1.1   API,   UserMode
  kernel32.dll,      .text
  ntdll.dll,      .text
  user32.dll,      .text
  advapi32.dll,      .text
  ws2_32.dll,      .text
  wininet.dll,      .text
  rasapi32.dll,      .text
  urlmon.dll,      .text
  netapi32.dll,      .text
1.2   API,   KernelMode
   
 SDT  (RVA=085700)
  ntkrnlpa.exe      804D7000
   SDT = 8055C700
   KiST = 80504450 (284)
 : 284, : 0, : 0
1.3  IDT  SYSENTER
    1
    2
  IDT  SYSENTER 
1.4     
   ,       AVZPM
   
1.5   IRP
\FileSystem\ntfs[IRP_MJ_CREATE] = 871621F8 ->   
\FileSystem\ntfs[IRP_MJ_CLOSE] = 871621F8 ->   
\FileSystem\ntfs[IRP_MJ_WRITE] = 871621F8 ->   
\FileSystem\ntfs[IRP_MJ_QUERY_INFORMATION] = 871621F8 ->   
\FileSystem\ntfs[IRP_MJ_SET_INFORMATION] = 871621F8 ->   
\FileSystem\ntfs[IRP_MJ_QUERY_EA] = 871621F8 ->   
\FileSystem\ntfs[IRP_MJ_SET_EA] = 871621F8 ->   
\FileSystem\ntfs[IRP_MJ_QUERY_VOLUME_INFORMATION] = 871621F8 ->   
\FileSystem\ntfs[IRP_MJ_SET_VOLUME_INFORMATION] = 871621F8 ->   
\FileSystem\ntfs[IRP_MJ_DIRECTORY_CONTROL] = 871621F8 ->   
\FileSystem\ntfs[IRP_MJ_FILE_SYSTEM_CONTROL] = 871621F8 ->   
\FileSystem\ntfs[IRP_MJ_DEVICE_CONTROL] = 871621F8 ->   
\FileSystem\ntfs[IRP_MJ_LOCK_CONTROL] = 871621F8 ->   
\FileSystem\ntfs[IRP_MJ_QUERY_SECURITY] = 871621F8 ->   
\FileSystem\ntfs[IRP_MJ_SET_SECURITY] = 871621F8 ->   
\FileSystem\ntfs[IRP_MJ_PNP] = 871621F8 ->   
  
  ,    (C:\WINDOWS\system32\DRIVERS\Ood08ogepw.sys)
      - 
  ,    (C:\WINDOWS\system32\DRIVERS\Ood08ogepw.sys)
      - 
  ,    (C:\WINDOWS\Temp\TCCpuInfo.sys)
      - 
  ,    (C:\WINDOWS\Temp\TCCpuInfo.sys)
      - 
  ,    (C:\UTIL\MaxAntiSpy\SSS.sys)
      - 
  ,    (C:\UTIL\MaxAntiSpy\SSS.sys)
      - 
     (C:\WINDOWS\system32\HookDLL.DLL)
   C:\WINDOWS\system32\HookDll.dll
     (C:\WINDOWS\system32\muangsys.dll)
   C:\WINDOWS\system32\muangsys.dll
  ,    (C:\WINDOWS\System32\Drivers\ak7cm1fn.SYS)
      - 
  ,    (C:\WINDOWS\System32\Drivers\ak7cm1fn.SYS)
      - 
  ,    (C:\WINDOWS\system32\csrcs.exe)
      - 
  ,    (C:\WINDOWS\system32\csrcs.exe)
      - 
 :C:\WINDOWS\system32\csrcs.exe
>>>   C:\WINDOWS\system32\csrcs.exe  
 :C:\UTIL\MaxAntiSpy\SSS.sys
>>>   C:\UTIL\MaxAntiSpy\SSS.sys  
 :C:\WINDOWS\Temp\TCCpuInfo.sys
>>>   C:\WINDOWS\Temp\TCCpuInfo.sys  
 :C:\WINDOWS\onfwbsak.dll
>>>   C:\WINDOWS\onfwbsak.dll  
 :C:\_ARCHIV\_PROGRAMS\HTTPTunnel 4.44.exe
>>>   C:\_ARCHIV\_PROGRAMS\HTTPTunnel 4.44.exe  
 :C:\_ARCHIV\_SYSTEM\WinXP\WINDOWS\_OLD\azentretien.dll
>>>   C:\_ARCHIV\_SYSTEM\WinXP\WINDOWS\_OLD\azentretien.dll  
 :C:\WINDOWS\system32\DRIVERS\Ood08ogepw.sys
>>>   C:\WINDOWS\system32\DRIVERS\Ood08ogepw.sys  
 /: Ood08ogepw
 /: MaxAntiSpyFilter
 /: TCCrystalCpuInfo
       
