Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Internet stockt beim Laden

Internet stockt beim Laden


Log-Analyse und Auswertung: Internet stockt beim Laden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Seite 2 von 2 1 2
Alt 15.10.2010, 21:56   #16
shiva_noir
 
Internet stockt beim Laden - Standard

Internet stockt beim Laden


Also hier erstmal das Ergebnis der Virustotal-Prüfung:

Zitat:
File name:dgderdrv.sys
Submission date:2010-10-15 20:50:20 (UTC)
Current status:queued queued analysing finished
Result:0/ 43 (0.0%)
MD5: d0d4f3ca1d3a4400e1f40f36a800cd12
SHA1: 7ceb03afaee62ef20c58fafde6df189cd3a805aa
SHA256: fad9e0019109d52480a5664e2c2422dbf4dfa6e2f317d3fc00351fbb90797123
Bisher besteht das gleiche Problem, manche Seiten brauchen unangenehm lang zum Aufbauen, oder Bilder / Elemente werden nicht geladen, andere widerum nicht. Und das kenn ich von meinem Rechner so nicht...

Ich lass jetzt GMER durchlaufen und poste das Logfile.

Lieben Dank
Shiva

Alt 15.10.2010, 23:04   #17
shiva_noir
 
Internet stockt beim Laden - Standard

Internet stockt beim Laden


Gmer lief sehr lange, wurde dann aber von einem Bluescreen unterbrochen.

PFN_LIST_CORRUPT
__________________
Alt 16.10.2010, 19:50   #18
Chris4You
 
Internet stockt beim Laden - Standard

Internet stockt beim Laden


Hi,

Rootkit Unhooker
Downloade Dir bitte RKUnhookerLE und speichere die Datei auf deinem Desktop.
  • Deaktiviere alle Hintergrundwächter. Besonders den deiner Anti Virensoftware.
  • Starte die RKUnhookerLE.exe
  • Klicke auf den Report Tab und danach auf Scan
  • Setze ein Häckchen bei
    • Drivers
    • Stealth Code
    • Files
    • Code Hooks
    Entferne alle anderen Hacken
  • Wenn Du gefragt wirst welcher Bereich gescannt werden soll, gehe sicher das deine Systemplatte ( meistens C: ) angehackt ist.
  • Klicke OK
  • Wenn der Scan beendet wurde
    File --> Save Report
    klicken.
  • Speichere die Datei als RKU.txt auf dem Desktop.
  • Klicke Close
Hinweis:
Solltest Du folgende Warnung bekommen
Zitat:
"Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?"
Klicke auf OK

und

MBR-Check
Lade Dir http://ad13.geekstogo.com/MBRCheck.exe und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
  • Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste bitte den Inhalt des .txt Dokumentes

chris
__________________
__________________
Alt 17.10.2010, 12:17   #19
shiva_noir
 
Internet stockt beim Laden - Standard

Internet stockt beim Laden


Hi Chris

Ich kann dir gar nicht oft danken, ich find das so klasse, wieviel Zeit ihr euch nehmt für die Probleme völlig fremder Leute.
Mal wieder ein riesen Lob an dich und auch ans Team

LG Shiva




Ich hab beides ausgeführt, hier die Logfiles:

