Dubioses Absturzverhalten , neuer Virus ???

jotka66 · Jul 12, 2012

Hat vielleicht jemand Erfahrung mit folgender Problematik unter XP ???
Habe einen PC, der nicht mehr hochzufahren geht (XP). Sämtliche Optionen führen zu einem Bluescreen und den sofortigen Neustart. Die letzte Zeile die lesbar ist, beinhaltet mup.sys. Ganz dubios wird jedoch der Umstand dadurch, dass, wenn ich die Festplatte des betreffenden Rechners per USB an meinen Laptop zum Sichern der Daten anschließe, plötzlich permanent das DSL der Fritzbox zusammenbricht, an welcher mein Laptopn angeschlossen ist. Hänge ich die Festplatte wieder ab, funktioniert auch DSL nach kurzer Zeit wieder. Ist hier etwa was Neues in Umlauf ???

deoroller · Jul 12, 2012

Ist bei dem Windows-PC, bei dem die DSL-Verbindung abreißt nach dem Einstöpseln der USB-Platte der Autorun deaktiviert? Darüber kann sich Schadcode verbreiten.

mike_kilo · Jul 12, 2012

....Bluescreen und den sofortigen Neustart....
Click to expand...

den sofortigen Neustart kann man abstellen:
> http://www.dirks-computerecke.de/windows-xp/neustart-abschalten.htm
bzw. beim Booten F8 drücken und betreffende Menüoption beachten.

Eric March · Jul 12, 2012

Sämtliche Optionen führen zu einem Bluescreen und den sofortigen Neustart.
Click to expand...

→ Du weißt wie du in den Abgesicherten Modus wechselst? (F8 zur passenden Zeit drücken.) Auf der Seite gibts unten Notfalloptionen (noch mal F8). Wähle die und schalte den Automatischen Neustart aus. Dann siehst du den BSOD.

mup.sys.
Click to expand...

Sagt mir nix, das Dingens
Wir hätten gerne, so angegeben, EINEN_TITEL_OBEN nebst einem als schuldig bekrittelten Modul (mup.sys), mindestens aber die erste Gruppe hinter STOP:.

Ganz dubios wird jedoch der Umstand dadurch, dass, wenn ich die Festplatte des betreffenden Rechners per USB an meinen Laptop zum Sichern der Daten anschließe, plötzlich permanent das DSL der Fritzbox zusammenbricht, an welcher mein Laptopn angeschlossen ist. Hänge ich die Festplatte wieder ab, funktioniert auch DSL nach kurzer Zeit wieder. Ist hier etwa was Neues in Umlauf ???
Click to expand...

Ich tippe da schlicht auf eine Energiekrise. Die Platte zieht zu viel Leistung, das WLAN sitzt auf dem Trockenen und päng. Wenn ein aktiver (!) USB-Hub das Löst war das ein Treffer.
Dass auf der Platte Auto-Runs sind die nur bei Anwesenheit so was sabotieren sollte mich wundern.

Eric March

jotka66 · Jul 12, 2012

Du tippst also auf irgendeinen Schadcode, der da zaubert ??? Hast du eventuell weitere Angaben oder Tipps ???

deoroller · Jul 12, 2012

Das ist nur eine Möglichkeit mit Schadcode.
mup.sys habe ich über die Windows Suche auch bei mir gefunden und in den Dateieigenschaften wies sie als "Multiple UNC Provider driver" bezeichnet und befindet sich unter c:\windows\system32\drivers\.

Code:

********************************************************************
FileAlyzer © 2003-2011 Safer-Networking Ltd. All Rights Reserved.
********************************************************************


File: C:\WINDOWS\system32\drivers\mup.sys
Date: 12.07.2012 11:47:51


&OpenSBI
========================================
Advanced file parameters
----------------------------------------

&General
----------------------------------------
                                filename: mup.sys
                                filepath: C:\WINDOWS\system32\drivers\
                                filesize: 105472
                         timestamp[file]: 2008-04-13 22:47:06
                      timestampraw[file]: 388DB5E3
                               age[file]: 1551
                                 attribs: A+D-H-L-R-S-
                                 attribs: A+
                                 attribs: D-H-L-R-S-
                                filetype: PE
                                   crc32: DD0899D7
                                     md5: DE6A75F5C270E756C5508D94B6CF68F5
                                    sha1: 184E419A85CD67E70BB825251F81707DFC97BBC5
                             crc32[file]: DD0899D7
                               md5[file]: DE6A75F5C270E756C5508D94B6CF68F5
                              sha1[file]: 184E419A85CD67E70BB825251F81707DFC97BBC5

Security
----------------------------------------
                            sidowns[acl]: BA
                           userowns[acl]: Administratoren
                         sidlisted[dacl]: BU
                        userlisted[dacl]: Benutzer
                         sidlisted[dacl]: PU
                        userlisted[dacl]: Hauptbenutzer
                         sidlisted[dacl]: BA
                        userlisted[dacl]: Administratoren
                         sidlisted[dacl]: SY
                        userlisted[dacl]: SYSTEM

