Trojaner-Board - Trojan Horse Generic 10.VPD, was tun?

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Trojan Horse Generic 10.VPD, was tun? (https://www.trojaner-board.de/52611-trojan-horse-generic-10-vpd-tun.html)

Trojan Horse Generic 10.VPD, was tun?

Hallo zusammen,

mein Virenscan hat auf meinem Rechner den Trojaner "Trojan Horse Generic 10.VPD" gefunden, außerdem wurden die Dateien kernel32.dll, shell32.dll und ntoskrnl.dll verändert.

Was muss ich tun oder muss hier alles plattgemacht und neuinstalliert werden?
Im Folgenden habe ich noch das Log von HijackThis:

Code:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:26:34, on 18.05.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal
 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programme\Intel\Wireless\Bin\EvtEng.exe

C:\Programme\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Programme\Cisco Systems\VPN Client\cvpnd.exe

C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe

C:\Programme\Intel\Wireless\Bin\OProtSvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Programme\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Programme\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Programme\Apoint2K\Apoint.exe

C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe

C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe

C:\Programme\Intel\Wireless\Bin\EOUWiz.exe

C:\Programme\Java\jre1.6.0_02\bin\jusched.exe

C:\Programme\QuickTime\QTTask.exe

C:\Programme\Winamp\winampa.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programme\Apoint2K\Apntex.exe

C:\Programme\Fujitsu Siemens\WinManager\WinManager.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat

C:\PROGRA~1\Grisoft\AVGFRE~1\avgvv.exe

C:\Programme\Alice\Signup\AliceCnn.exe

C:\Programme\Mozilla Firefox\firefox.exe

C:\Programme\Java\jre1.6.0_02\bin\jucheck.exe

C:\Programme\HijackThis\HijackThis.exe
 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://alice.aol.de

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://alice.aol.de

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://www.arcor.de

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://www.arcor.de

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://alice.aol.de

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = h**p://global.acer.com/

R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\SnagIt 7\SnagItBHO.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\SnagIt 7\SnagItIEAddin.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot

O4 - HKLM\..\Run: [EumexInst] "E:\Setup.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [EOUApp] C:\Programme\Intel\Wireless\Bin\EOUWiz.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User '?')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-21-1110412475-4168701361-813958858-1009\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: VPN Client.lnk = ?

O4 - Global Startup: WinManager.lnk = C:\Programme\Fujitsu Siemens\WinManager\WinManager.exe

O8 - Extra context menu item: &Winamp Search - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: Edit with &XML Spy - C:\Programme\Altova\xmlspy\spy.htm

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O9 - Extra button: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Programme\Altova\xmlspy\spy.htm (HKCU)

O9 - Extra 'Tools' menuitem: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Programme\Altova\xmlspy\spy.htm (HKCU)

O17 - HKLM\System\CCS\Services\Tcpip\..\{6F37B9E3-676B-44B9-BCD4-D2E8A7EDB42D}: NameServer = 213.191.74.18 62.109.123.196

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: EvtEng - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Programme\iPod\bin\iPodService.exe (file missing)

O23 - Service: OwnershipProtocol - Intel Corporation - C:\Programme\Intel\Wireless\Bin\OProtSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\Programme\Apache\Tomcat50\bin\tomcat5.exe
 

--

End of file - 7578 bytes

Würde mich sehr über eine Hilfe freuen!

Vielen Dank,

Sandra

Hi,

Das Log sieht soweit sauber aus.
Daher ist es wichtig, dass du:
a) Erstmal sagst wie das Programm heißt, dass du benutzt und dir den Virus meldet
b) du uns sagst wo der Downloader gefunden wurde
c) du die GENAUEN Fundmeldungen postest.
d) du die gesamten Pfade der Dateien angibst... kernel32.dll kann von Windows sein, muss aber nicht. Das hängt davon ob in welchem Ordner sie liegt.

Lade bitte außerdem noch die veränderten Dateien

Zitat:

kernel32.dll, shell32.dll und ntoskrnl.dll

bei virustotal hoch und poste die Ergebnisse hier.
(Wenn du die Datei hochlädst und oben auf der Seite Die Datei wurde bereits analysiert: erscheint. Klicke bitte unten auf den Link neben Permalink: und poste den Inhalt der erscheinenden Seite.)

lg myrtille

Virusprogramm: AVG 7.5.0.506

Das ist, was das Programm zu diesem Virus ausgibt:

Object Path: C:\Dokumente und Einstellungen\All Users\Dokumente\
Object name: lyx-1.4.1_win32_setup_v1.exe
Discovery: Trojan Horse Generic 10.VPD
File Size: 8.4 MB

Pfade zu Dateien:
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\shell32.dll
C:\WINDOWS\system32\ntoskrnl.dll

Die Auswertung von VirusTotal sind sehr lang, soll ich die einzeln schicken?

Gruss,

Sandra

Kurzer Nachtrag:

die letzte Datei ist eine .exe und keine .dll:

C:\WINDOWS\system32\ntoskrnl.exe

Hi,
ja poste die Auswertungen bitte nacheinander. Lass auch die bemängelte Datei

Zitat:

C:\Dokumente und Einstellungen\All Users\Dokumente\lyx-1.4.1_win32_setup_v1.exe

bei virustotal auswerten.

Kennst du die Datei? Hast du sie ausgeführt? Stammt sie von einer Webseite? Hast du den Link noch? :)

lg myrtille

1. Auswertung kernel32.dll

Code:

Keine Ergebnisse bei den Virenprogrammen

File size: 1058304 bytes

MD5...: 8eea8280a1e0e794edfccad3721c7cab

SHA1..: fc0460baa69f17dabc752ef5995c98866062cfc2

SHA256: b86323d11389c2c13492ffabdef46c1afcc49cb19f62926a5f33b55fe521b7c2

SHA512: 35e142cfd8286ebb86d1e68b10cd881acbb823c7ed746ebcc3f530ed41ff5a97

c81eb7f16d8eabc09760e7a9a4680745fa66849e2756d5a9088c1eba2b05a2ff

PEiD..: -

PEInfo: PE Structure information

( base data )

entrypointaddress.: 0x7c80b5ae

timedatestamp.....: 0x46239be1 (Mon Apr 16 15:53:05 2007)

machinetype.......: 0x14c (I386)

( 4 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0x82111 0x82200 6.67 7a5d54edc093ecf62412b0810215b7b1

.data 0x84000 0x43a0 0x2400 0.59 812f89bacee15996f8a2ae3eab48f42b

.rsrc 0x89000 0x77ec8 0x78000 3.46 388fc64ca1c58d76010e7b96d6c976a1

.reloc 0x101000 0x5bec 0x5c00 6.64 99c4e30af015bfb0ecf448d27654df37

( 1 imports )

> ntdll.dll: _wcsnicmp, NtFsControlFile, NtCreateFile, RtlAllocateHeap, 

RtlFreeHeap, NtOpenFile, NtQueryInformationFile, NtQueryEaFile, 

RtlLengthSecurityDescriptor, NtQuerySecurityObject, NtSetEaFile, 

NtSetSecurityObject, NtSetInformationFile, CsrClientCallServer, 

NtDeviceIoControlFile, NtClose, RtlInitUnicodeString, wcscspn, 

RtlUnicodeToMultiByteSize, wcslen, _memicmp, memmove, NtQueryValueKey, 

NtOpenKey, NtFlushKey, NtSetValueKey, NtCreateKey, RtlNtStatusToDosError,

 RtlFreeUnicodeString, RtlDnsHostNameToComputerName, wcsncpy, 

RtlUnicodeStringToAnsiString, RtlxUnicodeStringToAnsiSize, 

NlsMbCodePageTag, RtlAnsiStringToUnicodeString, RtlInitAnsiString, 

RtlCreateUnicodeStringFromAsciiz, wcschr, wcsstr, RtlPrefixString, _wcsicmp,

 RtlGetFullPathName_U, RtlGetCurrentDirectory_U, NtQueryInformationProcess

, RtlUnicodeStringToOemString, RtlReleasePebLock, RtlEqualUnicodeString, 

RtlAcquirePebLock, RtlFreeAnsiString, RtlSetCurrentDirectory_U, 

RtlTimeToTimeFields, NtSetSystemTime, RtlTimeFieldsToTime, 

NtQuerySystemInformation, RtlSetTimeZoneInformation, 

NtSetSystemInformation, RtlCutoverTimeToSystemTime, _allmul, DbgBreakPoint, RtlFreeSid, RtlSetDaclSecurityDescriptor, 

