Fieser Virus sucht mich heim... |
||
|---|---|---|
| #0
| ||
|
07.04.2011, 18:32
...neu hier
Beiträge: 4 |
||
 
|
|
|
|
07.04.2011, 18:33
...neu hier
Themenstarter Beiträge: 4 |
#2
GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-07 18:19:12 Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Scsi\nvidesm1Port0Path1Target0Lun0 ST316002 rev.3.04 Running: ttedxx17.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\afadrkob.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xB07C65FA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xB07C6EFE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xB07C7D32] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xB07C827C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateFile [0xB07C71DA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateKey [0xB07C546A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xB07C8162] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xB07C61E8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xB07C8036] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xB07C6390] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xB07C839C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xB07C6B86] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xB07C80CC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xB07C9A84] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xB07C5A74] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xB07C5E28] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xB07C765C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xB07CAC90] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xB07C5F74] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xB07C600C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwFsControlFile [0xB07C746A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xB07C9B76] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xB07C5446] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xB07C5458] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xB07CA2DE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xB07C6138] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xB07C8312] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenFile [0xB07C6F80] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenKey [0xB07C562A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xB07C81F2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xB07C6836] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xB07CA078] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xB07C8432] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xB07C6728] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xB07C60A4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xB07C5CDC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xB07CA618] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xB07C5906] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xB07C9F0A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xB07C5B96] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xB07C4E80] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xB07C8796] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xB07C865C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xB07C981E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xB07C51F8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xB07CAB32] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xB07C4E18] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xB07C7A78] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xB07C6DA2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xB07C90BE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSecurityObject [0xB07C9D14] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xB07CA768] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xB07C5780] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xB07CA85A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xB07CA994] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xB07C99A8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xB07C69D2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xB07C6932] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xB07CA4BC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xB07C6ABC] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwAcceptConnectPort [0x80586691] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwAccessCheck [0x805706EF] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwAccessCheckAndAuditAlarm [0x80579B71] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwAccessCheckByType [0x80580B5C] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwAccessCheckByTypeAndAuditAlarm [0x80598FF7] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwAccessCheckByTypeResultList [0x80636B80] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwAccessCheckByTypeResultListAndAuditAlarm [0x80638D05] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwAccessCheckByTypeResultListAndAuditAlarmByHandle [0x80638D4E] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwAddAtom [0x8057641C] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwAddBootEntry [0x8064755B] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwAdjustGroupsToken [0x80636347] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwAlertResumeThread [0x8062E4EC] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwAlertThread [0x8057998C] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwAllocateLocallyUniqueId [0x8059055E] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwAllocateUserPhysicalPages [0x8062561F] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwAllocateUuids [0x80595801] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwAllocateVirtualMemory [0x80568777] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwAreMappedFilesTheSame [0x805DA3FD] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwAssignProcessToJobObject [0x805A4567] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwCallbackReturn [0x804E3340] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwCancelDeviceWakeupRequest [0x80647547] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwCancelIoFile [0x805CBCA2] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwCancelTimer [0x804F9F8F] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwClearEvent [0x80566C11] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwCloseObjectAuditAlarm [0x805989A7] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwCompactKeys [0x8064D537] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwCompareTokens [0x80582410] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwCompleteConnectPort [0x80580562] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwCompressKey [0x8064D7A5] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwContinue [0x804E28FF] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateDebugObject [0x80658494] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateDirectoryObject [0x805A4A04] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateEventPair [0x80647BAC] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateIoCompletion [0x80597EED] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateJobObject [0x805AD39A] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateJobSet [0x8062E993] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateMailslotFile [0x805DA312] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreatePagingFile [0x805BD9D8] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateProcess [0x805B3543] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateProcessEx [0x805885D3] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateProfile [0x806481CD] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateSymbolicLinkObject [0x805A27B0] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateTimer [0x805DF0B0] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateToken [0x805AAD09] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwDebugContinue [0x80659767] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwDelayExecution [0x80565FE1] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwDeleteAtom [0x805796B4] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwDeleteFile [0x805D8CF7] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwDeleteObjectAuditAlarm [0x80638DA5] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwDisplayString [0x805C10E1] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwDuplicateToken [0x8057D3F7] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwEnumerateSystemEnvironmentValuesEx [0x80647533] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwExtendSection [0x80624448] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwFilterToken [0x805B2D2D] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwFindAtom [0x80598095] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwFlushBuffersFile [0x805797B4] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwFlushInstructionCache [0x805769AB] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwFlushKey [0x80594925] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwFlushVirtualMemory [0x8059B83B] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwFlushWriteBuffer [0x80625E7F] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwFreeUserPhysicalPages [0x806259D4] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwFreeVirtualMemory [0x80568FC4] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwGetContextThread [0x805DC5B0] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwGetDevicePowerState [0x8062ACE3] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwGetPlugPlayEvent [0x805A1173] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwGetWriteWatch [0x8053B0EF] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwImpersonateAnonymousToken [0x80596925] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwImpersonateClientOfPort [0x80581B6A] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwImpersonateThread [0x8057C33A] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwInitializeRegistry [0x805A5A4D] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwInitiatePowerAction [0x8062AAAF] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwIsProcessInJob [0x8062E84B] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwIsSystemResumeAutomatic [0x8062ACCA] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwListenPort [0x805ACE2A] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwLockFile [0x80584301] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwLockProductActivationKeys [0x805B2EFD] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwLockRegistryKey [0x805D5933] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwLockVirtualMemory [0x805B236A] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwMakePermanentObject [0x805A2A81] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwMakeTemporaryObject [0x805A2C6E] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwMapUserPhysicalPages [0x80624B13] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwMapUserPhysicalPagesScatter [0x80624FE2] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwNotifyChangeDirectoryFile [0x80582C94] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwNotifyChangeMultipleKeys [0x80582AA6] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenDirectoryObject [0x80587840] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenEventPair [0x80647C9D] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenIoCompletion [0x8061557F] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenJobObject [0x8062EBE9] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenObjectAuditAlarm [0x8059AC32] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenProcessToken [0x8056C8FC] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenProcessTokenEx [0x8056CAF5] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenSymbolicLinkObject [0x8058770C] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenThreadToken [0x8056C383] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenThreadTokenEx [0x8056C2F1] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenTimer [0x80647AD3] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwPlugPlayControl [0x80595DEC] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwPowerInformation [0x8059E8D7] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwPrivilegeCheck [0x80597207] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwPrivilegeObjectAuditAlarm [0x80595670] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwPrivilegedServiceAuditAlarm [0x805AD13E] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwProtectVirtualMemory [0x8057494D] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwPulseEvent [0x805A4EEE] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryAttributesFile [0x80571ECB] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryDebugFilterState [0x804F3BDD] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryDefaultLocale [0x8056676E] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryDefaultUILanguage [0x80586F59] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryDirectoryFile [0x80574DAD] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryDirectoryObject [0x8058D55D] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryEaFile [0x80615A00] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryEvent [0x805878BD] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryFullAttributesFile [0x8057B349] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryInformationAtom [0x805D8720] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryInformationFile [0x80572D12] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryInformationJobObject [0x805896BC] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryInformationPort [0x80621F19] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryInformationProcess [0x8056C537] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryInformationThread [0x80566D06] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryInformationToken [0x8056DEAB] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryInstallUILanguage [0x80580509] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryIntervalProfile [0x8064867F] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryIoCompletion [0x80615640] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryMutant [0x80648006] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryObject [0x80587E10] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryOpenSubKeys [0x8064D15E] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryPerformanceCounter [0x80567041] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryQuotaInformationFile [0x806162C3] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwQuerySecurityObject [0x805970A2] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwQuerySemaphore [0x80646DFF] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwQuerySymbolicLinkObject [0x8058757D] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwQuerySystemEnvironmentValue [0x80647583] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwQuerySystemEnvironmentValueEx [0x80647520] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwQuerySystemInformation [0x8057CC27] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwQuerySystemTime [0x80597D9C] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryTimer [0x805DE777] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryTimerResolution [0x8058B9E6] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryVirtualMemory [0x8056CBF3] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryVolumeInformationFile [0x8057188F] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwRaiseException [0x804E294C] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwRaiseHardError [0x80646B3B] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwReadFile [0x80571B30] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwReadFileScatter [0x805DB7A8] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwReadRequestData [0x805821C2] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwReadVirtualMemory [0x8057BFD1] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwRegisterThreadTerminatePort [0x8057F9AF] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwReleaseMutant [0x8056604C] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwReleaseSemaphore [0x80579463] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwRemoveIoCompletion [0x80566AB2] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwRemoveProcessDebug [0x806596E1] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwReplyWaitReceivePortEx [0x8056A210] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwReplyWaitReplyPort [0x80621FF8] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwRequestDeviceWakeup [0x8062AC57] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwRequestPort [0x805DF2BF] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwRequestWakeupLatency [0x8062AA50] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwResetEvent [0x805DCBAF] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwResetWriteWatch [0x8053B57A] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwResumeProcess [0x8062E48C] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwSaveKeyEx [0x8064C4EF] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwSaveMergedKeys [0x8064C5C3] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetDebugFilterState [0x8065B228] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetDefaultHardErrorPort [0x805D668F] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetDefaultLocale [0x805B0A35] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetDefaultUILanguage [0x805B09DC] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetEaFile [0x80615F4D] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetEvent [0x80569CCE] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetEventBoostPriority [0x80577275] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetHighEventPair [0x80647F91] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetHighWaitLowEventPair [0x80647EB5] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetInformationDebugObject [0x80659081] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetInformationFile [0x80579E7E] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetInformationJobObject [0x805AD4EE] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetInformationKey [0x8064CABB] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetInformationObject [0x8058042E] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetInformationProcess [0x8056C608] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetInformationThread [0x80576E5D] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetIntervalProfile [0x806481AB] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetIoCompletion [0x80576D12] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetLdtEntries [0x8062D573] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetLowEventPair [0x80647F27] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetLowWaitHighEventPair [0x80647E43] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetQuotaInformationFile [0x8061629B] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetSystemEnvironmentValue [0x80647820] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetSystemPowerState [0x8066608F] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetSystemTime [0x80646487] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetThreadExecutionState [0x8059C19F] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetTimer [0x804E5D2B] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetTimerResolution [0x80595BCF] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetUuidSeed [0x805AD2EA] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetVolumeInformationFile [0x806167DF] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwShutdownSystem [0x80645BD3] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwSignalAndWaitForSingleObject [0x80500906] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwStartProfile [0x80648414] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwStopProfile [0x806485CD] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwTerminateJobObject [0x8062ED63] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwTestAlert [0x8057F3BC] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwTraceEvent [0x805453B8] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwTranslateFilePath [0x8064756F] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwUnloadDriver [0x80618B6E] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwUnloadKey [0x8064C689] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwUnloadKeyEx [0x8064C886] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwUnlockFile [0x80584461] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwUnlockVirtualMemory [0x80625EF3] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwVdmControl [0x805B9B48] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwWaitForDebugEvent [0x80658DD0] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwWaitForMultipleObjects [0x805662B1] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwWaitForSingleObject [0x80565A0B] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwWaitHighEventPair [0x80647DD9] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwWaitLowEventPair [0x80647D6F] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwWriteFile [0x8057A125] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwWriteFileGather [0x805DB3DE] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwWriteRequestData [0x805823AE] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwYieldExecution [0x804FC679] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateKeyedEvent [0x805CDF0C] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenKeyedEvent [0x8058A043] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwReleaseKeyedEvent [0x80648BA1] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwWaitForKeyedEvent [0x80648E3C] SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryPortInformationProcess [0x8062C033] ---- Kernel code sections - GMER 1.0.15 ---- ? \WINDOWS\system32\ntoskrnl.exe kernel module suspicious modification Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe! 804DB4F0 1 Byte [90] .text ntoskrnl.exe! + 22F 804DC032 18 Bytes [E0, 25, 7F, FF, FF, FF, 0F, ...] .text ntoskrnl.exe! + 247 804DC04A 1 Byte [00] .text ntoskrnl.exe! + C95 804DF16A 1 Byte [06] .text ntoskrnl.exe! + 7B 804E2D4C 4 Bytes [FA, 65, 7C, B0] .text ... .text ntoskrnl.exe!ExIsResourceAcquiredExclusiveLite + B 804E9070 25 Bytes [FA, 8B, 4D, 08, 32, D2, F6, ...] .text ntoskrnl.exe!ExIsResourceAcquiredExclusiveLite + 25 804E908A 4 Bytes [0F, 84, 0D, D3] .text ntoskrnl.exe!ExIsResourceAcquiredExclusiveLite + 2B 804E9090 5 Bytes [FF, 05, 74, A6, 55] .text ntoskrnl.exe!ExIsResourceAcquiredExclusiveLite + 31 804E9096 28 Bytes JMP 804E81EB \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) .text ntoskrnl.exe!FsRtlCheckOplock + D 804E90B3 10 Bytes [57, 8B, 38, 85, FF, 0F, 85, ...] .text ntoskrnl.exe!FsRtlCheckOplock + 18 804E90BE 7 Bytes [8B, 45, FC, 5F, C9, C2, 14] .text ntoskrnl.exe!FsRtlCheckOplock + 20 804E90C6 6 Bytes [90, 90, FF, FF, FF, FF] .text ntoskrnl.exe!FsRtlCheckOplock + 2A 804E90D0 3 Bytes [A0, 41, 5F] .text ntoskrnl.exe!FsRtlCheckOplock + 2E 804E90D4 11 Bytes [90, 90, 90, 90, FF, FF, FF, ...] .text ... .text ntoskrnl.exe!CcRemapBcb + 19 804E913A 9 Bytes [66, 3D, FD, 02, 0F, 84, 15, ...] .text ntoskrnl.exe!CcRemapBcb + 23 804E9144 5 Bytes [FF, 15, 68, 76, 4D] .text ntoskrnl.exe!CcRemapBcb + 29 804E914A 11 Bytes [66, FF, 46, 08, 8A, C8, FF, ...] .text ntoskrnl.exe!CcRemapBcb + 35 804E9156 9 Bytes [8B, C6, 83, C8, 01, 5E, 5D, ...] .text ntoskrnl.exe!CcRemapBcb + 3F 804E9160 17 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text ntoskrnl.exe!ExAcquireSharedWaitForExclusive + E 804E9173 17 Bytes [8B, F8, FA, 8B, 75, 08, 33, ...] .text ntoskrnl.exe!ExAcquireSharedWaitForExclusive + 20 804E9185 22 Bytes [33, DB, 43, 89, 7E, 20, 89, ...] .text ntoskrnl.exe!ExAcquireSharedWaitForExclusive + 37 804E919C 14 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text