Zitat:
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB73C6000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 10240000 bytes
0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 6283264 bytes
0xB4AF4000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4968448 bytes
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes
0xB71FF000 C:\WINDOWS\system32\DRIVERS\btkrnl.sys 1327104 bytes
0xB7E47000 Ntfs.sys 577536 bytes
0xB4797000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes
0xB70D9000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes
0xB498C000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes
0xB3C26000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes
0xB3DC8000 C:\WINDOWS\system32\DRIVERS\atksgt.sys 274432 bytes
0xB361A000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes
0xB4763000 C:\WINDOWS\system32\drivers\klif.sys 212992 bytes
0xB3CA6000 C:\WINDOWS\system32\drivers\btslbcsp.sys 204800 bytes
0xB7F78000 ACPI.sys 192512 bytes
0xB3EAB000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes
0xB7E1A000 NDIS.sys 184320 bytes
0xB33E7000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes
0xB4807000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes
0xB7366000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes
0xB4964000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes
0xB493E000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes
0xB4AD0000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes
0xB738E000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes
0xB7343000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes
0xB491C000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes
0xB4832000 E:\Programme\SUPERAntiSpyware\SASKUTIL.sys 139264 bytes
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes
0xB7F10000 fltmgr.sys 131072 bytes
0xB7F48000 ftdisk.sys 126976 bytes
0xB471D000 C:\WINDOWS\System32\Drivers\usbvideo.sys 122880 bytes
0xB7DD2000 kl1.sys 114688 bytes
0xB7DEE000 Mup.sys 106496 bytes
0xB7F30000 atapi.sys 98304 bytes
0xB4705000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB7EE7000 KSecDD.sys 94208 bytes
0xB7148000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes
0xB40E0000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes
0xB73B2000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes
0xB4A0D000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes
0xB7ED4000 WudfPf.sys 77824 bytes
0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes
0xB7E08000 sfdrv01.sys 73728 bytes
0xB7EFE000 sr.sys 73728 bytes
0xB7F67000 pci.sys 69632 bytes
0xB7137000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes
0xB716F000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes
0xB8278000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes
0xB8248000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes
0xB80A8000 ohci1394.sys 65536 bytes
0xB8258000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes
0xB8208000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes
0xB81B8000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes
0xB8288000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes
0xB4355000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes
0xB719F000 C:\WINDOWS\system32\drivers\usbaudio.sys 61440 bytes
0xB82F8000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes
0xB80B8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes
0xB718F000 C:\WINDOWS\System32\Drivers\btwusb.sys 57344 bytes
0xB80F8000 VolSnap.sys 57344 bytes
0xB8118000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes
0xB8238000 C:\WINDOWS\system32\DRIVERS\l1e51x86.sys 53248 bytes
0xB8298000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes
0xB82D8000 C:\WINDOWS\System32\Drivers\pcouffin.sys 49152 bytes
0xB82B8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes
0xB71EF000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes
0xB8268000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes
0xB80D8000 MountMgr.sys 45056 bytes
0xB82A8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes
0xB8228000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 40960 bytes
0xB80C8000 isapnp.sys 40960 bytes
0xB8308000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes
0xB71AF000 C:\WINDOWS\System32\Drivers\nx6000.sys 40960 bytes
0xB8128000 PxHelp20.sys 40960 bytes
0xB82E8000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes
0xB8108000 disk.sys 36864 bytes
0xB36CB000 C:\WINDOWS\system32\FsUsbExDisk.SYS 36864 bytes
0xB71BF000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes
0xB82C8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes
0xB81E8000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes
0xB38EE000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xB80E8000 sfsync02.sys 36864 bytes
0xB81F8000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes
0xB83E8000 C:\WINDOWS\system32\DRIVERS\klim5.sys 32768 bytes
0xB8468000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes
0xB8480000 C:\WINDOWS\System32\Drivers\SCDEmu.SYS 32768 bytes
0xB8338000 sfhlp02.sys 32768 bytes
0xB8490000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes
0xB83D8000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes
0xB8450000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes
0xB8408000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 28672 bytes
0xB8328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes
0xB8400000 C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys 28672 bytes
0xB8430000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes
0xB8438000 C:\WINDOWS\system32\drivers\btserial.sys 24576 bytes
0xB8410000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes
0xB8498000 E:\Programme\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes
0xB83D0000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes
0xB8458000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes
0xB84A8000 C:\WINDOWS\system32\DRIVERS\lirsgt.sys 20480 bytes
0xB8460000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes
0xB8330000 PartMgr.sys 20480 bytes
0xB83F0000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes
0xB83F8000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes
0xB8340000 C:\WINDOWS\system32\drivers\TDI.SYS 20480 bytes
0xB83B8000 C:\WINDOWS\System32\watchdog.sys 20480 bytes
0xB49ED000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes
0xB8590000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes
0xB43D5000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes
0xB857C000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes
0xB3522000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes
0xB84B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes
0xB374A000 C:\WINDOWS\System32\drivers\dgderdrv.sys 12288 bytes
0xB4860000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes
0xB4A40000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes
0xB8578000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes
0xB8588000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes
0xB70C9000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes
0xB85C8000 C:\WINDOWS\system32\DRIVERS\ASACPI.sys 8192 bytes
0xB85F6000 C:\WINDOWS\system32\drivers\AsIO.sys 8192 bytes
0xB85EE000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes
0xB8608000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xB85EC000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes
0xB85A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes
0xB85F0000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes
0xB8642000 C:\WINDOWS\system32\DRIVERS\psi_mf.sys 8192 bytes
0xB85F2000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes
0xB85CA000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes
0xB85CC000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes
0xB85AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes
0xB8753000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes
0xB8794000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes
0xB87DE000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes
0xB8670000 pciide.sys 4096 bytes
0xB8693000 C:\WINDOWS\System32\Drivers\PQNTDrv.SYS 4096 bytes
==============================================
>Stealth
==============================================
0x89F5CBF2 Unknown page with executable code, 1038 bytes
0x89F13B23 Unknown page with executable code, 1245 bytes
0x89F5D29A Unknown page with executable code, 3430 bytes
0x89F150E1 Unknown page with executable code, 3871 bytes
0x89F1D022 Unknown page with executable code, 4062 bytes
0x89F14E59 Unknown page with executable code, 423 bytes
0x89F7E170 Unknown thread object [ ETHREAD 0x89FB8020 ] , 600 bytes
0x89F5B140 Unknown thread object [ ETHREAD 0x89FB7020 ] TID: 704, 600 bytes
0x89F5B140 Unknown thread object [ ETHREAD 0x8AC6F5A0 ] TID: 708, 600 bytes
0x89F1B520 Unknown thread object [ ETHREAD 0x89FAD020 ] TID: 712, 600 bytes
0x89F1B520 Unknown thread object [ ETHREAD 0x8AC112F8 ] TID: 716, 600 bytes
0x89F1D580 Unknown thread object [ ETHREAD 0x8AC193D8 ] TID: 724, 600 bytes
0x89F1D580 Unknown thread object [ ETHREAD 0x89FA58B0 ] TID: 728, 600 bytes
0x89F1D580 Unknown thread object [ ETHREAD 0x8ACA7DA8 ] TID: 732, 600 bytes
0x89F1B520 Unknown thread object [ ETHREAD 0x89FAC020 ] TID: 736, 600 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Blizzard Entertainment\Logs\World of Warcraft Update\Logs\Blizzard Updater Log.html
!-->[Hidden] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX\E_Foto_Manager_2007\crm.ini
!-->[Hidden] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX\E_Foto_Manager_2007\FotoMaker.ini
!-->[Hidden] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX\E_Foto_Manager_2007\Installation.ini
!-->[Hidden] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX\E_Foto_Manager_2007\UserData\FotoMaker.ini
!-->[Hidden] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX\E_Music_Manager_2007\crm.ini
!-->[Hidden] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX\E_Music_Manager_2007\Installation.ini
!-->[Hidden] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX\E_Music_Manager_2007\MP3Maker.ini
!-->[Hidden] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX\E_Music_Manager_2007\UserData\MP3Maker.ini
!-->[Hidden] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX\Magix Music Maker\installation.ini
!-->[Hidden] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX\Magix Music Maker\TechnoMaker.ini
!-->[Hidden] C:\System Volume Information\_restore{0CF3EDD4-5782-497E-9321-688D0DCB4448}\RP207\A0045195.lnk
!-->[Hidden] C:\WINDOWS\Prefetch\MSPAINT.EXE-11CBB631.pf
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0002D4E4, Type: Inline - RelativeJump 0x805044E4-->805044FD [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D4FC, Type: Inline - RelativeJump 0x805044FC-->805044B8 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D548, Type: Inline - RelativeJump 0x80504548-->8050456C [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D550, Type: Inline - RelativeJump 0x80504550-->80504510 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D584, Type: Inline - RelativeJump 0x80504584-->80504540 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D59C, Type: Inline - RelativeJump 0x8050459C-->80504558 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D5BC, Type: Inline - RelativeJump 0x805045BC-->80504578 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D604, Type: Inline - RelativeJump 0x80504604-->805045C0 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D668, Type: Inline - RelativeJump 0x80504668-->80504624 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D700, Type: Inline - RelativeJump 0x80504700-->805046BC [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D744, Type: Inline - RelativeJump 0x80504744-->80504700 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D7A0, Type: Inline - RelativeJump 0x805047A0-->8050475C [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D7B0, Type: Inline - RelativeJump 0x805047B0-->8050476C [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D7B8, Type: Inline - RelativeJump 0x805047B8-->80504774 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D7D4, Type: Inline - RelativeJump 0x805047D4-->80504790 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D834, Type: Inline - RelativeJump 0x80504834-->805047F0 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D840, Type: Inline - RelativeJump 0x80504840-->805047FC [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D878, Type: Inline - RelativeJump 0x80504878-->80504834 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D884, Type: Inline - RelativeJump 0x80504884-->80504840 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D8D4, Type: Inline - RelativeJump 0x805048D4-->80504890 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0006ECBE, Type: Inline - RelativeJump 0x80545CBE-->80545CC5 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlCheckLockForReadAccess, Type: Inline - RelativeJump 0x804EAF84-->B47834C0 [klif.sys]
ntkrnlpa.exe-->IoCreateDevice, Type: EAT modification 0x80670574-->89F0CC00 [unknown_code_page]