Version
----------------------------------------
                        exists[version]!: 0
                            md5[version]: 52B0EAB13A25C7FCEA494DB627C0C0C3
                           md5[verpart1]: 957309D51C606A13BF7DD0D9A674BB5E
                           md5[verpart2]: 385E548FFCCAD402230B505ADF0E3E84
                          field[version]: FileVersion|5.1.2600.6103 (xpsp_sp3_gdr.110421-1640)
                          field[version]: CompanyName|Microsoft Corporation
                          field[version]: InternalName|MUP.SYS
                          field[version]: LegalCopyright|© Microsoft Corporation. All rights reserved.
                          field[version]: OriginalFilename|MUP.SYS
                          field[version]: ProductName|Microsoft® Windows® Operating System
                          field[version]: ProductVersion|5.1.2600.6103
                          field[version]: FileDescription|Multiple UNC Provider driver

MZ Header
----------------------------------------
                  lastpagesize[mzheader]: 144
                totalpagecount[mzheader]: 3
               relocationitems[mzheader]: 0
                    paragraphs[mzheader]: 4
     mininumextraparagraphs[mzdosheader]: 0
     maximumextraparagraphs[mzdosheader]: 65535
        initialstacksegment[mzdosheader]: 0000
        initialstackpointer[mzdosheader]: 00B8
  initialinstructionpointer[mzdosheader]: 0000
         initialcodesegment[mzdosheader]: 0000
      relocationtableoffset[mzdosheader]: 0040
              overlaynumber[mzdosheader]: 0
            peheaderpointer[mzdosheader]: 000000E0

PE Header
----------------------------------------
                       machine[peheader]: 014C
                  sectioncount[peheader]: 7
            symboltablepointer[peheader]: 00000000
                   symbolcount[peheader]: 0
            optionalheadersize[peheader]: 224
               characteristics[peheader]: 010E
                     timestamp[peheader]: 2011-04-21 13:37:43
                  timestampraw[peheader]: 4DB03327
                    entrypoint[peheader]: 00017136
                      codesize[peheader]: 90624
           initializeddatasize[peheader]: 14080
         uninitializeddatasize[peheader]: 0
                      codebase[peheader]: 00000300
                      database[peheader]: 00003700
                      checksum[peheader]: 000263F6
                 linkerversion[peheader]: 7.10
                     imagebase[peheader]: 00010000
              sectionalignment[peheader]: 00000080
                 filealignment[peheader]: 00000080
                     osversion[peheader]: 5.1
                  imageversion[peheader]: 5.1
              subsystemversion[peheader]: 5.1
                  win32version[peheader]: 00000000
                     imagesize[peheader]: 105472
                   headerssize[peheader]: 768
                     subsystem[peheader]: 0001
            dllcharacteristics[peheader]: 0000
              stackreservesize[peheader]: 262144
               stackcommitsize[peheader]: 4096
               heapreservesize[peheader]: 1048576
                heapcommitsize[peheader]: 4096
                   loaderflags[peheader]: 00000000
              rvaandsizescount[peheader]: 16
         boundimportdiraddress[peheader]: 00000000
            boundimportdirsize[peheader]: 0
       comdescriptordiraddress[peheader]: 00000000
          comdescriptordirsize[peheader]: 0
            coprightdiraddress[peheader]: 00000000
               coprightdirsize[peheader]: 0
               debugdiraddress[peheader]: 000038AC
                  debugdirsize[peheader]: 56
         delayimportdiraddress[peheader]: 00000000
            delayimportdirsize[peheader]: 0
           exceptiondiraddress[peheader]: 00000000
              exceptiondirsize[peheader]: 0
              exportdiraddress[peheader]: 00000000
                 exportdirsize[peheader]: 0
           globalptrdiraddress[peheader]: 00000000
              globalptrdirsize[peheader]: 0
                 iatdiraddress[peheader]: 00003980
                    iatdirsize[peheader]: 524
              importdiraddress[peheader]: 00017548
                 importdirsize[peheader]: 60
          loadconfigdiraddress[peheader]: 00003E48
             loadconfigdirsize[peheader]: 64
          relocationdiraddress[peheader]: 00018700
             relocationdirsize[peheader]: 5308
            resourcediraddress[peheader]: 00018300
               resourcedirsize[peheader]: 1016
            securitydiraddress[peheader]: 00000000
               securitydirsize[peheader]: 0
                 tlsdiraddress[peheader]: 00000000
                    tlsdirsize[peheader]: 0