ntoskrnl.exe! + B 804E91AC 4 Bytes [8D, 88, 48, 02] .text ntoskrnl.exe! + 11 804E91B2 12 Bytes CALL A51F87BC .text ntoskrnl.exe! + 1E 804E91BF 11 Bytes [75, 0A, 6A, 20, 5A, F0, 09, ...] .text ntoskrnl.exe! + 2A 804E91CB 20 Bytes [6A, DF, 5A, F0, 21, 11, EB, ...] .text ntoskrnl.exe! + 3F 804E91E0 3 Bytes [D2, 5C, 5E] .text ... .text ntoskrnl.exe!ExFreeToPagedLookasideList + 19 804EA3CB 11 Bytes CALL 804E2A16 \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) .text ntoskrnl.exe!ExFreeToPagedLookasideList + 25 804EA3D7 50 Bytes [8B, 55, 0C, 8B, CE, E8, 49, ...] .text ntoskrnl.exe!ExAllocateFromPagedLookasideList + 1B 804EA40B 4 Bytes [5E, 5D, C2, 04] .text ntoskrnl.exe!ExAllocateFromPagedLookasideList + 20 804EA410 7 Bytes [FF, FF, FF, FF, 09, 00, 60] .text ntoskrnl.exe!ExAllocateFromPagedLookasideList + 28 804EA418 3 Bytes [1C, 00, 60] {SBB AL, 0x0; PUSHA } .text ntoskrnl.exe!ExAllocateFromPagedLookasideList + 2C 804EA41C 7 Bytes [FF, FF, FF, FF, 26, 00, 60] .text ntoskrnl.exe!ExAllocateFromPagedLookasideList + 34 804EA424 3 Bytes [39, 00, 60] {CMP [EAX], EAX; PUSHA } .text ... .text ntoskrnl.exe! + 1A 804EA453 5 Bytes [80, 3D, 50, 34, 55] .text ntoskrnl.exe! + 21 804EA45A 5 Bytes [0F, 85, FF, B3, 03] .text ntoskrnl.exe! + 27 804EA460 2 Bytes [B8, 01] .text ntoskrnl.exe! + 2C 804EA465 11 Bytes [8B, 4D, 08, 0F, C1, 01, 33, ...] .text ntoskrnl.exe! + 38 804EA471 14 Bytes [90, 90, 90, 90, 90, 90, 90, ...] .text ... .text ntoskrnl.exe!ExAllocatePoolWithTagPriority + 16 804EB337 36 Bytes [83, FB, 20, 74, 14, F6, 45, ...] .text ntoskrnl.exe!ExAllocatePoolWithTagPriority + 3B 804EB35C 5 Bytes [5E, 5B, 5D, C2, 10] .text ntoskrnl.exe!ExAllocatePoolWithTagPriority + 41 804EB362 2 Bytes [8D, 86] .text ntoskrnl.exe!ExAllocatePoolWithTagPriority + 45 804EB366 1 Byte [20] .text ntoskrnl.exe!ExAllocatePoolWithTagPriority + 45 804EB366 10 Bytes [20, 00, 3B, C2, 76, 91, E9, ...] .text ... .text ntoskrnl.exe! + 33 804EB66D 11 Bytes [8B, CF, D2, E0, 08, 02, 5F, ...] .text ntoskrnl.exe! + 3F 804EB679 8 Bytes [90, 90, 90, 90, 90, 90, 90, ...] .text ntoskrnl.exe! + 48 804EB682 1 Byte [01] .text ntoskrnl.exe! + 48 804EB682 3 Bytes [01, 00, 02] .text ntoskrnl.exe! + 4C 804EB686 1 Byte [01] .text ... .text ntoskrnl.exe!FsRtlInitializeFileLock + F 804ECC99 11 Bytes [89, 08, 8B, 4D, 10, 89, 48, ...] .text ntoskrnl.exe!FsRtlInitializeFileLock + 1B 804ECCA5 3 Bytes [5D, C2, 0C] .text ntoskrnl.exe!FsRtlInitializeFileLock + 1F 804ECCA9 13 Bytes [3B, CB, 0F, 86, 50, F3, FF, ...] .text ntoskrnl.exe!FsRtlInitializeFileLock + 2D 804ECCB7 11 Bytes [0F, 84, 44, F3, FF, FF, 80, ...] .text ntoskrnl.exe!FsRtlInitializeFileLock + 3A 804ECCC4 19 Bytes [0F, 84, 37, F3, FF, FF, 8B, ...] .text ... .text ntoskrnl.exe! + 1D 804ECD7C 20 Bytes [80, E1, F4, 80, F9, 04, 89, ...] .text ntoskrnl.exe! + 32 804ECD91 5 Bytes [FF, 15, 50, 76, 4D] .text ntoskrnl.exe! + 38 804ECD97 8 Bytes [38, 43, 01, 0F, 85, DC, 11, ...] .text ntoskrnl.exe! + 41 804ECDA0 4 Bytes [64, A1, 24, 01] .text ntoskrnl.exe! + 47 804ECDA6 7 Bytes [3B, F0, 0F, 85, E3, 11, 03] .text ... .text ntoskrnl.exe!CcFlushCache + 2D 804ED940 8 Bytes [8B, 5D, 0C, 81, FB, F8, 6C, ...] .text ntoskrnl.exe!CcFlushCache + 36 804ED949 9 Bytes [89, 38, 89, 78, 04, 0F, 84, ...] .text ntoskrnl.exe!CcFlushCache + 41 804ED954 4 Bytes [C7, 45, E8, 01] .text ntoskrnl.exe!CcFlushCache + 48 804ED95B 5 Bytes [FF, 15, 68, 76, 4D] .text ntoskrnl.exe!CcFlushCache + 4E 804ED961 17 Bytes [8A, C8, 8B, 45, 08, 8B, 70, ...] .text ... .text ntoskrnl.exe! + 13 804EDB32 10 Bytes [8B, 40, 08, 85, C0, 0F, 84, ...] .text ntoskrnl.exe! + 1E 804EDB3D 3 Bytes [5D, C2, 04] .text ntoskrnl.exe! + 22 804EDB41 25 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text ntoskrnl.exe! + 3D 804EDB5C 11 Bytes [8B, 5E, 08, 89, 7D, FC, 3B, ...] .text ntoskrnl.exe! + 4B 804EDB6A 3 Bytes [8B, 83, B0] .text ... .text ntoskrnl.exe!FsRtlLookupLargeMcbEntry + 7 804EE5EE 18 Bytes CALL 804E2A92 \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) .text ntoskrnl.exe!FsRtlLookupLargeMcbEntry + 1A 804EE601 15 Bytes [33, DB, 89, 5D, FC, 8D, 45, ...] .text ntoskrnl.exe!FsRtlLookupLargeMcbEntry + 2C 804EE613 7 Bytes [84, C0, 0F, 84, 5C, C6, 02] .text ntoskrnl.exe!FsRtlLookupLargeMcbEntry + 34 804EE61B 27 Bytes [8B, 7D, 14, 8B, 4D, E0, 3B, ...] .text ntoskrnl.exe!FsRtlLookupLargeMcbEntry + 50 804EE637 5 Bytes [3B, CB, 0F, 85, E1] .text ... .text ntoskrnl.exe! + 24 804EE79F 39 Bytes [0F, B7, C8, 56, 8B, F1, C1, ...] .text ntoskrnl.exe! + 4C 804EE7C7 11 Bytes [66, 89, 42, 02, 88, 5A, 23, ...] .text ntoskrnl.exe! + 59 804EE7D4 4 Bytes [8A, 80, 65, 01] .text ntoskrnl.exe! + 5F 804EE7DA 10 Bytes [88, 42, 26, 8D, 42, 10, 89, ...] .text ntoskrnl.exe! + 6A 804EE7E5 31 Bytes [8B, 45, F8, 8D, 04, C0, 8D, ...] .text ... .text ntoskrnl.exe!ExIsResourceAcquiredSharedLite + C 804EE842 11 Bytes [FA, 8B, 4D, 08, 39, 41, 18, ...] .text ntoskrnl.exe!ExIsResourceAcquiredSharedLite + 19 804EE84F 25 Bytes [39, 41, 20, 74, 15, 8B, 49, ...] .text ntoskrnl.exe!ExIsResourceAcquiredSharedLite + 33 804EE869 28 Bytes [8B, 79, 24, EB, F3, 90, 90, ...] .text ntoskrnl.exe! + 13 804EE886 10 Bytes [66, 8B, 46, 06, A8, 08, 0F, ...] .text ntoskrnl.exe! + 1F 804EE892 7 Bytes [F6, C4, 40, 0F, 85, 5E, 7A] .text ntoskrnl.exe! + 28 804EE89B 10 Bytes [3E, A1, 20, F0, DF, FF, 8B, ...] .text ntoskrnl.exe! + 34 804EE8A7 28 Bytes [66, 8B, 51, 04, FF, 41, 14, ...] .text ntoskrnl.exe! + 51 804EE8C4 23 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text ... .text ntoskrnl.exe!ExReleaseResourceForThreadLite + 18 804F04E6 16 Bytes [8B, 55, 0C, 33, F6, 8D, 48, ...] .text ntoskrnl.exe!ExReleaseResourceForThreadLite + 29 804F04F7 33 Bytes [FF, 49, 04, 75, 1D, 33, DB, ...] .text ntoskrnl.exe!ExReleaseResourceForThreadLite + 4B 804F0519 7 Bytes [FB, 5F, 5E, 5B, 5D, C2, 08] .text ntoskrnl.exe!ExReleaseResourceForThreadLite + 53 804F0521 13 Bytes [8B, 7D, C8, 03, 7D, 08, 8B, ...] .text ntoskrnl.exe!ExReleaseResourceForThreadLite + 61 804F052F 110 Bytes [58, 11, 45, CC, 03, 0A, 89, ...] .text ... .text ntoskrnl.exe!CcGetDirtyPages + 7 804F061A 21 Bytes CALL 804E2A92 \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) .text ntoskrnl.exe!CcGetDirtyPages + 1D 804F0630 8 Bytes [88, 45, B0, 8B, 3D, 40, 6D, ...] .text ntoskrnl.exe!CcGetDirtyPages + 26 804F0639 19 Bytes [83, C7, 9C, 89, 5D, FC, 8B, ...] .text ntoskrnl.exe!CcGetDirtyPages + 3D 804F0650 3 Bytes [12, 9C, 51] .text ntoskrnl.exe!CcGetDirtyPages + 41 804F0654 8 Bytes [8D, 4D, A8, FF, 15, 5C, 76, ...] .text ... .text ntoskrnl.exe!ExDisableResourceBoostLite + 12 804F0855 14 Bytes [89, 0F, EB, 66, 66, 81, 38, ...] .text ntoskrnl.exe!ExDisableResourceBoostLite + 21 804F0864 27 Bytes [EB, 66, 90, 90, 90, 90, 90, ...] .text ntoskrnl.exe!ExDisableResourceBoostLite + 3E 804F0881 1 Byte [08] .text ntoskrnl.exe!ExDisableResourceBoostLite + 3E 804F0881 20 Bytes [08, 00, 6A, 01, 13, CB, 51, ...] .text ntoskrnl.exe!ExDisableResourceBoostLite + 53 804F0896 68 Bytes CALL 84AD41AB .text ... .text ntoskrnl.exe!ExAcquireSharedStarveExclusive + D 804F0C76 10 Bytes [8B, F8, FA, 8B, 75, 08, 66, ...] .text ntoskrnl.exe!ExAcquireSharedStarveExclusive + 18 804F0C81 4 Bytes [0F, 85, 40, 55] .text ntoskrnl.exe!ExAcquireSharedStarveExclusive + 1E 804F0C87 7 Bytes [89, 7E, 20, C7, 46, 24, 01] .text ntoskrnl.exe!ExAcquireSharedStarveExclusive + 28 804F0C91 5 Bytes [66, C7, 46, 0C, 01] .text ntoskrnl.exe!ExAcquireSharedStarveExclusive + 2E 804F0C97 8 Bytes [B0, 01, FB, 5F, 5E, 5D, C2, ...] .text ... .text ntoskrnl.exe!ExSetResourceOwnerPointer + C 804F0E29 13 Bytes [FA, 8B, 75, 08, F6, 46, 0E, ...] .text ntoskrnl.exe!ExSetResourceOwnerPointer + 1A 804F0E37 8 Bytes [39, 46, 20, 0F, 85, FB, 6D, ...] .text ntoskrnl.exe!ExSetResourceOwnerPointer + 23 804F0E40 11 Bytes [8B, 45, 0C, 89, 46, 20, FB, ...] .text ntoskrnl.exe!ExSetResourceOwnerPointer + 2F 804F0E4C 9 Bytes [F6, 45, 1C, 08, 0F, 85, DE, ...] .text ntoskrnl.exe!ExSetResourceOwnerPointer + 39 804F0E56 30 Bytes [8B, 0B, 89, 4D, AC, 8B, 53, ...] .text ... .text ntoskrnl.exe!CcSetDirtyPinnedData + F 804F0F88 19 Bytes [66, 81, 38, FA, 02, 8D, 4D, ...] .text ntoskrnl.exe!CcSetDirtyPinnedData + 23 804F0F9C 11 Bytes [8B, 45, 08, 56, 8B, 30, 85, ...] .text ntoskrnl.exe!CcSetDirtyPinnedData + 31 804F0FAA 15 Bytes [53, 8B, 5D, 0C, 57, 8B, 7E, ...] .text ntoskrnl.exe!CcSetDirtyPinnedData + 43 804F0FBC 11 Bytes [8D, 55, EC, 89, 75, F8, FF, ...] .text ntoskrnl.exe!CcSetDirtyPinnedData + 4F 804F0FC8 3 Bytes [80, 7E, 02] .text ... .text ntoskrnl.exe!CcSetFileSizes + 37 804F123A 23 Bytes [8B, 5D, 08, 8A, C8, 8B, 43, ...] .text ntoskrnl.exe!CcSetFileSizes + 4F 804F1252 8 Bytes [39, 7E, 78, 0F, 84, 0D, 38, ...] .text ntoskrnl.exe!CcSetFileSizes + 58 804F125B 13 Bytes [8B, 45, F4, 3B, 46, 1C, 7C, ...] .text ntoskrnl.exe!CcSetFileSizes + 66 804F1269 11 Bytes [8B, 45, F0, 3B, 46, 18, 0F, ...] .text ntoskrnl.exe!CcSetFileSizes + 72 804F1275 16 Bytes [FF, 46, 04, 8B, 5D, FC, 3B, ...] .text ... .text ntoskrnl.exe!CcGetFlushedValidData + 15 804F132C 23 Bytes [8B, 45, 08, 8B, 70, 04, 39, ...] .text ntoskrnl.exe!CcGetFlushedValidData + 2E 804F1345 8 Bytes [38, 5D, 0C, 0F, 84, 90, 80, ...] .text ntoskrnl.exe!CcGetFlushedValidData + 37 804F134E 11 Bytes [8B, 55, FC, 8B, C7, 5F, 5E, ...] .text ntoskrnl.exe!CcGetFlushedValidData + 43 804F135A 20 Bytes [8B, 50, 08, 33, C9, 85, DB, ...] .text ntoskrnl.exe!CcGetFlushedValidData + 58 804F136F 99 Bytes [3B, CA, 0F, 86, 8A, CE, FF, ...] .text ... .text ntoskrnl.exe!FsRtlGetNextLargeMcbEntry + 7 804F1452 18 Bytes CALL 804E2A92 \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) .text ntoskrnl.exe!FsRtlGetNextLargeMcbEntry + 1A 804F1465 3 Bytes [83, 65, FC] .text ntoskrnl.exe!FsRtlGetNextLargeMcbEntry + 1E 804F1469 9 Bytes [8B, 55, 0C, 3B, 56, 08, 0F, ...] .text ntoskrnl.exe!FsRtlGetNextLargeMcbEntry + 2A 804F1475 5 Bytes [85, D2, 0F, 84, 7D] .text ntoskrnl.exe!FsRtlGetNextLargeMcbEntry + 32 804F147D 80 Bytes [8B, 46, 10, 8B, 7C, D0, F8, ...] .text ... .text ntoskrnl.exe! + 16 804F1BB7 6 Bytes [56, 57, 64, A1, 24, 01] .text ntoskrnl.exe! + 1E 804F1BBF 7 Bytes [8B, F0, FF, 15, 68, 76, 4D] .text ntoskrnl.exe! + 26 804F1BC7 4 Bytes [80, BE, 65, 01] .text ntoskrnl.exe! + 2D 804F1BCE 6 Bytes [88, 45, FF, 0F, 84, 80] .text ntoskrnl.exe! + 36 804F1BD7 3 Bytes [80, 7E, 48] .text ... .text ntoskrnl.exe!CcInitializeCacheMap + 33 804F4D81 6 Bytes [8B, 5D, 08, 80, 7B, 27] .text ntoskrnl.exe!CcInitializeCacheMap + 3A 804F4D88 4 Bytes [0F, 84, 32, 03] .text ntoskrnl.exe!CcInitializeCacheMap + 40 804F4D8E 6 Bytes [81, 45, D4, FF, FF, 0F] .text ntoskrnl.exe!CcInitializeCacheMap + 47 804F4D95 6 Bytes [11, 45, D8, 81, 65, D4] .text ntoskrnl.exe!CcInitializeCacheMap + 4F 804F4D9D 11 Bytes [F0, FF, 8B, 4B, 14, 39, 41, ...] .text ... .text ntoskrnl.exe!CcSetReadAheadGranularity + 16 804F50A8 7 Bytes [FF, FF, FF, FF, 78, 24, 5E] .text ntoskrnl.exe!CcSetReadAheadGranularity + 1E 804F50B0 3 Bytes [8A, 24, 5E] {MOV AH, [ESI+EBX*2]} .text ntoskrnl.exe!CcSetReadAheadGranularity + 22 804F50B4 7 Bytes [FF, FF, FF, FF, 03, 25, 5E] .text ntoskrnl.exe!CcSetReadAheadGranularity + 2A 804F50BC 3 Bytes [15, 25, 5E] .text ntoskrnl.exe!CcSetReadAheadGranularity + 2E 804F50C0 6 Bytes [81, 45, D4, FF, FF, 03] .text ... .text ntoskrnl.exe!CcUninitializeCacheMap + 14 804F5212 39 Bytes [8B, 7D, 08, 8B, 57, 18, 85, ...] .text ntoskrnl.exe!CcUninitializeCacheMap + 3E 804F523C 13 Bytes [3B, D0, 75, 06, 66, 21, 1A, ...] .text ntoskrnl.exe!CcUninitializeCacheMap + 4C 804F524A 6 Bytes [85, F6, 0F, 84, 99, 22] .text ntoskrnl.exe!CcUninitializeCacheMap + 54 804F5252 9 Bytes [8B, 4D, 0C, 85, C9, 0F, 85, ...] .text ntoskrnl.exe!CcUninitializeCacheMap + 5F 804F525D 3 Bytes [83, 7E, 04] .text ... .text ntoskrnl.exe! + 16 804F53D3 27 Bytes [33, C0, EB, F8, 90, 90, 90, ...] .text ntoskrnl.exe! + 33 804F53F0 10 Bytes [8B, 42, 10, 85, C0, 0F, 85, ...] .text ntoskrnl.exe! + 3E 804F53FB 7 Bytes [39, 42, 14, 0F, 84, 11, 87] .text ntoskrnl.exe! + 47 804F5404 7 Bytes [85, C0, 0F, 85, 53, 5D, 02] .text ntoskrnl.exe! + 4F 804F540C 10 Bytes [8B, 42, 14, 85, C0, 0F, 84, ...] .text ... .text ntoskrnl.exe!FsRtlFastUnlockAll + A 804F5474 1 Byte [6A] .text ntoskrnl.exe!FsRtlFastUnlockAll + A 804F5474 19 Bytes [6A, 00, FF, 75, 10, FF, 75, ...] .text ntoskrnl.exe!FsRtlFastUnlockAll + 1E 804F5488 6 Bytes [8B, 45, 0C, 83, 60, 48] .text ntoskrnl.exe!FsRtlFastUnlockAll + 25 804F548F 6 Bytes [56, FF, 15, 68, 76, 4D] .text ntoskrnl.exe!FsRtlFastUnlockAll + 2C 804F5496 26 Bytes [88, 45, F8, 8B, 47, 10, 85, ...] .text ... .text ntoskrnl.exe! + 13 804F5538 9 Bytes [8B, 01, 39, 48, 08, 0F, 84, ...] .text ntoskrnl.exe! + 1E 804F5543 18 Bytes [8B, D0, 8B, 42, 04, 2B, C1, ...] .text ntoskrnl.exe! + 31 804F5556 32 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text ntoskrnl.exe! + 52 804F5577 4 Bytes [5F, C9, C2, 0C] .text ntoskrnl.exe! + 57 804F557C 23 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text ... .text ntoskrnl.exe!FsRtlLookupPerStreamContextInternal + 14 804F6116 12 Bytes [8B, 55, 10, 33, FF, 85, D2, ...] .text ntoskrnl.exe!FsRtlLookupPerStreamContextInternal + 21 804F6123 24 Bytes [8B, 55, 0C, 85, D2, 74, 26, ...] .text ntoskrnl.exe!FsRtlLookupPerStreamContextInternal + 3A 804F613C 10 Bytes [8B, F8, 8B, 4E, 28, FF, 15, ...] .text ntoskrnl.exe!FsRtlLookupPerStreamContextInternal + 45 804F6147 8 Bytes [8B, C7, 5F, 5E, 5B, 5D, C2, ...] .text ntoskrnl.exe!FsRtlLookupPerStreamContextInternal + 4E 804F6150 13 Bytes [8D, 46, 2C, 8B, 08, 3B, C8, ...] .text ... .text ntoskrnl.exe! + 14 804F66C5 30 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text ntoskrnl.exe!CcCanIWrite + 1C 804F66E6 11 Bytes CALL 804F66B0 \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) .text ntoskrnl.exe!CcCanIWrite + 28 804F66F2 1 Byte [02] .text ntoskrnl.exe!CcCanIWrite + 28 804F66F2 3 Bytes [02, 00, B8] .text ntoskrnl.exe!CcCanIWrite + 2D 804F66F7 1 Byte [04] .text ntoskrnl.exe!CcCanIWrite + 2D 804F66F7 8 Bytes [04, 00, 39, 45, 0C, C6, 45, ...] .text ... .text ntoskrnl.exe!CcCopyWrite + 7 804F6781 17 Bytes CALL 804E2A92 \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) .text ntoskrnl.exe!CcCopyWrite + 19 804F6793 50 Bytes [8B, 43, 14, 8B, 78, 04, 89, ...] .text ntoskrnl.exe!CcCopyWrite + 4D 804F67C7 8 Bytes [39, 47, 4C, 0F, 85, 76, 2A, ...] .text ntoskrnl.exe!CcCopyWrite + 56 804F67D0 4 Bytes [C7, 45, E0, 02] .text ntoskrnl.exe!CcCopyWrite + 5D 804F67D7 6 Bytes [8B, 4D, B8, B8, FF, 0F] .text ... .text ntoskrnl.exe!FsRtlCheckLockForReadAccess 804FDAF1 5 Bytes JMP B07B8FEC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) .text ntoskrnl.exe!FsRtlGetNextFileLock + 41D 80507E00 13 Bytes [F6, 5F, 83, 7D, 0C, 01, 75, ...] .text ntoskrnl.exe!FsRtlGetNextFileLock + 42B 80507E0E 5 Bytes [0F, 84, F3, 67, 01] .text ntoskrnl.exe!FsRtlGetNextFileLock + 431 80507E14 9 Bytes [F6, 43, 08, 01, 0F, 85, FC, ...] .text ntoskrnl.exe!FsRtlGetNextFileLock + 43B 80507E1E 6 Bytes [8B, 4D, F4, 81, C1, CC] .text ntoskrnl.exe!FsRtlGetNextFileLock + 444 80507E27 5 Bytes [FF, 15, 64, 76, 4D] .text ... .text ntoskrnl.exe! + E 80508DA2 7 Bytes [8B, CF, FF, 15, 9C, 75, 4D] .text ntoskrnl.exe! + 16 80508DAA 14 Bytes [8B, 5D, 0C, 8B, 73, 60, 8B, ...] .text ntoskrnl.exe! + 27 80508DBB 21 Bytes [83, EE, 24, 89, 4E, 14, F6, ...] .text ntoskrnl.exe! + 3D 80508DD1 44 Bytes [8A, 4E, 01, 80, F9, 02, 75, ...] .text ntoskrnl.exe! + 6B 80508DFF 3 Bytes [83, 7E, 08] .text ... .text ntoskrnl.exe!ExInitializeNPagedLookasideList + 2C 8050B4C5 4 Bytes [66, C7, 40, 0A] .text ntoskrnl.exe!ExInitializeNPagedLookasideList + 31 8050B4CA 21 Bytes [01, 89, 48, 0C, 89, 48, 10, ...] .text ntoskrnl.exe!ExInitializeNPagedLookasideList + 47 8050B4E0 13 Bytes [8B, 55, 10, 3B, D1, 75, 28, ...] .text ntoskrnl.exe!ExInitializeNPagedLookasideList + 55 8050B4EE 10 Bytes [89, 48, 38, 89, 48, 3C, 68, ...] .text ntoskrnl.exe!ExInitializeNPagedLookasideList + 60 8050B4F9 7 Bytes [8D, 50, 30, B9, 70, 1F, 56] .text ... .text ntoskrnl.exe! + 26 8050B653 28 Bytes CALL 69312BE1 .text ntoskrnl.exe! + 43 8050B670 4 Bytes [8B, 45, E0, C6] .text ntoskrnl.exe! + 49 8050B676 13 Bytes [8B, C7, 5F, 5E, C9, C3, 80, ...] .text ntoskrnl.exe! + 58 8050B685 7 Bytes [80, FB, 68, 0F, 84, 22, 21] .text ntoskrnl.exe! + 61 8050B68E 5 Bytes [80, FB, 6C, 0F, 84] .text ... .text ntoskrnl.exe!DbgLoadImageSymbols + 3C 8050B8DD 3 Bytes [83, 65, FC] .text ntoskrnl.exe!DbgLoadImageSymbols + 40 8050B8E1 3 Bytes [83, 65, F8] .text ntoskrnl.exe!DbgLoadImageSymbols + 44 8050B8E5 66 Bytes [EB, E4, 90, 90, 90, 90, 90, ...] .text ntoskrnl.exe! + 3C 8050B928 3 Bytes [6F, 09, 5F] .text ntoskrnl.exe! + 40 8050B92C 18 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text ntoskrnl.exe! + 53 8050B93F 2 Bytes [57, E8] .text ntoskrnl.exe! + 56 8050B942 8 Bytes [82, FD, FF, FF, 15, 68, 76, ...] .text ntoskrnl.exe! + 5F 8050B94B 8 Bytes [83, 7D, 0C, 01, 0F, 85, 5C, ...] .text ... .text ntoskrnl.exe!ExInitializeZone + 5A 8050C80F 2 Bytes [B8, 0D] .text ntoskrnl.exe!ExInitializeZone + 5E 8050C813 12 Bytes [C0, EB, F4, 90, 90, FF, FF, ...] .text ntoskrnl.exe!ExInitializeZone + 6B 8050C820 3 Bytes [20, F2, 60] {AND DL, DH; PUSHA } .text ntoskrnl.exe!ExInitializeZone + 6F 8050C824 22 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text ntoskrnl.exe!ExInitializeZone + 86 8050C83B 9 Bytes [8B, 46, 14, 85, C0, 0F, 84, ...] .text ... .text ntoskrnl.exe! + E 8050CC5A 3 Bytes [5D, C2, 04] .text ntoskrnl.exe! + 12 8050CC5E 9 Bytes [90, 90, FF, FF, FF, FF, 3D, ...] .text ntoskrnl.exe! + 1C 8050CC68 3 Bytes [52, 29, 5F] .text ntoskrnl.exe! + 20 8050CC6C 7 Bytes [FF, FF, FF, FF, E2, 28, 5F] .text ntoskrnl.exe! + 28 8050CC74 3 Bytes [F5, 28, 5F] .text ... .text ntoskrnl.exe!ExIsProcessorFeaturePresent + 17 8050F35D 14 Bytes [32, C0, EB, F8, FF, 47, 10, ...] .text ntoskrnl.exe!ExIsProcessorFeaturePresent + 27 8050F36D 43 Bytes [FF, 47, 0C, 8B, CF, E8, 78, ...] .text ntoskrnl.exe!ExIsProcessorFeaturePresent + 54 8050F39A 21 Bytes JMP 80505F7F \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) .text ntoskrnl.exe!ExIsProcessorFeaturePresent + 6A 8050F3B0 8 Bytes [57, 8B, CE, FF, 15, 9C, 75, ...] .text ntoskrnl.exe!ExIsProcessorFeaturePresent + 73 8050F3B9 5 Bytes [8B, 0D, 5C, 06, 56] .text ... .text ntoskrnl.exe! + 12 8050F502 37 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text ntoskrnl.exe! + 38 8050F528 6 Bytes [84, C0, 0F, 84, 2D, 0A] .text ntoskrnl.exe! + 40 8050F530 5 Bytes [57, E8, 78, 94, 0B] .text ntoskrnl.exe! + 46 8050F536 7 Bytes [5F, 8B, C6, 5E, 5D, C2, 0C] .text ntoskrnl.exe! + 4E 8050F53E 16 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text ... .text ntoskrnl.exe!ExRegisterCallback + 1A 8050F5F8 4 Bytes CALL 8054B044 \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) .text ntoskrnl.exe!ExRegisterCallback + 1F 8050F5FD 9 Bytes [8B, F0, 85, F6, 0F, 84, 71, ...] .text ntoskrnl.exe!ExRegisterCallback + 29 8050F607 6 Bytes [8B, 45, 0C, 83, 66, 14] .text ntoskrnl.exe!ExRegisterCallback + 30 8050F60E 21 Bytes [53, 89, 46, 0C, 8B, 45, 10, ...] .text ntoskrnl.exe!ExRegisterCallback + 46 8050F624 3 Bytes [C6, 45, 0B] .text ... .text ntoskrnl.exe! + 21 8050F6CF 10 Bytes [66, C7, 46, 02, E4, 01, 0F, ...] .text ntoskrnl.exe! + 2D 8050F6DB 57 Bytes [89, 46, 1C, 8B, 45, 18, 83, ...] .text ntoskrnl.exe! + 67 8050F715 22 Bytes [88, 46, 2A, 8B, C2, 8B, F9, ...] .text ntoskrnl.exe! + 7E 8050F72C 9 Bytes [7C, EE, 2B, C1, 89, B0, 96, ...] .text ntoskrnl.exe! + 88 8050F736 4 Bytes [5F, C6, 46, 2B] .text ... .text ntoskrnl.exe!ExAllocatePool + 15 8050FD7B 3 Bytes [5D, C2, 08] .text ntoskrnl.exe!ExAllocatePool + 19 8050FD7F 6 Bytes [83, A5, C4, FD, FF, FF] .text ntoskrnl.exe!ExAllocatePool + 20 8050FD86 19 Bytes JMP 8050AA43 \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) .text ntoskrnl.exe! + A 8050FD9A 7 Bytes [85, C0, 0F, 85, 84, 83, 01] .text ntoskrnl.exe! + 12 8050FDA2 11 Bytes [8B, 45, 08, 83, F8, 01, 0F, ...] .text ntoskrnl.exe! + 1E 8050FDAE 8 Bytes [83, F8, 10, 57, 0F, 84, 52, ...] .text ntoskrnl.exe! + 28 8050FDB8 7 Bytes [83, F8, 0C, 0F, 84, 49, 54] .text ntoskrnl.exe! + 31 8050FDC1 7 Bytes [83, F8, 0D, 0F, 84, 40, 54] .text ... .text ntoskrnl.exe!ExVerifySuite + 1D 8051042B 6 Bytes [0F, 95, C0, 5D, C2, 04] .text ntoskrnl.exe!ExVerifySuite + 24 80510432 5 Bytes [83, 3D, B8, 1E, 56] .text ntoskrnl.exe!ExVerifySuite + 2B 80510439 18 Bytes [75, E5, 32, C0, EB, EF, 90, ...] .text ntoskrnl.exe!ExVerifySuite + 3E 8051044C 29 Bytes [2B, E2, 09, 2F, 90, 90, 90, ...] .text ntoskrnl.exe! + 15 8051046A 4 Bytes [3B, C3, 0F, 84] .text ntoskrnl.exe! + 1A 8051046F 1 Byte [C1] .text ntoskrnl.exe! + 1D 80510472 41 Bytes [8B, 4D, 08, 89, 08, 8B, 4D, ...] .text ntoskrnl.exe! + 47 8051049C 5 Bytes [88, 18, 74, 03, C6] .text ntoskrnl.exe! + 4D 805104A2 23 Bytes [40, 38, 5D, 1C, 74, 03, 80, ...] .text ... .text ntoskrnl.exe!CcDeferWrite + 15 8052AD03 47 Bytes [3B, C3, 75, 0B, FF, 75, 14, ...] .text ntoskrnl.exe!CcDeferWrite + 45 8052AD33 7 Bytes [FC, 02, 66, C7, 40, 02, 28] {CLD ; ADD AH, [ESI-0x39]; INC EAX; ADD CH, [EAX]} .text ntoskrnl.exe!CcDeferWrite + 4D 8052AD3B 25 Bytes [89, 58, 14, 8B, 49, 0C, 8A, ...] .text ntoskrnl.exe!CcDeferWrite + 67 8052AD55 7 Bytes [8D, 50, 0C, 68, FC, 18, 55] .text ntoskrnl.exe!CcDeferWrite + 6F 8052AD5D 24 Bytes CALL 804E34B1 \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) .text ... .text ntoskrnl.exe!CcRepinBcb + 15 8052ADF6 8 Bytes [8D, 55, F4, FF, 15, 58, 76, ...] .text ntoskrnl.exe!CcRepinBcb + 1E 8052ADFF 11 Bytes [FF, 46, 34, 8D, 4D, F4, FF, ...] .text ntoskrnl.exe!CcRepinBcb + 2A 8052AE0B 4 Bytes [5E, C9, C2, 04] .text ntoskrnl.exe!CcRepinBcb + 2F 8052AE10 45 Bytes [CC, CC, CC, CC, CC, CC, CC, ...] .text ntoskrnl.exe!CcRepinBcb + 5F 8052AE40 5 Bytes [3B, C3, C6, 45, FF] .text ... .text ntoskrnl.exe!CcUnpinRepinnedBcb + 1E 8052AFAA 73 Bytes [F6, 40, 6D, 02, 74, 0B, 6A, ...] .text ntoskrnl.exe!CcUnpinRepinnedBcb + 69 8052AFF5 6 Bytes [80, 74, 10, 81, FF, 54] {XOR BYTE [EAX+EDX-0x7f], 0xff; PUSH ESP} .text ntoskrnl.exe!CcUnpinRepinnedBcb + 71 8052AFFD 33 Bytes [C0, 74, 08, 81, FF, 33, 33, ...] .text ntoskrnl.exe!CcUnpinRepinnedBcb + 93 8052B01F 3 Bytes [D0, 6C, 55] .text ntoskrnl.exe!CcUnpinRepinnedBcb + 97 8052B023 39 Bytes CALL 80517F7E \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) .text ... .text ntoskrnl.exe!CcIsThereDirtyData + A 8052B089 8 Bytes [53, 56, 57, 8B, 3D, 68, 76, ...] .text ntoskrnl.exe!CcIsThereDirtyData + 13 8052B092 7 Bytes [FF, D7, 8B, 35, 40, 6D, 55] .text ntoskrnl.exe!CcIsThereDirtyData + 1B 8052B09A 25 Bytes [83, C6, 9C, EB, 51, F6, 46, ...] .text ntoskrnl.exe!CcIsThereDirtyData + 35 8052B0B4 40 Bytes [74, 06, F6, 42, 2D, 80, 74, ...] .text ntoskrnl.exe!CcIsThereDirtyData + 5E 8052B0DD 3 Bytes [83, 65, FC] .text ... .text ntoskrnl.exe!CcGetLsnForFileObject + 2A 8052B146 4 Bytes [57, 8D, 8E, B8] .text ntoskrnl.exe!CcGetLsnForFileObject + 31 8052B14D 8 Bytes [8D, 55, E4, FF, 15, 58, 76, ...] .text ntoskrnl.exe!CcGetLsnForFileObject + 3A 8052B156 26 Bytes [8D, 7E, 10, 8B, 07, 83, E8, ...] .text ntoskrnl.exe!CcGetLsnForFileObject + 55 8052B171 97 Bytes [74, 4A, 8B, 70, 20, 8B, 50, ...] .text ntoskrnl.exe!CcGetLsnForFileObject + B7 8052B1D3 29 Bytes [8B, 45, 0C, 85, C0, 5F, 74, ...] .text ... .text ntoskrnl.exe!CcSetDirtyPageThreshold + 1B 8052B27A 18 Bytes [8B, 48, 0C, F6, 41, 04, 04, ...] .text ntoskrnl.exe!CcSetDirtyPageThreshold + 2E 8052B28D 27 Bytes [90, 90, 90, CC, CC, CC, CC, ...] .text ntoskrnl.exe!CcGetFileObjectFromSectionPtrs + E 8052B2A9 20 Bytes [8B, 4D, 08, 8B, 51, 04, 85, ...] .text ntoskrnl.exe!CcGetFileObjectFromSectionPtrs + 23 8052B2BE 6 Bytes [8B, C6, 5E, 5D, C2, 04] .text ntoskrnl.exe!CcGetFileObjectFromSectionPtrs + 2A 8052B2C5 31 Bytes [90, 90, 90, CC, CC, CC, CC, ...] .text ntoskrnl.exe!CcGetFileObjectFromBcb + 12 8052B2E5 69 Bytes [90, 90, 90, CC, CC, CC, CC, ...] .text ntoskrnl.exe!CcGetFileObjectFromBcb + 58 8052B32B 30 Bytes [53, 8B, 5D, 08, 8B, 43, 14, ...] .text ntoskrnl.exe!CcGetFileObjectFromBcb + 77 8052B34A 15 Bytes [89, 4D, F0, 89, 45, F4, 74, ...] .text ntoskrnl.exe!CcGetFileObjectFromBcb + 87 8052B35A 77 Bytes [8B, 06, 89, 45, 08, 74, 06, ...] .text ntoskrnl.exe!CcGetFileObjectFromBcb + D5 8052B3A8 7 Bytes [85, F6, 75, AA, 80, 7D, FF] .text ... .text ntoskrnl.exe!CcMdlWriteAbort + 1D 8052B463 9 Bytes [74, 04, C6, 45, FF, 01, 80, ...] .text ntoskrnl.exe!CcMdlWriteAbort + 27 8052B46D 32 Bytes [8B, 1F, 