : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad21a9|jmp 0xffffffffffffe7e2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad10bd|jmp 0xffffffffffffd90a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetValueKey : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad40d5|jmp 0xffffffffffffc312|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateFile : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad3a2d|jmp 0xffffffffffffcaca|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad1e85|jmp 0xffffffffffffe912|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - RtlCreateProcessParametersEx : Unknown @ 0x5d0507ae (jmp 0xffffffffe5a91bf6|jmp 0xffffffffffffdc9a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtOpenSection : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad4309|jmp 0xffffffffffffc4da|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateMutant : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad389d|jmp 0xffffffffffffc572|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtQueueApcThread : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad1f3d|jmp 0xffffffffffffe74a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad1065|jmp 0xffffffffffffeca2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x5d0507ae (jmp 0xffffffffe672acc2|jmp 0xffffffffffffe582|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - GetMessageA : Unknown @ 0x5d0507ae (jmp 0xffffffffe636b866|jmp 0xffffffffffffd152|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - PostMessageA : Unknown @ 0x5d0507ae (jmp 0xffffffffe635f9bf|jmp 0xffffffffffffd022|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - PostMessageW : Unknown @ 0x5d0507ae (jmp 0xffffffffe636235c|jmp 0xffffffffffffcf8a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtVdmControl : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad14d9|jmp 0xffffffffffffd1ea|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - MoveFileExW : Unknown @ 0x5d0507ae (jmp 0xffffffffe6739464|jmp 0xffffffffffffd612|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - GetMessageW : Unknown @ 0x5d0507ae (jmp 0xffffffffe636bbef|jmp 0xffffffffffffd0ba|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetWinEventHook : Unknown @ 0x5d0507ae (jmp 0xffffffffe63633c8|jmp 0xffffffffffffe3ba|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetWindowsHookExW : Unknown @ 0x5d0507ae (jmp 0xffffffffe635a1b6|jmp 0xffffffffffffedd2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) WS2_32.dll - WSASend : Unknown @ 0x5d0507ae (jmp 0xffffffffe7dff32b|jmp 0xffffffffffffce5a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtLoadDriver : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad1e15|jmp 0xffffffffffffd9a2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtDuplicateObject : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad20b5|jmp 0xffffffffffffe6b2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad2e29|jmp 0xffffffffffffdad2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad19c1|jmp 0xffffffffffffef9a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad1a29|jmp 0xffffffffffffef02|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSuspendThread : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad0351|jmp 0xffffffffffffe4ea|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetContextThread : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad0411|jmp 0xffffffffffffe87a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad3979|jmp 0xffffffffffffcbfa|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateSection : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad41c5|jmp 0xffffffffffffc442|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetInformationProcess : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad3049|jmp 0xffffffffffffda3a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtOpenProcess : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad21a9|jmp 0xffffffffffffe7e2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad10bd|jmp 0xffffffffffffd90a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetValueKey : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad40d5|jmp 0xffffffffffffc312|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateFile : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad3a2d|jmp 0xffffffffffffcaca|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad1e85|jmp 0xffffffffffffe912|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - RtlCreateProcessParametersEx : Unknown @ 0x5d0507ae (jmp 0xffffffffe5a91bf6|jmp 0xffffffffffffdc9a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtOpenSection : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad4309|jmp 0xffffffffffffc4da|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateMutant : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad389d|jmp 0xffffffffffffc572|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtQueueApcThread : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad1f3d|jmp 0xffffffffffffe74a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad1065|jmp 0xffffffffffffeca2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x5d0507ae (jmp 0xffffffffe672acc2|jmp 0xffffffffffffe582|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - GetMessageA : Unknown @ 0x5d0507ae (jmp 0xffffffffe636b866|jmp 0xffffffffffffd152|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - PostMessageA : Unknown @ 0x5d0507ae (jmp 0xffffffffe635f9bf|jmp 0xffffffffffffd022|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - PostMessageW : Unknown @ 0x5d0507ae (jmp 0xffffffffe636235c|jmp 0xffffffffffffcf8a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtVdmControl : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad14d9|jmp 0xffffffffffffd1ea|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - MoveFileExW : Unknown @ 0x5d0507ae (jmp 0xffffffffe6739464|jmp 0xffffffffffffd612|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - GetMessageW : Unknown @ 0x5d0507ae (jmp 0xffffffffe636bbef|jmp 0xffffffffffffd0ba|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetWinEventHook : Unknown @ 0x5d0507ae (jmp 0xffffffffe63633c8|jmp 0xffffffffffffe3ba|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetWindowsHookExW : Unknown @ 0x5d0507ae (jmp 0xffffffffe635a1b6|jmp 0xffffffffffffedd2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) WS2_32.dll - WSASend : Unknown @ 0x5d0507ae (jmp 0xffffffffe7dff32b|jmp 0xffffffffffffce5a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtLoadDriver : Unknown @ 0x5d0507ae (jmp 0xffffffffe5ad1e15|jmp 0xffffffffffffd9a2|call 0x1fe)

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: +++++

Curson · « **Reply #3 on:** January 12, 2015, 03:59:20 PM »

Bonjour iletet,

Bienvenue sur le forum Adlice.
Ton rapport est incomplet. Peux-tu en poster la dernière partie (à partir de "¤¤¤ Vérification MBR : ¤¤¤") ?
Peux-tu préciser exactement ce que tu veux dire par "pour que windows accroche" ?