ntkrnlpa.exe-->IoIsOperationSynchronous, Type: Inline - RelativeJump 0x804EF912-->B47839C0 [klif.sys]
tcpip.sys-->ntkrnlpa.exe-->IoCreateDevice, Type: IAT modification 0xB49CB488-->89F0CC00 [unknown_code_page]
wanarp.sys-->ntkrnlpa.exe-->IoCreateDevice, Type: IAT modification 0xB81FDC08-->89F0CC00 [unknown_code_page]
[1000]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [shimeng.dll]
[1000]explorer.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[1000]explorer.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[1000]explorer.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[1000]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [shimeng.dll]
[1000]explorer.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[1000]explorer.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[1000]explorer.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[1000]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[1000]explorer.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x010011D4-->00000000 [kernel32.dll]
[1000]explorer.exe-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x0100112C-->00000000 [kernel32.dll]
[1000]explorer.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x0100117C-->00000000 [kernel32.dll]
[1000]explorer.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x01001254-->00000000 [kernel32.dll]
[1000]explorer.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x719B1178-->00000000 [shimeng.dll]
[1000]explorer.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x719B1184-->00000000 [kernel32.dll]
[1000]explorer.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x719B11A0-->00000000 [kernel32.dll]
[1000]explorer.exe-->shell32.dll+0x00005128, Type: Inline - RelativeJump 0x7E675128-->00000000 [unknown_code_page]
[1000]explorer.exe-->shell32.dll+0x00008698, Type: Inline - RelativeJump 0x7E678698-->00000000 [unknown_code_page]
[1000]explorer.exe-->shell32.dll+0x00008FD0, Type: Inline - RelativeJump 0x7E678FD0-->00000000 [unknown_code_page]
[1000]explorer.exe-->shell32.dll+0x0000EF80, Type: Inline - RelativeJump 0x7E67EF80-->00000000 [shell32.dll]
[1000]explorer.exe-->shell32.dll+0x0000F0B8, Type: Inline - RelativeJump 0x7E67F0B8-->00000000 [unknown_code_page]
[1000]explorer.exe-->shell32.dll+0x00010A98, Type: Inline - RelativeJump 0x7E680A98-->00000000 [shell32.dll]
[1000]explorer.exe-->shell32.dll+0x00011CBC, Type: Inline - RelativeJump 0x7E681CBC-->00000000 [shell32.dll]
[1000]explorer.exe-->shell32.dll+0x000182BC, Type: Inline - RelativeJump 0x7E6882BC-->00000000 [shell32.dll]
[1000]explorer.exe-->shell32.dll+0x0002485C, Type: Inline - RelativeJump 0x7E69485C-->00000000 [shell32.dll]
[1000]explorer.exe-->shell32.dll+0x00034C94, Type: Inline - RelativeJump 0x7E6A4C94-->00000000 [unknown_code_page]
[1000]explorer.exe-->shell32.dll+0x0004E030, Type: Inline - RelativeJump 0x7E6BE030-->00000000 [shell32.dll]
[1000]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [shimeng.dll]
[1000]explorer.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[1000]explorer.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[1000]explorer.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[1000]explorer.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[1000]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [shimeng.dll]
[1000]explorer.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[1000]explorer.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[1000]explorer.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[1000]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x408B14B0-->00000000 [shimeng.dll]
[1000]explorer.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x408B14B4-->00000000 [kernel32.dll]
[1000]explorer.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x408B1450-->00000000 [kernel32.dll]
[1000]explorer.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x408B1350-->00000000 [kernel32.dll]
[1000]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->00000000 [shimeng.dll]
[1000]explorer.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->00000000 [kernel32.dll]
[1084]svchost.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[1084]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[1084]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[1084]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[1084]svchost.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[1084]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[1084]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[1084]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[1084]svchost.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001058-->00000000 [kernel32.dll]
[1084]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x010010A0-->00000000 [kernel32.dll]
[1084]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x0100105C-->00000000 [kernel32.dll]
[1084]svchost.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[1084]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[1084]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[1084]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[1084]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[1084]svchost.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[1084]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[1084]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[1084]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[1084]svchost.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x408B14B0-->00000000 [kernel32.dll]
[1084]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x408B14B4-->00000000 [kernel32.dll]
[1084]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x408B1450-->00000000 [kernel32.dll]
[1084]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x408B1350-->00000000 [kernel32.dll]
[1084]svchost.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->00000000 [kernel32.dll]
[1084]svchost.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->00000000 [kernel32.dll]
[1172]ACService.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[1172]ACService.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[1172]ACService.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[1172]ACService.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[1172]ACService.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[1172]ACService.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[1172]ACService.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[1172]ACService.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[1172]ACService.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x00412098-->00000000 [kernel32.dll]
[1172]ACService.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x004121DC-->00000000 [kernel32.dll]
[1172]ACService.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x00412094-->00000000 [kernel32.dll]
[1172]ACService.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[1172]ACService.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[1172]ACService.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[1172]ACService.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[1172]ACService.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[1172]ACService.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[1172]ACService.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[1172]ACService.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[1172]ACService.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[1224]svchost.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[1224]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[1224]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[1224]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[1224]svchost.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[1224]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[1224]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[1224]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[1224]svchost.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001058-->00000000 [kernel32.dll]
[1224]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x010010A0-->00000000 [kernel32.dll]
[1224]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x0100105C-->00000000 [kernel32.dll]
[1224]svchost.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[1224]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[1224]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[1224]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[1224]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[1224]svchost.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[1224]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[1224]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[1224]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[1280]RTHDCPL.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[1280]RTHDCPL.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[1280]RTHDCPL.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[1280]RTHDCPL.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[1280]RTHDCPL.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[1280]RTHDCPL.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[1280]RTHDCPL.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[1280]RTHDCPL.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[1280]RTHDCPL.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0074550C-->00000000 [kernel32.dll]
[1280]RTHDCPL.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x007455A4-->00000000 [kernel32.dll]
[1280]RTHDCPL.exe-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x007455A8-->00000000 [kernel32.dll]
[1280]RTHDCPL.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[1280]RTHDCPL.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[1280]RTHDCPL.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[1280]RTHDCPL.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[1280]RTHDCPL.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[1280]RTHDCPL.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[1280]RTHDCPL.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[1280]RTHDCPL.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[1280]RTHDCPL.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[1372]ctfmon.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[1372]ctfmon.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[1372]ctfmon.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[1372]ctfmon.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[1372]ctfmon.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[1372]ctfmon.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[1372]ctfmon.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[1372]ctfmon.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[1372]ctfmon.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x00401098-->00000000 [kernel32.dll]
[1372]ctfmon.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401060-->00000000 [kernel32.dll]
[1372]ctfmon.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[1372]ctfmon.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[1372]ctfmon.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[1372]ctfmon.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[1372]ctfmon.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[1372]ctfmon.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[1372]ctfmon.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[1372]ctfmon.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[1372]ctfmon.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[1412]csrss.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[1412]csrss.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[1412]csrss.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[1412]csrss.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[1412]csrss.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[1412]csrss.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[1412]csrss.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[1412]csrss.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[1412]csrss.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[1412]csrss.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[1412]csrss.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[1412]csrss.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[1440]winlogon.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[1440]winlogon.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[1440]winlogon.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[1440]winlogon.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[1440]winlogon.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[1440]winlogon.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[1440]winlogon.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[1440]winlogon.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[1440]winlogon.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001234-->00000000 [kernel32.dll]
[1440]winlogon.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x010013DC-->00000000 [kernel32.dll]