74, 06, 57, E8, 63, ...] .text ntoskrnl.exe!CcMdlWriteAbort + 48 8052B48E 36 Bytes [FF, 4E, 04, 8A, D8, 75, 44, ...] .text ntoskrnl.exe!CcMdlWriteAbort + 6D 8052B4B3 1 Byte [C7] .text ntoskrnl.exe!CcMdlWriteAbort + 6D 8052B4B3 5 Bytes [C7, 00, 40, 6D, 55] .text ... .text ntoskrnl.exe!CcPrepareMdlWrite + 7 8052B4FA 94 Bytes CALL 804E2A92 \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) .text ntoskrnl.exe!CcPrepareMdlWrite + 66 8052B559 3 Bytes [83, 7D, 10] .text ntoskrnl.exe!CcPrepareMdlWrite + 6A 8052B55D 4 Bytes [0F, 84, AC, 01] .text ntoskrnl.exe!CcPrepareMdlWrite + 70 8052B563 57 Bytes [8D, 4D, E0, 51, 8D, 4D, E4, ...] .text ntoskrnl.exe!CcPrepareMdlWrite + AC 8052B59F 3 Bytes [B8, FF, 0F] .text ... .text ntoskrnl.exe!CcWaitForCurrentLazyWriterActivity + 19 8052B834 23 Bytes [FF, 47, 0C, 8B, CF, E8, B1, ...] .text ntoskrnl.exe!CcWaitForCurrentLazyWriterActivity + 32 8052B84D 39 Bytes [FF, 47, 0C, 8B, CF, E8, 98, ...] .text ntoskrnl.exe!CcWaitForCurrentLazyWriterActivity + 5B 8052B876 10 Bytes [C0, EB, 6B, C6, 46, 0C, 04, ...] .text ntoskrnl.exe!CcWaitForCurrentLazyWriterActivity + 66 8052B881 15 Bytes [8D, 45, F8, 89, 45, FC, 89, ...] .text ntoskrnl.exe!CcWaitForCurrentLazyWriterActivity + 76 8052B891 12 Bytes [C6, 45, F2, 04, 89, 46, 08, ...] .text ... .text ntoskrnl.exe!FsRtlMdlReadCompleteDev + 10 8052BB28 5 Bytes [B0, 01, 5D, C2, 0C] .text ntoskrnl.exe!FsRtlMdlReadCompleteDev + 16 8052BB2E 31 Bytes [CC, CC, CC, CC, CC, CC, CC, ...] .text ntoskrnl.exe!FsRtlIncrementCcFastReadNoWait + 6 8052BB4E 16 Bytes [C3, CC, CC, CC, CC, CC, 90, ...] .text ntoskrnl.exe!FsRtlIncrementCcFastReadResourceMiss + 6 8052BB5F 88 Bytes [C3, CC, CC, CC, CC, CC, 90, ...] .text ntoskrnl.exe!FsRtlMdlReadComplete + 4E 8052BBB8 21 Bytes [74, 04, 32, C0, EB, 0A, 56, ...] .text ntoskrnl.exe!FsRtlMdlReadComplete + 64 8052BBCE 35 Bytes [CC, CC, CC, CC, CC, CC, CC, ...] .text ntoskrnl.exe!FsRtlLookupLastLargeMcbEntryAndIndex + 7 8052BBF2 18 Bytes CALL 804E2A92 \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) .text ntoskrnl.exe!FsRtlLookupLastLargeMcbEntryAndIndex + 1A 8052BC05 101 Bytes [33, D2, 89, 55, FC, 8B, 46, ...] .text ntoskrnl.exe!FsRtlLookupLastLargeMcbEntryAndIndex + 82 8052BC6D 40 Bytes [33, C9, 8B, 45, 0C, 83, 38, ...] .text ntoskrnl.exe!FsRtlLookupLastLargeMcbEntryAndIndex + AB 8052BC96 15 Bytes [90, 90, 90, 90, 90, 8B, 45, ...] .text ntoskrnl.exe!FsRtlLookupLastLargeMcbEntryAndIndex + BB 8052BCA6 6 Bytes [C3, 90, FF, FF, FF, FF] .text ... .text ntoskrnl.exe!FsRtlLookupLastMcbEntry + 38 8052BD11 105 Bytes [90, 90, 90, CC, CC, CC, CC, ...] .text ntoskrnl.exe!FsRtlGetNextMcbEntry + 47 8052BD7B 46 Bytes [CC, CC, CC, CC, CC, CC, CC, ...] .text ntoskrnl.exe! + 7 8052BDAA 18 Bytes CALL 804E2A92 \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) .text ntoskrnl.exe! + 1A 8052BDBD 3 Bytes [83, 65, FC] .text ntoskrnl.exe! + 1E 8052BDC1 23 Bytes [8D, 45, E0, 50, FF, 75, 0C, ...] .text ntoskrnl.exe! + 37 8052BDDA 21 Bytes [8B, 5D, E0, 8B, FB, C1, E7, ...] .text ntoskrnl.exe! + 4F 8052BDF2 74 Bytes [85, DB, 75, 04, 33, C9, EB, ...] .text ... .text ntoskrnl.exe!FsRtlAddMcbEntry + 1F 8052BF6E 16 Bytes [CC, CC, CC, CC, CC, 90, 90, ...] .text ntoskrnl.exe! + 7 8052BF7F 18 Bytes CALL 804E2A92 \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) .text ntoskrnl.exe! + 1A 8052BF92 3 Bytes [83, 65, FC] .text ntoskrnl.exe! + 1E 8052BF96 18 Bytes [FF, 75, 10, FF, 75, 0C, 56, ...] .text ntoskrnl.exe! + 33 8052BFAB 7 Bytes CALL 804E2AD2 \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) .text ntoskrnl.exe! + 3B 8052BFB3 15 Bytes [90, 90, 90, 90, 90, 8B, 45, ...] .text ... .text ntoskrnl.exe!FsRtlLookupMcbEntry + 11 8052BFEF 5 Bytes [8B, C6, F7, D8, 6A] .text ntoskrnl.exe!FsRtlLookupMcbEntry + 17 8052BFF5 13 Bytes [1B, C0, 8D, 4D, F0, 23, C1, ...] .text ntoskrnl.exe!FsRtlLookupMcbEntry + 25 8052C003 44 Bytes [FF, 75, 0C, FF, 75, 08, E8, ...] .text ntoskrnl.exe!FsRtlLookupMcbEntry + 52 8052C030 51 Bytes [CC, CC, CC, CC, CC, CC, CC, ...] .text ntoskrnl.exe!FsRtlLookupMcbEntry + 86 8052C064 79 Bytes [85, C0, 53, 56, 57, 74, 60, ...] .text ... .text ntoskrnl.exe!FsRtlFastUnlockAllByKey + 1F 8052C49A 30 Bytes [CC, CC, CC, CC, CC, CC, CC, ...] .text ntoskrnl.exe!FsRtlIsNtstatusExpected + C 8052C4BA 5 Bytes [80, 74, 19, 3D, 05] {XOR BYTE [ECX+EBX+0x3d], 0x5} .text ntoskrnl.exe!FsRtlIsNtstatusExpected + 13 8052C4C1 5 Bytes [C0, 74, 12, 3D, 1D] {SAL BYTE [EDX+EDX+0x3d], 0x1d} .text ntoskrnl.exe!FsRtlIsNtstatusExpected + 1A 8052C4C8 5 Bytes [C0, 74, 0B, 3D, AA] {SAL BYTE [EBX+ECX+0x3d], 0xaa} .text ntoskrnl.exe!FsRtlIsNtstatusExpected + 21 8052C4CF 12 Bytes [C0, 74, 04, B0, 01, EB, 02, ...] .text ntoskrnl.exe!FsRtlIsNtstatusExpected + 2E 8052C4DC 32 Bytes [CC, CC, CC, CC, CC, CC, 90, ...] .text ntoskrnl.exe!FsRtlAllocatePool + 16 8052C4FD 8 Bytes [8B, F0, 85, F6, 75, 0A, 68, ...] .text ntoskrnl.exe!FsRtlAllocatePool + 20 8052C507 12 Bytes CALL 804DCB99 \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) .text ntoskrnl.exe!FsRtlAllocatePool + 2D 8052C514 40 Bytes [CC, CC, CC, CC, CC, 90, 90, ...] .text ntoskrnl.exe!FsRtlAllocatePoolWithQuota + 20 8052C53E 12 Bytes CALL 804DCB99 \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) .text ntoskrnl.exe!FsRtlAllocatePoolWithQuota + 2D 8052C54B 29 Bytes [CC, CC, CC, CC, CC, 90, 90, ...] .text ntoskrnl.exe!FsRtlAllocatePoolWithTag + 14 8052C569 8 Bytes [8B, F0, 85, F6, 75, 0A, 68, ...] .text ntoskrnl.exe!FsRtlAllocatePoolWithTag + 1E 8052C573 12 Bytes CALL 804DCB99 \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) .text ntoskrnl.exe!FsRtlAllocatePoolWithTag + 2B 8052C580 38 Bytes [CC, CC, CC, CC, CC, 90, 90, ...] .text ntoskrnl.exe!FsRtlAllocatePoolWithQuotaTag + 1E 8052C5A8 12 Bytes CALL 804DCB99 \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) .text ntoskrnl.exe!FsRtlAllocatePoolWithQuotaTag + 2B 8052C5B5 41 Bytes [CC, CC, CC, CC, CC, CC, CC, ...] .text ntoskrnl.exe!FsRtlNormalizeNtstatus + 1B 8052C5DF 51 Bytes [CC, CC, CC, CC, CC, 90, 90, ...] .text ntoskrnl.exe!FsRtlNormalizeNtstatus + 52 8052C616 38 Bytes [8B, 4D, 08, 87, 01, 33, C0, ...] .text ntoskrnl.exe!FsRtlNormalizeNtstatus + 7B 8052C63F 5 Bytes [1B, C0, 25, 20, 01] .text ntoskrnl.exe!FsRtlNormalizeNtstatus + 81 8052C645 15 Bytes CALL 804E4186 \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) .text ntoskrnl.exe!FsRtlNormalizeNtstatus + 91 8052C655 20 Bytes [90, 90, 90, CC, CC, CC, CC, ...] .text ... .text ntoskrnl.exe!FsRtlLookupPerFileObjectContext + 2D 8052CD55 28 Bytes [8B, 55, 10, 3B, D7, 74, 20, ...] .text ntoskrnl.exe!FsRtlLookupPerFileObjectContext + 4A 8052CD72 30 Bytes [3B, C1, 75, ED, EB, 2A, 8B, ...] .text ntoskrnl.exe!FsRtlLookupPerFileObjectContext + 69 8052CD91 24 Bytes [3B, C1, 75, F5, EB, 0B, 8D, ...] .text ntoskrnl.exe!FsRtlLookupPerFileObjectContext + 82 8052CDAA 8 Bytes [8B, C7, 5B, 5E, 5F, 5D, C2, ...] .text ntoskrnl.exe!FsRtlLookupPerFileObjectContext + 8B 8052CDB3 27 Bytes [CC, CC, CC, CC, CC, 90, 90, ...] .text ntoskrnl.exe! + 14 8052CDD1 27 Bytes CALL 804F7C1E \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) .text ntoskrnl.exe! + 30 8052CDED 28 Bytes [8B, 55, 10, 3B, D7, 74, 20, ...] .text ntoskrnl.exe! + 4D 8052CE0A 30 Bytes [3B, C1, 75, ED, EB, 38, 8B, ...] .text ntoskrnl.exe! + 6C 8052CE29 38 Bytes [3B, C1, 75, F5, EB, 19, 8D, ...] .text ntoskrnl.exe! + 93 8052CE50 8 Bytes [8B, C7, 5B, 5E, 5F, 5D, C2, ...] .text ... .text ntoskrnl.exe!FsRtlIsPagingFile + B 8052CE70 38 Bytes [CC, CC, CC, CC, CC, CC, CC, ...] .text ntoskrnl.exe!FsRtlInsertPerFileObjectContext + 14 8052CE98 3 Bytes JMP 8052CF44 \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) .text ntoskrnl.exe!FsRtlInsertPerFileObjectContext + 1A 8052CE9E 8 Bytes [F6, 43, 2E, 80, 75, 0A, B8, ...] .text ntoskrnl.exe!FsRtlInsertPerFileObjectContext + 24 8052CEA8 3 Bytes JMP 8052CF44 \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) .text ntoskrnl.exe!FsRtlInsertPerFileObjectContext + 2A 8052CEAE 25 Bytes CALL 804F7C20 \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) .text ntoskrnl.exe!FsRtlInsertPerFileObjectContext + 44 8052CEC8 8 Bytes [8B, F0, 3B, F7, 75, 07, B8, ...] .text ... .text ntoskrnl.exe! + 7 8052D04B 17 Bytes [FF, 75, 10, FF, 75, 0C, FF, ...] .text ntoskrnl.exe! + 19 8052D05D 34 Bytes [CC, CC, CC, CC, CC, 90, 90, ...] .text ntoskrnl.exe! + 19 8052D080 38 Bytes [CC, CC, CC, CC, CC, 90, 90, ...] .text ntoskrnl.exe! + 40 8052D0A7 9 Bytes [EB, 38, 0F, B6, 48, 04, 81, ...] .text ntoskrnl.exe! + 4C 8052D0B3 21 Bytes [74, 16, 49, 74, 0C, 49, 74, ...] .text ... PAGE ntoskrnl.exe!CcPreparePinWrite + 7 8056A0CE 47 Bytes CALL 804E2A92 \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) PAGE ntoskrnl.exe!CcPreparePinWrite + 37 8056A0FE 37 Bytes [8D, 45, C4, 50, 8D, 45, DC, ...] PAGE ntoskrnl.exe!CcPreparePinWrite + 5D 8056A124 23 Bytes [8B, 55, C4, 8B, 4D, CC, 2B, ...] PAGE ntoskrnl.exe!CcPreparePinWrite + 75 8056A13C 10 Bytes [7F, 09, 3B, 55, 10, 0F, 82, ...] PAGE ntoskrnl.exe!CcPreparePinWrite + 80 8056A147 25 Bytes [8D, 45, E0, 3B, F0, 75, 08, ...] PAGE ... PAGE ntoskrnl.exe!CcSetBcbOwnerPointer + 14 8056A1A3 16 Bytes [FF, 75, 0C, 83, C0, 38, 50, ...] PAGE ntoskrnl.exe!CcSetBcbOwnerPointer + 25 8056A1B4 10 Bytes [90, 90, 90, 90, 90, C7, 05, ...] PAGE ntoskrnl.exe!CcSetBcbOwnerPointer + 30 8056A1BF 3 Bytes [54, 6C, 55] {PUSH ESP; INSB ; PUSH EBP} PAGE ntoskrnl.exe!CcSetBcbOwnerPointer + 34 8056A1C3 8 Bytes [38, 5D, E7, 0F, 84, 9E, 88, ...] PAGE ntoskrnl.exe!CcSetBcbOwnerPointer + 3D 8056A1CC 23 Bytes [C3, 90, 90, 90, 90, 90, 8B, ...] PAGE ntoskrnl.exe!CcUnpinDataForThread + 12 8056A1E4 10 Bytes [66, 81, 3B, FA, 02, 0F, 84, ...] PAGE ntoskrnl.exe!CcUnpinDataForThread + 1D 8056A1EF 17 Bytes [FF, 75, 0C, 8D, 43, 38, 50, ...] PAGE ntoskrnl.exe!CcUnpinDataForThread + 2F 8056A201 9 Bytes CALL 804ED6AB \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) PAGE ntoskrnl.exe!CcUnpinDataForThread + 39 8056A20B 11 Bytes [90, 90, 90, 90, 90, 6A, 78, ...] PAGE ntoskrnl.exe!CcUnpinDataForThread + 45 8056A217 14 Bytes CALL 804E2A92 \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) PAGE ... PAGE ntoskrnl.exe!ExAcquireRundownProtection + 1A 8056A7C9 25 Bytes [8D, 43, 02, 89, 45, F8, 8B, ...] PAGE ntoskrnl.exe!ExAcquireRundownProtection + 34 8056A7E3 35 Bytes [B0, 01, 5B, C9, C3, 90, 90, ...] PAGE ntoskrnl.exe!ExReleaseRundownProtection + 1A 8056A807 25 Bytes [8D, 43, FE, 89, 45, F8, 8B, ...] PAGE ntoskrnl.exe!ExReleaseRundownProtection + 34 8056A821 92 Bytes [5B, C9, C3, 90, 90, 90, 90, ...] PAGE ntoskrnl.exe!ExReleaseRundownProtection + 91 8056A87E 6 Bytes [8B, CA, E8, 7B, EB, 10] PAGE ntoskrnl.exe!ExReleaseRundownProtection + 98 8056A885 7 Bytes [85, C0, 0F, 85, 83, 9B, 09] PAGE ntoskrnl.exe!ExReleaseRundownProtection + A0 8056A88D 5 Bytes [8B, 0D, A0, 15, 55] PAGE ... PAGE ntoskrnl.exe! + 16 8056A918 16 Bytes [8B, 45, 10, 8B, 4D, 08, 8B, ...] PAGE ntoskrnl.exe! + 27 8056A929 8 Bytes [6A, 01, 56, FF, 15, 14, CF, ...] PAGE ntoskrnl.exe! + 30 8056A932 4 Bytes JMP 8057E324 \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) PAGE ntoskrnl.exe! + 35 8056A937 4 Bytes [A1, 38, CF, 68] PAGE ntoskrnl.exe! + 3A 8056A93C 7 Bytes [3B, C3, 0F, 84, 90, 3A, 01] PAGE ... PAGE ntoskrnl.exe!CcMapData + 7 8056B633 13 Bytes CALL 804E2A92 \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) PAGE ntoskrnl.exe!CcMapData + 16 8056B642 8 Bytes [8B, 55, 10, 8D, BC, 10, FF, ...] PAGE ntoskrnl.exe!CcMapData + 20 8056B64C 7 Bytes [C1, EF, 0C, 64, A1, 24, 01] PAGE ntoskrnl.exe!CcMapData + 29 8056B655 9 Bytes [8B, F0, 89, 75, D0, 8B, 86, ...] PAGE ntoskrnl.exe!CcMapData + 34 8056B660 5 Bytes [0F, B6, 9E, 54, 02] PAGE ... PAGE ntoskrnl.exe!CcUnpinData + 13 8056B6E7 6 Bytes [8B, CB, 83, E1, FE, 6A] PAGE ntoskrnl.exe!CcUnpinData + 1A 8056B6EE 9 Bytes CALL 804ED6AB \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) PAGE ntoskrnl.exe!CcUnpinData + 24 8056B6F8 6 Bytes [83, 4D, FC, FF, E8, 56] PAGE ntoskrnl.exe!CcUnpinData + 2D 8056B701 5 Bytes [C7, 05, A8, C4, 54] PAGE ntoskrnl.exe!CcUnpinData + 33 8056B707 3 Bytes [54, 6C, 55] {PUSH ESP; INSB ; PUSH EBP} PAGE ... PAGE ntoskrnl.exe! + 17 8056B814 23 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGE ntoskrnl.exe! + 31 8056B82E 22 Bytes [F7, D9, 56, 8B, 75, 08, C1, ...] PAGE ntoskrnl.exe! + 48 8056B845 14 Bytes [8B, 52, 5C, 8B, C8, C1, E8, ...] PAGE ntoskrnl.exe! + 58 8056B855 4 Bytes [81, E1, FF, 03] PAGE ntoskrnl.exe! + 5E 8056B85B 9 Bytes [C1, E0, 04, 03, 04, 8A, 5D, ...] PAGE ... PAGE ntoskrnl.exe!FsRtlAreNamesEqual + 28 8057120D 5 Bytes [0F, 84, 65, 1D, 07] PAGE ntoskrnl.exe!FsRtlAreNamesEqual + 2E 80571213 10 Bytes [8B, 5D, 14, 85, DB, 0F, 84, ...] PAGE ntoskrnl.exe!FsRtlAreNamesEqual + 39 8057121E 3 Bytes [80, 7D, 10] PAGE ntoskrnl.exe!FsRtlAreNamesEqual + 3D 80571222 5 Bytes [0F, 84, 50, 1D, 07] PAGE ntoskrnl.exe!FsRtlAreNamesEqual + 43 80571228 3 Bytes [83, 65, 10] PAGE ... PAGE ntoskrnl.exe!FsRtlCurrentBatchOplock + 14 80571279 3 Bytes [5D, C2, 04] PAGE ntoskrnl.exe!FsRtlCurrentBatchOplock + 18 8057127D 3 Bytes [66, 3D, F8] PAGE ntoskrnl.exe!FsRtlCurrentBatchOplock + 1C 80571281 4 Bytes [0F, 83, F0, 57] PAGE ntoskrnl.exe!FsRtlCurrentBatchOplock + 22 80571287 2 Bytes [B8, F8] PAGE ntoskrnl.exe!FsRtlCurrentBatchOplock + 27 8057128C 8 Bytes JMP 80570F1B \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) PAGE ... PAGE ntoskrnl.exe! + 15 8057150C 8 Bytes [F6, C3, 01, 0F, 85, 7C, 34, ...] PAGE ntoskrnl.exe! + 1E 80571515 55 Bytes [56, 56, FF, 75, 3C, FF, 75, ...] PAGE ntoskrnl.exe! + 57 8057154E 5 Bytes [5E, 5B, C9, C2, 38] PAGE ntoskrnl.exe! + 5D 80571554 25 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGE ntoskrnl.exe! + 77 8057156E 16 Bytes [0F, B6, C8, 8B, C3, 2B, C1, ...] PAGE ... PAGE ntoskrnl.exe!FsRtlIncrementCcFastReadWait + 6 80571CF7 11 Bytes [C3, 33, F6, 39, 75, 94, 0F, ...] PAGE ntoskrnl.exe!FsRtlIncrementCcFastReadWait + 12 80571D03 3 Bytes [83, 63, 60] PAGE ntoskrnl.exe!FsRtlIncrementCcFastReadWait + 16 80571D07 27 Bytes [6A, 01, 8B, 45, D8, 0F, BE, ...] PAGE ntoskrnl.exe!FsRtlIncrementCcFastReadWait + 32 80571D23 83 Bytes [89, 5E, 64, 8B, 45, A8, 89, ...] PAGE ntoskrnl.exe!FsRtlIncrementCcFastReadWait + 86 80571D77 10 Bytes [89, 4E, 08, A8, 10, 0F, 85, ...] PAGE ... PAGE ntoskrnl.exe! + 35 80572018 44 Bytes [8B, 45, 0C, 8A, D0, 80, E2, ...] PAGE ntoskrnl.exe! + 62 80572045 16 Bytes [84, DB, 8B, 45, 14, 8B, 30, ...] PAGE ntoskrnl.exe! + 74 80572057 3 Bytes [80, 7D, 0B] PAGE ntoskrnl.exe! + 78 8057205B 4 Bytes [0F, 85, C2, 79] PAGE ntoskrnl.exe! + 7E 80572061 3 Bytes [80, 7D, 13] PAGE ... PAGE ntoskrnl.exe!FsRtlDoesNameContainWildCards + 3A 80572165 21 Bytes [0F, B7, D2, 0F, B6, 14, 32, ...] PAGE ntoskrnl.exe!FsRtlDoesNameContainWildCards + 50 8057217B 31 Bytes [32, C0, EB, F7, 83, C0, FE, ...] PAGE ntoskrnl.exe!FsRtlDoesNameContainWildCards + 70 8057219B 10 Bytes [8B, 45, 18, 3B, C2, 0F, 85, ...] PAGE ntoskrnl.exe!FsRtlDoesNameContainWildCards + 7B 805721A6 35 Bytes [89, 55, B4, 89, 55, B8, 8B, ...] PAGE ntoskrnl.exe!FsRtlDoesNameContainWildCards + 9F 805721CA 15 Bytes CALL 8054B044 \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) PAGE ... PAGE ntoskrnl.exe! + 17 80572425 8 Bytes [33, C0, AB, AB, 5F, 5D, C2, ...] PAGE ntoskrnl.exe! + 20 8057242E 12 Bytes CALL 804F1B9D \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) PAGE ntoskrnl.exe! + 2E 8057243C 14 Bytes [8D, 45, E0, 50, 57, E8, 1D, ...] PAGE ntoskrnl.exe! + 3F 8057244D 3 Bytes JMP 80573B87 \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) PAGE ntoskrnl.exe! + 44 80572452 91 Bytes [8B, 40, 04, 89, 45, D8, E9, ...] PAGE ... PAGE ntoskrnl.exe!FsRtlAcquireFileExclusive + 7 80572CFF 1 Byte [6A] PAGE ntoskrnl.exe!FsRtlAcquireFileExclusive + 7 80572CFF 13 Bytes [6A, 00, FF, 75, 08, E8, 4C, ...] PAGE ntoskrnl.exe!FsRtlAcquireFileExclusive + 15 80572D0D 11 Bytes [90, 90, 90, 90, 90, 6A, 78, ...] PAGE ntoskrnl.exe! + 7 80572D19 14 Bytes CALL 804E2A92 \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) PAGE ntoskrnl.exe! + 17 80572D29 7 Bytes [89, 45, A4, 8A, 80, 40, 01] PAGE ntoskrnl.exe! + 20 80572D32 12 Bytes [88, 45, CC, 8B, 75, 18, 84, ...] PAGE ntoskrnl.exe! + 2E 80572D40 8 Bytes [83, FE, 29, 0F, 83, 09, 2D, ...] PAGE ntoskrnl.exe! + 37 80572D49 5 Bytes [8A, 86, E0, 2E, 57] PAGE ... PAGE ntoskrnl.exe!CcCopyRead + 7 8057313A 15 Bytes CALL 804E2A92 \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) PAGE ntoskrnl.exe!CcCopyRead + 18 8057314B 14 Bytes [8B, D8, 89, 5D, A4, 33, FF, ...] PAGE ntoskrnl.exe!CcCopyRead + 28 8057315B 5 Bytes [0F, B6, 93, 54, 02] PAGE ntoskrnl.exe!CcCopyRead + 2F 80573162 33 Bytes [8D, 04, 42, 89, 45, AC, 8B, ...] PAGE ntoskrnl.exe!CcCopyRead + 51 80573184 17 Bytes [8B, 45, 0C, 8B, 08, 89, 4D, ...] PAGE ... PAGE ntoskrnl.exe! + 11 80573B12 10 Bytes [56, 8B, 75, 08, 33, C0, 3B, ...] PAGE ntoskrnl.exe! + 1C 80573B1D 1 Byte [20] PAGE ntoskrnl.exe! + 1F 80573B20 7 Bytes [7C, 0F, 0F, 8F, 33, CB, 01] PAGE ntoskrnl.exe! + 27 80573B28 8 Bytes [3B, 4E, 18, 0F, 87, 2A, CB, ...] PAGE ntoskrnl.exe! + 30 80573B31 13 Bytes [8B, 45, 28, 23, C2, 89, 45, ...] PAGE ... PAGE ntoskrnl.exe!FsRtlGetFileSize + 24 80573FA1 10 Bytes [8B, 40, 14, 85, C0, 0F, 84, ...] PAGE ntoskrnl.exe!FsRtlGetFileSize + 2F 80573FAC 21 Bytes [57, 8D, 4D, F8, 51, 8D, 4D, ...] PAGE ntoskrnl.exe!FsRtlGetFileSize + 45 80573FC2 3 Bytes [83, 7D, F8] PAGE ntoskrnl.exe!FsRtlGetFileSize + 49 80573FC6 5 Bytes [7C, 18, 80, 7D, E5] PAGE ntoskrnl.exe!FsRtlGetFileSize + 4F 80573FCC 5 Bytes [0F, 85, 26, EF, 06] PAGE ... PAGE ntoskrnl.exe! + 16 80574175 17 Bytes [38, 41, 26, 0F, 84, E8, E4, ...] PAGE ntoskrnl.exe! + 28 80574187 45 Bytes [0F, B6, 51, 26, 01, 50, 04, ...] PAGE ntoskrnl.exe! + 56 805741B5 13 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGE ntoskrnl.exe! + 66 805741C5 31 Bytes [8B, 45, 14, 56, 33, F6, 3B, ...] PAGE ntoskrnl.exe! + 87 805741E6 8 Bytes [57, 8B, 7D, 08, 57, C6, 45, ...] PAGE ... PAGE ntoskrnl.exe!FsRtlIsNameInExpression + 7 80574E1A 20 Bytes CALL 804E2A92 \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) PAGE ntoskrnl.exe!FsRtlIsNameInExpression + 1C 80574E2F 21 Bytes [89, 5D, E0, 8B, 45, 0C, 89, ...] PAGE ntoskrnl.exe!FsRtlIsNameInExpression + 34 80574E47 9 Bytes [88, 45, E7, 83, 4D, FC, FF, ...] PAGE ntoskrnl.exe!FsRtlIsNameInExpression + 40 80574E53 10 Bytes CALL 804E2ACF \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) PAGE ntoskrnl.exe!FsRtlIsNameInExpression + 4B 80574E5E 13 Bytes [90, 90, 90, 90, 90, 39, 5D, ...] PAGE ... PAGE ntoskrnl.exe! + 7 80575CB7 14 Bytes CALL 804E2A92 \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) PAGE ntoskrnl.exe! + 16 80575CC6 16 Bytes [C6, 45, E6, 01, 8B, 45, 10, ...] PAGE ntoskrnl.exe! + 27 80575CD7 17 Bytes [8B, 4D, 0C, 0B, 4E, 10, F7, ...] PAGE ntoskrnl.exe! + 39 80575CE9 12 Bytes [8D, 58, F8, 89, 7D, FC, A8, ...] PAGE ntoskrnl.exe! + 47 80575CF7 8 Bytes [F6, 43, 05, 01, 0F, 84, F4, ...] PAGE ... PAGE ntoskrnl.exe!ExRundownCompleted + E 8058AF98 18 Bytes [8B, 4D, FC, 87, 01, C9, C3, ...] PAGE ntoskrnl.exe!ExRundownCompleted + 21 8058AFAB 11 Bytes CALL 8054AF04 \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) PAGE ntoskrnl.exe!ExRundownCompleted + 2D 8058AFB7 16 Bytes [74, 0B, FF, 75, 10, FF, 75, ...] PAGE ntoskrnl.exe!ExRundownCompleted + 3E 8058AFC8 15 Bytes CALL 805044E3 \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) PAGE ntoskrnl.exe!ExRundownCompleted + 4F 8058AFD9 6 Bytes [20, 0F, 85, 66, F5, 06] {AND [EDI], CL; TEST [ESI-0xb], ESP; PUSH ES} PAGE ... PAGE ntoskrnl.exe! + 3C 8058B552 5 Bytes [0F, 85, 7D, 08, 02] PAGE ntoskrnl.exe! + 42 8058B558 23 Bytes [52, FF, 75, 0C, 89, 5D, 10, ...] PAGE ntoskrnl.exe! + 5A 8058B570 18 Bytes [83, F8, 03, 74, 54, 8B, 45, ...] PAGE ntoskrnl.exe! + 6D 8058B583 3 Bytes [83, 66, 04] PAGE ntoskrnl.exe! + 71 8058B587 25 Bytes [83, C0, 0C, 66, C7, 06, 02, ...] PAGE ... PAGE ntoskrnl.exe!FsRtlFindInTunnelCache + 7 8058F9A1 8 Bytes CALL 804E2A92 \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) PAGE ntoskrnl.exe!FsRtlFindInTunnelCache + 10 8058F9AA 5 Bytes [83, 3D, 84, CC, 68] PAGE ntoskrnl.exe!FsRtlFindInTunnelCache + 17 8058F9B1 5 Bytes [0F, 84, A9, 31, 05] PAGE ntoskrnl.exe!FsRtlFindInTunnelCache + 1D 8058F9B7 19 Bytes [8D, 45, D8, 89, 45, DC, 89, ...] PAGE ntoskrnl.exe!FsRtlFindInTunnelCache + 31 8058F9CB 54 Bytes [8D, 45, D8, 50, 56, E8, 51, ...] PAGE ... PAGE ntoskrnl.exe!FsRtlAddToTunnelCache + C 8058FC8C 5 Bytes [83, 3D, 84, CC, 68] PAGE ntoskrnl.exe!FsRtlAddToTunnelCache + 13 8058FC93 3 Bytes [C6, 45, FF] PAGE ntoskrnl.exe!FsRtlAddToTunnelCache + 17 8058FC97 36 Bytes [74, DE, 8B, 4D, 18, 0F, B7, ...] PAGE ntoskrnl.exe!FsRtlAddToTunnelCache + 3E 8058FCBE 5 Bytes [0F, 86, 8D, 2E, 05] PAGE ntoskrnl.exe!FsRtlAddToTunnelCache + 44 8058FCC4 9 Bytes [68, 54, 75, 6E, 50, 56, 68, ...] PAGE ... PAGE ntoskrnl.exe! + D 8058FD6D 6 Bytes [8B, 55, 08, 8B, F0, B9] PAGE ntoskrnl.exe! + 16 8058FD76 12 Bytes [80, 8B, C2, 23, C1, 3B, C1, ...] PAGE ntoskrnl.exe! + 23 8058FD83 6 Bytes [8B, 46, 44, 8B, B8, C4] PAGE ntoskrnl.exe! + 2C 8058FD8C 3 Bytes [FF, 8E, D4] PAGE ntoskrnl.exe! + 32 8058FD92 38 Bytes CALL 8056661C \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) PAGE ... PAGE ntoskrnl.exe!FsRtlIsFatDbcsLegal + 1C 80590054 12 Bytes [38, 5D, 10, 56, 8B, 75, 0C, ...] PAGE ntoskrnl.exe!FsRtlIsFatDbcsLegal + 29 80590061 8 Bytes [80, 3E, 5C, 0F, 84, E5, 33, ...] PAGE ntoskrnl.exe!FsRtlIsFatDbcsLegal + 32 8059006A 8 Bytes [38, 5D, 14, 0F, 85, FE, 33, ...] PAGE ntoskrnl.exe!FsRtlIsFatDbcsLegal + 3B 80590073 8 Bytes [38, 5D, 10, 0F, 85, 47, 34, ...] PAGE ntoskrnl.exe!FsRtlIsFatDbcsLegal + 44 8059007C 33 Bytes [66, 83, FF, 0C, 0F, 87, C6, ...] PAGE ... PAGE ntoskrnl.exe! + C 80590141 10 Bytes [53, 57, 8B, 7D, 0C, 0F, 85, ...] PAGE ntoskrnl.exe! + 17 8059014C 17 Bytes [0F, B7, 07, 40, 40, D1, E8, ...] PAGE ntoskrnl.exe! + 29 8059015E 3 Bytes [3D, FF, FF] PAGE ntoskrnl.exe! + 2E 80590163 5 Bytes [0F, 87, DF, D8, 06] PAGE ntoskrnl.exe! + 34 80590169 3 Bytes [80, 7D, 10] PAGE ... PAGE ntoskrnl.exe!FsRtlNotifyCleanup + 7 805906B1 14 Bytes CALL 804E2A92 \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) PAGE ntoskrnl.exe!FsRtlNotifyCleanup + 17 805906C1 53 Bytes [8B, F0, 8B, 7D, 08, 3B, 77, ...] PAGE ntoskrnl.exe!FsRtlNotifyCleanup + 4D 805906F7 8 Bytes [66, 89, 46, 2C, 8D, 46, 20, ...] PAGE ntoskrnl.exe!FsRtlNotifyCleanup + 56 80590700 5 Bytes [74, 0B, 68, 0B, 01] PAGE ntoskrnl.exe!FsRtlNotifyCleanup + 5D 80590707 57 Bytes CALL 805830B1 \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) PAGE ... PAGE ntoskrnl.exe!ExUuidCreate + C 80590907 7 Bytes [53, 56, 57, 64, A1, 24, 01] PAGE ntoskrnl.exe!ExUuidCreate + 15 80590910 9 Bytes [8B, 5D, 08, 8B, F0, A1, B4, ...] PAGE ntoskrnl.exe!ExUuidCreate + 1F 8059091A 5 Bytes [8B, 15, A8, DD, 68] PAGE ntoskrnl.exe!ExUuidCreate + 25 80590920 5 Bytes [8B, 3D, AC, DD, 68] PAGE ntoskrnl.exe!ExUuidCreate + 2B 80590926 7 Bytes [89, 43, 08, A1, B8, DD, 68] PAGE ... PAGE ntoskrnl.exe! + 1D 805919F6 9 Bytes [3B, C7, 89, 45, 08, 0F, 8C, ...] PAGE ntoskrnl.exe! + 28 80591A01 6 Bytes [89, 75, EC, 81, 65, EC] PAGE ntoskrnl.exe! + 31 80591A0A 8 Bytes [40, 8D, 45, DC, 0F, 84, 30, ...] PAGE ntoskrnl.exe! + 3B 80591A14 21 Bytes CALL 804D9435 \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) PAGE ntoskrnl.exe! + 53 80591A2C 3 Bytes CALL 80591BFB \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) PAGE ... PAGE ntoskrnl.exe!CcMdlRead + 7 8061040A 14 Bytes CALL 804E2A92 \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) PAGE ntoskrnl.exe!CcMdlRead + 17 8061041A 28 Bytes [8B, D8, 89, 5D, B8, 8B, 45, ...] PAGE ntoskrnl.exe!CcMdlRead + 35 80610438 4 Bytes [8B, 8B, 40, 02] PAGE ntoskrnl.exe!CcMdlRead + 3B 8061043E 45 Bytes [8D, 04, 48, 89, 45, B0, 8B, ...] PAGE ntoskrnl.exe!CcMdlRead + 69 8061046C 5 Bytes [75, 06, 83, 7F, 4C] PAGE ... PAGE ntoskrnl.exe!CcMdlReadComplete + 3A 806106F0 71 Bytes [CC, CC, CC, CC, CC, CC, 90, ...] PAGE ntoskrnl.exe!CcMdlWriteComplete + 3D 80610738 65 Bytes [CC, CC, CC, CC, CC, 90, CC, ...] PAGE ntoskrnl.exe!CmRegisterCallback + 25 8061077C 8 Bytes [56, FF, 75, 08, E8, B7, 36, ...] PAGE ntoskrnl.exe!CmRegisterCallback + 2E 80610785 42 Bytes [3B, C7, 89, 45, FC, 75, 09, ...] PAGE ntoskrnl.exe!CmRegisterCallback + 59 806107B0 26 Bytes [8D, 46, 24, 89, 5E, 10, 88, ...] PAGE ntoskrnl.exe!CmRegisterCallback + 74 806107CB 10 Bytes [8B, 45, 