Verdacht auf Trojanerbefall nach Malwarebytes Log
Ich habe gerade eben einen Malwarebytes Scan durchlaufen lassen und habe eine verdächtige Datei gefunden. Allerdings gibt VIrustotal die Datei nicht als gefährlich heraus. Anbei die Logs. Ist irgendetwas auffälliges dort zu finden? Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:18:24, on 09.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\McAfee\Common Framework\FrameworkService.exe
C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\McAfee\Common Framework\UdaterUI.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Programme\McAfee\Common Framework\McTray.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\pdf24\PDFBackend.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\OpenOffice.org 3\program\soffice.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programme\OpenOffice.org 3\program\soffice.bin
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Mozilla Thunderbird\thunderbird.exe
C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Asz.Citavi.IEPicker.IEPickerButton - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\WINDOWS\system32\mscoree.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programme\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PDFPrint] "C:\Programme\pdf24\PDFBackend.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: &Citavi Picker... - file://C:\Programme\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Citavi Picker - {619D670F-B735-4da7-AC6D-F3BD358E325E} - C:\WINDOWS\system32\mscoree.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204704572968
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HauppaugeTVServer - Unknown owner - C:\PROGRA~1\WinTV\HCWTVS~1.EXE (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Programme\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
--
End of file - 8698 bytes
Code:
Malwarebytes' Anti-Malware 1.31
Datenbank Version: 1477
Windows 5.1.2600 Service Pack 3
09.12.2008 13:15:16
mbam-log-2008-12-09 (13-15-12).txt
Scan-Methode: Quick-Scan
Durchsuchte Objekte: 51134
Laufzeit: 4 minute(s), 21 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\WINDOWS\system32\syssetub.dll (Trojan.Agent) -> No action taken.
Und hier das Ergebnis der Datei bei Virustotal: Code:
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.12.8.1 2008.12.09 -
AntiVir 7.9.0.43 2008.12.09 -
Authentium 5.1.0.4 2008.12.08 -
Avast 4.8.1281.0 2008.12.08 -
AVG 8.0.0.199 2008.12.09 -
BitDefender 7.2 2008.12.09 -
CAT-QuickHeal 10.00 2008.12.09 -
ClamAV 0.94.1 2008.12.09 -
Comodo 713 2008.12.09 -
DrWeb 4.44.0.09170 2008.12.09 -
eSafe 7.0.17.0 2008.12.09 -
eTrust-Vet 31.6.6246 2008.12.05 -
Ewido 4.0 2008.12.08 -
F-Prot 4.4.4.56 2008.12.08 -
F-Secure 8.0.14332.0 2008.12.09 -
Fortinet 3.117.0.0 2008.12.09 -
GData 19 2008.12.09 -
Ikarus T3.1.1.45.0 2008.12.08 -
K7AntiVirus 7.10.549 2008.12.09 -
Kaspersky 7.0.0.125 2008.12.09 -
McAfee 5458 2008.12.08 -
McAfee+Artemis 5458 2008.12.09 -
Microsoft 1.4205 2008.12.09 -
NOD32 3676 2008.12.09 -
Norman 5.80.02 2008.12.08 -
Panda 9.0.0.4 2008.12.08 -
PCTools 4.4.2.0 2008.12.09 -
Prevx1 V2 2008.12.09 -
Rising 21.07.12.00 2008.12.09 -
SecureWeb-Gateway 6.7.6 2008.12.09 -
Sophos 4.36.0 2008.12.09 -
