MALWAREBYTES bloque sur système de fihiers - Virus/Spywares - Windows & Software
Marsh Posté le 19-05-2017 à 19:25:37
salut, 
 
as-tu essayé de booter en mode sans echec avant de faire une analyse ? 
 
sinon  
-aller dans les programmes installés, les classer par date, voir si par hasard un truc louche s'est installé. (certains malwares entrent par la grande porte de devant, et personne ne l'a vu...) 
 
et aussi si tu veux un scan plus rapide :  
- si tu as ccleaner, fais un nettoyage (permet d'éviter de scanner des tonnes de fichiers lors d'un scan) 
 sinon, vide  
 - la poubelle,  
 - le cache de ton/tes navigateur/s,  
 - tout ce qui est présent dans le répertoires c:\windows\temp\ (ne pas supprimer le répertoire..., uniquement supprimer tout ce que tu peux dedans), il se peut que les fichiers récents provoque un message du type "fichier en cours, impossible de supprimer" ignore les simplement. 
 
tu peux aussi essayer des outils comme  
 zhpdiag  : https://www.nicolascoolman.com/fr/download/zhpdiag/ 
 ou roguekiller : http://www.adlice.com/fr/download/roguekiller/ 
 
évidemment, il vaut mieux utiliser les versions portables (sans installation) téléchargées d'un autre pc. 
 
Marsh Posté le 20-05-2017 à 16:34:51
Bonjour, 
Merci pour tout ces renseignements, j'ai fait avast, j'ai ccleaner que je fais régulièrement, j'ai fait zhpdiaz rien de trouvé... 
 
Par contre je n'ai pas essayer le mode sans echec, je vais le faire en suivant merci beaucoup. 
A très vite et grand merci encore 
Marsh Posté le 20-05-2017 à 20:40:04
bonsoir, 
 
J'ai tout fait, même en mode sans échec ça bloque toujours. 
 
Si cela peur vous aider il bloque sur : C:\Windows\Manifests\amd64..... 
 
Voilà, je suis désolée, mais rien ne fonctionne pour le moment, toujours les mêmes problèmes. 
 
Que me suggérez-vous ? 
 
Je vous remercie. 
 
Claire 
Marsh Posté le 21-05-2017 à 02:00:05
Bonsoir, 
Je viens d'effectuer un scan ROGUEKILLER, il a trouvé beaucoup de choses. 
Je l'ai même acheté, donc version plus performante (soit disant), pour 13 euros pour 5 PC j'ai pas hésiter. 
 
Voici le rapport : 
 
RogueKiller V12.10.9.0 (x64) [May 15 2017] (Premium) par Adlice Software 
email : http://www.adlice.com/contact/ 
Remontées : https://forum.adlice.com 
Site web : http://www.adlice.com/fr/download/roguekiller/ 
Blog : http://www.adlice.com 
 
Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version 
Démarré en  : Mode normal 
Utilisateur : MOA [Administrateur] 
Démarré depuis : C:\Program Files\RogueKiller\RogueKiller64.exe 
Mode : Scan -- Date : 05/21/2017 00:19:23 (Durée : 00:23:26) 
 