PE Sections
----------------------------------------
                           size[section]: .text-13952
                      size[sectionindex]: 0-13952
                            md5[section]: .text-BFC86D1157DEB253AC01C9A951FDFC37
                       md5[sectionindex]: 0-BFC86D1157DEB253AC01C9A951FDFC37
                physicaladdress[section]: .text-00000300
                   physicalsize[section]: .text-00003680
                 virtualaddress[section]: .text-00000300
                    virtualsize[section]: .text-00003608
                characteristics[section]: .text-68000020
           physicaladdress[sectionindex]: 0-00000300
              physicalsize[sectionindex]: 0-00003680
            virtualaddress[sectionindex]: 0-00000300
               virtualsize[sectionindex]: 0-00003608
           characteristics[sectionindex]: 0-68000020
                           size[section]: .rdata-1408
                      size[sectionindex]: 1-1408
                            md5[section]: .rdata-6C84A1BFF2AECD42F919967827B8172A
                       md5[sectionindex]: 1-6C84A1BFF2AECD42F919967827B8172A
                physicaladdress[section]: .rdata-00003980
                   physicalsize[section]: .rdata-00000580
                 virtualaddress[section]: .rdata-00003980
                    virtualsize[section]: .rdata-00000514
                characteristics[section]: .rdata-48000040
           physicaladdress[sectionindex]: 1-00003980
              physicalsize[sectionindex]: 1-00000580
            virtualaddress[sectionindex]: 1-00003980
               virtualsize[sectionindex]: 1-00000514
           characteristics[sectionindex]: 1-48000040
                           size[section]: .data-6272
                      size[sectionindex]: 2-6272
                            md5[section]: .data-5CD69ED817EAF361D2DA6AC602819ED4
                       md5[sectionindex]: 2-5CD69ED817EAF361D2DA6AC602819ED4
                physicaladdress[section]: .data-00003F00
                   physicalsize[section]: .data-00001880
                 virtualaddress[section]: .data-00003F00
                    virtualsize[section]: .data-0000184D
                characteristics[section]: .data-C8000040
           physicaladdress[sectionindex]: 2-00003F00
              physicalsize[sectionindex]: 2-00001880
            virtualaddress[sectionindex]: 2-00003F00
               virtualsize[sectionindex]: 2-0000184D
           characteristics[sectionindex]: 2-C8000040
                           size[section]: PAGE-71040
                      size[sectionindex]: 3-71040
                            md5[section]: PAGE-CBD2EEF80849CE44003378FF47A600E8
                       md5[sectionindex]: 3-CBD2EEF80849CE44003378FF47A600E8
                physicaladdress[section]: PAGE-00005780
                   physicalsize[section]: PAGE-00011580
                 virtualaddress[section]: PAGE-00005780
                    virtualsize[section]: PAGE-00011572
                characteristics[section]: PAGE-60000020
           physicaladdress[sectionindex]: 3-00005780
              physicalsize[sectionindex]: 3-00011580
            virtualaddress[sectionindex]: 3-00005780
               virtualsize[sectionindex]: 3-00011572
           characteristics[sectionindex]: 3-60000020
                           size[section]: INIT-5632
                      size[sectionindex]: 4-5632
                            md5[section]: INIT-0B6993E36140A6A534146A104D16D8E4
                       md5[sectionindex]: 4-0B6993E36140A6A534146A104D16D8E4
                physicaladdress[section]: INIT-00016D00
                   physicalsize[section]: INIT-00001600
                 virtualaddress[section]: INIT-00016D00
                    virtualsize[section]: INIT-000015E4
                characteristics[section]: INIT-E2000020
           physicaladdress[sectionindex]: 4-00016D00
              physicalsize[sectionindex]: 4-00001600
            virtualaddress[sectionindex]: 4-00016D00
               virtualsize[sectionindex]: 4-000015E4
           characteristics[sectionindex]: 4-E2000020
                           size[section]: .rsrc-1024
                      size[sectionindex]: 5-1024
                            md5[section]: .rsrc-4262ED8843A3F936D5D823557196AB94
                       md5[sectionindex]: 5-4262ED8843A3F936D5D823557196AB94
                physicaladdress[section]: .rsrc-00018300
                   physicalsize[section]: .rsrc-00000400
                 virtualaddress[section]: .rsrc-00018300
                    virtualsize[section]: .rsrc-000003F8
                characteristics[section]: .rsrc-42000040
           physicaladdress[sectionindex]: 5-00018300
              physicalsize[sectionindex]: 5-00000400
            virtualaddress[sectionindex]: 5-00018300
               virtualsize[sectionindex]: 5-000003F8
           characteristics[sectionindex]: 5-42000040
                           size[section]: .reloc-5376
                      size[sectionindex]: 6-5376
                            md5[section]: .reloc-6A3822632712ABAC2B2514E9B7E7A6B5
                       md5[sectionindex]: 6-6A3822632712ABAC2B2514E9B7E7A6B5
                physicaladdress[section]: .reloc-00018700
                   physicalsize[section]: .reloc-00001500
                 virtualaddress[section]: .reloc-00018700
                    virtualsize[section]: .reloc-000014BC
                characteristics[section]: .reloc-42000040
           physicaladdress[sectionindex]: 6-00018700
              physicalsize[sectionindex]: 6-00001500
            virtualaddress[sectionindex]: 6-00018700
               virtualsize[sectionindex]: 6-000014BC
           characteristics[sectionindex]: 6-42000040
                          size[sections]: 104704
                           md5[sections]: E81C6DD94651BF65E8611FF9BB2C3916
                         crc32[sections]: E0059D9B

PE Exports
----------------------------------------
                            md5[exports]: D41D8CD98F00B204E9800998ECF8427E


Streams
========================================
Invalid
----------------------------------------

Standard
----------------------------------------
  : 105472

Extended Attribute
----------------------------------------

Security
----------------------------------------
  : 148

Alternate
----------------------------------------

Hard link
----------------------------------------

Property
----------------------------------------

Object identifier
----------------------------------------

Reparse points
----------------------------------------

Sparse file
----------------------------------------


Security
========================================
Benutzer (VORDEFINIERT)
----------------------------------------
   ACE Type: ACCESS_ALLOWED_ACE_TYPE
  ACE Flags: INHERITED_ACE