0C, 89, 46, 30, BB, ...] PAGE ntoskrnl.exe!CmRegisterCallback + 7F 806107D6 12 Bytes [89, 7D, 08, 57, FF, 75, FC, ...] PAGE ... PAGE ntoskrnl.exe!CmUnRegisterCallback + A 80610839 7 Bytes [53, 56, 57, BB, 20, 7A, 55] PAGE ntoskrnl.exe!CmUnRegisterCallback + 12 80610841 5 Bytes [53, E8, 05, 37, 03] PAGE ntoskrnl.exe!CmUnRegisterCallback + 18 80610847 11 Bytes [8B, F0, 85, F6, 74, 65, 56, ...] PAGE ntoskrnl.exe!CmUnRegisterCallback + 24 80610853 23 Bytes [8B, F8, 85, FF, 74, 52, 8B, ...] PAGE ntoskrnl.exe!CmUnRegisterCallback + 3C 8061086B 5 Bytes [53, E8, 02, 36, 03] PAGE ... PAGE ntoskrnl.exe!FsRtlDeleteTunnelCache + C 806109EE 8 Bytes [74, 31, 8B, 45, 08, 83, 60, ...] PAGE ntoskrnl.exe!FsRtlDeleteTunnelCache + 15 806109F7 4 Bytes [66, 83, 60, 2C] PAGE ntoskrnl.exe!FsRtlDeleteTunnelCache + 1A 806109FC 14 Bytes [56, 8D, 70, 24, 8B, 06, 3B, ...] PAGE ntoskrnl.exe!FsRtlDeleteTunnelCache + 29 80610A0B 25 Bytes CALL 804FEF9B \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) PAGE ntoskrnl.exe!FsRtlDeleteTunnelCache + 43 80610A25 32 Bytes [CC, CC, CC, CC, CC, CC, CC, ...] PAGE ntoskrnl.exe!FsRtlMdlReadDev + 7 80610A46 21 Bytes CALL 804E2A92 \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) PAGE ntoskrnl.exe!FsRtlMdlReadDev + 1D 80610A5C 3 Bytes [83, 60, 04] PAGE ntoskrnl.exe!FsRtlMdlReadDev + 21 80610A60 2 Bytes JMP 80610B4C \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) PAGE ntoskrnl.exe!FsRtlMdlReadDev + 26 80610A65 29 Bytes [33, C9, 8B, 5D, 0C, 03, 03, ...] PAGE ntoskrnl.exe!FsRtlMdlReadDev + 45 80610A84 3 Bytes [FF, 88, D4] PAGE ... PAGE ntoskrnl.exe!FsRtlMdlRead + 5A 80610C8D 33 Bytes [74, 04, 32, C0, EB, 16, 56, ...] PAGE ntoskrnl.exe!FsRtlMdlRead + 7C 80610CAF 18 Bytes [90, CC, CC, CC, CC, CC, CC, ...] PAGE ntoskrnl.exe! + 7 80610CC2 12 Bytes CALL 804E2A92 \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) PAGE ntoskrnl.exe! + 14 80610CCF 3 Bytes [C6, 45, E5] PAGE ntoskrnl.exe! + 18 80610CD3 21 Bytes [8B, 7D, 0C, 83, 3F, FF, 75, ...] PAGE ntoskrnl.exe! + 2E 80610CE9 1 Byte [6A] PAGE ntoskrnl.exe! + 2E 80610CE9 23 Bytes [6A, 00, 6A, 01, 8B, 5D, 10, ...] PAGE ... PAGE ntoskrnl.exe!FsRtlMdlWriteCompleteDev + 24 80611167 51 Bytes [90, CC, CC, CC, CC, CC, CC, ...] PAGE ntoskrnl.exe!FsRtlIncrementCcFastReadNotPossible + 6 8061119B 22 Bytes [C3, CC, CC, CC, CC, CC, CC, ...] PAGE ntoskrnl.exe!FsRtlCopyRead + 7 806111B2 17 Bytes CALL 804E2A92 \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) PAGE ntoskrnl.exe!FsRtlCopyRead + 1A 806111C5 8 Bytes [8B, 4D, 10, 8D, 84, 08, FF, ...] PAGE ntoskrnl.exe!FsRtlCopyRead + 24 806111CF 12 Bytes CALL 60A69AE0 PAGE ntoskrnl.exe!FsRtlCopyRead + 32 806111DD 34 Bytes [8B, 3B, 8B, 53, 04, 33, C0, ...] PAGE ntoskrnl.exe!FsRtlCopyRead + 55 80611200 1 Byte [0D] PAGE ... PAGE ntoskrnl.exe!FsRtlCopyWrite + 7 8061147D 8 Bytes CALL 804E2A92 \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) PAGE ntoskrnl.exe!FsRtlCopyWrite + 10 80611486 7 Bytes [C6, 45, E7, 01, C6, 45, E5] PAGE ntoskrnl.exe!FsRtlCopyWrite + 18 8061148E 21 Bytes [8B, 5D, 0C, 83, 3B, FF, 75, ...] PAGE ntoskrnl.exe!FsRtlCopyWrite + 2E 806114A4 10 Bytes [8B, 7D, 08, 8B, 77, 0C, 89, ...] PAGE ntoskrnl.exe!FsRtlCopyWrite + 39 806114AF 18 Bytes [FF, 75, 14, FF, 75, 10, 57, ...] PAGE ... PAGE ntoskrnl.exe!FsRtlMdlWriteComplete + 51 80611BE8 24 Bytes [74, 04, 32, C0, EB, 0D, 56, ...] PAGE ntoskrnl.exe!FsRtlMdlWriteComplete + 6A 80611C01 72 Bytes [90, CC, CC, CC, CC, CC, CC, ...] PAGE ntoskrnl.exe!FsRtlAllocateResource + 5 80611C4A 11 Bytes [83, E0, 0F, 6B, C0, 38, 03, ...] PAGE ntoskrnl.exe!FsRtlAllocateResource + 11 80611C56 5 Bytes [FF, 05, 8C, CC, 68] PAGE ntoskrnl.exe!FsRtlAllocateResource + 17 80611C5C 47 Bytes [C3, 90, CC, CC, CC, CC, CC, ...] PAGE ntoskrnl.exe! + 5 80611C8C 45 Bytes [CC, CC, CC, CC, CC, CC, CC, ...] PAGE ntoskrnl.exe! + 33 80611CBA 1 Byte [6A] PAGE ntoskrnl.exe! + 33 80611CBA 13 Bytes [6A, 00, FF, 75, 08, E8, 52, ...] PAGE ntoskrnl.exe! + 41 80611CC8 28 Bytes [CC, CC, CC, CC, CC, 90, 90, ...] PAGE ntoskrnl.exe! + 5E 80611CE5 16 Bytes [CC, CC, CC, CC, CC, 90, 90, ...] PAGE ... PAGE ntoskrnl.exe!FsRtlDeregisterUncProvider + 29 80611F12 11 Bytes CALL 804DC74F \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) PAGE ntoskrnl.exe!FsRtlDeregisterUncProvider + 35 80611F1E 6 Bytes [75, 34, A1, A0, CC, 68] PAGE ntoskrnl.exe!FsRtlDeregisterUncProvider + 3C 80611F25 16 Bytes [3B, C7, 74, 0D, 57, 50, E8, ...] PAGE ntoskrnl.exe!FsRtlDeregisterUncProvider + 4D 80611F36 4 Bytes [A1, 94, CC, 68] PAGE ntoskrnl.exe!FsRtlDeregisterUncProvider + 52 80611F3B 16 Bytes [83, F8, FF, 74, 0D, 50, E8, ...] PAGE ... PAGE ntoskrnl.exe!FsRtlDissectDbcs + 52 80611FD0 7 Bytes [74, 13, 8B, 1D, 94, 33, 56] PAGE ntoskrnl.exe!FsRtlDissectDbcs + 5A 80611FD8 7 Bytes [0F, B6, D2, 66, 83, 3C, 53] PAGE ntoskrnl.exe!FsRtlDissectDbcs + 62 80611FE0 59 Bytes [74, 01, 47, 33, DB, 47, 3B, ...] PAGE ntoskrnl.exe!FsRtlDissectDbcs + 9E 8061201C 47 Bytes [CC, CC, CC, CC, CC, CC, 90, ...] PAGE ntoskrnl.exe!FsRtlDoesDbcsContainWildCards + 26 8061204D 7 Bytes [74, 13, 8B, 1D, 94, 33, 56] PAGE ntoskrnl.exe!FsRtlDoesDbcsContainWildCards + 2E 80612055 7 Bytes [0F, B6, F9, 66, 83, 3C, 7B] PAGE ntoskrnl.exe!FsRtlDoesDbcsContainWildCards + 36 8061205D 14 Bytes [74, 03, 42, EB, 19, 84, C9, ...] PAGE ntoskrnl.exe!FsRtlDoesDbcsContainWildCards + 45 8061206C 28 Bytes [0F, BE, C9, 0F, B6, 0C, 39, ...] PAGE ntoskrnl.exe!FsRtlDoesDbcsContainWildCards + 62 80612089 26 Bytes [B0, 01, EB, F5, 90, 90, 90, ...] PAGE ntoskrnl.exe!FsRtlIsDbcsInExpression + B 806120A6 4 Bytes [A1, 20, 1A, 55] PAGE ntoskrnl.exe!FsRtlIsDbcsInExpression + 10 806120AB 6 Bytes [8B, 4D, 0C, 83, 65, AC] PAGE ntoskrnl.exe!FsRtlIsDbcsInExpression + 17 806120B2 21 Bytes [53, 66, 8B, 19, 66, 85, DB, ...] PAGE ntoskrnl.exe!FsRtlIsDbcsInExpression + 2D 806120C8 4 Bytes [0F, 84, FF, 03] PAGE ntoskrnl.exe!FsRtlIsDbcsInExpression + 33 806120CE 10 Bytes [66, 8B, 38, 66, 85, FF, 0F, ...] PAGE ... PAGE ntoskrnl.exe!FsRtlIsHpfsDbcsLegal + 17 80612510 147 Bytes [38, 5D, 10, 8B, 4D, 0C, 74, ...] PAGE ntoskrnl.exe!FsRtlIsHpfsDbcsLegal + AD 806125A6 4 Bytes [66, 81, FA, FF] PAGE ntoskrnl.exe!FsRtlIsHpfsDbcsLegal + B2 806125AB 50 Bytes [76, 04, 32, C0, EB, 79, 56, ...] PAGE ntoskrnl.exe!FsRtlIsHpfsDbcsLegal + E5 806125DE 7 Bytes [74, 1A, 8B, 1D, 94, 33, 56] PAGE ntoskrnl.exe!FsRtlIsHpfsDbcsLegal + ED 806125E6 7 Bytes [0F, B6, D0, 66, 83, 3C, 53] PAGE ... PAGE ntoskrnl.exe!FsRtlNotifyChangeDirectory + 2A 806126A5 20 Bytes [90, 90, 90, CC, CC, CC, CC, ...] PAGE ntoskrnl.exe!FsRtlNotifyFullChangeDirectory + 7 806126BA 38 Bytes [FF, 75, 2C, FF, 75, 28, FF, ...] PAGE ntoskrnl.exe!FsRtlNotifyFullChangeDirectory + 2E 806126E1 59 Bytes [90, 90, 90, CC, CC, CC, CC, ...] PAGE ntoskrnl.exe!FsRtlN + 2E 8061271D 20 Bytes [90, 90, 90, CC, CC, CC, CC, ...] PAGE ntoskrnl.exe!FsRtlNotifyFullReportChange + 7 80612732 35 Bytes [FF, 75, 28, FF, 75, 24, FF, ...] PAGE ntoskrnl.exe!FsRtlNotifyFullReportChange + 2B 80612756 101 Bytes [CC, CC, CC, CC, CC, 90, CC, ...] PAGE ntoskrnl.exe!FsRtlNotifyFullReportChange + 91 806127BC 1 Byte [04] PAGE ntoskrnl.exe!FsRtlNotifyFullReportChange + 94 806127BF 112 Bytes [39, 45, 10, 72, 06, 8D, 48, ...] PAGE ntoskrnl.exe!FsRtlNotifyFullReportChange + 105 80612830 25 Bytes [CC, CC, CC, CC, CC, CC, CC, ...] PAGE ... PAGE ntoskrnl.exe! + B 80612A1C 1 Byte [02] PAGE ntoskrnl.exe! + E 80612A1F 12 Bytes [3B, D3, 56, 89, 55, E8, 89, ...] PAGE ntoskrnl.exe! + 1B 80612A2C 56 Bytes [89, 55, F8, 73, 03, 89, 5D, ...] PAGE ntoskrnl.exe! + 54 80612A65 1 Byte [10] PAGE ntoskrnl.exe! + 57 80612A68 32 Bytes [6A, 04, 89, 75, E4, 89, 75, ...] PAGE ... PAGE ntoskrnl.exe!ExReleaseRundownProtectionEx + DD 80643C80 3 Bytes [0C, 55, 80] PAGE ntoskrnl.exe!ExReleaseRundownProtectionEx + 103 80643CA6 3 Bytes [30, 55, 80] {XOR [EBP-0x80], DL} PAGE ntoskrnl.exe!ExReleaseRundownProtectionEx + 345 80643EE8 3 Bytes [1F, 56, 80] PAGE ntoskrnl.exe!ExReleaseRundownProtectionEx + 34D 80643EF0 3 Bytes [1F, 56, 80] PAGE ntoskrnl.exe!ExReleaseRundownProtectionEx + 357 80643EFA 3 Bytes [1F, 56, 80] PAGE ... PAGE ntoskrnl.exe! + 62 80645C35 3 Bytes [1C, 56, 80] PAGE ntoskrnl.exe! + BC 80645C8F 3 Bytes [1E, 56, 80] PAGE ntoskrnl.exe! + CC 80645C9F 3 Bytes [DD, 68, 80] PAGE ntoskrnl.exe! + E0 80645CB3 3 Bytes [DD, 68, 80] PAGE ntoskrnl.exe! + E6 80645CB9 3 Bytes [DD, 68, 80] PAGE ... PAGE ntoskrnl.exe!ExSetTimerResolution + 10 80645E87 3 Bytes [9A, 55, 80] PAGE ntoskrnl.exe!ExSetTimerResolution + 1F 80645E96 3 Bytes [DD, 68, 80] PAGE ntoskrnl.exe!ExSetTimerResolution + 27 80645E9E 3 Bytes [DD, 68, 80] PAGE ntoskrnl.exe!ExSetTimerResolution + 2F 80645EA6 3 Bytes [DD, 68, 80] PAGE ntoskrnl.exe!ExSetTimerResolution + 3E 80645EB5 3 Bytes [19, 55, 80] {SBB [EBP-0x80], EDX} PAGE ... PAGE ntoskrnl.exe!ExRaiseDatatypeMisalignment + 1C 806467D1 3 Bytes [A3, 52, 80] PAGE ntoskrnl.exe!ExRaiseDatatypeMisalignment + 3F 806467F4 3 Bytes [D9, 68, 80] {FLDCW [EAX-0x80]} PAGE ntoskrnl.exe!ExRaiseDatatypeMisalignment + 45 806467FA 3 Bytes [D9, 68, 80] {FLDCW [EAX-0x80]} PAGE ntoskrnl.exe!ExRaiseDatatypeMisalignment + 5E 80646813 3 Bytes [67, 55, 80] PAGE ntoskrnl.exe!ExRaiseDatatypeMisalignment + 85 8064683A 3 Bytes [67, 55, 80] PAGE ... PAGE ntoskrnl.exe!ExRaiseHardError + B 806469C4 3 Bytes [67, 55, 80] PAGE ntoskrnl.exe!ExRaiseHardError + 47 80646A00 1 Byte [44] PAGE ntoskrnl.exe!ExRaiseHardError + 4B 80646A04 44 Bytes [76, 27, 33, D2, 42, D3, E2, ...] PAGE ntoskrnl.exe!ExRaiseHardError + 78 80646A31 1 Byte [10] PAGE ntoskrnl.exe!ExRaiseHardError + 7B 80646A34 21 Bytes [8D, 45, F8, 50, 56, 8D, 45, ...] PAGE ... PAGE ntoskrnl.exe! + B 806490F2 34 Bytes [A1, 20, 1A, 55, 80, 56, 8B, ...] PAGE ntoskrnl.exe! + 2E 80649115 4 Bytes JMP 80649266 \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) PAGE ntoskrnl.exe! + 34 8064911B 40 Bytes [53, 68, F8, A4, 52, 80, 8D, ...] PAGE ntoskrnl.exe! + 5E 80649145 1 Byte [10] PAGE ntoskrnl.exe! + 5E 80649145 16 Bytes [10, 00, 8D, 85, 6C, FF, FF, ...] PAGE ... .text ACPI.sys F75B8000 6 Bytes [FF, FF, FF, 5D, C2, 08] .text ACPI.sys F75B8007 16 Bytes [CC, CC, CC, CC, CC, 8B, FF, ...] .text ACPI.sys F75B8018 14 Bytes [74, 07, 8B, 40, 60, 80, 48, ...] .text ACPI.sys F75B8027 14 Bytes [84, C0, 74, 15, 8B, 45, 10, ...] .text ACPI.sys F75B8036 6 Bytes [FF, 70, 10, E8, 22, 01] .text ... .text ftdisk.sys F74D7547 3 Bytes [8F, 4D, F7] .text ftdisk.sys F74D75D1 3 Bytes [8C, 4D, F7] {MOV WORD [EBP-0x9], CS} .text ftdisk.sys F74D75E9 3 Bytes [8B, 4D, F7] {MOV ECX, [EBP-0x9]} .text ftdisk.sys F74D75FF 3 Bytes [8B, 4D, F7] {MOV ECX, [EBP-0x9]} .text ftdisk.sys F74D762E 3 Bytes [8A, 4D, F7] {MOV CL, [EBP-0x9]} .text ... .text dmio.sys F74BD4F2 3 Bytes [EB, 4C, F7] .text dmio.sys F74BD500 3 Bytes [EB, 4C, F7] .text dmio.sys F74BD517 3 Bytes [EB, 4C, F7] .text dmio.sys F74BD550 3 Bytes [EB, 4C, F7] .text dmio.sys F74BD574 3 Bytes [ED, 4C, F7] .text ... .text atapi.sys!ZwAcceptConnectPort + 3DD F74993DD 3 Bytes [43, 4A, F7] .text atapi.sys!ZwAcceptConnectPort + 41E F749941E 3 Bytes [43, 4A, F7] .text atapi.sys!ZwAcceptConnectPort + 438 F7499438 3 Bytes [43, 4A, F7] .text atapi.sys!ZwAcceptConnectPort + 480 F7499480 3 Bytes [4E, 4A, F7] .text atapi.sys!ZwAcceptConnectPort + 497 F7499497 3 Bytes [43, 4A, F7] .text ... .text SCSIPORT.SYS F748141C 3 Bytes [82, 48, F7] .text SCSIPORT.SYS F74814ED 3 Bytes [82, 48, F7] .text SCSIPORT.SYS F74815BE 3 Bytes [82, 48, F7] .text SCSIPORT.SYS F748163D 3 Bytes [82, 48, F7] .text SCSIPORT.SYS F7481669 3 Bytes [14, 48, F7] .text ... .text fltMgr.sys F74623E5 3 Bytes [9D, 46, F7] .text fltMgr.sys F74623F6 3 Bytes [D0, 46, F7] {ROL BYTE [ESI-0x9], 0x1} .text fltMgr.sys F74624A0 3 Bytes [9D, 46, F7] .text fltMgr.sys F74624C3 3 Bytes [9D, 46, F7] .text fltMgr.sys F74624EA 3 Bytes [9D, 46, F7] .text ... .text sr.sys F745032C 2 Bytes [45, F7] .text sr.sys F7450345 2 Bytes [45, F7] .text sr.sys F74503C8 2 Bytes [45, F7] .text sr.sys F7450418 2 Bytes [45, F7] .text sr.sys F7450434 2 Bytes [45, F7] .text ... .text KSecDD.sys F74393A2 3 Bytes [D3, 43, F7] {ROL DWORD [EBX-0x9], CL} .text KSecDD.sys F74393A8 3 Bytes [BC, 43, F7] .text KSecDD.sys F74393D5 3 Bytes [BC, 43, F7] .text KSecDD.sys F74393DE 