ist ja nichts passiert.:)
C:\WINDOWS\system32\drivers\aswFsBlk.sys Code:
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.4.4.1 2008.04.04 -
AntiVir 7.6.0.81 2008.04.04 -
Authentium 4.93.8 2008.04.05 -
Avast 4.7.1098.0 2008.04.04 -
AVG 7.5.0.516 2008.04.05 -
BitDefender 7.2 2008.04.05 -
CAT-QuickHeal 9.50 2008.04.05 -
ClamAV 0.92.1 2008.04.05 -
DrWeb 4.44.0.09170 2008.04.05 -
eSafe 7.0.15.0 2008.04.01 -
eTrust-Vet 31.3.5672 2008.04.04 -
Ewido 4.0 2008.04.05 -
F-Prot 4.4.2.54 2008.04.05 -
F-Secure 6.70.13260.0 2008.04.05 -
FileAdvisor 1 2008.04.05 -
Fortinet 3.14.0.0 2008.04.05 -
Ikarus T3.1.1.20 2008.04.05 -
Kaspersky 7.0.0.125 2008.04.05 -
McAfee 5267 2008.04.04 -
Microsoft 1.3408 2008.04.05 -
NOD32v2 3004 2008.04.05 -
Norman 5.80.02 2008.04.04 -
Panda 9.0.0.4 2008.04.04 -
Prevx1 V2 2008.04.05 -
Rising 20.38.60.00 2008.04.03 -
Sophos 4.28.0 2008.04.05 -
Sunbelt 3.0.1032.0 2008.04.05 -
Symantec 10 2008.04.05 -
TheHacker 6.2.92.265 2008.04.04 -
VBA32 3.12.6.3 2008.03.25 -
VirusBuster 4.3.26:9 2008.04.04 -
Webwasher-Gateway 6.6.2 2008.04.04 -
weitere Informationen
File size: 20560 bytes
MD5...: 838255d6ef1ca0a4f6b076f6d3425850
SHA1..: 3ad2d88fb8b9613ffe2d3b1702ce347aa28270d2
SHA256: ecac78a92ce6b8217a46b9c5942928b69d21f8194d3bf8fdfe98e7644e69dabb
SHA512: ad7e743d208f01625fea341735fb13c846ade71e7409b2d9d3c01a7178da1c40
9d5dc64763fc760abfe37d14d751996224baef2334032811237949f66ab06b16
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x15236
timedatestamp.....: 0x47ed2e12 (Fri Mar 28 17:42:42 2008)
machinetype.......: 0x14c (I386)
( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x92c 0xa00 5.88 3d271a0b041b181504f8d37dff9e3dc9
.rdata 0x2000 0x444 0x600 3.43 1062f3bc29e5338745953341210c68a5
.data 0x3000 0x3c4 0x400 3.32 9f450fa8f3ca40f199bcb2c4a8b3db3f
PAGE 0x4000 0xa76 0xc00 5.90 7ea255a6686d5742f8016fa223cc7fda
INIT 0x5000 0x88a 0xa00 5.12 9dc13f8664d6aa8df355f1f434491855
.rsrc 0x6000 0x3a0 0x400 3.12 9c2d8d62270aa1f46c3a8e6d5dd277c7
.reloc 0x7000 0x398 0x400 5.04 2fdcc4377a076802df288983f99ec708
( 2 imports )
> ntoskrnl.exe: memcpy, strncmp, ZwOpenKey, RtlAppendUnicodeToString, RtlAnsiStringToUnicodeString, RtlInitAnsiString, ObQueryNameString, KeTickCount, RtlUnwind, memmove, RtlFreeUnicodeString, wcschr, RtlAppendUnicodeStringToString, IoThreadToProcess, ExAllocatePoolWithTag, ExFreePoolWithTag, memset, RtlInitUnicodeString, IoGetDeviceObjectPointer, KeInitializeEvent, IoBuildDeviceIoControlRequest, ObfDereferenceObject, IofCallDriver, KeWaitForSingleObject, IoGetCurrentProcess, PsSetCreateProcessNotifyRoutine, ZwClose, KeBugCheckEx