Meilleures salutations.

Tigzy · « **Reply #4 on:** January 12, 2015, 04:14:08 PM »

Bonjour,
Désolé d'intervenir

1/ Pour la suite, merci d'heberger le rapport plutôt que copier/coller son contenu (trop gros)
2/ Télécharger la version DEBUG: www.sur-la-toile.com/RogueKiller/RogueKiller_DEBUG.exe
3/ La lancer, et récupérer le rapport, l'heberger ici;

Cette version va nous donner la stack complète pour les hooks EAT, selon moi ils sont légitimes.

iletet · « **Reply #5 on:** January 13, 2015, 09:52:26 AM »

bonjour,
Pour tizgi,ok je suis en train de lancer une version debug, par contre je ne comprends pas bien la différence entre héberger un rapport et copier/coller

Par ailleurs, effectivement je croyais avoir tout envoyé, mais il restait une partie, la voici.

Quand je dis que windows n'accroche pas ,c'est que je n'éteinds jamais mon ordi, et même que maintenant j'évite de le faire même quand un logiciel me le demande car je mets parfois une demi journée à le rallumer après 10 ou 20 essais .j'y arrive jusqu'à present toujours mais le plus souvent c'est une page noire qui s'ouvre immédiatement puis après RGB l'ordi travaille très longtemps, je l'entends mais j'abandonne souvent avant et relance au bout de 10,20,30 mn ou même 1h car rien n'a évolué , l'ordi travaille toujours très lentement.
j'oubliais de dire que je suis obligé d'éteindre mon ordi en force car windows installe 4 ou 5 mises à jour, or je puis laisser une nuit complète, ce message reste toujours , l'ordi ne s'éteignant pas.
L'ordi à 3 ans, windows7 et bitdefender payant (qui d'ailleurs me demande quasiment à chaque fois de faire des mises à jour critiques (4 ) ce que je fais chaque fois (tous les jour ou 2 jours)

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 3696720322f1c653de67ce9ed57ebd69
[BSP] 8dfad39ee47c9968e74c8f12e9c854f3 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 185899 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 380928000 | Size: 1721727 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 8b3a6e35e5ec9646f5f67fb425c849f4
[BSP] 8964226e3ebc14fb0e08f6aab0658c4e : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 476940 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )

============================================
RKreport_DEL_06212014_034903.log - RKreport_DEL_06212014_042655.log - RKreport_DEL_06232014_021411.log - RKreport_DEL_06232014_210526.log
RKreport_DEL_06262014_111514.log - RKreport_DEL_06262014_121929.log - RKreport_DEL_06282014_141444.log - RKreport_DEL_07012014_143228.log
RKreport_DEL_07032014_005939.log - RKreport_DEL_07102014_193659.log - RKreport_DEL_07102014_222236.log - RKreport_DEL_07212014_162010.log
RKreport_DEL_07242014_095554.log - RKreport_DEL_07252014_155254.log - RKreport_DEL_08042014_011549.log - RKreport_DEL_08122014_142750.log
RKreport_DEL_08192014_084216.log - RKreport_DEL_08312014_202517.log - RKreport_DEL_09082014_081222.log - RKreport_DEL_09092014_230809.log
RKreport_DEL_09152014_184826.log - RKreport_DEL_09202014_191136.log - RKreport_DEL_09282014_234749.log - RKreport_DEL_10062014_085151.log
RKreport_DEL_10232014_153015.log - RKreport_DEL_10252014_125749.log - RKreport_DEL_10312014_203542.log - RKreport_DEL_11032014_095342.log
RKreport_DEL_11072014_073831.log - RKreport_DEL_11082014_005802.log - RKreport_DEL_11082014_125904.log - RKreport_DEL_11162014_154049.log
RKreport_DEL_12302014_165405.log - RKreport_SCN_01042015_120718.log - RKreport_SCN_01052015_103748.log - RKreport_SCN_01122015_095831.log
RKreport_SCN_06212014_033620.log - RKreport_SCN_06212014_041351.log - RKreport_SCN_06232014_021221.log - RKreport_SCN_06232014_201606.log
RKreport_SCN_06262014_110940.log - RKreport_SCN_06262014_113151.log - RKreport_SCN_06282014_123917.log - RKreport_SCN_07012014_141229.log
RKreport_SCN_07022014_184006.log - RKreport_SCN_07052014_075730.log - RKreport_SCN_07102014_190529.log - RKreport_SCN_07102014_195125.log
RKreport_SCN_07212014_134614.log - RKreport_SCN_07232014_173849.log - RKreport_SCN_07252014_122202.log - RKreport_SCN_08042014_004326.log
RKreport_SCN_08052014_140511.log - RKreport_SCN_08082014_182324.log - RKreport_SCN_08122014_140745.log - RKreport_SCN_08182014_235302.log
RKreport_SCN_08212014_222758.log - RKreport_SCN_08312014_193701.log - RKreport_SCN_09082014_001141.log - RKreport_SCN_09092014_122140.log
RKreport_SCN_09152014_172354.log - RKreport_SCN_09202014_181749.log - RKreport_SCN_09202014_183006.log - RKreport_SCN_09282014_234419.log
RKreport_SCN_10062014_085119.log - RKreport_SCN_10232014_143543.log - RKreport_SCN_10252014_125338.log - RKreport_SCN_10312014_193601.log
RKreport_SCN_11012014_103016.log - RKreport_SCN_11012014_124553.log - RKreport_SCN_11032014_094757.log - RKreport_SCN_11072014_073751.log
RKreport_SCN_11082014_005639.log - RKreport_SCN_11082014_123231.log - RKreport_SCN_11082014_132317.log - RKreport_SCN_11102014_110820.log
RKreport_SCN_11142014_022109.log - RKreport_SCN_11162014_153310.log - RKreport_SCN_11162014_155541.log - RKreport_SCN_11172014_113605.log
RKreport_SCN_11222014_151340.log - RKreport_SCN_11292014_192741.log - RKreport_SCN_12042014_010030.log - RKreport_SCN_12082014_153030.log
RKreport_SCN_12092014_104225.log - RKreport_SCN_12262014_190859.log - RKreport_SCN_12302014_165342.log