Sunbelt 3.1.1832.2 2008.12.01 -
Symantec 10 2008.12.09 -
TheHacker 6.3.1.2.180 2008.12.09 -
TrendMicro 8.700.0.1004 2008.12.09 -
VBA32 3.12.8.10 2008.12.09 -
ViRobot 2008.12.9.1509 2008.12.09 -
VirusBuster 4.5.11.0 2008.12.08 -
weitere Informationen
File size: 998912 bytes
MD5...: d70e57f2d7bd5bd0d06964ca8e2704d2
SHA1..: 927aca4225fcd434f102231b64a70f81ff05cbb3
SHA256: 2d103524fa1465b8d9f456b9d7f66f700d9659fa0d7f0e15924325ebd0b10c88
SHA512: 52d6448affb030684b007a190e19a4c00e856e68162e8f7cf03092e2a1eb1060
8e32f7175b49703749a2394d97af316a1b36dd349ef3e8c8c111307e48ae9d53
ssdeep: 24576:Ba77n+HaluLMnzE32b558kTx0IIXwSsh3/W:Ba7z+PLWKuvISh3O
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (80.9%)
Win32 Executable Generic (8.0%)
Win32 Dynamic Link Library (generic) (7.1%)
Generic Win/DOS Executable (1.8%)
DOS Executable Generic (1.8%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x5bdd4d10
timedatestamp.....: 0x41109755 (Wed Aug 04 07:59:17 2004)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x7d73c 0x7d800 6.30 e0a8aef4ffadc3d12430233dfe546960
.data 0x7f000 0xa2dc 0x2c00 3.95 d8df1d092c5efc45a97263ffb3611593
.rsrc 0x8a000 0x6bbbc 0x6bc00 5.61 324c8000371831ac581cbc96fb8c4783
.reloc 0xf6000 0x7866 0x7a00 6.20 bd640e7cdde1f5f62a85c520c21575af
( 16 imports )
> SETUPAPI.dll: pSetupAppendStringToMultiSz, pSetupSetNoDriverPrompts, SetupDiBuildClassInfoList, SetupDiGetClassDescriptionW, pSetupDiGetDeviceInfoContext, SetupGetFileQueueFlags, pSetupVerifyQueuedCatalogs, pSetupInfIsFromOemLocation, pSetupDiSetDeviceInfoContext, CMP_WaitNoPendingInstallEvents, SetupDiGetClassDevsExW, pSetupInfCacheBuild, SetupGetLineTextW, pSetupFree, CM_Open_Class_KeyW, SetupDiGetINFClassW, pSetupIsGuidNull, SetupDiClassGuidsFromNameW, pSetupQueryMultiSzValueToArray, pSetupSetArrayToMultiSzValue, SetupAddToSourceListW, SetupRemoveFromSourceListW, pSetupOutOfMemory, pSetupUnicodeToMultiByte, SetupInitDefaultQueueCallbackEx, SetupTermDefaultQueueCallback, SetupDefaultQueueCallbackW, pSetupStringFromGuid, pSetupRegistryDelnode, SetupInstallServicesFromInfSectionExW, pSetupInstallStopEx, SetupIterateCabinetW, pSetupGetRealSystemTime, pSetupOpenAndMapFileForRead, pSetupUnmapAndCloseFile, SetupScanFileQueueW, SetupPromptForDiskW, pSetupSetSystemSourcePath, SetupOpenAppendInfFileW, pSetupGetGlobalFlags, pSetupSetGlobalFlags, SetupQueueCopyW, SetupOpenFileQueue, SetupInstallFilesFromInfSectionW, SetupCommitFileQueueW, SetupCloseFileQueue, SetupGetInfInformationW, SetupGetSourceFileLocationW, SetupGetSourceInfoW, SetupDecompressOrCopyFileW, SetupQueryInfFileInformationW, pSetupGetFileTitle, pSetupVerifyFile, pSetupFreeStringArray, pSetupVerifyCatalogFile, pSetupGetCurrentDriverSigningPolicy, pSetupHandleFailedVerification, CM_Get_DevNode_Status, SetupDiCreateDeviceInfoW, SetupDiRegisterDeviceInfo, SetupDiDeleteDeviceInfo, CM_Get_Device_ID_ListW, CM_Get_Device_ID_List_SizeW, pSetupAcquireSCMLock, SetupGetLineCountW, SetupDiEnumDeviceInfo, SetupDiCreateDeviceInfoList, SetupDiGetDeviceInstanceIdW, SetupDiOpenDeviceInfoW, pSetupGetField, pSetupRetrieveServiceConfig, pSetupAddTagToGroupOrderListEntry, SetupGetFieldCount, SetupDiInstallDevice, SetupDiSetDeviceRegistryPropertyW, SetupInstallFromInfSectionW, SetupDiSelectBestCompatDrv, SetupFindNextMatchLineW, SetupOpenLog, SetupLogErrorW, SetupCloseLog, SetupDiSetSelectedDriverW, SetupDiEnumDriverInfoW, SetupDiGetDriverInstallParamsW, SetupDiSetDriverInstallParamsW, SetupDiCreateDevRegKeyW, SetupDiGetActualSectionToInstallW, SetupGetMultiSzFieldW, pSetupCenterWindowRelativeToParent, SetupGetIntField, SetupGetLineByIndexW, SetupDiGetClassDevsW, SetupDiEnumDeviceInterfaces, SetupDiGetDeviceInterfaceDetailW, CM_Get_Parent, SetupDiDestroyDeviceInfoList, pSetupEnablePrivilege, pSetupStringTableInitialize, SetupDiCallClassInstaller, SetupDiDestroyDriverInfoList, SetupDiGetSelectedDriverW, pSetupGuidFromString, SetupDiOpenDevRegKey, SetupCopyOEMInfW, SetupDiBuildDriverInfoList, SetupDiOpenClassRegKey, SetupDiInstallClassW, SetupDiGetDriverInfoDetailW, pSetupStringTableAddString, pSetupStringTableInitializeEx, SetupCloseInfFile, pSetupStringTableLookUpString, pSetupStringTableGetExtraData, pSetupDuplicateString, pSetupStringTableAddStringEx, pSetupStringTableDestroy, SetupOpenInfFileW, pSetupRealloc, SetupDiGetClassInstallParamsW, SetupDiSetClassInstallParamsW, SetupDiGetDeviceInstallParamsW, SetupDiSetDeviceInstallParamsW, SetupDiGetDeviceInfoListDetailW, SetupDiLoadClassIcon, SetupDiGetDeviceRegistryPropertyW, SetupFindFirstLineW, SetupGetStringFieldW, pSetupConcatenatePaths, SetupFindNextLine, pSetupMalloc, pSetupInstallCatalog
> ntdll.dll: NtOpenFile, NtSetSystemInformation, _strcmpi, RtlCopyUnicodeString, RtlEqualUnicodeString, RtlSubAuthorityCountSid, RtlLengthRequiredSid, RtlCopySid, RtlSubAuthoritySid, NtPowerInformation, RtlLockBootStatusData, RtlGetSetBootStatusData, RtlCreateBootStatusDataFile, RtlUnlockBootStatusData, NtDeviceIoControlFile, DbgPrintEx, NtQuerySystemInformation, NtCreateFile, NtOpenKey, NtQueryValueKey, RtlIntegerToUnicodeString, RtlEqualSid, RtlNtStatusToDosError, VerSetConditionMask, NtQuerySystemEnvironmentValue, RtlInitializeSid, NtQuerySymbolicLinkObject, NtClose, RtlUnwind, NtOpenEvent, NtCreateEvent, RtlImageNtHeader, DbgBreakPoint, NtSetSystemEnvironmentValue, NtOpenDirectoryObject, NtQueryDirectoryObject, RtlAppendUnicodeStringToString, RtlInitUnicodeString, NtOpenSymbolicLinkObject
> GDI32.dll: SetTextColor, GetDeviceCaps, AddFontResourceW, GetStockObject, CreateFontIndirectW, SelectObject, StretchDIBits, CreateCompatibleDC, GetObjectW, SetBkColor, GetTextExtentPointW, BitBlt, DeleteDC, DeleteObject, SetStretchBltMode, SetBkMode, CreateDIBSection
> KERNEL32.dll: GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, VirtualProtect, VirtualQuery, InterlockedExchange, VirtualAlloc, EnterCriticalSection, LeaveCriticalSection, VirtualFree, HeapCreate, HeapDestroy, GetEnvironmentStrings, FreeEnvironmentStringsA, GetModuleFileNameA, DeleteCriticalSection, GetStartupInfoA, GetFileType, GetStdHandle, SetHandleCount, TlsAlloc, TlsGetValue, TlsFree, GetModuleHandleA, HeapReAlloc, GetVersionExA, GetCommandLineA, TlsSetValue, lstrcpynA, LocalReAlloc, UnhandledExceptionFilter, GetCurrentProcessId, QueryPerformanceCounter, FindResourceW, LoadResource, LockResource, GetLogicalDriveStringsW, GlobalMemoryStatusEx, MoveFileW, lstrcpyA, lstrcmpiA, SetThreadLocale, TerminateThread, GetThreadLocale, SetThreadExecutionState, SetComputerNameExW, GetLogicalDrives, IsDebuggerPresent, ExitThread, ExitProcess, CreateEventW, CreateNamedPipeW, SetEvent, ConnectNamedPipe, DisconnectNamedPipe, GetACP, SearchPathW, GetSystemTime, OpenEventW, CopyFileA, DeleteFileA, GetSystemTimeAsFileTime, GetTickCount, LoadLibraryExW, LoadLibraryA, GlobalAlloc, GlobalFree, InitializeCriticalSection, SetUserGeoID, GetUserGeoID, EnumSystemGeoID, GetUserDefaultLCID, EnumSystemLocalesW, GetLocaleInfoW, IsValidLocale, DnsHostnameToComputerNameW, GetModuleHandleW, GetVersion, FreeLibraryAndExitThread, ReleaseMutex, CreateMutexW, lstrlenA, GetPrivateProfileIntW, GetGeoInfoW, GetOEMCP, WaitForSingleObjectEx, RemoveDirectoryW, GetStartupInfoW, GetTempPathW, CopyFileW, CreateFileMappingW, MapViewOfFile, MoveFileExW, GetModuleFileNameW, GetLocalTime, WideCharToMultiByte, OutputDebugStringW, SetUnhandledExceptionFilter, GetFullPathNameW, GetCurrentDirectoryW, SetCurrentDirectoryW, CreateActCtxW, SetEnvironmentVariableW, CreateDirectoryW, FindNextFileW, GetTempFileNameW, RaiseException, LocalSize, WritePrivateProfileStringW, GetSystemInfo, FormatMessageW, GetFileAttributesW, lstrcmpW, LocalAlloc, GetExitCodeThread, GetCPInfo, LocalFree, GetCurrentThreadId, CreateThread, SetTimeZoneInformation, Sleep, GetDriveTypeW, SetErrorMode, GetFileSize, SetFilePointer, ReadFile, MultiByteToWideChar, FlushFileBuffers, VerifyVersionInfoW, DuplicateHandle, ExpandEnvironmentStringsW, GetLocaleInfoA, CreateProcessW, WaitForSingleObject, GetWindowsDirectoryA, EnumSystemLocalesA, IsValidCodePage, SetStdHandle, CreateFileA, SetEndOfFile, lstrcmpA, GetFullPathNameA, CreateEventA, IsDBCSLeadByte, FormatMessageA, CompareStringW, UnmapViewOfFile, _lwrite, _lcreat, SetFileAttributesA, _lclose, _lread, _llseek, _lopen, GetCurrentThread, SetThreadAffinityMask, GetProcessAffinityMask, GetCurrentProcess, InterlockedIncrement, GetProcAddress, LoadLibraryW, GetPrivateProfileStringW, FreeLibrary, DeleteFileW, SetFileAttributesW, GetWindowsDirectoryW, HeapFree, HeapAlloc, GetProcessHeap, lstrcatW, FindClose, FindFirstFileW, QueryDosDeviceW, CloseHandle, GetLastError, DeviceIoControl, CreateFileW, lstrlenW, GetVolumeInformationW, GetSystemDirectoryW, lstrcpyW, lstrcpynW, GetSystemWindowsDirectoryW, lstrcmpiW, SetLastError, GetDiskFreeSpaceW, GetTimeZoneInformation, GetVersionExW, GetEnvironmentVariableW, GetComputerNameW, WriteFile, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetExitCodeProcess, TerminateProcess
> POWRPROF.dll: SetActivePwrScheme
> USER32.dll: CharToOemA, GetSysColorBrush, wsprintfA, IsDlgButtonChecked, SendMessageW, SetWindowLongW, CheckRadioButton, PostMessageW, GetParent, EnableWindow, GetDlgItem, CheckDlgButton, LoadStringW, SetDlgItemTextW, DestroyIcon, SendDlgItemMessageW, WinHelpW, wsprintfW, CharLowerW, EndDialog, LoadBitmapW, LoadCursorW, PostThreadMessageW, ShowCursor, SetCursor, DialogBoxParamW, IsWindow, SetFocus, SetTimer, KillTimer, DispatchMessageW, GetMessageW, CharUpperBuffW, GetWindowLongW, LoadIconW, MessageBoxW, CharUpperW, EndPaint, GetClientRect, GetSysColor, DrawTextW, GetSystemMetrics, BeginPaint, DefWindowProcW, UnregisterClassW, RegisterClassW, MsgWaitForMultipleObjects, SetForegroundWindow, SetWindowTextW, ReleaseDC, GetDC, LoadImageW, PostQuitMessage, DestroyWindow, RegisterHotKey, SetShellWindow, ShowWindow, CreateWindowExW, PeekMessageW, WaitMessage, GetKeyboardLayout, GetDlgItemTextW, wvsprintfW, ChangeDisplaySettingsW, EnumDisplaySettingsW, CallWindowProcW, GetDlgCtrlID, UpdateWindow, InvalidateRect, CharUpperA, SendMessageTimeoutW, wvsprintfA, MoveWindow, ClientToScreen, GetWindowRect, GetDesktopWindow, GetAsyncKeyState, GetActiveWindow, FillRect, SetActiveWindow, SetWindowPos, EnableMenuItem, GetSystemMenu, MessageBoxA
> VERSION.dll: GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
> sfc.dll: -
> sfcfiles.dll: SfcGetFiles
> SHLWAPI.dll: SHDeleteKeyW, StrCmpNIW, StrTrimW, wvnsprintfW
> CRYPTUI.dll: I_CryptUIProtect
> NETAPI32.dll: NetApiBufferFree, NetGetJoinInformation, NetUserSetInfo, NetUserGetInfo, NetpNtStatusToApiStatus
> RPCRT4.dll: UuidToStringW, UuidFromStringW, UuidCreate, RpcBindingFromStringBindingW, RpcStringBindingComposeW, RpcBindingFree, NdrClientCall2, RpcStringFreeW
> urlmon.dll: CoInternetParseUrl
> IMM32.dll: ImmAssociateContext
> WINTRUST.dll: CryptCATClose, CryptCATEnumerateCatAttr, CryptCATAdminAcquireContext, CryptCATAdminRemoveCatalog, CryptCATAdminReleaseContext, IsCatalogFile, CryptCATOpen
( 87 exports )
AsrAddSifEntryA, AsrAddSifEntryW, AsrCreateStateFileA, AsrCreateStateFileW, AsrFreeContext, AsrRestorePlugPlayRegistryData, AsrpGetLocalDiskInfo, AsrpGetLocalVolumeInfo, AsrpRestoreNonCriticalDisksW, CdromPropPageProvider, ComputerClassInstaller, CreateLocalAdminAccount, CreateLocalAdminAccountEx, CreateLocalUserAccount, CriticalDeviceCoInstaller, DevInstallW, DeviceBayClassInstaller, DiskPropPageProvider, DoInstallComponentInfs, EisaUpHalCoInstaller, EisaUpHalPropPageProvider, GenerateName, HdcClassInstaller, InitializeSetupLog, InstallWindowsNt, InvokeExternalApplicationEx, KeyboardClassInstaller, LegacyDriverPropPageProvider, MigrateExceptionPackages, MouseClassInstaller, NtApmClassInstaller, OpkCheckVersion, PS2MousePropPageProvider, PnPInitializationThread, PrepareForAudit, RepairStartMenuItems, ReportError, RunOEMExtraTasks, ScsiClassInstaller, SetAccountsDomainSid, SetupAddOrRemoveTestCertificate, SetupChangeFontSize, SetupChangeLocale, SetupChangeLocaleEx, SetupCreateOptionalComponentsPage, SetupDestroyLanguageList, SetupDestroyPhoneList, SetupEnumerateRegisteredOsComponents, SetupExtendPartition, SetupGetGeoOptions, SetupGetKeyboardOptions, SetupGetLocaleOptions, SetupGetProductType, SetupGetSetupInfo, SetupGetValidEula, SetupInfObjectInstallActionW, SetupInstallCatalog, SetupMapTapiToIso, SetupOobeBnk, SetupOobeCleanup, SetupOobeInitDebugLog, SetupOobeInitPostServices, SetupOobeInitPreServices, SetupPidGen3, SetupQueryRegisteredOsComponent, SetupQueryRegisteredOsComponentsOrder, SetupReadPhoneList, SetupRegisterOsComponent, SetupSetAdminPassword, SetupSetDisplay, SetupSetIntlOptions, SetupSetRegisteredOsComponentsOrder, SetupSetSetupInfo, SetupShellSettings, SetupStartService, SetupUnRegisterOsComponent, StorageCoInstaller, SystemUpdateUserProfileDirectory, TapeClassInstaller, TapePropPageProvider, TerminateSetupLog, UpdatePnpDeviceDrivers, UpgradePrinters, ViewSetupActionLog, VolumeClassInstaller, pSetupDebugPrint, pSetuplogSfcError
|