Hauptbenutzer (VORDEFINIERT)
----------------------------------------
   ACE Type: ACCESS_ALLOWED_ACE_TYPE
  ACE Flags: INHERITED_ACE

Administratoren (VORDEFINIERT)
----------------------------------------
   ACE Type: ACCESS_ALLOWED_ACE_TYPE
  ACE Flags: INHERITED_ACE
     Rights: FILE_ALL_ACCESS

SYSTEM (NT-AUTORITÄT)
----------------------------------------
   ACE Type: ACCESS_ALLOWED_ACE_TYPE
  ACE Flags: INHERITED_ACE
     Rights: FILE_ALL_ACCESS


Hashes
========================================
Cyclic redundancy check
----------------------------------------
  CRC-32: Cyclic redundancy check, 32 bit: DD0899D7

Message-Digest algorithm
----------------------------------------
          MD5: Message-Digest algorithm 5: DE6A75F5C270E756C5508D94B6CF68F5

US Secure Hash Algorithm
----------------------------------------
        SHA-1: US Secure Hash Algorithm 1: 184E419A85CD67E70BB825251F81707DFC97BBC5

RACE Integrity Primitives Evaluation MD
----------------------------------------

HAVAL
----------------------------------------

Sapphire
----------------------------------------

Other
----------------------------------------

Other
----------------------------------------


Version
========================================
Englisch (USA) (1033/1200)
----------------------------------------
       File Version: 5.1.2600.6103 (xpsp_sp3_gdr.110421-1640)
       Company name: Microsoft Corporation
      Internal name: MUP.SYS
          Copyright: © Microsoft Corporation. All rights reserved.
  Original filename: MUP.SYS
       Product name: Microsoft® Windows® Operating System
    Product version: 5.1.2600.6103
   File description: Multiple UNC Provider driver


MZ Header
========================================
MZ header
----------------------------------------
                    Signature: 5A4D
               Last Page Size: 0090
          Total Pages In File: 0003
             Relocation Items: 0000
                   Paragraphs: 0004

MZ DOS header
----------------------------------------
         Min Extra Paragraphs: 0000
         Max Extra Paragraphs: FFFF
        Initial Stack Segment: 0000
        Initial Stack Pointer: 00B8
          Checksum for Header: 0000
  Initial Instruction Pointer: 0000
         Initial Code Segment: 0000
      Relocation Table Offset: 0040
               Overlay Number: 00000
                  Reserved #0: 00000000
                  Reserved #1: 00000000
                  Reserved #2: 00000000
                  Reserved #3: 00000000
                  Reserved #4: 00000000
                  Reserved #5: 00000000
                  Reserved #6: 00000000
                  Reserved #7: 00000000
            PE Header Pointer: 000000E0


PE Header
========================================
PE header
----------------------------------------
                       Signature: 00004550
                         Machine: 014C, Intel 386
              Number of sections: 0007
         Time/Date stamp (local): 4DB03327, 2011-04-21 15:37:43
           Time/Date stamp (UTC): 4DB03327, 2011-04-21 13:37:43
         Pointer to symbol table: 00000000
               Number of symbols: 00000000
         Size of optional header: 00E0
                 Characteristics: 010E, Executable, Line Numbers Stripped, Local Symbols Stripped, 32bit Machine Expected

PE32 optional header
----------------------------------------
                           Magic: 010B
       Version of Linker (major): 07
       Version of Linker (minor): 0A
                    Size of code: 00016200
        Size of initialized data: 00003700
      Size of uninitialized data: 00000000
          Address of entry point: 00017136
                    Base of code: 00000300
                    Base of data: 00003700
                      Image base: 00010000
               Section alignment: 00000080
                  File alignment: 00000080
              OS version (major): 0005, Windows XP
              OS version (minor): 0001
           Image version (major): 0005
           Image version (minor): 0001
      Sub system version (major): 0005
      Sub system version (minor): 0001
                   Win32 version: 00000000
                   Size of image: 00019C00
                 Size of headers: 00000300
                        Checksum: 000263F6, does match file contents
                      Sub system: 0001, No subsystem required
             DLL characteristics: 0000, 
           Size of stack reserve: 00040000
            Size of stack commit: 00001000
            Size of heap reserve: 00100000
             Size of heap commit: 00001000
                    Loader flags: 00000000
                   Number of RVA: 00000010

PE32+ optional header
----------------------------------------

PE32/PE32+ optional directories
----------------------------------------
        Export Directory Address: 00000000
           Export Directory Size: 00000000
        Import Directory Address: 00017548
           Import Directory Size: 0000003C
      Resource Directory Address: 00018300
         Resource Directory Size: 000003F8
     Exception Directory Address: 00000000
        Exception Directory Size: 00000000
      Security Directory Address: 00000000
         Security Directory Size: 00000000
    Relocation Directory Address: 00018700
       Relocation Directory Size: 000014BC
         Debug Directory Address: 000038AC
            Debug Directory Size: 00000038
     Coypright Directory Address: 00000000
        Coypright Directory Size: 00000000
    Global Ptr Directory Address: 00000000
       Global Ptr Directory Size: 00000000
   Thread L. S. DirectoryAddress: 00000000
     Thread L. S. Directory Size: 00000000
   Load Config Directory Address: 00003E48
      Load Config Directory Size: 00000040
  Bound Import Directory Address: 00000000
     Bound Import Directory Size: 00000000
           IAT Directory Address: 00003980
              IAT Directory Size: 0000020C
            Delay Import Address: 00000000
               Delay Import Size: 00000000
          COM Descriptor Address: 00000000
             COM Descriptor Size: 00000000