> FLTMGR.SYS: FltGetFileNameInformation, FltParseFileNameInformation, FltReleaseFileNameInformation, FltGetStreamHandleContext, FltSetCallbackDataDirty, FltSupportsStreamHandleContexts, FltAllocateContext, FltSetStreamHandleContext, FltReleaseContext, FltGetRequestorProcessId, FltRegisterFilter, FltBuildDefaultSecurityDescriptor, FltCreateCommunicationPort, FltFreeSecurityDescriptor, FltStartFiltering, FltCloseClientPort, FltUnregisterFilter, FltGetDiskDeviceObject
( 0 exports )
packers: PE_Patch C:\WINDOWS\system32\drivers\aswSP.sys Code:
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.4.4.1 2008.04.04 -
AntiVir 7.6.0.81 2008.04.04 -
Authentium 4.93.8 2008.04.05 -
Avast 4.7.1098.0 2008.04.04 -
AVG 7.5.0.516 2008.04.05 -
BitDefender 7.2 2008.04.05 -
CAT-QuickHeal 9.50 2008.04.05 -
ClamAV 0.92.1 2008.04.05 -
DrWeb 4.44.0.09170 2008.04.05 -
eSafe 7.0.15.0 2008.04.01 -
eTrust-Vet 31.3.5672 2008.04.04 -
Ewido 4.0 2008.04.05 -
F-Prot 4.4.2.54 2008.04.05 -
F-Secure 6.70.13260.0 2008.04.05 -
FileAdvisor 1 2008.04.05 -
Fortinet 3.14.0.0 2008.04.05 -
Ikarus T3.1.1.20 2008.04.05 -
Kaspersky 7.0.0.125 2008.04.05 -
McAfee 5267 2008.04.04 -
Microsoft 1.3408 2008.04.05 -
NOD32v2 3004 2008.04.05 -
Norman 5.80.02 2008.04.04 -
Panda 9.0.0.4 2008.04.04 -
Prevx1 V2 2008.04.05 -
Rising 20.38.60.00 2008.04.03 -
Sophos 4.28.0 2008.04.05 -
Sunbelt 3.0.1032.0 2008.04.05 -
Symantec 10 2008.04.05 -
TheHacker 6.2.92.265 2008.04.04 -
VBA32 3.12.6.3 2008.03.25 -
VirusBuster 4.3.26:9 2008.04.04 -
Webwasher-Gateway 6.6.2 2008.04.04 -
weitere Informationen
File size: 75856 bytes
MD5...: 90dc7eda705abccb8db0d688fa415207
SHA1..: 917c51c51012695f296b1e0017907debac149b95
SHA256: 3911532e79af15b916e1ce2073628d786e2097860afc9bab06306ec661add682
SHA512: 1710d0b79b0cdb0c9b95b1ee81eeae901c9cc51bba1b978c760f5b3409eb415e
618cf8f4a9cc8ea5288bb45ab8e6fbe5094179db3556890e1ec9174786f320b4
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x23005
timedatestamp.....: 0x47ed2d83 (Fri Mar 28 17:40:19 2008)
machinetype.......: 0x14c (I386)
( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xdb74 0xdc00 6.56 baaeaaad6572c3187f617fbd9a4c7167
.rdata 0xf000 0xc44 0xe00 4.32 d8c5d8c4551a4bb552dcb7eac2a7e0c3
.data 0x10000 0x182c 0x200 3.50 7dc1e08346631e25c3709b4c77f72fe0
.crtdata 0x12000 0x30 0x200 0.49 9509f18c0b93a0ee1856429e76811dfa
INIT 0x13000 0x944 0xa00 5.46 105ab375b8219f0ca9e1dddc58addfbc
.rsrc 0x14000 0x378 0x400 3.00 44876fd2b2e021e0dfc9933b66389a69
.reloc 0x15000 0xc4e 0xe00 5.79 fe88a8f354c0071d8a972095d8d39e2e
( 1 imports )
> ntoskrnl.exe: ExFreePoolWithTag, ExAllocatePool, memcpy, MmMapLockedPages, IoDeleteDevice, RtlInitUnicodeString, strncmp, ObfDereferenceObject, ObReferenceObjectByName, IoDriverObjectType, IoCreateSymbolicLink, IoCreateDevice, _snwprintf, PsGetVersion, PsLookupProcessByProcessId, KeDetachProcess, ObReferenceObjectByHandle, IofCompleteRequest, _wcsnicmp, ZwClose, IoGetBaseFileSystemDeviceObject, ZwOpenFile, wcsncpy, ZwReadFile, ZwQueryInformationFile, ZwWriteFile, strncpy, NtClose, ObfReferenceObject, ZwSetInformationFile, ZwDeleteFile, KeWaitForSingleObject, IofCallDriver, RtlCompareUnicodeString, IoBuildSynchronousFsdRequest, KeClearEvent, KeInitializeEvent, IoGetDeviceObjectPointer, memset, IoGetCurrentProcess, _stricmp, ZwQuerySystemInformation, MmGetSystemRoutineAddress, KeDelayExecutionThread, RtlVolumeDeviceToDosName, wcschr, MmIsAddressValid, ExAllocatePoolWithTag, KeReleaseMutex, IoReleaseCancelSpinLock, IoAcquireCancelSpinLock, DbgPrint, PsGetCurrentProcessId, KeQuerySystemTime, _wcsicmp, KeSetEvent, KeInitializeMutex, MmMapLockedPagesSpecifyCache, MmBuildMdlForNonPagedPool, IoAllocateMdl, KeServiceDescriptorTable, NtBuildNumber, PsSetLoadImageNotifyRoutine, PsSetCreateProcessNotifyRoutine, IoThreadToProcess, ZwFreeVirtualMemory, ZwAllocateVirtualMemory, ZwCreateFile, ZwDuplicateObject, ProbeForRead, ExGetPreviousMode, RtlEqualUnicodeString, RtlUpcaseUnicodeChar, ZwQueryValueKey, ZwOpenKey, RtlAppendUnicodeToString, RtlCopyUnicodeString, ZwQueryInformationProcess, ZwQuerySymbolicLinkObject, ZwOpenSymbolicLinkObject, _purecall, PsThreadType, ObReferenceObjectByPointer, KeUnstackDetachProcess, KeStackAttachProcess, PsProcessType, _allmul, _aulldiv, KeTickCount, KeBugCheckEx, RtlUnwind, wcsncmp, KeAttachProcess
( 0 exports ) C:\WINDOWS\system32\aswBoot.exe Code:
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.4.4.1 2008.04.04 -
AntiVir 7.6.0.81 2008.04.04 -
Authentium 4.93.8 2008.04.05 -
Avast 4.7.1098.0 2008.04.04 -
AVG 7.5.0.516 2008.04.05 -
BitDefender 7.2 2008.04.05 -
CAT-QuickHeal 9.50 2008.04.05 -
ClamAV 0.92.1 2008.04.05 -
DrWeb 4.44.0.09170 2008.04.05 -
eSafe 7.0.15.0 2008.04.01 -
eTrust-Vet 31.3.5672 2008.04.04 -
Ewido 4.0 2008.04.05 -
F-Prot 4.4.2.54 2008.04.05 -
F-Secure 6.70.13260.0 2008.04.05 -
FileAdvisor 1 2008.04.05 -
Fortinet 3.14.0.0 2008.04.05 -
Ikarus T3.1.1.20 2008.04.05 -
Kaspersky 7.0.0.125 2008.04.05 -
McAfee 5267 2008.04.04 -
Microsoft 1.3408 2008.04.05 -
NOD32v2 3004 2008.04.05 -
Norman 5.80.02 2008.04.04 -
Panda 9.0.0.4 2008.04.04 -
Prevx1 V2 2008.04.05 -
Rising 20.38.60.00 2008.04.03 -
Sophos 4.28.0 2008.04.05 -
Sunbelt 3.0.1032.0 2008.04.05 -
Symantec 10 2008.04.05 -
TheHacker 6.2.92.265 2008.04.04 -
VBA32 3.12.6.3 2008.03.25 -
VirusBuster 4.3.26:9 2008.04.04 -
Webwasher-Gateway 6.6.2 2008.04.04 -
weitere Informationen
File size: 1146232 bytes
MD5...: 4108ed9980f581f502c1d72c0d7f77da
SHA1..: b4894fa11ebddb41ab5c61f5aba731a07fa17efe
SHA256: 768fafa656e91c7c6896f37f9a4470f4a9ea55291f886d6e2c8ae958f6894aab
SHA512: b3f0295c4a9f12c7d7800e74990ce50cf2903873fece68c1c50fbd1dccbc6e44
4e3f393a4e25bb6262d7d2aa9b0843141963dcecc1efafc86fd15950182d6d14
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1034420
timedatestamp.....: 0x47ed9274 (Sat Mar 29 00:51:00 2008)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x10f548 0x10f600 6.52 9b64f55c3b3d835a2af8495089050c21
