RogueKiller a detecté plusieurs hook IAT/EAT

Aide à la désinfection pour supprimer les virus, adwares, ransomwares, trojans.

Modérateurs : Mods Windows, Helper

flamby40

RogueKiller a detecté plusieurs hook IAT/EAT

par flamby40 »

Bonjour,

Voici le rapport de mon scan est-ce des Hooks IAT légitimes ? Par avance merci ;)

Code : Tout sélectionner

RogueKiller V10.11.0.0 (x64) [Oct 12 2015] par Adlice Software

Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
¤¤¤ Processus : 0 ¤¤¤
¤¤¤ Registre : 0 ¤¤¤
¤¤¤ Tâches : 0 ¤¤¤
¤¤¤ Fichiers : 0 ¤¤¤
¤¤¤ Fichier Hosts : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 74 (Driver: Chargé) ¤¤¤
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll!NtSetSystemInformation : Unknown @ 0x77ce01f0 (jmp 0x161150|call 0xfffffffffffffda0|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtWriteVirtualMemory : Unknown @ 0x77ce03b0 (jmp 0x162660|call 0xfffffffffffffbe0|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtDuplicateObject : Unknown @ 0x77ce0390 (jmp 0x162620|call 0xfffffffffffffc00|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtCreateEvent : Unknown @ 0x77ce02d0 (jmp 0x1624a0|call 0xfffffffffffffcc0|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtNotifyChangeKey : Unknown @ 0x77ce0490 (jmp 0x161c00|call 0xfffffffffffffb00|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtTerminateProcess : Unknown @ 0x77ce03e0 (jmp 0x162770|call 0xfffffffffffffbb0|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtOpenEvent : Unknown @ 0x77ce02e0 (jmp 0x162530|call 0xfffffffffffffcb0|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtAssignProcessToJobObject : Unknown @ 0x77ce03a0 (jmp 0x162170|call 0xfffffffffffffbf0|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtSetContextThread : Unknown @ 0x77ce0400 (jmp 0x161520|call 0xfffffffffffffb90|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtCreateSection : Unknown @ 0x77ce0310 (jmp 0x1624c0|call 0xfffffffffffffc70|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtOpenProcess : Unknown @ 0x77ce0370 (jmp 0x162760|call 0xfffffffffffffc10|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtNotifyChangeMultipleKeys : Unknown @ 0x77ce04a0 (jmp 0x161c00|call 0xfffffffffffffaf0|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtQueryObject : Unknown @ 0x77ce0450 (jmp 0x1629a0|call 0xfffffffffffffb40|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateIoCompletion : Unknown @ 0x77ce0350 (jmp 0x162030|call 0xfffffffffffffc30|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenSection : Unknown @ 0x77ce0320 (jmp 0x162600|call 0xfffffffffffffc60|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateSemaphore : Unknown @ 0x77ce02b0 (jmp 0x161ea0|call 0xfffffffffffffce0|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenSemaphore : Unknown @ 0x77ce02c0 (jmp 0x161930|call 0xfffffffffffffcd0|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateMutant : Unknown @ 0x77ce0290 (jmp 0x161f10|call 0xfffffffffffffd00|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenMutant : Unknown @ 0x77ce02a0 (jmp 0x161960|call 0xfffffffffffffcf0|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateTimer : Unknown @ 0x77ce0330 (jmp 0x161ef0|call 0xfffffffffffffc50|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenTimer : Unknown @ 0x77ce0340 (jmp 0x161970|call 0xfffffffffffffc40|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateThreadEx : Unknown @ 0x77ce03d0 (jmp 0x161fa0|call 0xfffffffffffffbc0|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtTerminateThread : Unknown @ 0x77ce03f0 (jmp 0x162510|call 0xfffffffffffffba0|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenThread : Unknown @ 0x77ce0380 (jmp 0x1619c0|call 0xfffffffffffffc10|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtSuspendThread : Unknown @ 