[1440]winlogon.exe-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x01001408-->00000000 [kernel32.dll]
[1440]winlogon.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x01001384-->00000000 [kernel32.dll]
[1440]winlogon.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x01001238-->00000000 [kernel32.dll]
[1440]winlogon.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[1440]winlogon.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[1440]winlogon.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[1440]winlogon.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[1440]winlogon.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[1440]winlogon.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[1440]winlogon.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[1440]winlogon.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[1440]winlogon.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[1440]winlogon.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x408B14B0-->00000000 [kernel32.dll]
[1440]winlogon.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x408B14B4-->00000000 [kernel32.dll]
[1440]winlogon.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x408B1450-->00000000 [kernel32.dll]
[1440]winlogon.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x408B1350-->00000000 [kernel32.dll]
[1440]winlogon.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->00000000 [kernel32.dll]
[1440]winlogon.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->00000000 [kernel32.dll]
[1484]services.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[1484]services.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[1484]services.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[1484]services.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[1484]services.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[1484]services.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[1484]services.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[1484]services.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[1484]services.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001138-->00000000 [kernel32.dll]
[1484]services.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x010010D4-->00000000 [kernel32.dll]
[1484]services.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x01001190-->00000000 [kernel32.dll]
[1484]services.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[1484]services.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[1484]services.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[1484]services.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[1484]services.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->00000000 [kernel32.dll]
[1484]services.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->00000000 [kernel32.dll]
[1496]lsass.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[1496]lsass.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[1496]lsass.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[1496]lsass.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[1496]lsass.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[1496]lsass.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[1496]lsass.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[1496]lsass.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[1496]lsass.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x719B1178-->00000000 [kernel32.dll]
[1496]lsass.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x719B1184-->00000000 [kernel32.dll]
[1496]lsass.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x719B11A0-->00000000 [kernel32.dll]
[1496]lsass.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[1496]lsass.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[1496]lsass.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[1496]lsass.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[1496]lsass.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[1496]lsass.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[1496]lsass.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[1496]lsass.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[1496]lsass.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[1496]lsass.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->00000000 [kernel32.dll]
[1496]lsass.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->00000000 [kernel32.dll]
[160]svchost.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[160]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[160]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[160]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[160]svchost.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[160]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[160]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[160]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[160]svchost.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001058-->00000000 [kernel32.dll]
[160]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x010010A0-->00000000 [kernel32.dll]
[160]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x0100105C-->00000000 [kernel32.dll]
[160]svchost.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[160]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[160]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[160]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[160]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[160]svchost.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[160]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[160]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[160]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[1652]nvsvc32.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[1652]nvsvc32.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[1652]nvsvc32.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[1652]nvsvc32.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[1652]nvsvc32.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[1652]nvsvc32.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[1652]nvsvc32.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[1652]nvsvc32.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[1652]nvsvc32.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0041E234-->00000000 [kernel32.dll]
[1652]nvsvc32.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x0041E0F8-->00000000 [kernel32.dll]
[1652]nvsvc32.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x0041E230-->00000000 [kernel32.dll]
[1652]nvsvc32.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[1652]nvsvc32.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[1652]nvsvc32.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[1652]nvsvc32.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[1652]nvsvc32.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[1652]nvsvc32.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[1652]nvsvc32.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[1652]nvsvc32.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[1652]nvsvc32.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[1652]nvsvc32.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->00000000 [kernel32.dll]
[1652]nvsvc32.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->00000000 [kernel32.dll]
[1696]dgdersvc.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[1696]dgdersvc.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[1696]dgdersvc.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[1696]dgdersvc.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[1696]dgdersvc.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[1696]dgdersvc.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[1696]dgdersvc.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[1696]dgdersvc.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[1696]dgdersvc.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040F0F4-->00000000 [kernel32.dll]
[1696]dgdersvc.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x0040F084-->00000000 [kernel32.dll]
[1696]dgdersvc.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[1696]dgdersvc.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[1696]dgdersvc.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[1696]dgdersvc.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[1696]dgdersvc.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[1696]dgdersvc.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[1696]dgdersvc.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[1696]dgdersvc.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[1696]dgdersvc.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[1708]svchost.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[1708]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[1708]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[1708]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[1708]svchost.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[1708]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[1708]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[1708]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[1708]svchost.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001058-->00000000 [kernel32.dll]
[1708]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x010010A0-->00000000 [kernel32.dll]
[1708]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x0100105C-->00000000 [kernel32.dll]
[1708]svchost.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[1708]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[1708]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[1708]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[1708]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[1708]svchost.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[1708]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[1708]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[1708]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[1708]svchost.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->00000000 [kernel32.dll]
[1708]svchost.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->00000000 [kernel32.dll]
[1804]svchost.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[1804]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[1804]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[1804]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[1804]svchost.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[1804]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[1804]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[1804]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[1804]svchost.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001058-->00000000 [kernel32.dll]
[1804]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x010010A0-->00000000 [kernel32.dll]
[1804]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x0100105C-->00000000 [kernel32.dll]
[1804]svchost.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x719B1178-->00000000 [kernel32.dll]
[1804]svchost.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x719B1184-->00000000 [kernel32.dll]
[1804]svchost.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x719B11A0-->00000000 [kernel32.dll]
[1804]svchost.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[1804]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[1804]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[1804]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[1804]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[1804]svchost.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[1804]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[1804]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[1804]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[1804]svchost.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->00000000 [kernel32.dll]
[1804]svchost.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->00000000 [kernel32.dll]
[1968]btwdins.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[1968]btwdins.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[1968]btwdins.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[1968]btwdins.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[1968]btwdins.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[1968]btwdins.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[1968]btwdins.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[1968]btwdins.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[1968]btwdins.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x00428268-->00000000 [kernel32.dll]
[1968]btwdins.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00428208-->00000000 [kernel32.dll]
[1968]btwdins.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004280DC-->00000000 [kernel32.dll]
[1968]btwdins.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x00428264-->00000000 [kernel32.dll]
