Trojan-Dropper.Win32.Agent.akh (Kaspersky), Trojan.Muldrop.BDT (B) (Emsisoft), Trojan.Muldrop.BDT (AdAware), Trojan.Win32.Bumat.FD, Trojan.Win32.Sasfis.FD, Virus.Win32.Parite.B.FD, VirusParite.YR, GenericPhysicalDrive0.YR, BankerGeneric.YR (Lavasoft MAS)Behaviour: Trojan-Dropper, Banker, Trojan, Virus
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 595d2fe55837abb03136f44d32f550f2
SHA1: 9fa3ef3475d0bbe01f00c1734918d440027322f3
SHA256: 3830cab6ab5014f5453af5bd3d03f3fa671193032b6648a4b547c7c3b56041fc
SSDeep: 24576:b4usE2ccfcdSkvRryzXkfcdSkvRryzXEfcdSkvRryzXfU8ZKneTe:rn2VCSkvRGzXACSkvRGzXgCSkvRGzXf
Size: 1511424 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: PolyEnE001byLennartHedlund, WinUpackv030beta, Upackv032Beta, UPolyXv05_v6
Company: CamStudio Group
Created at: no data
Analyzed on: Windows7 SP1 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
DATA0002.EXE:2956
%original file name%.exe:1760
Rundll32.exe:2696
Rundll32.exe:316
SysAnti.exe:440
DATA0000.EXE:1904
DrvInst.exe:1272
The Trojan injects its code into the following process(es):
rundll32.exe:3876
DATA0003.EXE:2060
DATA0001.EXE:2936
Svchost.exe:2920
IEXPLORE.EXE:2064
Explorer.EXE:2024
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process DATA0002.EXE:2956 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\~DFE0F5.tmp (49 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ila7751.tmp (11186 bytes)
C:\my.sys (2 bytes)
The Trojan deletes the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\~DFE0F5.tmp (0 bytes)
The process %original file name%.exe:1760 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DATA0003.EXE (1766 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DATA0001.EXE (77 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DATA0002.EXE (618 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DATA0000.EXE (552 bytes)
The process Rundll32.exe:2696 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Windows\Fonts\upho.fon (6 bytes)
C:\Windows\Fonts\kdjnc.fon (32 bytes)
The Trojan deletes the following file(s):
C:\Windows\Fonts\upho.fon (0 bytes)
The process Rundll32.exe:316 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Windows\Fonts\lmiv.fon (6 bytes)
The Trojan deletes the following file(s):
C:\Windows\Fonts\lmiv.fon (0 bytes)
The process SysAnti.exe:440 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Windows\Fonts\kdjnc.fon (32 bytes)
The process DATA0003.EXE:2060 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\~DFE0F5.tmp (49 bytes)
\Device\Harddisk0\DR0 (7 bytes)
C:\my.sys (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\gla7742.tmp (11186 bytes)
The Trojan deletes the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\hook.rom (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\~DFE0F5.tmp (0 bytes)
C:\Windows\System32\drivers\bios.sys (0 bytes)
The process DATA0001.EXE:2936 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files%\RAV\CCtest.sys (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\3120.reg (58 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{70c86755-ad3c-5798-9568-7366bcb29155}\SETAAFF.tmp (4 bytes)
%Program Files%\RAV\CCtest.inf (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{70c86755-ad3c-5798-9568-7366bcb29155}\SETAAEE.tmp (7 bytes)
The Trojan deletes the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{70c86755-ad3c-5798-9568-7366bcb29155}\SETAAEE.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\3120.reg (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{70c86755-ad3c-5798-9568-7366bcb29155}\SETAAFF.tmp (0 bytes)
The process DATA0000.EXE:1904 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\gla7741.tmp (11186 bytes)
C:\Windows\Fonts\ghhtc.fon (32 bytes)
%Program Files%\Common Files\SysAnti.exe (1703 bytes)
The process DrvInst.exe:1272 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Windows\System32\DriverStore\Temp\{64e28f61-4fd2-0c4d-bc44-540856657538}\SETAB4C.tmp (7 bytes)
C:\Windows\System32\DriverStore\Temp\{64e28f61-4fd2-0c4d-bc44-540856657538}\SETAB5C.tmp (4 bytes)
The Trojan deletes the following file(s):
C:\Windows\System32\DriverStore\Temp\{64e28f61-4fd2-0c4d-bc44-540856657538}\SETAB4C.tmp (0 bytes)
C:\Windows\System32\DriverStore\Temp\{64e28f61-4fd2-0c4d-bc44-540856657538}\SETAB5C.tmp (0 bytes)
Registry activity
The process SysAnti.exe:440 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
"SysAnti" = "%Program Files%\Common Files\SysAnti.exe"
The process DATA0001.EXE:2936 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SYSTEM\Setup\SetupapiLogStatus]
"setupapi.dev.log" = "4096"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
[HKLM\SYSTEM\Setup\SetupapiLogStatus]
"setupapi.app.log" = "4096"
[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E]
"LanguageList" = "en-US, en"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"
The Trojan deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
The process DATA0000.EXE:1904 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
[HKLM\SOFTWARE\Microsoft\Tracing\DATA0000_RASMANCS]
"FileDirectory" = "%windir%\tracing"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 3C 00 00 00 09 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"
[HKLM\SOFTWARE\Microsoft\Tracing\DATA0000_RASMANCS]
"EnableFileTracing" = "0"
[HKLM\SOFTWARE\Microsoft\Tracing\DATA0000_RASAPI32]
"FileDirectory" = "%windir%\tracing"
[HKLM\SOFTWARE\Microsoft\Tracing\DATA0000_RASMANCS]
"FileTracingMask" = "4294901760"
[HKLM\SOFTWARE\Microsoft\Tracing\DATA0000_RASAPI32]
"ConsoleTracingMask" = "4294901760"
"MaxFileSize" = "1048576"
[HKLM\SOFTWARE\Microsoft\Tracing\DATA0000_RASMANCS]
"EnableConsoleTracing" = "0"
"MaxFileSize" = "1048576"
"ConsoleTracingMask" = "4294901760"
[HKLM\SOFTWARE\Microsoft\Tracing\DATA0000_RASAPI32]
"FileTracingMask" = "4294901760"
"EnableFileTracing" = "0"
"EnableConsoleTracing" = "0"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"
Dropped PE files
MD5 | File path |
---|---|
861d9fee9290c78c2e794b3ca6e9bc77 | c:\%original file name%.exe |
7d6b20a018d24a25a55fbed8a68a92eb | c:\Program Files\Common Files\SysAnti.exe |
a9c38565a7134c16225faf7ccd96cd61 | c:\Program Files\RAV\CCtest.sys |
7d6b20a018d24a25a55fbed8a68a92eb | c:\SysAnti.exe |
78822fff0494912dc394c5095894cee7 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\DATA0001.EXE |
1e7c93864220813b5b0a52e7893cf2b6 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\DATA0002.EXE |
cbfcc5ef142c580c55a602ed1397ceea | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\DATA0003.EXE |
685f1cbd4af30a1d0c25f252d399a666 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\gla7741.tmp |
685f1cbd4af30a1d0c25f252d399a666 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\gla7742.tmp |
685f1cbd4af30a1d0c25f252d399a666 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\ila7751.tmp |
a9c38565a7134c16225faf7ccd96cd61 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\{70c86755-ad3c-5798-9568-7366bcb29155}\CCTest.sys |
650284d127f208fef9ac26f5aed9aa4e | c:\Windows\Fonts\ghhtc.fon |
650284d127f208fef9ac26f5aed9aa4e | c:\Windows\Fonts\kdjnc.fon |
a9c38565a7134c16225faf7ccd96cd61 | c:\Windows\System32\DriverStore\Temp\{64e28f61-4fd2-0c4d-bc44-540856657538}\CCTest.sys |
ec313b6fbc41d3372949799ba59715f4 | c:\Windows\flash.dll |
353c3e4b55cb94a6e6a54dc423bddc6d | c:\my.sys |
HOSTS file anomalies
The Trojan modifies "%System%\drivers\etc\hosts" file which is used to translate DNS entries to IP addresses. The modified file is 794 bytes in size. The following strings are added to the hosts file listed below:
127.0.0.1 | www.360.cn |
127.0.0.1 | www.360safe.cn |
127.0.0.1 | www.360safe.com |
127.0.0.1 | www.chinakv.com |
127.0.0.1 | www.rising.com.cn |
127.0.0.1 | rising.com.cn |
127.0.0.1 | dl.jiangmin.com |
127.0.0.1 | jiangmin.com |
127.0.0.1 | www.jiangmin.com |
127.0.0.1 | www.duba.net |
127.0.0.1 | www.eset.com.cn |
127.0.0.1 | www.nod32.com |
127.0.0.1 | shadu.duba.net |
127.0.0.1 | union.kingsoft.com |
127.0.0.1 | www.kaspersky.com.cn |
127.0.0.1 | kaspersky.com.cn |
127.0.0.1 | virustotal.com |
127.0.0.1 | virscan.org |
127.0.0.1 | www.virscan.org |
127.0.0.1 | www.kaspersky.com |
127.0.0.1 | www.cnnod32.cn |
127.0.0.1 | www.lanniao.org |
127.0.0.1 | www.nod32club.com |
127.0.0.1 | www.dswlab.com |
127.0.0.1 | bbs.sucop.com |
127.0.0.1 | www.virustotal.com |
127.0.0.1 | tool.ikaka.com |
127.0.0.1 | 360.qihoo.com |
127.0.0.1 | www.kafan.cn |
127.0.0.1 | bbs.kafan.cn |
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
DATA0002.EXE:2956
%original file name%.exe:1760
Rundll32.exe:2696
Rundll32.exe:316
SysAnti.exe:440
DATA0000.EXE:1904
DrvInst.exe:1272 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\~DFE0F5.tmp (49 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ila7751.tmp (11186 bytes)
C:\my.sys (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DATA0003.EXE (1766 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DATA0001.EXE (77 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DATA0002.EXE (618 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DATA0000.EXE (552 bytes)
C:\Windows\Fonts\upho.fon (6 bytes)
C:\Windows\Fonts\kdjnc.fon (32 bytes)
C:\Windows\Fonts\lmiv.fon (6 bytes)
\Device\Harddisk0\DR0 (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\gla7742.tmp (11186 bytes)
%Program Files%\RAV\CCtest.sys (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\3120.reg (58 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{70c86755-ad3c-5798-9568-7366bcb29155}\SETAAFF.tmp (4 bytes)
%Program Files%\RAV\CCtest.inf (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{70c86755-ad3c-5798-9568-7366bcb29155}\SETAAEE.tmp (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\gla7741.tmp (11186 bytes)
C:\Windows\Fonts\ghhtc.fon (32 bytes)
%Program Files%\Common Files\SysAnti.exe (1703 bytes)
C:\Windows\System32\DriverStore\Temp\{64e28f61-4fd2-0c4d-bc44-540856657538}\SETAB4C.tmp (7 bytes)
C:\Windows\System32\DriverStore\Temp\{64e28f61-4fd2-0c4d-bc44-540856657538}\SETAB5C.tmp (4 bytes) - Restore the original content of the HOSTS file (%System%\drivers\etc\hosts): 127.0.0.1 localhost
- Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
No information is available.
No information is available.
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
CODE | 4096 | 4096 | 512 | 3.39105 | 1f4fb7d81227ebd0cb410783feb83a5f |
DATA | 8192 | 4096 | 512 | 0.273864 | 112ca019a106f4fe16f043f97b67e497 |
.idata | 12288 | 4096 | 512 | 2.71676 | 2e7dcee722f41a792183832ae33c3a81 |
.reloc | 16384 | 4096 | 512 | 0.620029 | 6d7aed319bec4769f502896c7af57209 |
.rsrc | 20480 | 1511424 | 1507840 | 5.5044 | 5fd5957c86a8a23d8486837c58dc71e0 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
URL | IP |
---|---|
teredo.ipv6.microsoft.com | 157.56.106.189 |
dns.msftncsi.com | 131.107.255.255 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
DATA0001.EXE_2936:
MZKERNEL32.DLL
MZKERNEL32.DLL
.Upack
.Upack
.rsrc
.rsrc
RCv=kAv.SCv
RCv=kAv.SCv
; File Name: CCTest.inf
; File Name: CCTest.inf
; Generated by C DriverWizard 3.2.0 (Build 2485)
; Generated by C DriverWizard 3.2.0 (Build 2485)
Signature="$WINDOWS NT$"
Signature="$WINDOWS NT$"
ClassGUID={D4A133FE-C9E5-4F11-A812-FED74DA86ED5}
ClassGUID={D4A133FE-C9E5-4F11-A812-FED74DA86ED5}
DriverVer=5/7/2010,1.00.0000
DriverVer=5/7/2010,1.00.0000
CatalogFile=CCTest.cat
CatalogFile=CCTest.cat
;reg-root,[subkey],[value-entry-name],[flags],[value]
;reg-root,[subkey],[value-entry-name],[flags],[value]
HKR,,,%REG_SZ%,ÞviceClassName%
HKR,,,%REG_SZ%,ÞviceClassName%
1 = %DiskId1%,,,""
1 = %DiskId1%,,,""
CCTest.sys = 1,,
CCTest.sys = 1,,
ÃŒTest_DeviceDesc$=CCTest_DDI, *CCTestDevice
ÃŒTest_DeviceDesc$=CCTest_DDI, *CCTestDevice
; --------- Windows 98 -----------------
; --------- Windows 98 -----------------
; cause problems in Windows 98
; cause problems in Windows 98
HKR,,NTMPDriver,,CCTest.sys
HKR,,NTMPDriver,,CCTest.sys
HKR,,Description,,ÃŒTest_DeviceDesc%
HKR,,Description,,ÃŒTest_DeviceDesc%
; --------- Windows NT -----------------
; --------- Windows NT -----------------
[CCTest_DDI.NT]
[CCTest_DDI.NT]
[CCTest_DDI.NT.Services]
[CCTest_DDI.NT.Services]
Addservice = CCTest, %FLG_ADDREG_NOCLOBBER%, CCTest_Service
Addservice = CCTest, %FLG_ADDREG_NOCLOBBER%, CCTest_Service
DisplayName = ÃŒTest_SvcDesc%
DisplayName = ÃŒTest_SvcDesc%
ServiceType = %SERVICE_KERNEL_DRIVER%
ServiceType = %SERVICE_KERNEL_DRIVER%
StartType = %SERVICE_DEMAND_START%