¤¤¤ Processus : 0 ¤¤¤ 
 
¤¤¤ Registre : 0 ¤¤¤ 
 
¤¤¤ Tâches : 0 ¤¤¤ 
 
¤¤¤ Fichiers : 0 ¤¤¤ 
 
¤¤¤ WMI : 0 ¤¤¤ 
 
¤¤¤ Fichier Hosts : 0 ¤¤¤ 
 
¤¤¤ Antirootkit : 940 (Driver: Chargé) ¤¤¤ 
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_CREATE[0] : C:\Windows\System32\drivers\ataport.sys @ 0xfffff88001021878 
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_CREATE_NAMED_PIPE[1] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_CLOSE[2] : C:\Windows\System32\drivers\ataport.sys @ 0xfffff88001021878 
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_READ[3] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_WRITE[4] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_QUERY_INFORMATION[5] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_SET_INFORMATION[6] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_QUERY_EA[7] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_SET_EA[8] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_FLUSH_BUFFERS[9] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_QUERY_VOLUME_INFORMATION[10] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_SET_VOLUME_INFORMATION[11] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_DIRECTORY_CONTROL[12] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_FILE_SYSTEM_CONTROL[13] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_DEVICE_CONTROL[14] : C:\Windows\System32\drivers\ataport.sys @ 0xfffff88001007500 
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : C:\Windows\System32\drivers\ataport.sys @ 0xfffff880010074d8 
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_SHUTDOWN[16] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_LOCK_CONTROL[17] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_CLEANUP[18] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_CREATE_MAILSLOT[19] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_QUERY_SECURITY[20] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_SET_SECURITY[21] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_POWER[22] : C:\Windows\System32\drivers\ataport.sys @ 0xfffff88001007528 
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_SYSTEM_CONTROL[23] : C:\Windows\System32\drivers\ataport.sys @ 0xfffff8800101c4e0 
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_DEVICE_CHANGE[24] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_QUERY_QUOTA[25] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_SET_QUOTA[26] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_PNP[27] : C:\Windows\System32\drivers\ataport.sys @ 0xfffff8800101c4ac 
[IRP:Addr(Microsoft)] \Driver\atapi - DriverUnload[29] : C:\Windows\System32\drivers\ataport.sys @ 0xfffff8800101c514 
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_CREATE[0] : C:\Windows\System32\drivers\Classpnp.sys @ 0xfffff88001b0e9e0 
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_CREATE_NAMED_PIPE[1] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_CLOSE[2] : C:\Windows\System32\drivers\Classpnp.sys @ 0xfffff88001b0e9e0 
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_READ[3] : C:\Windows\System32\drivers\Classpnp.sys @ 0xfffff88001b0e9e0 
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_WRITE[4] : C:\Windows\System32\drivers\Classpnp.sys @ 0xfffff88001b0e9e0 
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_QUERY_INFORMATION[5] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_SET_INFORMATION[6] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_QUERY_EA[7] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_SET_EA[8] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_FLUSH_BUFFERS[9] : C:\Windows\System32\drivers\Classpnp.sys @ 0xfffff88001b0e9e0 
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_QUERY_VOLUME_INFORMATION[10] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_SET_VOLUME_INFORMATION[11] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_DIRECTORY_CONTROL[12] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_FILE_SYSTEM_CONTROL[13] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_DEVICE_CONTROL[14] : C:\Windows\System32\drivers\Classpnp.sys @ 0xfffff88001b0e9e0 
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : C:\Windows\System32\drivers\Classpnp.sys @ 0xfffff88001b0e9e0 
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_SHUTDOWN[16] : C:\Windows\System32\drivers\Classpnp.sys @ 0xfffff88001b0e9e0 
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_LOCK_CONTROL[17] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_CLEANUP[18] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_CREATE_MAILSLOT[19] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_QUERY_SECURITY[20] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_SET_SECURITY[21] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_POWER[22] : C:\Windows\System32\drivers\Classpnp.sys @ 0xfffff88001b0e9e0 
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_SYSTEM_CONTROL[23] : C:\Windows\System32\drivers\Classpnp.sys @ 0xfffff88001b0e9e0 
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_DEVICE_CHANGE[24] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_QUERY_QUOTA[25] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_SET_QUOTA[26] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_PNP[27] : C:\Windows\System32\drivers\Classpnp.sys @ 0xfffff88001b0e9e0 
[IRP:Addr(Microsoft)] \Driver\disk - DriverUnload[29] : C:\Windows\System32\drivers\Classpnp.sys @ 0xfffff88001b2fc90 
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_CREATE_NAMED_PIPE[1] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_WRITE[4] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_QUERY_INFORMATION[5] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_SET_INFORMATION[6] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_QUERY_EA[7] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_SET_EA[8] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_QUERY_VOLUME_INFORMATION[10] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_SET_VOLUME_INFORMATION[11] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_DIRECTORY_CONTROL[12] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_FILE_SYSTEM_CONTROL[13] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_SHUTDOWN[16] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_LOCK_CONTROL[17] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_CREATE_MAILSLOT[19] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_QUERY_SECURITY[20] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_SET_SECURITY[21] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_DEVICE_CHANGE[24] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_QUERY_QUOTA[25] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_SET_QUOTA[26] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800036b0c70 
[IAT:Addr] (explorer.exe) advapi32!EventWrite : C:\Windows\System32\ntdll.dll @ 0x77aa9930 
[IAT:Addr] (explorer.exe) advapi32!EventEnabled : C:\Windows\System32\ntdll.dll @ 0x77aaa0f0 
[IAT:Addr] (explorer.exe) advapi32!GetTraceLoggerHandle : C:\Windows\System32\ntdll.dll @ 0x77b36ea0 
[IAT:Addr] (explorer.exe) advapi32!GetTraceEnableLevel : C:\Windows\System32\ntdll.dll @ 0x77b36e60 
[IAT:Addr] (explorer.exe) advapi32!GetTraceEnableFlags : C:\Windows\System32\ntdll.dll @ 0x77b36e20 
[IAT:Addr] (explorer.exe) advapi32!RegisterTraceGuidsW : C:\Windows\System32\ntdll.dll @ 0x77abbfb0 
[IAT:Addr] (explorer.exe) advapi32!UnregisterTraceGuids : C:\Windows\System32\ntdll.dll @ 0x77aa2460 
[IAT:Addr] (explorer.exe) advapi32!EventRegister : C:\Windows\System32\ntdll.dll @ 0x77ab8710 
[IAT:Addr] (explorer.exe) advapi32!EventUnregister : C:\Windows\System32\ntdll.dll @ 0x77aa2460 
[IAT:Addr] (explorer.exe) advapi32!TraceMessage : C:\Windows\System32\ntdll.dll @ 0x77a93090 
[IAT:Addr] (explorer.exe) kernel32!InterlockedPushEntrySList : C:\Windows\System32\ntdll.dll @ 0x77ab4ed0 
[IAT:Addr] (explorer.exe) kernel32!InterlockedPopEntrySList : C:\Windows\System32\ntdll.dll @ 0x77acb080 
[IAT:Addr] (explorer.exe) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe) kernel32!ExitProcess : C:\Windows\System32\ntdll.dll @ 0x77aa2840 
[IAT:Addr] (explorer.exe) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa6540 
[IAT:Addr] (explorer.exe) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x77aa94cc 
[IAT:Addr] (explorer.exe @ advapi32.dll) kernel32!HeapSize : C:\Windows\System32\ntdll.dll @ 0x77aa6700 
