ok also malware hat das hier ausgespuckt:

Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3747
Windows 5.1.2600 Service Pack 3, v.3264
Internet Explorer 6.0.2900.3264

16.02.2010 23:46:53
mbam-log-2010-02-16 (23-46-53).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 193486
Laufzeit: 39 minute(s), 57 second(s)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 4
Infizierte Verzeichnisse: 3
Infizierte Dateien: 11

Infizierte Speicherprozesse:
C:\Dokumente und Einstellungen\HOMEMB\Anwendungsdaten\SystemProc\lsass.exe (Malware.Packer) -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\BMIMZMHMFM (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WS9E3IQBKY (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rthdbpl (Malware.Packer) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\Programme\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D} (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\Programme\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\Programme\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Trojan.Swisyn) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Dokumente und Einstellungen\HOMEMB\Anwendungsdaten\SystemProc\lsass.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\HOMEMB\Eigene Dateien\Downloads\Die.Sims.2.Mega.Collection.MultiLanguage-iND\Die.Sims.2.Mega.Collection.MultiLanguage-iND\00 Universal Keygen\fff-ea146.exe (Trojan.Orsam) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8FF140B7-B6B2-4EC0-806D-2D80DDBF6608}\RP360\A0036618.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8FF140B7-B6B2-4EC0-806D-2D80DDBF6608}\RP364\A0036791.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8FF140B7-B6B2-4EC0-806D-2D80DDBF6608}\RP364\A0038627.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8FF140B7-B6B2-4EC0-806D-2D80DDBF6608}\RP365\A0038694.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8FF140B7-B6B2-4EC0-806D-2D80DDBF6608}\RP365\A0038719.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Programme\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\Programme\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\Programme\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.


bei C:\Programme\Gemeinsame Dateien\BOONTY Shared\Service\Boonty.exe
hat virus total das hier ausgespuckt:
Riskware.Win32.BoontyGames!A2
APPL/BoontyGames
Backdoor/Win32.Agent.gen
Application/BoontyGames

sypstemlook hat dann das hier angezeigt:

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 23:56 on 16/02/2010 by HOMEMB (Administrator - Elevation successful)

========== filefind ==========

Searching for "Reboot.exe"
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Reboot.exe ------ 409088 bytes [01:46 08/07/2008] [10:35 29/12/2006] 91E955E797B9DAE35E455121BAAF3394

========== regfind ==========

Searching for "Reboot.exe"
No data found.

-=End Of File=-


ich hoffe das bringt was brauchbares bei raus^^

Zitat:

Zitat von Marv99

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Reboot.exe

> Bitte diese Datei und diese
C:\Dokumente und Einstellungen\HOMEMB\Anwendungsdaten\OCS\SM\SearchAnonymizer.exe
bei VirusTotal hochladen und die Logs hier posten!
Nicht nur die Meldungen der Scanner, das ganze Log!

> Kopiere den Pfad der Datei direkt bei VirusTotal unter "Dateiname" (Klick auf das Eingabefenster) hinein oder suche die exe. Datei mit "Durchsuchen".

> C:\Dokumente und Einstellungen\HOMEMB\Anwendungsdaten\SystemProc\lsass.exe
hat sich erledigt: Malwarebytes: Malware.packer.

> Hast du dir dieses Programm selber runtergeladen?!
C:\Programme\Gemeinsame Dateien\BOONTY Shared\

Und was ist das?!

C:\Dokumente und Einstellungen\HOMEMB\Eigene Dateien\Downloads\Die.Sims.2.Mega.Collection.MultiLanguage-iND\Die.Sims.2.Mega.Collection.MultiLanguage-iND\00 Universal Keygen\fff-ea146.exe

Wenn du darauf keine gute Erklärung hast ist das Support hiermit beendet.
Keygen Downloads werden in diesem Forum nicht akzeptiert.

> Beide Programme sofort deinstallieren/löschen!
> Die exe. Datei:
C:\Programme\Gemeinsame Dateien\BOONTY Shared\Service\Boonty.exe
verschiebe sicherheitshalber in die Quarantäne von Avira oder lösche sie direkt.