StartType = %SERVICE_DEMAND_START%
ErrorControl = %SERVICE_ERROR_NORMAL%
ErrorControl = %SERVICE_ERROR_NORMAL%
ServiceBinary = %\CCTest.sys
ServiceBinary = %\CCTest.sys
CCTest.sys,,,2
CCTest.sys,,,2
FLG_ADDREG_KEYONLY = 0x00000010
FLG_ADDREG_KEYONLY = 0x00000010
FLG_ADDREG_64BITKEY = 0x00001000
FLG_ADDREG_64BITKEY = 0x00001000
FLG_ADDREG_KEYONLY_COMMON = 0x00002000
FLG_ADDREG_KEYONLY_COMMON = 0x00002000
FLG_ADDREG_32BITKEY = 0x00004000
FLG_ADDREG_32BITKEY = 0x00004000
.text
.text
h.data
h.data
B.reloc
B.reloc
C:\9\CCTest\Driver\objfre\i386\CCTest.pdb
C:\9\CCTest\Driver\objfre\i386\CCTest.pdb
ntoskrnl.exe
ntoskrnl.exe
HAL.dll
HAL.dll
Zi{r $zrWhIsbxf^%dib h|YdBF\Wz\s}igJ &!E`dU"\'fsD^e%zDCWW|QQ
Zi{r $zrWhIsbxf^%dib h|YdBF\Wz\s}igJ &!E`dU"\'fsD^e%zDCWW|QQ
&$%$9"9&
&$%$9"9&
% 0vug}wKg`f}zsTPA 0w|ufK`fu}`gTPTg`pTTB 0uxx{wu`{fTPT&TTg`pTTEUQTLN
% 0vug}wKg`f}zsTPA 0w|ufK`fu}`gTPTg`pTTB 0uxx{wu`{fTPT&TTg`pTTEUQTLN
KWT % KZaxxg`fT 0vug}wKg`f}zsTPA 0w|ufK`fu}`gTPTg`pTTB 0uxx{wu`{fTPT&TTg`pTTWUDVPLNT PV
KWT % KZaxxg`fT 0vug}wKg`f}zsTPA 0w|ufK`fu}`gTPTg`pTTB 0uxx{wu`{fTPT&TTg`pTTWUDVPLNT PV
sq`x}zqTg`pTTMUUUB 0vug}wK}g`fquyTPA 0w|ufK`fu}`gTPTg`pTTT%TUUB&%TUUB 0vug}wKg`f}zsTPA 0w|ufK`fu}`gTPTg`pTTB 0uxx{wu`{fTPT&TT%TTN
sq`x}zqTg`pTTMUUUB 0vug}wK}g`fquyTPA 0w|ufK`fu}`gTPTg`pTTT%TUUB&%TUUB 0vug}wKg`f}zsTPA 0w|ufK`fu}`gTPTg`pTTB 0uxx{wu`{fTPT&TT%TTN
K@}pmT 0vug}wKg`f}zsTPA 0w|ufK`fu}`gTPTg`pTTB 0uxx{wu`{fTPT&TTg`pTTUUQLKZTN
K@}pmT 0vug}wKg`f}zsTPA 0w|ufK`fu}`gTPTg`pTTB 0uxx{wu`{fTPT&TTg`pTTUUQLKZTN
ugg}szT 0vug}wKg`f}zsTPA 0w|ufK`fu}`gTPTg`pTTB 0uxx{wu`{fTPT&TTg`pTTEUQUUB%&TDVP]TN
ugg}szT 0vug}wKg`f}zsTPA 0w|ufK`fu}`gTPTg`pTTB 0uxx{wu`{fTPT&TTg`pTTEUQUUB%&TDVP]TN
%4%0%
%4%0%
setupapi.dll
setupapi.dll
shell32.dll
shell32.dll
advapi32.dll
advapi32.dll
reg.exe
reg.exe
import
import
3120.reg
3120.reg
tmpacik.tmp
tmpacik.tmp
%scd%d.exe
%scd%d.exe
SSShh
SSShh
KERNEL32.DLL
KERNEL32.DLL
GetWindowsDirectoryA
GetWindowsDirectoryA
GetCPInfo
GetCPInfo
USER32.DLL
USER32.DLL
SETUPAPI.DLL
SETUPAPI.DLL
]%CSjv
]%CSjv
Windows NT\
Windows NT\
svchost.exe
svchost.exe
CCTest.sys
CCTest.sys
Windows Registry Editor Version 5.00
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local]
"ActivePolicy"="SOFTWARE\\Policies\\Microsoft\\Windows\\IPSec\\Policy\\Local\\ipsecPolicy{587716d4-83f7-4a02-97c2-6137d945e86a}"
"ActivePolicy"="SOFTWARE\\Policies\\Microsoft\\Windows\\IPSec\\Policy\\Local\\ipsecPolicy{587716d4-83f7-4a02-97c2-6137d945e86a}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{72385235-70fa-11d1-864c-14a300000000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{72385235-70fa-11d1-864c-14a300000000}]
"name"="ipsecFilter{72385235-70fa-11d1-864c-14a300000000}"
"name"="ipsecFilter{72385235-70fa-11d1-864c-14a300000000}"
"ipsecID"="{72385235-70fa-11d1-864c-14a300000000}"
"ipsecID"="{72385235-70fa-11d1-864c-14a300000000}"
00,00,00,00,00,00,00
00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}]
"name"="ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}"
"name"="ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}"
"ipsecID"="{7238523a-70fa-11d1-864c-14a300000000}"
"ipsecID"="{7238523a-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{f2fd0bda-3962-428d-9d06-34c2b19568bb}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{f2fd0bda-3962-428d-9d06-34c2b19568bb}]
"name"="ipsecFilter{f2fd0bda-3962-428d-9d06-34c2b19568bb}"
"name"="ipsecFilter{f2fd0bda-3962-428d-9d06-34c2b19568bb}"
"ipsecID"="{f2fd0bda-3962-428d-9d06-34c2b19568bb}"
"ipsecID"="{f2fd0bda-3962-428d-9d06-34c2b19568bb}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385234-70fa-11d1-864c-14a300000000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385234-70fa-11d1-864c-14a300000000}]
"name"="ipsecISAKMPPolicy{72385234-70fa-11d1-864c-14a300000000}"
"name"="ipsecISAKMPPolicy{72385234-70fa-11d1-864c-14a300000000}"
"ipsecID"="{72385234-70fa-11d1-864c-14a300000000}"
"ipsecID"="{72385234-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{c37d0b66-13e0-4bf0-a103-e09908ece1b7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{c37d0b66-13e0-4bf0-a103-e09908ece1b7}]
"name"="ipsecISAKMPPolicy{c37d0b66-13e0-4bf0-a103-e09908ece1b7}"
"name"="ipsecISAKMPPolicy{c37d0b66-13e0-4bf0-a103-e09908ece1b7}"
"ipsecID"="{c37d0b66-13e0-4bf0-a103-e09908ece1b7}"
"ipsecID"="{c37d0b66-13e0-4bf0-a103-e09908ece1b7}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{56093cf4-1dd4-4ed9-b0f8-e9f83f4ae82f}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{56093cf4-1dd4-4ed9-b0f8-e9f83f4ae82f}]
"name"="ipsecNegotiationPolicy{56093cf4-1dd4-4ed9-b0f8-e9f83f4ae82f}"
"name"="ipsecNegotiationPolicy{56093cf4-1dd4-4ed9-b0f8-e9f83f4ae82f}"
"ipsecID"="{56093cf4-1dd4-4ed9-b0f8-e9f83f4ae82f}"
"ipsecID"="{56093cf4-1dd4-4ed9-b0f8-e9f83f4ae82f}"
"ipsecNegotiationPolicyAction"="{3f91a819-7647-11d1-864d-d46a00000000}"
"ipsecNegotiationPolicyAction"="{3f91a819-7647-11d1-864d-d46a00000000}"
"ipsecNegotiationPolicyType"="{62f49e10-6c37-11d1-864c-14a300000000}"
"ipsecNegotiationPolicyType"="{62f49e10-6c37-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}]
"name"="ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}"
"name"="ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}"
"ipsecID"="{72385233-70fa-11d1-864c-14a300000000}"
"ipsecID"="{72385233-70fa-11d1-864c-14a300000000}"
"ipsecNegotiationPolicyAction"="{3f91a81a-7647-11d1-864d-d46a00000000}"
"ipsecNegotiationPolicyAction"="{3f91a81a-7647-11d1-864d-d46a00000000}"
00,00,00,00
00,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}]
"name"="ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}"
"name"="ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}"
"ipsecID"="{7238523b-70fa-11d1-864c-14a300000000}"
"ipsecID"="{7238523b-70fa-11d1-864c-14a300000000}"
"ipsecNegotiationPolicyAction"="{8a171dd2-77e3-11d1-8659-a04f00000000}"
"ipsecNegotiationPolicyAction"="{8a171dd2-77e3-11d1-8659-a04f00000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}]
"name"="ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}"
"name"="ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}"
"ipsecID"="{7238523f-70fa-11d1-864c-14a300000000}"
"ipsecID"="{7238523f-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{a664b054-eebd-4697-aee0-a38f35bc4eb8}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{a664b054-eebd-4697-aee0-a38f35bc4eb8}]
"name"="ipsecNegotiationPolicy{a664b054-eebd-4697-aee0-a38f35bc4eb8}"
"name"="ipsecNegotiationPolicy{a664b054-eebd-4697-aee0-a38f35bc4eb8}"
"ipsecID"="{a664b054-eebd-4697-aee0-a38f35bc4eb8}"
"ipsecID"="{a664b054-eebd-4697-aee0-a38f35bc4eb8}"
"ipsecNegotiationPolicyAction"="{8a171dd3-77e3-11d1-8659-a04f00000000}"
"ipsecNegotiationPolicyAction"="{8a171dd3-77e3-11d1-8659-a04f00000000}"
"ipsecNegotiationPolicyType"="{62f49e13-6c37-11d1-864c-14a300000000}"
"ipsecNegotiationPolicyType"="{62f49e13-6c37-11d1-864c-14a300000000}"
00,00,00,00,00,00,00,00,00
00,00,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{77d93b21-350c-4649-b8fd-3b5428af7b8d}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{77d93b21-350c-4649-b8fd-3b5428af7b8d}]
"name"="ipsecNFA{77d93b21-350c-4649-b8fd-3b5428af7b8d}"
"name"="ipsecNFA{77d93b21-350c-4649-b8fd-3b5428af7b8d}"
"ipsecID"="{77d93b21-350c-4649-b8fd-3b5428af7b8d}"
"ipsecID"="{77d93b21-350c-4649-b8fd-3b5428af7b8d}"
"ipsecNegotiationPolicyReference"="SOFTWARE\\Policies\\Microsoft\\Windows\\IPSec\\Policy\\Local\\ipsecNegotiationPolicy{56093cf4-1dd4-4ed9-b0f8-e9f83f4ae82f}"
"ipsecNegotiationPolicyReference"="SOFTWARE\\Policies\\Microsoft\\Windows\\IPSec\\Policy\\Local\\ipsecNegotiationPolicy{56093cf4-1dd4-4ed9-b0f8-e9f83f4ae82f}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{f6050147-987a-4592-8d14-e8aee7e77bd4}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{f6050147-987a-4592-8d14-e8aee7e77bd4}]
"name"="ipsecNFA{f6050147-987a-4592-8d14-e8aee7e77bd4}"
"name"="ipsecNFA{f6050147-987a-4592-8d14-e8aee7e77bd4}"
"ipsecID"="{f6050147-987a-4592-8d14-e8aee7e77bd4}"
"ipsecID"="{f6050147-987a-4592-8d14-e8aee7e77bd4}"
"ipsecNegotiationPolicyReference"="SOFTWARE\\Policies\\Microsoft\\Windows\\IPSec\\Policy\\Local\\ipsecNegotiationPolicy{a664b054-eebd-4697-aee0-a38f35bc4eb8}"
"ipsecNegotiationPolicyReference"="SOFTWARE\\Policies\\Microsoft\\Windows\\IPSec\\Policy\\Local\\ipsecNegotiationPolicy{a664b054-eebd-4697-aee0-a38f35bc4eb8}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{587716d4-83f7-4a02-97c2-6137d945e86a}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{587716d4-83f7-4a02-97c2-6137d945e86a}]
"name"="ipsecPolicy{587716d4-83f7-4a02-97c2-6137d945e86a}"
"name"="ipsecPolicy{587716d4-83f7-4a02-97c2-6137d945e86a}"
"ipsecID"="{587716d4-83f7-4a02-97c2-6137d945e86a}"
"ipsecID"="{587716d4-83f7-4a02-97c2-6137d945e86a}"
"ipsecISAKMPReference"="SOFTWARE\\Policies\\Microsoft\\Windows\\IPSec\\Policy\\Local\\ipsecISAKMPPolicy{c37d0b66-13e0-4bf0-a103-e09908ece1b7}"
"ipsecISAKMPReference"="SOFTWARE\\Policies\\Microsoft\\Windows\\IPSec\\Policy\\Local\\ipsecISAKMPPolicy{c37d0b66-13e0-4bf0-a103-e09908ece1b7}"
DATA0001.EXE_2936_rwx_00401000_00022000:
RCv=kAv.SCv
RCv=kAv.SCv
; File Name: CCTest.inf
; File Name: CCTest.inf
; Generated by C DriverWizard 3.2.0 (Build 2485)
; Generated by C DriverWizard 3.2.0 (Build 2485)
Signature="$WINDOWS NT$"
Signature="$WINDOWS NT$"
ClassGUID={D4A133FE-C9E5-4F11-A812-FED74DA86ED5}
ClassGUID={D4A133FE-C9E5-4F11-A812-FED74DA86ED5}
DriverVer=5/7/2010,1.00.0000
DriverVer=5/7/2010,1.00.0000
CatalogFile=CCTest.cat
CatalogFile=CCTest.cat
;reg-root,[subkey],[value-entry-name],[flags],[value]
;reg-root,[subkey],[value-entry-name],[flags],[value]
HKR,,,%REG_SZ%,ÞviceClassName%
HKR,,,%REG_SZ%,ÞviceClassName%
1 = %DiskId1%,,,""
1 = %DiskId1%,,,""
CCTest.sys = 1,,
CCTest.sys = 1,,
ÃŒTest_DeviceDesc$=CCTest_DDI, *CCTestDevice
ÃŒTest_DeviceDesc$=CCTest_DDI, *CCTestDevice
; --------- Windows 98 -----------------
; --------- Windows 98 -----------------
; cause problems in Windows 98
; cause problems in Windows 98
HKR,,NTMPDriver,,CCTest.sys
HKR,,NTMPDriver,,CCTest.sys
HKR,,Description,,ÃŒTest_DeviceDesc%
HKR,,Description,,ÃŒTest_DeviceDesc%
; --------- Windows NT -----------------
; --------- Windows NT -----------------
[CCTest_DDI.NT]
[CCTest_DDI.NT]
[CCTest_DDI.NT.Services]
[CCTest_DDI.NT.Services]
Addservice = CCTest, %FLG_ADDREG_NOCLOBBER%, CCTest_Service
Addservice = CCTest, %FLG_ADDREG_NOCLOBBER%, CCTest_Service
DisplayName = ÃŒTest_SvcDesc%
DisplayName = ÃŒTest_SvcDesc%
ServiceType = %SERVICE_KERNEL_DRIVER%
ServiceType = %SERVICE_KERNEL_DRIVER%
StartType = %SERVICE_DEMAND_START%
StartType = %SERVICE_DEMAND_START%
ErrorControl = %SERVICE_ERROR_NORMAL%
ErrorControl = %SERVICE_ERROR_NORMAL%
ServiceBinary = %\CCTest.sys
ServiceBinary = %\CCTest.sys
CCTest.sys,,,2
CCTest.sys,,,2
FLG_ADDREG_KEYONLY = 0x00000010
FLG_ADDREG_KEYONLY = 0x00000010
FLG_ADDREG_64BITKEY = 0x00001000
FLG_ADDREG_64BITKEY = 0x00001000
FLG_ADDREG_KEYONLY_COMMON = 0x00002000
FLG_ADDREG_KEYONLY_COMMON = 0x00002000
FLG_ADDREG_32BITKEY = 0x00004000
FLG_ADDREG_32BITKEY = 0x00004000
.text
.text
h.data
h.data
.rsrc
.rsrc
B.reloc
B.reloc
C:\9\CCTest\Driver\objfre\i386\CCTest.pdb
C:\9\CCTest\Driver\objfre\i386\CCTest.pdb
ntoskrnl.exe
ntoskrnl.exe
HAL.dll
HAL.dll
Zi{r $zrWhIsbxf^%dib h|YdBF\Wz\s}igJ &!E`dU"\'fsD^e%zDCWW|QQ
Zi{r $zrWhIsbxf^%dib h|YdBF\Wz\s}igJ &!E`dU"\'fsD^e%zDCWW|QQ
&$%$9"9&
&$%$9"9&
% 0vug}wKg`f}zsTPA 0w|ufK`fu}`gTPTg`pTTB 0uxx{wu`{fTPT&TTg`pTTEUQTLN
% 0vug}wKg`f}zsTPA 0w|ufK`fu}`gTPTg`pTTB 0uxx{wu`{fTPT&TTg`pTTEUQTLN
KWT % KZaxxg`fT 0vug}wKg`f}zsTPA 0w|ufK`fu}`gTPTg`pTTB 0uxx{wu`{fTPT&TTg`pTTWUDVPLNT PV
KWT % KZaxxg`fT 0vug}wKg`f}zsTPA 0w|ufK`fu}`gTPTg`pTTB 0uxx{wu`{fTPT&TTg`pTTWUDVPLNT PV
sq`x}zqTg`pTTMUUUB 0vug}wK}g`fquyTPA 0w|ufK`fu}`gTPTg`pTTT%TUUB&%TUUB 0vug}wKg`f}zsTPA 0w|ufK`fu}`gTPTg`pTTB 0uxx{wu`{fTPT&TT%TTN
sq`x}zqTg`pTTMUUUB 0vug}wK}g`fquyTPA 0w|ufK`fu}`gTPTg`pTTT%TUUB&%TUUB 0vug}wKg`f}zsTPA 0w|ufK`fu}`gTPTg`pTTB 0uxx{wu`{fTPT&TT%TTN
K@}pmT 0vug}wKg`f}zsTPA 0w|ufK`fu}`gTPTg`pTTB 0uxx{wu`{fTPT&TTg`pTTUUQLKZTN
K@}pmT 0vug}wKg`f}zsTPA 0w|ufK`fu}`gTPTg`pTTB 0uxx{wu`{fTPT&TTg`pTTUUQLKZTN
ugg}szT 0vug}wKg`f}zsTPA 0w|ufK`fu}`gTPTg`pTTB 0uxx{wu`{fTPT&TTg`pTTEUQUUB%&TDVP]TN
ugg}szT 0vug}wKg`f}zsTPA 0w|ufK`fu}`gTPTg`pTTB 0uxx{wu`{fTPT&TTg`pTTEUQUUB%&TDVP]TN
%4%0%
%4%0%
setupapi.dll
setupapi.dll
shell32.dll
shell32.dll
advapi32.dll
advapi32.dll
reg.exe
reg.exe
import
import
3120.reg
3120.reg
tmpacik.tmp
tmpacik.tmp
%scd%d.exe
%scd%d.exe
SSShh
SSShh