.data 0x111000 0x2a48 0xc00 2.29 0b2716d4d3a27381e4431a1f3fcc7a6b
.rsrc 0x114000 0x368 0x400 2.93 8d192e227d9c5fe80fe21258bf7adb35
.reloc 0x115000 0x5cf0 0x5e00 5.72 597e66342fa67ef53779b341e56b6f8f
( 1 imports )
> ntdll.dll: memmove, wcslen, memchr, wcsncmp, RtlFreeAnsiString, RtlUnicodeStringToAnsiString, RtlInitUnicodeString, RtlFreeUnicodeString, NtDisplayString, RtlAnsiStringToUnicodeString, RtlInitAnsiString, NtClose, NtQueryValueKey, NtOpenKey, _wcsnicmp, wcschr, wcsrchr, RtlNtStatusToDosError, RtlLeaveCriticalSection, NtWriteFile, RtlEnterCriticalSection, NtCreateFile, wcscspn, NtFreeVirtualMemory, NtTerminateThread, NtWaitForSingleObject, NtSetEvent, sprintf, NtQuerySystemInformation, LdrUnloadDll, swprintf, _snwprintf, NtQuerySymbolicLinkObject, NtOpenSymbolicLinkObject, LdrAccessResource, LdrFindResource_U, RtlFindMessage, NtCreateThread, NtGetContextThread, NtAllocateVirtualMemory, NtCreateEvent, RtlTimeToTimeFields, RtlSystemTimeToLocalTime, RtlSecondsSince1970ToTime, towupper, wcscpy, LdrLoadDll, NtDelayExecution, NtQuerySystemTime, _wtoi, _wcsicmp, _ftol, NtSetInformationThread, NtSetInformationProcess, NtFlushBuffersFile, NtInitializeRegistry, NtTerminateProcess, NtShutdownSystem, RtlInitializeCriticalSection, RtlRandom, _strlwr, _strcmpi, _strnicmp, _strupr, strchr, strrchr, strstr, iswctype, wcsstr, RtlTimeToSecondsSince1970, RtlDeleteCriticalSection, NtResetEvent, NtCancelIoFile, NtWaitForMultipleObjects, NtReadFile, RtlOemStringToUnicodeString, NlsMbOemCodePageTag, _allmul, _chkstk, wcscmp, _aulldiv, RtlUnwind, RtlCreateHeap, RtlAllocateHeap, RtlReAllocateHeap, RtlFreeHeap, wcsncpy, _wcslwr, _aullrem, _alldiv, NtSetInformationFile, NtQueryInformationFile, NtDuplicateObject, NtQueryDirectoryFile, NtQueryFullAttributesFile, NtQueryAttributesFile, isalpha, NtOpenDirectoryObject, NtFsControlFile, NtQueryInformationThread, NtQueryInformationProcess, NtMapViewOfSection, NtCreateSection, NtUnmapViewOfSection, NtOpenSection, RtlUnicodeStringToOemString, LdrGetProcedureAddress, NtAdjustPrivilegesToken, RtlImpersonateSelf, NtOpenThreadToken, NtOpenProcessToken, RtlSetDaclSecurityDescriptor, RtlCreateSecurityDescriptor, NtCreateDirectoryObject, NtPulseEvent, NtProtectVirtualMemory, NtReadVirtualMemory, NtOpenProcess, _wcsupr, wcscat, _ultow, NtDeleteValueKey, NtFlushKey, NtSetValueKey, NtQueryPerformanceCounter, wcstoul, _itow, _allshl, strncpy, qsort, _wtoi64, strncmp, _i64tow, _aullshr, _allrem, tolower, isupper, islower, toupper, isdigit, _stricmp, strpbrk, atoi, _allshr, wcspbrk, NtDeviceIoControlFile, NtOpenFile, strtoul, NtResumeThread, NtSuspendThread, towlower, _alloca_probe
( 56 exports )
