Registre Infecté
Résolu
lepurlensois62
Messages postés
284
Date d'inscription
Statut
Membre
Dernière intervention
-
Smart91 Messages postés 29097 Date d'inscription Statut Contributeur sécurité Dernière intervention -
Smart91 Messages postés 29097 Date d'inscription Statut Contributeur sécurité Dernière intervention -
A voir également:
- Registre Infecté
- Registre windows - Guide
- Alerte windows ordinateur infecté - Accueil - Arnaque
- Éditeur de registre windows 11 - Télécharger - Registre
- Trouver clé windows 10 dans registre - Guide
- Desactiver uac registre - Guide
40 réponses
Bonjour,
Relance MBAM
- Fais la mise à jour du logiciel, c'est très important (elle se fait normalement à l'installation)
- Lance une analyse complète en cliquant sur "Exécuter un examen complet"
- Sélectionne les disques que tu veux analyser et clique sur "Lancer l'examen"
- L'analyse peut durer un bon moment.....
- Une fois l'analyse terminée, clique sur "OK" puis sur "Afficher les résultats"
- Vérifie que tout est bien coché et clique sur "Supprimer la sélection" => et ensuite sur "OK"
- Un rapport va s'ouvrir dans le bloc note... Fais un copié/collé du rapport dans ta prochaine réponse sur le forum</list>
* Il se pourrait que certains fichiers devront être supprimés au redémarrage du PC... Fais le en cliquant sur "oui" à la question posée
Smart
Relance MBAM
- Fais la mise à jour du logiciel, c'est très important (elle se fait normalement à l'installation)
- Lance une analyse complète en cliquant sur "Exécuter un examen complet"
- Sélectionne les disques que tu veux analyser et clique sur "Lancer l'examen"
- L'analyse peut durer un bon moment.....
- Une fois l'analyse terminée, clique sur "OK" puis sur "Afficher les résultats"
- Vérifie que tout est bien coché et clique sur "Supprimer la sélection" => et ensuite sur "OK"
- Un rapport va s'ouvrir dans le bloc note... Fais un copié/collé du rapport dans ta prochaine réponse sur le forum</list>
* Il se pourrait que certains fichiers devront être supprimés au redémarrage du PC... Fais le en cliquant sur "oui" à la question posée
Smart
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Version de la base de données: 4052
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
12/06/2010 22:39:58
mbam-log-2010-06-12 (22-39-58).txt
Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 315094
Temps écoulé: 1 heure(s), 36 minute(s), 52 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
www.malwarebytes.org
Version de la base de données: 4052
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
12/06/2010 22:39:58
mbam-log-2010-06-12 (22-39-58).txt
Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 315094
Temps écoulé: 1 heure(s), 36 minute(s), 52 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Relance MBAM. Vide la quarantaine. Et ensuite on va faire un diagnostic de ton PC
Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
Une fois le téléchargement achevé, double clique sur ZHPDiag.exe et suis les instructions.
/!\Utilisateurs de Vista et Windows 7 : Clique droit sur le logo de ZHPDiag.exe, « exécuter en tant qu'Administrateur »
N'oublie pas de cocher la case qui permet de mettre un raccourci sur le Bureau.
- Double clique sur le raccourci ZHPDiag sur ton Bureau pour le lancer.
(/!\L'outil a créé 2 icônes ZHPDiag et ZHPFix)
- Clique sur la loupe pour lancer l'analyse.
- Laisse l'outil travailler, il peut être assez long.
- Ferme ZHPDiag en fin d'analyse.
- Pour transmettre le rapport clique sur ce lien : http://www.cijoint.fr/
- Clique sur Parcourir et cherche le répertoire où est installé ZHPDiag (en général C:\Program Files\ZHPDiag).
- Sélectionne le fichier ZHPDiag.txt.
- Clique sur "Cliquez ici pour déposer le fichier".
- Un lien de cette forme : http://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt est ajouté dans la page.
- Copie ce lien dans ta réponse.
Smart
Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
Une fois le téléchargement achevé, double clique sur ZHPDiag.exe et suis les instructions.
/!\Utilisateurs de Vista et Windows 7 : Clique droit sur le logo de ZHPDiag.exe, « exécuter en tant qu'Administrateur »
N'oublie pas de cocher la case qui permet de mettre un raccourci sur le Bureau.
- Double clique sur le raccourci ZHPDiag sur ton Bureau pour le lancer.
(/!\L'outil a créé 2 icônes ZHPDiag et ZHPFix)
- Clique sur la loupe pour lancer l'analyse.
- Laisse l'outil travailler, il peut être assez long.
- Ferme ZHPDiag en fin d'analyse.
- Pour transmettre le rapport clique sur ce lien : http://www.cijoint.fr/
- Clique sur Parcourir et cherche le répertoire où est installé ZHPDiag (en général C:\Program Files\ZHPDiag).
- Sélectionne le fichier ZHPDiag.txt.
- Clique sur "Cliquez ici pour déposer le fichier".
- Un lien de cette forme : http://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt est ajouté dans la page.
- Copie ce lien dans ta réponse.
Smart
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Il reste ecore des traces et il faut que tu fasses de la place sur ton disques C:.
Désinstalle Spybot Seartch and destroy. Il n'est plus utile aujourd'hui ton antivirus suffit largement et de plus il ralentit ton PC.
Lance ZHPFix (soit via le raccourci sur ton Bureau, soit via ZHPDiag en cliquant sur l'écusson vert)
Clique sur l'icone représentant la lettre H (« coller les lignes Helper »)
Copie/colle les lignes suivantes et place les dans ZHPFix :
----------------------------------------------------------
[HKCU\Software\LdShih]
----------------------------------------------------------
- Clique sur « Tous », puis sur « Nettoyer »
Smart
Désinstalle Spybot Seartch and destroy. Il n'est plus utile aujourd'hui ton antivirus suffit largement et de plus il ralentit ton PC.
Lance ZHPFix (soit via le raccourci sur ton Bureau, soit via ZHPDiag en cliquant sur l'écusson vert)
Clique sur l'icone représentant la lettre H (« coller les lignes Helper »)
Copie/colle les lignes suivantes et place les dans ZHPFix :
----------------------------------------------------------
[HKCU\Software\LdShih]
----------------------------------------------------------
- Clique sur « Tous », puis sur « Nettoyer »
Smart
voilà
Processus mémoire :
(Néant)
Module mémoire :
(Néant)
Clé du Registre :
HKCU\Software\LdShih => Clé supprimée avec succès
Valeur du Registre :
(Néant)
Elément de données du Registre :
(Néant)
Préférences navigateur :
(Néant)
Dossier :
(Néant)
Fichier :
(Néant)
Logiciel :
(Néant)
Script Registre :
(Néant)
Master Boot Record :
(Néant)
Autre :
---------------------------------------------------------- => Format Non supporté
---------------------------------------------------------- => Format Non supporté
Récapitulatif :
Processus mémoire : 0
Module mémoire : 0
Clé du Registre : 1
Valeur du Registre : 0
Elément de données du Registre : 0
Dossier : 0
Fichier : 0
Logiciel : 0
Master Boot Record : 0
Préférences navigateur : 0
Autre : 2
End of the scan
Processus mémoire :
(Néant)
Module mémoire :
(Néant)
Clé du Registre :
HKCU\Software\LdShih => Clé supprimée avec succès
Valeur du Registre :
(Néant)
Elément de données du Registre :
(Néant)
Préférences navigateur :
(Néant)
Dossier :
(Néant)
Fichier :
(Néant)
Logiciel :
(Néant)
Script Registre :
(Néant)
Master Boot Record :
(Néant)
Autre :
---------------------------------------------------------- => Format Non supporté
---------------------------------------------------------- => Format Non supporté
Récapitulatif :
Processus mémoire : 0
Module mémoire : 0
Clé du Registre : 1
Valeur du Registre : 0
Elément de données du Registre : 0
Dossier : 0
Fichier : 0
Logiciel : 0
Master Boot Record : 0
Préférences navigateur : 0
Autre : 2
End of the scan
OK. Maintenant c'est OK.
Fais la mise à jour suivante:
Mise à jour IE8
https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
Mise à jour Java
Désintalle par Ajout/supprsion de programmes Java 6 update 19
Et installe Java 6 update 20==> https://www.java.com/fr/download/manual.jsp
1. Désinstallation des outils
Lance ZHPFix (pour ça, fais un clic-droit dessus et choisis « Exécuter en temps qu'administrateur ») --> clique sur le « A » rouge (Nettoyeur de Tools) --> clique sur « Nettoyer »
Tutoriel pour t'aide
2. Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar) :
Avec ce logiciel on va supprimer les fichiers temporaires et inutiles sur ton PC. Ce n'est pas un logiciel qui supprime les infections
- Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
- Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
- Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs (Sauvegarde la base de registre).
3. Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.
Quelques conseils de Prévention
- Réactive l'UAC si ce n'est pas déjà fait.
- Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.
- Par rapport au P2P : http://www.libellules.ch/...
- Voici un dossier complet sur le prévention et protection, il est absolument à lire (avec Adobe Reader ou Foxit Reader) :
Prévention et Protection
Sois plus vigilant(e) sur Internet à l'avenir
Voilà, pour moi c'est terminé, si tu as des questions n'hésite pas.
Smart
"Si tu n'as pas d'ambitions, tu t'installes au bord de la chute" (Kundera)
Fais la mise à jour suivante:
Mise à jour IE8
https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
Mise à jour Java
Désintalle par Ajout/supprsion de programmes Java 6 update 19
Et installe Java 6 update 20==> https://www.java.com/fr/download/manual.jsp
1. Désinstallation des outils
Lance ZHPFix (pour ça, fais un clic-droit dessus et choisis « Exécuter en temps qu'administrateur ») --> clique sur le « A » rouge (Nettoyeur de Tools) --> clique sur « Nettoyer »
Tutoriel pour t'aide
2. Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar) :
Avec ce logiciel on va supprimer les fichiers temporaires et inutiles sur ton PC. Ce n'est pas un logiciel qui supprime les infections
- Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
- Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
- Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs (Sauvegarde la base de registre).
3. Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.
Quelques conseils de Prévention
- Réactive l'UAC si ce n'est pas déjà fait.
- Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.
- Par rapport au P2P : http://www.libellules.ch/...
- Voici un dossier complet sur le prévention et protection, il est absolument à lire (avec Adobe Reader ou Foxit Reader) :
Prévention et Protection
Sois plus vigilant(e) sur Internet à l'avenir
Voilà, pour moi c'est terminé, si tu as des questions n'hésite pas.
Smart
"Si tu n'as pas d'ambitions, tu t'installes au bord de la chute" (Kundera)
J'ai un autre problème :
Après avoir insérer un CD de données dans mon lecteur , je vais dans poste de travail , je double clique sur le lecteur et là BOUM , plantage de Microsoft Windows . Apparait alors le message suivant : explorateur Windows a cessé de fonctionner.
Petite précision : Je grave avec Néro.
Après avoir insérer un CD de données dans mon lecteur , je vais dans poste de travail , je double clique sur le lecteur et là BOUM , plantage de Microsoft Windows . Apparait alors le message suivant : explorateur Windows a cessé de fonctionner.
Petite précision : Je grave avec Néro.
Dès qu'il y a des films ou séries , j'ai ce problème; Car avec un cd de donnée avec des musiques , aucun pb.
Bizarrement , l'explorateur plante aussi quand je vais dans ma corbeille :s
Bizarrement , l'explorateur plante aussi quand je vais dans ma corbeille :s
On va prendre les grands moyens:
Attention, cet outil n'est pas à utiliser à la légère, et doit être recommandé que par une personne formée à cet outil
Imprime la procédure
Télécharge ComboFix de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Tutoriel pour bien utiliser l'outil ==> https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
- /!\ Déconnecte-toi du net et DESACTIVE TOUTES LES DEFENSES, antivirus et antispyware y compris /!\
- Double-clique sur ComboFix.exe
- Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter
- Surtout, accepte d'installer la console de récupération
Ne touche à rien(souris, clavier) tant que le scan n'est pas terminé, car tu risques de figer ton PC
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
Smart
Attention, cet outil n'est pas à utiliser à la légère, et doit être recommandé que par une personne formée à cet outil
Imprime la procédure
Télécharge ComboFix de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Tutoriel pour bien utiliser l'outil ==> https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
- /!\ Déconnecte-toi du net et DESACTIVE TOUTES LES DEFENSES, antivirus et antispyware y compris /!\
- Double-clique sur ComboFix.exe
- Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter
- Surtout, accepte d'installer la console de récupération
Ne touche à rien(souris, clavier) tant que le scan n'est pas terminé, car tu risques de figer ton PC
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
Smart
Tu n'as pas déinstallé Sybot comme je te l'avais demandé. Mais bon le pb ne vient pas de là.
Est-ce que tu as toujours le problème ?
Sinon peux-tu faire ceci:
Va sur le site de Virus Total
Copie cette ligne ci-dessous et colle dans la case à côté de parcourir et fais envoyer.:
c:\windows\system32\win32k.sys
Attends l'analyse et poste le rapport
Smart
"Si tu n'as pas d'ambitions, tu t'installes au bord de la chute" (Kundera)
Est-ce que tu as toujours le problème ?