> Rootkit Scan mit Cachme:
http://www2.gmer.net/catchme.exe
Auf dein Desktop laden, mit Doppelklick starten und auf "Scan" drücken.
Log hier abkopieren.

also zum keygen...das spiel hab ich original!oder eher gesagt meine schwester...ich hab nur keine hülle mehr für das spiel was soll ich dann machen...wegschmeissen?nur mal so nebenbei...ich hab schon genug viren aufm rechner da lad ich mir doch nix runter...ausserdem hab ich kein bock mir deswegen irgendwas einzuhandeln...

nun zur datei search anonymizer:
File size: 102400 bytes
MD5...: 002f4d9d7c20f0be1500fd4cb127939b
SHA1..: 966f7155ae7ab5d2b31427a7a035f49a46431d15
SHA256: a8f0e3d7537f8e8069cddae99bdcf9028564d50e0ad82054fafb340240e44a95
ssdeep: 1536:dtQLyJQcHhQMvu8fUvZ82aThrjEqM29wvi:jQLyJQcBQPGUvZ82aThrQM9w
vi
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x14dae
timedatestamp.....: 0x4a6ef263 (Tue Jul 28 12:43:15 2009)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x2000 0x12db4 0x13000 5.38 a4bc7b56b26309d19914ff1c887882c7
.sdata 0x16000 0xa6 0x1000 0.41 0575bba874710cec930d811d9a3617fe
.rsrc 0x18000 0x2978 0x3000 3.43 d5dee6c53331d61e3113c1528900293b
.reloc 0x1c000 0xc 0x1000 0.02 f0429fb0105e7654a48c19e1fd532e20

( 1 imports )
> mscoree.dll: _CorExeMain

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic CIL Executable (.NET, Mono, etc.) (72.5%)
Windows Screen Saver (12.9%)
Win32 Executable Generic (8.4%)
Win16/32 Executable Delphi generic (2.0%)
Generic Win/DOS Executable (1.9%)
sigcheck:
publisher....: n/a
copyright....:
product......: SearchAnonymizer
description..: SearchAnonymizer
original name: SearchAnonymizer.exe
internal name: SearchAnonymizer.exe
file version.: 1.0.0.0
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned


und das hier is zu der reboot datei:
File size: 409088 bytes
MD5...: 91e955e797b9dae35e455121baaf3394
SHA1..: 3712fb39158cc2add1301910ed9818c259e7fbdc
SHA256: 9d72e0523cc6bd4baa1bd88967aec1402551a5d565703b799ce6be52ec1a7640
ssdeep: 61440X5YVVPgBhzOX5wlXYw3Y9lboaEHzQ9TnvT0RvpSAeEoGYKHCWyb3TmBfs
vml:iX5Y/PgBhz+a1JzeLKpSUHCVjiqM
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x53178
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x521b4 0x52200 6.51 1927a6c2f4f5fa640d8a3e598bcf289d
DATA 0x54000 0x117c 0x1200 4.10 a07f8e5e71975f28d3032a6e15b6c05e
BSS 0x56000 0xbe5 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x57000 0x2126 0x2200 4.95 09d1978752ecac31a649345f23fe5a54
.tls 0x5a000 0x10 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x5b000 0x18 0x200 0.20 2434fa2f844c55eefcd1f3888d217e95
.reloc 0x5c000 0x5e54 0x6000 6.64 2d9dc3a1877faef442e48acf7952237e
.rsrc 0x62000 0x8200 0x8200 4.72 02d1e3e1ecca5be2520f33bcebf90f3d

( 13 imports )
> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, SetCurrentDirectoryA, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle
> user32.dll: GetKeyboardType, LoadStringA, MessageBoxA, CharNextA
> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
> oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen
> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
> advapi32.dll: RegSetValueExA, RegQueryValueExA, RegOpenKeyExA, RegFlushKey, RegDeleteValueA, RegCreateKeyExA, RegCloseKey
> kernel32.dll: lstrcpyA, WriteFile, WinExec, WaitForSingleObject, VirtualQuery, VirtualAlloc, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, ReadFile, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetTickCount, GetThreadLocale, GetSystemInfo, GetStringTypeExA, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCPInfo, GetACP, FreeResource, InterlockedExchange, FreeLibrary, FormatMessageA, FindResourceA, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CompareStringA, CloseHandle
> version.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
> gdi32.dll: UnrealizeObject, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, ExcludeClipRect, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, BitBlt
> user32.dll: CreateWindowExA, WindowFromPoint, WinHelpA, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowsHookExA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, OemToCharA, MessageBoxA, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, ExitWindowsEx, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
> kernel32.dll: Sleep
> oleaut32.dll: SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit
> comctl32.dll: ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create, InitCommonControls