PE32 relocation table
----------------------------------------

PE32 thread local storage table
----------------------------------------

PE32+ thread local storage table
----------------------------------------

PE32 load config table
----------------------------------------

PE32+ load config table
----------------------------------------


PE Sections
========================================
PE sections
----------------------------------------
   .text: 00003608, 00000300, 00003680, 00000300, 68000020, 05A2E901, BFC86D1157DEB253AC01C9A951FDFC37, Code, Not Paged, Execute Access, Read Access
  .rdata: 00000514, 00003980, 00000580, 00003980, 48000040, B5964E89, 6C84A1BFF2AECD42F919967827B8172A, Initialized Data, Not Paged, Read Access
   .data: 0000184D, 00003F00, 00001880, 00003F00, C8000040, 1D4B9BC4, 5CD69ED817EAF361D2DA6AC602819ED4, Initialized Data, Not Paged, Read Access, Write Access
    PAGE: 00011572, 00005780, 00011580, 00005780, 60000020, F8302F4B, CBD2EEF80849CE44003378FF47A600E8, Code, Execute Access, Read Access
    INIT: 000015E4, 00016D00, 00001600, 00016D00, E2000020, 7FF0A086, 0B6993E36140A6A534146A104D16D8E4, * Code, Discardable, Execute Access, Read Access, Write Access
   .rsrc: 000003F8, 00018300, 00000400, 00018300, 42000040, 5823A236, 4262ED8843A3F936D5D823557196AB94, Initialized Data, Discardable, Read Access
  .reloc: 000014BC, 00018700, 00001500, 00018700, 42000040, 23505D2D, 6A3822632712ABAC2B2514E9B7E7A6B5, Initialized Data, Discardable, Read Access


PE Imports
========================================
HAL.dll (3)
----------------------------------------
                       KfReleaseSpinLock: 000177A8, ?, +, +, +, +, ?, ?, +, +, +, +, +, +, ?, ?
                        KeGetCurrentIrql: 000177BC, ?, +, +, +, +, ?, ?, +, +, +, +, +, +, ?, ?
                       KfAcquireSpinLock: 000177D0, ?, +, +, +, +, ?, ?, +, +, +, +, +, +, ?, ?

