воскресенье, 17 апреля 2011 г.

паранойя

будучи злобным и недоверчивым параноиком я периодически проверяю всякое на своих компах, и вот давеча при инсталляции под 32битной windows7 очередной Нужной Хрени узрел чудное - кучу iat hijaqing в процессе C:\Windows\System32\msiexec.exe
Причем virustotal на эти C:\windows\AppPatch\AcGenral.DLL & C:\windows\system32\apphelp.dll ничего не говорит.
Зачем они это делают ? Как они попали в адресное пространство msiexec.exe ? Что это вообще за директория AppPatch ?
Полный лог прилагается

IAT Patched KERNEL32.dll.CopyFileW in module ADVAPI32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.GetProcAddress in module ADVAPI32.dll process 5572 by C:\windows\system32\apphelp.dll
IAT Patched KERNEL32.dll.CreateFileW in module ADVAPI32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.MoveFileW in module ADVAPI32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.DeleteFileW in module ADVAPI32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched ADVAPI32.dll.RegDeleteValueW in module CFGMGR32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched ADVAPI32.dll.RegSetValueExW in module CFGMGR32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched ADVAPI32.dll.RegOpenKeyExW in module CFGMGR32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched ADVAPI32.dll.RegCreateKeyExW in module CFGMGR32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.GetProcAddress in module CFGMGR32.dll process 5572 by C:\windows\system32\apphelp.dll
IAT Patched ADVAPI32.dll.RegDeleteValueW in module CLBCatQ.DLL process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched ADVAPI32.dll.RegCreateKeyExW in module CLBCatQ.DLL process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched ADVAPI32.dll.RegOpenKeyExW in module CLBCatQ.DLL process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched ADVAPI32.dll.RegSetValueExW in module CLBCatQ.DLL process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.MoveFileExW in module CLBCatQ.DLL process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.CreateFileW in module CLBCatQ.DLL process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.SetFileAttributesW in module CLBCatQ.DLL process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.DeleteFileW in module CLBCatQ.DLL process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.MoveFileW in module CLBCatQ.DLL process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.GetProcAddress in module CLBCatQ.DLL process 5572 by C:\windows\system32\apphelp.dll
IAT Patched kernel32.dll.RegCreateKeyExW in module COMCTL32.DLL process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegOpenKeyExW in module COMCTL32.DLL process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegSetValueExW in module COMCTL32.DLL process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.CreateFileW in module COMCTL32.DLL process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.GetProcAddress in module COMCTL32.DLL process 5572 by C:\windows\system32\apphelp.dll
IAT Patched kernel32.dll.RegOpenKeyExW in module CRYPT32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegSetValueExW in module CRYPT32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegDeleteValueW in module CRYPT32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegSetValueExA in module CRYPT32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegOpenKeyExA in module CRYPT32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegCreateKeyExA in module CRYPT32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegCreateKeyExW in module CRYPT32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernelbase.dll.SetFileSecurityW in module CRYPT32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.CreateFileA in module CRYPT32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.SetFileAttributesW in module CRYPT32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.DeleteFileW in module CRYPT32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.CreateFileW in module CRYPT32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.GetProcAddress in module CRYPT32.dll process 5572 by C:\windows\system32\apphelp.dll
IAT Patched kernelbase.dll.GetProcAddress in module CRYPTBASE.dll process 5572 by C:\windows\system32\apphelp.dll
IAT Patched kernel32.dll.CreateFileW in module CRYPTSP.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.CreateFileA in module CRYPTSP.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernelbase.dll.GetProcAddress in module CRYPTSP.dll process 5572 by C:\windows\system32\apphelp.dll
IAT Patched kernel32.dll.RegOpenKeyExA in module CRYPTSP.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegSetValueExA in module CRYPTSP.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegDeleteValueA in module CRYPTSP.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegCreateKeyExA in module CRYPTSP.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegOpenKeyExW in module CRYPTSP.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernelbase.dll.GetProcAddress in module DEVOBJ.dll process 5572 by C:\windows\system32\apphelp.dll
IAT Patched KERNEL32.dll.GetProcAddress in module dwmapi.dll process 5572 by C:\windows\system32\apphelp.dll
IAT Patched kernel32.dll.RegOpenKeyExW in module GDI32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.CopyFileW in module GDI32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.DeleteFileW in module GDI32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.GetProcAddress in module GDI32.dll process 5572 by C:\windows\system32\apphelp.dll