KERNEL32.DLL
KERNEL32.DLL
GetWindowsDirectoryA
GetWindowsDirectoryA
GetCPInfo
GetCPInfo
USER32.DLL
USER32.DLL
SETUPAPI.DLL
SETUPAPI.DLL
Windows NT\
Windows NT\
svchost.exe
svchost.exe
CCTest.sys
CCTest.sys
Windows Registry Editor Version 5.00
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local]
"ActivePolicy"="SOFTWARE\\Policies\\Microsoft\\Windows\\IPSec\\Policy\\Local\\ipsecPolicy{587716d4-83f7-4a02-97c2-6137d945e86a}"
"ActivePolicy"="SOFTWARE\\Policies\\Microsoft\\Windows\\IPSec\\Policy\\Local\\ipsecPolicy{587716d4-83f7-4a02-97c2-6137d945e86a}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{72385235-70fa-11d1-864c-14a300000000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{72385235-70fa-11d1-864c-14a300000000}]
"name"="ipsecFilter{72385235-70fa-11d1-864c-14a300000000}"
"name"="ipsecFilter{72385235-70fa-11d1-864c-14a300000000}"
"ipsecID"="{72385235-70fa-11d1-864c-14a300000000}"
"ipsecID"="{72385235-70fa-11d1-864c-14a300000000}"
00,00,00,00,00,00,00
00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}]
"name"="ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}"
"name"="ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}"
"ipsecID"="{7238523a-70fa-11d1-864c-14a300000000}"
"ipsecID"="{7238523a-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{f2fd0bda-3962-428d-9d06-34c2b19568bb}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{f2fd0bda-3962-428d-9d06-34c2b19568bb}]
"name"="ipsecFilter{f2fd0bda-3962-428d-9d06-34c2b19568bb}"
"name"="ipsecFilter{f2fd0bda-3962-428d-9d06-34c2b19568bb}"
"ipsecID"="{f2fd0bda-3962-428d-9d06-34c2b19568bb}"
"ipsecID"="{f2fd0bda-3962-428d-9d06-34c2b19568bb}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385234-70fa-11d1-864c-14a300000000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385234-70fa-11d1-864c-14a300000000}]
"name"="ipsecISAKMPPolicy{72385234-70fa-11d1-864c-14a300000000}"
"name"="ipsecISAKMPPolicy{72385234-70fa-11d1-864c-14a300000000}"
"ipsecID"="{72385234-70fa-11d1-864c-14a300000000}"
"ipsecID"="{72385234-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{c37d0b66-13e0-4bf0-a103-e09908ece1b7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{c37d0b66-13e0-4bf0-a103-e09908ece1b7}]
"name"="ipsecISAKMPPolicy{c37d0b66-13e0-4bf0-a103-e09908ece1b7}"
"name"="ipsecISAKMPPolicy{c37d0b66-13e0-4bf0-a103-e09908ece1b7}"
"ipsecID"="{c37d0b66-13e0-4bf0-a103-e09908ece1b7}"
"ipsecID"="{c37d0b66-13e0-4bf0-a103-e09908ece1b7}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{56093cf4-1dd4-4ed9-b0f8-e9f83f4ae82f}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{56093cf4-1dd4-4ed9-b0f8-e9f83f4ae82f}]
"name"="ipsecNegotiationPolicy{56093cf4-1dd4-4ed9-b0f8-e9f83f4ae82f}"
"name"="ipsecNegotiationPolicy{56093cf4-1dd4-4ed9-b0f8-e9f83f4ae82f}"
"ipsecID"="{56093cf4-1dd4-4ed9-b0f8-e9f83f4ae82f}"
"ipsecID"="{56093cf4-1dd4-4ed9-b0f8-e9f83f4ae82f}"
"ipsecNegotiationPolicyAction"="{3f91a819-7647-11d1-864d-d46a00000000}"
"ipsecNegotiationPolicyAction"="{3f91a819-7647-11d1-864d-d46a00000000}"
"ipsecNegotiationPolicyType"="{62f49e10-6c37-11d1-864c-14a300000000}"
"ipsecNegotiationPolicyType"="{62f49e10-6c37-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}]
"name"="ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}"
"name"="ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}"
"ipsecID"="{72385233-70fa-11d1-864c-14a300000000}"
"ipsecID"="{72385233-70fa-11d1-864c-14a300000000}"
"ipsecNegotiationPolicyAction"="{3f91a81a-7647-11d1-864d-d46a00000000}"
"ipsecNegotiationPolicyAction"="{3f91a81a-7647-11d1-864d-d46a00000000}"
00,00,00,00
00,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}]
"name"="ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}"
"name"="ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}"
"ipsecID"="{7238523b-70fa-11d1-864c-14a300000000}"
"ipsecID"="{7238523b-70fa-11d1-864c-14a300000000}"
"ipsecNegotiationPolicyAction"="{8a171dd2-77e3-11d1-8659-a04f00000000}"
"ipsecNegotiationPolicyAction"="{8a171dd2-77e3-11d1-8659-a04f00000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}]
"name"="ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}"
"name"="ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}"
"ipsecID"="{7238523f-70fa-11d1-864c-14a300000000}"
"ipsecID"="{7238523f-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{a664b054-eebd-4697-aee0-a38f35bc4eb8}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{a664b054-eebd-4697-aee0-a38f35bc4eb8}]
"name"="ipsecNegotiationPolicy{a664b054-eebd-4697-aee0-a38f35bc4eb8}"
"name"="ipsecNegotiationPolicy{a664b054-eebd-4697-aee0-a38f35bc4eb8}"
"ipsecID"="{a664b054-eebd-4697-aee0-a38f35bc4eb8}"
"ipsecID"="{a664b054-eebd-4697-aee0-a38f35bc4eb8}"
"ipsecNegotiationPolicyAction"="{8a171dd3-77e3-11d1-8659-a04f00000000}"
"ipsecNegotiationPolicyAction"="{8a171dd3-77e3-11d1-8659-a04f00000000}"
"ipsecNegotiationPolicyType"="{62f49e13-6c37-11d1-864c-14a300000000}"
"ipsecNegotiationPolicyType"="{62f49e13-6c37-11d1-864c-14a300000000}"
00,00,00,00,00,00,00,00,00
00,00,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{77d93b21-350c-4649-b8fd-3b5428af7b8d}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{77d93b21-350c-4649-b8fd-3b5428af7b8d}]
"name"="ipsecNFA{77d93b21-350c-4649-b8fd-3b5428af7b8d}"
"name"="ipsecNFA{77d93b21-350c-4649-b8fd-3b5428af7b8d}"
"ipsecID"="{77d93b21-350c-4649-b8fd-3b5428af7b8d}"
"ipsecID"="{77d93b21-350c-4649-b8fd-3b5428af7b8d}"
"ipsecNegotiationPolicyReference"="SOFTWARE\\Policies\\Microsoft\\Windows\\IPSec\\Policy\\Local\\ipsecNegotiationPolicy{56093cf4-1dd4-4ed9-b0f8-e9f83f4ae82f}"
"ipsecNegotiationPolicyReference"="SOFTWARE\\Policies\\Microsoft\\Windows\\IPSec\\Policy\\Local\\ipsecNegotiationPolicy{56093cf4-1dd4-4ed9-b0f8-e9f83f4ae82f}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{f6050147-987a-4592-8d14-e8aee7e77bd4}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{f6050147-987a-4592-8d14-e8aee7e77bd4}]
"name"="ipsecNFA{f6050147-987a-4592-8d14-e8aee7e77bd4}"
"name"="ipsecNFA{f6050147-987a-4592-8d14-e8aee7e77bd4}"
"ipsecID"="{f6050147-987a-4592-8d14-e8aee7e77bd4}"
"ipsecID"="{f6050147-987a-4592-8d14-e8aee7e77bd4}"
"ipsecNegotiationPolicyReference"="SOFTWARE\\Policies\\Microsoft\\Windows\\IPSec\\Policy\\Local\\ipsecNegotiationPolicy{a664b054-eebd-4697-aee0-a38f35bc4eb8}"
"ipsecNegotiationPolicyReference"="SOFTWARE\\Policies\\Microsoft\\Windows\\IPSec\\Policy\\Local\\ipsecNegotiationPolicy{a664b054-eebd-4697-aee0-a38f35bc4eb8}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{587716d4-83f7-4a02-97c2-6137d945e86a}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{587716d4-83f7-4a02-97c2-6137d945e86a}]
"name"="ipsecPolicy{587716d4-83f7-4a02-97c2-6137d945e86a}"
"name"="ipsecPolicy{587716d4-83f7-4a02-97c2-6137d945e86a}"
"ipsecID"="{587716d4-83f7-4a02-97c2-6137d945e86a}"
"ipsecID"="{587716d4-83f7-4a02-97c2-6137d945e86a}"
"ipsecISAKMPReference"="SOFTWARE\\Policies\\Microsoft\\Windows\\IPSec\\Policy\\Local\\ipsecISAKMPPolicy{c37d0b66-13e0-4bf0-a103-e09908ece1b7}"
"ipsecISAKMPReference"="SOFTWARE\\Policies\\Microsoft\\Windows\\IPSec\\Policy\\Local\\ipsecISAKMPPolicy{c37d0b66-13e0-4bf0-a103-e09908ece1b7}"
DATA0001.EXE_2936_rwx_0042B000_00008000:
]%CSjv
]%CSjv
DATA0003.EXE_2060:
!This program cannoc:\my.sys
!This program cannoc:\my.sys
.text
.text
`.rdata
`.rdata
.data
.data
.rsrc
.rsrc
@.nkh
@.nkh
MSVCRT
MSVCRT
PSAPI.DLL
PSAPI.DLL
GetWindowsDirectoryA
GetWindowsDirectoryA
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
ADVAPI32.dll
ADVAPI32.dll
\\.\PHYSICALDRIVE0
\\.\PHYSICALDRIVE0
~DFE0F5.tmp
~DFE0F5.tmp
[-]OpenSCManager Failed in LoadDriver %d
[-]OpenSCManager Failed in LoadDriver %d
c:\bios.bin
c:\bios.bin
%s %s /isa %s
%s %s /isa %s
%s %s /isa release
%s %s /isa release
cbrom.exe
cbrom.exe
\\.\Bios
\\.\Bios
explorer.exe
explorer.exe
svchost.exe
svchost.exe
services.exe
services.exe
\flash.dll
\flash.dll
\\.\MyDeviceDriver
\\.\MyDeviceDriver
\drivers\beep.sys
\drivers\beep.sys
beep.sys
beep.sys
RSTray.exe
RSTray.exe
\drivers\bios.sys
\drivers\bios.sys
hook.rom
hook.rom
User32.DLL
User32.DLL
c:\my.sys
c:\my.sys
L%xSl
L%xSl
PvtS%D
PvtS%D
S.HHu"$J
S.HHu"$J
}b~%c
}b~%c
?.GMA
?.GMA
Kernel32.dll
Kernel32.dll
RegOpenKeyExA
RegOpenKeyExA
RegCloseKey
RegCloseKey
Software\Microsoft\Windows\CurrentVersion\Explorer
Software\Microsoft\Windows\CurrentVersion\Explorer
DATA0003.EXE_2060_rwx_001D1000_00071000:
UDPSockError
UDPSockError
NMUDP
NMUDP
Errmsg
Errmsg
Port
Port
TNMUDP
TNMUDP
RemotePort
RemotePort
LocalPort
LocalPort
ReportLevelLk
ReportLevelLk
0.0.0.0
0.0.0.0
%d.%d.%d.%d
%d.%d.%d.%d
AutoHotkeys
AutoHotkeys
:].tJ
:].tJ
EInvalidGraphicOperation,0
EInvalidGraphicOperation,0
EInvalidGraphicOperation
EInvalidGraphicOperation
KeyPreview,
KeyPreview,
WindowState
WindowState
OnKeyDown
OnKeyDown
OnKeyPressdz
OnKeyPressdz
OnKeyUp
OnKeyUp
ssHotTrack
ssHotTrack
TWindowState
TWindowState
poProportional
poProportional
TWMKey
TWMKey
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
vcltest3.dll
vcltest3.dll
TDragOperation
TDragOperation
TKeyEvent
TKeyEvent
TKeyPressEvent
TKeyPressEvent
crSQLWait
crSQLWait
%s (%s)
%s (%s)
IMM32.DLL
IMM32.DLL
EInvalidOperation
EInvalidOperation
%s[%d]
%s[%d]
%s_%d
%s_%d
USER32.DLL
USER32.DLL
comctl32.dll
comctl32.dll
MSWHEEL_ROLLMSG
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
MSH_SCROLL_LINES_MSG
kernel32.dll
kernel32.dll
Portions Copyright (c) 1983,99 Borland
Portions Copyright (c) 1983,99 Borland
explorer.exe
explorer.exe
Software\Microsoft\Windows\CurrentVersion\Explorer
Software\Microsoft\Windows\CurrentVersion\Explorer
*.TMP
*.TMP
Kernel32.dll
Kernel32.dll
ADVAPI32.dll
ADVAPI32.dll
RegOpenKeyExA
RegOpenKeyExA
RegCloseKey
RegCloseKey
readbook.exe
readbook.exe
rundll32.exe
rundll32.exe
*.exe
*.exe
*.scr
*.scr
UdpT
UdpT
UdpOnDataReceived
UdpOnDataReceived
xxtype.cpp
xxtype.cpp
derv->tpClass.tpcFlags & CF_HAS_BASES
derv->tpClass.tpcFlags & CF_HAS_BASES
Inappropriate I/O control operation
Inappropriate I/O control operation
Broken pipe
Broken pipe
Operation not permitted
Operation not permitted
%H:%M:%S
%H:%M:%S
%m/%d/%y
%m/%d/%y
%A, %B %d, %Y
%A, %B %d, %Y
d/d/d d:d:d.d
d/d/d d:d:d.d
An exception (X) occurred during DllEntryPoint or DllMain in module:
An exception (X) occurred during DllEntryPoint or DllMain in module:
xx.cpp
xx.cpp
varType->tpClass.tpcFlags & CF_HAS_DTOR
varType->tpClass.tpcFlags & CF_HAS_DTOR
varType->tpClass.tpcDtorAddr
varType->tpClass.tpcDtorAddr
(errPtr->ERRcInitDtc >= varType->tpClass.tpcDtorCount) || flags
(errPtr->ERRcInitDtc >= varType->tpClass.tpcDtorCount) || flags
memType->tpClass.tpcFlags & CF_HAS_DTOR
memType->tpClass.tpcFlags & CF_HAS_DTOR
varType->tpArr.tpaElemType->tpClass.tpcFlags & CF_HAS_DTOR
varType->tpArr.tpaElemType->tpClass.tpcFlags & CF_HAS_DTOR
dttPtr->dttType->tpPtr.tppBaseType->tpClass.tpcFlags & CF_HAS_DTOR
dttPtr->dttType->tpPtr.tppBaseType->tpClass.tpcFlags & CF_HAS_DTOR
IS_CLASS(dttPtr->dttType->tpMask) && (dttPtr->dttType->tpClass.tpcFlags & CF_HAS_DTOR)
IS_CLASS(dttPtr->dttType->tpMask) && (dttPtr->dttType->tpClass.tpcFlags & CF_HAS_DTOR)
elemType->tpClass.tpcFlags & CF_HAS_DTOR
elemType->tpClass.tpcFlags & CF_HAS_DTOR
Cv.SCv
Cv.SCv
Bv}.Bv
Bv}.Bv
ReportLevel
ReportLevel
GetCPInfo
GetCPInfo
GetProcessHeap
GetProcessHeap
GetWindowsDirectoryA
GetWindowsDirectoryA
RegCreateKeyExA
RegCreateKeyExA
RegFlushKey
RegFlushKey
SetViewportOrgEx
SetViewportOrgEx
ActivateKeyboardLayout
ActivateKeyboardLayout
EnumThreadWindows
EnumThreadWindows
EnumWindows
EnumWindows
GetKeyNameTextA
GetKeyNameTextA
GetKeyState
GetKeyState
GetKeyboardLayout
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutList
GetKeyboardState
GetKeyboardState
GetKeyboardType
GetKeyboardType
LoadKeyboardLayoutA
LoadKeyboardLayoutA
MapVirtualKeyA
MapVirtualKeyA
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
SetWindowsHookExA
SetWindowsHookExA
UnhookWindowsHookEx
UnhookWindowsHookEx
VprK|%Ud
VprK|%Ud
€00404
€00404
8 @ @ @ @ @
8 @ @ @ @ @
.text
.text
`.data
`.data
.idata
.idata
@.edata
@.edata
@.rsrc
@.rsrc
@.reloc
@.reloc
70"!(&&$
70"!(&&$
External exception %x
External exception %x
Interface not supported
Interface not supported
%s (%s, line %d)
%s (%s, line %d)
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
Win32 Error. Code: %d.
Win32 Error. Code: %d.
Invalid pointer operation
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Invalid class typecast0Access violation at address %p. %s of address %p
Operation aborted%Exception %s in module %s at %p.