[IAT:Addr] (explorer.exe @ advapi32.dll) kernel32!EncodePointer : C:\Windows\System32\ntdll.dll @ 0x77ab0a50 
[IAT:Addr] (explorer.exe @ advapi32.dll) kernel32!DecodePointer : C:\Windows\System32\ntdll.dll @ 0x77aa8080 
[IAT:Addr] (explorer.exe @ advapi32.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa6540 
[IAT:Addr] (explorer.exe @ advapi32.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x77ab0da0 
[IAT:Addr] (explorer.exe @ advapi32.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ advapi32.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ advapi32.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ advapi32.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ gdi32.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ gdi32.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ gdi32.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ gdi32.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa6540 
[IAT:Addr] (explorer.exe @ user32.dll) kernel32!ExitThread : C:\Windows\System32\ntdll.dll @ 0x77ac19a0 
[IAT:Addr] (explorer.exe @ usp10.dll) kernel32!HeapSize : C:\Windows\System32\ntdll.dll @ 0x77aa6700 
[IAT:Addr] (explorer.exe @ usp10.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ usp10.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ usp10.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa6540 
[IAT:Addr] (explorer.exe @ usp10.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ usp10.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ shlwapi.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ shlwapi.dll) kernel32!AcquireSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x77aa3b00 
[IAT:Addr] (explorer.exe @ shlwapi.dll) kernel32!ReleaseSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x77aa3b40 
[IAT:Addr] (explorer.exe @ shlwapi.dll) kernel32!ReleaseSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x77aa64a0 
[IAT:Addr] (explorer.exe @ shlwapi.dll) kernel32!AcquireSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x77aa6470 
[IAT:Addr] (explorer.exe @ shlwapi.dll) kernel32!InitializeSRWLock : C:\Windows\System32\ntdll.dll @ 0x77ab4320 
[IAT:Addr] (explorer.exe @ shlwapi.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x77aa94cc 
[IAT:Addr] (explorer.exe @ shlwapi.dll) user32!DefWindowProcA : C:\Windows\System32\ntdll.dll @ 0x77a9e6c4 
[IAT:Addr] (explorer.exe @ shell32.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x77aa94cc 
[IAT:Addr] (explorer.exe @ shell32.dll) kernel32!SetThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x77a9a6b0 
[IAT:Addr] (explorer.exe @ shell32.dll) kernel32!CloseThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x77a8cdd0 
[IAT:Addr] (explorer.exe @ ole32.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x77aa94cc 
[IAT:Addr] (explorer.exe @ ole32.dll) kernel32!WakeAllConditionVariable : C:\Windows\System32\ntdll.dll @ 0x77a9eea0 
[IAT:Addr] (explorer.exe @ ole32.dll) kernel32!InitializeConditionVariable : C:\Windows\System32\ntdll.dll @ 0x77ab4320 
[IAT:Addr] (explorer.exe @ oleaut32.dll) kernel32!InitOnceInitialize : C:\Windows\System32\ntdll.dll @ 0x77ab4320 
[IAT:Addr] (explorer.exe @ oleaut32.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa6540 
[IAT:Addr] (explorer.exe @ oleaut32.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ oleaut32.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ oleaut32.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ oleaut32.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ oleaut32.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x77aa94cc 
[IAT:Addr] (explorer.exe @ EXPLORERFRAME.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x77ab0da0 
[IAT:Addr] (explorer.exe @ EXPLORERFRAME.dll) kernel32!ReleaseSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x77aa64a0 
[IAT:Addr] (explorer.exe @ EXPLORERFRAME.dll) kernel32!AcquireSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x77aa6470 
[IAT:Addr] (explorer.exe @ EXPLORERFRAME.dll) kernel32!ReleaseSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x77aa3b40 
[IAT:Addr] (explorer.exe @ EXPLORERFRAME.dll) kernel32!AcquireSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x77aa3b00 
[IAT:Addr] (explorer.exe @ EXPLORERFRAME.dll) kernel32!InitializeSRWLock : C:\Windows\System32\ntdll.dll @ 0x77ab4320 
[IAT:Addr] (explorer.exe @ EXPLORERFRAME.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ EXPLORERFRAME.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ EXPLORERFRAME.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ EXPLORERFRAME.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ EXPLORERFRAME.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa6540 
[IAT:Addr] (explorer.exe @ EXPLORERFRAME.dll) advapi32!EventEnabled : C:\Windows\System32\ntdll.dll @ 0x77aaa0f0 
[IAT:Addr] (explorer.exe @ EXPLORERFRAME.dll) advapi32!TraceMessage : C:\Windows\System32\ntdll.dll @ 0x77a93090 
[IAT:Addr] (explorer.exe @ EXPLORERFRAME.dll) advapi32!EventUnregister : C:\Windows\System32\ntdll.dll @ 0x77aa2460 
[IAT:Addr] (explorer.exe @ EXPLORERFRAME.dll) advapi32!EventRegister : C:\Windows\System32\ntdll.dll @ 0x77ab8710 
[IAT:Addr] (explorer.exe @ EXPLORERFRAME.dll) advapi32!UnregisterTraceGuids : C:\Windows\System32\ntdll.dll @ 0x77aa2460 
[IAT:Addr] (explorer.exe @ EXPLORERFRAME.dll) advapi32!RegisterTraceGuidsW : C:\Windows\System32\ntdll.dll @ 0x77abbfb0 
[IAT:Addr] (explorer.exe @ EXPLORERFRAME.dll) advapi32!GetTraceEnableFlags : C:\Windows\System32\ntdll.dll @ 0x77b36e20 
[IAT:Addr] (explorer.exe @ EXPLORERFRAME.dll) advapi32!GetTraceEnableLevel : C:\Windows\System32\ntdll.dll @ 0x77b36e60 
[IAT:Addr] (explorer.exe @ EXPLORERFRAME.dll) advapi32!GetTraceLoggerHandle : C:\Windows\System32\ntdll.dll @ 0x77b36ea0 
[IAT:Addr] (explorer.exe @ EXPLORERFRAME.dll) advapi32!EventWrite : C:\Windows\System32\ntdll.dll @ 0x77aa9930 
[IAT:Addr] (explorer.exe @ EXPLORERFRAME.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x77aa94cc 
[IAT:Addr] (explorer.exe @ duser.dll) user32!DefWindowProcA : C:\Windows\System32\ntdll.dll @ 0x77a9e6c4 
[IAT:Addr] (explorer.exe @ duser.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ duser.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x77ab0da0 
[IAT:Addr] (explorer.exe @ duser.dll) kernel32!InitializeSListHead : C:\Windows\System32\ntdll.dll @ 0x77af2db0 
[IAT:Addr] (explorer.exe @ duser.dll) kernel32!InterlockedPushEntrySList : C:\Windows\System32\ntdll.dll @ 0x77ab4ed0 
[IAT:Addr] (explorer.exe @ duser.dll) kernel32!QueryDepthSList : C:\Windows\System32\ntdll.dll @ 0x77a93250 
[IAT:Addr] (explorer.exe @ duser.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ duser.dll) kernel32!InterlockedFlushSList : C:\Windows\System32\ntdll.dll @ 0x77aa53c0 
[IAT:Addr] (explorer.exe @ duser.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ duser.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ duser.dll) kernel32!InterlockedPopEntrySList : C:\Windows\System32\ntdll.dll @ 0x77acb080 
[IAT:Addr] (explorer.exe @ dui70.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x77aa94cc 
[IAT:Addr] (explorer.exe @ dui70.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x77ab0da0 
[IAT:Addr] (explorer.exe @ dui70.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ dui70.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ dui70.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ dui70.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa6540 
[IAT:Addr] (explorer.exe @ dui70.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ imm32.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x77aa94cc 
[IAT:Addr] (explorer.exe @ imm32.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ msctf.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ msctf.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ msctf.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ msctf.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x77aa94cc 
[IAT:Addr] (explorer.exe @ uxtheme.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa6540 
[IAT:Addr] (explorer.exe @ uxtheme.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ uxtheme.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ uxtheme.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ uxtheme.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ uxtheme.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x77ab0da0 