__0CDir@UFSD@@QAE@PAVCMemoryManager@1@PAVCStrings@1@@Z, __0CFSObject@UFSD@@QAE@PAVCMemoryManager@1@PAVCStrings@1@@Z, __0CFile@UFSD@@QAE@PAVCMemoryManager@1@PAVCStrings@1@@Z, __0CFileSystem@UFSD@@QAE@PAVCMemoryManager@1@PAVCStrings@1@PAVCTime@1@@Z, __0CMemBased@UFSD@@QAE@PAVCMemoryManager@1@@Z, __0CUFSD@UFSD@@QAE@PAVCMemoryManager@1@@Z, __1CDir@UFSD@@UAE@XZ, __1CFSObject@UFSD@@UAE@XZ, __1CFile@UFSD@@UAE@XZ, __1CMemBased@UFSD@@UAE@XZ, __2CMemBased@UFSD@@SAPAXIPAVCMemoryManager@1@@Z, __2CMemBased@UFSD@@SAPAXIPAX@Z, __3CMemBased@UFSD@@SAXPAX@Z, ___7CMemBased@UFSD@@6B@, ___7CUFSD@UFSD@@6B@, ___VCMemBased@UFSD@@SAXPAX@Z, _AllFClosed@CUFSD@UFSD@@QBE_NXZ, _DecReffCount@CFSObject@UFSD@@QAEXI@Z, _GetCookie@CFSObject@UFSD@@QBEIXZ, _GetCurrentDir@CFileSystem@UFSD@@QBEPAVCDir@2@XZ, _GetFileSystem@CUFSD@UFSD@@QBEPAVCFileSystem@2@XZ, _GetFirstOpenedDir@CDir@UFSD@@QBEPAV12@XZ, _GetFirstOpenedFile@CDir@UFSD@@QBEPAVCFile@2@XZ, _GetMemoryManager@CMemBased@UFSD@@QBEPAVCMemoryManager@2@XZ, _GetNext@CFSObject@UFSD@@QBEPAV12@XZ, _GetNext@CFile@UFSD@@QBEPAV12@XZ, _GetNextDir@CDir@UFSD@@QBEPAV12@XZ, _GetObjectType@CFSObject@UFSD@@QBE_AW4FSObjectType@12@XZ, _GetOpenFirstFound@CDir@UFSD@@QAE_AW4Open1stFound@2@XZ, _GetOpenFirstFound@CUFSD@UFSD@@QBE_AW4Open1stFound@2@XZ, _GetOptions@CFileSystem@UFSD@@QBEIXZ, _GetParent@CFSObject@UFSD@@QBEPAVCDir@2@XZ, _GetPrev@CFSObject@UFSD@@QBEPAV12@XZ, _GetPrev@CFile@UFSD@@QBEPAV12@XZ, _GetPrevDir@CDir@UFSD@@QBEPAV12@XZ, _GetReffCount@CFSObject@UFSD@@QBEIXZ, _GetRoot@CFileSystem@UFSD@@QBEPAVCDir@2@XZ, _GetStringManager@CUFSD@UFSD@@QBEPAVCStrings@2@XZ, _GetStrings@CFileSystem@UFSD@@QBEPAVCStrings@2@XZ, _GetTime@CFileSystem@UFSD@@QBEPAVCTime@2@XZ, _IncReffCount@CFSObject@UFSD@@QAEXI@Z, _SetCookie@CFSObject@UFSD@@QAEXI@Z, _SetCurrentDir@CFileSystem@UFSD@@QAEXPAVCDir@2@@Z, _SetFirstOpenedDir@CDir@UFSD@@QAEXPAV12@@Z, _SetFirstOpenedFile@CDir@UFSD@@QAEXPAVCFile@2@@Z, _SetNext@CFSObject@UFSD@@QAEXPAV12@@Z, _SetOpenFirstFound@CDir@UFSD@@QAEXW4Open1stFound@2@@Z, _SetOpenFirstFound@CUFSD@UFSD@@QAEXW4Open1stFound@2@@Z, _SetOptions@CFileSystem@UFSD@@QAEXI@Z, _SetParent@CFSObject@UFSD@@QAEXPAVCDir@2@@Z, _SetPrev@CFSObject@UFSD@@QAEXPAV12@@Z, _SetRoot@CFileSystem@UFSD@@QAEXPAVCDir@2@@Z, _calloc@CMemBased@UFSD@@QBEPAXII@Z, _free@CMemBased@UFSD@@QBEXPAX@Z, _malloc@CMemBased@UFSD@@QBEPAXI@Z, _memmove@CMemBased@UFSD@@QBEXPAXPBXI@Z C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe Code:
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.4.4.1 2008.04.04 -
AntiVir 7.6.0.81 2008.04.04 -
Authentium 4.93.8 2008.04.05 -
Avast 4.7.1098.0 2008.04.04 -
AVG 7.5.0.516 2008.04.05 -
BitDefender 7.2 2008.04.05 -
CAT-QuickHeal 9.50 2008.04.05 -
ClamAV 0.92.1 2008.04.05 -
DrWeb 4.44.0.09170 2008.04.05 -
eSafe 7.0.15.0 2008.04.01 -
eTrust-Vet 31.3.5672 2008.04.04 -
Ewido 4.0 2008.04.05 -
F-Prot 4.4.2.54 2008.04.05 -
F-Secure 6.70.13260.0 2008.04.05 -
FileAdvisor 1 2008.04.05 -
Fortinet 3.14.0.0 2008.04.05 -
Ikarus T3.1.1.20 2008.04.05 -