Sinon peux-tu faire ceci:
Va sur le site de Virus Total
Copie cette ligne ci-dessous et colle dans la case à côté de parcourir et fais envoyer.:
c:\windows\system32\win32k.sys
Attends l'analyse et poste le rapport
Smart
"Si tu n'as pas d'ambitions, tu t'installes au bord de la chute" (Kundera)
Si si je l'ai désinstallé :s
Oui le problème est toujours présent !
par contre j'ai du désactiver le UAC car mon lecteur windows média ne fonctionnait plus :s
je te poste le scan dès qu'il est fini ;)
Oui le problème est toujours présent !
par contre j'ai du désactiver le UAC car mon lecteur windows média ne fonctionnait plus :s
je te poste le scan dès qu'il est fini ;)
MD5: de14b77e9a30588f944163bd0911edea
First received: 2010.06.10 20:30:29 UTC
Date 2010.06.10 20:30:29 UTC [>3D]
Résultats 0/41
Permalink: analisis/497f0b9d1f711effa861226d57166203857548f7501308429e72ca4c16f0e07b-1276201829
Antivirus Version Dernière mise à jour Résultat
a-squared 5.0.0.26 2010.06.10 -
AhnLab-V3 2010.06.10.02 2010.06.10 -
AntiVir 8.2.2.6 2010.06.10 -
Antiy-AVL 2.0.3.7 2010.06.08 -
Authentium 5.2.0.5 2010.06.10 -
Avast 4.8.1351.0 2010.06.10 -
Avast5 5.0.332.0 2010.06.10 -
AVG 9.0.0.787 2010.06.10 -
BitDefender 7.2 2010.06.10 -
CAT-QuickHeal 10.00 2010.06.10 -
ClamAV 0.96.0.3-git 2010.06.10 -
Comodo 5054 2010.06.10 -
DrWeb 5.0.2.03300 2010.06.10 -
eSafe 7.0.17.0 2010.06.10 -
eTrust-Vet 36.1.7625 2010.06.10 -
F-Prot 4.6.0.103 2010.06.09 -
F-Secure 9.0.15370.0 2010.06.10 -
Fortinet 4.1.133.0 2010.06.10 -
GData 21 2010.06.10 -
Ikarus T3.1.1.84.0 2010.06.10 -
Jiangmin 13.0.900 2010.06.10 -
Kaspersky 7.0.0.125 2010.06.10 -
McAfee 5.400.0.1158 2010.06.10 -
McAfee-GW-Edition 2010.1 2010.06.10 -
Microsoft 1.5802 2010.06.10 -
NOD32 5188 2010.06.10 -
Norman 6.04.12 2010.06.10 -
nProtect 2010-06-10.01 2010.06.10 -
Panda 10.0.2.7 2010.06.10 -
PCTools 7.0.3.5 2010.06.10 -
Prevx 3.0 2010.06.10 -
Rising 22.51.03.05 2010.06.10 -
Sophos 4.54.0 2010.06.10 -
Sunbelt 6431 2010.06.10 -
Symantec 20101.1.0.89 2010.06.10 -
TheHacker 6.5.2.0.296 2010.06.10 -
TrendMicro 9.120.0.1004 2010.06.10 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.10 -
VBA32 3.12.12.5 2010.06.10 -
ViRobot 2010.6.10.3879 2010.06.10 -
VirusBuster 5.0.27.0 2010.06.10 -
Information additionnelle
File size: 2037248 bytes
MD5 : de14b77e9a30588f944163bd0911edea
SHA1 : e1906b32cfa361b398581680d0d39ecb7e6c3d96
SHA256: 497f0b9d1f711effa861226d57166203857548f7501308429e72ca4c16f0e07b
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1EB0EC
timedatestamp.....: 0x4BDC370F (Sat May 1 16:13:35 2010)
machinetype.......: 0x14C (Intel I386)
( 9 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1B80F3 0x1B8200 6.70 d8d1fd7989ea831c0ce665096ab73e9b
.rdata 0x1BA000 0x128FC 0x12A00 5.34 6b918756d407300d62cd7ccc754ed03e
.data 0x1CD000 0x187AC 0xBE00 5.78 30cef48ba4b0c7268dc6379fc50a0419
.kbdfall 0x1E6000 0x63C 0x800 3.98 ce31b21a1f15ff0085d9a0a9165bffee
PAGE 0x1E7000 0x4C0 0x600 5.20 3e4ee64823b9fa517ff5dc254655e801
.edata 0x1E8000 0x1CA3 0x1E00 5.84 d6060da2d87d969dccf7a8fba74fa6e4
INIT 0x1EA000 0x5DF4 0x5E00 6.73 732aac3215ca5b2a8a24e1ebfddc09fc
.rsrc 0x1F0000 0x2890 0x2A00 3.56 fb082216a68ed23e870b164349039e9c
.reloc 0x1F3000 0xF2BC 0xF400 6.76 5b5826166d1cca99ca43aa4a2f984b1b
( 5 imports )
> dxapi.sys: _DxApiGetVersion@0
> hal.dll: KeQueryPerformanceCounter
> msrpc.sys: RpcBindingUnbind, NdrAsyncClientCall, RpcBindingCopy, I_RpcGetCompleteAndFreeRoutine, RpcBindingCreateW, RpcBindingBind, RpcAsyncInitializeHandle, RpcAsyncCancelCall, RpcAsyncCompleteCall, RpcBindingFree
> ntoskrnl.exe: KeTickCount, ExReleaseFastMutexUnsafeAndLeaveCriticalRegion, PsGetThreadWin32Thread, PsSetThreadWin32Thread, PsGetCurrentProcessId, memset, ExEnterCriticalRegionAndAcquireFastMutexUnsafe, PsGetProcessWin32Process, PsSetProcessWin32Process, ExFreePoolWithTag, ObfDereferenceObject, ObfReferenceObject, ExAllocatePoolWithQuotaTag, ExRaiseDatatypeMisalignment, ProbeForWrite, KeGetCurrentThread, ObReferenceObjectByHandle, ExAllocatePoolWithTag, PsGetProcessSessionId, PsLookupProcessByProcessId, PsGetThreadSessionId, PsLookupThreadByThreadId, InterlockedExchange, ExEnterCriticalRegionAndAcquireResourceExclusive, ExReleaseResourceAndLeaveCriticalRegion, ObCloseHandle, PsGetCurrentProcess, ExRaiseStatus, ExFreePool, RtlNtStatusToDosError, ObOpenObjectByPointer, ExDesktopObjectType, RtlCopyUnicodeString, ExRaiseAccessViolation, PsProcessType, PsGetCurrentProcessWin32Process, PsGetProcessPeb, RtlInitUnicodeString, RtlAreAnyAccessesGranted, KeDetachProcess, KeAttachProcess, PsGetJobUIRestrictionsClass, PsGetJobLock, PsJobType, RtlIntegerToUnicode, RtlIntegerToUnicodeString, PsGetThreadId, PsGetThreadProcessId, PsDereferenceImpersonationToken, PsDereferencePrimaryToken, SeTokenType, SeCreateClientSecurity, ZwClose, ZwQueryInformationToken, SeReleaseSecurityDescriptor, ZwFreeVirtualMemory, SeCaptureSecurityDescriptor, ZwAllocateVirtualMemory, KeInitializeEvent, ObDeleteCapturedInsertInfo, MmCreateSection, MmMapViewInSessionSpace, MmUnmapViewInSessionSpace, RtlAllocateHeap, ExDeleteResourceLite, ExInitializeResourceLite, ZwCreateDirectoryObject, RtlUnicodeStringToInteger, MmMapViewOfSection, KeBugCheckEx, ZwOpenKey, ZwSetSystemInformation, NlsMbCodePageTag, NlsAnsiCodePage, ZwQueryValueKey, RtlQueryElevationFlags, RtlCheckRegistryKey, ExWindowStationObjectType, PsGetThreadProcess, PsIsSystemThread, PsReleaseProcessExitSynchronization, KeUnstackDetachProcess, KeStackAttachProcess, PsAcquireProcessExitSynchronization, PsIsProtectedProcess, PsGetProcessJob, PsGetProcessWin32WindowStation, InterlockedCompareExchange, SeSinglePrivilegeCheck, InterlockedPopEntrySList, InterlockedPushEntrySList, RtlFreeHeap, SeQueryAuthenticationIdToken, PsReferencePrimaryToken, PsGetProcessInheritedFromUniqueProcessId, PsSetProcessWindowStation, RtlCompareUnicodeString, ZwQueryDefaultLocale, PsGetProcessCreateTimeQuadPart, KeQuerySystemTime, KeClearEvent, ExDeletePagedLookasideList, ExIsResourceAcquiredExclusiveLite, RtlInitializeBitMap, ExInitializePagedLookasideList, KeWaitForMultipleObjects, KeWaitForSingleObject, KeSetEvent, PsIsThreadTerminating, ZwQueryInformationProcess, PsGetCurrentProcessSessionId, PsGetProcessId, PsGetProcessExitStatus, ExEventObjectType, ZwCreateEvent, ObReferenceObjectByPointer, RtlAnsiStringToUnicodeString, RtlInitAnsiString, PsGetProcessImageFileName, PsThreadType, SeQueryInformationToken, PsGetProcessExitProcessCalled, KeSetKernelStackSwapEnable, ZwTerminateProcess, PsGetProcessSectionBaseAddress, RtlDestroyHeap, EtwUnregister, RtlDestroyAtomTable, KeCancelTimer, KeRemoveSystemServiceTable, RtlGetIntegerAtom, InterlockedDecrement, NtQueryInformationProcess, IoCreateDriver, ExInitializeRundownProtection, KeQueryInterruptTime, EtwRegister, MmPageEntireDriver, PsEstablishWin32Callouts, KeAddSystemServiceTable, MmUserProbeAddress, KeDelayExecutionThread, ExRaiseHardError, ZwQueryDefaultUILanguage, ZwSetDefaultUILanguage, ZwSetDefaultLocale, ExAllocatePoolWithTagPriority, PsGetProcessDebugPort, KeSaveFloatingPointState, KeRestoreFloatingPointState, ZwYieldExecution, ObCreateObject, PsIsSystemProcess, RtlClearBits, RtlSetBits, ZwSetSecurityObject, RtlInitializeSid, RtlSubAuthoritySid, RtlLengthRequiredSid, RtlMapGenericMask, ObReleaseObjectSecurity, ObAssignSecurity, ObGetObjectSecurity, ObCheckCreateObjectAccess, RtlEqualUnicodeString, MmUnmapViewOfSection, PsGetProcessSessionIdEx, ObOpenObjectByName, PsGetThreadTeb, ObFindHandleForObject, RtlAppendUnicodeStringToString, RtlAppendUnicodeToString, PsGetCurrentThreadId, KePulseEvent, ZwSetInformationProcess, ZwSetInformationThread, ZwDuplicateObject, ExIsResourceAcquiredSharedLite, ExEnterPriorityRegionAndAcquireResourceExclusive, ExEnterPriorityRegionAndAcquireResourceShared, ExReleaseResourceAndLeavePriorityRegion, KeResetEvent, RtlQueryRegistryValues, IoGetRelatedDeviceObject, ZwDeviceIoControlFile, KeInitializeTimerEx, InitSafeBootMode, RtlAreAllAccessesGranted, SeDeleteAccessState, ObCheckObjectAccess, SeCreateAccessState, SeReleaseSubjectContext, SeUnlockSubjectContext, SePrivilegeObjectAuditAlarm, SePrivilegeCheck, SeLockSubjectContext, SeCaptureSubjectContext, RtlCopySid, RtlLengthSid, RtlSetGroupSecurityDescriptor, RtlSetOwnerSecurityDescriptor, RtlSetSaclSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlAddAce, RtlCreateAcl, RtlCreateSecurityDescriptor, SeExports, ObReferenceObjectByName, ObSetHandleAttributes, LpcRequestWaitReplyPort, LpcRequestPort, RtlPinAtomInAtomTable, RtlAddAtomToAtomTable, RtlCreateAtomTable, ExReleaseRundownProtection, SeDeassignSecurity, ObSetSecurityDescriptorInfo, SeAssignSecurity, ObInsertObject, ZwOpenDirectoryObject, ExAcquireRundownProtection, IoQueryDeviceDescription, PoSetSystemState, ExRundownCompleted, ExWaitForRundownProtectionRelease, PsCreateSystemThread, ZwQueryObject, IoDriverObjectType, ZwSetEvent, KeTestAlertThread, PoRequestShutdownEvent, KeInitializeTimer, ZwOpenProcessTokenEx, ZwOpenThreadTokenEx, SeTokenIsRestricted, PsReferenceImpersonationToken, RtlIntegerToChar, RtlUnicodeStringToAnsiString, EtwWrite, PsSetProcessPriorityByClass, PsSetProcessPriorityClass, PsGetProcessPriorityClass, EtwEventEnabled, ZwPowerInformation, IoGetStackLimits, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, MmSystemRangeStart, RtlMultiByteToUnicodeN, ZwEnumerateValueKey, ZwQueryKey, KeSetPriorityThread, RtlUnicodeToMultiByteN, RtlGetThreadLangIdByIndex, KeAlertThread, KeSetTimer, RtlFreeUnicodeString, RtlFormatCurrentUserKeyPath, ZwSetValueKey, RtlImageNtHeader, ExGetSharedWaiterCount, ExGetExclusiveWaiterCount, NlsOemCodePage, RtlLookupAtomInAtomTable, RtlDeleteAtomFromAtomTable, RtlQueryAtomInAtomTable, ZwReadFile, ZwQueryInformationFile, ZwQuerySymbolicLinkObject, ZwOpenSymbolicLinkObject, ZwCreateFile, ObQueryNameString, IoFileObjectType, SeImpersonateClientEx, InterlockedIncrement, RtlUnicodeToMultiByteSize, RtlMultiByteToUnicodeSize, KeUserModeCallback, LpcPortObjectType, IofCallDriver, IoBuildSynchronousFsdRequest, ZwOpenFile, IoBuildDeviceIoControlRequest, RtlCreateHeap, MmCommitSessionMappedView, ZwCancelIoFile, IoUnregisterPlugPlayNotification, IoGetDeviceObjectPointer, IoRegisterPlugPlayNotification, IoWMIQuerySingleInstance, IoWMIHandleToInstanceName, IoWMIOpenBlock, IoInvalidateDeviceRelations, IoPnPDeliverServicePowerNotification, PsGetThreadFreezeCount, PsGetCurrentThreadProcessId, PoUserShutdownInitiated, RtlFindMessage, RtlUnwind, RtlRaiseException, RtlAnsiCharToUnicodeChar, ZwQuerySystemInformation, ZwQueryLicenseValue, _alldvrm, ExEnterCriticalRegionAndAcquireResourceShared, KeAcquireGuardedMutex, KeReleaseGuardedMutex, PsGetCurrentThreadTeb, DbgPrintEx, DbgBreakPoint, MmSecureVirtualMemory, ExSystemTimeToLocalTime, KeEnterCriticalRegion, KeLeaveCriticalRegion, KeInitializeGuardedMutex, RtlInsertElementGenericTableAvl, MmUnsecureVirtualMemory, RtlDeleteElementGenericTableAvl, RtlLookupElementGenericTableAvl, KeInitializeDpc, ExIsProcessorFeaturePresent, RtlFillMemoryUlong, RtlTimeToTimeFields, KeExpandKernelStackAndCallout, KeReadStateEvent, LdrResFindResource, RtlGetDefaultCodePage, ZwDeleteFile, LdrResFindResourceDirectory, RtlUnicodeToCustomCPN, RtlCustomCPToUnicodeN, RtlInitCodePageTable, DbgPrint, RtlEqualSid, MmHighestUserAddress, PsRevertToSelf, RtlUnicodeToOemN, ZwCreateKey, RtlFreeAnsiString, RtlImageDirectoryEntryToData, _strnicmp, strncmp, RtlWriteRegistryValue, RtlDeleteRegistryValue, ZwEnumerateKey, IoOpenDeviceRegistryKey, RtlCompareMemory, toupper, IoGetDeviceInterfaces, IoGetDeviceProperty, ZwDeleteKey, IoOpenDeviceInterfaceRegistryKey, IoSynchronousInvalidateDeviceRelations, IoCreateFile, MmSectionObjectType, ZwCreateSection, ZwSetInformationFile, ZwQueryVolumeInformationFile, IoSetThreadHardErrorMode, RtlLookupElementGenericTable, RtlDeleteElementGenericTable, RtlInitializeGenericTable, RtlInsertElementGenericTable, ZwUnmapViewOfSection, PsGetCurrentThreadPreviousMode, PsGetCurrentThreadWin32ThreadAndEnterCriticalRegion, wcsspn, wcscspn, RtlCreateRegistryKey, RtlGetNtGlobalFlags, MmQuerySystemSize, RtlEnumerateGenericTableAvl, ZwMapViewOfSection, RtlInitializeGenericTableAvl, LpcRequestWaitReplyPortEx, NtClose, KeAreApcsDisabled, RtlUpcaseUnicodeString, RtlExtendedLargeIntegerDivide, IoQueueThreadIrp, IoBuildAsynchronousFsdRequest, qsort, KeInitializeMutex, KeReleaseMutex, MmAddVerifierThunks, MmIsVerifierEnabled, RtlRandom, PsGetCurrentThreadWin32Thread
> watchdog.sys: WdInitLogging, WdLogEvent5, WdEnterMonitoredSection, WdExitMonitoredSection, WdFreeDeferredWatchdog, WdStopDeferredWatch, WdStartDeferredWatch, WdAttachContext, WdAllocateDeferredWatchdog, DMgrIsSetupRunning, WdSuspendDeferredWatch, WdResumeDeferredWatch, SMgrNotifySessionChange, SMgrRegisterGdiCallout, WdDiagShutdown, WdDiagNotifyUser, WdDiagInit
( 1 exports )
> BRUSHOBJ_hGetColorTransform, BRUSHOBJ_pvAllocRbrush, BRUSHOBJ_pvGetRbrush, BRUSHOBJ_ulGetBrushColor, CLIPOBJ_GetRgn, CLIPOBJ_bEnum, CLIPOBJ_cEnumStart, CLIPOBJ_ppoGetPath, EngAcquireSemaphore, EngAllocMem, EngAllocPrivateUserMem, EngAllocSectionMem, EngAllocUserMem, EngAlphaBlend, EngAssociateSurface, EngBitBlt, EngBugCheckEx, EngCheckAbort, EngClearEvent, EngCombineRgn, EngComputeGlyphSet, EngControlSprites, EngCopyBits, EngCopyRgn, EngCreateBitmap, EngCreateClip, EngCreateDeviceBitmap, EngCreateDeviceSurface, EngCreateDriverObj, EngCreateEvent, EngCreatePalette, EngCreatePath, EngCreateRectRgn, EngCreateSemaphore, EngCreateWnd, EngDebugBreak, EngDebugPrint, EngDeleteClip, EngDeleteDriverObj, EngDeleteEvent, EngDeleteFile, EngDeletePalette, EngDeletePath, EngDeleteRgn, EngDeleteSafeSemaphore, EngDeleteSemaphore, EngDeleteSurface, EngDeleteWnd, EngDeviceIoControl, EngDitherColor, EngDxIoctl, EngEnumForms, EngEqualRgn, EngEraseSurface, EngFileIoControl, EngFileWrite, EngFillPath, EngFindImageProcAddress, EngFindResource, EngFntCacheAlloc, EngFntCacheFault, EngFntCacheLookUp, EngFreeMem, EngFreeModule, EngFreePrivateUserMem, EngFreeSectionMem, EngFreeUserMem, EngGetCurrentCodePage, EngGetCurrentProcessId, EngGetCurrentThreadId, EngGetDriverName, EngGetFileChangeTime, EngGetFilePath, EngGetForm, EngGetLastError, EngGetPrinter, EngGetPrinterData, EngGetPrinterDataFileName, EngGetPrinterDriver, EngGetProcessHandle, EngGetRgnBox, EngGetRgnData, EngGetTickCount, EngGetType1FontList, EngGradientFill, EngHangNotification, EngInitializeSafeSemaphore, EngIntersectRgn, EngIsSemaphoreOwned, EngIsSemaphoreOwnedByCurrentThread, EngLineTo, EngLoadImage, EngLoadModule, EngLoadModuleForWrite, EngLockDirectDrawSurface, EngLockDriverObj, EngLockSurface, EngLpkInstalled, EngMapEvent, EngMapFile, EngMapFontFile, EngMapFontFileFD, EngMapModule, EngMapSection, EngMarkBandingSurface, EngModifySurface, EngMovePointer, EngMulDiv, EngMultiByteToUnicodeN, EngMultiByteToWideChar, EngNineGrid, EngOffsetRgn, EngPaint, EngPlgBlt, EngProbeForRead, EngProbeForReadAndWrite, EngQueryDeviceAttribute, EngQueryLocalTime, EngQueryPalette, EngQueryPerformanceCounter, EngQueryPerformanceFrequency, EngQuerySystemAttribute, EngQueryW32kCddInterface, EngReadStateEvent, EngRectInRgn, EngReleaseSemaphore, EngRestoreFloatingPointState, EngSaveFloatingPointState, EngSecureMem, EngSetEvent, EngSetLastError, EngSetPointerShape, EngSetPointerTag, EngSetPrinterData, EngSetRectRgn, EngSort, EngStretchBlt, EngStretchBltROP, EngStrokeAndFillPath, EngStrokePath, EngSubtractRgn, EngTextOut, EngTransparentBlt, EngUnicodeToMultiByteN, EngUnionRgn, EngUnloadImage, EngUnlockDirectDrawSurface, EngUnlockDriverObj, EngUnlockSurface, EngUnmapEvent, EngUnmapFile, EngUnmapFontFile, EngUnmapFontFileFD, EngUnsecureMem, EngWaitForSingleObject, EngWideCharToMultiByte, EngWritePrinter, EngXorRgn, FLOATOBJ_Add, FLOATOBJ_AddFloat, FLOATOBJ_AddFloatObj, FLOATOBJ_AddLong, FLOATOBJ_Div, FLOATOBJ_DivFloat, FLOATOBJ_DivFloatObj, FLOATOBJ_DivLong, FLOATOBJ_Equal, FLOATOBJ_EqualLong, FLOATOBJ_GetFloat, FLOATOBJ_GetLong, FLOATOBJ_GreaterThan, FLOATOBJ_GreaterThanLong, FLOATOBJ_LessThan, FLOATOBJ_LessThanLong, FLOATOBJ_Mul, FLOATOBJ_MulFloat, FLOATOBJ_MulFloatObj, FLOATOBJ_MulLong, FLOATOBJ_Neg, FLOATOBJ_SetFloat, FLOATOBJ_SetLong, FLOATOBJ_Sub, FLOATOBJ_SubFloat, FLOATOBJ_SubFloatObj, FLOATOBJ_SubLong, FONTOBJ_cGetAllGlyphHandles, FONTOBJ_cGetGlyphs, FONTOBJ_pQueryGlyphAttrs, FONTOBJ_pfdg, FONTOBJ_pifi, FONTOBJ_pjOpenTypeTablePointer, FONTOBJ_pvTrueTypeFontFile, FONTOBJ_pwszFontFilePaths, FONTOBJ_pxoGetXform, FONTOBJ_vGetInfo, HT_ComputeRGBGammaTable, HT_Get8BPPFormatPalette, HT_Get8BPPMaskPalette, HeapVidMemAllocAligned, PALOBJ_cGetColors, PATHOBJ_bCloseFigure, PATHOBJ_bEnum, PATHOBJ_bEnumClipLines, PATHOBJ_bMoveTo, PATHOBJ_bPolyBezierTo, PATHOBJ_bPolyLineTo, PATHOBJ_vEnumStart, PATHOBJ_vEnumStartClipLines, PATHOBJ_vGetBounds, RtlAnsiCharToUnicodeChar, RtlMultiByteToUnicodeN, RtlRaiseException, RtlUnicodeToMultiByteN, RtlUnicodeToMultiByteSize, RtlUnwind, RtlUpcaseUnicodeChar, RtlUpcaseUnicodeToMultiByteN, STROBJ_bEnum, STROBJ_bEnumPositionsOnly, STROBJ_bGetAdvanceWidths, STROBJ_dwGetCodePage, STROBJ_fxBreakExtra, STROBJ_fxCharacterExtra, STROBJ_vEnumStart, VidMemFree, WNDOBJ_bEnum, WNDOBJ_cEnumStart, WNDOBJ_vSetConsumer, XFORMOBJ_bApplyXform, XFORMOBJ_iGetFloatObjXform, XFORMOBJ_iGetXform, XLATEOBJ_cGetPalette, XLATEOBJ_hGetColorTransform, XLATEOBJ_iXlate, XLATEOBJ_piVector, _abnormal_termination, _except_handler2, _global_unwind2, _itoa, _itow, _local_unwind2
TrID : File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 24576:mEZV6FLvNVWpw9dOCEDTqSrv/Mj7ppFJF4cLcCAQ/ayleuEu+KDh6Q9ZX57kwdSi:pqum+4bOYal/K9X9B5wwYjNfJX
sigcheck: publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Multi-User Win32 Driver
original name: win32k.sys
internal name: win32k.sys
file version.: 6.0.6002.18253 (vistasp2_gdr.100501-0336)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD : -
RDS : NSRL Reference Data Set
First received: 2010.06.10 20:30:29 UTC
Date 2010.06.10 20:30:29 UTC [>3D]
Résultats 0/41
Permalink: analisis/497f0b9d1f711effa861226d57166203857548f7501308429e72ca4c16f0e07b-1276201829
Antivirus Version Dernière mise à jour Résultat
a-squared 5.0.0.26 2010.06.10 -
AhnLab-V3 2010.06.10.02 2010.06.10 -
AntiVir 8.2.2.6 2010.06.10 -
Antiy-AVL 2.0.3.7 2010.06.08 -
Authentium 5.2.0.5 2010.06.10 -
Avast 4.8.1351.0 2010.06.10 -
Avast5 5.0.332.0 2010.06.10 -
AVG 9.0.0.787 2010.06.10 -
BitDefender 7.2 2010.06.10 -
CAT-QuickHeal 10.00 2010.06.10 -
ClamAV 0.96.0.3-git 2010.06.10 -
Comodo 5054 2010.06.10 -
DrWeb 5.0.2.03300 2010.06.10 -
eSafe 7.0.17.0 2010.06.10 -
eTrust-Vet 36.1.7625 2010.06.10 -
F-Prot 4.6.0.103 2010.06.09 -
F-Secure 9.0.15370.0 2010.06.10 -
Fortinet 4.1.133.0 2010.06.10 -
GData 21 2010.06.10 -
Ikarus T3.1.1.84.0 2010.06.10 -
Jiangmin 13.0.900 2010.06.10 -
Kaspersky 7.0.0.125 2010.06.10 -
McAfee 5.400.0.1158 2010.06.10 -
McAfee-GW-Edition 2010.1 2010.06.10 -
Microsoft 1.5802 2010.06.10 -
NOD32 5188 2010.06.10 -
Norman 6.04.12 2010.06.10 -
nProtect 2010-06-10.01 2010.06.10 -
Panda 10.0.2.7 2010.06.10 -
PCTools 7.0.3.5 2010.06.10 -
Prevx 3.0 2010.06.10 -
Rising 22.51.03.05 2010.06.10 -
Sophos 4.54.0 2010.06.10 -
Sunbelt 6431 2010.06.10 -
Symantec 20101.1.0.89 2010.06.10 -
TheHacker 6.5.2.0.296 2010.06.10 -
TrendMicro 9.120.0.1004 2010.06.10 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.10 -
VBA32 3.12.12.5 2010.06.10 -
ViRobot 2010.6.10.3879 2010.06.10 -
VirusBuster 5.0.27.0 2010.06.10 -
Information additionnelle
File size: 2037248 bytes
MD5 : de14b77e9a30588f944163bd0911edea
SHA1 : e1906b32cfa361b398581680d0d39ecb7e6c3d96
SHA256: 497f0b9d1f711effa861226d57166203857548f7501308429e72ca4c16f0e07b
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1EB0EC