[IAT:Addr] (explorer.exe @ uxtheme.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x77aa94cc 
[IAT:Addr] (explorer.exe @ powrprof.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ powrprof.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ powrprof.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ powrprof.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa6540 
[IAT:Addr] (explorer.exe @ setupapi.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ setupapi.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ setupapi.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ setupapi.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ setupapi.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa6540 
[IAT:Addr] (explorer.exe @ setupapi.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x77ab0da0 
[IAT:Addr] (explorer.exe @ setupapi.dll) kernel32!VerSetConditionMask : C:\Windows\System32\ntdll.dll @ 0x77a944b0 
[IAT:Addr] (explorer.exe @ cfgmgr32.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa6540 
[IAT:Addr] (explorer.exe @ cfgmgr32.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ cfgmgr32.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ cfgmgr32.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ cfgmgr32.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x77ab0da0 
[IAT:Addr] (explorer.exe @ cfgmgr32.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ devobj.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x77ab0da0 
[IAT:Addr] (explorer.exe @ devobj.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ dwmapi.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ dwmapi.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa6540 
[IAT:Addr] (explorer.exe @ dwmapi.dll) kernel32!ExitProcess : C:\Windows\System32\ntdll.dll @ 0x77aa2840 
[IAT:Addr] (explorer.exe @ dwmapi.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x77ab0da0 
[IAT:Addr] (explorer.exe @ dwmapi.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ dwmapi.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ dwmapi.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ slc.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ GdiPlus.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ GdiPlus.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ GdiPlus.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ GdiPlus.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa6540 
[IAT:Addr] (explorer.exe @ GdiPlus.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ GdiPlus.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x77ab0da0 
[IAT:Addr] (explorer.exe @ GdiPlus.dll) user32!DefWindowProcA : C:\Windows\System32\ntdll.dll @ 0x77a9e6c4 
[IAT:Addr] (explorer.exe @ propsys.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa6540 
[IAT:Addr] (explorer.exe @ propsys.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ propsys.dll) kernel32!TryEnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa3970 
[IAT:Addr] (explorer.exe @ propsys.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ propsys.dll) kernel32!InitializeSRWLock : C:\Windows\System32\ntdll.dll @ 0x77ab4320 
[IAT:Addr] (explorer.exe @ propsys.dll) kernel32!AcquireSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x77aa6470 
[IAT:Addr] (explorer.exe @ propsys.dll) kernel32!ReleaseSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x77aa64a0 
[IAT:Addr] (explorer.exe @ propsys.dll) kernel32!AcquireSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x77aa3b00 
[IAT:Addr] (explorer.exe @ propsys.dll) kernel32!ReleaseSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x77aa3b40 
[IAT:Addr] (explorer.exe @ propsys.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ propsys.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ propsys.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x77ab0da0 
[IAT:Addr] (explorer.exe @ propsys.dll) advapi32!RegisterTraceGuidsW : C:\Windows\System32\ntdll.dll @ 0x77abbfb0 
[IAT:Addr] (explorer.exe @ nvinitx.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ nvinitx.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ nvinitx.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ nvinitx.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ nvinitx.dll) kernel32!EncodePointer : C:\Windows\System32\ntdll.dll @ 0x77ab0a50 
[IAT:Addr] (explorer.exe @ nvinitx.dll) kernel32!DecodePointer : C:\Windows\System32\ntdll.dll @ 0x77aa8080 
[IAT:Addr] (explorer.exe @ nvinitx.dll) kernel32!ExitProcess : C:\Windows\System32\ntdll.dll @ 0x77aa2840 
[IAT:Addr] (explorer.exe @ nvinitx.dll) kernel32!HeapSize : C:\Windows\System32\ntdll.dll @ 0x77aa6700 
[IAT:Addr] (explorer.exe @ nvinitx.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x77ab0da0 
[IAT:Addr] (explorer.exe @ winsta.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ winsta.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ winsta.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ winsta.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ winsta.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa6540 
[IAT:Addr] (explorer.exe @ comctl32.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x77aa94cc 
[IAT:Addr] (explorer.exe @ comctl32.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ comctl32.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ comctl32.dll) kernel32!HeapSize : C:\Windows\System32\ntdll.dll @ 0x77aa6700 
[IAT:Addr] (explorer.exe @ comctl32.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x77ab0da0 
[IAT:Addr] (explorer.exe @ comctl32.dll) kernel32!ReleaseSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x77aa64a0 
[IAT:Addr] (explorer.exe @ comctl32.dll) kernel32!AcquireSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x77aa6470 
[IAT:Addr] (explorer.exe @ comctl32.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ comctl32.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa6540 
[IAT:Addr] (explorer.exe @ comctl32.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ WindowsCodecs.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ WindowsCodecs.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ WindowsCodecs.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ WindowsCodecs.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ clbcatq.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ clbcatq.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ clbcatq.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ clbcatq.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ IDMShellExt64.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ IDMShellExt64.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ IDMShellExt64.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa6540 
[IAT:Addr] (explorer.exe @ IDMNetMon64.DLL) kernel32!ExitThread : C:\Windows\System32\ntdll.dll @ 0x77ac19a0 
[IAT:Addr] (explorer.exe @ IDMNetMon64.DLL) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x77aa94cc 
[IAT:Addr] (explorer.exe @ ashShA64.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ ashShA64.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ ashShA64.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ ashShA64.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x77ab0da0 
[IAT:Addr] (explorer.exe @ ashShA64.dll) kernel32!HeapSize : C:\Windows\System32\ntdll.dll @ 0x77aa6700 
[IAT:Addr] (explorer.exe @ ashShA64.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa6540 
[IAT:Addr] (explorer.exe @ ashShA64.dll) kernel32!ExitProcess : C:\Windows\System32\ntdll.dll @ 0x77aa2840 
[IAT:Addr] (explorer.exe @ ashShA64.dll) kernel32!ExitThread : C:\Windows\System32\ntdll.dll @ 0x77ac19a0 
[IAT:Addr] (explorer.exe @ ashShA64.dll) kernel32!InterlockedFlushSList : C:\Windows\System32\ntdll.dll @ 0x77aa53c0 
[IAT:Addr] (explorer.exe @ ashShA64.dll) kernel32!InterlockedPushEntrySList : C:\Windows\System32\ntdll.dll @ 0x77ab4ed0 
[IAT:Addr] (explorer.exe @ ashShA64.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ ashShA64.dll) kernel32!DecodePointer : C:\Windows\System32\ntdll.dll @ 0x77aa8080 
[IAT:Addr] (explorer.exe @ ashShA64.dll) kernel32!InitializeSListHead : C:\Windows\System32\ntdll.dll @ 0x77af2db0 
[IAT:Addr] (explorer.exe @ ashShA64.dll) kernel32!EncodePointer : C:\Windows\System32\ntdll.dll @ 0x77ab0a50 