Tigzy · « **Reply #6 on:** January 13, 2015, 10:10:21 AM »

La différence entre copier/coller et héberger, c'est que tu as un moyen d'heberger des fichiers:
C'est mieux car cela ne prend pas 3-4 posts sur le forum.

Tu as fait la version debug?

iletet · « **Reply #7 on:** January 13, 2015, 10:29:02 AM »

oui, le scan vien de se terminer, et je crois avoir compris que je puis envoyer le rapport en pièce jointe , j'essaie donc de l'envoyer.
Impossible d'envoyer des fichiers .log tel que le rapport s'enregistre automatiquement,
je vais donc le mettre en word et rééssayer
extensions refusées
j'essaie donc en enlevant l'extension
impossible
désolé

iletet · « **Reply #8 on:** January 13, 2015, 10:38:07 AM »

j'étais sous docx et apparemment je ne puis mettre en pièce jointe que des pièces jointes sous doc, donc après modification de l'extension, après mise en place du convertisseur, j'essaie de nouveau

Tigzy · « **Reply #9 on:** January 13, 2015, 02:12:56 PM »

Merci pour le rapport.

Je laisse Curson coutninuer si tu as des questions.

EDIT: Il ne s'agit à priori pas de quelque chose de légitime.
Il faudrait un dump complet du processus chrome.exe pour confirmer. (Avec process hacker par exemple)

iletet · « **Reply #10 on:** January 15, 2015, 03:30:47 PM »

bonjour,
je n'ai pas de nouvelle de curson qui m'avait demandé d'envoyer la dernière partie
Donc, si je résume, il semble y avoir des lignes illégitimes, n'est il donc pas plus prudent de tout virer (tous les rootkits)

j'ai installé proccess hacker je n'arrive pas à faire de bilan final, mais je suis surpris car sur les 8G de mémoire vive de mon ordi, sans ouvrir de fenêtre , le minimum que j'ai eu d'activité, c'est à l'instant juste après un redémarrage demandé par une mise à jour bitdefender ( encore un peu fastidieux 6 essais) c'est 2,5G d'activité, généralement c'est systématiquement environ 5G.

Curson · « **Reply #11 on:** January 16, 2015, 03:14:06 PM »

Bonjour iletet,

Nous aurions besoin du dump mémoire pour avancer.
Obtiens-tu un message d'erreur ? As-tu bien utilisé l'option "Create dump file..." sur le processus chrome.exe ?

Merci de scanner le fichier ci-dessous sur VirusTotal :

Quote

C:\Windows\system32\DRIVERS\gzflt.sys

Copie/colle le rapport de scan dans ton prochain message.

Meilleures salutations.

Author Topic: multitude de rootkits (Read 12102 times)

iletet

multitude de rootkits

iletet

Re: multitude de rootkits

iletet

Re: multitude de rootkits

Curson

Re: multitude de rootkits

Tigzy

Re: multitude de rootkits

iletet

Re: multitude de rootkits

Tigzy

Re: multitude de rootkits

iletet

Re: multitude de rootkits

iletet

Re: multitude de rootkits

Tigzy

Re: multitude de rootkits

iletet

Re: multitude de rootkits

Curson

Re: multitude de rootkits