timedatestamp.....: 0x4BDC370F (Sat May 1 16:13:35 2010)
machinetype.......: 0x14C (Intel I386)
( 9 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1B80F3 0x1B8200 6.70 d8d1fd7989ea831c0ce665096ab73e9b
.rdata 0x1BA000 0x128FC 0x12A00 5.34 6b918756d407300d62cd7ccc754ed03e
.data 0x1CD000 0x187AC 0xBE00 5.78 30cef48ba4b0c7268dc6379fc50a0419
.kbdfall 0x1E6000 0x63C 0x800 3.98 ce31b21a1f15ff0085d9a0a9165bffee
PAGE 0x1E7000 0x4C0 0x600 5.20 3e4ee64823b9fa517ff5dc254655e801
.edata 0x1E8000 0x1CA3 0x1E00 5.84 d6060da2d87d969dccf7a8fba74fa6e4
INIT 0x1EA000 0x5DF4 0x5E00 6.73 732aac3215ca5b2a8a24e1ebfddc09fc
.rsrc 0x1F0000 0x2890 0x2A00 3.56 fb082216a68ed23e870b164349039e9c
.reloc 0x1F3000 0xF2BC 0xF400 6.76 5b5826166d1cca99ca43aa4a2f984b1b
( 5 imports )
> dxapi.sys: _DxApiGetVersion@0
> hal.dll: KeQueryPerformanceCounter
> msrpc.sys: RpcBindingUnbind, NdrAsyncClientCall, RpcBindingCopy, I_RpcGetCompleteAndFreeRoutine, RpcBindingCreateW, RpcBindingBind, RpcAsyncInitializeHandle, RpcAsyncCancelCall, RpcAsyncCompleteCall, RpcBindingFree
> ntoskrnl.exe: KeTickCount, ExReleaseFastMutexUnsafeAndLeaveCriticalRegion, PsGetThreadWin32Thread, PsSetThreadWin32Thread, PsGetCurrentProcessId, memset, ExEnterCriticalRegionAndAcquireFastMutexUnsafe, PsGetProcessWin32Process, PsSetProcessWin32Process, ExFreePoolWithTag, ObfDereferenceObject, ObfReferenceObject, ExAllocatePoolWithQuotaTag, ExRaiseDatatypeMisalignment, ProbeForWrite, KeGetCurrentThread, ObReferenceObjectByHandle, ExAllocatePoolWithTag, PsGetProcessSessionId, PsLookupProcessByProcessId, PsGetThreadSessionId, PsLookupThreadByThreadId, InterlockedExchange, ExEnterCriticalRegionAndAcquireResourceExclusive, ExReleaseResourceAndLeaveCriticalRegion, ObCloseHandle, PsGetCurrentProcess, ExRaiseStatus, ExFreePool, RtlNtStatusToDosError, ObOpenObjectByPointer, ExDesktopObjectType, RtlCopyUnicodeString, ExRaiseAccessViolation, PsProcessType, PsGetCurrentProcessWin32Process, PsGetProcessPeb, RtlInitUnicodeString, RtlAreAnyAccessesGranted, KeDetachProcess, KeAttachProcess, PsGetJobUIRestrictionsClass, PsGetJobLock, PsJobType, RtlIntegerToUnicode, RtlIntegerToUnicodeString, PsGetThreadId, PsGetThreadProcessId, PsDereferenceImpersonationToken, PsDereferencePrimaryToken, SeTokenType, SeCreateClientSecurity, ZwClose, ZwQueryInformationToken, SeReleaseSecurityDescriptor, ZwFreeVirtualMemory, SeCaptureSecurityDescriptor, ZwAllocateVirtualMemory, KeInitializeEvent, ObDeleteCapturedInsertInfo, MmCreateSection, MmMapViewInSessionSpace, MmUnmapViewInSessionSpace, RtlAllocateHeap, ExDeleteResourceLite, ExInitializeResourceLite, ZwCreateDirectoryObject, RtlUnicodeStringToInteger, MmMapViewOfSection, KeBugCheckEx, ZwOpenKey, ZwSetSystemInformation, NlsMbCodePageTag, NlsAnsiCodePage, ZwQueryValueKey, RtlQueryElevationFlags, RtlCheckRegistryKey, ExWindowStationObjectType, PsGetThreadProcess, PsIsSystemThread, PsReleaseProcessExitSynchronization, KeUnstackDetachProcess, KeStackAttachProcess, PsAcquireProcessExitSynchronization, PsIsProtectedProcess, PsGetProcessJob, PsGetProcessWin32WindowStation, InterlockedCompareExchange, SeSinglePrivilegeCheck, InterlockedPopEntrySList, InterlockedPushEntrySList, RtlFreeHeap, SeQueryAuthenticationIdToken, PsReferencePrimaryToken, PsGetProcessInheritedFromUniqueProcessId, PsSetProcessWindowStation, RtlCompareUnicodeString, ZwQueryDefaultLocale, PsGetProcessCreateTimeQuadPart, KeQuerySystemTime, KeClearEvent, ExDeletePagedLookasideList, ExIsResourceAcquiredExclusiveLite, RtlInitializeBitMap, ExInitializePagedLookasideList, KeWaitForMultipleObjects, KeWaitForSingleObject, KeSetEvent, PsIsThreadTerminating, ZwQueryInformationProcess, PsGetCurrentProcessSessionId, PsGetProcessId, PsGetProcessExitStatus, ExEventObjectType, ZwCreateEvent, ObReferenceObjectByPointer, RtlAnsiStringToUnicodeString, RtlInitAnsiString, PsGetProcessImageFileName, PsThreadType, SeQueryInformationToken, PsGetProcessExitProcessCalled, KeSetKernelStackSwapEnable, ZwTerminateProcess, PsGetProcessSectionBaseAddress, RtlDestroyHeap, EtwUnregister, RtlDestroyAtomTable, KeCancelTimer, KeRemoveSystemServiceTable, RtlGetIntegerAtom, InterlockedDecrement, NtQueryInformationProcess, IoCreateDriver, ExInitializeRundownProtection, KeQueryInterruptTime, EtwRegister, MmPageEntireDriver, PsEstablishWin32Callouts, KeAddSystemServiceTable, MmUserProbeAddress, KeDelayExecutionThread, ExRaiseHardError, ZwQueryDefaultUILanguage, ZwSetDefaultUILanguage, ZwSetDefaultLocale, ExAllocatePoolWithTagPriority, PsGetProcessDebugPort, KeSaveFloatingPointState, KeRestoreFloatingPointState, ZwYieldExecution, ObCreateObject, PsIsSystemProcess, RtlClearBits, RtlSetBits, ZwSetSecurityObject, RtlInitializeSid, RtlSubAuthoritySid, RtlLengthRequiredSid, RtlMapGenericMask, ObReleaseObjectSecurity, ObAssignSecurity, ObGetObjectSecurity, ObCheckCreateObjectAccess, RtlEqualUnicodeString, MmUnmapViewOfSection, PsGetProcessSessionIdEx, ObOpenObjectByName, PsGetThreadTeb, ObFindHandleForObject, RtlAppendUnicodeStringToString, RtlAppendUnicodeToString, PsGetCurrentThreadId, KePulseEvent, ZwSetInformationProcess, ZwSetInformationThread, ZwDuplicateObject, ExIsResourceAcquiredSharedLite, ExEnterPriorityRegionAndAcquireResourceExclusive, ExEnterPriorityRegionAndAcquireResourceShared, ExReleaseResourceAndLeavePriorityRegion, KeResetEvent, RtlQueryRegistryValues, IoGetRelatedDeviceObject, ZwDeviceIoControlFile, KeInitializeTimerEx, InitSafeBootMode, RtlAreAllAccessesGranted, SeDeleteAccessState, ObCheckObjectAccess, SeCreateAccessState, SeReleaseSubjectContext, SeUnlockSubjectContext, SePrivilegeObjectAuditAlarm, SePrivilegeCheck, SeLockSubjectContext, SeCaptureSubjectContext, RtlCopySid, RtlLengthSid, RtlSetGroupSecurityDescriptor, RtlSetOwnerSecurityDescriptor, RtlSetSaclSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlAddAce, RtlCreateAcl, RtlCreateSecurityDescriptor, SeExports, ObReferenceObjectByName, ObSetHandleAttributes, LpcRequestWaitReplyPort, LpcRequestPort, RtlPinAtomInAtomTable, RtlAddAtomToAtomTable, RtlCreateAtomTable, ExReleaseRundownProtection, SeDeassignSecurity, ObSetSecurityDescriptorInfo, SeAssignSecurity, ObInsertObject, ZwOpenDirectoryObject, ExAcquireRundownProtection, IoQueryDeviceDescription, PoSetSystemState, ExRundownCompleted, ExWaitForRundownProtectionRelease, PsCreateSystemThread, ZwQueryObject, IoDriverObjectType, ZwSetEvent, KeTestAlertThread, PoRequestShutdownEvent, KeInitializeTimer, ZwOpenProcessTokenEx, ZwOpenThreadTokenEx, SeTokenIsRestricted, PsReferenceImpersonationToken, RtlIntegerToChar, RtlUnicodeStringToAnsiString, EtwWrite, PsSetProcessPriorityByClass, PsSetProcessPriorityClass, PsGetProcessPriorityClass, EtwEventEnabled, ZwPowerInformation, IoGetStackLimits, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, MmSystemRangeStart, RtlMultiByteToUnicodeN, ZwEnumerateValueKey, ZwQueryKey, KeSetPriorityThread, RtlUnicodeToMultiByteN, RtlGetThreadLangIdByIndex, KeAlertThread, KeSetTimer, RtlFreeUnicodeString, RtlFormatCurrentUserKeyPath, ZwSetValueKey, RtlImageNtHeader, ExGetSharedWaiterCount, ExGetExclusiveWaiterCount, NlsOemCodePage, RtlLookupAtomInAtomTable, RtlDeleteAtomFromAtomTable, RtlQueryAtomInAtomTable, ZwReadFile, ZwQueryInformationFile, ZwQuerySymbolicLinkObject, ZwOpenSymbolicLinkObject, ZwCreateFile, ObQueryNameString, IoFileObjectType, SeImpersonateClientEx, InterlockedIncrement, RtlUnicodeToMultiByteSize, RtlMultiByteToUnicodeSize, KeUserModeCallback, LpcPortObjectType, IofCallDriver, IoBuildSynchronousFsdRequest, ZwOpenFile, IoBuildDeviceIoControlRequest, RtlCreateHeap, MmCommitSessionMappedView, ZwCancelIoFile, IoUnregisterPlugPlayNotification, IoGetDeviceObjectPointer, IoRegisterPlugPlayNotification, IoWMIQuerySingleInstance, IoWMIHandleToInstanceName, IoWMIOpenBlock, IoInvalidateDeviceRelations, IoPnPDeliverServicePowerNotification, PsGetThreadFreezeCount, PsGetCurrentThreadProcessId, PoUserShutdownInitiated, RtlFindMessage, RtlUnwind, RtlRaiseException, RtlAnsiCharToUnicodeChar, ZwQuerySystemInformation, ZwQueryLicenseValue, _alldvrm, ExEnterCriticalRegionAndAcquireResourceShared, KeAcquireGuardedMutex, KeReleaseGuardedMutex, PsGetCurrentThreadTeb, DbgPrintEx, DbgBreakPoint, MmSecureVirtualMemory, ExSystemTimeToLocalTime, KeEnterCriticalRegion, KeLeaveCriticalRegion, KeInitializeGuardedMutex, RtlInsertElementGenericTableAvl, MmUnsecureVirtualMemory, RtlDeleteElementGenericTableAvl, RtlLookupElementGenericTableAvl, KeInitializeDpc, ExIsProcessorFeaturePresent, RtlFillMemoryUlong, RtlTimeToTimeFields, KeExpandKernelStackAndCallout, KeReadStateEvent, LdrResFindResource, RtlGetDefaultCodePage, ZwDeleteFile, LdrResFindResourceDirectory, RtlUnicodeToCustomCPN, RtlCustomCPToUnicodeN, RtlInitCodePageTable, DbgPrint, RtlEqualSid, MmHighestUserAddress, PsRevertToSelf, RtlUnicodeToOemN, ZwCreateKey, RtlFreeAnsiString, RtlImageDirectoryEntryToData, _strnicmp, strncmp, RtlWriteRegistryValue, RtlDeleteRegistryValue, ZwEnumerateKey, IoOpenDeviceRegistryKey, RtlCompareMemory, toupper, IoGetDeviceInterfaces, IoGetDeviceProperty, ZwDeleteKey, IoOpenDeviceInterfaceRegistryKey, IoSynchronousInvalidateDeviceRelations, IoCreateFile, MmSectionObjectType, ZwCreateSection, ZwSetInformationFile, ZwQueryVolumeInformationFile, IoSetThreadHardErrorMode, RtlLookupElementGenericTable, RtlDeleteElementGenericTable, RtlInitializeGenericTable, RtlInsertElementGenericTable, ZwUnmapViewOfSection, PsGetCurrentThreadPreviousMode, PsGetCurrentThreadWin32ThreadAndEnterCriticalRegion, wcsspn, wcscspn, RtlCreateRegistryKey, RtlGetNtGlobalFlags, MmQuerySystemSize, RtlEnumerateGenericTableAvl, ZwMapViewOfSection, RtlInitializeGenericTableAvl, LpcRequestWaitReplyPortEx, NtClose, KeAreApcsDisabled, RtlUpcaseUnicodeString, RtlExtendedLargeIntegerDivide, IoQueueThreadIrp, IoBuildAsynchronousFsdRequest, qsort, KeInitializeMutex, KeReleaseMutex, MmAddVerifierThunks, MmIsVerifierEnabled, RtlRandom, PsGetCurrentThreadWin32Thread