Operation aborted%Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
Application Error1Format '%s' invalid or incompatible with argument
No argument for format '%s'
No argument for format '%s'
Invalid variant operation"Variant method calls not supported
Invalid variant operation"Variant method calls not supported
I/O error %d
I/O error %d
Integer overflow Invalid floating point operation
Integer overflow Invalid floating point operation
Invalid data type for '%s'
Invalid data type for '%s'
Failed to set data for '%s'
Failed to set data for '%s'
Failed to get data for '%s'/Menu '%s' is already being used by another form*Windows socket error: %s (%d), on API '%s'
Failed to get data for '%s'/Menu '%s' is already being used by another form*Windows socket error: %s (%d), on API '%s'
Asynchronous socket error %d
Asynchronous socket error %d
- Dock zone has no control%List does not allow duplicates ($0%x)!'%s' is not a valid integer value
- Dock zone has no control%List does not allow duplicates ($0%x)!'%s' is not a valid integer value
Alt Clipboard does not support Icons
Alt Clipboard does not support Icons
!Control '%s' has no parent window
!Control '%s' has no parent window
Error reading %s%s%s: %s
Error reading %s%s%s: %s
Ancestor for '%s' not found
Ancestor for '%s' not found
Unsupported clipboard format
Unsupported clipboard format
Class %s not found
Class %s not found
Resource %s not found
Resource %s not found
List index out of bounds (%d) List capacity out of bounds (%d)
List index out of bounds (%d) List capacity out of bounds (%d)
List count out of bounds (%d) Operation not allowed on sorted string list%String list does not allow duplicates#A component named %s already exists$''%s'' is not a valid component name
List count out of bounds (%d) Operation not allowed on sorted string list%String list does not allow duplicates#A component named %s already exists$''%s'' is not a valid component name
A class named %s already exists
A class named %s already exists
Cannot assign a %s to a %s
Cannot assign a %s to a %s
Cannot create file %s
Cannot create file %s
Cannot open file %s
Cannot open file %s
DATA0003.EXE_2060_rwx_00403000_00002000:
MSVCRT
MSVCRT
PSAPI.DLL
PSAPI.DLL
GetWindowsDirectoryA
GetWindowsDirectoryA
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
ADVAPI32.dll
ADVAPI32.dll
\\.\PHYSICALDRIVE0
\\.\PHYSICALDRIVE0
~DFE0F5.tmp
~DFE0F5.tmp
[-]OpenSCManager Failed in LoadDriver %d
[-]OpenSCManager Failed in LoadDriver %d
c:\bios.bin
c:\bios.bin
%s %s /isa %s
%s %s /isa %s
%s %s /isa release
%s %s /isa release
cbrom.exe
cbrom.exe
\\.\Bios
\\.\Bios
explorer.exe
explorer.exe
svchost.exe
svchost.exe
services.exe
services.exe
\flash.dll
\flash.dll
\\.\MyDeviceDriver
\\.\MyDeviceDriver
\drivers\beep.sys
\drivers\beep.sys
beep.sys
beep.sys
RSTray.exe
RSTray.exe
\drivers\bios.sys
\drivers\bios.sys
hook.rom
hook.rom
User32.DLL
User32.DLL
c:\my.sys
c:\my.sys
DATA0003.EXE_2060_rwx_00422000_00001000:
Kernel32.dll
Kernel32.dll
ADVAPI32.dll
ADVAPI32.dll
RegOpenKeyExA
RegOpenKeyExA
RegCloseKey
RegCloseKey
Software\Microsoft\Windows\CurrentVersion\Explorer
Software\Microsoft\Windows\CurrentVersion\Explorer
Svchost.exe_2920:
.idata
.idata
.rdata
.rdata
P.reloc
P.reloc
P.rsrc
P.rsrc
P.xur
P.xur
Portions Copyright (c) 1999,2003 Avenger by NhT
Portions Copyright (c) 1999,2003 Avenger by NhT
kernel32.dll
kernel32.dll
hXXp://
hXXp://
HTTP/1.0
HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
Windows 95
Windows 95
Windows 95 OSR 2
Windows 95 OSR 2
Windows 98
Windows 98
Windows 98 Second Edition
Windows 98 Second Edition
Windows Millenium
Windows Millenium
Windows NT
Windows NT
Windows NT 3.5
Windows NT 3.5
Windows NT 4.0
Windows NT 4.0
Windows 2000
Windows 2000
Windows XP
Windows XP
Windows XP Service Pack 2
Windows XP Service Pack 2
Windows XP x64
Windows XP x64
Windows Server 2003
Windows Server 2003
Windows Vista
Windows Vista
Windows Server Longhorn
Windows Server Longhorn
rpcrt4.dll
rpcrt4.dll
ntdll.dll
ntdll.dll
Kernel32.dll
Kernel32.dll
Unit_GetWebSV
Unit_GetWebSV
wininet.dll
wininet.dll
InternetOpenUrlA
InternetOpenUrlA
HttpQueryInfoA
HttpQueryInfoA
HttpOpenRequestA
HttpOpenRequestA
HttpSendRequestA
HttpSendRequestA
ShellExecuteA
ShellExecuteA
Shell32.dll
Shell32.dll
360hotfix.exe;360rpt.exe;360Safe.exe;360safebox.exe;360tray.exe;adam.exe;AgentSvr.exe;AntiArp.exe;AppSvc32.exe;arvmon.exe;AutoGuarder.exe;autoruns.exe;avgrssvc.exe;AvMonitor.exe;avp.com;avp.exe;CCenter.exe;ccSvcHst.exe;FileDsty.exe;findt2005.exe;FTCleanerShell.exe;HijackThis.exe;IceSword.exe;iparmo.exe;Iparmor.exe;IsHelp.exe;isPwdSvc.exe;kabaload.exe;KaScrScn.SCR;KASMain.exe;KASTask.exe;KAV32.exe;KAVDX.exe;KAVPFW.exe;KAVSetup.exe;KAVStart.exe;killhidepid.exe;KISLnchr.exe;KMailMon.exe;KMFilter.exe;KPFW32.exe;KPFW32X.exe;KPFWSvc.exe;KRepair.COM;KsLoader.exe;KVCenter.kxp;KvDetect.exe;kvfw.exe;KvfwMcl.exe;KVMonXP.kxp;KVMonXP_1.kxp;kvol.exe;kvolself.exe;KvReport.kxp;KVScan.kxp;KVSrvXP.exe;KVStub.kxp;kvupload.exe;kvwsc.exe;KvXP.kxp;KvXP_1.kxp;KWatch.exe;KWatch9x.exe;KWatchX.exe;loaddll.exe;MagicSet.exe;mcconsol.exe;mmqczj.exe;mmsk.exe;NAVSetup.exe;nod32krn.exe;nod32kui.exe;PFW.exe;PFWLiveUpdate.exe;QHSET.exe;Ras.exe;Rav.exe;RavCopy.exe;RavMon.exe;RavMonD.exe;RavStore.exe;RavStub.exe;ravt08.exe;RavTask.exe;RegClean.exe;RegEx.exe;rfwcfg.exe;RfwMain.exe;rfwolusr.exe;rfwProxy.exe;rfwsrv.exe;RsAgent.exe;Rsaupd.exe;RsMain.exe;rsnetsvr.exe;RSTray.exe;runiep.exe;safebank.exe;safeboxTray.exe;safelive.exe;scan32.exe;ScanFrm.exe;shcfg32.exe;smartassistant.exe;SmartUp.exe;SREng.exe;SREngPS.exe;symlcsvc.exe;syscheck.exe;Syscheck2.exe;SysSafe.exe;ToolsUp.exe;TrojanDetector.exe;Trojanwall.exe;TrojDie.kxp;UIHost.exe;UmxAgent.exe;UmxAttachment.exe;UmxCfg.exe;UmxFwHlp.exe;UmxPol.exe;UpLive.exe;WoptiClean.exe;zxsweep.exe;LiveUpdate360.exe;
360hotfix.exe;360rpt.exe;360Safe.exe;360safebox.exe;360tray.exe;adam.exe;AgentSvr.exe;AntiArp.exe;AppSvc32.exe;arvmon.exe;AutoGuarder.exe;autoruns.exe;avgrssvc.exe;AvMonitor.exe;avp.com;avp.exe;CCenter.exe;ccSvcHst.exe;FileDsty.exe;findt2005.exe;FTCleanerShell.exe;HijackThis.exe;IceSword.exe;iparmo.exe;Iparmor.exe;IsHelp.exe;isPwdSvc.exe;kabaload.exe;KaScrScn.SCR;KASMain.exe;KASTask.exe;KAV32.exe;KAVDX.exe;KAVPFW.exe;KAVSetup.exe;KAVStart.exe;killhidepid.exe;KISLnchr.exe;KMailMon.exe;KMFilter.exe;KPFW32.exe;KPFW32X.exe;KPFWSvc.exe;KRepair.COM;KsLoader.exe;KVCenter.kxp;KvDetect.exe;kvfw.exe;KvfwMcl.exe;KVMonXP.kxp;KVMonXP_1.kxp;kvol.exe;kvolself.exe;KvReport.kxp;KVScan.kxp;KVSrvXP.exe;KVStub.kxp;kvupload.exe;kvwsc.exe;KvXP.kxp;KvXP_1.kxp;KWatch.exe;KWatch9x.exe;KWatchX.exe;loaddll.exe;MagicSet.exe;mcconsol.exe;mmqczj.exe;mmsk.exe;NAVSetup.exe;nod32krn.exe;nod32kui.exe;PFW.exe;PFWLiveUpdate.exe;QHSET.exe;Ras.exe;Rav.exe;RavCopy.exe;RavMon.exe;RavMonD.exe;RavStore.exe;RavStub.exe;ravt08.exe;RavTask.exe;RegClean.exe;RegEx.exe;rfwcfg.exe;RfwMain.exe;rfwolusr.exe;rfwProxy.exe;rfwsrv.exe;RsAgent.exe;Rsaupd.exe;RsMain.exe;rsnetsvr.exe;RSTray.exe;runiep.exe;safebank.exe;safeboxTray.exe;safelive.exe;scan32.exe;ScanFrm.exe;shcfg32.exe;smartassistant.exe;SmartUp.exe;SREng.exe;SREngPS.exe;symlcsvc.exe;syscheck.exe;Syscheck2.exe;SysSafe.exe;ToolsUp.exe;TrojanDetector.exe;Trojanwall.exe;TrojDie.kxp;UIHost.exe;UmxAgent.exe;UmxAttachment.exe;UmxCfg.exe;UmxFwHlp.exe;UmxPol.exe;UpLive.exe;WoptiClean.exe;zxsweep.exe;LiveUpdate360.exe;
AutoRun.inf
AutoRun.inf
Open=%s
Open=%s
Shell\Open\Command=%s
Shell\Open\Command=%s
Shell\Explore\Command=%s
Shell\Explore\Command=%s
Sfc.dll
Sfc.dll
VVV.360.cn
VVV.360.cn
VVV.360safe.cn
VVV.360safe.cn
VVV.360safe.com
VVV.360safe.com
VVV.chinakv.com
VVV.chinakv.com
VVV.rising.com.cn
VVV.rising.com.cn
rising.com.cn
rising.com.cn
dl.jiangmin.com
dl.jiangmin.com
jiangmin.com
jiangmin.com
VVV.jiangmin.com
VVV.jiangmin.com
VVV.duba.net
VVV.duba.net
VVV.eset.com.cn
VVV.eset.com.cn
VVV.nod32.com
VVV.nod32.com
shadu.duba.net
shadu.duba.net
union.kingsoft.com
union.kingsoft.com
VVV.kaspersky.com.cn
VVV.kaspersky.com.cn
kaspersky.com.cn
kaspersky.com.cn
virustotal.com
virustotal.com
virscan.org
virscan.org
VVV.virscan.org
VVV.virscan.org
VVV.kaspersky.com
VVV.kaspersky.com
VVV.cnnod32.cn
VVV.cnnod32.cn
VVV.lanniao.org
VVV.lanniao.org
VVV.nod32club.com
VVV.nod32club.com
VVV.dswlab.com
VVV.dswlab.com
bbs.sucop.com
bbs.sucop.com
VVV.virustotal.com
VVV.virustotal.com
tool.ikaka.com
tool.ikaka.com
360.qihoo.com
360.qihoo.com
VVV.kafan.cn
VVV.kafan.cn
bbs.kafan.cn
bbs.kafan.cn
127.0.0.1
127.0.0.1
d-d-d d:d:d
d-d-d d:d:d
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
&Key=
&Key=
cmd /c erase /F "
cmd /c erase /F "
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
"!"""&"""
"!"""&"""
",#)#%("8""
",#)#%("8""
?""$
?""$
22222222
22222222
930 2|222
930 2|222
2222222
2222222
.Rr23D#X2X2X2Z
.Rr23D#X2X2X2Z
.Rr22F»`fX0X2Z
.Rr22F»`fX0X2Z
.Rr23D5ba
.Rr23D5ba
.Rr23D/b`c
.Rr23D/b`c
.Rr23D `fX3X2Z
.Rr23D `fX3X2Z
.Rr23D"fX0X2Z
.Rr23D"fX0X2Z
.Rr22E
.Rr22E
.Rr22E'b
.Rr22E'b
.Rr22E=
.Rr22E=
( (((,(((
( (((,(((
%)(@(.)(
%)(@(.)(
(()()(-(
(()()(-(
(8((8(((2
(8((8(((2
22222222222222
22222222222222
22322232223222
22322232223222
22220222
22220222
2222=2223
2222=2223
GetProcessHeap
GetProcessHeap
user32.dll
user32.dll
oleaut32.dll
oleaut32.dll
advapi32.dll
advapi32.dll
RegOpenKeyExA
RegOpenKeyExA
RegCreateKeyA
RegCreateKeyA
RegCloseKey
RegCloseKey
WinExec
WinExec
GetWindowsDirectoryA
GetWindowsDirectoryA
t!==9sff!
t!==9sff!
KWindows
KWindows
LUnit_GetWeb
LUnit_GetWeb
Unit_NsPass
Unit_NsPass
ADVAPI32.dll
ADVAPI32.dll
Software\Microsoft\Windows\CurrentVersion\Explorer
Software\Microsoft\Windows\CurrentVersion\Explorer
Svchost.exe_2920_rwx_000E1000_00071000:
UDPSockError
UDPSockError
NMUDP
NMUDP
Errmsg
Errmsg
Port
Port
TNMUDP
TNMUDP
RemotePort
RemotePort
LocalPort
LocalPort
ReportLevelLk
ReportLevelLk
0.0.0.0
0.0.0.0
%d.%d.%d.%d
%d.%d.%d.%d
AutoHotkeys
AutoHotkeys
:].tJ
:].tJ
EInvalidGraphicOperation,0
EInvalidGraphicOperation,0
EInvalidGraphicOperation
EInvalidGraphicOperation
KeyPreview,
KeyPreview,
WindowState
WindowState
OnKeyDown
OnKeyDown
OnKeyPressdz
OnKeyPressdz
OnKeyUp
OnKeyUp
ssHotTrack
ssHotTrack
TWindowState
TWindowState
poProportional
poProportional
TWMKey
TWMKey
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
vcltest3.dll
vcltest3.dll
TDragOperation
TDragOperation
TKeyEvent
TKeyEvent
TKeyPressEvent
TKeyPressEvent
crSQLWait
crSQLWait
%s (%s)
%s (%s)
IMM32.DLL
IMM32.DLL
EInvalidOperation
EInvalidOperation
%s[%d]
%s[%d]
%s_%d
%s_%d
USER32.DLL
USER32.DLL
comctl32.dll
comctl32.dll
MSWHEEL_ROLLMSG
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
MSH_SCROLL_LINES_MSG
kernel32.dll
kernel32.dll
Portions Copyright (c) 1983,99 Borland
Portions Copyright (c) 1983,99 Borland
explorer.exe
explorer.exe
Software\Microsoft\Windows\CurrentVersion\Explorer
Software\Microsoft\Windows\CurrentVersion\Explorer
*.TMP
*.TMP
Kernel32.dll
Kernel32.dll
ADVAPI32.dll
ADVAPI32.dll
RegOpenKeyExA
RegOpenKeyExA
RegCloseKey
RegCloseKey
readbook.exe
readbook.exe
rundll32.exe
rundll32.exe
*.exe
*.exe
*.scr
*.scr
UdpT
UdpT
UdpOnDataReceived
UdpOnDataReceived
xxtype.cpp
xxtype.cpp
derv->tpClass.tpcFlags & CF_HAS_BASES
derv->tpClass.tpcFlags & CF_HAS_BASES
Inappropriate I/O control operation
Inappropriate I/O control operation
Broken pipe
Broken pipe
Operation not permitted
Operation not permitted
%H:%M:%S
%H:%M:%S
%m/%d/%y
%m/%d/%y
%A, %B %d, %Y
%A, %B %d, %Y
d/d/d d:d:d.d
d/d/d d:d:d.d
An exception (X) occurred during DllEntryPoint or DllMain in module:
An exception (X) occurred during DllEntryPoint or DllMain in module:
xx.cpp
xx.cpp
varType->tpClass.tpcFlags & CF_HAS_DTOR
varType->tpClass.tpcFlags & CF_HAS_DTOR
varType->tpClass.tpcDtorAddr
varType->tpClass.tpcDtorAddr
(errPtr->ERRcInitDtc >= varType->tpClass.tpcDtorCount) || flags
(errPtr->ERRcInitDtc >= varType->tpClass.tpcDtorCount) || flags
memType->tpClass.tpcFlags & CF_HAS_DTOR
memType->tpClass.tpcFlags & CF_HAS_DTOR
varType->tpArr.tpaElemType->tpClass.tpcFlags & CF_HAS_DTOR
varType->tpArr.tpaElemType->tpClass.tpcFlags & CF_HAS_DTOR
dttPtr->dttType->tpPtr.tppBaseType->tpClass.tpcFlags & CF_HAS_DTOR
dttPtr->dttType->tpPtr.tppBaseType->tpClass.tpcFlags & CF_HAS_DTOR
IS_CLASS(dttPtr->dttType->tpMask) && (dttPtr->dttType->tpClass.tpcFlags & CF_HAS_DTOR)
IS_CLASS(dttPtr->dttType->tpMask) && (dttPtr->dttType->tpClass.tpcFlags & CF_HAS_DTOR)
elemType->tpClass.tpcFlags & CF_HAS_DTOR
elemType->tpClass.tpcFlags & CF_HAS_DTOR
Cv.SCv
Cv.SCv
Bv}.Bv
Bv}.Bv
ReportLevel
ReportLevel
GetCPInfo
GetCPInfo
GetProcessHeap
GetProcessHeap
GetWindowsDirectoryA
GetWindowsDirectoryA
RegCreateKeyExA
RegCreateKeyExA
RegFlushKey
RegFlushKey
SetViewportOrgEx
SetViewportOrgEx
ActivateKeyboardLayout
ActivateKeyboardLayout
EnumThreadWindows
EnumThreadWindows
EnumWindows
EnumWindows
GetKeyNameTextA
GetKeyNameTextA
GetKeyState
GetKeyState
GetKeyboardLayout
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutList
GetKeyboardState
GetKeyboardState
GetKeyboardType
GetKeyboardType
LoadKeyboardLayoutA
LoadKeyboardLayoutA
MapVirtualKeyA
MapVirtualKeyA
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
SetWindowsHookExA
SetWindowsHookExA
UnhookWindowsHookEx
UnhookWindowsHookEx
VprK|%Ud
VprK|%Ud
€00404
€00404
8 @ @ @ @ @
8 @ @ @ @ @
.text
.text
`.data
`.data
.idata
.idata
@.edata
@.edata
@.rsrc
@.rsrc
@.reloc
@.reloc
70"!(&&$
70"!(&&$
External exception %x
External exception %x
Interface not supported
Interface not supported
%s (%s, line %d)
%s (%s, line %d)
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
Win32 Error. Code: %d.