IAT Patched KERNEL32.dll.CreateFileW in module GDI32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.CreateFileW in module iertutil.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.SetFileAttributesW in module iertutil.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.GetProcAddress in module iertutil.dll process 5572 by C:\windows\system32\apphelp.dll
IAT Patched ADVAPI32.dll.RegDeleteValueW in module iertutil.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched ADVAPI32.dll.RegSetValueExW in module iertutil.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched ADVAPI32.dll.RegOpenKeyExA in module iertutil.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched ADVAPI32.dll.RegOpenKeyExW in module iertutil.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched ADVAPI32.dll.RegCreateKeyExW in module iertutil.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegCreateKeyExW in module IMM32.DLL process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegSetValueExW in module IMM32.DLL process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegOpenKeyExW in module IMM32.DLL process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.OpenFile in module IMM32.DLL process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.GetProcAddress in module IMM32.DLL process 5572 by C:\windows\system32\apphelp.dll
IAT Patched kernelbase.dll.AccessCheck in module kernel32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegCreateKeyExW in module MPR.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegSetValueExW in module MPR.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegOpenKeyExW in module MPR.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegDeleteValueW in module MPR.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.GetProcAddress in module MPR.dll process 5572 by C:\windows\system32\apphelp.dll
IAT Patched KERNEL32.dll.GetProcAddress in module MSACM32.dll process 5572 by C:\windows\system32\apphelp.dll
IAT Patched ADVAPI32.dll.RegCreateKeyW in module MSACM32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched ADVAPI32.dll.RegCreateKeyA in module MSACM32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched ADVAPI32.dll.RegDeleteValueA in module MSACM32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched ADVAPI32.dll.RegOpenKeyExA in module MSACM32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched ADVAPI32.dll.RegDeleteValueW in module MSACM32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched ADVAPI32.dll.RegOpenKeyExW in module MSACM32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched ADVAPI32.dll.RegSetValueExA in module MSACM32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched ADVAPI32.dll.RegSetValueExW in module MSACM32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched ADVAPI32.dll.RegCreateKeyExW in module MSACM32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegOpenKeyExA in module MSASN1.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegSetValueExW in module MSCTF.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegCreateKeyExW in module MSCTF.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegOpenKeyExW in module MSCTF.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegDeleteValueW in module MSCTF.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.GetProcAddress in module MSCTF.dll process 5572 by C:\windows\system32\apphelp.dll
IAT Patched ADVAPI32.dll.SetFileSecurityW in module msi.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched ADVAPI32.dll.RegCreateKeyExW in module msi.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched ADVAPI32.dll.RegSetValueExA in module msi.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched ADVAPI32.dll.RegOpenKeyExW in module msi.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched ADVAPI32.dll.RegDeleteKeyW in module msi.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched ADVAPI32.dll.RegSetValueExW in module msi.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched ADVAPI32.dll.RegDeleteValueW in module msi.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.SetFileAttributesW in module msi.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.DeleteFileW in module msi.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.GetProcAddress in module msi.dll process 5572 by C:\windows\system32\apphelp.dll
IAT Patched KERNEL32.dll.CreateFileW in module msi.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.MoveFileExW in module msi.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.MoveFileW in module msi.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched ADVAPI32.dll.RegOpenKeyExW in module msiexec.exe process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched ADVAPI32.dll.RegCreateKeyExW in module msiexec.exe process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched ADVAPI32.dll.RegSetValueExW in module msiexec.exe process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched ADVAPI32.dll.RegDeleteValueW in module msiexec.exe process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.GetProcAddress in module msiexec.exe process 5572 by C:\windows\system32\apphelp.dll
IAT Patched kernel32.dll.SetFileAttributesA in module msvcrt.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.DeleteFileA in module msvcrt.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.SetFileAttributesW in module msvcrt.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.DeleteFileW in module msvcrt.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.CreateFileW in module msvcrt.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.CreateFileA in module msvcrt.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernelbase.dll.GetProcAddress in module msvcrt.dll process 5572 by C:\windows\system32\apphelp.dll