[IAT:Addr] (explorer.exe @ msi.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ msi.dll) kernel32!ExitThread : C:\Windows\System32\ntdll.dll @ 0x77ac19a0 
[IAT:Addr] (explorer.exe @ msi.dll) kernel32!ExitProcess : C:\Windows\System32\ntdll.dll @ 0x77aa2840 
[IAT:Addr] (explorer.exe @ msi.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x77ab0da0 
[IAT:Addr] (explorer.exe @ msi.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ msi.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ msi.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa6540 
[IAT:Addr] (explorer.exe @ msi.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ msi.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x77aa94cc 
[IAT:Addr] (explorer.exe @ ASUSWSShellExt64.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ ASUSWSShellExt64.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa6540 
[IAT:Addr] (explorer.exe @ ASUSWSShellExt64.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ ASUSWSShellExt64.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ ASUSWSShellExt64.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ ASUSWSShellExt64.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x77ab0da0 
[IAT:Addr] (explorer.exe @ ASUSWSShellExt64.dll) kernel32!ExitProcess : C:\Windows\System32\ntdll.dll @ 0x77aa2840 
[IAT:Addr] (explorer.exe @ ASUSWSShellExt64.dll) kernel32!HeapSize : C:\Windows\System32\ntdll.dll @ 0x77aa6700 
[IAT:Addr] (explorer.exe @ EhStorShell.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa6540 
[IAT:Addr] (explorer.exe @ EhStorShell.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ EhStorShell.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ EhStorShell.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ EhStorShell.dll) advapi32!UnregisterTraceGuids : C:\Windows\System32\ntdll.dll @ 0x77aa2460 
[IAT:Addr] (explorer.exe @ EhStorShell.dll) advapi32!RegisterTraceGuidsW : C:\Windows\System32\ntdll.dll @ 0x77abbfb0 
[IAT:Addr] (explorer.exe @ EhStorShell.dll) advapi32!GetTraceEnableFlags : C:\Windows\System32\ntdll.dll @ 0x77b36e20 
[IAT:Addr] (explorer.exe @ EhStorShell.dll) advapi32!GetTraceEnableLevel : C:\Windows\System32\ntdll.dll @ 0x77b36e60 
[IAT:Addr] (explorer.exe @ EhStorShell.dll) advapi32!GetTraceLoggerHandle : C:\Windows\System32\ntdll.dll @ 0x77b36ea0 
[IAT:Addr] (explorer.exe @ EhStorShell.dll) advapi32!TraceMessage : C:\Windows\System32\ntdll.dll @ 0x77a93090 
[IAT:Addr] (explorer.exe @ ntshrui.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x77aa94cc 
[IAT:Addr] (explorer.exe @ ntshrui.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ ntshrui.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ ntshrui.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa6540 
[IAT:Addr] (explorer.exe @ ntshrui.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ ntshrui.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ rsaenh.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ rsaenh.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ rsaenh.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa6540 
[IAT:Addr] (explorer.exe @ rsaenh.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ rsaenh.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ rsaenh.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x77ab0da0 
[IAT:Addr] (explorer.exe @ SndVolSSO.DLL) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x77aa94cc 
[IAT:Addr] (explorer.exe @ SndVolSSO.DLL) kernel32!InterlockedPopEntrySList : C:\Windows\System32\ntdll.dll @ 0x77acb080 
[IAT:Addr] (explorer.exe @ SndVolSSO.DLL) kernel32!HeapSize : C:\Windows\System32\ntdll.dll @ 0x77aa6700 
[IAT:Addr] (explorer.exe @ SndVolSSO.DLL) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x77ab0da0 
[IAT:Addr] (explorer.exe @ SndVolSSO.DLL) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ SndVolSSO.DLL) kernel32!InterlockedPushEntrySList : C:\Windows\System32\ntdll.dll @ 0x77ab4ed0 
[IAT:Addr] (explorer.exe @ SndVolSSO.DLL) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ SndVolSSO.DLL) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ SndVolSSO.DLL) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ SndVolSSO.DLL) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa6540 
[IAT:Addr] (explorer.exe @ MMDevAPI.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x77aa94cc 
[IAT:Addr] (explorer.exe @ MMDevAPI.dll) kernel32!CloseThreadpoolCleanupGroup : C:\Windows\System32\ntdll.dll @ 0x77a877c0 
[IAT:Addr] (explorer.exe @ MMDevAPI.dll) kernel32!CloseThreadpoolCleanupGroupMembers : C:\Windows\System32\ntdll.dll @ 0x77a876c0 
[IAT:Addr] (explorer.exe @ MMDevAPI.dll) kernel32!CloseThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x77a8cdd0 
[IAT:Addr] (explorer.exe @ MMDevAPI.dll) kernel32!WaitForThreadpoolTimerCallbacks : C:\Windows\System32\ntdll.dll @ 0x77a8d070 
[IAT:Addr] (explorer.exe @ MMDevAPI.dll) kernel32!SetThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x77a9a6b0 
[IAT:Addr] (explorer.exe @ MMDevAPI.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x77ab0da0 
[IAT:Addr] (explorer.exe @ MMDevAPI.dll) kernel32!HeapSize : C:\Windows\System32\ntdll.dll @ 0x77aa6700 
[IAT:Addr] (explorer.exe @ MMDevAPI.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ MMDevAPI.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ MMDevAPI.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ MMDevAPI.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa6540 
[IAT:Addr] (explorer.exe @ MMDevAPI.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ timedate.cpl) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ timedate.cpl) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ timedate.cpl) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ timedate.cpl) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa6540 
[IAT:Addr] (explorer.exe @ timedate.cpl) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ timedate.cpl) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x77aa94cc 
[IAT:Addr] (explorer.exe @ atl.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ atl.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ atl.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ atl.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa6540 
[IAT:Addr] (explorer.exe @ atl.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ atl.dll) kernel32!InterlockedPopEntrySList : C:\Windows\System32\ntdll.dll @ 0x77acb080 
[IAT:Addr] (explorer.exe @ atl.dll) kernel32!InterlockedPushEntrySList : C:\Windows\System32\ntdll.dll @ 0x77ab4ed0 
[IAT:Addr] (explorer.exe @ atl.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x77aa94cc 
[IAT:Addr] (explorer.exe @ ntmarta.dll) kernel32!ExitThread : C:\Windows\System32\ntdll.dll @ 0x77ac19a0 
[IAT:Addr] (explorer.exe @ Wldap32.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ Wldap32.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ Wldap32.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ Wldap32.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa6540 
[IAT:Addr] (explorer.exe @ Wldap32.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ shdocvw.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ shdocvw.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x77aa94cc 
[IAT:Addr] (explorer.exe @ gameux.dll) kernel32!HeapSize : C:\Windows\System32\ntdll.dll @ 0x77aa6700 
[IAT:Addr] (explorer.exe @ gameux.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x77ab0da0 
[IAT:Addr] (explorer.exe @ gameux.dll) kernel32!ReleaseSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x77aa3b40 
[IAT:Addr] (explorer.exe @ gameux.dll) kernel32!AcquireSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x77aa3b00 
[IAT:Addr] (explorer.exe @ gameux.dll) kernel32!ReleaseSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x77aa64a0 
[IAT:Addr] (explorer.exe @ gameux.dll) kernel32!AcquireSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x77aa6470 
[IAT:Addr] (explorer.exe @ gameux.dll) kernel32!InitializeSRWLock : C:\Windows\System32\ntdll.dll @ 0x77ab4320 
[IAT:Addr] (explorer.exe @ gameux.dll) kernel32!ExitProcess : C:\Windows\System32\ntdll.dll @ 0x77aa2840 
[IAT:Addr] (explorer.exe @ gameux.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ gameux.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ gameux.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ gameux.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ gameux.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa6540 