> watchdog.sys: WdInitLogging, WdLogEvent5, WdEnterMonitoredSection, WdExitMonitoredSection, WdFreeDeferredWatchdog, WdStopDeferredWatch, WdStartDeferredWatch, WdAttachContext, WdAllocateDeferredWatchdog, DMgrIsSetupRunning, WdSuspendDeferredWatch, WdResumeDeferredWatch, SMgrNotifySessionChange, SMgrRegisterGdiCallout, WdDiagShutdown, WdDiagNotifyUser, WdDiagInit
( 1 exports )
> BRUSHOBJ_hGetColorTransform, BRUSHOBJ_pvAllocRbrush, BRUSHOBJ_pvGetRbrush, BRUSHOBJ_ulGetBrushColor, CLIPOBJ_GetRgn, CLIPOBJ_bEnum, CLIPOBJ_cEnumStart, CLIPOBJ_ppoGetPath, EngAcquireSemaphore, EngAllocMem, EngAllocPrivateUserMem, EngAllocSectionMem, EngAllocUserMem, EngAlphaBlend, EngAssociateSurface, EngBitBlt, EngBugCheckEx, EngCheckAbort, EngClearEvent, EngCombineRgn, EngComputeGlyphSet, EngControlSprites, EngCopyBits, EngCopyRgn, EngCreateBitmap, EngCreateClip, EngCreateDeviceBitmap, EngCreateDeviceSurface, EngCreateDriverObj, EngCreateEvent, EngCreatePalette, EngCreatePath, EngCreateRectRgn, EngCreateSemaphore, EngCreateWnd, EngDebugBreak, EngDebugPrint, EngDeleteClip, EngDeleteDriverObj, EngDeleteEvent, EngDeleteFile, EngDeletePalette, EngDeletePath, EngDeleteRgn, EngDeleteSafeSemaphore, EngDeleteSemaphore, EngDeleteSurface, EngDeleteWnd, EngDeviceIoControl, EngDitherColor, EngDxIoctl, EngEnumForms, EngEqualRgn, EngEraseSurface, EngFileIoControl, EngFileWrite, EngFillPath, EngFindImageProcAddress, EngFindResource, EngFntCacheAlloc, EngFntCacheFault, EngFntCacheLookUp, EngFreeMem, EngFreeModule, EngFreePrivateUserMem, EngFreeSectionMem, EngFreeUserMem, EngGetCurrentCodePage, EngGetCurrentProcessId, EngGetCurrentThreadId, EngGetDriverName, EngGetFileChangeTime, EngGetFilePath, EngGetForm, EngGetLastError, EngGetPrinter, EngGetPrinterData, EngGetPrinterDataFileName, EngGetPrinterDriver, EngGetProcessHandle, EngGetRgnBox, EngGetRgnData, EngGetTickCount, EngGetType1FontList, EngGradientFill, EngHangNotification, EngInitializeSafeSemaphore, EngIntersectRgn, EngIsSemaphoreOwned, EngIsSemaphoreOwnedByCurrentThread, EngLineTo, EngLoadImage, EngLoadModule, EngLoadModuleForWrite, EngLockDirectDrawSurface, EngLockDriverObj, EngLockSurface, EngLpkInstalled, EngMapEvent, EngMapFile, EngMapFontFile, EngMapFontFileFD, EngMapModule, EngMapSection, EngMarkBandingSurface, EngModifySurface, EngMovePointer, EngMulDiv, EngMultiByteToUnicodeN, EngMultiByteToWideChar, EngNineGrid, EngOffsetRgn, EngPaint, EngPlgBlt, EngProbeForRead, EngProbeForReadAndWrite, EngQueryDeviceAttribute, EngQueryLocalTime, EngQueryPalette, EngQueryPerformanceCounter, EngQueryPerformanceFrequency, EngQuerySystemAttribute, EngQueryW32kCddInterface, EngReadStateEvent, EngRectInRgn, EngReleaseSemaphore, EngRestoreFloatingPointState, EngSaveFloatingPointState, EngSecureMem, EngSetEvent, EngSetLastError, EngSetPointerShape, EngSetPointerTag, EngSetPrinterData, EngSetRectRgn, EngSort, EngStretchBlt, EngStretchBltROP, EngStrokeAndFillPath, EngStrokePath, EngSubtractRgn, EngTextOut, EngTransparentBlt, EngUnicodeToMultiByteN, EngUnionRgn, EngUnloadImage, EngUnlockDirectDrawSurface, EngUnlockDriverObj, EngUnlockSurface, EngUnmapEvent, EngUnmapFile, EngUnmapFontFile, EngUnmapFontFileFD, EngUnsecureMem, EngWaitForSingleObject, EngWideCharToMultiByte, EngWritePrinter, EngXorRgn, FLOATOBJ_Add, FLOATOBJ_AddFloat, FLOATOBJ_AddFloatObj, FLOATOBJ_AddLong, FLOATOBJ_Div, FLOATOBJ_DivFloat, FLOATOBJ_DivFloatObj, FLOATOBJ_DivLong, FLOATOBJ_Equal, FLOATOBJ_EqualLong, FLOATOBJ_GetFloat, FLOATOBJ_GetLong, FLOATOBJ_GreaterThan, FLOATOBJ_GreaterThanLong, FLOATOBJ_LessThan, FLOATOBJ_LessThanLong, FLOATOBJ_Mul, FLOATOBJ_MulFloat, FLOATOBJ_MulFloatObj, FLOATOBJ_MulLong, FLOATOBJ_Neg, FLOATOBJ_SetFloat, FLOATOBJ_SetLong, FLOATOBJ_Sub, FLOATOBJ_SubFloat, FLOATOBJ_SubFloatObj, FLOATOBJ_SubLong, FONTOBJ_cGetAllGlyphHandles, FONTOBJ_cGetGlyphs, FONTOBJ_pQueryGlyphAttrs, FONTOBJ_pfdg, FONTOBJ_pifi, FONTOBJ_pjOpenTypeTablePointer, FONTOBJ_pvTrueTypeFontFile, FONTOBJ_pwszFontFilePaths, FONTOBJ_pxoGetXform, FONTOBJ_vGetInfo, HT_ComputeRGBGammaTable, HT_Get8BPPFormatPalette, HT_Get8BPPMaskPalette, HeapVidMemAllocAligned, PALOBJ_cGetColors, PATHOBJ_bCloseFigure, PATHOBJ_bEnum, PATHOBJ_bEnumClipLines, PATHOBJ_bMoveTo, PATHOBJ_bPolyBezierTo, PATHOBJ_bPolyLineTo, PATHOBJ_vEnumStart, PATHOBJ_vEnumStartClipLines, PATHOBJ_vGetBounds, RtlAnsiCharToUnicodeChar, RtlMultiByteToUnicodeN, RtlRaiseException, RtlUnicodeToMultiByteN, RtlUnicodeToMultiByteSize, RtlUnwind, RtlUpcaseUnicodeChar, RtlUpcaseUnicodeToMultiByteN, STROBJ_bEnum, STROBJ_bEnumPositionsOnly, STROBJ_bGetAdvanceWidths, STROBJ_dwGetCodePage, STROBJ_fxBreakExtra, STROBJ_fxCharacterExtra, STROBJ_vEnumStart, VidMemFree, WNDOBJ_bEnum, WNDOBJ_cEnumStart, WNDOBJ_vSetConsumer, XFORMOBJ_bApplyXform, XFORMOBJ_iGetFloatObjXform, XFORMOBJ_iGetXform, XLATEOBJ_cGetPalette, XLATEOBJ_hGetColorTransform, XLATEOBJ_iXlate, XLATEOBJ_piVector, _abnormal_termination, _except_handler2, _global_unwind2, _itoa, _itow, _local_unwind2
TrID : File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 24576:mEZV6FLvNVWpw9dOCEDTqSrv/Mj7ppFJF4cLcCAQ/ayleuEu+KDh6Q9ZX57kwdSi:pqum+4bOYal/K9X9B5wwYjNfJX
sigcheck: publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Multi-User Win32 Driver
original name: win32k.sys
internal name: win32k.sys
file version.: 6.0.6002.18253 (vistasp2_gdr.100501-0336)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD : -
RDS : NSRL Reference Data Set
Je pense que tu as as mis un rapport qui date du 10/06/2010
Est-ce que tu peux le refaire et après avoir envoyer le fichier tu fais reinitialiser un scan maintenant
Smart
Est-ce que tu peux le refaire et après avoir envoyer le fichier tu fais reinitialiser un scan maintenant
Smart
Antivirus Version Dernière mise à jour Résultat
a-squared 5.0.0.26 2010.06.14 -
AhnLab-V3 2010.06.14.02 2010.06.14 -
AntiVir 8.2.2.6 2010.06.14 -
Antiy-AVL 2.0.3.7 2010.06.11 -
Authentium 5.2.0.5 2010.06.14 -
Avast 4.8.1351.0 2010.06.14 -
Avast5 5.0.332.0 2010.06.14 -
AVG 9.0.0.787 2010.06.14 -
BitDefender 7.2 2010.06.14 -
CAT-QuickHeal 10.00 2010.06.14 -
ClamAV 0.96.0.3-git 2010.06.14 -
Comodo 5101 2010.06.14 -
DrWeb 5.0.2.03300 2010.06.14 -
eSafe 7.0.17.0 2010.06.14 -
eTrust-Vet 36.1.7632 2010.06.14 -
F-Prot 4.6.0.103 2010.06.14 -
F-Secure 9.0.15370.0 2010.06.14 -
Fortinet 4.1.133.0 2010.06.14 -
GData 21 2010.06.14 -
Ikarus T3.1.1.84.0 2010.06.14 -
Jiangmin 13.0.900 2010.06.14 -
Kaspersky 7.0.0.125 2010.06.14 -
McAfee 5.400.0.1158 2010.06.14 -
McAfee-GW-Edition 2010.1 2010.06.14 -
Microsoft 1.5802 2010.06.14 -
NOD32 5196 2010.06.14 -
Norman 6.04.12 2010.06.14 -
nProtect 2010-06-14.02 2010.06.14 -
Panda 10.0.2.7 2010.06.14 -
PCTools 7.0.3.5 2010.06.14 -
Rising 22.51.06.01 2010.06.13 -
Sophos 4.54.0 2010.06.14 -
Sunbelt 6447 2010.06.14 -
Symantec 20101.1.0.89 2010.06.14 -
TheHacker 6.5.2.0.298 2010.06.12 -
TrendMicro 9.120.0.1004 2010.06.14 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.14 -
VBA32 3.12.12.5 2010.06.14 -
ViRobot 2010.6.14.3884 2010.06.14 -
VirusBuster 5.0.27.0 2010.06.14 -
Information additionnelle
File size: 2037248 bytes
MD5...: de14b77e9a30588f944163bd0911edea
SHA1..: e1906b32cfa361b398581680d0d39ecb7e6c3d96
SHA256: 497f0b9d1f711effa861226d57166203857548f7501308429e72ca4c16f0e07b
ssdeep: 24576:mEZV6FLvNVWpw9dOCEDTqSrv/Mj7ppFJF4cLcCAQ/ayleuEu+KDh6Q9ZX5
7kwdSi:pqum+4bOYal/K9X9B5wwYjNfJX
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1eb0ec
timedatestamp.....: 0x4bdc370f (Sat May 01 14:13:35 2010)
machinetype.......: 0x14c (I386)
( 9 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1b80f3 0x1b8200 6.70 d8d1fd7989ea831c0ce665096ab73e9b
.rdata 0x1ba000 0x128fc 0x12a00 5.34 6b918756d407300d62cd7ccc754ed03e
.data 0x1cd000 0x187ac 0xbe00 5.78 30cef48ba4b0c7268dc6379fc50a0419
.kbdfall 0x1e6000 0x63c 0x800 3.98 ce31b21a1f15ff0085d9a0a9165bffee
PAGE 0x1e7000 0x4c0 0x600 5.20 3e4ee64823b9fa517ff5dc254655e801
.edata 0x1e8000 0x1ca3 0x1e00 5.84 d6060da2d87d969dccf7a8fba74fa6e4
INIT 0x1ea000 0x5df4 0x5e00 6.73 732aac3215ca5b2a8a24e1ebfddc09fc
.rsrc 0x1f0000 0x2890 0x2a00 3.56 fb082216a68ed23e870b164349039e9c
.reloc 0x1f3000 0xf2bc 0xf400 6.76 5b5826166d1cca99ca43aa4a2f984b1b
( 5 imports )
> ntoskrnl.exe: KeTickCount, ExReleaseFastMutexUnsafeAndLeaveCriticalRegion, PsGetThreadWin32Thread, PsSetThreadWin32Thread, PsGetCurrentProcessId, memset, ExEnterCriticalRegionAndAcquireFastMutexUnsafe, PsGetProcessWin32Process, PsSetProcessWin32Process, ExFreePoolWithTag, ObfDereferenceObject, ObfReferenceObject, ExAllocatePoolWithQuotaTag, ExRaiseDatatypeMisalignment, ProbeForWrite, KeGetCurrentThread, ObReferenceObjectByHandle, ExAllocatePoolWithTag, PsGetProcessSessionId, PsLookupProcessByProcessId, PsGetThreadSessionId, PsLookupThreadByThreadId, InterlockedExchange, ExEnterCriticalRegionAndAcquireResourceExclusive, ExReleaseResourceAndLeaveCriticalRegion, ObCloseHandle, PsGetCurrentProcess, ExRaiseStatus, ExFreePool, RtlNtStatusToDosError, ObOpenObjectByPointer, ExDesktopObjectType, RtlCopyUnicodeString, ExRaiseAccessViolation, PsProcessType, PsGetCurrentProcessWin32Process, PsGetProcessPeb, RtlInitUnicodeString, RtlAreAnyAccessesGranted, KeDetachProcess, KeAttachProcess, PsGetJobUIRestrictionsClass, PsGetJobLock, PsJobType, RtlIntegerToUnicode, RtlIntegerToUnicodeString, PsGetThreadId, PsGetThreadProcessId, PsDereferenceImpersonationToken, PsDereferencePrimaryToken, SeTokenType, SeCreateClientSecurity, ZwClose, ZwQueryInformationToken, SeReleaseSecurityDescriptor, ZwFreeVirtualMemory, SeCaptureSecurityDescriptor, ZwAllocateVirtualMemory, KeInitializeEvent, ObDeleteCapturedInsertInfo, MmCreateSection, MmMapViewInSessionSpace, MmUnmapViewInSessionSpace, RtlAllocateHeap, ExDeleteResourceLite, ExInitializeResourceLite, ZwCreateDirectoryObject, RtlUnicodeStringToInteger, MmMapViewOfSection, KeBugCheckEx, ZwOpenKey, ZwSetSystemInformation, NlsMbCodePageTag, NlsAnsiCodePage, ZwQueryValueKey, RtlQueryElevationFlags, RtlCheckRegistryKey, ExWindowStationObjectType, PsGetThreadProcess, PsIsSystemThread, PsReleaseProcessExitSynchronization, KeUnstackDetachProcess, KeStackAttachProcess, PsAcquireProcessExitSynchronization, PsIsProtectedProcess, PsGetProcessJob, PsGetProcessWin32WindowStation, InterlockedCompareExchange, SeSinglePrivilegeCheck, InterlockedPopEntrySList, InterlockedPushEntrySList, RtlFreeHeap, SeQueryAuthenticationIdToken, PsReferencePrimaryToken, PsGetProcessInheritedFromUniqueProcessId, PsSetProcessWindowStation, RtlCompareUnicodeString, ZwQueryDefaultLocale, PsGetProcessCreateTimeQuadPart, KeQuerySystemTime, KeClearEvent, ExDeletePagedLookasideList, ExIsResourceAcquiredExclusiveLite, RtlInitializeBitMap, ExInitializePagedLookasideList, KeWaitForMultipleObjects, KeWaitForSingleObject, KeSetEvent, PsIsThreadTerminating, ZwQueryInformationProcess, PsGetCurrentProcessSessionId, PsGetProcessId, PsGetProcessExitStatus, ExEventObjectType, ZwCreateEvent, ObReferenceObjectByPointer, RtlAnsiStringToUnicodeString, RtlInitAnsiString, PsGetProcessImageFileName, PsThreadType, SeQueryInformationToken, PsGetProcessExitProcessCalled, KeSetKernelStackSwapEnable, ZwTerminateProcess, PsGetProcessSectionBaseAddress, RtlDestroyHeap, EtwUnregister, RtlDestroyAtomTable, KeCancelTimer, KeRemoveSystemServiceTable, RtlGetIntegerAtom, InterlockedDecrement, NtQueryInformationProcess, IoCreateDriver, ExInitializeRundownProtection, KeQueryInterruptTime, EtwRegister, MmPageEntireDriver, PsEstablishWin32Callouts, KeAddSystemServiceTable, MmUserProbeAddress, KeDelayExecutionThread, ExRaiseHardError, ZwQueryDefaultUILanguage, ZwSetDefaultUILanguage, ZwSetDefaultLocale, ExAllocatePoolWithTagPriority, PsGetProcessDebugPort, KeSaveFloatingPointState, KeRestoreFloatingPointState, ZwYieldExecution, ObCreateObject, PsIsSystemProcess, RtlClearBits, RtlSetBits, ZwSetSecurityObject, RtlInitializeSid, RtlSubAuthoritySid, RtlLengthRequiredSid, RtlMapGenericMask, ObReleaseObjectSecurity, ObAssignSecurity, ObGetObjectSecurity, ObCheckCreateObjectAccess, RtlEqualUnicodeString, MmUnmapViewOfSection, PsGetProcessSessionIdEx, ObOpenObjectByName, PsGetThreadTeb, ObFindHandleForObject, RtlAppendUnicodeStringToString, RtlAppendUnicodeToString, PsGetCurrentThreadId, KePulseEvent, ZwSetInformationProcess, ZwSetInformationThread, ZwDuplicateObject, ExIsResourceAcquiredSharedLite, ExEnterPriorityRegionAndAcquireResourceExclusive, ExEnterPriorityRegionAndAcquireResourceShared, ExReleaseResourceAndLeavePriorityRegion, KeResetEvent, RtlQueryRegistryValues, IoGetRelatedDeviceObject, ZwDeviceIoControlFile, KeInitializeTimerEx, InitSafeBootMode, RtlAreAllAccessesGranted, SeDeleteAccessState, ObCheckObjectAccess, SeCreateAccessState, SeReleaseSubjectContext, SeUnlockSubjectContext, SePrivilegeObjectAuditAlarm, SePrivilegeCheck, SeLockSubjectContext, SeCaptureSubjectContext, RtlCopySid, RtlLengthSid, RtlSetGroupSecurityDescriptor, RtlSetOwnerSecurityDescriptor, RtlSetSaclSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlAddAce, RtlCreateAcl, RtlCreateSecurityDescriptor, SeExports, ObReferenceObjectByName, ObSetHandleAttributes, LpcRequestWaitReplyPort, LpcRequestPort, RtlPinAtomInAtomTable, RtlAddAtomToAtomTable, RtlCreateAtomTable, ExReleaseRundownProtection, SeDeassignSecurity, ObSetSecurityDescriptorInfo, SeAssignSecurity, ObInsertObject, ZwOpenDirectoryObject, ExAcquireRundownProtection, IoQueryDeviceDescription, PoSetSystemState, ExRundownCompleted, ExWaitForRundownProtectionRelease, PsCreateSystemThread, ZwQueryObject, IoDriverObjectType, ZwSetEvent, KeTestAlertThread, PoRequestShutdownEvent, KeInitializeTimer, ZwOpenProcessTokenEx, ZwOpenThreadTokenEx, SeTokenIsRestricted, PsReferenceImpersonationToken, RtlIntegerToChar, RtlUnicodeStringToAnsiString, EtwWrite, PsSetProcessPriorityByClass, PsSetProcessPriorityClass, PsGetProcessPriorityClass, EtwEventEnabled, ZwPowerInformation, IoGetStackLimits, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, MmSystemRangeStart, RtlMultiByteToUnicodeN, ZwEnumerateValueKey, ZwQueryKey, KeSetPriorityThread, RtlUnicodeToMultiByteN, RtlGetThreadLangIdByIndex, KeAlertThread, KeSetTimer, RtlFreeUnicodeString, RtlFormatCurrentUserKeyPath, ZwSetValueKey, RtlImageNtHeader, ExGetSharedWaiterCount, ExGetExclusiveWaiterCount, NlsOemCodePage, RtlLookupAtomInAtomTable, RtlDeleteAtomFromAtomTable, RtlQueryAtomInAtomTable, ZwReadFile, ZwQueryInformationFile, ZwQuerySymbolicLinkObject, ZwOpenSymbolicLinkObject, ZwCreateFile, ObQueryNameString, IoFileObjectType, SeImpersonateClientEx, InterlockedIncrement, RtlUnicodeToMultiByteSize, RtlMultiByteToUnicodeSize, KeUserModeCallback, LpcPortObjectType, IofCallDriver, IoBuildSynchronousFsdRequest, ZwOpenFile, IoBuildDeviceIoControlRequest, RtlCreateHeap, MmCommitSessionMappedView, ZwCancelIoFile, IoUnregisterPlugPlayNotification, IoGetDeviceObjectPointer, IoRegisterPlugPlayNotification, IoWMIQuerySingleInstance, IoWMIHandleToInstanceName, IoWMIOpenBlock, IoInvalidateDeviceRelations, IoPnPDeliverServicePowerNotification, PsGetThreadFreezeCount, PsGetCurrentThreadProcessId, PoUserShutdownInitiated, RtlFindMessage, RtlUnwind, RtlRaiseException, RtlAnsiCharToUnicodeChar, ZwQuerySystemInformation, ZwQueryLicenseValue, _alldvrm, ExEnterCriticalRegionAndAcquireResourceShared, KeAcquireGuardedMutex, KeReleaseGuardedMutex, PsGetCurrentThreadTeb, DbgPrintEx, DbgBreakPoint, MmSecureVirtualMemory, ExSystemTimeToLocalTime, KeEnterCriticalRegion, KeLeaveCriticalRegion, KeInitializeGuardedMutex, RtlInsertElementGenericTableAvl, MmUnsecureVirtualMemory, RtlDeleteElementGenericTableAvl, RtlLookupElementGenericTableAvl, KeInitializeDpc, ExIsProcessorFeaturePresent, RtlFillMemoryUlong, RtlTimeToTimeFields, KeExpandKernelStackAndCallout, KeReadStateEvent, LdrResFindResource, RtlGetDefaultCodePage, ZwDeleteFile, LdrResFindResourceDirectory, RtlUnicodeToCustomCPN, RtlCustomCPToUnicodeN, RtlInitCodePageTable, DbgPrint, RtlEqualSid, MmHighestUserAddress, PsRevertToSelf, RtlUnicodeToOemN, ZwCreateKey, RtlFreeAnsiString, RtlImageDirectoryEntryToData, _strnicmp, strncmp, RtlWriteRegistryValue, RtlDeleteRegistryValue, ZwEnumerateKey, IoOpenDeviceRegistryKey, RtlCompareMemory, toupper, IoGetDeviceInterfaces, IoGetDeviceProperty, ZwDeleteKey, IoOpenDeviceInterfaceRegistryKey, IoSynchronousInvalidateDeviceRelations, IoCreateFile, MmSectionObjectType, ZwCreateSection, ZwSetInformationFile, ZwQueryVolumeInformationFile, IoSetThreadHardErrorMode, RtlLookupElementGenericTable, RtlDeleteElementGenericTable, RtlInitializeGenericTable, RtlInsertElementGenericTable, ZwUnmapViewOfSection, PsGetCurrentThreadPreviousMode, PsGetCurrentThreadWin32ThreadAndEnterCriticalRegion, wcsspn, wcscspn, RtlCreateRegistryKey, RtlGetNtGlobalFlags, MmQuerySystemSize, RtlEnumerateGenericTableAvl, ZwMapViewOfSection, RtlInitializeGenericTableAvl, LpcRequestWaitReplyPortEx, NtClose, KeAreApcsDisabled, RtlUpcaseUnicodeString, RtlExtendedLargeIntegerDivide, IoQueueThreadIrp, IoBuildAsynchronousFsdRequest, qsort, KeInitializeMutex, KeReleaseMutex, MmAddVerifierThunks, MmIsVerifierEnabled, RtlRandom, PsGetCurrentThreadWin32Thread
> msrpc.sys: RpcBindingUnbind, NdrAsyncClientCall, RpcBindingCopy, I_RpcGetCompleteAndFreeRoutine, RpcBindingCreateW, RpcBindingBind, RpcAsyncInitializeHandle, RpcAsyncCancelCall, RpcAsyncCompleteCall, RpcBindingFree
> watchdog.sys: WdInitLogging, WdLogEvent5, WdEnterMonitoredSection, WdExitMonitoredSection, WdFreeDeferredWatchdog, WdStopDeferredWatch, WdStartDeferredWatch, WdAttachContext, WdAllocateDeferredWatchdog, DMgrIsSetupRunning, WdSuspendDeferredWatch, WdResumeDeferredWatch, SMgrNotifySessionChange, SMgrRegisterGdiCallout, WdDiagShutdown, WdDiagNotifyUser, WdDiagInit
> HAL.dll: KeQueryPerformanceCounter
> Dxapi.sys: _DxApiGetVersion@0
( 241 exports )
BRUSHOBJ_hGetColorTransform, BRUSHOBJ_pvAllocRbrush, BRUSHOBJ_pvGetRbrush, BRUSHOBJ_ulGetBrushColor, CLIPOBJ_GetRgn, CLIPOBJ_bEnum, CLIPOBJ_cEnumStart, CLIPOBJ_ppoGetPath, EngAcquireSemaphore, EngAllocMem, EngAllocPrivateUserMem, EngAllocSectionMem, EngAllocUserMem, EngAlphaBlend, EngAssociateSurface, EngBitBlt, EngBugCheckEx, EngCheckAbort, EngClearEvent, EngCombineRgn, EngComputeGlyphSet, EngControlSprites, EngCopyBits, EngCopyRgn, EngCreateBitmap, EngCreateClip, EngCreateDeviceBitmap, EngCreateDeviceSurface, EngCreateDriverObj, EngCreateEvent, EngCreatePalette, EngCreatePath, EngCreateRectRgn, EngCreateSemaphore, EngCreateWnd, EngDebugBreak, EngDebugPrint, EngDeleteClip, EngDeleteDriverObj, EngDeleteEvent, EngDeleteFile, EngDeletePalette, EngDeletePath, EngDeleteRgn, EngDeleteSafeSemaphore, EngDeleteSemaphore, EngDeleteSurface, EngDeleteWnd, EngDeviceIoControl, EngDitherColor, EngDxIoctl, EngEnumForms, EngEqualRgn, EngEraseSurface, EngFileIoControl, EngFileWrite, EngFillPath, EngFindImageProcAddress, EngFindResource, EngFntCacheAlloc, EngFntCacheFault, EngFntCacheLookUp, EngFreeMem, EngFreeModule, EngFreePrivateUserMem, EngFreeSectionMem, EngFreeUserMem, EngGetCurrentCodePage, EngGetCurrentProcessId, EngGetCurrentThreadId, EngGetDriverName, EngGetFileChangeTime, EngGetFilePath, EngGetForm, EngGetLastError, EngGetPrinter, EngGetPrinterData, EngGetPrinterDataFileName, EngGetPrinterDriver, EngGetProcessHandle, EngGetRgnBox, EngGetRgnData, EngGetTickCount, EngGetType1FontList, EngGradientFill, EngHangNotification, EngInitializeSafeSemaphore, EngIntersectRgn, EngIsSemaphoreOwned, EngIsSemaphoreOwnedByCurrentThread, EngLineTo, EngLoadImage, EngLoadModule, EngLoadModuleForWrite, EngLockDirectDrawSurface, EngLockDriverObj, EngLockSurface, EngLpkInstalled, EngMapEvent, EngMapFile, EngMapFontFile, EngMapFontFileFD, EngMapModule, EngMapSection, EngMarkBandingSurface, EngModifySurface, EngMovePointer, EngMulDiv, EngMultiByteToUnicodeN, EngMultiByteToWideChar, EngNineGrid, EngOffsetRgn, EngPaint, EngPlgBlt, EngProbeForRead, EngProbeForReadAndWrite, EngQueryDeviceAttribute, EngQueryLocalTime, EngQueryPalette, EngQueryPerformanceCounter, EngQueryPerformanceFrequency, EngQuerySystemAttribute, EngQueryW32kCddInterface, EngReadStateEvent, EngRectInRgn, EngReleaseSemaphore, EngRestoreFloatingPointState, EngSaveFloatingPointState, EngSecureMem, EngSetEvent, EngSetLastError, EngSetPointerShape, EngSetPointerTag, EngSetPrinterData, EngSetRectRgn, EngSort, EngStretchBlt, EngStretchBltROP, EngStrokeAndFillPath, EngStrokePath, EngSubtractRgn, EngTextOut, EngTransparentBlt, EngUnicodeToMultiByteN, EngUnionRgn, EngUnloadImage, EngUnlockDirectDrawSurface, EngUnlockDriverObj, EngUnlockSurface, EngUnmapEvent, EngUnmapFile, EngUnmapFontFile, EngUnmapFontFileFD, EngUnsecureMem, EngWaitForSingleObject, EngWideCharToMultiByte, EngWritePrinter, EngXorRgn, FLOATOBJ_Add, FLOATOBJ_AddFloat, FLOATOBJ_AddFloatObj, FLOATOBJ_AddLong, FLOATOBJ_Div, FLOATOBJ_DivFloat, FLOATOBJ_DivFloatObj, FLOATOBJ_DivLong, FLOATOBJ_Equal, FLOATOBJ_EqualLong, FLOATOBJ_GetFloat, FLOATOBJ_GetLong, FLOATOBJ_GreaterThan, FLOATOBJ_GreaterThanLong, FLOATOBJ_LessThan, FLOATOBJ_LessThanLong, FLOATOBJ_Mul, FLOATOBJ_MulFloat, FLOATOBJ_MulFloatObj, FLOATOBJ_MulLong, FLOATOBJ_Neg, FLOATOBJ_SetFloat, FLOATOBJ_SetLong, FLOATOBJ_Sub, FLOATOBJ_SubFloat, FLOATOBJ_SubFloatObj, FLOATOBJ_SubLong, FONTOBJ_cGetAllGlyphHandles, FONTOBJ_cGetGlyphs, FONTOBJ_pQueryGlyphAttrs, FONTOBJ_pfdg, FONTOBJ_pifi, FONTOBJ_pjOpenTypeTablePointer, FONTOBJ_pvTrueTypeFontFile, FONTOBJ_pwszFontFilePaths, FONTOBJ_pxoGetXform, FONTOBJ_vGetInfo, HT_ComputeRGBGammaTable, HT_Get8BPPFormatPalette, HT_Get8BPPMaskPalette, HeapVidMemAllocAligned, PALOBJ_cGetColors, PATHOBJ_bCloseFigure, PATHOBJ_bEnum, PATHOBJ_bEnumClipLines, PATHOBJ_bMoveTo, PATHOBJ_bPolyBezierTo, PATHOBJ_bPolyLineTo, PATHOBJ_vEnumStart, PATHOBJ_vEnumStartClipLines, PATHOBJ_vGetBounds, RtlAnsiCharToUnicodeChar, RtlMultiByteToUnicodeN, RtlRaiseException, RtlUnicodeToMultiByteN, RtlUnicodeToMultiByteSize, RtlUnwind, RtlUpcaseUnicodeChar, RtlUpcaseUnicodeToMultiByteN, STROBJ_bEnum, STROBJ_bEnumPositionsOnly, STROBJ_bGetAdvanceWidths, STROBJ_dwGetCodePage, STROBJ_fxBreakExtra, STROBJ_fxCharacterExtra, STROBJ_vEnumStart, VidMemFree, WNDOBJ_bEnum, WNDOBJ_cEnumStart, WNDOBJ_vSetConsumer, XFORMOBJ_bApplyXform, XFORMOBJ_iGetFloatObjXform, XFORMOBJ_iGetXform, XLATEOBJ_cGetPalette, XLATEOBJ_hGetColorTransform, XLATEOBJ_iXlate, XLATEOBJ_piVector, _abnormal_termination, _except_handler2, _global_unwind2, _itoa, _itow, _local_unwind2
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Multi-User Win32 Driver
original name: win32k.sys
internal name: win32k.sys
file version.: 6.0.6002.18253 (vistasp2_gdr.100501-0336)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
a-squared 5.0.0.26 2010.06.14 -
AhnLab-V3 2010.06.14.02 2010.06.14 -
AntiVir 8.2.2.6 2010.06.14 -
Antiy-AVL 2.0.3.7 2010.06.11 -
Authentium 5.2.0.5 2010.06.14 -
Avast 4.8.1351.0 2010.06.14 -
Avast5 5.0.332.0 2010.06.14 -
AVG 9.0.0.787 2010.06.14 -
BitDefender 7.2 2010.06.14 -
CAT-QuickHeal 10.00 2010.06.14 -
ClamAV 0.96.0.3-git 2010.06.14 -
Comodo 5101 2010.06.14 -
DrWeb 5.0.2.03300 2010.06.14 -
eSafe 7.0.17.0 2010.06.14 -
eTrust-Vet 36.1.7632 2010.06.14 -
F-Prot 4.6.0.103 2010.06.14 -
F-Secure 9.0.15370.0 2010.06.14 -
Fortinet 4.1.133.0 2010.06.14 -
GData 21 2010.06.14 -
Ikarus T3.1.1.84.0 2010.06.14 -
Jiangmin 13.0.900 2010.06.14 -
Kaspersky 7.0.0.125 2010.06.14 -
McAfee 5.400.0.1158 2010.06.14 -
McAfee-GW-Edition 2010.1 2010.06.14 -
Microsoft 1.5802 2010.06.14 -
NOD32 5196 2010.06.14 -
Norman 6.04.12 2010.06.14 -
nProtect 2010-06-14.02 2010.06.14 -
Panda 10.0.2.7 2010.06.14 -
PCTools 7.0.3.5 2010.06.14 -
Rising 22.51.06.01 2010.06.13 -
Sophos 4.54.0 2010.06.14 -
Sunbelt 6447 2010.06.14 -
Symantec 20101.1.0.89 2010.06.14 -
TheHacker 6.5.2.0.298 2010.06.12 -
TrendMicro 9.120.0.1004 2010.06.14 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.14 -
VBA32 3.12.12.5 2010.06.14 -
ViRobot 2010.6.14.3884 2010.06.14 -
VirusBuster 5.0.27.0 2010.06.14 -
Information additionnelle
File size: 2037248 bytes
MD5...: de14b77e9a30588f944163bd0911edea
SHA1..: e1906b32cfa361b398581680d0d39ecb7e6c3d96
SHA256: 497f0b9d1f711effa861226d57166203857548f7501308429e72ca4c16f0e07b
ssdeep: 24576:mEZV6FLvNVWpw9dOCEDTqSrv/Mj7ppFJF4cLcCAQ/ayleuEu+KDh6Q9ZX5
7kwdSi:pqum+4bOYal/K9X9B5wwYjNfJX
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1eb0ec
timedatestamp.....: 0x4bdc370f (Sat May 01 14:13:35 2010)
machinetype.......: 0x14c (I386)
( 9 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1b80f3 0x1b8200 6.70 d8d1fd7989ea831c0ce665096ab73e9b
.rdata 0x1ba000 0x128fc 0x12a00 5.34 6b918756d407300d62cd7ccc754ed03e
.data 0x1cd000 0x187ac 0xbe00 5.78 30cef48ba4b0c7268dc6379fc50a0419
.kbdfall 0x1e6000 0x63c 0x800 3.98 ce31b21a1f15ff0085d9a0a9165bffee
PAGE 0x1e7000 0x4c0 0x600 5.20 3e4ee64823b9fa517ff5dc254655e801
.edata 0x1e8000 0x1ca3 0x1e00 5.84 d6060da2d87d969dccf7a8fba74fa6e4
INIT 0x1ea000 0x5df4 0x5e00 6.73 732aac3215ca5b2a8a24e1ebfddc09fc
.rsrc 0x1f0000 0x2890 0x2a00 3.56 fb082216a68ed23e870b164349039e9c
.reloc 0x1f3000 0xf2bc 0xf400 6.76 5b5826166d1cca99ca43aa4a2f984b1b
( 5 imports )
> ntoskrnl.exe: KeTickCount, ExReleaseFastMutexUnsafeAndLeaveCriticalRegion, PsGetThreadWin32Thread, PsSetThreadWin32Thread, PsGetCurrentProcessId, memset, ExEnterCriticalRegionAndAcquireFastMutexUnsafe, PsGetProcessWin32Process, PsSetProcessWin32Process, ExFreePoolWithTag, ObfDereferenceObject, ObfReferenceObject, ExAllocatePoolWithQuotaTag, ExRaiseDatatypeMisalignment, ProbeForWrite, KeGetCurrentThread, ObReferenceObjectByHandle, ExAllocatePoolWithTag, PsGetProcessSessionId, PsLookupProcessByProcessId, PsGetThreadSessionId, PsLookupThreadByThreadId, InterlockedExchange, ExEnterCriticalRegionAndAcquireResourceExclusive, ExReleaseResourceAndLeaveCriticalRegion, ObCloseHandle, PsGetCurrentProcess, ExRaiseStatus, ExFreePool, RtlNtStatusToDosError, ObOpenObjectByPointer, ExDesktopObjectType, RtlCopyUnicodeString, ExRaiseAccessViolation, PsProcessType, PsGetCurrentProcessWin32Process, PsGetProcessPeb, RtlInitUnicodeString, RtlAreAnyAccessesGranted, KeDetachProcess, KeAttachProcess, PsGetJobUIRestrictionsClass, PsGetJobLock, PsJobType, RtlIntegerToUnicode, RtlIntegerToUnicodeString, PsGetThreadId, PsGetThreadProcessId, PsDereferenceImpersonationToken, PsDereferencePrimaryToken, SeTokenType, SeCreateClientSecurity, ZwClose, ZwQueryInformationToken, SeReleaseSecurityDescriptor, ZwFreeVirtualMemory, SeCaptureSecurityDescriptor, ZwAllocateVirtualMemory, KeInitializeEvent, ObDeleteCapturedInsertInfo, MmCreateSection, MmMapViewInSessionSpace, MmUnmapViewInSessionSpace, RtlAllocateHeap, ExDeleteResourceLite, ExInitializeResourceLite, ZwCreateDirectoryObject, RtlUnicodeStringToInteger, MmMapViewOfSection, KeBugCheckEx, ZwOpenKey, ZwSetSystemInformation, NlsMbCodePageTag, NlsAnsiCodePage, ZwQueryValueKey, RtlQueryElevationFlags, RtlCheckRegistryKey, ExWindowStationObjectType, PsGetThreadProcess, PsIsSystemThread, PsReleaseProcessExitSynchronization, KeUnstackDetachProcess, KeStackAttachProcess, PsAcquireProcessExitSynchronization, PsIsProtectedProcess, PsGetProcessJob, PsGetProcessWin32WindowStation, InterlockedCompareExchange, SeSinglePrivilegeCheck, InterlockedPopEntrySList, InterlockedPushEntrySList, RtlFreeHeap, SeQueryAuthenticationIdToken, PsReferencePrimaryToken, PsGetProcessInheritedFromUniqueProcessId, PsSetProcessWindowStation, RtlCompareUnicodeString, ZwQueryDefaultLocale, PsGetProcessCreateTimeQuadPart, KeQuerySystemTime, KeClearEvent, ExDeletePagedLookasideList, ExIsResourceAcquiredExclusiveLite, RtlInitializeBitMap, ExInitializePagedLookasideList, KeWaitForMultipleObjects, KeWaitForSingleObject, KeSetEvent, PsIsThreadTerminating, ZwQueryInformationProcess, PsGetCurrentProcessSessionId, PsGetProcessId, PsGetProcessExitStatus, ExEventObjectType, ZwCreateEvent, ObReferenceObjectByPointer, RtlAnsiStringToUnicodeString, RtlInitAnsiString, PsGetProcessImageFileName, PsThreadType, SeQueryInformationToken, PsGetProcessExitProcessCalled, KeSetKernelStackSwapEnable, ZwTerminateProcess, PsGetProcessSectionBaseAddress, RtlDestroyHeap, EtwUnregister, RtlDestroyAtomTable, KeCancelTimer, KeRemoveSystemServiceTable, RtlGetIntegerAtom, InterlockedDecrement, NtQueryInformationProcess, IoCreateDriver, ExInitializeRundownProtection, KeQueryInterruptTime, EtwRegister, MmPageEntireDriver, PsEstablishWin32Callouts, KeAddSystemServiceTable, MmUserProbeAddress, KeDelayExecutionThread, ExRaiseHardError, ZwQueryDefaultUILanguage, ZwSetDefaultUILanguage, ZwSetDefaultLocale, ExAllocatePoolWithTagPriority, PsGetProcessDebugPort, KeSaveFloatingPointState, KeRestoreFloatingPointState, ZwYieldExecution, ObCreateObject, PsIsSystemProcess, RtlClearBits, RtlSetBits, ZwSetSecurityObject, RtlInitializeSid, RtlSubAuthoritySid, RtlLengthRequiredSid, RtlMapGenericMask, ObReleaseObjectSecurity, ObAssignSecurity, ObGetObjectSecurity, ObCheckCreateObjectAccess, RtlEqualUnicodeString, MmUnmapViewOfSection, PsGetProcessSessionIdEx, ObOpenObjectByName, PsGetThreadTeb, ObFindHandleForObject, RtlAppendUnicodeStringToString, RtlAppendUnicodeToString, PsGetCurrentThreadId, KePulseEvent, ZwSetInformationProcess, ZwSetInformationThread, ZwDuplicateObject, ExIsResourceAcquiredSharedLite, ExEnterPriorityRegionAndAcquireResourceExclusive, ExEnterPriorityRegionAndAcquireResourceShared, ExReleaseResourceAndLeavePriorityRegion, KeResetEvent, RtlQueryRegistryValues, IoGetRelatedDeviceObject, ZwDeviceIoControlFile, KeInitializeTimerEx, InitSafeBootMode, RtlAreAllAccessesGranted, SeDeleteAccessState, ObCheckObjectAccess, SeCreateAccessState, SeReleaseSubjectContext, SeUnlockSubjectContext, SePrivilegeObjectAuditAlarm, SePrivilegeCheck, SeLockSubjectContext, SeCaptureSubjectContext, RtlCopySid, RtlLengthSid, RtlSetGroupSecurityDescriptor, RtlSetOwnerSecurityDescriptor, RtlSetSaclSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlAddAce, RtlCreateAcl, RtlCreateSecurityDescriptor, SeExports, ObReferenceObjectByName, ObSetHandleAttributes, LpcRequestWaitReplyPort, LpcRequestPort, RtlPinAtomInAtomTable, RtlAddAtomToAtomTable, RtlCreateAtomTable, ExReleaseRundownProtection, SeDeassignSecurity, ObSetSecurityDescriptorInfo, SeAssignSecurity, ObInsertObject, ZwOpenDirectoryObject, ExAcquireRundownProtection, IoQueryDeviceDescription, PoSetSystemState, ExRundownCompleted, ExWaitForRundownProtectionRelease, PsCreateSystemThread, ZwQueryObject, IoDriverObjectType, ZwSetEvent, KeTestAlertThread, PoRequestShutdownEvent, KeInitializeTimer, ZwOpenProcessTokenEx, ZwOpenThreadTokenEx, SeTokenIsRestricted, PsReferenceImpersonationToken, RtlIntegerToChar, RtlUnicodeStringToAnsiString, EtwWrite, PsSetProcessPriorityByClass, PsSetProcessPriorityClass, PsGetProcessPriorityClass, EtwEventEnabled, ZwPowerInformation, IoGetStackLimits, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, MmSystemRangeStart, RtlMultiByteToUnicodeN, ZwEnumerateValueKey, ZwQueryKey, KeSetPriorityThread, RtlUnicodeToMultiByteN, RtlGetThreadLangIdByIndex, KeAlertThread, KeSetTimer, RtlFreeUnicodeString, RtlFormatCurrentUserKeyPath, ZwSetValueKey, RtlImageNtHeader, ExGetSharedWaiterCount, ExGetExclusiveWaiterCount, NlsOemCodePage, RtlLookupAtomInAtomTable, RtlDeleteAtomFromAtomTable, RtlQueryAtomInAtomTable, ZwReadFile, ZwQueryInformationFile, ZwQuerySymbolicLinkObject, ZwOpenSymbolicLinkObject, ZwCreateFile, ObQueryNameString, IoFileObjectType, SeImpersonateClientEx, InterlockedIncrement, RtlUnicodeToMultiByteSize, RtlMultiByteToUnicodeSize, KeUserModeCallback, LpcPortObjectType, IofCallDriver, IoBuildSynchronousFsdRequest, ZwOpenFile, IoBuildDeviceIoControlRequest, RtlCreateHeap, MmCommitSessionMappedView, ZwCancelIoFile, IoUnregisterPlugPlayNotification, IoGetDeviceObjectPointer, IoRegisterPlugPlayNotification, IoWMIQuerySingleInstance, IoWMIHandleToInstanceName, IoWMIOpenBlock, IoInvalidateDeviceRelations, IoPnPDeliverServicePowerNotification, PsGetThreadFreezeCount, PsGetCurrentThreadProcessId, PoUserShutdownInitiated, RtlFindMessage, RtlUnwind, RtlRaiseException, RtlAnsiCharToUnicodeChar, ZwQuerySystemInformation, ZwQueryLicenseValue, _alldvrm, ExEnterCriticalRegionAndAcquireResourceShared, KeAcquireGuardedMutex, KeReleaseGuardedMutex, PsGetCurrentThreadTeb, DbgPrintEx, DbgBreakPoint, MmSecureVirtualMemory, ExSystemTimeToLocalTime, KeEnterCriticalRegion, KeLeaveCriticalRegion, KeInitializeGuardedMutex, RtlInsertElementGenericTableAvl, MmUnsecureVirtualMemory, RtlDeleteElementGenericTableAvl, RtlLookupElementGenericTableAvl, KeInitializeDpc, ExIsProcessorFeaturePresent, RtlFillMemoryUlong, RtlTimeToTimeFields, KeExpandKernelStackAndCallout, KeReadStateEvent, LdrResFindResource, RtlGetDefaultCodePage, ZwDeleteFile, LdrResFindResourceDirectory, RtlUnicodeToCustomCPN, RtlCustomCPToUnicodeN, RtlInitCodePageTable, DbgPrint, RtlEqualSid, MmHighestUserAddress, PsRevertToSelf, RtlUnicodeToOemN, ZwCreateKey, RtlFreeAnsiString, RtlImageDirectoryEntryToData, _strnicmp, strncmp, RtlWriteRegistryValue, RtlDeleteRegistryValue, ZwEnumerateKey, IoOpenDeviceRegistryKey, RtlCompareMemory, toupper, IoGetDeviceInterfaces, IoGetDeviceProperty, ZwDeleteKey, IoOpenDeviceInterfaceRegistryKey, IoSynchronousInvalidateDeviceRelations, IoCreateFile, MmSectionObjectType, ZwCreateSection, ZwSetInformationFile, ZwQueryVolumeInformationFile, IoSetThreadHardErrorMode, RtlLookupElementGenericTable, RtlDeleteElementGenericTable, RtlInitializeGenericTable, RtlInsertElementGenericTable, ZwUnmapViewOfSection, PsGetCurrentThreadPreviousMode, PsGetCurrentThreadWin32ThreadAndEnterCriticalRegion, wcsspn, wcscspn, RtlCreateRegistryKey, RtlGetNtGlobalFlags, MmQuerySystemSize, RtlEnumerateGenericTableAvl, ZwMapViewOfSection, RtlInitializeGenericTableAvl, LpcRequestWaitReplyPortEx, NtClose, KeAreApcsDisabled, RtlUpcaseUnicodeString, RtlExtendedLargeIntegerDivide, IoQueueThreadIrp, IoBuildAsynchronousFsdRequest, qsort, KeInitializeMutex, KeReleaseMutex, MmAddVerifierThunks, MmIsVerifierEnabled, RtlRandom, PsGetCurrentThreadWin32Thread
> msrpc.sys: RpcBindingUnbind, NdrAsyncClientCall, RpcBindingCopy, I_RpcGetCompleteAndFreeRoutine, RpcBindingCreateW, RpcBindingBind, RpcAsyncInitializeHandle, RpcAsyncCancelCall, RpcAsyncCompleteCall, RpcBindingFree
> watchdog.sys: WdInitLogging, WdLogEvent5, WdEnterMonitoredSection, WdExitMonitoredSection, WdFreeDeferredWatchdog, WdStopDeferredWatch, WdStartDeferredWatch, WdAttachContext, WdAllocateDeferredWatchdog, DMgrIsSetupRunning, WdSuspendDeferredWatch, WdResumeDeferredWatch, SMgrNotifySessionChange, SMgrRegisterGdiCallout, WdDiagShutdown, WdDiagNotifyUser, WdDiagInit
> HAL.dll: KeQueryPerformanceCounter
> Dxapi.sys: _DxApiGetVersion@0
( 241 exports )
BRUSHOBJ_hGetColorTransform, BRUSHOBJ_pvAllocRbrush, BRUSHOBJ_pvGetRbrush, BRUSHOBJ_ulGetBrushColor, CLIPOBJ_GetRgn, CLIPOBJ_bEnum, CLIPOBJ_cEnumStart, CLIPOBJ_ppoGetPath, EngAcquireSemaphore, EngAllocMem, EngAllocPrivateUserMem, EngAllocSectionMem, EngAllocUserMem, EngAlphaBlend, EngAssociateSurface, EngBitBlt, EngBugCheckEx, EngCheckAbort, EngClearEvent, EngCombineRgn, EngComputeGlyphSet, EngControlSprites, EngCopyBits, EngCopyRgn, EngCreateBitmap, EngCreateClip, EngCreateDeviceBitmap, EngCreateDeviceSurface, EngCreateDriverObj, EngCreateEvent, EngCreatePalette, EngCreatePath, EngCreateRectRgn, EngCreateSemaphore, EngCreateWnd, EngDebugBreak, EngDebugPrint, EngDeleteClip, EngDeleteDriverObj, EngDeleteEvent, EngDeleteFile, EngDeletePalette, EngDeletePath, EngDeleteRgn, EngDeleteSafeSemaphore, EngDeleteSemaphore, EngDeleteSurface, EngDeleteWnd, EngDeviceIoControl, EngDitherColor, EngDxIoctl, EngEnumForms, EngEqualRgn, EngEraseSurface, EngFileIoControl, EngFileWrite, EngFillPath, EngFindImageProcAddress, EngFindResource, EngFntCacheAlloc, EngFntCacheFault, EngFntCacheLookUp, EngFreeMem, EngFreeModule, EngFreePrivateUserMem, EngFreeSectionMem, EngFreeUserMem, EngGetCurrentCodePage, EngGetCurrentProcessId, EngGetCurrentThreadId, EngGetDriverName, EngGetFileChangeTime, EngGetFilePath, EngGetForm, EngGetLastError, EngGetPrinter, EngGetPrinterData, EngGetPrinterDataFileName, EngGetPrinterDriver, EngGetProcessHandle, EngGetRgnBox, EngGetRgnData, EngGetTickCount, EngGetType1FontList, EngGradientFill, EngHangNotification, EngInitializeSafeSemaphore, EngIntersectRgn, EngIsSemaphoreOwned, EngIsSemaphoreOwnedByCurrentThread, EngLineTo, EngLoadImage, EngLoadModule, EngLoadModuleForWrite, EngLockDirectDrawSurface, EngLockDriverObj, EngLockSurface, EngLpkInstalled, EngMapEvent, EngMapFile, EngMapFontFile, EngMapFontFileFD, EngMapModule, EngMapSection, EngMarkBandingSurface, EngModifySurface, EngMovePointer, EngMulDiv, EngMultiByteToUnicodeN, EngMultiByteToWideChar, EngNineGrid, EngOffsetRgn, EngPaint, EngPlgBlt, EngProbeForRead, EngProbeForReadAndWrite, EngQueryDeviceAttribute, EngQueryLocalTime, EngQueryPalette, EngQueryPerformanceCounter, EngQueryPerformanceFrequency, EngQuerySystemAttribute, EngQueryW32kCddInterface, EngReadStateEvent, EngRectInRgn, EngReleaseSemaphore, EngRestoreFloatingPointState, EngSaveFloatingPointState, EngSecureMem, EngSetEvent, EngSetLastError, EngSetPointerShape, EngSetPointerTag, EngSetPrinterData, EngSetRectRgn, EngSort, EngStretchBlt, EngStretchBltROP, EngStrokeAndFillPath, EngStrokePath, EngSubtractRgn, EngTextOut, EngTransparentBlt, EngUnicodeToMultiByteN, EngUnionRgn, EngUnloadImage, EngUnlockDirectDrawSurface, EngUnlockDriverObj, EngUnlockSurface, EngUnmapEvent, EngUnmapFile, EngUnmapFontFile, EngUnmapFontFileFD, EngUnsecureMem, EngWaitForSingleObject, EngWideCharToMultiByte, EngWritePrinter, EngXorRgn, FLOATOBJ_Add, FLOATOBJ_AddFloat, FLOATOBJ_AddFloatObj, FLOATOBJ_AddLong, FLOATOBJ_Div, FLOATOBJ_DivFloat, FLOATOBJ_DivFloatObj, FLOATOBJ_DivLong, FLOATOBJ_Equal, FLOATOBJ_EqualLong, FLOATOBJ_GetFloat, FLOATOBJ_GetLong, FLOATOBJ_GreaterThan, FLOATOBJ_GreaterThanLong, FLOATOBJ_LessThan, FLOATOBJ_LessThanLong, FLOATOBJ_Mul, FLOATOBJ_MulFloat, FLOATOBJ_MulFloatObj, FLOATOBJ_MulLong, FLOATOBJ_Neg, FLOATOBJ_SetFloat, FLOATOBJ_SetLong, FLOATOBJ_Sub, FLOATOBJ_SubFloat, FLOATOBJ_SubFloatObj, FLOATOBJ_SubLong, FONTOBJ_cGetAllGlyphHandles, FONTOBJ_cGetGlyphs, FONTOBJ_pQueryGlyphAttrs, FONTOBJ_pfdg, FONTOBJ_pifi, FONTOBJ_pjOpenTypeTablePointer, FONTOBJ_pvTrueTypeFontFile, FONTOBJ_pwszFontFilePaths, FONTOBJ_pxoGetXform, FONTOBJ_vGetInfo, HT_ComputeRGBGammaTable, HT_Get8BPPFormatPalette, HT_Get8BPPMaskPalette, HeapVidMemAllocAligned, PALOBJ_cGetColors, PATHOBJ_bCloseFigure, PATHOBJ_bEnum, PATHOBJ_bEnumClipLines, PATHOBJ_bMoveTo, PATHOBJ_bPolyBezierTo, PATHOBJ_bPolyLineTo, PATHOBJ_vEnumStart, PATHOBJ_vEnumStartClipLines, PATHOBJ_vGetBounds, RtlAnsiCharToUnicodeChar, RtlMultiByteToUnicodeN, RtlRaiseException, RtlUnicodeToMultiByteN, RtlUnicodeToMultiByteSize, RtlUnwind, RtlUpcaseUnicodeChar, RtlUpcaseUnicodeToMultiByteN, STROBJ_bEnum, STROBJ_bEnumPositionsOnly, STROBJ_bGetAdvanceWidths, STROBJ_dwGetCodePage, STROBJ_fxBreakExtra, STROBJ_fxCharacterExtra, STROBJ_vEnumStart, VidMemFree, WNDOBJ_bEnum, WNDOBJ_cEnumStart, WNDOBJ_vSetConsumer, XFORMOBJ_bApplyXform, XFORMOBJ_iGetFloatObjXform, XFORMOBJ_iGetXform, XLATEOBJ_cGetPalette, XLATEOBJ_hGetColorTransform, XLATEOBJ_iXlate, XLATEOBJ_piVector, _abnormal_termination, _except_handler2, _global_unwind2, _itoa, _itow, _local_unwind2
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Multi-User Win32 Driver
original name: win32k.sys
internal name: win32k.sys
file version.: 6.0.6002.18253 (vistasp2_gdr.100501-0336)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