Win32 Error. Code: %d.
Invalid pointer operation
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Invalid class typecast0Access violation at address %p. %s of address %p
Operation aborted%Exception %s in module %s at %p.
Operation aborted%Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
Application Error1Format '%s' invalid or incompatible with argument
No argument for format '%s'
No argument for format '%s'
Invalid variant operation"Variant method calls not supported
Invalid variant operation"Variant method calls not supported
I/O error %d
I/O error %d
Integer overflow Invalid floating point operation
Integer overflow Invalid floating point operation
Invalid data type for '%s'
Invalid data type for '%s'
Failed to set data for '%s'
Failed to set data for '%s'
Failed to get data for '%s'/Menu '%s' is already being used by another form*Windows socket error: %s (%d), on API '%s'
Failed to get data for '%s'/Menu '%s' is already being used by another form*Windows socket error: %s (%d), on API '%s'
Asynchronous socket error %d
Asynchronous socket error %d
- Dock zone has no control%List does not allow duplicates ($0%x)!'%s' is not a valid integer value
- Dock zone has no control%List does not allow duplicates ($0%x)!'%s' is not a valid integer value
Alt Clipboard does not support Icons
Alt Clipboard does not support Icons
!Control '%s' has no parent window
!Control '%s' has no parent window
Error reading %s%s%s: %s
Error reading %s%s%s: %s
Ancestor for '%s' not found
Ancestor for '%s' not found
Unsupported clipboard format
Unsupported clipboard format
Class %s not found
Class %s not found
Resource %s not found
Resource %s not found
List index out of bounds (%d) List capacity out of bounds (%d)
List index out of bounds (%d) List capacity out of bounds (%d)
List count out of bounds (%d) Operation not allowed on sorted string list%String list does not allow duplicates#A component named %s already exists$''%s'' is not a valid component name
List count out of bounds (%d) Operation not allowed on sorted string list%String list does not allow duplicates#A component named %s already exists$''%s'' is not a valid component name
A class named %s already exists
A class named %s already exists
Cannot assign a %s to a %s
Cannot assign a %s to a %s
Cannot create file %s
Cannot create file %s
Cannot open file %s
Cannot open file %s
Svchost.exe_2920_rwx_00400000_0001F000:
.idata
.idata
.rdata
.rdata
P.reloc
P.reloc
P.rsrc
P.rsrc
P.xur
P.xur
Portions Copyright (c) 1999,2003 Avenger by NhT
Portions Copyright (c) 1999,2003 Avenger by NhT
kernel32.dll
kernel32.dll
hXXp://
hXXp://
HTTP/1.0
HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
Windows 95
Windows 95
Windows 95 OSR 2
Windows 95 OSR 2
Windows 98
Windows 98
Windows 98 Second Edition
Windows 98 Second Edition
Windows Millenium
Windows Millenium
Windows NT
Windows NT
Windows NT 3.5
Windows NT 3.5
Windows NT 4.0
Windows NT 4.0
Windows 2000
Windows 2000
Windows XP
Windows XP
Windows XP Service Pack 2
Windows XP Service Pack 2
Windows XP x64
Windows XP x64
Windows Server 2003
Windows Server 2003
Windows Vista
Windows Vista
Windows Server Longhorn
Windows Server Longhorn
rpcrt4.dll
rpcrt4.dll
ntdll.dll
ntdll.dll
Kernel32.dll
Kernel32.dll
Unit_GetWebSV
Unit_GetWebSV
wininet.dll
wininet.dll
InternetOpenUrlA
InternetOpenUrlA
HttpQueryInfoA
HttpQueryInfoA
HttpOpenRequestA
HttpOpenRequestA
HttpSendRequestA
HttpSendRequestA
ShellExecuteA
ShellExecuteA
Shell32.dll
Shell32.dll
360hotfix.exe;360rpt.exe;360Safe.exe;360safebox.exe;360tray.exe;adam.exe;AgentSvr.exe;AntiArp.exe;AppSvc32.exe;arvmon.exe;AutoGuarder.exe;autoruns.exe;avgrssvc.exe;AvMonitor.exe;avp.com;avp.exe;CCenter.exe;ccSvcHst.exe;FileDsty.exe;findt2005.exe;FTCleanerShell.exe;HijackThis.exe;IceSword.exe;iparmo.exe;Iparmor.exe;IsHelp.exe;isPwdSvc.exe;kabaload.exe;KaScrScn.SCR;KASMain.exe;KASTask.exe;KAV32.exe;KAVDX.exe;KAVPFW.exe;KAVSetup.exe;KAVStart.exe;killhidepid.exe;KISLnchr.exe;KMailMon.exe;KMFilter.exe;KPFW32.exe;KPFW32X.exe;KPFWSvc.exe;KRepair.COM;KsLoader.exe;KVCenter.kxp;KvDetect.exe;kvfw.exe;KvfwMcl.exe;KVMonXP.kxp;KVMonXP_1.kxp;kvol.exe;kvolself.exe;KvReport.kxp;KVScan.kxp;KVSrvXP.exe;KVStub.kxp;kvupload.exe;kvwsc.exe;KvXP.kxp;KvXP_1.kxp;KWatch.exe;KWatch9x.exe;KWatchX.exe;loaddll.exe;MagicSet.exe;mcconsol.exe;mmqczj.exe;mmsk.exe;NAVSetup.exe;nod32krn.exe;nod32kui.exe;PFW.exe;PFWLiveUpdate.exe;QHSET.exe;Ras.exe;Rav.exe;RavCopy.exe;RavMon.exe;RavMonD.exe;RavStore.exe;RavStub.exe;ravt08.exe;RavTask.exe;RegClean.exe;RegEx.exe;rfwcfg.exe;RfwMain.exe;rfwolusr.exe;rfwProxy.exe;rfwsrv.exe;RsAgent.exe;Rsaupd.exe;RsMain.exe;rsnetsvr.exe;RSTray.exe;runiep.exe;safebank.exe;safeboxTray.exe;safelive.exe;scan32.exe;ScanFrm.exe;shcfg32.exe;smartassistant.exe;SmartUp.exe;SREng.exe;SREngPS.exe;symlcsvc.exe;syscheck.exe;Syscheck2.exe;SysSafe.exe;ToolsUp.exe;TrojanDetector.exe;Trojanwall.exe;TrojDie.kxp;UIHost.exe;UmxAgent.exe;UmxAttachment.exe;UmxCfg.exe;UmxFwHlp.exe;UmxPol.exe;UpLive.exe;WoptiClean.exe;zxsweep.exe;LiveUpdate360.exe;
360hotfix.exe;360rpt.exe;360Safe.exe;360safebox.exe;360tray.exe;adam.exe;AgentSvr.exe;AntiArp.exe;AppSvc32.exe;arvmon.exe;AutoGuarder.exe;autoruns.exe;avgrssvc.exe;AvMonitor.exe;avp.com;avp.exe;CCenter.exe;ccSvcHst.exe;FileDsty.exe;findt2005.exe;FTCleanerShell.exe;HijackThis.exe;IceSword.exe;iparmo.exe;Iparmor.exe;IsHelp.exe;isPwdSvc.exe;kabaload.exe;KaScrScn.SCR;KASMain.exe;KASTask.exe;KAV32.exe;KAVDX.exe;KAVPFW.exe;KAVSetup.exe;KAVStart.exe;killhidepid.exe;KISLnchr.exe;KMailMon.exe;KMFilter.exe;KPFW32.exe;KPFW32X.exe;KPFWSvc.exe;KRepair.COM;KsLoader.exe;KVCenter.kxp;KvDetect.exe;kvfw.exe;KvfwMcl.exe;KVMonXP.kxp;KVMonXP_1.kxp;kvol.exe;kvolself.exe;KvReport.kxp;KVScan.kxp;KVSrvXP.exe;KVStub.kxp;kvupload.exe;kvwsc.exe;KvXP.kxp;KvXP_1.kxp;KWatch.exe;KWatch9x.exe;KWatchX.exe;loaddll.exe;MagicSet.exe;mcconsol.exe;mmqczj.exe;mmsk.exe;NAVSetup.exe;nod32krn.exe;nod32kui.exe;PFW.exe;PFWLiveUpdate.exe;QHSET.exe;Ras.exe;Rav.exe;RavCopy.exe;RavMon.exe;RavMonD.exe;RavStore.exe;RavStub.exe;ravt08.exe;RavTask.exe;RegClean.exe;RegEx.exe;rfwcfg.exe;RfwMain.exe;rfwolusr.exe;rfwProxy.exe;rfwsrv.exe;RsAgent.exe;Rsaupd.exe;RsMain.exe;rsnetsvr.exe;RSTray.exe;runiep.exe;safebank.exe;safeboxTray.exe;safelive.exe;scan32.exe;ScanFrm.exe;shcfg32.exe;smartassistant.exe;SmartUp.exe;SREng.exe;SREngPS.exe;symlcsvc.exe;syscheck.exe;Syscheck2.exe;SysSafe.exe;ToolsUp.exe;TrojanDetector.exe;Trojanwall.exe;TrojDie.kxp;UIHost.exe;UmxAgent.exe;UmxAttachment.exe;UmxCfg.exe;UmxFwHlp.exe;UmxPol.exe;UpLive.exe;WoptiClean.exe;zxsweep.exe;LiveUpdate360.exe;
AutoRun.inf
AutoRun.inf
Open=%s
Open=%s
Shell\Open\Command=%s
Shell\Open\Command=%s
Shell\Explore\Command=%s
Shell\Explore\Command=%s
Sfc.dll
Sfc.dll
VVV.360.cn
VVV.360.cn
VVV.360safe.cn
VVV.360safe.cn
VVV.360safe.com
VVV.360safe.com
VVV.chinakv.com
VVV.chinakv.com
VVV.rising.com.cn
VVV.rising.com.cn
rising.com.cn
rising.com.cn
dl.jiangmin.com
dl.jiangmin.com
jiangmin.com
jiangmin.com
VVV.jiangmin.com
VVV.jiangmin.com
VVV.duba.net
VVV.duba.net
VVV.eset.com.cn
VVV.eset.com.cn
VVV.nod32.com
VVV.nod32.com
shadu.duba.net
shadu.duba.net
union.kingsoft.com
union.kingsoft.com
VVV.kaspersky.com.cn
VVV.kaspersky.com.cn
kaspersky.com.cn
kaspersky.com.cn
virustotal.com
virustotal.com
virscan.org
virscan.org
VVV.virscan.org
VVV.virscan.org
VVV.kaspersky.com
VVV.kaspersky.com
VVV.cnnod32.cn
VVV.cnnod32.cn
VVV.lanniao.org
VVV.lanniao.org
VVV.nod32club.com
VVV.nod32club.com
VVV.dswlab.com
VVV.dswlab.com
bbs.sucop.com
bbs.sucop.com
VVV.virustotal.com
VVV.virustotal.com
tool.ikaka.com
tool.ikaka.com
360.qihoo.com
360.qihoo.com
VVV.kafan.cn
VVV.kafan.cn
bbs.kafan.cn
bbs.kafan.cn
127.0.0.1
127.0.0.1
d-d-d d:d:d
d-d-d d:d:d
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
&Key=
&Key=
cmd /c erase /F "
cmd /c erase /F "
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
"!"""&"""
"!"""&"""
",#)#%("8""
",#)#%("8""
?""$
?""$
22222222
22222222
930 2|222
930 2|222
2222222
2222222
.Rr23D#X2X2X2Z
.Rr23D#X2X2X2Z
.Rr22F»`fX0X2Z
.Rr22F»`fX0X2Z
.Rr23D5ba
.Rr23D5ba
.Rr23D/b`c
.Rr23D/b`c
.Rr23D `fX3X2Z
.Rr23D `fX3X2Z
.Rr23D"fX0X2Z
.Rr23D"fX0X2Z
.Rr22E
.Rr22E
.Rr22E'b
.Rr22E'b
.Rr22E=
.Rr22E=
( (((,(((
( (((,(((
%)(@(.)(
%)(@(.)(
(()()(-(
(()()(-(
(8((8(((2
(8((8(((2
22222222222222
22222222222222
22322232223222
22322232223222
22220222
22220222
2222=2223
2222=2223
GetProcessHeap
GetProcessHeap
user32.dll
user32.dll
oleaut32.dll
oleaut32.dll
advapi32.dll
advapi32.dll
RegOpenKeyExA
RegOpenKeyExA
RegCreateKeyA
RegCreateKeyA
RegCloseKey
RegCloseKey
WinExec
WinExec
GetWindowsDirectoryA
GetWindowsDirectoryA
t!==9sff!
t!==9sff!