RtlCreateSecurityDescriptor, RtlAddAccessAllowedAce, RtlCreateAcl, 

RtlLengthSid, RtlAllocateAndInitializeSid, DbgPrint, NtOpenProcess, 

CsrGetProcessId, DbgUiDebugActiveProcess, DbgUiConnectToDbg, 

DbgUiIssueRemoteBreakin, NtSetInformationDebugObject, 

DbgUiGetThreadDebugObject, NtQueryInformationThread, 

DbgUiConvertStateChangeStructure, DbgUiWaitStateChange, DbgUiContinue, 

DbgUiStopDebugging, RtlDosPathNameToNtPathName_U, 

RtlIsDosDeviceName_U, RtlCreateAtomTable, NtAddAtom, 

RtlAddAtomToAtomTable, NtFindAtom, RtlLookupAtomInAtomTable, 

NtDeleteAtom, RtlDeleteAtomFromAtomTable, NtQueryInformationAtom, 

RtlQueryAtomInAtomTable, RtlOemStringToUnicodeString, 

RtlMultiByteToUnicodeN, RtlUnicodeToMultiByteN, RtlMultiByteToUnicodeSize, 

RtlPrefixUnicodeString, RtlLeaveCriticalSection, RtlEnterCriticalSection, 

NtEnumerateValueKey, RtlIsTextUnicode, NtReadFile, NtAllocateVirtualMemory

, NtUnlockFile, NtLockFile, RtlAppendUnicodeStringToString, 

RtlAppendUnicodeToString, RtlCopyUnicodeString, NtFreeVirtualMemory, 

NtWriteFile, RtlCreateUnicodeString, RtlFormatCurrentUserKeyPath, 

RtlGetLongestNtPathLength, NtDuplicateObject, NtQueryKey, 

NtEnumerateKey, NtDeleteValueKey, RtlEqualString, CsrFreeCaptureBuffer, 

CsrCaptureMessageString, CsrAllocateCaptureBuffer, strncpy, 

RtlCharToInteger, RtlUpcaseUnicodeChar, RtlUpcaseUnicodeString, 

CsrAllocateMessagePointer, NtQueryObject, wcscmp, RtlCompareMemory, 

NtQueryDirectoryObject, NtQuerySymbolicLinkObject, 

NtOpenSymbolicLinkObject, NtOpenDirectoryObject, NtCreateIoCompletion, 

NtSetIoCompletion, NtRemoveIoCompletion, NtSetInformationProcess, 

NtQueryDirectoryFile, RtlDeleteCriticalSection, NtNotifyChangeDirectoryFile, 

NtWaitForSingleObject, RtlInitializeCriticalSection, 

NtQueryVolumeInformationFile, NtFlushBuffersFile, 

RtlDeactivateActivationContextUnsafeFast, 

RtlActivateActivationContextUnsafeFast, NtCancelIoFile, NtReadFileScatter, 

NtWriteFileGather, wcscpy, NtOpenSection, NtMapViewOfSection, 

NtFlushVirtualMemory, RtlFlushSecureMemoryCache, NtUnmapViewOfSection, 

NtCreateSection, NtQueryFullAttributesFile, swprintf, NtQueryAttributesFile, 

RtlDetermineDosPathNameType_U, NtRaiseHardError, 

NtQuerySystemEnvironmentValueEx, RtlGUIDFromString, 

NtSetSystemEnvironmentValueEx, RtlInitString, RtlUnlockHeap, 

RtlSetUserValueHeap, RtlFreeHandle, RtlAllocateHandle, RtlLockHeap, 

RtlSizeHeap, RtlGetUserInfoHeap, RtlReAllocateHeap, RtlIsValidHandle, 

RtlCompactHeap, RtlImageNtHeader, NtProtectVirtualMemory, 

NtQueryVirtualMemory, NtLockVirtualMemory, NtUnlockVirtualMemory, 

NtFlushInstructionCache, NtAllocateUserPhysicalPages, 

NtFreeUserPhysicalPages, NtMapUserPhysicalPages, 

NtMapUserPhysicalPagesScatter, NtGetWriteWatch, NtResetWriteWatch, 

NtSetInformationObject, CsrNewThread, CsrClientConnectToServer, 

RtlCreateTagHeap, LdrSetDllManifestProber, RtlSetThreadPoolStartFunc, 

RtlEncodePointer, _stricmp, wcscat, RtlCreateHeap, RtlDestroyHeap, 

RtlExtendHeap, RtlQueryTagHeap, RtlUsageHeap, RtlValidateHeap, 

RtlGetProcessHeaps, RtlWalkHeap, RtlSetHeapInformation, 

RtlQueryHeapInformation, RtlInitializeHandleTable, 

RtlExtendedLargeIntegerDivide, NtCreateMailslotFile, RtlFormatMessage, 

RtlFindMessage, LdrUnloadDll, LdrUnloadAlternateResourceModule, 

LdrDisableThreadCalloutsForDll, strchr, LdrGetDllHandle, LdrUnlockLoaderLock, 

LdrAddRefDll, RtlComputePrivatizedDllName_U, RtlPcToFileHeader, 

LdrLockLoaderLock, RtlGetVersion, RtlVerifyVersionInfo, 

LdrEnumerateLoadedModules, RtlUnicodeStringToInteger, 

LdrLoadAlternateResourceModule, RtlDosApplyFileIsolationRedirection_Ustr, 

LdrLoadDll, LdrGetProcedureAddress, LdrFindResource_U, LdrAccessResource, 

LdrFindResourceDirectory_U, RtlImageDirectoryEntryToData, _strcmpi, 

NtSetInformationThread, NtOpenThreadToken, NtCreateNamedPipeFile, 

RtlDefaultNpAcl, RtlDosSearchPath_Ustr, RtlInitUnicodeStringEx, 

RtlQueryEnvironmentVariable_U, RtlAnsiCharToUnicodeChar, RtlIntegerToChar,

 NtSetVolumeInformationFile, RtlIsNameLegalDOS8Dot3, 

NtQueryPerformanceCounter, sprintf, NtPowerInformation, NtInitiatePowerAction, NtSetThreadExecutionState, 