[IAT:Addr] (explorer.exe @ xmllite.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ crypt32.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa6540 
[IAT:Addr] (explorer.exe @ crypt32.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ crypt32.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x77ab0da0 
[IAT:Addr] (explorer.exe @ crypt32.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ crypt32.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ crypt32.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ wer.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ wer.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ wer.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ wer.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ shacct.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa6540 
[IAT:Addr] (explorer.exe @ shacct.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ shacct.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ shacct.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ msftedit.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ msftedit.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa6540 
[IAT:Addr] (explorer.exe @ msftedit.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ msftedit.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x77ab0da0 
[IAT:Addr] (explorer.exe @ msftedit.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ msftedit.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ msftedit.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x77aa94cc 
[IAT:Addr] (explorer.exe @ msftedit.dll) user32!DefWindowProcA : C:\Windows\System32\ntdll.dll @ 0x77a9e6c4 
[IAT:Addr] (explorer.exe @ tiptsf.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x77aa94cc 
[IAT:Addr] (explorer.exe @ tiptsf.dll) kernel32!InterlockedPushEntrySList : C:\Windows\System32\ntdll.dll @ 0x77ab4ed0 
[IAT:Addr] (explorer.exe @ tiptsf.dll) kernel32!InterlockedPopEntrySList : C:\Windows\System32\ntdll.dll @ 0x77acb080 
[IAT:Addr] (explorer.exe @ tiptsf.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ tiptsf.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ tiptsf.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ tiptsf.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ tiptsf.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa6540 
[IAT:Addr] (explorer.exe @ tiptsf.dll) advapi32!EventUnregister : C:\Windows\System32\ntdll.dll @ 0x77aa2460 
[IAT:Addr] (explorer.exe @ tiptsf.dll) advapi32!EventWrite : C:\Windows\System32\ntdll.dll @ 0x77aa9930 
[IAT:Addr] (explorer.exe @ tiptsf.dll) advapi32!EventRegister : C:\Windows\System32\ntdll.dll @ 0x77ab8710 
[IAT:Addr] (explorer.exe @ authui.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x77aa94cc 
[IAT:Addr] (explorer.exe @ authui.dll) kernel32!DecodePointer : C:\Windows\System32\ntdll.dll @ 0x77aa8080 
[IAT:Addr] (explorer.exe @ authui.dll) kernel32!EncodePointer : C:\Windows\System32\ntdll.dll @ 0x77ab0a50 
[IAT:Addr] (explorer.exe @ authui.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x77ab0da0 
[IAT:Addr] (explorer.exe @ authui.dll) kernel32!HeapSize : C:\Windows\System32\ntdll.dll @ 0x77aa6700 
[IAT:Addr] (explorer.exe @ authui.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ authui.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ authui.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ authui.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa6540 
[IAT:Addr] (explorer.exe @ authui.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ cryptui.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x77aa94cc 
[IAT:Addr] (explorer.exe @ cryptui.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ cryptui.dll) kernel32!InterlockedPopEntrySList : C:\Windows\System32\ntdll.dll @ 0x77acb080 
[IAT:Addr] (explorer.exe @ cryptui.dll) kernel32!InterlockedPushEntrySList : C:\Windows\System32\ntdll.dll @ 0x77ab4ed0 
[IAT:Addr] (explorer.exe @ cryptui.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ cryptui.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ cryptui.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ cryptui.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa6540 
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa6540 
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!InitializeSRWLock : C:\Windows\System32\ntdll.dll @ 0x77ab4320 
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!AcquireSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x77aa6470 
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!ReleaseSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x77aa64a0 
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!AcquireSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x77aa3b00 
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!ReleaseSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x77aa3b40 
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!EncodePointer : C:\Windows\System32\ntdll.dll @ 0x77ab0a50 
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!DecodePointer : C:\Windows\System32\ntdll.dll @ 0x77aa8080 
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!ExitThread : C:\Windows\System32\ntdll.dll @ 0x77ac19a0 
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!TryEnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa3970 
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!CloseThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x77a91a60 
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!CloseThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x77a8cdd0 
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!WaitForThreadpoolTimerCallbacks : C:\Windows\System32\ntdll.dll @ 0x77a8d070 
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!SetThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x77a9a6b0 
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!WaitForThreadpoolWorkCallbacks : C:\Windows\System32\ntdll.dll @ 0x77b4a2c0 
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!SubmitThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x77a91ba0 
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!SetThreadpoolWait : C:\Windows\System32\ntdll.dll @ 0x77a9d320 
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!CloseThreadpoolWait : C:\Windows\System32\ntdll.dll @ 0x77a8bea0 
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!WaitForThreadpoolWaitCallbacks : C:\Windows\System32\ntdll.dll @ 0x77a84470 
[IAT:Addr] (explorer.exe @ urlmon.dll) user32!DefWindowProcA : C:\Windows\System32\ntdll.dll @ 0x77a9e6c4 
[IAT:Addr] (explorer.exe @ urlmon.dll) advapi32!EventSetInformation : C:\Windows\System32\ntdll.dll @ 0x77afe300 
[IAT:Addr] (explorer.exe @ urlmon.dll) advapi32!RegisterTraceGuidsA : C:\Windows\System32\ntdll.dll @ 0x77a9e6e0 
[IAT:Addr] (explorer.exe @ iertutil.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa6540 
[IAT:Addr] (explorer.exe @ iertutil.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ iertutil.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ iertutil.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ iertutil.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ iertutil.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x77ab0da0 
[IAT:Addr(Microsoft)] (explorer.exe @ iertutil.dll) kernel32!DeleteProcThreadAttributeList : C:\Windows\System32\KERNELBASE.dll @ 0x7fefdad0ee0 
[IAT:Addr(Microsoft)] (explorer.exe @ iertutil.dll) kernel32!UpdateProcThreadAttribute : C:\Windows\System32\KERNELBASE.dll @ 0x7fefdad2dd0 
[IAT:Addr(Microsoft)] (explorer.exe @ iertutil.dll) kernel32!InitializeProcThreadAttributeList : C:\Windows\System32\KERNELBASE.dll @ 0x7fefdad2d50 
[IAT:Addr] (explorer.exe @ iertutil.dll) kernel32!InitializeSRWLock : C:\Windows\System32\ntdll.dll @ 0x77ab4320 
[IAT:Addr] (explorer.exe @ iertutil.dll) kernel32!AcquireSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x77aa6470 
[IAT:Addr] (explorer.exe @ iertutil.dll) kernel32!ReleaseSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x77aa64a0 
[IAT:Addr] (explorer.exe @ iertutil.dll) kernel32!AcquireSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x77aa3b00 
[IAT:Addr] (explorer.exe @ iertutil.dll) kernel32!ReleaseSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x77aa3b40 