IAT Patched kernel32.dll.CreateFileW in module ole32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.DeleteFileW in module ole32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernelbase.dll.GetProcAddress in module ole32.dll process 5572 by C:\windows\system32\apphelp.dll
IAT Patched kernel32.dll.RegCreateKeyExA in module ole32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegSetValueExA in module ole32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegDeleteValueW in module ole32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegOpenKeyExW in module ole32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegOpenKeyExA in module ole32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegCreateKeyExW in module ole32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegSetValueExW in module ole32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernelbase.dll.AccessCheck in module ole32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.GetVersion in module ole32.dll process 5572 by C:\windows\AppPatch\AcLayers.DLL
IAT Patched ole32.dll.CoCreateInstance in module OLEAUT32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.GetProcAddress in module OLEAUT32.dll process 5572 by C:\windows\system32\apphelp.dll
IAT Patched KERNEL32.dll._lwrite in module OLEAUT32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.CreateFileW in module OLEAUT32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.CreateFileA in module OLEAUT32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegSetValueExW in module OLEAUT32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegOpenKeyExA in module OLEAUT32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegCreateKeyExW in module OLEAUT32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegOpenKeyExW in module OLEAUT32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegSetValueExA in module OLEAUT32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.SetFileAttributesW in module profapi.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.CreateFileW in module profapi.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernelbase.dll.GetProcAddress in module profapi.dll process 5572 by C:\windows\system32\apphelp.dll
IAT Patched kernel32.dll.RegOpenKeyExW in module profapi.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegSetValueExW in module profapi.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegCreateKeyExW in module profapi.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.CreateFileW in module RPCRT4.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegOpenKeyExA in module RPCRT4.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegOpenKeyExW in module RPCRT4.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegSetValueExA in module RPCRT4.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegCreateKeyExA in module RPCRT4.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernelbase.dll.GetProcAddress in module RPCRT4.dll process 5572 by C:\windows\system32\apphelp.dll
IAT Patched kernelbase.dll.GetProcAddress in module RpcRtRemote.dll process 5572 by C:\windows\system32\apphelp.dll
IAT Patched kernel32.dll.RegOpenKeyExW in module RpcRtRemote.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegOpenKeyExA in module rsaenh.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.GetProcAddress in module rsaenh.dll process 5572 by C:\windows\system32\apphelp.dll
IAT Patched KERNEL32.dll.RegSetValueExA in module rsaenh.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.RegCreateKeyExA in module rsaenh.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.CreateFileW in module rsaenh.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.MoveFileExW in module rsaenh.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.DeleteFileW in module rsaenh.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernelbase.dll.GetProcAddress in module samcli.dll process 5572 by C:\windows\system32\apphelp.dll
IAT Patched kernelbase.dll.GetProcAddress in module sechost.dll process 5572 by C:\windows\system32\apphelp.dll
IAT Patched kernel32.dll.RegOpenKeyExW in module sechost.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.RegOpenKeyExW in module SETUPAPI.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.CopyFileW in module SETUPAPI.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.MoveFileExW in module SETUPAPI.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.CreateFileA in module SETUPAPI.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.RegCreateKeyExW in module SETUPAPI.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.RegDeleteValueW in module SETUPAPI.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.RegSetValueExW in module SETUPAPI.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.GetProcAddress in module SETUPAPI.dll process 5572 by C:\windows\system32\apphelp.dll
IAT Patched KERNEL32.dll.SetFileAttributesW in module SETUPAPI.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.DeleteFileW in module SETUPAPI.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.MoveFileW in module SETUPAPI.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.CreateFileW in module SETUPAPI.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernelbase.dll.SetFileSecurityW in module SETUPAPI.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegOpenKeyExW in module sfc_os.DLL process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.GetProcAddress in module sfc_os.DLL process 5572 by C:\windows\system32\apphelp.dll