0x77ce0430 (jmp 0x1612a0|call 0xfffffffffffffb60|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ rpcrt4.dll) ntdll!NtAlpcSendWaitReceivePort : Unknown @ 0x77ce0480 (jmp 0x162280|call 0xfffffffffffffb10|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ rpcrt4.dll) ntdll!NtQueueApcThreadEx : Unknown @ 0x77ce0440 (jmp 0x161780|call 0xfffffffffffffb50|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ gdi32.dll) ntdll!NtVdmControl : Unknown @ 0x77ce0280 (jmp 0x161000|call 0xfffffffffffffd10|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ ws2_32.dll) ntdll!NtLoadDriver : Unknown @ 0x77ce01e0 (jmp 0x161a40|call 0xfffffffffffffdb0|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ ntmarta.dll) ntdll!NtOpenEventPair : Unknown @ 0x77ce0300 (jmp 0x161a30|call 0xfffffffffffffc90|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtCreateSection : Unknown @ 0x250310 (jmp 0xffffffff886d24c0|call 0xfffffffffffffc70|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtTerminateThread : Unknown @ 0x2503f0 (jmp 0xffffffff886d2510|call 0xfffffffffffffba0|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtQueryObject : Unknown @ 0x250450 (jmp 0xffffffff886d29a0|call 0xfffffffffffffb40|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtOpenProcess : Unknown @ 0x250370 (jmp 0xffffffff886d2760|call 0xfffffffffffffc10|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtOpenThread : Unknown @ 0x250380 (jmp 0xffffffff886d19c0|call 0xfffffffffffffc10|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtWriteVirtualMemory : Unknown @ 0x2503b0 (jmp 0xffffffff886d2660|call 0xfffffffffffffbe0|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtTerminateProcess : Unknown @ 0x2503e0 (jmp 0xffffffff886d2770|call 0xfffffffffffffbb0|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtCreateThreadEx : Unknown @ 0x2503d0 (jmp 0xffffffff886d1fa0|call 0xfffffffffffffbc0|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtCreateThread : Unknown @ 0x2503c0 (jmp 0xffffffff886d2530|call 0xfffffffffffffbd0|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtSuspendThread : Unknown @ 0x250430 (jmp 0xffffffff886d12a0|call 0xfffffffffffffb60|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtSetContextThread : Unknown @ 0x250400 (jmp 0xffffffff886d1520|call 0xfffffffffffffb90|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtSetBootOptions : Unknown @ 0x250270 (jmp 0xffffffff886d13a0|call 0xfffffffffffffd20|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtOpenTimer : Unknown @ 0x250340 (jmp 0xffffffff886d1970|call 0xfffffffffffffc40|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtNotifyChangeMultipleKeys : Unknown @ 0x2504a0 (jmp 0xffffffff886d1c00|call 0xfffffffffffffaf0|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtSuspendProcess : Unknown @ 0x250420 (jmp 0xffffffff886d12a0|call 0xfffffffffffffb70|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtCreateTimer : Unknown @ 0x250330 (jmp 0xffffffff886d1ef0|call 0xfffffffffffffc50|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtSetSystemInformation : Unknown @ 0x2501f0 (jmp 0xffffffff886d1150|call 0xfffffffffffffda0|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtCreateIoCompletion : Unknown @ 0x250350 (jmp 0xffffffff886d2030|call 0xfffffffffffffc30|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtModifyBootEntry : Unknown @ 0x250250 (jmp 0xffffffff886d19f0|call 0xfffffffffffffd40|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtOpenMutant : Unknown @ 0x2502a0 (jmp 0xffffffff886d1960|call 0xfffffffffffffcf0|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtSetSystemPowerState : Unknown @ 0x250210 (jmp 0xffffffff886d1160|call 0xfffffffffffffd80|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtReplyWaitReceivePortEx : Unknown @ 0x250470 (jmp 0xffffffff886d2810|call 