[1968]btwdins.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[1968]btwdins.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[1968]btwdins.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[1968]btwdins.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[1968]btwdins.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->00000000 [kernel32.dll]
[1968]btwdins.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->00000000 [kernel32.dll]
[196]MSCamS32.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[196]MSCamS32.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[196]MSCamS32.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[196]MSCamS32.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[196]MSCamS32.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[196]MSCamS32.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[196]MSCamS32.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[196]MSCamS32.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[196]MSCamS32.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x004170C0-->00000000 [kernel32.dll]
[196]MSCamS32.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004170DC-->00000000 [kernel32.dll]
[196]MSCamS32.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x00417080-->00000000 [kernel32.dll]
[196]MSCamS32.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[196]MSCamS32.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[196]MSCamS32.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[196]MSCamS32.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[196]MSCamS32.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[196]MSCamS32.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[196]MSCamS32.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[196]MSCamS32.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[196]MSCamS32.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[1976]psi.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[1976]psi.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[1976]psi.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[1976]psi.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[1976]psi.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[1976]psi.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[1976]psi.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[1976]psi.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[1976]psi.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x00475338-->00000000 [kernel32.dll]
[1976]psi.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x0047528C-->00000000 [kernel32.dll]
[1976]psi.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x00475300-->00000000 [kernel32.dll]
[1976]psi.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x719B1178-->00000000 [kernel32.dll]
[1976]psi.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x719B1184-->00000000 [kernel32.dll]
[1976]psi.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x719B11A0-->00000000 [kernel32.dll]
[1976]psi.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[1976]psi.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[1976]psi.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[1976]psi.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[1976]psi.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[1976]psi.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[1976]psi.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[1976]psi.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[1976]psi.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[1976]psi.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x408B14B0-->00000000 [kernel32.dll]
[1976]psi.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x408B14B4-->00000000 [kernel32.dll]
[1976]psi.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x408B1450-->00000000 [kernel32.dll]
[1976]psi.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x408B1350-->00000000 [kernel32.dll]
[1976]psi.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->00000000 [kernel32.dll]
[1976]psi.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->00000000 [kernel32.dll]
[2024]svchost.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[2024]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[2024]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[2024]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[2024]svchost.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[2024]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[2024]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[2024]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[2024]svchost.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001058-->00000000 [kernel32.dll]
[2024]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x010010A0-->00000000 [kernel32.dll]
[2024]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x0100105C-->00000000 [kernel32.dll]
[2024]svchost.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x719B1178-->00000000 [kernel32.dll]
[2024]svchost.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x719B1184-->00000000 [kernel32.dll]
[2024]svchost.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x719B11A0-->00000000 [kernel32.dll]
[2024]svchost.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[2024]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[2024]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[2024]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[2024]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[2024]svchost.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[2024]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[2024]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[2024]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[2024]svchost.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x408B14B0-->00000000 [kernel32.dll]
[2024]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x408B14B4-->00000000 [kernel32.dll]
[2024]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x408B1450-->00000000 [kernel32.dll]
[2024]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x408B1350-->00000000 [kernel32.dll]
[2024]svchost.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->00000000 [kernel32.dll]
[2024]svchost.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->00000000 [kernel32.dll]
[220]plugin-container.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[220]plugin-container.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[220]plugin-container.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[220]plugin-container.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[220]plugin-container.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[220]plugin-container.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[220]plugin-container.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[220]plugin-container.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[220]plugin-container.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[220]plugin-container.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[220]plugin-container.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[220]plugin-container.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[220]plugin-container.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[220]plugin-container.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[220]plugin-container.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[220]plugin-container.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[220]plugin-container.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[220]plugin-container.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x7E3B531E-->00000000 [xul.dll]
[220]plugin-container.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x408B14B0-->00000000 [kernel32.dll]
[220]plugin-container.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x408B14B4-->00000000 [kernel32.dll]
[220]plugin-container.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x408B1450-->00000000 [kernel32.dll]
[220]plugin-container.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x408B1350-->00000000 [kernel32.dll]
[220]plugin-container.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->00000000 [kernel32.dll]
[220]plugin-container.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->00000000 [kernel32.dll]
[292]FsUsbExService.Exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[292]FsUsbExService.Exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[292]FsUsbExService.Exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[292]FsUsbExService.Exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[292]FsUsbExService.Exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[292]FsUsbExService.Exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[292]FsUsbExService.Exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[292]FsUsbExService.Exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[292]FsUsbExService.Exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x004262C8-->00000000 [kernel32.dll]
[292]FsUsbExService.Exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x004262C4-->00000000 [kernel32.dll]
[292]FsUsbExService.Exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[292]FsUsbExService.Exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[292]FsUsbExService.Exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[292]FsUsbExService.Exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[292]FsUsbExService.Exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[292]FsUsbExService.Exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[292]FsUsbExService.Exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[292]FsUsbExService.Exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[292]FsUsbExService.Exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[2936]wscntfy.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[2936]wscntfy.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[2936]wscntfy.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[2936]wscntfy.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[2936]wscntfy.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[2936]wscntfy.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[2936]wscntfy.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[2936]wscntfy.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[2936]wscntfy.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x01001024-->00000000 [kernel32.dll]
[2936]wscntfy.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[2936]wscntfy.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[2936]wscntfy.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[2936]wscntfy.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[2936]wscntfy.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[2936]wscntfy.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[2936]wscntfy.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[2936]wscntfy.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[2936]wscntfy.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[2948]firefox.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[2948]firefox.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[2948]firefox.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[2948]firefox.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[2948]firefox.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[2948]firefox.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[2948]firefox.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[2948]firefox.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[2948]firefox.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x00403030-->00000000 [kernel32.dll]
[2948]firefox.exe-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x00403034-->00000000 [kernel32.dll]
[2948]firefox.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x719B1178-->00000000 [kernel32.dll]
[2948]firefox.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x719B1184-->00000000 [kernel32.dll]
[2948]firefox.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x719B11A0-->00000000 [kernel32.dll]
[2948]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9263C3-->00000000 [firefox.exe]
[2948]firefox.exe-->shell32.dll+0x00008640, Type: Inline - RelativeJump 0x7E678640-->00000000 [unknown_code_page]
[2948]firefox.exe-->shell32.dll+0x0000EE64, Type: Inline - RelativeJump 0x7E67EE64-->00000000 [unknown_code_page]
[2948]firefox.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[2948]firefox.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[2948]firefox.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[2948]firefox.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[2948]firefox.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[2948]firefox.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[2948]firefox.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[2948]firefox.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[2948]firefox.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[2948]firefox.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x408B14B0-->00000000 [kernel32.dll]