IAT Patched kernel32.dll.DeleteFileW in module SHELL32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.SetFileAttributesW in module SHELL32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.CreateFileW in module SHELL32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernelbase.dll.GetProcAddress in module SHELL32.dll process 5572 by C:\windows\system32\apphelp.dll
IAT Patched kernel32.dll.RegOpenKeyExW in module SHELL32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegSetValueExW in module SHELL32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegCreateKeyExW in module SHELL32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegDeleteValueW in module SHELL32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegOpenKeyExA in module SHELL32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernelbase.dll.AccessCheck in module SHELL32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernelbase.dll.SetFileSecurityW in module SHELL32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.MoveFileExW in module SHELL32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.MoveFileW in module SHELL32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.CopyFileW in module SHELL32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.DeleteFileW in module SHLWAPI.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.SetFileAttributesW in module SHLWAPI.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.CreateFileW in module SHLWAPI.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.SetFileAttributesA in module SHLWAPI.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.CreateFileA in module SHLWAPI.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.GetProcAddress in module SHLWAPI.dll process 5572 by C:\windows\system32\apphelp.dll
IAT Patched kernel32.dll.RegOpenKeyExA in module SHLWAPI.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegCreateKeyExA in module SHLWAPI.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegSetValueExA in module SHLWAPI.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegDeleteValueA in module SHLWAPI.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegCreateKeyExW in module SHLWAPI.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegOpenKeyExW in module SHLWAPI.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegSetValueExW in module SHLWAPI.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegDeleteValueW in module SHLWAPI.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.CreateFileW in module SspiCli.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernelbase.dll.GetProcAddress in module SspiCli.dll process 5572 by C:\windows\system32\apphelp.dll
IAT Patched kernel32.dll.RegOpenKeyExA in module SspiCli.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegSetValueExW in module SspiCli.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegCreateKeyExW in module SspiCli.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegOpenKeyExW in module SspiCli.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched ADVAPI32.dll.RegOpenKeyExA in module urlmon.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched ADVAPI32.dll.RegSetValueExA in module urlmon.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched ADVAPI32.dll.RegCreateKeyA in module urlmon.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched ADVAPI32.dll.RegOpenKeyExW in module urlmon.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched ADVAPI32.dll.RegCreateKeyExA in module urlmon.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched ADVAPI32.dll.RegSetValueExW in module urlmon.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched ADVAPI32.dll.RegCreateKeyExW in module urlmon.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched ADVAPI32.dll.RegDeleteValueA in module urlmon.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched ADVAPI32.dll.RegDeleteValueW in module urlmon.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.DeleteFileW in module urlmon.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.CopyFileA in module urlmon.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.DeleteFileA in module urlmon.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.CreateFileA in module urlmon.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.SetFileAttributesA in module urlmon.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.GetProcAddress in module urlmon.dll process 5572 by C:\windows\system32\apphelp.dll
IAT Patched KERNEL32.dll.CreateFileW in module urlmon.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.RegOpenKeyExW in module USER32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.RegSetValueExW in module USER32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.RegCreateKeyExW in module USER32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.GetProcAddress in module USER32.dll process 5572 by C:\windows\system32\apphelp.dll
IAT Patched KERNEL32.dll.CreateFileW in module USER32.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.DeleteFileW in module USERENV.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.CreateFileW in module USERENV.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.SetFileAttributesW in module USERENV.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernelbase.dll.GetProcAddress in module USERENV.dll process 5572 by C:\windows\system32\apphelp.dll
IAT Patched kernel32.dll.RegOpenKeyExW in module USERENV.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.MoveFileExW in module USERENV.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.PrivCopyFileExW in module USERENV.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.CreateFileA in module USP10.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.GetProcAddress in module USP10.dll process 5572 by C:\windows\system32\apphelp.dll
