Hallo zusammen,

mein Virenscan hat auf meinem Rechner den Trojaner "Trojan Horse Generic 10.VPD" gefunden, außerdem wurden die Dateien kernel32.dll, shell32.dll und ntoskrnl.dll verändert.

Was muss ich tun oder muss hier alles plattgemacht und neuinstalliert werden?
Im Folgenden habe ich noch das Log von HijackThis:

Code: Alles auswählenAufklappen

ATTFilter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:34, on 18.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Intel\Wireless\Bin\OProtSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Apoint2K\Apoint.exe
C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\Intel\Wireless\Bin\EOUWiz.exe
C:\Programme\Java\jre1.6.0_02\bin\jusched.exe
C:\Programme\QuickTime\QTTask.exe
C:\Programme\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Apoint2K\Apntex.exe
C:\Programme\Fujitsu Siemens\WinManager\WinManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat
C:\PROGRA~1\Grisoft\AVGFRE~1\avgvv.exe
C:\Programme\Alice\Signup\AliceCnn.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Java\jre1.6.0_02\bin\jucheck.exe
C:\Programme\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://alice.aol.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://alice.aol.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://www.arcor.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://alice.aol.de
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = h**p://global.acer.com/
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [EumexInst] "E:\Setup.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Programme\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1110412475-4168701361-813958858-1009\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: WinManager.lnk = C:\Programme\Fujitsu Siemens\WinManager\WinManager.exe
O8 - Extra context menu item: &Winamp Search - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Edit with &XML Spy - C:\Programme\Altova\xmlspy\spy.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Programme\Altova\xmlspy\spy.htm (HKCU)
O9 - Extra 'Tools' menuitem: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Programme\Altova\xmlspy\spy.htm (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F37B9E3-676B-44B9-BCD4-D2E8A7EDB42D}: NameServer = 213.191.74.18 62.109.123.196
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Programme\iPod\bin\iPodService.exe (file missing)
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Programme\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\Programme\Apache\Tomcat50\bin\tomcat5.exe

--
End of file - 7578 bytes
         

Würde mich sehr über eine Hilfe freuen!

Vielen Dank,

Sandra

Hi,

Das Log sieht soweit sauber aus.
Daher ist es wichtig, dass du:
a) Erstmal sagst wie das Programm heißt, dass du benutzt und dir den Virus meldet
b) du uns sagst wo der Downloader gefunden wurde
c) du die GENAUEN Fundmeldungen postest.
d) du die gesamten Pfade der Dateien angibst... kernel32.dll kann von Windows sein, muss aber nicht. Das hängt davon ob in welchem Ordner sie liegt.

Lade bitte außerdem noch die veränderten Dateien

Zitat:

kernel32.dll, shell32.dll und ntoskrnl.dll

bei virustotal hoch und poste die Ergebnisse hier.
(Wenn du die Datei hochlädst und oben auf der Seite Die Datei wurde bereits analysiert: erscheint. Klicke bitte unten auf den Link neben Permalink: und poste den Inhalt der erscheinenden Seite.)

lg myrtille

Virusprogramm: AVG 7.5.0.506

Das ist, was das Programm zu diesem Virus ausgibt:

Object Path: C:\Dokumente und Einstellungen\All Users\Dokumente\
Object name: lyx-1.4.1_win32_setup_v1.exe
Discovery: Trojan Horse Generic 10.VPD
File Size: 8.4 MB

Pfade zu Dateien:
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\shell32.dll
C:\WINDOWS\system32\ntoskrnl.dll

Die Auswertung von VirusTotal sind sehr lang, soll ich die einzeln schicken?

Gruss,

Sandra

Kurzer Nachtrag:

die letzte Datei ist eine .exe und keine .dll:

C:\WINDOWS\system32\ntoskrnl.exe

Hi,
ja poste die Auswertungen bitte nacheinander. Lass auch die bemängelte Datei

Zitat:

C:\Dokumente und Einstellungen\All Users\Dokumente\lyx-1.4.1_win32_setup_v1.exe

bei virustotal auswerten.

Kennst du die Datei? Hast du sie ausgeführt? Stammt sie von einer Webseite? Hast du den Link noch?