[2948]firefox.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x408B14B4-->00000000 [kernel32.dll]
[2948]firefox.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x408B1450-->00000000 [kernel32.dll]
[2948]firefox.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x408B1350-->00000000 [kernel32.dll]
[2948]firefox.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->00000000 [kernel32.dll]
[2948]firefox.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->00000000 [kernel32.dll]
[3080]wmiapsrv.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[3080]wmiapsrv.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[3080]wmiapsrv.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[3080]wmiapsrv.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[3080]wmiapsrv.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[3080]wmiapsrv.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[3080]wmiapsrv.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[3080]wmiapsrv.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[3080]wmiapsrv.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x010011B8-->00000000 [kernel32.dll]
[3080]wmiapsrv.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x0100110C-->00000000 [kernel32.dll]
[3080]wmiapsrv.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[3080]wmiapsrv.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[3080]wmiapsrv.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[3080]wmiapsrv.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[3080]wmiapsrv.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[3080]wmiapsrv.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[3080]wmiapsrv.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[3080]wmiapsrv.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[3080]wmiapsrv.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[3080]wmiapsrv.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->00000000 [kernel32.dll]
[3080]wmiapsrv.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->00000000 [kernel32.dll]
[328]jqs.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[328]jqs.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[328]jqs.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[328]jqs.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[328]jqs.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[328]jqs.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[328]jqs.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[328]jqs.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[328]jqs.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x00417128-->00000000 [kernel32.dll]
[328]jqs.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x0041711C-->00000000 [kernel32.dll]
[328]jqs.exe-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x004170AC-->00000000 [kernel32.dll]
[328]jqs.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x719B1178-->00000000 [kernel32.dll]
[328]jqs.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x719B1184-->00000000 [kernel32.dll]
[328]jqs.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x719B11A0-->00000000 [kernel32.dll]
[328]jqs.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[328]jqs.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[328]jqs.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[328]jqs.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[328]jqs.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[328]jqs.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[328]jqs.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[328]jqs.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[328]jqs.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[328]jqs.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->00000000 [kernel32.dll]
[328]jqs.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->00000000 [kernel32.dll]
[3584]alg.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[3584]alg.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[3584]alg.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[3584]alg.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[3584]alg.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[3584]alg.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[3584]alg.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[3584]alg.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[3584]alg.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x719B1178-->00000000 [kernel32.dll]
[3584]alg.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x719B1184-->00000000 [kernel32.dll]
[3584]alg.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x719B11A0-->00000000 [kernel32.dll]
[3584]alg.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[3584]alg.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[3584]alg.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[3584]alg.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[3584]alg.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[3584]alg.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[3584]alg.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[3584]alg.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[3584]alg.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[3584]alg.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->00000000 [kernel32.dll]
[3584]alg.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->00000000 [kernel32.dll]
[3792]DM2005.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[3792]DM2005.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[3792]DM2005.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[3792]DM2005.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[3792]DM2005.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[3792]DM2005.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[3792]DM2005.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[3792]DM2005.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[3792]DM2005.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x00AC8F5C-->00000000 [kernel32.dll]
[3792]DM2005.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00AC8F64-->00000000 [kernel32.dll]
[3792]DM2005.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x719B1178-->00000000 [kernel32.dll]
[3792]DM2005.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x719B1184-->00000000 [kernel32.dll]
[3792]DM2005.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x719B11A0-->00000000 [kernel32.dll]
[3792]DM2005.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[3792]DM2005.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[3792]DM2005.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[3792]DM2005.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[3792]DM2005.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[3792]DM2005.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[3792]DM2005.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[3792]DM2005.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[3792]DM2005.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[3792]DM2005.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x408B14B0-->00000000 [kernel32.dll]
[3792]DM2005.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x408B14B4-->00000000 [kernel32.dll]
[3792]DM2005.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x408B1450-->00000000 [kernel32.dll]
[3792]DM2005.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x408B1350-->00000000 [kernel32.dll]
[3792]DM2005.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->00000000 [kernel32.dll]
[3792]DM2005.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->00000000 [kernel32.dll]
[448]svchost.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[448]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[448]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[448]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[448]svchost.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[448]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[448]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[448]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[448]svchost.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001058-->00000000 [kernel32.dll]
[448]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x010010A0-->00000000 [kernel32.dll]
[448]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x0100105C-->00000000 [kernel32.dll]
[448]svchost.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x719B1178-->00000000 [kernel32.dll]
[448]svchost.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x719B1184-->00000000 [kernel32.dll]
[448]svchost.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x719B11A0-->00000000 [kernel32.dll]
[448]svchost.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[448]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[448]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[448]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[448]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[448]svchost.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[448]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[448]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[448]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[448]svchost.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->00000000 [kernel32.dll]
[448]svchost.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->00000000 [kernel32.dll]
[620]spoolsv.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[620]spoolsv.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[620]spoolsv.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[620]spoolsv.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[620]spoolsv.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[620]spoolsv.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[620]spoolsv.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[620]spoolsv.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[620]spoolsv.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001104-->00000000 [kernel32.dll]
[620]spoolsv.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x010010CC-->00000000 [kernel32.dll]
[620]spoolsv.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x719B1178-->00000000 [kernel32.dll]
[620]spoolsv.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x719B1184-->00000000 [kernel32.dll]
[620]spoolsv.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x719B11A0-->00000000 [kernel32.dll]
[620]spoolsv.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[620]spoolsv.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[620]spoolsv.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[620]spoolsv.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[620]spoolsv.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[620]spoolsv.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[620]spoolsv.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[620]spoolsv.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[620]spoolsv.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[620]spoolsv.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->00000000 [kernel32.dll]
[620]spoolsv.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->00000000 [kernel32.dll]
[916]oodag.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[916]oodag.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[916]oodag.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[916]oodag.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[916]oodag.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[916]oodag.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[916]oodag.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[916]oodag.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[916]oodag.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x004D7210-->00000000 [kernel32.dll]
[916]oodag.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x004D7238-->00000000 [kernel32.dll]
[916]oodag.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004D7244-->00000000 [kernel32.dll]
[916]oodag.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x719B1178-->00000000 [kernel32.dll]
[916]oodag.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x719B1184-->00000000 [kernel32.dll]
[916]oodag.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x719B11A0-->00000000 [kernel32.dll]
[916]oodag.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[916]oodag.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[916]oodag.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[916]oodag.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[916]oodag.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[916]oodag.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[916]oodag.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[916]oodag.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[916]oodag.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[916]oodag.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->00000000 [kernel32.dll]
[916]oodag.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->00000000 [kernel32.dll]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