NtRequestWakeupLatency, NtGetDevicePowerState, 

NtIsSystemResumeAutomatic, NtRequestDeviceWakeup, 

NtCancelDeviceWakeupRequest, NtWriteVirtualMemory, LdrShutdownProcess, 

NtTerminateProcess, RtlRaiseStatus, RtlSetEnvironmentVariable, 

RtlExpandEnvironmentStrings_U, NtReadVirtualMemory, 

RtlCompareUnicodeString, RtlQueryRegistryValues, NtCreateJobSet, 

NtCreateJobObject, NtIsProcessInJob, RtlEqualSid, RtlSubAuthoritySid, 

RtlInitializeSid, NtQueryInformationToken, NtOpenProcessToken

NtResumeThread, NtAssignProcessToJobObject, 

CsrCaptureMessageMultiUnicodeStringsInPlace, NtCreateThread

NtCreateProcessEx, LdrQueryImageFileExecutionOptions, 

RtlDestroyEnvironment, NtQuerySection, NtQueryInformationJobObject, 

RtlGetNativeSystemInformation, RtlxAnsiStringToUnicodeSize, NtOpenEvent, 

NtQueryEvent, NtTerminateThread, wcsrchr, NlsMbOemCodePageTag, 

RtlxUnicodeStringToOemSize, NtAdjustPrivilegesToken, RtlImpersonateSelf, 

wcsncmp, RtlDestroyProcessParameters, RtlCreateProcessParameters, 

RtlInitializeCriticalSectionAndSpinCount, NtSetEvent, NtClearEvent, 

NtPulseEvent, NtCreateSemaphore, NtOpenSemaphore, NtReleaseSemaphore, 

NtCreateMutant, NtOpenMutant, NtReleaseMutant

NtSignalAndWaitForSingleObject, NtWaitForMultipleObjects, NtDelayExecution

, NtCreateTimer, NtOpenTimer, NtSetTimer, NtCancelTimer, NtCreateEvent, 

RtlCopyLuid, strrchr, _vsnwprintf, RtlReleaseActivationContext, 

RtlActivateActivationContextEx, RtlQueryInformationActivationContext, 

NtOpenThread, LdrShutdownThread, RtlFreeThreadActivationContextStack, 

NtGetContextThread, NtSetContextThread, NtSuspendThread, 

RtlRaiseException, RtlDecodePointer, towlower, RtlClearBits, 

RtlFindClearBitsAndSet, RtlAreBitsSet, NtQueueApcThread, NtYieldExecution, 

RtlRegisterWait, RtlDeregisterWait, RtlDeregisterWaitEx, RtlQueueWorkItem, 

RtlSetIoCompletionCallback, RtlCreateTimerQueue, RtlCreateTimer, 

RtlUpdateTimer, RtlDeleteTimer, RtlDeleteTimerQueueEx, 

CsrIdentifyAlertableThread, RtlApplicationVerifierStop, _alloca_probe, 

RtlDestroyQueryDebugBuffer, RtlQueryProcessDebugInformation, 

RtlCreateQueryDebugBuffer, RtlCreateEnvironment, RtlFreeOemString, strstr, 

toupper, isdigit, atol, tolower, NtOpenJobObject, NtTerminateJobObject, 

NtSetInformationJobObject, RtlAddRefActivationContext, 

RtlZombifyActivationContext, RtlActivateActivationContext, 

RtlDeactivateActivationContext, RtlGetActiveActivationContext, DbgPrintEx, 

LdrDestroyOutOfProcessImage, LdrAccessOutOfProcessResource, 

LdrFindCreateProcessManifest, LdrCreateOutOfProcessImage, 

RtlNtStatusToDosErrorNoTeb, RtlpApplyLengthFunction, 

RtlGetLengthWithoutLastFullDosOrNtPathElement, RtlpEnsureBufferSize, 

RtlMultiAppendUnicodeStringBuffer, _snwprintf, RtlCreateActivationContext

RtlFindActivationContextSectionString, RtlFindActivationContextSectionGuid, 

_allshl, RtlNtPathNameToDosPathName, RtlUnhandledExceptionFilter

CsrCaptureMessageBuffer, NtQueryInstallUILanguage, 

NtQueryDefaultUILanguage, wcspbrk, RtlOpenCurrentUser, 

RtlGetDaclSecurityDescriptor, NtCreateDirectoryObject, _wcslwr, _wtol

RtlIntegerToUnicodeString, NtQueryDefaultLocale, _strlwr, RtlUnwind

Weiter Auswertung kernel32.dll:

( 949 exports )
ActivateActCtx, AddAtomA, AddAtomW, AddConsoleAliasA, AddConsoleAliasW, AddLocalAlternateComputerNameA, AddLocalAlternateComputerNameW, AddRefActCtx, AddVectoredExceptionHandler, AllocConsole, AllocateUserPhysicalPages, AreFileApisANSI, AssignProcessToJobObject, AttachConsole, BackupRead, BackupSeek, BackupWrite, BaseCheckAppcompatCache, BaseCleanupAppcompatCache, BaseCleanupAppcompatCacheSupport, BaseDumpAppcompatCache, BaseFlushAppcompatCache, BaseInitAppcompatCache, BaseInitAppcompatCacheSupport, BaseProcessInitPostImport, BaseQueryModuleData, BaseUpdateAppcompatCache, BasepCheckWinSaferRestrictions, Beep, BeginUpdateResourceA, BeginUpdateResourceW, BindIoCompletionCallback, BuildCommDCBA, BuildCommDCBAndTimeoutsA, BuildCommDCBAndTimeoutsW, BuildCommDCBW, CallNamedPipeA, CallNamedPipeW, CancelDeviceWakeupRequest, CancelIo, CancelTimerQueueTimer, CancelWaitableTimer, ChangeTimerQueueTimer, CheckNameLegalDOS8Dot3A, CheckNameLegalDOS8Dot3W, CheckRemoteDebuggerPresent, ClearCommBreak, ClearCommError, CloseConsoleHandle, CloseHandle, CloseProfileUserMapping, CmdBatNotification, CommConfigDialogA, CommConfigDialogW, CompareFileTime, CompareStringA, CompareStringW, ConnectNamedPipe, ConsoleMenuControl, ContinueDebugEvent, ConvertDefaultLocale, ConvertFiberToThread, ConvertThreadToFiber, CopyFileA, CopyFileExA, CopyFileExW, CopyFileW, CopyLZFile, CreateActCtxA, CreateActCtxW, CreateConsoleScreenBuffer, CreateDirectoryA, CreateDirectoryExA, CreateDirectoryExW, CreateDirectoryW, CreateEventA, CreateEventW, CreateFiber, CreateFiberEx, CreateFileA, CreateFileMappingA, CreateFileMappingW, CreateFileW, CreateHardLinkA, CreateHardLinkW, CreateIoCompletionPort, CreateJobObjectA, CreateJobObjectW, CreateJobSet, CreateMailslotA, CreateMailslotW, CreateMemoryResourceNotification, CreateMutexA, CreateMutexW, CreateNamedPipeA, CreateNamedPipeW, CreateNlsSecurityDescriptor, CreatePipe, CreateProcessA, CreateProcessInternalA, CreateProcessInternalW, CreateProcessInternalWSecure, CreateProcessW, CreateRemoteThread, CreateSemaphoreA, CreateSemaphoreW, CreateSocketHandle, CreateTapePartition, CreateThread, CreateTimerQueue, CreateTimerQueueTimer, CreateToolhelp32Snapshot, CreateVirtualBuffer, CreateWaitableTimerA, CreateWaitableTimerW, DeactivateActCtx, DebugActiveProcess, DebugActiveProcessStop, DebugBreak, DebugBreakProcess, DebugSetProcessKillOnExit, DecodePointer, DecodeSystemPointer, DefineDosDeviceA, DefineDosDeviceW, DelayLoadFailureHook, DeleteAtom, DeleteCriticalSection, DeleteFiber, DeleteFileA, DeleteFileW, DeleteTimerQueue, DeleteTimerQueueEx, DeleteTimerQueueTimer, DeleteVolumeMountPointA, DeleteVolumeMountPointW, DeviceIoControl, DisableThreadLibraryCalls, DisconnectNamedPipe, DnsHostnameToComputerNameA, DnsHostnameToComputerNameW, DosDateTimeToFileTime, DosPathToSessionPathA, DosPathToSessionPathW, DuplicateConsoleHandle, DuplicateHandle, EncodePointer, EncodeSystemPointer, EndUpdateResourceA, EndUpdateResourceW, EnterCriticalSection, EnumCalendarInfoA, EnumCalendarInfoExA, EnumCalendarInfoExW, EnumCalendarInfoW, EnumDateFormatsA, EnumDateFormatsExA, EnumDateFormatsExW, EnumDateFormatsW, EnumLanguageGroupLocalesA, EnumLanguageGroupLocalesW, EnumResourceLanguagesA, EnumResourceLanguagesW, EnumResourceNamesA, EnumResourceNamesW, EnumResourceTypesA, EnumResourceTypesW, EnumSystemCodePagesA, EnumSystemCodePagesW, EnumSystemGeoID, EnumSystemLanguageGroupsA, EnumSystemLanguageGroupsW, EnumSystemLocalesA, EnumSystemLocalesW, EnumTimeFormatsA, EnumTimeFormatsW, EnumUILanguagesA, EnumUILanguagesW, EnumerateLocalComputerNamesA, EnumerateLocalComputerNamesW, EraseTape, EscapeCommFunction, ExitProcess, ExitThread, ExitVDM, ExpandEnvironmentStringsA, ExpandEnvironmentStringsW, ExpungeConsoleCommandHistoryA, ExpungeConsoleCommandHistoryW, ExtendVirtualBuffer, FatalAppExitA, FatalAppExitW, FatalExit, FileTimeToDosDateTime, FileTimeToLocalFileTime, FileTimeToSystemTime, FillConsoleOutputAttribute, FillConsoleOutputCharacterA, FillConsoleOutputCharacterW, FindActCtxSectionGuid, FindActCtxSectionStringA, FindActCtxSectionStringW, FindAtomA, FindAtomW, FindClose, FindCloseChangeNotification, FindFirstChangeNotificationA, FindFirstChangeNotificationW, FindFirstFileA, FindFirstFileExA, FindFirstFileExW, FindFirstFileW, FindFirstVolumeA, FindFirstVolumeMountPointA, FindFirstVolumeMountPointW, FindFirstVolumeW, FindNextChangeNotification, FindNextFileA, FindNextFileW, FindNextVolumeA, FindNextVolumeMountPointA, FindNextVolumeMountPointW, FindNextVolumeW, FindResourceA, FindResourceExA, FindResourceExW, FindResourceW, FindVolumeClose, FindVolumeMountPointClose, FlushConsoleInputBuffer, FlushFileBuffers, FlushInstructionCache, FlushViewOfFile, FoldStringA, FoldStringW, FormatMessageA, FormatMessageW, FreeConsole, FreeEnvironmentStringsA, FreeEnvironmentStringsW, FreeLibrary, FreeLibraryAndExitThread, FreeResource, FreeUserPhysicalPages, FreeVirtualBuffer, GenerateConsoleCtrlEvent, GetACP, GetAtomNameA, GetAtomNameW, GetBinaryType, GetBinaryTypeA, GetBinaryTypeW, GetCPFileNameFromRegistry, GetCPInfo, GetCPInfoExA, GetCPInfoExW, GetCalendarInfoA, GetCalendarInfoW, GetComPlusPackageInstallStatus, GetCommConfig, GetCommMask, GetCommModemStatus, GetCommProperties, GetCommState, GetCommTimeouts, GetCommandLineA, GetCommandLineW, GetCompressedFileSizeA, GetCompressedFileSizeW, GetComputerNameA, GetComputerNameExA, GetComputerNameExW, GetComputerNameW, GetConsoleAliasA, GetConsoleAliasExesA, GetConsoleAliasExesLengthA, GetConsoleAliasExesLengthW, GetConsoleAliasExesW, GetConsoleAliasW, GetConsoleAliasesA, GetConsoleAliasesLengthA, GetConsoleAliasesLengthW, GetConsoleAliasesW, GetConsoleCP, GetConsoleCharType, GetConsoleCommandHistoryA, GetConsoleCommandHistoryLengthA, GetConsoleCommandHistoryLengthW, GetConsoleCommandHistoryW, GetConsoleCursorInfo, GetConsoleCursorMode, GetConsoleDisplayMode, GetConsoleFontInfo, GetConsoleFontSize, GetConsoleHardwareState, GetConsoleInputExeNameA, GetConsoleInputExeNameW, GetConsoleInputWaitHandle, GetConsoleKeyboardLayoutNameA, GetConsoleKeyboardLayoutNameW, GetConsoleMode, GetConsoleNlsMode, GetConsoleOutputCP, GetConsoleProcessList, GetConsoleScreenBufferInfo, GetConsoleSelectionInfo, GetConsoleTitleA, GetConsoleTitleW, GetConsoleWindow, GetCurrencyFormatA, GetCurrencyFormatW, GetCurrentActCtx, GetCurrentConsoleFont, GetCurrentDirectoryA, GetCurrentDirectoryW, GetCurrentProcess, GetCurrentProcessId, GetCurrentThread, GetCurrentThreadId, GetDateFormatA, GetDateFormatW, GetDefaultCommConfigA, GetDefaultCommConfigW, GetDefaultSortkeySize, GetDevicePowerState, GetDiskFreeSpaceA, GetDiskFreeSpaceExA, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetDllDirectoryA, GetDllDirectoryW, GetDriveTypeA, GetDriveTypeW, GetEnvironmentStrings, GetEnvironmentStringsA, GetEnvironmentStringsW, GetEnvironmentVariableA, GetEnvironmentVariableW, GetExitCodeProcess, GetExitCodeThread, GetExpandedNameA, GetExpandedNameW, GetFileAttributesA, GetFileAttributesExA, GetFileAttributesExW, GetFileAttributesW, GetFileInformationByHandle, GetFileSize, GetFileSizeEx, GetFileTime, GetFileType, GetFirmwareEnvironmentVariableA, GetFirmwareEnvironmentVariableW, GetFullPathNameA, GetFullPathNameW, GetGeoInfoA, GetGeoInfoW, GetHandleContext, GetHandleInformation, GetLargestConsoleWindowSize, GetLastError, GetLinguistLangSize, GetLocalTime, GetLocaleInfoA, GetLocaleInfoW, GetLogicalDriveStringsA, GetLogicalDriveStringsW, GetLogicalDrives, GetLongPathNameA, GetLongPathNameW, GetMailslotInfo, GetModuleFileNameA, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExA, GetModuleHandleExW, GetModuleHandleW, GetNamedPipeHandleStateA, GetNamedPipeHandleStateW, GetNamedPipeInfo, GetNativeSystemInfo, GetNextVDMCommand, GetNlsSectionName, GetNumaAvailableMemory, GetNumaAvailableMemoryNode, GetNumaHighestNodeNumber, GetNumaNodeProcessorMask, GetNumaProcessorMap, GetNumaProcessorNode, GetNumberFormatA, GetNumberFormatW, GetNumberOfConsoleFonts, GetNumberOfConsoleInputEvents, GetNumberOfConsoleMouseButtons, GetOEMCP, GetOverlappedResult, GetPriorityClass, GetPrivateProfileIntA, GetPrivateProfileIntW, GetPrivateProfileSectionA, GetPrivateProfileSectionNamesA, GetPrivateProfileSectionNamesW, GetPrivateProfileSectionW, GetPrivateProfileStringA, GetPrivateProfileStringW, GetPrivateProfileStructA, GetPrivateProfileStructW, GetProcAddress, GetProcessAffinityMask, GetProcessHandleCount, GetProcessHeap, GetProcessHeaps, GetProcessId, GetProcessIoCounters, GetProcessPriorityBoost, GetProcessShutdownParameters, GetProcessTimes, GetProcessVersion, GetProcessWorkingSetSize, GetProfileIntA, GetProfileIntW, GetProfileSectionA, GetProfileSectionW, GetProfileStringA, GetProfileStringW, GetQueuedCompletionStatus, GetShortPathNameA, GetShortPathNameW, GetStartupInfoA, GetStartupInfoW, GetStdHandle, GetStringTypeA, GetStringTypeExA, GetStringTypeExW, GetStringTypeW, GetSystemDefaultLCID, GetSystemDefaultLangID, GetSystemDefaultUILanguage, GetSystemDirectoryA, GetSystemDirectoryW, GetSystemInfo, GetSystemPowerStatus, GetSystemRegistryQuota, GetSystemTime, GetSystemTimeAdjustment, GetSystemTimeAsFileTime, GetSystemTimes, GetSystemWindowsDirectoryA, GetSystemWindowsDirectoryW, GetSystemWow64DirectoryA, GetSystemWow64DirectoryW, GetTapeParameters, GetTapePosition, GetTapeStatus, GetTempFileNameA, GetTempFileNameW, GetTempPathA, GetTempPathW, GetThreadContext, GetThreadIOPendingFlag, GetThreadLocale, GetThreadPriority, GetThreadPriorityBoost, GetThreadSelectorEntry, GetThreadTimes, GetTickCount, GetTimeFormatA, GetTimeFormatW, GetTimeZoneInformation, GetUserDefaultLCID, GetUserDefaultLangID, GetUserDefaultUILanguage, GetUserGeoID, GetVDMCurrentDirectories, GetVersion, GetVersionExA, GetVersionExW, GetVolumeInformationA, GetVolumeInformationW, GetVolumeNameForVolumeMountPointA, GetVolumeNameForVolumeMountPointW, GetVolumePathNameA, GetVolumePathNameW, GetVolumePathNamesForVolumeNameA, GetVolumePathNamesForVolumeNameW, GetWindowsDirectoryA, GetWindowsDirectoryW, GetWriteWatch, GlobalAddAtomA, GlobalAddAtomW, GlobalAlloc, GlobalCompact, GlobalDeleteAtom, GlobalFindAtomA, GlobalFindAtomW, GlobalFix, GlobalFlags, GlobalFree, GlobalGetAtomNameA, GlobalGetAtomNameW, GlobalHandle, GlobalLock, GlobalMemoryStatus, GlobalMemoryStatusEx, GlobalReAlloc, GlobalSize, GlobalUnWire, GlobalUnfix, GlobalUnlock, GlobalWire, Heap32First, Heap32ListFirst, Heap32ListNext, Heap32Next, HeapAlloc, HeapCompact, HeapCreate, HeapCreateTagsW, HeapDestroy, HeapExtend, HeapFree, HeapLock, HeapQueryInformation, HeapQueryTagW, HeapReAlloc, HeapSetInformation, HeapSize, HeapSummary, HeapUnlock, HeapUsage, HeapValidate, HeapWalk, InitAtomTable, InitializeCriticalSection, InitializeCriticalSectionAndSpinCount, InitializeSListHead, InterlockedCompareExchange, InterlockedDecrement, InterlockedExchange, InterlockedExchangeAdd, InterlockedFlushSList, InterlockedIncrement, InterlockedPopEntrySList, InterlockedPushEntrySList, InvalidateConsoleDIBits, IsBadCodePtr, IsBadHugeReadPtr, IsBadHugeWritePtr, IsBadReadPtr, IsBadStringPtrA, IsBadStringPtrW, IsBadWritePtr, IsDBCSLeadByte, IsDBCSLeadByteEx, IsDebuggerPresent, IsProcessInJob, IsProcessorFeaturePresent, IsSystemResumeAutomatic, IsValidCodePage, IsValidLanguageGroup, IsValidLocale, IsValidUILanguage, IsWow64Process, LCMapStringA, LCMapStringW, LZClose, LZCloseFile, LZCopy, LZCreateFileW, LZDone, LZInit, LZOpenFileA, LZOpenFileW, LZRead, LZSeek, LZStart, LeaveCriticalSection, LoadLibraryA, LoadLibraryExA, LoadLibraryExW, LoadLibraryW, LoadModule, LoadResource, LocalAlloc, LocalCompact, LocalFileTimeToFileTime, LocalFlags, LocalFree, LocalHandle, LocalLock, LocalReAlloc, LocalShrink, LocalSize, LocalUnlock, LockFile, LockFileEx, LockResource, MapUserPhysicalPages, MapUserPhysicalPagesScatter, MapViewOfFile, MapViewOfFileEx, Module32First, Module32FirstW, Module32Next, Module32NextW, MoveFileA, MoveFileExA, MoveFileExW, MoveFileW, MoveFileWithProgressA, MoveFileWithProgressW, MulDiv, MultiByteToWideChar, NlsConvertIntegerToString, NlsGetCacheUpdateCount, NlsResetProcessLocale, NumaVirtualQueryNode, OpenConsoleW, OpenDataFile, OpenEventA, OpenEventW, OpenFile, OpenFileMappingA, OpenFileMappingW, OpenJobObjectA, OpenJobObjectW, OpenMutexA, OpenMutexW, OpenProcess, OpenProfileUserMapping, OpenSemaphoreA, OpenSemaphoreW, OpenThread, OpenWaitableTimerA, OpenWaitableTimerW, OutputDebugStringA, OutputDebugStringW, PeekConsoleInputA, PeekConsoleInputW, PeekNamedPipe, PostQueuedCompletionStatus, PrepareTape, PrivCopyFileExW, PrivMoveFileIdentityW, Process32First, Process32FirstW, Process32Next, Process32NextW, ProcessIdToSessionId, PulseEvent, PurgeComm, QueryActCtxW, QueryDepthSList, QueryDosDeviceA, QueryDosDeviceW, QueryInformationJobObject, QueryMemoryResourceNotification, QueryPerformanceCounter, QueryPerformanceFrequency, QueryWin31IniFilesMappedToRegistry, QueueUserAPC, QueueUserWorkItem, RaiseException, ReadConsoleA, ReadConsoleInputA, ReadConsoleInputExA, ReadConsoleInputExW, ReadConsoleInputW, ReadConsoleOutputA, ReadConsoleOutputAttribute, ReadConsoleOutputCharacterA, ReadConsoleOutputCharacterW, ReadConsoleOutputW, ReadConsoleW, ReadDirectoryChangesW, ReadFile, ReadFileEx, ReadFileScatter, ReadProcessMemory, RegisterConsoleIME, RegisterConsoleOS2, RegisterConsoleVDM, RegisterWaitForInputIdle, RegisterWaitForSingleObject, RegisterWaitForSingleObjectEx, RegisterWowBaseHandlers, RegisterWowExec, ReleaseActCtx, ReleaseMutex, ReleaseSemaphore, RemoveDirectoryA, RemoveDirectoryW, RemoveLocalAlternateComputerNameA, RemoveLocalAlternateComputerNameW, RemoveVectoredExceptionHandler, ReplaceFile, ReplaceFileA, ReplaceFileW, RequestDeviceWakeup, RequestWakeupLatency, ResetEvent, ResetWriteWatch, RestoreLastError, ResumeThread, RtlCaptureContext, RtlCaptureStackBackTrace, RtlFillMemory, RtlMoveMemory, RtlUnwind, RtlZeroMemory, ScrollConsoleScreenBufferA, ScrollConsoleScreenBufferW, SearchPathA, SearchPathW, SetCPGlobal, SetCalendarInfoA, SetCalendarInfoW, SetClientTimeZoneInformation, SetComPlusPackageInstallStatus, SetCommBreak, SetCommConfig, SetCommMask, SetCommState, SetCommTimeouts, SetComputerNameA, SetComputerNameExA, SetComputerNameExW, SetComputerNameW, SetConsoleActiveScreenBuffer, SetConsoleCP, SetConsoleCommandHistoryMode, SetConsoleCtrlHandler, SetConsoleCursor, SetConsoleCursorInfo, SetConsoleCursorMode, SetConsoleCursorPosition, SetConsoleDisplayMode, SetConsoleFont, SetConsoleHardwareState, SetConsoleIcon, SetConsoleInputExeNameA, SetConsoleInputExeNameW, SetConsoleKeyShortcuts, SetConsoleLocalEUDC, SetConsoleMaximumWindowSize, SetConsoleMenuClose, SetConsoleMode, SetConsoleNlsMode, SetConsoleNumberOfCommandsA, SetConsoleNumberOfCommandsW, SetConsoleOS2OemFormat, SetConsoleOutputCP, SetConsolePalette, SetConsoleScreenBufferSize, SetConsoleTextAttribute, SetConsoleTitleA, SetConsoleTitleW, SetConsoleWindowInfo, SetCriticalSectionSpinCount, SetCurrentDirectoryA, SetCurrentDirectoryW, SetDefaultCommConfigA, SetDefaultCommConfigW, SetDllDirectoryA, SetDllDirectoryW, SetEndOfFile, SetEnvironmentVariableA, SetEnvironmentVariableW, SetErrorMode, SetEvent, SetFileApisToANSI, SetFileApisToOEM, SetFileAttributesA, SetFileAttributesW, SetFilePointer, SetFilePointerEx, SetFileShortNameA, SetFileShortNameW, SetFileTime, SetFileValidData, SetFirmwareEnvironmentVariableA, SetFirmwareEnvironmentVariableW, SetHandleContext, SetHandleCount, SetHandleInformation, SetInformationJobObject, SetLastConsoleEventActive, SetLastError, SetLocalPrimaryComputerNameA, SetLocalPrimaryComputerNameW, SetLocalTime, SetLocaleInfoA, SetLocaleInfoW, SetMailslotInfo, SetMessageWaitingIndicator, SetNamedPipeHandleState, SetPriorityClass, SetProcessAffinityMask, SetProcessPriorityBoost, SetProcessShutdownParameters, SetProcessWorkingSetSize, SetStdHandle, SetSystemPowerState, SetSystemTime, SetSystemTimeAdjustment, SetTapeParameters, SetTapePosition, SetTermsrvAppInstallMode, SetThreadAffinityMask, SetThreadContext, SetThreadExecutionState, SetThreadIdealProcessor, SetThreadLocale, SetThreadPriority, SetThreadPriorityBoost, SetThreadUILanguage, SetTimeZoneInformation, SetTimerQueueTimer, SetUnhandledExceptionFilter, SetUserGeoID, SetVDMCurrentDirectories, SetVolumeLabelA, SetVolumeLabelW, SetVolumeMountPointA, SetVolumeMountPointW, SetWaitableTimer, SetupComm, ShowConsoleCursor, SignalObjectAndWait, SizeofResource, Sleep, SleepEx, SuspendThread, SwitchToFiber, SwitchToThread, SystemTimeToFileTime, SystemTimeToTzSpecificLocalTime, TerminateJobObject, TerminateProcess, TerminateThread, TermsrvAppInstallMode, Thread32First, Thread32Next, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, Toolhelp32ReadProcessMemory, TransactNamedPipe, TransmitCommChar, TrimVirtualBuffer, TryEnterCriticalSection, TzSpecificLocalTimeToSystemTime, UTRegister, UTUnRegister, UnhandledExceptionFilter, UnlockFile, UnlockFileEx, UnmapViewOfFile, UnregisterConsoleIME, UnregisterWait, UnregisterWaitEx, UpdateResourceA, UpdateResourceW, VDMConsoleOperation, VDMOperationStarted, ValidateLCType, ValidateLocale, VerLanguageNameA, VerLanguageNameW, VerSetConditionMask, VerifyConsoleIoHandle, VerifyVersionInfoA, VerifyVersionInfoW, VirtualAlloc, VirtualAllocEx, VirtualBufferExceptionHandler, VirtualFree, VirtualFreeEx, VirtualLock, VirtualProtect, VirtualProtectEx, VirtualQuery, VirtualQueryEx, VirtualUnlock, WTSGetActiveConsoleSessionId, WaitCommEvent, WaitForDebugEvent, WaitForMultipleObjects, WaitForMultipleObjectsEx, WaitForSingleObject, WaitForSingleObjectEx, WaitNamedPipeA, WaitNamedPipeW, WideCharToMultiByte, WinExec, WriteConsoleA, WriteConsoleInputA, WriteConsoleInputVDMA, WriteConsoleInputVDMW, WriteConsoleInputW, WriteConsoleOutputA, WriteConsoleOutputAttribute, WriteConsoleOutputCharacterA, WriteConsoleOutputCharacterW, WriteConsoleOutputW, WriteConsoleW, WriteFile, WriteFileEx, WriteFileGather, WritePrivateProfileSectionA, WritePrivateProfileSectionW, WritePrivateProfileStringA, WritePrivateProfileStringW, WritePrivateProfileStructA, WritePrivateProfileStructW, WriteProcessMemory, WriteProfileSectionA, WriteProfileSectionW, WriteProfileStringA, WriteProfileStringW, WriteTapemark, ZombifyActCtx, _hread, _hwrite, _lclose, _lcreat, _llseek, _lopen, _lread, _lwrite, lstrcat, lstrcatA, lstrcatW, lstrcmp, lstrcmpA, lstrcmpW, lstrcmpi, lstrcmpiA, lstrcmpiW, lstrcpy, lstrcpyA, lstrcpyW, lstrcpyn, lstrcpynA, lstrcpynW, lstrlen, lstrlenA,lstrlenW