KWindows
KWindows
LUnit_GetWeb
LUnit_GetWeb
Unit_NsPass
Unit_NsPass
ADVAPI32.dll
ADVAPI32.dll
Software\Microsoft\Windows\CurrentVersion\Explorer
Software\Microsoft\Windows\CurrentVersion\Explorer
IEXPLORE.EXE_2064:
.idata
.idata
.rdata
.rdata
P.reloc
P.reloc
P.rsrc
P.rsrc
P.xur
P.xur
Portions Copyright (c) 1999,2003 Avenger by NhT
Portions Copyright (c) 1999,2003 Avenger by NhT
kernel32.dll
kernel32.dll
hXXp://
hXXp://
HTTP/1.0
HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
Windows 95
Windows 95
Windows 95 OSR 2
Windows 95 OSR 2
Windows 98
Windows 98
Windows 98 Second Edition
Windows 98 Second Edition
Windows Millenium
Windows Millenium
Windows NT
Windows NT
Windows NT 3.5
Windows NT 3.5
Windows NT 4.0
Windows NT 4.0
Windows 2000
Windows 2000
Windows XP
Windows XP
Windows XP Service Pack 2
Windows XP Service Pack 2
Windows XP x64
Windows XP x64
Windows Server 2003
Windows Server 2003
Windows Vista
Windows Vista
Windows Server Longhorn
Windows Server Longhorn
rpcrt4.dll
rpcrt4.dll
ntdll.dll
ntdll.dll
Kernel32.dll
Kernel32.dll
Unit_GetWebSV
Unit_GetWebSV
wininet.dll
wininet.dll
InternetOpenUrlA
InternetOpenUrlA
HttpQueryInfoA
HttpQueryInfoA
HttpOpenRequestA
HttpOpenRequestA
HttpSendRequestA
HttpSendRequestA
ShellExecuteA
ShellExecuteA
Shell32.dll
Shell32.dll
360hotfix.exe;360rpt.exe;360Safe.exe;360safebox.exe;360tray.exe;adam.exe;AgentSvr.exe;AntiArp.exe;AppSvc32.exe;arvmon.exe;AutoGuarder.exe;autoruns.exe;avgrssvc.exe;AvMonitor.exe;avp.com;avp.exe;CCenter.exe;ccSvcHst.exe;FileDsty.exe;findt2005.exe;FTCleanerShell.exe;HijackThis.exe;IceSword.exe;iparmo.exe;Iparmor.exe;IsHelp.exe;isPwdSvc.exe;kabaload.exe;KaScrScn.SCR;KASMain.exe;KASTask.exe;KAV32.exe;KAVDX.exe;KAVPFW.exe;KAVSetup.exe;KAVStart.exe;killhidepid.exe;KISLnchr.exe;KMailMon.exe;KMFilter.exe;KPFW32.exe;KPFW32X.exe;KPFWSvc.exe;KRepair.COM;KsLoader.exe;KVCenter.kxp;KvDetect.exe;kvfw.exe;KvfwMcl.exe;KVMonXP.kxp;KVMonXP_1.kxp;kvol.exe;kvolself.exe;KvReport.kxp;KVScan.kxp;KVSrvXP.exe;KVStub.kxp;kvupload.exe;kvwsc.exe;KvXP.kxp;KvXP_1.kxp;KWatch.exe;KWatch9x.exe;KWatchX.exe;loaddll.exe;MagicSet.exe;mcconsol.exe;mmqczj.exe;mmsk.exe;NAVSetup.exe;nod32krn.exe;nod32kui.exe;PFW.exe;PFWLiveUpdate.exe;QHSET.exe;Ras.exe;Rav.exe;RavCopy.exe;RavMon.exe;RavMonD.exe;RavStore.exe;RavStub.exe;ravt08.exe;RavTask.exe;RegClean.exe;RegEx.exe;rfwcfg.exe;RfwMain.exe;rfwolusr.exe;rfwProxy.exe;rfwsrv.exe;RsAgent.exe;Rsaupd.exe;RsMain.exe;rsnetsvr.exe;RSTray.exe;runiep.exe;safebank.exe;safeboxTray.exe;safelive.exe;scan32.exe;ScanFrm.exe;shcfg32.exe;smartassistant.exe;SmartUp.exe;SREng.exe;SREngPS.exe;symlcsvc.exe;syscheck.exe;Syscheck2.exe;SysSafe.exe;ToolsUp.exe;TrojanDetector.exe;Trojanwall.exe;TrojDie.kxp;UIHost.exe;UmxAgent.exe;UmxAttachment.exe;UmxCfg.exe;UmxFwHlp.exe;UmxPol.exe;UpLive.exe;WoptiClean.exe;zxsweep.exe;LiveUpdate360.exe;
360hotfix.exe;360rpt.exe;360Safe.exe;360safebox.exe;360tray.exe;adam.exe;AgentSvr.exe;AntiArp.exe;AppSvc32.exe;arvmon.exe;AutoGuarder.exe;autoruns.exe;avgrssvc.exe;AvMonitor.exe;avp.com;avp.exe;CCenter.exe;ccSvcHst.exe;FileDsty.exe;findt2005.exe;FTCleanerShell.exe;HijackThis.exe;IceSword.exe;iparmo.exe;Iparmor.exe;IsHelp.exe;isPwdSvc.exe;kabaload.exe;KaScrScn.SCR;KASMain.exe;KASTask.exe;KAV32.exe;KAVDX.exe;KAVPFW.exe;KAVSetup.exe;KAVStart.exe;killhidepid.exe;KISLnchr.exe;KMailMon.exe;KMFilter.exe;KPFW32.exe;KPFW32X.exe;KPFWSvc.exe;KRepair.COM;KsLoader.exe;KVCenter.kxp;KvDetect.exe;kvfw.exe;KvfwMcl.exe;KVMonXP.kxp;KVMonXP_1.kxp;kvol.exe;kvolself.exe;KvReport.kxp;KVScan.kxp;KVSrvXP.exe;KVStub.kxp;kvupload.exe;kvwsc.exe;KvXP.kxp;KvXP_1.kxp;KWatch.exe;KWatch9x.exe;KWatchX.exe;loaddll.exe;MagicSet.exe;mcconsol.exe;mmqczj.exe;mmsk.exe;NAVSetup.exe;nod32krn.exe;nod32kui.exe;PFW.exe;PFWLiveUpdate.exe;QHSET.exe;Ras.exe;Rav.exe;RavCopy.exe;RavMon.exe;RavMonD.exe;RavStore.exe;RavStub.exe;ravt08.exe;RavTask.exe;RegClean.exe;RegEx.exe;rfwcfg.exe;RfwMain.exe;rfwolusr.exe;rfwProxy.exe;rfwsrv.exe;RsAgent.exe;Rsaupd.exe;RsMain.exe;rsnetsvr.exe;RSTray.exe;runiep.exe;safebank.exe;safeboxTray.exe;safelive.exe;scan32.exe;ScanFrm.exe;shcfg32.exe;smartassistant.exe;SmartUp.exe;SREng.exe;SREngPS.exe;symlcsvc.exe;syscheck.exe;Syscheck2.exe;SysSafe.exe;ToolsUp.exe;TrojanDetector.exe;Trojanwall.exe;TrojDie.kxp;UIHost.exe;UmxAgent.exe;UmxAttachment.exe;UmxCfg.exe;UmxFwHlp.exe;UmxPol.exe;UpLive.exe;WoptiClean.exe;zxsweep.exe;LiveUpdate360.exe;
AutoRun.inf
AutoRun.inf
Open=%s
Open=%s
Shell\Open\Command=%s
Shell\Open\Command=%s
Shell\Explore\Command=%s
Shell\Explore\Command=%s
Sfc.dll
Sfc.dll
VVV.360.cn
VVV.360.cn
VVV.360safe.cn
VVV.360safe.cn
VVV.360safe.com
VVV.360safe.com
VVV.chinakv.com
VVV.chinakv.com
VVV.rising.com.cn
VVV.rising.com.cn
rising.com.cn
rising.com.cn
dl.jiangmin.com
dl.jiangmin.com
jiangmin.com
jiangmin.com
VVV.jiangmin.com
VVV.jiangmin.com
VVV.duba.net
VVV.duba.net
VVV.eset.com.cn
VVV.eset.com.cn
VVV.nod32.com
VVV.nod32.com
shadu.duba.net
shadu.duba.net
union.kingsoft.com
union.kingsoft.com
VVV.kaspersky.com.cn
VVV.kaspersky.com.cn
kaspersky.com.cn
kaspersky.com.cn
virustotal.com
virustotal.com
virscan.org
virscan.org
VVV.virscan.org
VVV.virscan.org
VVV.kaspersky.com
VVV.kaspersky.com
VVV.cnnod32.cn
VVV.cnnod32.cn
VVV.lanniao.org
VVV.lanniao.org
VVV.nod32club.com
VVV.nod32club.com
VVV.dswlab.com
VVV.dswlab.com
bbs.sucop.com
bbs.sucop.com
VVV.virustotal.com
VVV.virustotal.com
tool.ikaka.com
tool.ikaka.com
360.qihoo.com
360.qihoo.com
VVV.kafan.cn
VVV.kafan.cn
bbs.kafan.cn
bbs.kafan.cn
127.0.0.1
127.0.0.1
d-d-d d:d:d
d-d-d d:d:d
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
&Key=
&Key=
cmd /c erase /F "
cmd /c erase /F "
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
"!"""&"""
"!"""&"""
",#)#%("8""
",#)#%("8""
?""$
?""$
22222222
22222222
930 2|222
930 2|222
2222222
2222222
.Rr23D#X2X2X2Z
.Rr23D#X2X2X2Z
.Rr22F»`fX0X2Z
.Rr22F»`fX0X2Z
.Rr23D5ba
.Rr23D5ba
.Rr23D/b`c
.Rr23D/b`c
.Rr23D `fX3X2Z
.Rr23D `fX3X2Z
.Rr23D"fX0X2Z
.Rr23D"fX0X2Z
.Rr22E
.Rr22E
.Rr22E'b
.Rr22E'b
.Rr22E=
.Rr22E=
( (((,(((
( (((,(((
%)(@(.)(
%)(@(.)(
(()()(-(
(()()(-(
(8((8(((2
(8((8(((2
22222222222222
22222222222222
22322232223222
22322232223222
22220222
22220222
2222=2223
2222=2223
GetProcessHeap
GetProcessHeap
user32.dll
user32.dll
oleaut32.dll
oleaut32.dll
advapi32.dll
advapi32.dll
RegOpenKeyExA
RegOpenKeyExA
RegCreateKeyA
RegCreateKeyA
RegCloseKey
RegCloseKey
WinExec
WinExec
GetWindowsDirectoryA
GetWindowsDirectoryA
t!==9sff!
t!==9sff!
KWindows
KWindows
LUnit_GetWeb
LUnit_GetWeb
Unit_NsPass
Unit_NsPass
ADVAPI32.dll
ADVAPI32.dll
Software\Microsoft\Windows\CurrentVersion\Explorer
Software\Microsoft\Windows\CurrentVersion\Explorer
IEXPLORE.EXE_2064_rwx_00400000_0001F000:
.idata
.idata
.rdata
.rdata
P.reloc
P.reloc
P.rsrc
P.rsrc
P.xur
P.xur
Portions Copyright (c) 1999,2003 Avenger by NhT
Portions Copyright (c) 1999,2003 Avenger by NhT
kernel32.dll
kernel32.dll
hXXp://
hXXp://
HTTP/1.0
HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
Windows 95
Windows 95
Windows 95 OSR 2
Windows 95 OSR 2
Windows 98
Windows 98
Windows 98 Second Edition
Windows 98 Second Edition
Windows Millenium
Windows Millenium
Windows NT
Windows NT
Windows NT 3.5
Windows NT 3.5
Windows NT 4.0
Windows NT 4.0
Windows 2000
Windows 2000
Windows XP
Windows XP
Windows XP Service Pack 2
Windows XP Service Pack 2
Windows XP x64
Windows XP x64
Windows Server 2003
Windows Server 2003
Windows Vista
Windows Vista
Windows Server Longhorn
Windows Server Longhorn
rpcrt4.dll
rpcrt4.dll
ntdll.dll
ntdll.dll
Kernel32.dll
Kernel32.dll
Unit_GetWebSV
Unit_GetWebSV
wininet.dll
wininet.dll
InternetOpenUrlA
InternetOpenUrlA
HttpQueryInfoA
HttpQueryInfoA
HttpOpenRequestA
HttpOpenRequestA
HttpSendRequestA
HttpSendRequestA
ShellExecuteA
ShellExecuteA
Shell32.dll
Shell32.dll
360hotfix.exe;360rpt.exe;360Safe.exe;360safebox.exe;360tray.exe;adam.exe;AgentSvr.exe;AntiArp.exe;AppSvc32.exe;arvmon.exe;AutoGuarder.exe;autoruns.exe;avgrssvc.exe;AvMonitor.exe;avp.com;avp.exe;CCenter.exe;ccSvcHst.exe;FileDsty.exe;findt2005.exe;FTCleanerShell.exe;HijackThis.exe;IceSword.exe;iparmo.exe;Iparmor.exe;IsHelp.exe;isPwdSvc.exe;kabaload.exe;KaScrScn.SCR;KASMain.exe;KASTask.exe;KAV32.exe;KAVDX.exe;KAVPFW.exe;KAVSetup.exe;KAVStart.exe;killhidepid.exe;KISLnchr.exe;KMailMon.exe;KMFilter.exe;KPFW32.exe;KPFW32X.exe;KPFWSvc.exe;KRepair.COM;KsLoader.exe;KVCenter.kxp;KvDetect.exe;kvfw.exe;KvfwMcl.exe;KVMonXP.kxp;KVMonXP_1.kxp;kvol.exe;kvolself.exe;KvReport.kxp;KVScan.kxp;KVSrvXP.exe;KVStub.kxp;kvupload.exe;kvwsc.exe;KvXP.kxp;KvXP_1.kxp;KWatch.exe;KWatch9x.exe;KWatchX.exe;loaddll.exe;MagicSet.exe;mcconsol.exe;mmqczj.exe;mmsk.exe;NAVSetup.exe;nod32krn.exe;nod32kui.exe;PFW.exe;PFWLiveUpdate.exe;QHSET.exe;Ras.exe;Rav.exe;RavCopy.exe;RavMon.exe;RavMonD.exe;RavStore.exe;RavStub.exe;ravt08.exe;RavTask.exe;RegClean.exe;RegEx.exe;rfwcfg.exe;RfwMain.exe;rfwolusr.exe;rfwProxy.exe;rfwsrv.exe;RsAgent.exe;Rsaupd.exe;RsMain.exe;rsnetsvr.exe;RSTray.exe;runiep.exe;safebank.exe;safeboxTray.exe;safelive.exe;scan32.exe;ScanFrm.exe;shcfg32.exe;smartassistant.exe;SmartUp.exe;SREng.exe;SREngPS.exe;symlcsvc.exe;syscheck.exe;Syscheck2.exe;SysSafe.exe;ToolsUp.exe;TrojanDetector.exe;Trojanwall.exe;TrojDie.kxp;UIHost.exe;UmxAgent.exe;UmxAttachment.exe;UmxCfg.exe;UmxFwHlp.exe;UmxPol.exe;UpLive.exe;WoptiClean.exe;zxsweep.exe;LiveUpdate360.exe;
360hotfix.exe;360rpt.exe;360Safe.exe;360safebox.exe;360tray.exe;adam.exe;AgentSvr.exe;AntiArp.exe;AppSvc32.exe;arvmon.exe;AutoGuarder.exe;autoruns.exe;avgrssvc.exe;AvMonitor.exe;avp.com;avp.exe;CCenter.exe;ccSvcHst.exe;FileDsty.exe;findt2005.exe;FTCleanerShell.exe;HijackThis.exe;IceSword.exe;iparmo.exe;Iparmor.exe;IsHelp.exe;isPwdSvc.exe;kabaload.exe;KaScrScn.SCR;KASMain.exe;KASTask.exe;KAV32.exe;KAVDX.exe;KAVPFW.exe;KAVSetup.exe;KAVStart.exe;killhidepid.exe;KISLnchr.exe;KMailMon.exe;KMFilter.exe;KPFW32.exe;KPFW32X.exe;KPFWSvc.exe;KRepair.COM;KsLoader.exe;KVCenter.kxp;KvDetect.exe;kvfw.exe;KvfwMcl.exe;KVMonXP.kxp;KVMonXP_1.kxp;kvol.exe;kvolself.exe;KvReport.kxp;KVScan.kxp;KVSrvXP.exe;KVStub.kxp;kvupload.exe;kvwsc.exe;KvXP.kxp;KvXP_1.kxp;KWatch.exe;KWatch9x.exe;KWatchX.exe;loaddll.exe;MagicSet.exe;mcconsol.exe;mmqczj.exe;mmsk.exe;NAVSetup.exe;nod32krn.exe;nod32kui.exe;PFW.exe;PFWLiveUpdate.exe;QHSET.exe;Ras.exe;Rav.exe;RavCopy.exe;RavMon.exe;RavMonD.exe;RavStore.exe;RavStub.exe;ravt08.exe;RavTask.exe;RegClean.exe;RegEx.exe;rfwcfg.exe;RfwMain.exe;rfwolusr.exe;rfwProxy.exe;rfwsrv.exe;RsAgent.exe;Rsaupd.exe;RsMain.exe;rsnetsvr.exe;RSTray.exe;runiep.exe;safebank.exe;safeboxTray.exe;safelive.exe;scan32.exe;ScanFrm.exe;shcfg32.exe;smartassistant.exe;SmartUp.exe;SREng.exe;SREngPS.exe;symlcsvc.exe;syscheck.exe;Syscheck2.exe;SysSafe.exe;ToolsUp.exe;TrojanDetector.exe;Trojanwall.exe;TrojDie.kxp;UIHost.exe;UmxAgent.exe;UmxAttachment.exe;UmxCfg.exe;UmxFwHlp.exe;UmxPol.exe;UpLive.exe;WoptiClean.exe;zxsweep.exe;LiveUpdate360.exe;
AutoRun.inf
AutoRun.inf
Open=%s
Open=%s
Shell\Open\Command=%s
Shell\Open\Command=%s
Shell\Explore\Command=%s
Shell\Explore\Command=%s
Sfc.dll
Sfc.dll
VVV.360.cn
VVV.360.cn
VVV.360safe.cn
VVV.360safe.cn
VVV.360safe.com
VVV.360safe.com
VVV.chinakv.com
VVV.chinakv.com
VVV.rising.com.cn
VVV.rising.com.cn
rising.com.cn
rising.com.cn
dl.jiangmin.com
dl.jiangmin.com
jiangmin.com
jiangmin.com
VVV.jiangmin.com
VVV.jiangmin.com
VVV.duba.net
VVV.duba.net
VVV.eset.com.cn
VVV.eset.com.cn
VVV.nod32.com
VVV.nod32.com
shadu.duba.net
shadu.duba.net
union.kingsoft.com
union.kingsoft.com
VVV.kaspersky.com.cn
VVV.kaspersky.com.cn
kaspersky.com.cn
kaspersky.com.cn
virustotal.com
virustotal.com
virscan.org
virscan.org
VVV.virscan.org
VVV.virscan.org
VVV.kaspersky.com
VVV.kaspersky.com
VVV.cnnod32.cn
VVV.cnnod32.cn
VVV.lanniao.org
VVV.lanniao.org
VVV.nod32club.com
VVV.nod32club.com
VVV.dswlab.com
VVV.dswlab.com
bbs.sucop.com
bbs.sucop.com
VVV.virustotal.com
VVV.virustotal.com
tool.ikaka.com
tool.ikaka.com
360.qihoo.com
360.qihoo.com
VVV.kafan.cn
VVV.kafan.cn
bbs.kafan.cn
bbs.kafan.cn
127.0.0.1
127.0.0.1
d-d-d d:d:d
d-d-d d:d:d
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
&Key=
&Key=
cmd /c erase /F "
cmd /c erase /F "
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
"!"""&"""
"!"""&"""
",#)#%("8""
",#)#%("8""
?""$
?""$
22222222
22222222
930 2|222
930 2|222
2222222
2222222
.Rr23D#X2X2X2Z
.Rr23D#X2X2X2Z
.Rr22F»`fX0X2Z
.Rr22F»`fX0X2Z
.Rr23D5ba
.Rr23D5ba
.Rr23D/b`c
.Rr23D/b`c
.Rr23D `fX3X2Z
.Rr23D `fX3X2Z
.Rr23D"fX0X2Z
.Rr23D"fX0X2Z
.Rr22E
.Rr22E
.Rr22E'b
.Rr22E'b
.Rr22E=
.Rr22E=
( (((,(((
( (((,(((
%)(@(.)(
%)(@(.)(
(()()(-(
(()()(-(
(8((8(((2
(8((8(((2
22222222222222
22222222222222
22322232223222
22322232223222
22220222
22220222
2222=2223
2222=2223
GetProcessHeap
GetProcessHeap
user32.dll
user32.dll
oleaut32.dll
oleaut32.dll
advapi32.dll
advapi32.dll
RegOpenKeyExA
RegOpenKeyExA
RegCreateKeyA
RegCreateKeyA
RegCloseKey
RegCloseKey
WinExec
WinExec
GetWindowsDirectoryA
GetWindowsDirectoryA
t!==9sff!
t!==9sff!