[IAT:Addr] (explorer.exe @ iertutil.dll) kernel32!EncodePointer : C:\Windows\System32\ntdll.dll @ 0x77ab0a50 
[IAT:Addr] (explorer.exe @ iertutil.dll) kernel32!DecodePointer : C:\Windows\System32\ntdll.dll @ 0x77aa8080 
[IAT:Addr] (explorer.exe @ iertutil.dll) kernel32!DeleteBoundaryDescriptor : C:\Windows\System32\ntdll.dll @ 0x77b454f0 
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!AcquireSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x77aa3b00 
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!CancelThreadpoolIo : C:\Windows\System32\ntdll.dll @ 0x77b4a730 
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!StartThreadpoolIo : C:\Windows\System32\ntdll.dll @ 0x77a90270 
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!CloseThreadpoolIo : C:\Windows\System32\ntdll.dll @ 0x77a952a0 
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa6540 
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x77ab0da0 
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!InitializeConditionVariable : C:\Windows\System32\ntdll.dll @ 0x77ab4320 
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!WakeAllConditionVariable : C:\Windows\System32\ntdll.dll @ 0x77a9eea0 
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!InitializeSRWLock : C:\Windows\System32\ntdll.dll @ 0x77ab4320 
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!ReleaseSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x77aa64a0 
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!ReleaseSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x77aa3b40 
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!AcquireSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x77aa6470 
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!HeapSize : C:\Windows\System32\ntdll.dll @ 0x77aa6700 
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!CloseThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x77a91a60 
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!SubmitThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x77a91ba0 
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!WaitForThreadpoolWorkCallbacks : C:\Windows\System32\ntdll.dll @ 0x77b4a2c0 
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!CloseThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x77a8cdd0 
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!SetThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x77a9a6b0 
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!WaitForThreadpoolTimerCallbacks : C:\Windows\System32\ntdll.dll @ 0x77a8d070 
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!CloseThreadpoolWait : C:\Windows\System32\ntdll.dll @ 0x77a8bea0 
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!SetThreadpoolWait : C:\Windows\System32\ntdll.dll @ 0x77a9d320 
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!WaitForThreadpoolWaitCallbacks : C:\Windows\System32\ntdll.dll @ 0x77a84470 
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!FreeLibraryWhenCallbackReturns : C:\Windows\System32\ntdll.dll @ 0x77b493a0 
[IAT:Addr] (explorer.exe @ winmm.dll) user32!DefWindowProcA : C:\Windows\System32\ntdll.dll @ 0x77a9e6c4 
[IAT:Addr] (explorer.exe @ winmm.dll) kernel32!HeapSize : C:\Windows\System32\ntdll.dll @ 0x77aa6700 
[IAT:Addr] (explorer.exe @ winmm.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x77ab0da0 
[IAT:Addr] (explorer.exe @ winmm.dll) kernel32!ExitThread : C:\Windows\System32\ntdll.dll @ 0x77ac19a0 
[IAT:Addr] (explorer.exe @ winmm.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa6540 
[IAT:Addr] (explorer.exe @ winmm.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ winmm.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ winmm.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ winmm.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ wdmaud.drv) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa6540 
[IAT:Addr] (explorer.exe @ wdmaud.drv) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ wdmaud.drv) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ wdmaud.drv) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ wdmaud.drv) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ wdmaud.drv) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x77ab0da0 
[IAT:Addr] (explorer.exe @ wdmaud.drv) kernel32!HeapSize : C:\Windows\System32\ntdll.dll @ 0x77aa6700 
[IAT:Addr] (explorer.exe @ wdmaud.drv) advapi32!GetTraceEnableFlags : C:\Windows\System32\ntdll.dll @ 0x77b36e20 
[IAT:Addr] (explorer.exe @ wdmaud.drv) advapi32!GetTraceLoggerHandle : C:\Windows\System32\ntdll.dll @ 0x77b36ea0 
[IAT:Addr] (explorer.exe @ wdmaud.drv) advapi32!UnregisterTraceGuids : C:\Windows\System32\ntdll.dll @ 0x77aa2460 
[IAT:Addr] (explorer.exe @ wdmaud.drv) advapi32!GetTraceEnableLevel : C:\Windows\System32\ntdll.dll @ 0x77b36e60 
[IAT:Addr] (explorer.exe @ wdmaud.drv) advapi32!RegisterTraceGuidsW : C:\Windows\System32\ntdll.dll @ 0x77abbfb0 
[IAT:Addr] (explorer.exe @ wdmaud.drv) advapi32!TraceMessage : C:\Windows\System32\ntdll.dll @ 0x77a93090 
[IAT:Addr] (explorer.exe @ ksuser.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ AudioSes.dll) kernel32!HeapSize : C:\Windows\System32\ntdll.dll @ 0x77aa6700 
[IAT:Addr] (explorer.exe @ AudioSes.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x77ab0da0 
[IAT:Addr] (explorer.exe @ AudioSes.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ AudioSes.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ AudioSes.dll) kernel32!CloseThreadpoolCleanupGroup : C:\Windows\System32\ntdll.dll @ 0x77a877c0 
[IAT:Addr] (explorer.exe @ AudioSes.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa6540 
[IAT:Addr] (explorer.exe @ AudioSes.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ AudioSes.dll) kernel32!CloseThreadpoolCleanupGroupMembers : C:\Windows\System32\ntdll.dll @ 0x77a876c0 
[IAT:Addr] (explorer.exe @ AudioSes.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ AudioSes.dll) advapi32!RegisterTraceGuidsW : C:\Windows\System32\ntdll.dll @ 0x77abbfb0 
[IAT:Addr] (explorer.exe @ AudioSes.dll) advapi32!TraceEvent : C:\Windows\System32\ntdll.dll @ 0x77b506c0 
[IAT:Addr] (explorer.exe @ AudioSes.dll) advapi32!EventWrite : C:\Windows\System32\ntdll.dll @ 0x77aa9930 
[IAT:Addr] (explorer.exe @ AudioSes.dll) advapi32!TraceMessage : C:\Windows\System32\ntdll.dll @ 0x77a93090 
[IAT:Addr] (explorer.exe @ AudioSes.dll) advapi32!GetTraceEnableLevel : C:\Windows\System32\ntdll.dll @ 0x77b36e60 
[IAT:Addr] (explorer.exe @ AudioSes.dll) advapi32!EventRegister : C:\Windows\System32\ntdll.dll @ 0x77ab8710 
[IAT:Addr] (explorer.exe @ AudioSes.dll) advapi32!UnregisterTraceGuids : C:\Windows\System32\ntdll.dll @ 0x77aa2460 
[IAT:Addr] (explorer.exe @ AudioSes.dll) advapi32!GetTraceLoggerHandle : C:\Windows\System32\ntdll.dll @ 0x77b36ea0 
[IAT:Addr] (explorer.exe @ AudioSes.dll) advapi32!EventUnregister : C:\Windows\System32\ntdll.dll @ 0x77aa2460 
[IAT:Addr] (explorer.exe @ AudioSes.dll) advapi32!GetTraceEnableFlags : C:\Windows\System32\ntdll.dll @ 0x77b36e20 
[IAT:Addr] (explorer.exe @ msacm32.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa6540 
[IAT:Addr] (explorer.exe @ msacm32.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ msacm32.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ msacm32.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ midimap.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa6540 
[IAT:Addr] (explorer.exe @ midimap.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ midimap.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ midimap.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ stobject.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x77aa94cc 
[IAT:Addr] (explorer.exe @ stobject.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa39a0 
[IAT:Addr] (explorer.exe @ stobject.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77aa6540 
[IAT:Addr] (explorer.exe @ stobject.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda00 
[IAT:Addr] (explorer.exe @ stobject.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x77acda50 
[IAT:Addr] (explorer.exe @ stobject.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x77acdc60 
[IAT:Addr] (explorer.exe @ stobject.dll) kernel32!EncodePointer : C:\Windows\System32\ntdll.dll @ 0x77ab
Marsh Posté le 21-05-2017 à 12:00:02
| claire1100r a écrit : Bonsoir,  | 
 