Auswertung shell32.dll:

Code:

Antivirus         Version         letzte aktualisierung         Ergebnis

AhnLab-V3         2008.3.4.0         2008.03.07         -

AntiVir         7.6.0.73         2008.03.07         -

Authentium         4.93.8         2008.03.07         -

Avast         4.7.1098.0         2008.03.07         -

AVG         7.5.0.516         2008.03.08         -

BitDefender         7.2         2008.03.08         -

CAT-QuickHeal         9.50         2008.03.08         -

ClamAV         0.92.1         2008.03.08         -

DrWeb         4.44.0.09170         2008.03.08         -

eSafe         7.0.15.0         2008.03.06         -

eTrust-Vet         31.3.5597         2008.03.07         -

Ewido         4.0         2008.03.08         -

F-Prot         4.4.2.54         2008.03.08         -

F-Secure         6.70.13260.0         2008.03.08         -

FileAdvisor         1         2008.03.08         -

Fortinet         3.14.0.0         2008.03.08         -

Ikarus         T3.1.1.20         2008.03.08         -

Kaspersky         7.0.0.125         2008.03.08         -

McAfee         5247         2008.03.07         -

Microsoft         1.3301         2008.03.07         -

NOD32v2         2931         2008.03.08         -

Norman         5.80.02         2008.03.07         -

Panda         9.0.0.4         2008.03.08         -

Prevx1         V2         2008.03.08         -

Rising         20.34.52.00         2008.03.08         -

Sophos         4.27.0         2008.03.08         -

Sunbelt         3.0.930.0         2008.03.05         -

Symantec         10         2008.03.08         -

TheHacker         6.2.92.238         2008.03.08         -

VBA32         3.12.6.2         2008.03.05         -

VirusBuster         4.3.26:9         2008.03.07         -

Webwasher-Gateway         6.6.2         2008.03.08         -

weitere Informationen

File size: 8495616 bytes

MD5: f49209a27f4987ce58168f8ec4e93e17

SHA1: f6d2b36a7135d03ad24dfd1e45b80745b23e5f00

PEiD: -

Hier gehts weiter mit der ntoskrnl.exe (nicht ntoskrnl.dll):

Code:

Antivirus         Version         letzte aktualisierung         Ergebnis

AhnLab-V3         2008.5.16.0         2008.05.16         -

AntiVir         7.8.0.19         2008.05.17         -

Authentium         5.1.0.4         2008.05.17         -

Avast         4.8.1195.0         2008.05.17         -

AVG         7.5.0.516         2008.05.16         -

BitDefender         7.2         2008.05.17         -

CAT-QuickHeal         9.50         2008.05.17         -

ClamAV         0.92.1         2008.05.17         -

DrWeb         4.44.0.09170         2008.05.17         -

eSafe         7.0.15.0         2008.05.16         -

eTrust-Vet         31.4.5796         2008.05.16         -

Ewido         4.0         2008.05.14         -

F-Prot         4.4.2.54         2008.05.16         -

F-Secure         6.70.13260.0         2008.05.17         -

Fortinet         3.14.0.0         2008.05.17         -

GData         2.0.7306.1023         2008.05.17         -

Ikarus         T3.1.1.26.0         2008.05.17         -

Kaspersky         7.0.0.125         2008.05.17         -

McAfee         5297         2008.05.17         -

Microsoft         1.3408         2008.05.13         -

NOD32v2         3106         2008.05.16         -

Norman         5.80.02         2008.05.16         -

Panda         9.0.0.4         2008.05.17         -

Prevx1         V2         2008.05.17         -

Rising         20.44.52.00         2008.05.17         -

Sophos         4.29.0         2008.05.17         -

Sunbelt         3.0.1123.1         2008.05.17         -

Symantec         10         2008.05.17         -

TheHacker         6.2.92.311         2008.05.15         -

VBA32         3.12.6.6         2008.05.17         -

VirusBuster         4.3.26:9         2008.05.16         -

Webwasher-Gateway         6.6.2         2008.05.17         -

weitere Informationen

File size: 2182656 bytes

MD5...: 2804b72eb675cd43df7994ae4685b894

SHA1..: 4537f42e7cc05b5ed9c2e8f89177e6f4465c968d

SHA256: e087e71b2615e362c78939a2ebc99d73a15c9b8161c88a1e82f2792cd7b87056

SHA512: 2023a7fe7cd9d87f4e7d558bf6516e3d78ee1f306d7176b3aca8ee9ff19e9557

29651401083a400a4920fc34ca3b8d630639346bea11783ac86efe0ae6dc91da

PEiD..: -

PEInfo: PE Structure information
 

( base data )

entrypointaddress.: 0x5d55ce

timedatestamp.....: 0x45e54711 (Wed Feb 28 09:10:41 2007)

machinetype.......: 0x14c (I386)
 

( 21 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x580 0x719e1 0x71a00 6.62 57d36bc8ba8d45ecc6b8667921c8e894

POOLMI 0x71f80 0x12b3 0x1300 6.33 5c84474ee7358adc7dd2f4f4dc1922d5

MISYSPTE 0x73280 0x700 0x700 6.27 f652fa0c4cb20f967cfa26bc8652c232

POOLCODE 0x73980 0x15a0 0x1600 6.40 91ff6c6045b9028a42d131db914385b2

.data 0x74f80 0x16ca0 0x16d00 0.46 418d3b39d0940bee373b0007cb758540

PAGE 0x8bc80 0xf8e0c 0xf8e80 6.65 0bd8ca099e01a8a2ea836c37cfddd898

PAGELK 0x184b00 0xe359 0xe380 6.73 639cfba96de315d8a3376c31524cfeff

PAGEVRFY 0x192e80 0xf1cd 0xf200 6.69 be26ed409a4678bfb448d4cd10f43d90

PAGEWMI 0x1a2080 0x17fd 0x1800 6.47 d0f165045712f92a4b73fa66790e865d

PAGEKD 0x1a3880 0x4052 0x4080 6.50 47d66edd4fb143d3480a5d2270dbd79d

PAGESPEC 0x1a7900 0xc43 0xc80 6.33 4ee0d907ea989af7a7c3603d13b7b37e

PAGEHDLS 0x1a8580 0x1dd8 0x1e00 6.27 54cf8bdf56a419d4a8e9871842ce4449

.edata 0x1aa380 0xb55d 0xb580 6.02 f1f14a925c719b578cfb48b34099ddff

PAGEDATA 0x1b5900 0x1558 0x1580 2.72 428b630c17eb3b4ca83fa093a314d2bf

PAGEKD 0x1b6e80 0xc021 0xc080 0.00 a232d40b84ef18bece78659b97c6d79d

PAGECONS 0x1c2f00 0x18c 0x200 2.25 55b19e2f30c97318e03aefe5df653355

PAGEVRFC 0x1c3100 0x3449 0x3480 5.25 a5c37ded2d25d14ea31f2739c965f3cd

PAGEVRFD 0x1c6580 0x648 0x680 2.74 6e289d0f6c38982d4c9fbf48d60ded65

INIT 0x1c6c00 0x2d728 0x2d780 6.52 779977d46dfc1ca2fa7aaa9170519cde

.rsrc 0x1f4380 0x11050 0x11080 5.37 8754106c358325b40e342bcae67446e2

.reloc 0x205400 0xf984 0xfa00 6.78 bae902f271b60925f22cb866c5aaa12b
 

( 3 imports )

> BOOTVID.dll: VidInitialize, VidDisplayString, VidSetTextColor, VidSolidColorFill, VidBitBlt, VidBufferToScreenBlt, VidScreenToBufferBlt, VidResetDisplay, VidCleanUp, VidSetScrollRegion

> HAL.dll: HalReportResourceUsage, HalAllProcessorsStarted, HalQueryRealTimeClock, HalAllocateAdapterChannel, KeStallExecutionProcessor, HalTranslateBusAddress, KfReleaseSpinLock, KfAcquireSpinLock, HalGetBusDataByOffset, HalSetBusDataByOffset, KeQueryPerformanceCounter, HalReturnToFirmware, READ_PORT_UCHAR, READ_PORT_USHORT, READ_PORT_ULONG, WRITE_PORT_UCHAR, WRITE_PORT_USHORT, WRITE_PORT_ULONG, HalInitializeProcessor, HalCalibratePerformanceCounter, HalSetRealTimeClock, HalHandleNMI, HalBeginSystemInterrupt, HalEndSystemInterrupt, KeRaiseIrqlToSynchLevel, KeAcquireInStackQueuedSpinLockRaiseToSynch, HalInitSystem, HalDisableSystemInterrupt, HalEnableSystemInterrupt, KeRaiseIrql, KeLowerIrql, HalClearSoftwareInterrupt, KeReleaseSpinLock, KeAcquireSpinLock, ExTryToAcquireFastMutex, KeAcquireSpinLockRaiseToSynch, KeFlushWriteBuffer, HalProcessorIdle, HalReadDmaCounter, IoMapTransfer, IoFreeMapRegisters, IoFreeAdapterChannel, IoFlushAdapterBuffers, HalFreeCommonBuffer, HalAllocateCommonBuffer, HalAllocateCrashDumpRegisters, HalGetAdapter, HalSetTimeIncrement, HalGetEnvironmentVariable, HalSetEnvironmentVariable, KfRaiseIrql, HalGetInterruptVector, KeGetCurrentIrql, HalRequestSoftwareInterrupt, KeAcquireInStackQueuedSpinLock, KeReleaseInStackQueuedSpinLock, ExAcquireFastMutex, ExReleaseFastMutex, KeRaiseIrqlToDpcLevel, HalSystemVectorDispatchEntry, KfLowerIrql, HalStartProfileInterrupt, HalSetProfileInterval, HalStopProfileInterrupt