lg myrtille

1. Auswertung kernel32.dll

Code: Alles auswählenAufklappen

ATTFilter

Keine Ergebnisse bei den Virenprogrammen
File size: 1058304 bytes
MD5...: 8eea8280a1e0e794edfccad3721c7cab
SHA1..: fc0460baa69f17dabc752ef5995c98866062cfc2
SHA256: b86323d11389c2c13492ffabdef46c1afcc49cb19f62926a5f33b55fe521b7c2
SHA512: 35e142cfd8286ebb86d1e68b10cd881acbb823c7ed746ebcc3f530ed41ff5a97
c81eb7f16d8eabc09760e7a9a4680745fa66849e2756d5a9088c1eba2b05a2ff
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x7c80b5ae
timedatestamp.....: 0x46239be1 (Mon Apr 16 15:53:05 2007)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x82111 0x82200 6.67 7a5d54edc093ecf62412b0810215b7b1
.data 0x84000 0x43a0 0x2400 0.59 812f89bacee15996f8a2ae3eab48f42b
.rsrc 0x89000 0x77ec8 0x78000 3.46 388fc64ca1c58d76010e7b96d6c976a1
.reloc 0x101000 0x5bec 0x5c00 6.64 99c4e30af015bfb0ecf448d27654df37
( 1 imports )
> ntdll.dll: _wcsnicmp, NtFsControlFile, NtCreateFile, RtlAllocateHeap, 
RtlFreeHeap, NtOpenFile, NtQueryInformationFile, NtQueryEaFile, 
RtlLengthSecurityDescriptor, NtQuerySecurityObject, NtSetEaFile, 
NtSetSecurityObject, NtSetInformationFile, CsrClientCallServer, 
NtDeviceIoControlFile, NtClose, RtlInitUnicodeString, wcscspn, 
RtlUnicodeToMultiByteSize, wcslen, _memicmp, memmove, NtQueryValueKey, 
NtOpenKey, NtFlushKey, NtSetValueKey, NtCreateKey, RtlNtStatusToDosError,
 RtlFreeUnicodeString, RtlDnsHostNameToComputerName, wcsncpy, 
RtlUnicodeStringToAnsiString, RtlxUnicodeStringToAnsiSize, 
NlsMbCodePageTag, RtlAnsiStringToUnicodeString, RtlInitAnsiString, 
RtlCreateUnicodeStringFromAsciiz, wcschr, wcsstr, RtlPrefixString, _wcsicmp,
 RtlGetFullPathName_U, RtlGetCurrentDirectory_U, NtQueryInformationProcess
, RtlUnicodeStringToOemString, RtlReleasePebLock, RtlEqualUnicodeString, 
RtlAcquirePebLock, RtlFreeAnsiString, RtlSetCurrentDirectory_U, 
RtlTimeToTimeFields, NtSetSystemTime, RtlTimeFieldsToTime, 
NtQuerySystemInformation, RtlSetTimeZoneInformation, 
NtSetSystemInformation, RtlCutoverTimeToSystemTime, _allmul, DbgBreakPoint, RtlFreeSid, RtlSetDaclSecurityDescriptor, 
RtlCreateSecurityDescriptor, RtlAddAccessAllowedAce, RtlCreateAcl, 
RtlLengthSid, RtlAllocateAndInitializeSid, DbgPrint, NtOpenProcess, 
CsrGetProcessId, DbgUiDebugActiveProcess, DbgUiConnectToDbg, 
DbgUiIssueRemoteBreakin, NtSetInformationDebugObject, 
DbgUiGetThreadDebugObject, NtQueryInformationThread, 
DbgUiConvertStateChangeStructure, DbgUiWaitStateChange, DbgUiContinue, 
DbgUiStopDebugging, RtlDosPathNameToNtPathName_U, 
RtlIsDosDeviceName_U, RtlCreateAtomTable, NtAddAtom, 
RtlAddAtomToAtomTable, NtFindAtom, RtlLookupAtomInAtomTable, 
NtDeleteAtom, RtlDeleteAtomFromAtomTable, NtQueryInformationAtom, 
RtlQueryAtomInAtomTable, RtlOemStringToUnicodeString, 
RtlMultiByteToUnicodeN, RtlUnicodeToMultiByteN, RtlMultiByteToUnicodeSize, 
RtlPrefixUnicodeString, RtlLeaveCriticalSection, RtlEnterCriticalSection, 
NtEnumerateValueKey, RtlIsTextUnicode, NtReadFile, NtAllocateVirtualMemory
, NtUnlockFile, NtLockFile, RtlAppendUnicodeStringToString, 
RtlAppendUnicodeToString, RtlCopyUnicodeString, NtFreeVirtualMemory, 
NtWriteFile, RtlCreateUnicodeString, RtlFormatCurrentUserKeyPath, 
RtlGetLongestNtPathLength, NtDuplicateObject, NtQueryKey, 
NtEnumerateKey, NtDeleteValueKey, RtlEqualString, CsrFreeCaptureBuffer, 
CsrCaptureMessageString, CsrAllocateCaptureBuffer, strncpy, 
RtlCharToInteger, RtlUpcaseUnicodeChar, RtlUpcaseUnicodeString, 
CsrAllocateMessagePointer, NtQueryObject, wcscmp, RtlCompareMemory, 
NtQueryDirectoryObject, NtQuerySymbolicLinkObject, 
NtOpenSymbolicLinkObject, NtOpenDirectoryObject, NtCreateIoCompletion, 
NtSetIoCompletion, NtRemoveIoCompletion, NtSetInformationProcess, 
NtQueryDirectoryFile, RtlDeleteCriticalSection, NtNotifyChangeDirectoryFile, 
NtWaitForSingleObject, RtlInitializeCriticalSection, 
NtQueryVolumeInformationFile, NtFlushBuffersFile, 
RtlDeactivateActivationContextUnsafeFast, 
RtlActivateActivationContextUnsafeFast, NtCancelIoFile, NtReadFileScatter, 
NtWriteFileGather, wcscpy, NtOpenSection, NtMapViewOfSection, 
NtFlushVirtualMemory, RtlFlushSecureMemoryCache, NtUnmapViewOfSection, 
NtCreateSection, NtQueryFullAttributesFile, swprintf, NtQueryAttributesFile, 
RtlDetermineDosPathNameType_U, NtRaiseHardError, 
NtQuerySystemEnvironmentValueEx, RtlGUIDFromString, 
NtSetSystemEnvironmentValueEx, RtlInitString, RtlUnlockHeap, 
RtlSetUserValueHeap, RtlFreeHandle, RtlAllocateHandle, RtlLockHeap, 
RtlSizeHeap, RtlGetUserInfoHeap, RtlReAllocateHeap, RtlIsValidHandle, 
RtlCompactHeap, RtlImageNtHeader, NtProtectVirtualMemory, 
NtQueryVirtualMemory, NtLockVirtualMemory, NtUnlockVirtualMemory, 