Kaspersky 7.0.0.125 2008.04.05 -
McAfee 5267 2008.04.04 -
Microsoft 1.3408 2008.04.05 -
NOD32v2 3004 2008.04.05 -
Norman 5.80.02 2008.04.04 -
Panda 9.0.0.4 2008.04.04 -
Prevx1 V2 2008.04.05 -
Rising 20.38.60.00 2008.04.03 -
Sophos 4.28.0 2008.04.05 -
Sunbelt 3.0.1032.0 2008.04.05 -
Symantec 10 2008.04.05 -
TheHacker 6.2.92.265 2008.04.04 -
VBA32 3.12.6.3 2008.03.25 -
VirusBuster 4.3.26:9 2008.04.04 -
Webwasher-Gateway 6.6.2 2008.04.04 -
weitere Informationen
File size: 59392 bytes
MD5...: 1b17e09c1223f6d17336d2dd7a1af4f4
SHA1..: 721dd499b30cc3643941eed4b449884bfc1777a5
SHA256: 06dfad95007532ccf46d593eedc2474936614aedcea7bf983e36dad22f850b08
SHA512: 12be5988f4451ca6037c3a145f73a598dcd4b5d57a7933b842e5273ed51138a5
797d4cc6cd8e8df4f8fe98d31dac5f6a65caf7124db3a3c4ead66aac973ef097
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1008443
timedatestamp.....: 0x3ca2cc95 (Thu Mar 28 07:56:05 2002)
machinetype.......: 0x14c (I386)
( 2 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xd84a 0xda00 6.66 11fa23e7edfeb3ee08e7e8b24061eec8
.data 0xf000 0x27b8 0xa00 2.26 fa256708e09685c7db28bff11fe34ac8
( 6 imports )
> ADVAPI32.dll: RegSetValueExA, RegCloseKey, RegOpenKeyA, RegQueryValueExA, RegEnumKeyExA, RegOpenKeyExA, RegQueryInfoKeyA, RegEnumValueA, RegCreateKeyExA, RegDeleteKeyA, RegDeleteValueA, RegSetKeySecurity, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, RegEnumKeyA, GetSidSubAuthority, GetSidSubAuthorityCount, GetSidIdentifierAuthority, IsValidSid, GetTokenInformation, OpenProcessToken
> KERNEL32.dll: CloseHandle, WriteFile, SetFilePointer, CreateFileA, lstrcatA, lstrcpynA, GetEnvironmentVariableA, lstrcpyA, GetFileAttributesA, MoveFileExA, FreeLibrary, GetProcAddress, LoadLibraryA, GetSystemDirectoryA, DeleteFileA, SetFileAttributesA, SystemTimeToFileTime, GetSystemTime, CopyFileA, ExpandEnvironmentStringsA, GetLastError, WaitForSingleObject, CreateProcessA, CreateDirectoryA, MoveFileA, lstrlenA, SetEnvironmentVariableA, GetWindowsDirectoryA, GetCurrentDirectoryA, GetCommandLineA, SetLastError, GetCurrentProcess, GetVersionExA, GetStartupInfoA, ExitProcess, GetModuleHandleA, GetStdHandle, GetModuleFileNameA, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, GetFileType, HeapDestroy, HeapCreate, VirtualFree, HeapFree, HeapAlloc, Sleep, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, LCMapStringA, MultiByteToWideChar, LCMapStringW, HeapSize, GetACP, GetOEMCP, GetCPInfo, HeapReAlloc, GetLocaleInfoA, GetStringTypeA, GetStringTypeW, RtlUnwind, SetStdHandle, ReadFile, FlushFileBuffers, CompareStringA, GetSystemDefaultLangID
> GDI32.dll: TextOutA
> USER32.dll: ReleaseDC, GetDC, SystemParametersInfoA, LoadKeyboardLayoutA, wsprintfA
> ole32.dll: CoCreateInstance, CoUninitialize, CoInitialize
> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA
( 0 exports ) |