> KDCOM.dll: KdD0Transition, KdD3Transition, KdRestore, KdReceivePacket, KdDebuggerInitialize0, KdSave, KdDebuggerInitialize1, KdSendPacket
 

( 1485 exports )

CcCanIWrite, CcCopyRead, CcCopyWrite, CcDeferWrite, CcFastCopyRead, CcFastCopyWrite, CcFastMdlReadWait, CcFastReadNotPossible, CcFastReadWait, CcFlushCache, CcGetDirtyPages, CcGetFileObjectFromBcb, CcGetFileObjectFromSectionPtrs, CcGetFlushedValidData, CcGetLsnForFileObject, CcInitializeCacheMap, CcIsThereDirtyData, CcMapData, CcMdlRead, CcMdlReadComplete, CcMdlWriteAbort, CcMdlWriteComplete, CcPinMappedData, CcPinRead, CcPrepareMdlWrite, CcPreparePinWrite, CcPurgeCacheSection, CcRemapBcb, CcRepinBcb, CcScheduleReadAhead, CcSetAdditionalCacheAttributes, CcSetBcbOwnerPointer, CcSetDirtyPageThreshold, CcSetDirtyPinnedData, CcSetFileSizes, CcSetLogHandleForFile, CcSetReadAheadGranularity, CcUninitializeCacheMap, CcUnpinData, CcUnpinDataForThread, CcUnpinRepinnedBcb, CcWaitForCurrentLazyWriterActivity, CcZeroData, CmRegisterCallback, CmUnRegisterCallback, DbgBreakPoint, DbgBreakPointWithStatus, DbgLoadImageSymbols, DbgPrint, DbgPrintEx, DbgPrintReturnControlC, DbgPrompt, DbgQueryDebugFilterState, DbgSetDebugFilterState, ExAcquireFastMutexUnsafe, ExAcquireResourceExclusiveLite, ExAcquireResourceSharedLite, ExAcquireRundownProtection, ExAcquireRundownProtectionEx, ExAcquireSharedStarveExclusive, ExAcquireSharedWaitForExclusive, ExAllocateFromPagedLookasideList, ExAllocatePool, ExAllocatePoolWithQuota, ExAllocatePoolWithQuotaTag, ExAllocatePoolWithTag, ExAllocatePoolWithTagPriority, ExConvertExclusiveToSharedLite, ExCreateCallback, ExDeleteNPagedLookasideList, ExDeletePagedLookasideList, ExDeleteResourceLite, ExDesktopObjectType, ExDisableResourceBoostLite, ExEnumHandleTable, ExEventObjectType, ExExtendZone, ExFreePool, ExFreePoolWithTag, ExFreeToPagedLookasideList, ExGetCurrentProcessorCounts, ExGetCurrentProcessorCpuUsage, ExGetExclusiveWaiterCount, ExGetPreviousMode, ExGetSharedWaiterCount, ExInitializeNPagedLookasideList, ExInitializePagedLookasideList, ExInitializeResourceLite, ExInitializeRundownProtection, ExInitializeZone, ExInterlockedAddLargeInteger, ExInterlockedAddLargeStatistic, ExInterlockedAddUlong, ExInterlockedCompareExchange64, ExInterlockedDecrementLong, ExInterlockedExchangeUlong, ExInterlockedExtendZone, ExInterlockedFlushSList, ExInterlockedIncrementLong, ExInterlockedInsertHeadList, ExInterlockedInsertTailList, ExInterlockedPopEntryList, ExInterlockedPopEntrySList, ExInterlockedPushEntryList, ExInterlockedPushEntrySList, ExInterlockedRemoveHeadList, ExIsProcessorFeaturePresent, ExIsResourceAcquiredExclusiveLite, ExIsResourceAcquiredSharedLite, ExLocalTimeToSystemTime, ExNotifyCallback, ExQueryPoolBlockSize, ExQueueWorkItem, ExRaiseAccessViolation, ExRaiseDatatypeMisalignment, ExRaiseException, ExRaiseHardError, ExRaiseStatus, ExReInitializeRundownProtection, ExRegisterCallback, ExReinitializeResourceLite, ExReleaseFastMutexUnsafe, ExReleaseResourceForThreadLite, ExReleaseResourceLite, ExReleaseRundownProtection, ExReleaseRundownProtectionEx, ExRundownCompleted, ExSemaphoreObjectType, ExSetResourceOwnerPointer, ExSetTimerResolution, ExSystemExceptionFilter, ExSystemTimeToLocalTime, ExUnregisterCallback, ExUuidCreate, ExVerifySuite, ExWaitForRundownProtectionRelease, ExWindowStationObjectType, ExfAcquirePushLockExclusive, ExfAcquirePushLockShared, ExfInterlockedAddUlong, ExfInterlockedCompareExchange64, ExfInterlockedInsertHeadList, ExfInterlockedInsertTailList, ExfInterlockedPopEntryList, ExfInterlockedPushEntryList, ExfInterlockedRemoveHeadList, ExfReleasePushLock, Exfi386InterlockedDecrementLong, Exfi386InterlockedExchangeUlong, Exfi386InterlockedIncrementLong, Exi386InterlockedDecrementLong, Exi386InterlockedExchangeUlong, Exi386InterlockedIncrementLong, FsRtlAcquireFileExclusive, FsRtlAddLargeMcbEntry, FsRtlAddMcbEntry, FsRtlAddToTunnelCache, FsRtlAllocateFileLock, FsRtlAllocatePool, FsRtlAllocatePoolWithQuota, FsRtlAllocatePoolWithQuotaTag, FsRtlAllocatePoolWithTag, FsRtlAllocateResource, FsRtlAreNamesEqual, FsRtlBalanceReads, FsRtlCheckLockForReadAccess, FsRtlCheckLockForWriteAccess, FsRtlCheckOplock, FsRtlCopyRead, FsRtlCopyWrite, FsRtlCreateSectionForDataScan, FsRtlCurrentBatchOplock, FsRtlDeleteKeyFromTunnelCache, FsRtlDeleteTunnelCache, FsRtlDeregisterUncProvider, FsRtlDissectDbcs, FsRtlDissectName, FsRtlDoesDbcsContainWildCards, FsRtlDoesNameContainWildCards, FsRtlFastCheckLockForRead, FsRtlFastCheckLockForWrite, FsRtlFastUnlockAll, FsRtlFastUnlockAllByKey, FsRtlFastUnlockSingle, FsRtlFindInTunnelCache, FsRtlFreeFileLock, FsRtlGetFileSize, FsRtlGetNextFileLock, FsRtlGetNextLargeMcbEntry, FsRtlGetNextMcbEntry, FsRtlIncrementCcFastReadNoWait, FsRtlIncrementCcFastReadNotPossible, FsRtlIncrementCcFastReadResourceMiss, FsRtlIncrementCcFastReadWait, FsRtlInitializeFileLock, FsRtlInitializeLargeMcb, FsRtlInitializeMcb, FsRtlInitializeOplock, FsRtlInitializeTunnelCache, FsRtlInsertPerFileObjectContext, FsRtlInsertPerStreamContext, FsRtlIsDbcsInExpression, FsRtlIsFatDbcsLegal, FsRtlIsHpfsDbcsLegal, FsRtlIsNameInExpression, FsRtlIsNtstatusExpected, FsRtlIsPagingFile, FsRtlIsTotalDeviceFailure, FsRtlLegalAnsiCharacterArray, FsRtlLookupLargeMcbEntry, FsRtlLookupLastLargeMcbEntry, FsRtlLookupLastLargeMcbEntryAndIndex, FsRtlLookupLastMcbEntry, FsRtlLookupMcbEntry, FsRtlLookupPerFileObjectContext, FsRtlLookupPerStreamContextInternal, FsRtlMdlRead, FsRtlMdlReadComplete, FsRtlMdlReadCompleteDev, FsRtlMdlReadDev, FsRtlMdlWriteComplete, FsRtlMdlWriteCompleteDev, FsRtlNormalizeNtstatus, FsRtlNotifyChangeDirectory, FsRtlNotifyCleanup, FsRtlNotifyFilterChangeDirectory, FsRtlNotifyFilterReportChange, FsRtlNotifyFullChangeDirectory, FsRtlNotifyFullReportChange, FsRtlNotifyInitializeSync, FsRtlNotifyReportChange, FsRtlNotifyUninitializeSync, FsRtlNotifyVolumeEvent, FsRtlNumberOfRunsInLargeMcb, FsRtlNumberOfRunsInMcb, FsRtlOplockFsctrl, FsRtlOplockIsFastIoPossible, FsRtlPostPagingFileStackOverflow, FsRtlPostStackOverflow, FsRtlPrepareMdlWrite, FsRtlPrepareMdlWriteDev, FsRtlPrivateLock, FsRtlProcessFileLock, FsRtlRegisterFileSystemFilterCallbacks, FsRtlRegisterUncProvider, FsRtlReleaseFile, FsRtlRemoveLargeMcbEntry, FsRtlRemoveMcbEntry, FsRtlRemovePerFileObjectContext, FsRtlRemovePerStreamContext, FsRtlResetLargeMcb, FsRtlSplitLargeMcb, FsRtlSyncVolumes, FsRtlTeardownPerStreamContexts, FsRtlTruncateLargeMcb, FsRtlTruncateMcb, FsRtlUninitializeFileLock, FsRtlUninitializeLargeMcb, FsRtlUninitializeMcb, FsRtlUninitializeOplock, HalDispatchTable, HalExamineMBR, HalPrivateDispatchTable, HeadlessDispatch, InbvAcquireDisplayOwnership, InbvCheckDisplayOwnership, InbvDisplayString, InbvEnableBootDriver, InbvEnableDisplayString, InbvInstallDisplayStringFilter, InbvIsBootDriverInstalled, InbvNotifyDisplayOwnershipLost, InbvResetDisplay, InbvSetScrollRegion, InbvSetTextColor, InbvSolidColorFill, InitSafeBootMode, InterlockedCompareExchange,