NtFlushInstructionCache, NtAllocateUserPhysicalPages, 
NtFreeUserPhysicalPages, NtMapUserPhysicalPages, 
NtMapUserPhysicalPagesScatter, NtGetWriteWatch, NtResetWriteWatch, 
NtSetInformationObject, CsrNewThread, CsrClientConnectToServer, 
RtlCreateTagHeap, LdrSetDllManifestProber, RtlSetThreadPoolStartFunc, 
RtlEncodePointer, _stricmp, wcscat, RtlCreateHeap, RtlDestroyHeap, 
RtlExtendHeap, RtlQueryTagHeap, RtlUsageHeap, RtlValidateHeap, 
RtlGetProcessHeaps, RtlWalkHeap, RtlSetHeapInformation, 
RtlQueryHeapInformation, RtlInitializeHandleTable, 
RtlExtendedLargeIntegerDivide, NtCreateMailslotFile, RtlFormatMessage, 
RtlFindMessage, LdrUnloadDll, LdrUnloadAlternateResourceModule, 
LdrDisableThreadCalloutsForDll, strchr, LdrGetDllHandle, LdrUnlockLoaderLock, 
LdrAddRefDll, RtlComputePrivatizedDllName_U, RtlPcToFileHeader, 
LdrLockLoaderLock, RtlGetVersion, RtlVerifyVersionInfo, 
LdrEnumerateLoadedModules, RtlUnicodeStringToInteger, 
LdrLoadAlternateResourceModule, RtlDosApplyFileIsolationRedirection_Ustr, 
LdrLoadDll, LdrGetProcedureAddress, LdrFindResource_U, LdrAccessResource, 
LdrFindResourceDirectory_U, RtlImageDirectoryEntryToData, _strcmpi, 
NtSetInformationThread, NtOpenThreadToken, NtCreateNamedPipeFile, 
RtlDefaultNpAcl, RtlDosSearchPath_Ustr, RtlInitUnicodeStringEx, 
RtlQueryEnvironmentVariable_U, RtlAnsiCharToUnicodeChar, RtlIntegerToChar,
 NtSetVolumeInformationFile, RtlIsNameLegalDOS8Dot3, 
NtQueryPerformanceCounter, sprintf, NtPowerInformation, NtInitiatePowerAction, NtSetThreadExecutionState, 
NtRequestWakeupLatency, NtGetDevicePowerState, 
NtIsSystemResumeAutomatic, NtRequestDeviceWakeup, 
NtCancelDeviceWakeupRequest, NtWriteVirtualMemory, LdrShutdownProcess, 
NtTerminateProcess, RtlRaiseStatus, RtlSetEnvironmentVariable, 
RtlExpandEnvironmentStrings_U, NtReadVirtualMemory, 
RtlCompareUnicodeString, RtlQueryRegistryValues, NtCreateJobSet, 
NtCreateJobObject, NtIsProcessInJob, RtlEqualSid, RtlSubAuthoritySid, 
RtlInitializeSid, NtQueryInformationToken, NtOpenProcessToken
NtResumeThread, NtAssignProcessToJobObject, 
CsrCaptureMessageMultiUnicodeStringsInPlace, NtCreateThread
NtCreateProcessEx, LdrQueryImageFileExecutionOptions, 
RtlDestroyEnvironment, NtQuerySection, NtQueryInformationJobObject, 
RtlGetNativeSystemInformation, RtlxAnsiStringToUnicodeSize, NtOpenEvent, 
NtQueryEvent, NtTerminateThread, wcsrchr, NlsMbOemCodePageTag, 
RtlxUnicodeStringToOemSize, NtAdjustPrivilegesToken, RtlImpersonateSelf, 
wcsncmp, RtlDestroyProcessParameters, RtlCreateProcessParameters, 
RtlInitializeCriticalSectionAndSpinCount, NtSetEvent, NtClearEvent, 
NtPulseEvent, NtCreateSemaphore, NtOpenSemaphore, NtReleaseSemaphore, 
NtCreateMutant, NtOpenMutant, NtReleaseMutant
NtSignalAndWaitForSingleObject, NtWaitForMultipleObjects, NtDelayExecution
, NtCreateTimer, NtOpenTimer, NtSetTimer, NtCancelTimer, NtCreateEvent, 
RtlCopyLuid, strrchr, _vsnwprintf, RtlReleaseActivationContext, 
RtlActivateActivationContextEx, RtlQueryInformationActivationContext, 
NtOpenThread, LdrShutdownThread, RtlFreeThreadActivationContextStack, 
NtGetContextThread, NtSetContextThread, NtSuspendThread, 
RtlRaiseException, RtlDecodePointer, towlower, RtlClearBits, 
RtlFindClearBitsAndSet, RtlAreBitsSet, NtQueueApcThread, NtYieldExecution, 
RtlRegisterWait, RtlDeregisterWait, RtlDeregisterWaitEx, RtlQueueWorkItem, 
RtlSetIoCompletionCallback, RtlCreateTimerQueue, RtlCreateTimer, 
RtlUpdateTimer, RtlDeleteTimer, RtlDeleteTimerQueueEx, 
CsrIdentifyAlertableThread, RtlApplicationVerifierStop, _alloca_probe, 
RtlDestroyQueryDebugBuffer, RtlQueryProcessDebugInformation, 
RtlCreateQueryDebugBuffer, RtlCreateEnvironment, RtlFreeOemString, strstr, 
toupper, isdigit, atol, tolower, NtOpenJobObject, NtTerminateJobObject, 
NtSetInformationJobObject, RtlAddRefActivationContext, 
RtlZombifyActivationContext, RtlActivateActivationContext, 
RtlDeactivateActivationContext, RtlGetActiveActivationContext, DbgPrintEx, 
LdrDestroyOutOfProcessImage, LdrAccessOutOfProcessResource, 
LdrFindCreateProcessManifest, LdrCreateOutOfProcessImage, 
RtlNtStatusToDosErrorNoTeb, RtlpApplyLengthFunction, 
RtlGetLengthWithoutLastFullDosOrNtPathElement, RtlpEnsureBufferSize, 
RtlMultiAppendUnicodeStringBuffer, _snwprintf, RtlCreateActivationContext
RtlFindActivationContextSectionString, RtlFindActivationContextSectionGuid, 
_allshl, RtlNtPathNameToDosPathName, RtlUnhandledExceptionFilter
CsrCaptureMessageBuffer, NtQueryInstallUILanguage, 
NtQueryDefaultUILanguage, wcspbrk, RtlOpenCurrentUser, 
RtlGetDaclSecurityDescriptor, NtCreateDirectoryObject, _wcslwr, _wtol
RtlIntegerToUnicodeString, NtQueryDefaultLocale, _strlwr, RtlUnwind
         