KWindows
KWindows
LUnit_GetWeb
LUnit_GetWeb
Unit_NsPass
Unit_NsPass
ADVAPI32.dll
ADVAPI32.dll
Software\Microsoft\Windows\CurrentVersion\Explorer
Software\Microsoft\Windows\CurrentVersion\Explorer
IEXPLORE.EXE_2064_rwx_00421000_00071000:
UDPSockError
UDPSockError
NMUDP
NMUDP
Errmsg
Errmsg
Port
Port
TNMUDP
TNMUDP
RemotePort
RemotePort
LocalPort
LocalPort
ReportLevelLkB
ReportLevelLkB
0.0.0.0
0.0.0.0
%d.%d.%d.%d
%d.%d.%d.%d
AutoHotkeys
AutoHotkeys
:].tJ
:].tJ
EInvalidGraphicOperation,0C
EInvalidGraphicOperation,0C
EInvalidGraphicOperation
EInvalidGraphicOperation
KeyPreview,
KeyPreview,
WindowState
WindowState
OnKeyDown
OnKeyDown
OnKeyPressdzD
OnKeyPressdzD
OnKeyUp
OnKeyUp
ssHotTrack
ssHotTrack
TWindowState
TWindowState
poProportional
poProportional
TWMKey
TWMKey
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
vcltest3.dll
vcltest3.dll
TDragOperation
TDragOperation
TKeyEvent
TKeyEvent
TKeyPressEvent
TKeyPressEvent
crSQLWait
crSQLWait
%s (%s)
%s (%s)
IMM32.DLL
IMM32.DLL
EInvalidOperation
EInvalidOperation
%s[%d]
%s[%d]
%s_%d
%s_%d
USER32.DLL
USER32.DLL
comctl32.dll
comctl32.dll
MSWHEEL_ROLLMSG
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
MSH_SCROLL_LINES_MSG
kernel32.dll
kernel32.dll
Portions Copyright (c) 1983,99 Borland
Portions Copyright (c) 1983,99 Borland
explorer.exe
explorer.exe
Software\Microsoft\Windows\CurrentVersion\Explorer
Software\Microsoft\Windows\CurrentVersion\Explorer
*.TMP
*.TMP
Kernel32.dll
Kernel32.dll
ADVAPI32.dll
ADVAPI32.dll
RegOpenKeyExA
RegOpenKeyExA
RegCloseKey
RegCloseKey
readbook.exe
readbook.exe
rundll32.exe
rundll32.exe
*.exe
*.exe
*.scr
*.scr
UdpT
UdpT
UdpOnDataReceived
UdpOnDataReceived
xxtype.cpp
xxtype.cpp
derv->tpClass.tpcFlags & CF_HAS_BASES
derv->tpClass.tpcFlags & CF_HAS_BASES
Inappropriate I/O control operation
Inappropriate I/O control operation
Broken pipe
Broken pipe
Operation not permitted
Operation not permitted
%H:%M:%S
%H:%M:%S
%m/%d/%y
%m/%d/%y
%A, %B %d, %Y
%A, %B %d, %Y
d/d/d d:d:d.d
d/d/d d:d:d.d
An exception (X) occurred during DllEntryPoint or DllMain in module:
An exception (X) occurred during DllEntryPoint or DllMain in module:
xx.cpp
xx.cpp
varType->tpClass.tpcFlags & CF_HAS_DTOR
varType->tpClass.tpcFlags & CF_HAS_DTOR
varType->tpClass.tpcDtorAddr
varType->tpClass.tpcDtorAddr
(errPtr->ERRcInitDtc >= varType->tpClass.tpcDtorCount) || flags
(errPtr->ERRcInitDtc >= varType->tpClass.tpcDtorCount) || flags
memType->tpClass.tpcFlags & CF_HAS_DTOR
memType->tpClass.tpcFlags & CF_HAS_DTOR
varType->tpArr.tpaElemType->tpClass.tpcFlags & CF_HAS_DTOR
varType->tpArr.tpaElemType->tpClass.tpcFlags & CF_HAS_DTOR
dttPtr->dttType->tpPtr.tppBaseType->tpClass.tpcFlags & CF_HAS_DTOR
dttPtr->dttType->tpPtr.tppBaseType->tpClass.tpcFlags & CF_HAS_DTOR
IS_CLASS(dttPtr->dttType->tpMask) && (dttPtr->dttType->tpClass.tpcFlags & CF_HAS_DTOR)
IS_CLASS(dttPtr->dttType->tpMask) && (dttPtr->dttType->tpClass.tpcFlags & CF_HAS_DTOR)
elemType->tpClass.tpcFlags & CF_HAS_DTOR
elemType->tpClass.tpcFlags & CF_HAS_DTOR
Cv.SCv
Cv.SCv
Bv}.Bv
Bv}.Bv
ReportLevel
ReportLevel
GetCPInfo
GetCPInfo
GetProcessHeap
GetProcessHeap
GetWindowsDirectoryA
GetWindowsDirectoryA
RegCreateKeyExA
RegCreateKeyExA
RegFlushKey
RegFlushKey
SetViewportOrgEx
SetViewportOrgEx
ActivateKeyboardLayout
ActivateKeyboardLayout
EnumThreadWindows
EnumThreadWindows
EnumWindows
EnumWindows
GetKeyNameTextA
GetKeyNameTextA
GetKeyState
GetKeyState
GetKeyboardLayout
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutList
GetKeyboardState
GetKeyboardState
GetKeyboardType
GetKeyboardType
LoadKeyboardLayoutA
LoadKeyboardLayoutA
MapVirtualKeyA
MapVirtualKeyA
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
SetWindowsHookExA
SetWindowsHookExA
UnhookWindowsHookEx
UnhookWindowsHookEx
VprK|%Ud
VprK|%Ud
€00404
€00404
8 @ @ @ @ @
8 @ @ @ @ @
.text
.text
`.data
`.data
.idata
.idata
@.edata
@.edata
@.rsrc
@.rsrc
@.reloc
@.reloc
70"!(&&$
70"!(&&$
External exception %x
External exception %x
Interface not supported
Interface not supported
%s (%s, line %d)
%s (%s, line %d)
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
Win32 Error. Code: %d.
Win32 Error. Code: %d.
Invalid pointer operation
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Invalid class typecast0Access violation at address %p. %s of address %p
Operation aborted%Exception %s in module %s at %p.
Operation aborted%Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
Application Error1Format '%s' invalid or incompatible with argument
No argument for format '%s'
No argument for format '%s'
Invalid variant operation"Variant method calls not supported
Invalid variant operation"Variant method calls not supported
I/O error %d
I/O error %d
Integer overflow Invalid floating point operation
Integer overflow Invalid floating point operation
Invalid data type for '%s'
Invalid data type for '%s'
Failed to set data for '%s'
Failed to set data for '%s'
Failed to get data for '%s'/Menu '%s' is already being used by another form*Windows socket error: %s (%d), on API '%s'
Failed to get data for '%s'/Menu '%s' is already being used by another form*Windows socket error: %s (%d), on API '%s'
Asynchronous socket error %d
Asynchronous socket error %d
- Dock zone has no control%List does not allow duplicates ($0%x)!'%s' is not a valid integer value
- Dock zone has no control%List does not allow duplicates ($0%x)!'%s' is not a valid integer value
Alt Clipboard does not support Icons
Alt Clipboard does not support Icons
!Control '%s' has no parent window
!Control '%s' has no parent window
Error reading %s%s%s: %s
Error reading %s%s%s: %s
Ancestor for '%s' not found
Ancestor for '%s' not found
Unsupported clipboard format
Unsupported clipboard format
Class %s not found
Class %s not found
Resource %s not found
Resource %s not found
List index out of bounds (%d) List capacity out of bounds (%d)
List index out of bounds (%d) List capacity out of bounds (%d)
List count out of bounds (%d) Operation not allowed on sorted string list%String list does not allow duplicates#A component named %s already exists$''%s'' is not a valid component name
List count out of bounds (%d) Operation not allowed on sorted string list%String list does not allow duplicates#A component named %s already exists$''%s'' is not a valid component name
A class named %s already exists
A class named %s already exists
Cannot assign a %s to a %s
Cannot assign a %s to a %s
Cannot create file %s
Cannot create file %s
Cannot open file %s
Cannot open file %s
svchost.exe_3704:
.text
.text
`.data
`.data
.rsrc
.rsrc
@.reloc
@.reloc
msvcrt.dll
msvcrt.dll
API-MS-Win-Core-ProcessThreads-L1-1-0.dll
API-MS-Win-Core-ProcessThreads-L1-1-0.dll
KERNEL32.dll
KERNEL32.dll
NTDLL.DLL
NTDLL.DLL
API-MS-Win-Security-Base-L1-1-0.dll
API-MS-Win-Security-Base-L1-1-0.dll
API-MS-WIN-Service-Core-L1-1-0.dll
API-MS-WIN-Service-Core-L1-1-0.dll
API-MS-WIN-Service-winsvc-L1-1-0.dll
API-MS-WIN-Service-winsvc-L1-1-0.dll
RPCRT4.dll
RPCRT4.dll
ole32.dll
ole32.dll
ntdll.dll
ntdll.dll
_amsg_exit
_amsg_exit
RegCloseKey
RegCloseKey
RegOpenKeyExW
RegOpenKeyExW
GetProcessHeap
GetProcessHeap
svchost.pdb
svchost.pdb
version="5.1.0.0"
version="5.1.0.0"
name="Microsoft.Windows.Services.SvcHost"
name="Microsoft.Windows.Services.SvcHost"
Host Process for Windows Services
Host Process for Windows Services
Software\Microsoft\Windows NT\CurrentVersion\Svchost
Software\Microsoft\Windows NT\CurrentVersion\Svchost
Software\Microsoft\Windows NT\CurrentVersion\MgdSvchost
Software\Microsoft\Windows NT\CurrentVersion\MgdSvchost
\PIPE\
\PIPE\
Host Process for Windows Services
Host Process for Windows Services
6.1.7600.16385 (win7_rtm.090713-1255)
6.1.7600.16385 (win7_rtm.090713-1255)
svchost.exe
svchost.exe
Windows
Windows
Operating System
Operating System
6.1.7600.16385
6.1.7600.16385
DrvInst.exe_1272:
.text
.text
`.data
`.data
.rsrc
.rsrc
@.reloc
@.reloc
msvcrt.dll
msvcrt.dll
ntdll.dll
ntdll.dll
API-MS-Win-Core-Debug-L1-1-0.dll
API-MS-Win-Core-Debug-L1-1-0.dll
API-MS-Win-Core-ErrorHandling-L1-1-0.dll
API-MS-Win-Core-ErrorHandling-L1-1-0.dll
API-MS-Win-Core-File-L1-1-0.dll
API-MS-Win-Core-File-L1-1-0.dll
API-MS-Win-Core-Handle-L1-1-0.dll
API-MS-Win-Core-Handle-L1-1-0.dll
API-MS-Win-Core-Heap-L1-1-0.dll
API-MS-Win-Core-Heap-L1-1-0.dll
API-MS-Win-Core-Interlocked-L1-1-0.dll
API-MS-Win-Core-Interlocked-L1-1-0.dll
API-MS-Win-Core-IO-L1-1-0.dll
API-MS-Win-Core-IO-L1-1-0.dll
API-MS-Win-Core-LibraryLoader-L1-1-0.dll
API-MS-Win-Core-LibraryLoader-L1-1-0.dll
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
API-MS-Win-Core-Memory-L1-1-0.dll
API-MS-Win-Core-Memory-L1-1-0.dll
API-MS-Win-Core-Misc-L1-1-0.dll
API-MS-Win-Core-Misc-L1-1-0.dll
API-MS-Win-Core-ProcessThreads-L1-1-0.dll
API-MS-Win-Core-ProcessThreads-L1-1-0.dll
API-MS-Win-Core-Profile-L1-1-0.dll
API-MS-Win-Core-Profile-L1-1-0.dll
API-MS-Win-Core-String-L1-1-0.dll
API-MS-Win-Core-String-L1-1-0.dll
API-MS-Win-Core-Synch-L1-1-0.dll
API-MS-Win-Core-Synch-L1-1-0.dll
API-MS-Win-Core-SysInfo-L1-1-0.dll
API-MS-Win-Core-SysInfo-L1-1-0.dll
API-MS-Win-Security-Base-L1-1-0.dll
API-MS-Win-Security-Base-L1-1-0.dll
SETUPAPI.dll
SETUPAPI.dll
cfgmgr32.DLL
cfgmgr32.DLL
devrtl.DLL
devrtl.DLL
KERNEL32.dll
KERNEL32.dll
Exception in DRVINST.EXE HandleDeviceInstallEntry!, ExceptionCode = 0xlx
Exception in DRVINST.EXE HandleDeviceInstallEntry!, ExceptionCode = 0xlx
Exception in DRVINST.EXE wmain!, ExceptionCode = 0xlx
Exception in DRVINST.EXE wmain!, ExceptionCode = 0xlx
Driver package failed signature validation. Error = 0xX
Driver package failed signature validation. Error = 0xX
System restore disabled by policy. Error = 0xX
System restore disabled by policy. Error = 0xX
Unable to mark devices that match new INF - (x)!
Unable to mark devices that match new INF - (x)!
DRVINST.EXE: Entering debugger while %ws driver package to Driver Store.
DRVINST.EXE: Entering debugger while %ws driver package to Driver Store.
Ea~Cancel Windows Update search failed!
Ea~Cancel Windows Update search failed!
Received request to cancel Windows Update search.
Received request to cancel Windows Update search.
CancelWUOperation
CancelWUOperation
Error (x):Unexpected cancel wait failure!
Error (x):Unexpected cancel wait failure!
Error 0x%X opening up RunOnce key.
Error 0x%X opening up RunOnce key.
{Core Device Install - exit(0xx)}
{Core Device Install - exit(0xx)}
Queueing up error report since device installation failed...
Queueing up error report since device installation failed...
Policy is set to skip sending error report for additional software requested
Policy is set to skip sending error report for additional software requested
Additional software is requested so a WER report should be sent, but the sending of WER reports from drvinst has been suppressed.
Additional software is requested so a WER report should be sent, but the sending of WER reports from drvinst has been suppressed.
Queueing up error report since additional software is requested...
Queueing up error report since additional software is requested...
Policy is set to skip sending error report for generic device driver install
Policy is set to skip sending error report for generic device driver install
A generic driver was installed so a WER report should be sent, but the sending of WER reports from drvinst has been suppressed.
A generic driver was installed so a WER report should be sent, but the sending of WER reports from drvinst has been suppressed.
Queueing up error report since device driver is generic...
Queueing up error report since device driver is generic...
Queueing up error report since device has a PnP problem...
Queueing up error report since device has a PnP problem...
Device install status=0xx
Device install status=0xx
Error(x) installing device!
Error(x) installing device!
Enabling shuffle-move file queue operations.
Enabling shuffle-move file queue operations.
Error(x) determining installation policy for device!
Error(x) determining installation policy for device!
Error(x) creating drvinst install mutex!
Error(x) creating drvinst install mutex!
No driver found on Windows Update.
No driver found on Windows Update.
Failed to load download functions from search DLL! Error=%d
Failed to load download functions from search DLL! Error=%d
Selecting best match from Windows Update...
Selecting best match from Windows Update...
Failed to build driver list from WU package. Error=%d
Failed to build driver list from WU package. Error=%d
Found driver on Windows Update, downloading - %.1f MB...
Found driver on Windows Update, downloading - %.1f MB...