ntoskrnl.exe (126)
----------------------------------------
                                 ZwClose: 000177E4, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                   ExReleaseResourceLite: 000177EE, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
          ExAcquireResourceExclusiveLite: 00017806, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                       KeQuerySystemTime: 00017828, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                  RtlRemoveUnicodePrefix: 0001783C, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                      IofCompleteRequest: 00017856, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                     IoRemoveShareAccess: 0001786C, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                           ExRaiseStatus: 00017882, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                        _except_handler3: 00017892, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                   KeLeaveCriticalRegion: 000178A6, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                   KeEnterCriticalRegion: 000178BE, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                   SeQuerySessionIdToken: 000178D6, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                      IoCheckShareAccess: 000178EE, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                                 memmove: 00017904, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                   KeWaitForSingleObject: 0001790E, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                           IofCallDriver: 00017926, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                  RtlInsertUnicodePrefix: 00017936, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                IoGetRelatedDeviceObject: 00017950, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
               ObReferenceObjectByHandle: 0001796C, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                            IoCreateFile: 00017988, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                              KeSetEvent: 00017998, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                 RtlCompareUnicodeString: 000179A6, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
             ExAcquireResourceSharedLite: 000179C0, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                               IoFreeIrp: 000179DE, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                       KeInitializeEvent: 000179EA, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                    RtlFindUnicodePrefix: 000179FE, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                               _wcsnicmp: 00017A16, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                               IoFreeMdl: 00017A22, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                           MmUnlockPages: 00017A2E, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                         ExQueueWorkItem: 00017A3E, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                     MmProbeAndLockPages: 00017A50, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                           IoAllocateMdl: 00017A66, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
              ExAllocatePoolWithQuotaTag: 00017A76, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                            ProbeForRead: 00017A94, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                           IoAllocateIrp: 00017AA4, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                                 NtClose: 00017AB4, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                              NtOpenFile: 00017ABE, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                   _abnormal_termination: 00017ACC, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                      KeGetCurrentThread: 00017AE4, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
              RtlInitializeUnicodePrefix: 00017AFA, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                    KeInitializeSpinLock: 00017B18, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                ExInitializeResourceLite: 00017B30, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                    ExDeleteResourceLite: 00017B4C, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                          IoDeleteDevice: 00017B64, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                         ZwQueryValueKey: 00017B76, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                               ZwOpenKey: 00017B88, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                IoWMIRegistrationControl: 00017B94, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                          IoCreateDevice: 00017BB0, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                    RtlInitUnicodeString: 00017BC2, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                   RtlEqualUnicodeString: 00017BDA, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                                  wcslen: 00017BF2, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                RtlAppendUnicodeToString: 00017BFC, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                                  wcschr: 00017C18, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                             RtlCopyLuid: 00017C22, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                            ZwCreateFile: 00017C30, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
          RtlAppendUnicodeStringToString: 00017C40, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                            KeResetEvent: 00017C62, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                     IoGetCurrentProcess: 00017C72, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                IoIsOperationSynchronous: 00017C88, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                        IoSetShareAccess: 00017CA4, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                  RtlPrefixUnicodeString: 00017CB8, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                    ObfDereferenceObject: 00017CD2, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                         ZwFsControlFile: 00017CEA, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                    RtlCopyUnicodeString: 00017CFC, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
              ObReferenceObjectByPointer: 00017D14, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
          ExConvertExclusiveToSharedLite: 00017D32, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
         PsDereferenceImpersonationToken: 00017D54, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
               PsDereferencePrimaryToken: 00017D76, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                             SeTokenType: 00017D92, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                  PsRestoreImpersonation: 00017DA0, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                  PsDisableImpersonation: 00017DBA, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                   SeImpersonateClientEx: 00017DD4, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
              PsAssignImpersonationToken: 00017DEC, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                      KeReleaseSemaphore: 00017E0A, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                  SeCreateClientSecurity: 00017E20, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                    RtlGetCallersAddress: 00017E3A, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                 FsRtlIsNtstatusExpected: 00017E52, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                  IoUnregisterFileSystem: 00017E6C, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
             ExDeleteNPagedLookasideList: 00017E86, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                             IoStopTimer: 00017EA4, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
               ZwQueryInformationProcess: 00017EB2, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                            IoStartTimer: 00017ECE, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                       IoInitializeTimer: 00017EDE, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
          IoRegisterShutdownNotification: 00017EF2, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                    IoRegisterFileSystem: 00017F14, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
         ExInitializeNPagedLookasideList: 00017F2C, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                       MmQuerySystemSize: 00017F4E, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                   KeInitializeSemaphore: 00017F62, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
  FsRtlRegisterFileSystemFilterCallbacks: 00017F7A, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                 ZwCreateDirectoryObject: 00017FA4, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                         FsRtlMdlReadDev: 00017FBE, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                 FsRtlMdlReadCompleteDev: 00017FD0, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                 FsRtlPrepareMdlWriteDev: 00017FEA, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                FsRtlMdlWriteCompleteDev: 00018004, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                        IoSetTopLevelIrp: 00018020, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                 IoGetRequestorSessionId: 00018034, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                           ProbeForWrite: 0001804E, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                    IoWriteErrorLogEntry: 0001805E, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                 IoAllocateErrorLogEntry: 00018076, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                          RtlEqualString: 00018090, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
              ZwCreateSymbolicLinkObject: 000180A2, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                                  wcscpy: 000180C0, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                   ZwMakeTemporaryObject: 000180CA, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                ZwOpenSymbolicLinkObject: 000180E2, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
               RtlIntegerToUnicodeString: 000180FE, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                              _snwprintf: 0001811A, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                   ObMakeTemporaryObject: 00018128, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                        RtlCompareMemory: 00018140, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                               RtlRandom: 00018154, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                  KeUnstackDetachProcess: 00018160, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                    KeStackAttachProcess: 0001817A, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                ExAcquireFastMutexUnsafe: 00018192, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                ExReleaseFastMutexUnsafe: 000181AE, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                    RtlUpcaseUnicodeChar: 000181CA, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                              ZwOpenFile: 000181E2, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                InterlockedPopEntrySList: 000181F0, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
               InterlockedPushEntrySList: 0001820C, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                 SeReleaseSubjectContext: 00018228, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
            SeQueryAuthenticationIdToken: 00018242, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                 SeCaptureSubjectContext: 00018262, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                             KeTickCount: 0001827C, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                       ExFreePoolWithTag: 0001828A, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                   ExAllocatePoolWithTag: 0001829E, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                                DbgPrint: 000182B6, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                            KeBugCheckEx: 000182C2, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
                         IoWMIWriteEvent: 000182D2, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a


PE Exports
========================================
Header
----------------------------------------

Exports
----------------------------------------


PE Resources
========================================
RT_VERSION
----------------------------------------
  1: 0409


Compatibility
========================================
Windows Versions we know about
----------------------------------------
                Windows 95 OSR 2/2.1 (Build: 1111)  B: 4.0.1111
          Windows NT 4.0 (Build: 1381) Service Pack 1: 4.0.1381
          Windows NT 4.0 (Build: 1381) Service Pack 3: 4.0.1381
          Windows NT 4.0 (Build: 1381) Service Pack 4: 4.0.1381
          Windows NT 4.0 (Build: 1381) Service Pack 6: 4.0.1381
                          Windows 98 (Build: 2222)  A: 4.10.2222
                             Windows ME (Build: 3000): 4.90.3000
            Windows 2000 (Build: 2195) Service Pack 1: 5.0.2195
            Windows 2000 (Build: 2195) Service Pack 2: 5.0.2195
            Windows 2000 (Build: 2195) Service Pack 3: 5.0.2195
            Windows 2000 (Build: 2195) Service Pack 4: 5.0.2195
              Windows XP (Build: 2600) Service Pack 1: 5.1.2600
              Windows XP (Build: 2600) Service Pack 2: 5.1.2600
      Windows 2003/XPx64 (Build: 3790) Service Pack 1: 5.2.3790
      Windows 2003/XPx64 (Build: 3790) Service Pack 2: 5.2.3790