 
rien à signaler 
 
 
| claire1100r a écrit :   | 
 
 
c'est la liste des programmes résidents (drivers, routines sys windows, etc..), ce n'est pas un liste de malwares. 
dans cette liste, j'ai rien vu (à 1ere vue) d'alarmant, si ce n'est un windowscodec. 
 
as-tu télécharger des codecs pour visionner des films, si oui, lesquels ? 
 
 
 
Marsh Posté le 21-05-2017 à 14:00:01
Bonjour, 
 
Tout d’abord merci pour ta réponse, en voyant tout ça, j'ai eu vraiment peur, je suis maintenant soulagée. 
 
Non, pas à mon souvenir car j'ai un boitier multimédia et des disques dur externes pour les films. 
 
Je ne peut malheureusement pas t'aider plus. 
 
Et pour Malwarebytes qui se bloque tout le temps à C:\Windows\Manifests\amd64.... Ca cache quoi ? 
 
Merci et bonne aprem 
Marsh Posté le 21-05-2017 à 23:16:03
désolé pour les réponses intermitentes, mais platre/poncage/peinture en ce moment... 
 
windows manifest :  
les fichiers manifest sont utilisés par windows et ses différentes dll 
en très gros : les manifest gèrent le comportement d'une application en fonction du windows sur lequel il tourne (xp, 8, 7, 10 , nt , server,etc...), ces fichiers sont bien connu des developpeurs qui compilent des applis par exemple avec visual studio. 
 
maintenant pourquoi ton scan bloque la dessus... je ne sais pas... 
 
1) d'abord  : "J'ai Malwarebytes PREMIUM "version payante" ainsi qu'Avast PREMIUM + SecureLine VPN " 
je trouve qu'avec ça déjà , même sans malware, il y a de quoi ralentir ton pc. 
 
peux-tu désactiver tout ça, réactiver "windows defender" , c'est à dire l'antivir de microsoft par défaut 
et faire un scan avancé/complet avec de dernier. 
 
2) les pubs  sur internet 
malheureusement, ce n'est plus l'apanage des malwares, mêmes les sites "normaux" pop des pubs toutes les 10 secondes... (j'exagère, quoique..) 
peux-tu indiquer par exemple 1 ou 2 sites ou tu vois ces pubs qui normalement n'auraient pas lieu d'être. 
 
 
3) quel browser utilises-tu ? edge ? firefox ? chrome ? 
as-tu essayé plusieurs navigateurs, cela fait pareil sur tous ? 
 
Marsh Posté le 21-05-2017 à 23:19:23
suite :  
 
4) as-tu un disque ssd , un hdd ? 
 
5) peux-tu installer Hdd Health et indiquer l'état de ton (ou tes disques durs) 
 
6) as tu fait un "bouton droit" propriété / outil / Vérification sur ton / tes disque c: d: etc...
Marsh Posté le 21-05-2017 à 23:28:05
7) si tu peux: affiche les programmes installés, classe les par date (plus récent en haut) et fais une capture écran et poste la.
Marsh Posté le 22-05-2017 à 11:12:16
Ce sujet a été déplacé de la catégorie Hardware vers la categorie Windows & Software par TotalRecall
Marsh Posté le 22-05-2017 à 11:24:29
Pour pouvoir t'aider il faudrait que tu poste le rapport complet de ZHPDiag avec www.cjoint.com
Marsh Posté le 19-05-2017 à 19:09:37
Bonsoir,
Je me permets de créer un nouveau message car mon PC portable (ASUS X93S Séries) est sûrement infecté.
Il est très lent, bloque sur internet, n'ouvre pas les sites, pubs..., et surtout Malwarebytes qui bloque sur analyse de système de fichiers (jusqu'à 10 heures de scan et toujours sur analyse de syst-me de fichiers !!!!)
J'ai Malwarebytes PREMIUM "version payante" ainsi qu'Avast PREMIUM + SecureLine VPN
Je pense qu'il y a un problème et je vous remercie par avance de bien vouloir m'apporter votre aide.
Claire