Windows Update driver search cancelled.
Windows Update driver search cancelled.
Error(x) opening WU cancel event!
Error(x) opening WU cancel event!
Error(x) creating WU search serialization mutex!
Error(x) creating WU search serialization mutex!
Failed to load search function from search DLL! Error=%d
Failed to load search function from search DLL! Error=%d
Searching Windows Update for drivers...
Searching Windows Update for drivers...
INF specified BasicDriverOk for this device, skipping Windows Update search.
INF specified BasicDriverOk for this device, skipping Windows Update search.
Failed to load WU search DLL! Error=%d
Failed to load WU search DLL! Error=%d
Failed to load initialization functions from search DLL! Error=%d
Failed to load initialization functions from search DLL! Error=%d
Skipping Windows Update because no internet connection!
Skipping Windows Update because no internet connection!
Device driver was updated during servicing, skipping Windows Update search.
Device driver was updated during servicing, skipping Windows Update search.
Driver Store import failed, failing install.
Driver Store import failed, failing install.
Error(x) creating cancel thread!
Error(x) creating cancel thread!
Error(x) opening cancel thread event!
Error(x) opening cancel thread event!
Error(x) creating end-cancel thread event!
Error(x) creating end-cancel thread event!
Error(x) creating Device Manager sync event!
Error(x) creating Device Manager sync event!
DRVINST.EXE: Entering debugger during PnP device installation.
DRVINST.EXE: Entering debugger during PnP device installation.
DRVINST.EXE: Waiting for debugger on Process ID = %d ...
DRVINST.EXE: Waiting for debugger on Process ID = %d ...
DRVINST.EXE: Unknown DebugInstall options, NOT breaking to debugger.
DRVINST.EXE: Unknown DebugInstall options, NOT breaking to debugger.
The system will restart in %d seconds in order to enforce device installation restriction policy.
The system will restart in %d seconds in order to enforce device installation restriction policy.
{Driver package policy check - exit(0xx)}
{Driver package policy check - exit(0xx)}
Driver Package importation is subject to policy
Driver Package importation is subject to policy
{Device installation policy check [%ws] exit(0xx)}
{Device installation policy check [%ws] exit(0xx)}
{Device Installation Restrictions Policy Check - exit(0xx)}
{Device Installation Restrictions Policy Check - exit(0xx)}
{Device Removal Initiated by Policy Change [%ws] exit(0xx)}
{Device Removal Initiated by Policy Change [%ws] exit(0xx)}
API-MS-Win-Security-SDDL-L1-1-0.dll
API-MS-Win-Security-SDDL-L1-1-0.dll
ADVAPI32.dll
ADVAPI32.dll
COMCTL32.dll
COMCTL32.dll
OS Version = %d.%d.%d
OS Version = %d.%d.%d
Service Pack = %d.%d
Service Pack = %d.%d
Suite = 0xx
Suite = 0xx
ProductType = %d
ProductType = %d
Architecture = %s
Architecture = %s
d/d/d
d/d/d
d:d:d.d
d:d:d.d
[Exit status: FAILURE(0xx)]
[Exit status: FAILURE(0xx)]
cmd: %s
cmd: %s
os: Version = %d.%d.%d, Service Pack = %d.%d, Suite = 0xx, ProductType = %d, Architecture = %s
os: Version = %d.%d.%d, Service Pack = %d.%d, Suite = 0xx, ProductType = %d, Architecture = %s
[Boot Session: d/d/d d:d:d.d]
[Boot Session: d/d/d d:d:d.d]
[%s - %s]
[%s - %s]
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
drvstore.dll
drvstore.dll
DrvInst.pdb
DrvInst.pdb
udPPj
udPPj
Ht.Ht
Ht.Ht
PSSSSSSh
PSSSSSSh
pServerImportDriverPackage
pServerImportDriverPackage
_amsg_exit
_amsg_exit
SetupDiReportDeviceInstallError
SetupDiReportDeviceInstallError
SetupDiReportAdditionalSoftwareRequested
SetupDiReportAdditionalSoftwareRequested
SetupDiReportGenericDriverInstalled
SetupDiReportGenericDriverInstalled
SetupDiReportPnPDeviceProblem
SetupDiReportPnPDeviceProblem
SetupDiReportDriverNotFoundError
SetupDiReportDriverNotFoundError
SetupDiOpenDevRegKey
SetupDiOpenDevRegKey
GetSystemWindowsDirectoryW
GetSystemWindowsDirectoryW
GetProcessHeap
GetProcessHeap
name="Microsoft.Windows.DrvInst"
name="Microsoft.Windows.DrvInst"
version="5.1.0.0"
version="5.1.0.0"
2"363;3@3
2"363;3@3
Global\DrvInst_CancelSearch_{86EC8168-ECD8-46ac-B312-AAE1DAF80BB8}
Global\DrvInst_CancelSearch_{86EC8168-ECD8-46ac-B312-AAE1DAF80BB8}
!%d-%d-%d
!%d-%d-%d
...
...
streamci.dll
streamci.dll
rundll32.exe
rundll32.exe
Software\Microsoft\Windows\CurrentVersion\RunOnce
Software\Microsoft\Windows\CurrentVersion\RunOnce
setupapi.dll
setupapi.dll
!DrvInst.exe_mutex_{5B10AC83-4F13-4fde-8C0B-B85681BA8D73}
!DrvInst.exe_mutex_{5B10AC83-4F13-4fde-8C0B-B85681BA8D73}
!DrvInst.exe_mutex_{6848E37B-F8FA-404d-AF21-279E723B6D35}
!DrvInst.exe_mutex_{6848E37B-F8FA-404d-AF21-279E723B6D35}
Software\Microsoft\Windows\CurrentVersion\Device Installer
Software\Microsoft\Windows\CurrentVersion\Device Installer
Software\Microsoft\Windows\CurrentVersion\Component Based Servicing\DoqInProgress
Software\Microsoft\Windows\CurrentVersion\Component Based Servicing\DoqInProgress
Software\Microsoft\Windows\CurrentVersion\DriverSearching
Software\Microsoft\Windows\CurrentVersion\DriverSearching
Software\Policies\Microsoft\Windows\DriverSearching
Software\Policies\Microsoft\Windows\DriverSearching
Software\Microsoft\Windows\CurrentVersion\DriverSearching\Plugin
Software\Microsoft\Windows\CurrentVersion\DriverSearching\Plugin
Software\Policies\Microsoft\Windows\DeviceInstall
Software\Policies\Microsoft\Windows\DeviceInstall
Software\Policies\Microsoft\Windows\DriverInstall
Software\Policies\Microsoft\Windows\DriverInstall
Registry Keys
Registry Keys
Software\Microsoft\Windows\CurrentVersion\Setup
Software\Microsoft\Windows\CurrentVersion\Setup
setupapi.offline.log
setupapi.offline.log
setupapi.dev.log
setupapi.dev.log
setupapi.app.log
setupapi.app.log
%s.ddd_ddd.%s
%s.ddd_ddd.%s
%s.????????_??????.%s
%s.????????_??????.%s
setupapi.ev3
setupapi.ev3
setupapi.ev2
setupapi.ev2
setupapi.ev1
setupapi.ev1
advapi32.dll
advapi32.dll
6.1.7600.16385 (win7_rtm.090713-1255)
6.1.7600.16385 (win7_rtm.090713-1255)
DrvInst.EXE
DrvInst.EXE
Windows
Windows
Operating System
Operating System
6.1.7600.16385
6.1.7600.16385
rundll32.exe_3876:
.text
.text
`.data
`.data
.rsrc
.rsrc
@.reloc
@.reloc
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
msvcrt.dll
msvcrt.dll
imagehlp.dll
imagehlp.dll
ntdll.dll
ntdll.dll
Av.TBv
Av.TBv
?.ulf
?.ulf
.ue9]
.ue9]
ole32.dll
ole32.dll
_amsg_exit
_amsg_exit
_wcmdln
_wcmdln
rundll32.pdb
rundll32.pdb
name="Microsoft.Windows.Shell.rundll32"
name="Microsoft.Windows.Shell.rundll32"
version="5.1.0.0"
version="5.1.0.0"
name="Microsoft.Windows.Shell.rundll32"
name="Microsoft.Windows.Shell.rundll32"
version="5.1.0.0"
version="5.1.0.0"
.....eZXnnnnnnnnnnnn3
.....eZXnnnnnnnnnnnn3
....eDXnnnnnnnnnnnn3
....eDXnnnnnnnnnnnn3
...eDXnnnnnnnnnnnn,
...eDXnnnnnnnnnnnn,
.eDXnnnnnnnnnnnn,
.eDXnnnnnnnnnnnn,
%Xnnnnnnnnnnnnnnn1
%Xnnnnnnnnnnnnnnn1
O3$dS7"%U9
O3$dS7"%U9
.manifest
.manifest
{00000000-0000-0000-0000-000000000000}
{00000000-0000-0000-0000-000000000000}
\\?\Volume
\\?\Volume
\\?\UNC\
\\?\UNC\
rundll32.exe
rundll32.exe
Windows host process (Rundll32)
Windows host process (Rundll32)
6.1.7600.16385 (win7_rtm.090713-1255)
6.1.7600.16385 (win7_rtm.090713-1255)
RUNDLL32.EXE
RUNDLL32.EXE
Windows
Windows
Operating System
Operating System
6.1.7600.16385
6.1.7600.16385
Explorer.EXE_2024_rwx_046C1000_00071000:
UDPSockError
UDPSockError
NMUDP
NMUDP
Errmsg
Errmsg
Port
Port
TNMUDP
TNMUDP
RemotePort
RemotePort
LocalPort
LocalPort
ReportLevelLkl
ReportLevelLkl
0.0.0.0
0.0.0.0
%d.%d.%d.%d
%d.%d.%d.%d
AutoHotkeys
AutoHotkeys
:].tJ
:].tJ
EInvalidGraphicOperation,0m
EInvalidGraphicOperation,0m
EInvalidGraphicOperation
EInvalidGraphicOperation
KeyPreview,
KeyPreview,
WindowState
WindowState
OnKeyDown
OnKeyDown
OnKeyPressdzn
OnKeyPressdzn
OnKeyUp
OnKeyUp
ssHotTrack
ssHotTrack
TWindowState
TWindowState
poProportional
poProportional
TWMKey
TWMKey
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
vcltest3.dll
vcltest3.dll
TDragOperation
TDragOperation
TKeyEvent
TKeyEvent
TKeyPressEvent
TKeyPressEvent
crSQLWait
crSQLWait
%s (%s)
%s (%s)
IMM32.DLL
IMM32.DLL
EInvalidOperation
EInvalidOperation
%s[%d]
%s[%d]
%s_%d
%s_%d
USER32.DLL
USER32.DLL
comctl32.dll
comctl32.dll
MSWHEEL_ROLLMSG
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
MSH_SCROLL_LINES_MSG
kernel32.dll
kernel32.dll
Portions Copyright (c) 1983,99 Borland
Portions Copyright (c) 1983,99 Borland
explorer.exe
explorer.exe
Software\Microsoft\Windows\CurrentVersion\Explorer
Software\Microsoft\Windows\CurrentVersion\Explorer
*.TMP
*.TMP
Kernel32.dll
Kernel32.dll
ADVAPI32.dll
ADVAPI32.dll
RegOpenKeyExA
RegOpenKeyExA
RegCloseKey
RegCloseKey
readbook.exe
readbook.exe
rundll32.exe
rundll32.exe
*.exe
*.exe
*.scr
*.scr
UdpT
UdpT
UdpOnDataReceived
UdpOnDataReceived
xxtype.cpp
xxtype.cpp
derv->tpClass.tpcFlags & CF_HAS_BASES
derv->tpClass.tpcFlags & CF_HAS_BASES
Inappropriate I/O control operation
Inappropriate I/O control operation
Broken pipe
Broken pipe
Operation not permitted
Operation not permitted
%H:%M:%S
%H:%M:%S
%m/%d/%y
%m/%d/%y
%A, %B %d, %Y
%A, %B %d, %Y
d/d/d d:d:d.d
d/d/d d:d:d.d
An exception (X) occurred during DllEntryPoint or DllMain in module:
An exception (X) occurred during DllEntryPoint or DllMain in module:
xx.cpp
xx.cpp
varType->tpClass.tpcFlags & CF_HAS_DTOR
varType->tpClass.tpcFlags & CF_HAS_DTOR
varType->tpClass.tpcDtorAddr
varType->tpClass.tpcDtorAddr
(errPtr->ERRcInitDtc >= varType->tpClass.tpcDtorCount) || flags
(errPtr->ERRcInitDtc >= varType->tpClass.tpcDtorCount) || flags
memType->tpClass.tpcFlags & CF_HAS_DTOR
memType->tpClass.tpcFlags & CF_HAS_DTOR
varType->tpArr.tpaElemType->tpClass.tpcFlags & CF_HAS_DTOR
varType->tpArr.tpaElemType->tpClass.tpcFlags & CF_HAS_DTOR
dttPtr->dttType->tpPtr.tppBaseType->tpClass.tpcFlags & CF_HAS_DTOR
dttPtr->dttType->tpPtr.tppBaseType->tpClass.tpcFlags & CF_HAS_DTOR
IS_CLASS(dttPtr->dttType->tpMask) && (dttPtr->dttType->tpClass.tpcFlags & CF_HAS_DTOR)
IS_CLASS(dttPtr->dttType->tpMask) && (dttPtr->dttType->tpClass.tpcFlags & CF_HAS_DTOR)
elemType->tpClass.tpcFlags & CF_HAS_DTOR
elemType->tpClass.tpcFlags & CF_HAS_DTOR
Cv.SCv
Cv.SCv
Bv}.Bv
Bv}.Bv
ReportLevel
ReportLevel
GetCPInfo
GetCPInfo
GetProcessHeap
GetProcessHeap
GetWindowsDirectoryA
GetWindowsDirectoryA
RegCreateKeyExA
RegCreateKeyExA
RegFlushKey
RegFlushKey
SetViewportOrgEx
SetViewportOrgEx
ActivateKeyboardLayout
ActivateKeyboardLayout
EnumThreadWindows
EnumThreadWindows
EnumWindows
EnumWindows
GetKeyNameTextA
GetKeyNameTextA
GetKeyState
GetKeyState
GetKeyboardLayout
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutList
GetKeyboardState
GetKeyboardState
GetKeyboardType
GetKeyboardType
LoadKeyboardLayoutA
LoadKeyboardLayoutA
MapVirtualKeyA
MapVirtualKeyA
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
SetWindowsHookExA
SetWindowsHookExA
UnhookWindowsHookEx
UnhookWindowsHookEx
VprK|%Ud
VprK|%Ud
€00404
€00404
8 @ @ @ @ @
8 @ @ @ @ @
.text
.text
`.data
`.data
.idata
.idata
@.edata
@.edata
@.rsrc
@.rsrc
@.reloc
@.reloc
70"!(&&$
70"!(&&$
External exception %x
External exception %x
Interface not supported
Interface not supported
%s (%s, line %d)
%s (%s, line %d)
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
Win32 Error. Code: %d.
Win32 Error. Code: %d.
Invalid pointer operation
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Invalid class typecast0Access violation at address %p. %s of address %p
Operation aborted%Exception %s in module %s at %p.
Operation aborted%Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
Application Error1Format '%s' invalid or incompatible with argument
No argument for format '%s'
No argument for format '%s'
Invalid variant operation"Variant method calls not supported
Invalid variant operation"Variant method calls not supported
I/O error %d
I/O error %d
Integer overflow Invalid floating point operation
Integer overflow Invalid floating point operation
Invalid data type for '%s'
Invalid data type for '%s'
Failed to set data for '%s'
Failed to set data for '%s'
Failed to get data for '%s'/Menu '%s' is already being used by another form*Windows socket error: %s (%d), on API '%s'
Failed to get data for '%s'/Menu '%s' is already being used by another form*Windows socket error: %s (%d), on API '%s'
Asynchronous socket error %d
Asynchronous socket error %d
- Dock zone has no control%List does not allow duplicates ($0%x)!'%s' is not a valid integer value
- Dock zone has no control%List does not allow duplicates ($0%x)!'%s' is not a valid integer value
Alt Clipboard does not support Icons
Alt Clipboard does not support Icons
!Control '%s' has no parent window
!Control '%s' has no parent window
Error reading %s%s%s: %s
Error reading %s%s%s: %s
Ancestor for '%s' not found
Ancestor for '%s' not found
Unsupported clipboard format
Unsupported clipboard format
Class %s not found
Class %s not found
Resource %s not found
Resource %s not found
List index out of bounds (%d) List capacity out of bounds (%d)
List index out of bounds (%d) List capacity out of bounds (%d)
List count out of bounds (%d) Operation not allowed on sorted string list%String list does not allow duplicates#A component named %s already exists$''%s'' is not a valid component name
List count out of bounds (%d) Operation not allowed on sorted string list%String list does not allow duplicates#A component named %s already exists$''%s'' is not a valid component name
A class named %s already exists
A class named %s already exists
Cannot assign a %s to a %s
Cannot assign a %s to a %s
Cannot create file %s
Cannot create file %s
Cannot open file %s
Cannot open file %s