Zitat:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 137):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7F78000 ACPI.sys
0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB7F67000 pci.sys
0xB80A8000 ohci1394.sys
0xB80B8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB80C8000 isapnp.sys
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB80D8000 MountMgr.sys
0xB7F48000 ftdisk.sys
0xB8330000 PartMgr.sys
0xB80E8000 sfsync02.sys
0xB80F8000 VolSnap.sys
0xB7F30000 atapi.sys
0xB8108000 disk.sys
0xB8118000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB7F10000 fltmgr.sys
0xB7EFE000 sr.sys
0xB8128000 PxHelp20.sys
0xB7EE7000 KSecDD.sys
0xB7ED4000 WudfPf.sys
0xB7E47000 Ntfs.sys
0xB7E1A000 NDIS.sys
0xB8338000 sfhlp02.sys
0xB7E08000 sfdrv01.sys
0xB7DEE000 Mup.sys
0xB7DD2000 kl1.sys
0xB8340000 \WINDOWS\system32\drivers\TDI.SYS
0xB8228000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB73C6000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB73B2000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB83D0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB738E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB83D8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB7366000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8238000 \SystemRoot\system32\DRIVERS\l1e51x86.sys
0xB8248000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB85C8000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0xB8258000 \SystemRoot\system32\DRIVERS\serial.sys
0xB857C000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB8268000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB8278000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB8288000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB7343000 \SystemRoot\system32\DRIVERS\ks.sys
0xB71FF000 \SystemRoot\system32\DRIVERS\btkrnl.sys
0xB83E8000 \SystemRoot\system32\DRIVERS\klim5.sys
0xB8753000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB8298000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB8588000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB7148000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB82A8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB82B8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB7137000 \SystemRoot\system32\DRIVERS\psched.sys
0xB82C8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB83F0000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB83F8000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB8400000 \SystemRoot\system32\DRIVERS\teamviewervpn.sys
0xB82D8000 \SystemRoot\System32\Drivers\pcouffin.sys
0xB82E8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB8408000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB8410000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB85CA000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB70D9000 \SystemRoot\system32\DRIVERS\update.sys
0xB8590000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB82F8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB85CC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB8308000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB4AF4000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB4AD0000 \SystemRoot\system32\drivers\portcls.sys
0xB81B8000 \SystemRoot\system32\drivers\drmk.sys
0xB85EC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB87DE000 \SystemRoot\System32\Drivers\Null.SYS
0xB85EE000 \SystemRoot\System32\Drivers\Beep.SYS
0xB8450000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB8458000 \SystemRoot\System32\drivers\vga.sys
0xB85F0000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB85F2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB8460000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB8468000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB70C9000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB4A0D000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB498C000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB4964000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB493E000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB491C000 \SystemRoot\System32\drivers\afd.sys
0xB81E8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB8480000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0xB81F8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB4832000 \??\E:\Programme\SUPERAntiSpyware\SASKUTIL.sys
0xB8208000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB8490000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB8498000 \??\E:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
0xB4807000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB8693000 \SystemRoot\System32\Drivers\PQNTDrv.SYS
0xB4797000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB4763000 \??\C:\WINDOWS\system32\drivers\klif.sys
0xB71EF000 \SystemRoot\System32\Drivers\Fips.SYS
0xB85F6000 \SystemRoot\system32\drivers\AsIO.sys
0xB4A40000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB71BF000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB71AF000 \SystemRoot\System32\Drivers\nx6000.sys
0xB471D000 \SystemRoot\System32\Drivers\usbvideo.sys
0xB719F000 \SystemRoot\system32\drivers\usbaudio.sys
0xB8578000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB718F000 \SystemRoot\System32\Drivers\btwusb.sys
0xB716F000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB49ED000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB4705000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB8608000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB4860000 \SystemRoot\System32\drivers\Dxapi.sys
0xB83B8000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB8794000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB43D5000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB40E0000 \SystemRoot\system32\drivers\wdmaud.sys
0xB4355000 \SystemRoot\system32\drivers\sysaudio.sys
0xB3EAB000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB3DC8000 \SystemRoot\system32\DRIVERS\atksgt.sys
0xB8438000 \??\C:\WINDOWS\system32\drivers\btserial.sys
0xB3CA6000 \??\C:\WINDOWS\system32\drivers\btslbcsp.sys
0xB84A8000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0xB3C26000 \SystemRoot\system32\DRIVERS\srv.sys
0xB361A000 \SystemRoot\System32\Drivers\HTTP.sys
0xB374A000 \SystemRoot\System32\drivers\dgderdrv.sys
0xB36CB000 \??\C:\WINDOWS\system32\FsUsbExDisk.SYS
0xB8642000 \SystemRoot\system32\DRIVERS\psi_mf.sys
0xB3522000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xB8430000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xB33E7000 \SystemRoot\system32\drivers\kmixer.sys
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 32):
0 System Idle Process
4 SYSTEM
1288 C:\WINDOWS\system32\smss.exe
1412 csrss.exe
1440 C:\WINDOWS\system32\winlogon.exe
1484 C:\WINDOWS\system32\services.exe
1496 C:\WINDOWS\system32\lsass.exe
1652 C:\WINDOWS\system32\nvsvc32.exe
1708 C:\WINDOWS\system32\svchost.exe
1804 svchost.exe
2024 C:\WINDOWS\system32\svchost.exe
160 C:\WINDOWS\system32\svchost.exe
448 svchost.exe
620 C:\WINDOWS\system32\spoolsv.exe
1000 C:\WINDOWS\explorer.exe
1084 svchost.exe
1172 C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
1280 C:\WINDOWS\RTHDCPL.exe
1372 C:\WINDOWS\system32\ctfmon.exe
1968 E:\Programme\Bluetooth Software\Bluetooth Software\bin\btwdins.exe
1976 E:\Programme\Secunia\PSI\psi.exe
1696 C:\WINDOWS\system32\dgdersvc.exe
292 C:\WINDOWS\system32\FsUsbExService.Exe
328 E:\Programme\Java\jre6\bin\jqs.exe
196 C:\Programme\Microsoft LifeCam\MSCamS32.exe
916 C:\WINDOWS\system32\oodag.exe
1224 C:\WINDOWS\system32\svchost.exe
3080 C:\WINDOWS\system32\wbem\wmiapsrv.exe
3584 alg.exe
2936 C:\WINDOWS\system32\wscntfy.exe
2656 C:\Dokumente und Einstellungen\RSC Home\Desktop\MBRCheck.exe
388 E:\Programme\Mozilla Firefox\firefox.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000013`8aa9b800 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000020`eba7ca00 (NTFS)
\\.\G: --> \\.\PhysicalDrive0 at offset 0x00000028`576e9000 (NTFS)
\\.\H: --> \\.\PhysicalDrive0 at offset 0x0000004f`bd294800 (NTFS)
\\.\I: --> \\.\PhysicalDrive0 at offset 0x0000005b`f685a600 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHD502IJ, Rev: 1AA01113