Auswertung lyx-1.4.1_win32_setup_v1.exe:

Code:

Antivirus         Version         letzte aktualisierung         Ergebnis

AhnLab-V3        2008.5.10.0        2008.05.13        -

AntiVir        7.8.0.17        2008.05.13        -

Authentium        5.1.0.4        2008.05.14        -

Avast        4.8.1169.0        2008.05.12        -

AVG        7.5.0.516        2008.05.13        -

BitDefender        7.2        2008.05.08        -

CAT-QuickHeal        9.50        2008.05.12        -

ClamAV        0.92.1        2008.05.13        -

DrWeb        4.44.0.09170        2008.05.13        -

eSafe        7.0.15.0        2008.05.12        -

eTrust-Vet        31.4.5784        2008.05.13        -

Ewido        4.0        2008.05.13        -

F-Prot        4.4.2.54        2008.05.13        -

F-Secure        6.70.13260.0        2008.05.13        -

Fortinet        3.14.0.0        2008.05.13        -

GData        2.0.7306.1023        2008.05.14        -

Ikarus        T3.1.1.26.0        2008.05.13        -

Kaspersky        7.0.0.125        2008.05.13        -

McAfee        5293        2008.05.12        -

Microsoft        1.3408        2008.05.13        -

NOD32v2        3095        2008.05.13        -

Norman        5.80.02        2008.05.09        -

Panda        9.0.0.4        2008.05.12        -

Prevx1        V2        2008.05.18        Malicious Software

Rising        20.44.12.00        2008.05.13        -

Sophos        4.29.0        2008.05.13        -

Sunbelt        3.0.1114.0        2008.05.12        -

Symantec        10        2008.05.13        -

TheHacker        6.2.92.309        2008.05.13        -

VBA32        3.12.6.6        2008.05.13        -

VirusBuster        4.3.26:9        2008.05.12        -

Webwasher-Gateway        6.6.2        2008.05.13        -

weitere Informationen

File size: 8813106 bytes

MD5...: 8c57536d93b08000719c4b153642feac

SHA1..: 3ccde443b072ee9a003e64c2b128e14ff8c7e9eb

SHA256: ec9370be3bff636a7034c20cac825bbed31d9e3880019140e16540e90aaeb0c9

SHA512: 2b5d7851ad6031e520280fadb3be9d6f3a0fecdb4395df037e45b386e8bd6833

eec40866a35c44f4b852515241bd10db399f4fc463387b76e2815ef1ebeddac1

PEiD..: -

PEInfo: PE Structure information
 

( base data )

entrypointaddress.: 0x403137

timedatestamp.....: 0x4436a86e (Fri Apr 07 17:59:10 2006)

machinetype.......: 0x14c (I386)
 

( 5 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0x5874 0x5a00 6.39 79e0c9546f9b938bb7f605623114f805

.rdata 0x7000 0x10f2 0x1200 5.06 91271e85c1048ae5a465a5a9d34af29f

.data 0x9000 0x1b3f4 0x400 5.07 3dbf52131f08fdb4f69eeddf57a5a444

.ndata 0x25000 0xf000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

.rsrc 0x34000 0x3bb8 0x3c00 3.98 58a45b3fdaeee7e818c8681abe75a51d
 

( 8 imports )

> KERNEL32.dll: CloseHandle, SetFileTime, CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetFileSize, GetModuleFileNameA, GetTickCount, GetCurrentProcess, lstrcmpiA, ExitProcess, GetCommandLineA, GetWindowsDirectoryA, GetTempPathA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, lstrcmpA, GetEnvironmentVariableA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, SetErrorMode, GetModuleHandleA, LoadLibraryA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, CopyFileA

> USER32.dll: ScreenToClient, GetWindowRect, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, EndDialog, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxA, CharPrevA, DispatchMessageA, PeekMessageA, CreateDialogParamA, DestroyWindow, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, TrackPopupMenu, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow

> GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject

> SHELL32.dll: SHGetMalloc, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation

> ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA

> COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create

> ole32.dll: OleInitialize, OleUninitialize, CoCreateInstance

> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA
 

( 0 exports )

Prevx info: h**p://info.prevx.com/aboutprogramtext.asp?PX5=2E03D43B32D9E2017A8C86CA3437E00068DB14A7

Zu Deinen Fragen:

Habe in letzter Zeit nichts heruntergeladen, muss aber auch sagen, dass ich schon lange keinen vollständigen Virenscan durchgeführt habe, so dass es sein kann, dass der Troraner schon länger da ist.

DIe Datei ist wohl zum Ausführen von lyx (Textverarbeitungsprogramm), aber keine Ahnung, wo ich das mal runtergeladen habe.

Habe diese Datei auch sicherlich seit sehr langem nicht mehr ausgeführt, aber wohl irgendwann schon mal.

Hilft das denn alles? Wie gehe ich weiter vor?

Gruss,

Sandra

Hi,

ich seh da nichts bedenkliches. Die 3 veränderten Dateien gehören zu Windows. Veränderungen an diesen Dateien können zum Beispiel bei einem Microsoftupdate geschehen.

Die Dateien sind jedoch mit der Größe und dem MD5 (=eindeutige Zeichenfolge zur Erkennung von Dateien) als Microsoftdateien bekannt.

Interessant ist folgendes:

Zitat:

Auswertung lyx-1.4.1_win32_setup_v1.exe:

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.5.10.0 2008.05.13 -
AntiVir 7.8.0.17 2008.05.13 -
Authentium 5.1.0.4 2008.05.14 -
Avast 4.8.1169.0 2008.05.12 -
AVG 7.5.0.516 2008.05.13 -
BitDefender 7.2 2008.05.08 -
CAT-QuickHeal 9.50 2008.05.12 -
ClamAV 0.92.1 2008.05.13 -

Hier findet AVG nichts in der bei dir bemängelten Datei. Ich denke, auch weil sonst kein Programm etwas in der Datei findet, das es sich um einen Fehlalrm von AVG handelt und du nicht infiziert bist.
Von wann sind denn deine Signaturen?
Wird die Datei immernoch bemängelt, nachdem du deine Signaturen aktualisiert hast?

lg myrtille

Hallo,

ja, nachdem ich ein Update gemacht habe, wurde an der Datei nichts mehr gefunden. Na ja...Fehlalarm...besser so :).

Vielen Dank Dir für Deine Hilfe!

Viele Grüße,

Sandra

Hi :)

Definitiv besser so als andersrum. ;)

Du könntest noch 2 Sachen tun:

Zum einen unter Start->Systemsteuerung->Software deine bisherigen Javainstallationen deinstallieren und die aktuelle Version von sun installieren.
Außerdem könntest du noch auf den InternetExplorer 7 aktualieren. Selbst wenn du den IE nicht nutzt ist es empfehlenswert den IE regelmäßig zu aktualisieren, da er aline Systemkomponente ist.

lg myrtille

Ok, danke für die Tipps!

Schönen Abend noch,

Sandra