Weiter Auswertung kernel32.dll:

( 949 exports )
ActivateActCtx, AddAtomA, AddAtomW, AddConsoleAliasA, AddConsoleAliasW, AddLocalAlternateComputerNameA, AddLocalAlternateComputerNameW, AddRefActCtx, AddVectoredExceptionHandler, AllocConsole, AllocateUserPhysicalPages, AreFileApisANSI, AssignProcessToJobObject, AttachConsole, BackupRead, BackupSeek, BackupWrite, BaseCheckAppcompatCache, BaseCleanupAppcompatCache, BaseCleanupAppcompatCacheSupport, BaseDumpAppcompatCache, BaseFlushAppcompatCache, BaseInitAppcompatCache, BaseInitAppcompatCacheSupport, BaseProcessInitPostImport, BaseQueryModuleData, BaseUpdateAppcompatCache, BasepCheckWinSaferRestrictions, Beep, BeginUpdateResourceA, BeginUpdateResourceW, BindIoCompletionCallback, BuildCommDCBA, BuildCommDCBAndTimeoutsA, BuildCommDCBAndTimeoutsW, BuildCommDCBW, CallNamedPipeA, CallNamedPipeW, CancelDeviceWakeupRequest, CancelIo, CancelTimerQueueTimer, CancelWaitableTimer, ChangeTimerQueueTimer, CheckNameLegalDOS8Dot3A, CheckNameLegalDOS8Dot3W, CheckRemoteDebuggerPresent, ClearCommBreak, ClearCommError, CloseConsoleHandle, CloseHandle, CloseProfileUserMapping, CmdBatNotification, CommConfigDialogA, CommConfigDialogW, CompareFileTime, CompareStringA, CompareStringW, ConnectNamedPipe, ConsoleMenuControl, ContinueDebugEvent, ConvertDefaultLocale, ConvertFiberToThread, ConvertThreadToFiber, CopyFileA, CopyFileExA, CopyFileExW, CopyFileW, CopyLZFile, CreateActCtxA, CreateActCtxW, CreateConsoleScreenBuffer, CreateDirectoryA, CreateDirectoryExA, CreateDirectoryExW, CreateDirectoryW, CreateEventA, CreateEventW, CreateFiber, CreateFiberEx, CreateFileA, CreateFileMappingA, CreateFileMappingW, CreateFileW, CreateHardLinkA, CreateHardLinkW, CreateIoCompletionPort, CreateJobObjectA, CreateJobObjectW, CreateJobSet, CreateMailslotA, CreateMailslotW, CreateMemoryResourceNotification, CreateMutexA, CreateMutexW, CreateNamedPipeA, CreateNamedPipeW, CreateNlsSecurityDescriptor, CreatePipe, CreateProcessA, CreateProcessInternalA, CreateProcessInternalW, CreateProcessInternalWSecure, CreateProcessW, CreateRemoteThread, CreateSemaphoreA, CreateSemaphoreW, CreateSocketHandle, CreateTapePartition, CreateThread, CreateTimerQueue, CreateTimerQueueTimer, CreateToolhelp32Snapshot, CreateVirtualBuffer, CreateWaitableTimerA, CreateWaitableTimerW, DeactivateActCtx, DebugActiveProcess, DebugActiveProcessStop, DebugBreak, DebugBreakProcess, DebugSetProcessKillOnExit, DecodePointer, DecodeSystemPointer, DefineDosDeviceA, DefineDosDeviceW, DelayLoadFailureHook, DeleteAtom, DeleteCriticalSection, DeleteFiber, DeleteFileA, DeleteFileW, DeleteTimerQueue, DeleteTimerQueueEx, DeleteTimerQueueTimer, DeleteVolumeMountPointA, DeleteVolumeMountPointW, DeviceIoControl, DisableThreadLibraryCalls, DisconnectNamedPipe, DnsHostnameToComputerNameA, DnsHostnameToComputerNameW, DosDateTimeToFileTime, DosPathToSessionPathA, DosPathToSessionPathW, DuplicateConsoleHandle, DuplicateHandle, EncodePointer, EncodeSystemPointer, EndUpdateResourceA, EndUpdateResourceW, EnterCriticalSection, EnumCalendarInfoA, EnumCalendarInfoExA, EnumCalendarInfoExW, EnumCalendarInfoW, EnumDateFormatsA, EnumDateFormatsExA, EnumDateFormatsExW, EnumDateFormatsW, EnumLanguageGroupLocalesA, EnumLanguageGroupLocalesW, EnumResourceLanguagesA, EnumResourceLanguagesW, EnumResourceNamesA, EnumResourceNamesW, EnumResourceTypesA, EnumResourceTypesW, EnumSystemCodePagesA, EnumSystemCodePagesW, EnumSystemGeoID, EnumSystemLanguageGroupsA, EnumSystemLanguageGroupsW, EnumSystemLocalesA, EnumSystemLocalesW, EnumTimeFormatsA, EnumTimeFormatsW, EnumUILanguagesA, EnumUILanguagesW, EnumerateLocalComputerNamesA, EnumerateLocalComputerNamesW, EraseTape, EscapeCommFunction