IAT Patched KERNEL32.dll.CreateFileW in module USP10.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegOpenKeyExW in module UxTheme.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegSetValueExW in module UxTheme.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegCreateKeyExW in module UxTheme.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.RegDeleteValueW in module UxTheme.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.GetProcAddress in module UxTheme.dll process 5572 by C:\windows\system32\apphelp.dll
IAT Patched KERNEL32.dll.CreateFileW in module UxTheme.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll._lopen in module VERSION.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll._lwrite in module VERSION.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.GetProcAddress in module VERSION.dll process 5572 by C:\windows\system32\apphelp.dll
IAT Patched KERNEL32.dll._lcreat in module VERSION.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.DeleteFileA in module VERSION.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.CreateFileW in module VERSION.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.MoveFileW in module VERSION.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.DeleteFileW in module VERSION.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched ADVAPI32.dll.RegCreateKeyExW in module WININET.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched ADVAPI32.dll.RegDeleteValueW in module WININET.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched ADVAPI32.dll.RegSetValueExW in module WININET.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched ADVAPI32.dll.RegDeleteValueA in module WININET.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched ADVAPI32.dll.RegOpenKeyExW in module WININET.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched ADVAPI32.dll.RegCreateKeyExA in module WININET.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched ADVAPI32.dll.RegSetValueExA in module WININET.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched ADVAPI32.dll.RegOpenKeyExA in module WININET.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.CopyFileA in module WININET.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.MoveFileExW in module WININET.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.MoveFileW in module WININET.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.MoveFileA in module WININET.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.SetFileAttributesA in module WININET.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.DeleteFileW in module WININET.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.SetFileAttributesW in module WININET.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.MoveFileExA in module WININET.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.GetProcAddress in module WININET.dll process 5572 by C:\windows\system32\apphelp.dll
IAT Patched KERNEL32.dll.CreateFileA in module WININET.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.CreateFileW in module WININET.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.DeleteFileA in module WININET.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegSetValueExW in module WINMM.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegCreateKeyExW in module WINMM.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegOpenKeyExW in module WINMM.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.MoveFileW in module WINMM.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.DeleteFileW in module WINMM.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll._lwrite in module WINMM.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.GetProcAddress in module WINMM.dll process 5572 by C:\windows\system32\apphelp.dll
IAT Patched KERNEL32.dll.CreateFileW in module WINMM.dll process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegCreateKeyExW in module WINSPOOL.DRV process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegDeleteValueW in module WINSPOOL.DRV process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegSetValueExW in module WINSPOOL.DRV process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched kernel32.dll.RegOpenKeyExW in module WINSPOOL.DRV process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.DeleteFileW in module WINSPOOL.DRV process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.MoveFileExW in module WINSPOOL.DRV process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.SetFileAttributesW in module WINSPOOL.DRV process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.CopyFileW in module WINSPOOL.DRV process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.CreateFileW in module WINSPOOL.DRV process 5572 by C:\windows\AppPatch\AcGenral.DLL
IAT Patched KERNEL32.dll.GetProcAddress in module WINSPOOL.DRV process 5572 by C:\windows\system32\apphelp.dll

4 комментария:

  1. http://kitrap08.blogspot.com/2011/01/shim-engine.html

    ОтветитьУдалить
  2. ви хочете скозать что даже в w7 инсталлятор msi поддерживает совместимость с более античными версиями windows ?

    ОтветитьУдалить
  3. Ну это фича не инсталятора, а PE лоадера, в данном конкретном случае надо смотреть что оно там наперехватывало и зачем... Там окромя shim'a в лоадере еще похожая штука есть, application verifier, также можно зарегистрировать свои дллки, которые похучат IAT любого выбранного приложения( указывается в реестре ) своими ф-циями. Весело наверно детектирующим прогам это дело поддерживать :)

    ОтветитьУдалить
  4. про app verifier я в курсе
    а из shim модулей видел пока живьем только IEShims.dll от ie8

    ОтветитьУдалить