Groups
----------------------------------------

Unsupported on Windows 95 OSR 2/2.1 (Build: 1111)  B
----------------------------------------

Unsupported on Windows NT 4.0 (Build: 1381) Service Pack 1
----------------------------------------

Unsupported on Windows NT 4.0 (Build: 1381) Service Pack 3
----------------------------------------

Unsupported on Windows NT 4.0 (Build: 1381) Service Pack 4
----------------------------------------

Unsupported on Windows NT 4.0 (Build: 1381) Service Pack 6
----------------------------------------

Unsupported on Windows 98 (Build: 2222)  A
----------------------------------------

Unsupported on Windows ME (Build: 3000)
----------------------------------------

Unsupported on Windows 2000 (Build: 2195) Service Pack 1
----------------------------------------

Unsupported on Windows 2000 (Build: 2195) Service Pack 2
----------------------------------------

Unsupported on Windows 2000 (Build: 2195) Service Pack 3
----------------------------------------

Unsupported on Windows 2000 (Build: 2195) Service Pack 4
----------------------------------------

Unsupported on Windows XP (Build: 2600) Service Pack 1
----------------------------------------

Unsupported on Windows XP (Build: 2600) Service Pack 2
----------------------------------------

Unsupported on Windows 2003/XPx64 (Build: 3790) Service Pack 1
----------------------------------------

Unsupported on Windows 2003/XPx64 (Build: 3790) Service Pack 2
----------------------------------------