, ExitProcess, ExitThread, ExitVDM, ExpandEnvironmentStringsA, ExpandEnvironmentStringsW, ExpungeConsoleCommandHistoryA, ExpungeConsoleCommandHistoryW, ExtendVirtualBuffer, FatalAppExitA, FatalAppExitW, FatalExit, FileTimeToDosDateTime, FileTimeToLocalFileTime, FileTimeToSystemTime, FillConsoleOutputAttribute, FillConsoleOutputCharacterA, FillConsoleOutputCharacterW, FindActCtxSectionGuid, FindActCtxSectionStringA, FindActCtxSectionStringW, FindAtomA, FindAtomW, FindClose, FindCloseChangeNotification, FindFirstChangeNotificationA, FindFirstChangeNotificationW, FindFirstFileA, FindFirstFileExA, FindFirstFileExW, FindFirstFileW, FindFirstVolumeA, FindFirstVolumeMountPointA, FindFirstVolumeMountPointW, FindFirstVolumeW, FindNextChangeNotification, FindNextFileA, FindNextFileW, FindNextVolumeA, FindNextVolumeMountPointA, FindNextVolumeMountPointW, FindNextVolumeW, FindResourceA, FindResourceExA, FindResourceExW, FindResourceW, FindVolumeClose, FindVolumeMountPointClose, FlushConsoleInputBuffer, FlushFileBuffers, FlushInstructionCache, FlushViewOfFile, FoldStringA, FoldStringW, FormatMessageA, FormatMessageW, FreeConsole, FreeEnvironmentStringsA, FreeEnvironmentStringsW, FreeLibrary, FreeLibraryAndExitThread, FreeResource, FreeUserPhysicalPages, FreeVirtualBuffer, GenerateConsoleCtrlEvent, GetACP, GetAtomNameA, GetAtomNameW, GetBinaryType, GetBinaryTypeA, GetBinaryTypeW, GetCPFileNameFromRegistry, GetCPInfo, GetCPInfoExA, GetCPInfoExW, GetCalendarInfoA, GetCalendarInfoW, GetComPlusPackageInstallStatus, GetCommConfig, GetCommMask, GetCommModemStatus, GetCommProperties, GetCommState, GetCommTimeouts, GetCommandLineA, GetCommandLineW, GetCompressedFileSizeA, GetCompressedFileSizeW, GetComputerNameA, GetComputerNameExA, GetComputerNameExW, GetComputerNameW, GetConsoleAliasA, GetConsoleAliasExesA, GetConsoleAliasExesLengthA, GetConsoleAliasExesLengthW, GetConsoleAliasExesW, GetConsoleAliasW, GetConsoleAliasesA, GetConsoleAliasesLengthA, GetConsoleAliasesLengthW, GetConsoleAliasesW, GetConsoleCP, GetConsoleCharType, GetConsoleCommandHistoryA, GetConsoleCommandHistoryLengthA, GetConsoleCommandHistoryLengthW, GetConsoleCommandHistoryW, GetConsoleCursorInfo, GetConsoleCursorMode, GetConsoleDisplayMode, GetConsoleFontInfo, GetConsoleFontSize, GetConsoleHardwareState, GetConsoleInputExeNameA, GetConsoleInputExeNameW, GetConsoleInputWaitHandle, GetConsoleKeyboardLayoutNameA, GetConsoleKeyboardLayoutNameW, GetConsoleMode, GetConsoleNlsMode, GetConsoleOutputCP, GetConsoleProcessList, GetConsoleScreenBufferInfo, GetConsoleSelectionInfo, GetConsoleTitleA, GetConsoleTitleW, GetConsoleWindow, GetCurrencyFormatA, GetCurrencyFormatW, GetCurrentActCtx, GetCurrentConsoleFont, GetCurrentDirectoryA, GetCurrentDirectoryW, GetCurrentProcess, GetCurrentProcessId, GetCurrentThread, GetCurrentThreadId, GetDateFormatA, GetDateFormatW, GetDefaultCommConfigA, GetDefaultCommConfigW, GetDefaultSortkeySize, GetDevicePowerState, GetDiskFreeSpaceA, GetDiskFreeSpaceExA, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetDllDirectoryA, GetDllDirectoryW, GetDriveTypeA, GetDriveTypeW, GetEnvironmentStrings, GetEnvironmentStringsA, GetEnvironmentStringsW, GetEnvironmentVariableA, GetEnvironmentVariableW, GetExitCodeProcess, GetExitCodeThread, GetExpandedNameA, GetExpandedNameW, GetFileAttributesA, GetFileAttributesExA, GetFileAttributesExW, GetFileAttributesW, GetFileInformationByHandle, GetFileSize, GetFileSizeEx, GetFileTime, GetFileType, GetFirmwareEnvironmentVariableA, GetFirmwareEnvironmentVariableW, GetFullPathNameA, GetFullPathNameW, GetGeoInfoA, GetGeoInfoW, GetHandleContext, GetHandleInformation, GetLargestConsoleWindowSize, GetLastError, GetLinguistLangSize, GetLocalTime, GetLocaleInfoA, GetLocaleInfoW, GetLogicalDriveStringsA, GetLogicalDriveStringsW, GetLogicalDrives, GetLongPathNameA, GetLongPathNameW, GetMailslotInfo, GetModuleFileNameA, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExA, GetModuleHandleExW, GetModuleHandleW, GetNamedPipeHandleStateA, GetNamedPipeHandleStateW, GetNamedPipeInfo, GetNativeSystemInfo, GetNextVDMCommand, GetNlsSectionName, GetNumaAvailableMemory, GetNumaAvailableMemoryNode, GetNumaHighestNodeNumber, GetNumaNodeProcessorMask, GetNumaProcessorMap, GetNumaProcessorNode, GetNumberFormatA, GetNumberFormatW, GetNumberOfConsoleFonts, GetNumberOfConsoleInputEvents, GetNumberOfConsoleMouseButtons, GetOEMCP, GetOverlappedResult, GetPriorityClass, GetPrivateProfileIntA, GetPrivateProfileIntW, GetPrivateProfileSectionA, GetPrivateProfileSectionNamesA, GetPrivateProfileSectionNamesW, GetPrivateProfileSectionW, GetPrivateProfileStringA, GetPrivateProfileStringW, GetPrivateProfileStructA, GetPrivateProfileStructW, GetProcAddress, GetProcessAffinityMask, GetProcessHandleCount, GetProcessHeap, GetProcessHeaps, GetProcessId, GetProcessIoCounters, GetProcessPriorityBoost, GetProcessShutdownParameters, GetProcessTimes, GetProcessVersion, GetProcessWorkingSetSize, GetProfileIntA, GetProfileIntW, GetProfileSectionA, GetProfileSectionW, GetProfileStringA, GetProfileStringW, GetQueuedCompletionStatus, GetShortPathNameA, GetShortPathNameW, GetStartupInfoA, GetStartupInfoW, GetStdHandle, GetStringTypeA, GetStringTypeExA, GetStringTypeExW, GetStringTypeW, GetSystemDefaultLCID, GetSystemDefaultLangID, GetSystemDefaultUILanguage, GetSystemDirectoryA, GetSystemDirectoryW, GetSystemInfo, GetSystemPowerStatus, GetSystemRegistryQuota, GetSystemTime, GetSystemTimeAdjustment, GetSystemTimeAsFileTime, GetSystemTimes, GetSystemWindowsDirectoryA, GetSystemWindowsDirectoryW, GetSystemWow64DirectoryA, GetSystemWow64DirectoryW, GetTapeParameters, GetTapePosition, GetTapeStatus, GetTempFileNameA, GetTempFileNameW, GetTempPathA, GetTempPathW, GetThreadContext, GetThreadIOPendingFlag, GetThreadLocale, GetThreadPriority, GetThreadPriorityBoost, GetThreadSelectorEntry, GetThreadTimes, GetTickCount, GetTimeFormatA, GetTimeFormatW, GetTimeZoneInformation, GetUserDefaultLCID, GetUserDefaultLangID, GetUserDefaultUILanguage, GetUserGeoID, GetVDMCurrentDirectories, GetVersion, GetVersionExA, GetVersionExW, GetVolumeInformationA, GetVolumeInformationW, GetVolumeNameForVolumeMountPointA, GetVolumeNameForVolumeMountPointW, GetVolumePathNameA, GetVolumePathNameW, GetVolumePathNamesForVolumeNameA, GetVolumePathNamesForVolumeNameW, GetWindowsDirectoryA, GetWindowsDirectoryW, GetWriteWatch, GlobalAddAtomA, GlobalAddAtomW, GlobalAlloc, GlobalCompact, GlobalDeleteAtom, GlobalFindAtomA, GlobalFindAtomW, GlobalFix, GlobalFlags, GlobalFree, GlobalGetAtomNameA, GlobalGetAtomNameW, GlobalHandle, GlobalLock, GlobalMemoryStatus, GlobalMemoryStatusEx, GlobalReAlloc, GlobalSize, GlobalUnWire, GlobalUnfix, GlobalUnlock, GlobalWire, Heap32First, Heap32ListFirst, Heap32ListNext, Heap32Next, HeapAlloc, HeapCompact, HeapCreate, HeapCreateTagsW, HeapDestroy, HeapExtend, HeapFree, HeapLock, HeapQueryInformation, HeapQueryTagW, HeapReAlloc, HeapSetInformation, HeapSize, HeapSummary, HeapUnlock, HeapUsage, HeapValidate, HeapWalk, InitAtomTable, InitializeCriticalSection, InitializeCriticalSectionAndSpinCount, InitializeSListHead, InterlockedCompareExchange, InterlockedDecrement, InterlockedExchange, InterlockedExchangeAdd, InterlockedFlushSList, InterlockedIncrement, InterlockedPopEntrySList, InterlockedPushEntrySList, InvalidateConsoleDIBits, IsBadCodePtr, IsBadHugeReadPtr, IsBadHugeWritePtr, IsBadReadPtr, IsBadStringPtrA, IsBadStringPtrW, IsBadWritePtr, IsDBCSLeadByte, IsDBCSLeadByteEx, IsDebuggerPresent, IsProcessInJob, IsProcessorFeaturePresent, IsSystemResumeAutomatic, IsValidCodePage, IsValidLanguageGroup, IsValidLocale, IsValidUILanguage, IsWow64Process, LCMapStringA, LCMapStringW, LZClose, LZCloseFile, LZCopy, LZCreateFileW, LZDone, LZInit, LZOpenFileA, LZOpenFileW, LZRead, LZSeek, LZStart, LeaveCriticalSection, LoadLibraryA, LoadLibraryExA, LoadLibraryExW, LoadLibraryW, LoadModule, LoadResource, LocalAlloc, LocalCompact, LocalFileTimeToFileTime, LocalFlags, LocalFree, LocalHandle, LocalLock, LocalReAlloc, LocalShrink, LocalSize, LocalUnlock, LockFile, LockFileEx, LockResource, MapUserPhysicalPages, MapUserPhysicalPagesScatter, MapViewOfFile, MapViewOfFileEx, Module32First, Module32FirstW, Module32Next, Module32NextW, MoveFileA, MoveFileExA, MoveFileExW, MoveFileW, MoveFileWithProgressA, MoveFileWithProgressW, MulDiv, MultiByteToWideChar, NlsConvertIntegerToString, NlsGetCacheUpdateCount, NlsResetProcessLocale, NumaVirtualQueryNode, OpenConsoleW, OpenDataFile, OpenEventA, OpenEventW, OpenFile, OpenFileMappingA, OpenFileMappingW, OpenJobObjectA, OpenJobObjectW, OpenMutexA, OpenMutexW, OpenProcess, OpenProfileUserMapping, OpenSemaphoreA, OpenSemaphoreW, OpenThread, OpenWaitableTimerA, OpenWaitableTimerW, OutputDebugStringA, OutputDebugStringW, PeekConsoleInputA, PeekConsoleInputW, PeekNamedPipe, PostQueuedCompletionStatus, PrepareTape, PrivCopyFileExW, PrivMoveFileIdentityW, Process32First, Process32FirstW, Process32Next, Process32NextW, ProcessIdToSessionId, PulseEvent, PurgeComm, QueryActCtxW, QueryDepthSList, QueryDosDeviceA, QueryDosDeviceW, QueryInformationJobObject, QueryMemoryResourceNotification, QueryPerformanceCounter, QueryPerformanceFrequency, QueryWin31IniFilesMappedToRegistry, QueueUserAPC, QueueUserWorkItem, RaiseException, ReadConsoleA, ReadConsoleInputA, ReadConsoleInputExA, ReadConsoleInputExW, ReadConsoleInputW, ReadConsoleOutputA, ReadConsoleOutputAttribute, ReadConsoleOutputCharacterA, ReadConsoleOutputCharacterW, ReadConsoleOutputW, ReadConsoleW, ReadDirectoryChangesW, ReadFile, ReadFileEx, ReadFileScatter, ReadProcessMemory, RegisterConsoleIME, RegisterConsoleOS2, RegisterConsoleVDM, RegisterWaitForInputIdle, RegisterWaitForSingleObject, RegisterWaitForSingleObjectEx, RegisterWowBaseHandlers, RegisterWowExec, ReleaseActCtx, ReleaseMutex, ReleaseSemaphore, RemoveDirectoryA, RemoveDirectoryW, RemoveLocalAlternateComputerNameA, RemoveLocalAlternateComputerNameW, RemoveVectoredExceptionHandler, ReplaceFile, ReplaceFileA, ReplaceFileW, RequestDeviceWakeup, RequestWakeupLatency, ResetEvent, ResetWriteWatch, RestoreLastError, ResumeThread, RtlCaptureContext, RtlCaptureStackBackTrace, RtlFillMemory, RtlMoveMemory, RtlUnwind, RtlZeroMemory, ScrollConsoleScreenBufferA, ScrollConsoleScreenBufferW, SearchPathA, SearchPathW, SetCPGlobal, SetCalendarInfoA, SetCalendarInfoW, SetClientTimeZoneInformation, SetComPlusPackageInstallStatus, SetCommBreak, SetCommConfig, SetCommMask, SetCommState, SetCommTimeouts, SetComputerNameA, SetComputerNameExA, SetComputerNameExW, SetComputerNameW, SetConsoleActiveScreenBuffer, SetConsoleCP, SetConsoleCommandHistoryMode, SetConsoleCtrlHandler, SetConsoleCursor, SetConsoleCursorInfo, SetConsoleCursorMode, SetConsoleCursorPosition, SetConsoleDisplayMode, SetConsoleFont, SetConsoleHardwareState, SetConsoleIcon, SetConsoleInputExeNameA, SetConsoleInputExeNameW, SetConsoleKeyShortcuts, SetConsoleLocalEUDC, SetConsoleMaximumWindowSize, SetConsoleMenuClose, SetConsoleMode, SetConsoleNlsMode, SetConsoleNumberOfCommandsA, SetConsoleNumberOfCommandsW, SetConsoleOS2OemFormat, SetConsoleOutputCP, SetConsolePalette, SetConsoleScreenBufferSize, SetConsoleTextAttribute, SetConsoleTitleA, SetConsoleTitleW, SetConsoleWindowInfo, SetCriticalSectionSpinCount, SetCurrentDirectoryA, SetCurrentDirectoryW, SetDefaultCommConfigA, SetDefaultCommConfigW, SetDllDirectoryA, SetDllDirectoryW, SetEndOfFile, SetEnvironmentVariableA, SetEnvironmentVariableW, SetErrorMode, SetEvent, SetFileApisToANSI, SetFileApisToOEM, SetFileAttributesA, SetFileAttributesW, SetFilePointer, SetFilePointerEx, SetFileShortNameA, SetFileShortNameW, SetFileTime, SetFileValidData, SetFirmwareEnvironmentVariableA, SetFirmwareEnvironmentVariableW, SetHandleContext, SetHandleCount, SetHandleInformation, SetInformationJobObject, SetLastConsoleEventActive, SetLastError, SetLocalPrimaryComputerNameA, SetLocalPrimaryComputerNameW, SetLocalTime, SetLocaleInfoA, SetLocaleInfoW, SetMailslotInfo, SetMessageWaitingIndicator, SetNamedPipeHandleState, SetPriorityClass, SetProcessAffinityMask, SetProcessPriorityBoost, SetProcessShutdownParameters, SetProcessWorkingSetSize, SetStdHandle, SetSystemPowerState, SetSystemTime, SetSystemTimeAdjustment, SetTapeParameters, SetTapePosition, SetTermsrvAppInstallMode, SetThreadAffinityMask, SetThreadContext, SetThreadExecutionState, SetThreadIdealProcessor, SetThreadLocale, SetThreadPriority, SetThreadPriorityBoost, SetThreadUILanguage, SetTimeZoneInformation, SetTimerQueueTimer, SetUnhandledExceptionFilter, SetUserGeoID, SetVDMCurrentDirectories, SetVolumeLabelA, SetVolumeLabelW, SetVolumeMountPointA, SetVolumeMountPointW, SetWaitableTimer, SetupComm, ShowConsoleCursor, SignalObjectAndWait, SizeofResource, Sleep, SleepEx, SuspendThread, SwitchToFiber, SwitchToThread, SystemTimeToFileTime, SystemTimeToTzSpecificLocalTime, TerminateJobObject, TerminateProcess, TerminateThread, TermsrvAppInstallMode, Thread32First, Thread32Next, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, Toolhelp32ReadProcessMemory, TransactNamedPipe, TransmitCommChar, TrimVirtualBuffer, TryEnterCriticalSection, TzSpecificLocalTimeToSystemTime, UTRegister, UTUnRegister, UnhandledExceptionFilter, UnlockFile, UnlockFileEx, UnmapViewOfFile, UnregisterConsoleIME, UnregisterWait, UnregisterWaitEx, UpdateResourceA, UpdateResourceW, VDMConsoleOperation, VDMOperationStarted, ValidateLCType, ValidateLocale, VerLanguageNameA, VerLanguageNameW, VerSetConditionMask, VerifyConsoleIoHandle, VerifyVersionInfoA, VerifyVersionInfoW, VirtualAlloc, VirtualAllocEx, VirtualBufferExceptionHandler, VirtualFree, VirtualFreeEx, VirtualLock, VirtualProtect, VirtualProtectEx, VirtualQuery, VirtualQueryEx, VirtualUnlock, WTSGetActiveConsoleSessionId, WaitCommEvent, WaitForDebugEvent, WaitForMultipleObjects, WaitForMultipleObjectsEx, WaitForSingleObject, WaitForSingleObjectEx, WaitNamedPipeA, WaitNamedPipeW, WideCharToMultiByte, WinExec, WriteConsoleA, WriteConsoleInputA, WriteConsoleInputVDMA, WriteConsoleInputVDMW, WriteConsoleInputW, WriteConsoleOutputA, WriteConsoleOutputAttribute, WriteConsoleOutputCharacterA, WriteConsoleOutputCharacterW, WriteConsoleOutputW, WriteConsoleW, WriteFile, WriteFileEx, WriteFileGather, WritePrivateProfileSectionA, WritePrivateProfileSectionW, WritePrivateProfileStringA, WritePrivateProfileStringW, WritePrivateProfileStructA, WritePrivateProfileStructW, WriteProcessMemory, WriteProfileSectionA, WriteProfileSectionW, WriteProfileStringA, WriteProfileStringW, WriteTapemark, ZombifyActCtx, _hread, _hwrite, _lclose, _lcreat, _llseek, _lopen, _lread, _lwrite, lstrcat, lstrcatA, lstrcatW, lstrcmp, lstrcmpA, lstrcmpW, lstrcmpi, lstrcmpiA, lstrcmpiW, lstrcpy, lstrcpyA, lstrcpyW, lstrcpyn, lstrcpynA, lstrcpynW, lstrlen, lstrlenA,lstrlenW