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Borland Delphi 7 (66.1%)
Win32 Executable Borland Delphi 6 (25.9%)
InstallShield setup (4.2%)
Win32 Executable Delphi generic (1.4%)
Win32 Executable Generic (0.8%)
sigcheck:
publisher....:
copyright....:
product......: Win32 Setup-Execute
description..: Reboot Setup
original name: Reboot.exe
internal name: Reboot Setup
file version.: 3.0.0.0
comments.....: Reboot Setup
signers......: -
signing date.: -
verified.....: Unsigned
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=91e955e797b9dae35e455121baaf3394' target='_blank'>http://www.threatexpert.com/report.aspx?md5=91e955e797b9dae35e455121baaf3394</a>



nein das boonty ding hab ich nich runtergeladen:habs auch bei virustotal analysiert:
File size: 69120 bytes
MD5...: 01a9b7311d7623007d26222bf68b1390
SHA1..: fe430aed7e5651428f8bba4db40b156bcbc6af66
SHA256: f6d4df196bf76574c38c191e4d1f2b64d42b99dba6ac5639a0b30394114029ba
ssdeep: 1536:2pRD0f8eRPm2wdoIw/SSLTLwv6E4xLbFRT4eSocosiLT:2AfZR+2wdTw6Yp
z5FRT4eSocoseT
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5300
timedatestamp.....: 0x406164ee (Wed Mar 24 10:37:34 2004)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xbc5a 0xbe00 6.60 f0e8256080c2f07e025d5e685773b03b
.rdata 0xd000 0x13a0 0x1400 5.35 8834cb9bef0f0ec2a506acea8d1e2833
.data 0xf000 0x524c 0x3400 1.49 b95c3d928bb3ded5e2a91a16eceec207
.rsrc 0x15000 0x31c 0x400 3.64 53e5c8002af128c890ff20e8a60b78dd

( 3 imports )
> KERNEL32.dll: GetOverlappedResult, WaitForMultipleObjectsEx, ConnectNamedPipe, GetTickCount, ReleaseMutex, FindClose, FindNextFileA, FindFirstFileA, CreateDirectoryA, ResumeThread, DisconnectNamedPipe, EnterCriticalSection, WaitForSingleObject, OpenProcess, GetModuleFileNameA, QueryDosDeviceA, SetWaitableTimer, CreateWaitableTimerA, SuspendThread, SetEvent, InitializeCriticalSection, LoadLibraryA, CreateEventA, CreateMutexA, CreateNamedPipeA, CreateThread, FreeLibrary, WaitForSingleObjectEx, WriteFile, GetVersionExA, GetLastError, GetSystemDirectoryA, SetFilePointer, ReadFile, lstrlenA, CreateFileA, LeaveCriticalSection, GetProcAddress, HeapFree, CloseHandle, DeviceIoControl, HeapAlloc, RtlUnwind, InterlockedDecrement, InterlockedIncrement, GetTimeZoneInformation, GetSystemTime, GetLocalTime, GetCommandLineA, GetVersion, ExitProcess, GetModuleHandleA, GetEnvironmentVariableA, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, HeapReAlloc, IsBadWritePtr, DeleteCriticalSection, TerminateProcess, GetCurrentProcess, HeapSize, GetCurrentThreadId, TlsSetValue, TlsAlloc, SetLastError, TlsGetValue, CompareStringW, SetEnvironmentVariableA, WideCharToMultiByte, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetCPInfo, GetACP, GetOEMCP, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadCodePtr, GetStringTypeA, GetStringTypeW, SetStdHandle, FlushFileBuffers, CompareStringA
> USER32.dll: wsprintfA
> ADVAPI32.dll: QueryServiceConfigA, RegDeleteValueA, RegSetValueExA, RegCreateKeyExA, RegOpenKeyExA, RegEnumKeyExA, RegCloseKey, RegDeleteKeyA, RegisterEventSourceA, ReportEventA, DeregisterEventSource, SetServiceStatus, RegisterServiceCtrlHandlerA, OpenSCManagerA, OpenServiceA, CloseServiceHandle, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, StartServiceCtrlDispatcherA, GetLengthSid, RegQueryValueExA

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
sigcheck:
publisher....: BOONTY
copyright....: n/a
product......: Boonty Games
description..: System Level Service Utility
original name: n/a
internal name: n/a
file version.: 2.60.030
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
packers (Antiy-AVL): Armadillo 1.71