Functions without information available
----------------------------------------
                                 ntoskrnl.exe:ZwClose: 
                   ntoskrnl.exe:ExReleaseResourceLite: 
          ntoskrnl.exe:ExAcquireResourceExclusiveLite: 
                       ntoskrnl.exe:KeQuerySystemTime: 
                  ntoskrnl.exe:RtlRemoveUnicodePrefix: 
                      ntoskrnl.exe:IofCompleteRequest: 
                     ntoskrnl.exe:IoRemoveShareAccess: 
                           ntoskrnl.exe:ExRaiseStatus: 
                        ntoskrnl.exe:_except_handler3: 
                   ntoskrnl.exe:KeLeaveCriticalRegion: 
                   ntoskrnl.exe:KeEnterCriticalRegion: 
                   ntoskrnl.exe:SeQuerySessionIdToken: 
                      ntoskrnl.exe:IoCheckShareAccess: 
                                 ntoskrnl.exe:memmove: 
                   ntoskrnl.exe:KeWaitForSingleObject: 
                           ntoskrnl.exe:IofCallDriver: 
                  ntoskrnl.exe:RtlInsertUnicodePrefix: 
                ntoskrnl.exe:IoGetRelatedDeviceObject: 
               ntoskrnl.exe:ObReferenceObjectByHandle: 
                            ntoskrnl.exe:IoCreateFile: 
                              ntoskrnl.exe:KeSetEvent: 
                 ntoskrnl.exe:RtlCompareUnicodeString: 
             ntoskrnl.exe:ExAcquireResourceSharedLite: 
                               ntoskrnl.exe:IoFreeIrp: 
                       ntoskrnl.exe:KeInitializeEvent: 
                    ntoskrnl.exe:RtlFindUnicodePrefix: 
                               ntoskrnl.exe:_wcsnicmp: 
                               ntoskrnl.exe:IoFreeMdl: 
                           ntoskrnl.exe:MmUnlockPages: 
                         ntoskrnl.exe:ExQueueWorkItem: 
                     ntoskrnl.exe:MmProbeAndLockPages: 
                           ntoskrnl.exe:IoAllocateMdl: 
              ntoskrnl.exe:ExAllocatePoolWithQuotaTag: 
                            ntoskrnl.exe:ProbeForRead: 
                           ntoskrnl.exe:IoAllocateIrp: 
                                 ntoskrnl.exe:NtClose: 
                              ntoskrnl.exe:NtOpenFile: 
                   ntoskrnl.exe:_abnormal_termination: 
                      ntoskrnl.exe:KeGetCurrentThread: 
              ntoskrnl.exe:RtlInitializeUnicodePrefix: 
                    ntoskrnl.exe:KeInitializeSpinLock: 
                ntoskrnl.exe:ExInitializeResourceLite: 
                    ntoskrnl.exe:ExDeleteResourceLite: 
                          ntoskrnl.exe:IoDeleteDevice: 
                         ntoskrnl.exe:ZwQueryValueKey: 
                               ntoskrnl.exe:ZwOpenKey: 
                ntoskrnl.exe:IoWMIRegistrationControl: 
                          ntoskrnl.exe:IoCreateDevice: 
                    ntoskrnl.exe:RtlInitUnicodeString: 
                   ntoskrnl.exe:RtlEqualUnicodeString: 
                                  ntoskrnl.exe:wcslen: 
                ntoskrnl.exe:RtlAppendUnicodeToString: 
                                  ntoskrnl.exe:wcschr: 
                             ntoskrnl.exe:RtlCopyLuid: 
                            ntoskrnl.exe:ZwCreateFile: 
          ntoskrnl.exe:RtlAppendUnicodeStringToString: 
                            ntoskrnl.exe:KeResetEvent: 
                     ntoskrnl.exe:IoGetCurrentProcess: 
                ntoskrnl.exe:IoIsOperationSynchronous: 
                        ntoskrnl.exe:IoSetShareAccess: 
                  ntoskrnl.exe:RtlPrefixUnicodeString: 
                    ntoskrnl.exe:ObfDereferenceObject: 
                         ntoskrnl.exe:ZwFsControlFile: 
                    ntoskrnl.exe:RtlCopyUnicodeString: 
              ntoskrnl.exe:ObReferenceObjectByPointer: 
          ntoskrnl.exe:ExConvertExclusiveToSharedLite: 
         ntoskrnl.exe:PsDereferenceImpersonationToken: 
               ntoskrnl.exe:PsDereferencePrimaryToken: 
                             ntoskrnl.exe:SeTokenType: 
                  ntoskrnl.exe:PsRestoreImpersonation: 
                  ntoskrnl.exe:PsDisableImpersonation: 
                   ntoskrnl.exe:SeImpersonateClientEx: 
              ntoskrnl.exe:PsAssignImpersonationToken: 
                      ntoskrnl.exe:KeReleaseSemaphore: 
                  ntoskrnl.exe:SeCreateClientSecurity: 
                    ntoskrnl.exe:RtlGetCallersAddress: 
                 ntoskrnl.exe:FsRtlIsNtstatusExpected: 
                  ntoskrnl.exe:IoUnregisterFileSystem: 
             ntoskrnl.exe:ExDeleteNPagedLookasideList: 
                             ntoskrnl.exe:IoStopTimer: 
               ntoskrnl.exe:ZwQueryInformationProcess: 
                            ntoskrnl.exe:IoStartTimer: 
                       ntoskrnl.exe:IoInitializeTimer: 
          ntoskrnl.exe:IoRegisterShutdownNotification: 
                    ntoskrnl.exe:IoRegisterFileSystem: 
         ntoskrnl.exe:ExInitializeNPagedLookasideList: 
                       ntoskrnl.exe:MmQuerySystemSize: 
                   ntoskrnl.exe:KeInitializeSemaphore: 
  ntoskrnl.exe:FsRtlRegisterFileSystemFilterCallbacks: 
                 ntoskrnl.exe:ZwCreateDirectoryObject: 
                         ntoskrnl.exe:FsRtlMdlReadDev: 
                 ntoskrnl.exe:FsRtlMdlReadCompleteDev: 
                 ntoskrnl.exe:FsRtlPrepareMdlWriteDev: 
                ntoskrnl.exe:FsRtlMdlWriteCompleteDev: 
                        ntoskrnl.exe:IoSetTopLevelIrp: 
                 ntoskrnl.exe:IoGetRequestorSessionId: 
                           ntoskrnl.exe:ProbeForWrite: 
                    ntoskrnl.exe:IoWriteErrorLogEntry: 
                 ntoskrnl.exe:IoAllocateErrorLogEntry: 
                          ntoskrnl.exe:RtlEqualString: 
              ntoskrnl.exe:ZwCreateSymbolicLinkObject: 
                                  ntoskrnl.exe:wcscpy: 
                   ntoskrnl.exe:ZwMakeTemporaryObject: 
                ntoskrnl.exe:ZwOpenSymbolicLinkObject: 
               ntoskrnl.exe:RtlIntegerToUnicodeString: 
                              ntoskrnl.exe:_snwprintf: 
                   ntoskrnl.exe:ObMakeTemporaryObject: 
                        ntoskrnl.exe:RtlCompareMemory: 
                               ntoskrnl.exe:RtlRandom: 
                  ntoskrnl.exe:KeUnstackDetachProcess: 
                    ntoskrnl.exe:KeStackAttachProcess: 
                ntoskrnl.exe:ExAcquireFastMutexUnsafe: 
                ntoskrnl.exe:ExReleaseFastMutexUnsafe: 
                    ntoskrnl.exe:RtlUpcaseUnicodeChar: 
                              ntoskrnl.exe:ZwOpenFile: 
                ntoskrnl.exe:InterlockedPopEntrySList: 
               ntoskrnl.exe:InterlockedPushEntrySList: 
                 ntoskrnl.exe:SeReleaseSubjectContext: 
            ntoskrnl.exe:SeQueryAuthenticationIdToken: 
                 ntoskrnl.exe:SeCaptureSubjectContext: 
                             ntoskrnl.exe:KeTickCount: 
                       ntoskrnl.exe:ExFreePoolWithTag: 
                   ntoskrnl.exe:ExAllocatePoolWithTag: 
                                ntoskrnl.exe:DbgPrint: 
                            ntoskrnl.exe:KeBugCheckEx: 
                         ntoskrnl.exe:IoWMIWriteEvent: 


Classification Sources
========================================
Whitelists
----------------------------------------

Blacklists
----------------------------------------
  Malware Hash Registry (Team Cymru): n/a, n/a

Mixed lists
----------------------------------------


VirusTotal
========================================
Meta Information
----------------------------------------
  Lookup ID (md5): DE6A75F5C270E756C5508D94B6CF68F5
          Results: none

Results
----------------------------------------

Log in or Sign up

Dubioses Absturzverhalten , neuer Virus ???

jotka66 ROM

deoroller Wandelndes Forum

mike_kilo Ganzes Gigabyte

Eric March CD-R 80

jotka66 ROM

deoroller Wandelndes Forum

Share This Page