0xfffffffffffffb20|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtShutdownSystem : Unknown @ 0x250200 (jmp 0xffffffff886d10e0|call 0xfffffffffffffd90|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtOpenIoCompletion : Unknown @ 0x250360 (jmp 0xffffffff886d1a80|call 0xfffffffffffffc20|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtAddBootEntry : Unknown @ 0x250230 (jmp 0xffffffff886d21f0|call 0xfffffffffffffd60|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtReplyWaitReceivePort : Unknown @ 0x250460 (jmp 0xffffffff886d2a00|call 0xfffffffffffffb30|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtDeleteBootEntry : Unknown @ 0x250240 (jmp 0xffffffff886d1d60|call 0xfffffffffffffd50|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtSetBootEntryOrder : Unknown @ 0x250260 (jmp 0xffffffff886d13a0|call 0xfffffffffffffd30|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtOpenSection : Unknown @ 0x250320 (jmp 0xffffffff886d2600|call 0xfffffffffffffc60|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtDebugActiveProcess : Unknown @ 0x250410 (jmp 0xffffffff886d1f60|call 0xfffffffffffffb80|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtAssignProcessToJobObject : Unknown @ 0x2503a0 (jmp 0xffffffff886d2170|call 0xfffffffffffffbf0|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtOpenEvent : Unknown @ 0x2502e0 (jmp 0xffffffff886d2530|call 0xfffffffffffffcb0|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtAlpcSendWaitReceivePort : Unknown @ 0x250480 (jmp 0xffffffff886d2280|call 0xfffffffffffffb10|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtNotifyChangeKey : Unknown @ 0x250490 (jmp 0xffffffff886d1c00|call 0xfffffffffffffb00|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtOpenEventPair : Unknown @ 0x250300 (jmp 0xffffffff886d1a30|call 0xfffffffffffffc90|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtCreateEvent : Unknown @ 0x2502d0 (jmp 0xffffffff886d24a0|call 0xfffffffffffffcc0|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtCreateSemaphore : Unknown @ 0x2502b0 (jmp 0xffffffff886d1ea0|call 0xfffffffffffffce0|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtSystemDebugControl : Unknown @ 0x250220 (jmp 0xffffffff886d1080|call 0xfffffffffffffd70|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtCreateMutant : Unknown @ 0x250290 (jmp 0xffffffff886d1f10|call 0xfffffffffffffd00|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtLoadDriver : Unknown @ 0x2501e0 (jmp 0xffffffff886d1a40|call 0xfffffffffffffdb0|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtCreateEventPair : Unknown @ 0x2502f0 (jmp 0xffffffff886d1fe0|call 0xfffffffffffffca0|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtQueueApcThreadEx : Unknown @ 0x250440 (jmp 0xffffffff886d1780|call 0xfffffffffffffb50|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtDuplicateObject : Unknown @ 0x250390 (jmp 0xffffffff886d2620|call 0xfffffffffffffc00|jmp 0x19d)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtOpenSemaphore : Unknown @ 0x2502c0 (jmp 0xffffffff886d1930|call 0xfffffffffffffcd0|jmp 0x19d)

¤¤¤ Navigateurs web : 0 ¤¤¤
Haut
Malekal_morte
Messages : 113158
Inscription : 10 sept. 2005 13:57

Re: RogueKiller a detecté plusieurs hook IAT/EAT

par Malekal_morte »

Salut,

Ce n'est pas malicieux.
Vérifie avec MBAR.
Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas !
Comment protéger son PC des virus
Windows 11 : Compatibilité, Configuration minimale requise, télécharger ISO et installer Windows 11

Comment demander de l'aide sur le forum
Partagez malekal.com : n'hésitez pas à partager les articles qui vous plaisent sur la page Facebook du site.
Haut
  • Sujets similaires
    Réponses
    Vues
    Dernier message

Revenir à « Supprimer/Desinfecter les virus (Trojan, Adwares, Ransomwares, Backdoor, Spywares) »