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11


Done!

Alt 17.10.2010, 13:36   #20
shiva_noir
 
Internet stockt beim Laden - Standard

Internet stockt beim Laden


Hi Chris

Ich hab jetzt mal was anderes ausprobiert.
Die Kaspersky Software habe ich deinstalliert, danach auch CCleaner durchlaufen lassen, die Registry bereinigt, neugestartet und wieder AVG installiert.
Die AVG Software hat mich bisher eigentlich immer mer überzeugt, als die anderen, und bei Kaspersky ist mir ohnehin aufgefallen, dass der PC insgesamt ein wenig langsamer war, auch beim Systemstart.

Der erste Scan hat 6 Infizierungen gefunden und behoben, ich lasse jetzt nochmal komplett scannen und poste dir meinen Bericht.
Es wäre lieb, wenn du mir zu den Ergebnissen aus dem letzten Post deine Meinung schreibst.

Liebe Grüße
Shiva


Alt 17.10.2010, 19:48   #21
Chris4You
 
Internet stockt beim Laden - Standard

Internet stockt beim Laden


Hi,

sieht soweit ok aus...
Prüfe mal bei virustotal folgende Datei:
C:\WINDOWS\Prefetch\MSPAINT.EXE-11CBB631.pf

Im Hooker-Log sind viele Redirections enthalten, dafür ist aber hauptamtlich Kaspersky zuständig...

Was hat AVG gefunden?

chris
__________________
--> Internet stockt beim Laden

Alt 18.10.2010, 07:48   #22
shiva_noir
 
Internet stockt beim Laden - Standard

Internet stockt beim Laden


Also diese Datei im Prefetch Ordner kann ich nicht prüfen, die ist da nicht drin. Wäre aber möglich, dass ich während der Prüfung Paint kurz offen hatte. Daran könnts liegen...

AVG hatte 5 kleine Trojaner gefunden, untersteh dich aber zu fragen, wo genau Ich wollte ein Log speichern, das geht bei AVG aber irgendwie nicht, oder doch? Wenn ja, such ichs für dich raus, ansonsten weiß ichs leider nicht mehr, weil die danach sofort bereinigt hat und dann waren sie weg...

Ich hab gestern noch komplette Scans durchführen lassen von SuperAntispyware, MBAM und auch nochmal von AVG, und im Moment sieht alles sehr gut aus, keine Funde und auch keine Internetprobleme.

Ich denke, dieser Fall ist abgeschlossen.
Vielen vielen Dan ihr Lieben, so viele wüssten nicht, was sie ohne euch machen sollten. Ihr seid klasse.

Liebe Grüße und bis (hoffentlich nicht allzu) bald
Eure Shiva

Antwort
Seite 2 von 2 1 2

Themen zu Internet stockt beim Laden
bho, converter, cpu, desktop, dsl, einstellungen, error, excel, firefox, hijack, hijackthis, hkus\s-1-5-18, home, icq 6, internet, internet explorer, internet stockt, logfile, mein log, mp3, plug-in, rundll, security, senden, software, speedtest, starten, system, verbindungsgeschwindigkeit, windows, windows xp


« Bin mit TR/Crypt.XPACK.Gen3 infiziert, wie bekomme ich den weg? | Security Suite Virus nicht komplett gelöscht »


Ähnliche Themen: Internet stockt beim Laden


  1. Windows 7 meldet beim Start 'RegSvr32 Fehler beim Laden des Moduls "". ' seit mit Avira Malware entfernt wurde
    Log-Analyse und Auswertung - 10.10.2014 (22)
  2. Win 7: Beim Start 'RegSvr32 Fehler beim Laden des Moduls"".'
    Log-Analyse und Auswertung - 26.06.2014 (6)
  3. Sound stockt beim laden des Browsers
    Netzwerk und Hardware - 18.06.2014 (0)
  4. Win 7: beim Start kommt eine Fehlermeldung: Regsvr32 Fehler beim laden des Moduls
    Alles rund um Windows - 11.06.2014 (1)
  5. Server ist ausgelastet, Fehler beim Laden des Moduls "", Problem beim Starten
    Mülltonne - 21.04.2014 (1)
  6. Server ist ausgelastet, Fehler beim Laden des Moduls "", Problem beim Starten
    Plagegeister aller Art und deren Bekämpfung - 21.04.2014 (1)
  7. Vista: Webcam schaltet sich ein; Anruf auf PC; PC stockt im Internet
    Log-Analyse und Auswertung - 08.04.2014 (15)
  8. Tastatur, Maus stockt, symbole laden langsam
    Plagegeister aller Art und deren Bekämpfung - 19.03.2014 (11)
  9. Internet stockt, häbgt usw nach download
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (2)
  10. RUNDLL Fehler beim Starten - Fehler beim Laden von C:/Dokume~1/../Lokale~1/Temp/0.5.... .exe
    Plagegeister aller Art und deren Bekämpfung - 23.04.2012 (5)
  11. Pc stockt im Sound bei Musik und Videos sowie auch schon beim Start von Windows.
    Plagegeister aller Art und deren Bekämpfung - 12.11.2010 (5)
  12. Mein Internet stockt
    Log-Analyse und Auswertung - 16.10.2010 (3)
  13. Pc geht aus,beim speichern von datein oder laden,fuhr erst hoch, jetz geht er beim hochfahren aus
    Log-Analyse und Auswertung - 29.09.2010 (2)
  14. Fehlermeldung beim Starten von Windows Vista PC "Fehler beim Laden von C.\User\***\sshas21.dll
    Plagegeister aller Art und deren Bekämpfung - 28.08.2010 (13)
  15. Pc stockt beim Maus scroll
    Log-Analyse und Auswertung - 10.11.2009 (0)
  16. Pc stockt beim scrollen plötzlich
    Plagegeister aller Art und deren Bekämpfung - 10.11.2009 (0)
  17. Frau benötigt Hilfe beim Log-Lesen: PC stockt jede 2 Minuten für 30 Sekunden!
    Log-Analyse und Auswertung - 05.07.2008 (18)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Internet stockt beim Laden - Also hier erstmal das Ergebnis der Virustotal-Prüfung: Zitat: File name: dgderdrv.sys Submission date: 2010-10-15 20:50:20 (UTC) Current status: queued queued analysing finished Result: 0/ 43 (0.0%) MD5: d0d4f3ca1d3a4400e1f40f36a800cd12 SHA1: 7ceb03afaee62ef20c58fafde6df189cd3a805aa - Internet stockt beim Laden...
Archiv
Du betrachtest: Internet stockt beim Laden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129