3 Bytes [BC, 43, F7] .text KSecDD.sys F74393FD 3 Bytes [BC, 43, F7] .text ... .text Ntfs.sys F7B63000 3 Bytes [B4, 30, B6] .text Ntfs.sys F7B63009 4 Bytes [68, D4, 30, B6] .text Ntfs.sys F7B63013 4 Bytes [68, EC, 30, B6] .text Ntfs.sys F7B6301D 6 Bytes [83, C4, 18, E8, 97, 49] .text Ntfs.sys F7B63025 6 Bytes [8B, 36, 81, FE, 88, 01] .text ... PAGENPNP NDIS.sys!NdisIMCancelInitializeDeviceInstance + 37 F741D002 4 Bytes [C0, EB, 35, 6A] PAGENPNP NDIS.sys!NdisIMCancelInitializeDeviceInstance + 3C F741D007 10 Bytes [56, 8D, 45, F8, 50, FF, 15, ...] PAGENPNP NDIS.sys!NdisIMCancelInitializeDeviceInstance + 47 F741D012 1 Byte [6A] PAGENPNP NDIS.sys!NdisIMCancelInitializeDeviceInstance + 47 F741D012 19 Bytes [6A, 00, 8D, 45, F8, 50, FF, ...] PAGENPNP NDIS.sys!NdisIMCancelInitializeDeviceInstance + 5B F741D026 7 Bytes [FF, 75, FC, 1B, C0, 25, 01] PAGENPNP ... PAGENPNP NDIS.sys!NdisIMGetBindingContext + 12 F741D056 11 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENPNP NDIS.sys!NdisIMInitializeDeviceInstance + 7 F741D062 14 Bytes [FF, 75, 0C, FF, 75, 08, E8, ...] PAGENPNP NDIS.sys!NdisIMInitializeDeviceInstance + 16 F741D071 54 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENPNP NDIS.sys!NdisIMInitializeDeviceInstance + 4D F741D0A8 5 Bytes [32, C0, C9, C2, 10] PAGENPNP NDIS.sys!NdisIMInitializeDeviceInstance + 53 F741D0AE 29 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENPNP NDIS.sys!NdisIMInitializeDeviceInstance + 71 F741D0CC 35 Bytes [74, 2E, 83, F9, 01, 74, 08, ...] PAGENPNP ... PAGENPNP NDIS.sys!NdisImmediateReadPortUchar + 1B F741D297 31 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENPNP NDIS.sys!NdisImmediateReadPortUshort + 1B F741D2B7 31 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENPNP NDIS.sys!NdisImmediateReadPortUlong + 1B F741D2D7 40 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENPNP NDIS.sys!NdisImmediateWritePortUchar + 24 F741D300 1 Byte [01] PAGENPNP NDIS.sys!NdisImmediateWritePortUchar + 27 F741D303 3 Bytes [8B, B8, FC] PAGENPNP NDIS.sys!NdisImmediateWritePortUchar + 2D F741D309 65 Bytes CALL F741D073 NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) PAGENPNP NDIS.sys!NdisImmediateWritePortUchar + 6F F741D34B 24 Bytes [38, 5D, FC, 74, 0D, FF, 75, ...] PAGENPNP NDIS.sys!NdisImmediateWritePortUchar + 88 F741D364 40 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENPNP NDIS.sys!NdisImmediateWritePortUshort + 24 F741D38D 1 Byte [01] PAGENPNP NDIS.sys!NdisImmediateWritePortUshort + 27 F741D390 3 Bytes [8B, B8, FC] PAGENPNP NDIS.sys!NdisImmediateWritePortUshort + 2D F741D396 65 Bytes CALL F741D073 NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) PAGENPNP NDIS.sys!NdisImmediateWritePortUshort + 6F F741D3D8 24 Bytes [38, 5D, FC, 74, 0D, FF, 75, ...] PAGENPNP NDIS.sys!NdisImmediateWritePortUshort + 88 F741D3F1 40 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENPNP NDIS.sys!NdisImmediateWritePortUlong + 24 F741D41A 1 Byte [01] PAGENPNP NDIS.sys!NdisImmediateWritePortUlong + 27 F741D41D 3 Bytes [8B, B8, FC] PAGENPNP NDIS.sys!NdisImmediateWritePortUlong + 2D F741D423 65 Bytes CALL F741D073 NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) PAGENPNP NDIS.sys!NdisImmediateWritePortUlong + 6F F741D465 24 Bytes [38, 5D, FC, 74, 0D, FF, 75, ...] PAGENPNP NDIS.sys!NdisImmediateWritePortUlong + 88 F741D47E 54 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENPNP ... PAGENPNP NDIS.sys!NdisImmediateReadSharedMemory + 1C F741D570 11 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENPNP NDIS.sys!NdisImmediateWriteSharedMemory + 7 F741D57C 20 Bytes [FF, 75, 14, FF, 75, 10, FF, ...] PAGENPNP NDIS.sys!NdisImmediateWriteSharedMemory + 1C F741D591 24 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENPNP NDIS.sys!NdisOpenFile + 14 F741D5AA 22 Bytes [57, 66, 89, 45, EE, 0F, B7, ...] PAGENPNP NDIS.sys!NdisOpenFile + 2B F741D5C1 13 Bytes [8B, F8, 3B, FB, 89, 7D, F0, ...] PAGENPNP NDIS.sys!NdisOpenFile + 39 F741D5CF 1 Byte [9A] PAGENPNP NDIS.sys!NdisOpenFile + 3C F741D5D2 4 Bytes JMP F741D724 NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) PAGENPNP NDIS.sys!NdisOpenFile + 42 F741D5D8 15 Bytes [56, 6A, 0F, 59, FF, 75, 14, ...] PAGENPNP ... PAGENPNP NDIS.sys!NdisCloseFile + C F741D77F 5 Bytes [57, 8B, 7D, 08, 6A] PAGENPNP NDIS.sys!NdisCloseFile + 12 F741D785 5 Bytes [FF, 37, FF, D6, 6A] PAGENPNP NDIS.sys!NdisCloseFile + 18 F741D78B 8 Bytes [57, FF, D6, 5F, 5E, 5D, C2, ...] PAGENPNP NDIS.sys!NdisCloseFile + 21 F741D794 23 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENPNP NDIS.sys!NdisMapFile + 13 F741D7AC 1 Byte [1D] PAGENPNP NDIS.sys!NdisMapFile + 13 F741D7AC 14 Bytes [1D, 00, 01, C0, EB, 11, 8B, ...] PAGENPNP NDIS.sys!NdisMapFile + 22 F741D7BB 7 Bytes [89, 01, 8B, 45, 08, 83, 20] PAGENPNP NDIS.sys!NdisMapFile + 2A F741D7C3 3 Bytes [5D, C2, 0C] PAGENPNP NDIS.sys!NdisMapFile + 2E F741D7C7 16 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENPNP NDIS.sys!NdisUnmapFile + C F741D7D8 3 Bytes [5D, C2, 04] PAGENPNP NDIS.sys!NdisUnmapFile + 10 F741D7DC 15 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENPNP NDIS.sys!NdisQueryMapRegisterCount + B F741D7EC 2 Bytes [B8, BB] PAGENPNP NDIS.sys!NdisQueryMapRegisterCount + F F741D7F0 4 Bytes [C0, 5D, C2, 08] {RCR BYTE [EBP-0x3e], 0x8} PAGENPNP NDIS.sys!NdisQueryMapRegisterCount + 14 F741D7F5 57 Bytes [90, 90, 90, 90, 90, 8B, 42, ...] PAGENPNP NDIS.sys!NdisQueryMapRegisterCount + 4F F741D830 27 Bytes CALL F740D5AD NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) PAGENPNP NDIS.sys!NdisQueryMapRegisterCount + 6B F741D84C 12 Bytes CALL F740CD37 NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) PAGENPNP ... PAGENPNP NDIS.sys!NdisCloseAdapter + C F741E62A 12 Bytes CALL F740CD38 NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) PAGENPNP NDIS.sys!NdisCloseAdapter + 19 F741E637 7 Bytes [8B, CF, FF, 15, 50, 1E, 41] PAGENPNP NDIS.sys!NdisCloseAdapter + 21 F741E63F 5 Bytes [8B, 35, 58, 23, 41] PAGENPNP NDIS.sys!NdisCloseAdapter + 27 F741E645 10 Bytes [EB, 0B, 3B, 75, 0C, 74, 0A, ...] PAGENPNP NDIS.sys!NdisCloseAdapter + 34 F741E652 13 Bytes [85, F6, 75, F1, 8A, D0, 8B, ...] PAGENPNP ... PAGENPNP NDIS.sys!NdisDeregisterProtocol + F F741E80C 12 Bytes CALL F740CD38 NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) PAGENPNP NDIS.sys!NdisDeregisterProtocol + 1C F741E819 7 Bytes [8B, CF, FF, 15, 50, 1E, 41] PAGENPNP NDIS.sys!NdisDeregisterProtocol + 24 F741E821 5 Bytes [8B, 35, 50, 23, 41] PAGENPNP NDIS.sys!NdisDeregisterProtocol + 2A F741E827 23 Bytes [EB, 08, 3B, 75, 0C, 74, 07, ...] PAGENPNP NDIS.sys!NdisDeregisterProtocol + 42 F741E83F 39 Bytes CALL F740CD55 NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) PAGENPNP ... PAGENPNP NDIS.sys!NdisTerminateWrapper + 1F F741E8E7 7 Bytes [85, C0, 74, 30, 80, 88, B4] PAGENPNP NDIS.sys!NdisTerminateWrapper + 29 F741E8F1 4 Bytes [04, 83, 78, 04] {ADD AL, 0x83; JS 0x8} PAGENPNP NDIS.sys!NdisTerminateWrapper + 2E F741E8F6 4 Bytes [66, 8B, 88, B4] PAGENPNP NDIS.sys!NdisTerminateWrapper + 35 F741E8FD 9 Bytes [75, 25, 84, ED, 78, 21, 83, ...] PAGENPNP NDIS.sys!NdisTerminateWrapper + 3F F741E907 8 Bytes [66, 83, C9, 10, 66, 89, 88, ...] PAGENPNP ... PAGENPNP NDIS.sys!NdisIMDeregisterLayeredMiniport + 3 F741E931 7 Bytes [90, 90, 90, 90, 90, C2, 10] PAGENPNP NDIS.sys!NdisMDeregisterIoPortRange + 3 F741E939 21 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENPNP NDIS.sys!NdisMUnmapIoSpace + 11 F741E94F 3 Bytes [5D, C2, 0C] PAGENPNP NDIS.sys!NdisMUnmapIoSpace + 15 F741E953 72 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENPNP NDIS.sys!NdisMRegisterDmaChannel + 46 F741E99E 11 Bytes [89, 4D, E4, 8B, 4D, 10, 89, ...] PAGENPNP NDIS.sys!NdisMRegisterDmaChannel + 52 F741E9AA 1 Byte [01] PAGENPNP NDIS.sys!NdisMRegisterDmaChannel + 55 F741E9AD 39 Bytes [89, 4D, EC, 8B, 48, 04, 89, ...] PAGENPNP NDIS.sys!NdisMRegisterDmaChannel + 7E F741E9D6 10 Bytes [43, 89, 4D, F4, 43, FF, 15, ...] PAGENPNP NDIS.sys!NdisMRegisterDmaChannel + 89 F741E9E1 8 Bytes [85, C0, 89, 45, 0C, 0F, 84, ...] PAGENPNP ... PAGENPNP NDIS.sys!NdisMDeregisterAdapterShutdownHandler + 10 F741EB00 11 Bytes [74, 0E, 8D, 46, 08, 50, FF, ...] PAGENPNP NDIS.sys!NdisMDeregisterAdapterShutdownHandler + 1C F741EB0C 3 Bytes [83, 66, 04] PAGENPNP NDIS.sys!NdisMDeregisterAdapterShutdownHandler + 20 F741EB10 4 Bytes [5E, 5D, C2, 04] PAGENPNP NDIS.sys!NdisMDeregisterAdapterShutdownHandler + 25 F741EB15 15 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENPNP NDIS.sys!NdisMPciAssignResources + B F741EB25 1 Byte [01] PAGENPNP NDIS.sys!NdisMPciAssignResources + E F741EB28 7 Bytes [05, 75, 16, 8B, 80, E4, 01] {ADD EAX, 0x808b1675; IN AL, 0x1} PAGENPNP NDIS.sys!NdisMPciAssignResources + 17 F741EB31 21 Bytes [85, C0, 74, 0C, 8B, 4D, 10, ...] PAGENPNP NDIS.sys!NdisMPciAssignResources + 2D F741EB47 2 Bytes [B8, 01] PAGENPNP NDIS.sys!NdisMPciAssignResources + 31 F741EB4B 4 Bytes [C0, 5D, C2, 0C] {RCR BYTE [EBP-0x3e], 0xc} PAGENPNP ... PAGENPNP NDIS.sys!NdisMGetDmaAlignment + A F741EEA1 1 Byte [04] PAGENPNP NDIS.sys!NdisMGetDmaAlignment + D F741EEA4 2 Bytes [83, 38] PAGENPNP NDIS.sys!NdisMGetDmaAlignment + 10 F741EEA7 3 Bytes [74, 0B, 8B] PAGENPNP NDIS.sys!NdisMGetDmaAlignment + 14 F741EEAB 14 Bytes [8B, 48, 04, 50, FF, 51, 24, ...] PAGENPNP NDIS.sys!NdisMGetDmaAlignment + 23 F741EEBA 23 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENPNP NDIS.sys!NdisIMDeInitializeDeviceInstance + 14 F741EED3 2 Bytes [BB, 01] PAGENPNP NDIS.sys!NdisIMDeInitializeDeviceInstance + 18 F741EED7 13 Bytes CALL F740CD05 NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) PAGENPNP NDIS.sys!NdisIMDeInitializeDeviceInstance + 28 F741EEE7 9 Bytes CALL F740C485 NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) PAGENPNP NDIS.sys!NdisIMDeInitializeDeviceInstance + 33 F741EEF2 6 Bytes [33, D2, C7, 86, DC, 02] PAGENPNP NDIS.sys!NdisIMDeInitializeDeviceInstance + 3B F741EEFA 1 Byte [03] PAGENPNP ... PAGENPNP NDIS.sys!NdisMDeregisterDmaChannel + 13 F741EF7A 14 Bytes CALL F740CD39 NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) PAGENPNP NDIS.sys!NdisMDeregisterDmaChannel + 22 F741EF89 26 Bytes [88, 45, 0B, 8B, 46, 14, 8B, ...] PAGENPNP NDIS.sys!NdisMDeregisterDmaChannel + 3D F741EFA4 14 Bytes CALL F74106F1 NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) PAGENPNP NDIS.sys!NdisMDeregisterDmaChannel + 4C F741EFB3 6 Bytes [56, FF, 15, 20, 1E, 41] PAGENPNP NDIS.sys!NdisMDeregisterDmaChannel + 53 F741EFBA 6 Bytes [5F, 5E, 5B, 5D, C2, 04] PAGENPNP ... PAGENPNP NDIS.sys!NdisMFreeMapRegisters + C F741EFD2 15 Bytes CALL F740CD3B NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) PAGENPNP NDIS.sys!NdisMFreeMapRegisters + 1E F741EFE4 7 Bytes [53, 33, DB, 39, 9E, 14, 01] PAGENPNP NDIS.sys!NdisMFreeMapRegisters + 27 F741EFED 4 Bytes [74, 7A, 8B, 86] PAGENPNP NDIS.sys!NdisMFreeMapRegisters + 2C F741EFF2 1 Byte [04] PAGENPNP NDIS.sys!NdisMFreeMapRegisters + 2F F741EFF5 11 Bytes [8B, 40, 04, 8B, 40, 1C, 57, ...] PAGENPNP ... PAGENPNP NDIS.sys!NdisReadEisaSlotInformation + A F741F11A 1 Byte [BB] PAGENPNP NDIS.sys!NdisReadEisaSlotInformation + D F741F11D 4 Bytes [C0, 5D, C2, 10] {RCR BYTE [EBP-0x3e], 0x10} PAGENPNP NDIS.sys!NdisReadEisaSlotInformation + 12 F741F122 14 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENPNP NDIS.sys!NdisReadEisaSlotInformationEx + A F741F131 1 Byte [BB] PAGENPNP NDIS.sys!NdisReadEisaSlotInformationEx + D F741F134 4 Bytes [C0, 5D, C2, 14] {RCR BYTE [EBP-0x3e], 0x14} PAGENPNP NDIS.sys!NdisReadEisaSlotInformationEx + 12 F741F139 19 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENPNP NDIS.sys!NdisImmediateReadPciSlotInformation + F F741F14D 13 Bytes [FF, 75, 18, FF, 75, 14, FF, ...] PAGENPNP NDIS.sys!NdisImmediateReadPciSlotInformation + 1E F741F15C 3 Bytes [5D, C2, 14] PAGENPNP NDIS.sys!NdisImmediateReadPciSlotInformation + 22 F741F160 17 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENPNP NDIS.sys!NdisImmediateWritePciSlotInformation + D F741F172 1 Byte [6A] PAGENPNP NDIS.sys!NdisImmediateWritePciSlotInformation + D F741F172 15 Bytes [6A, 00, FF, 75, 18, FF, 75, ...] PAGENPNP NDIS.sys!NdisImmediateWritePciSlotInformation + 1E F741F183 3 Bytes [5D, C2, 14] PAGENPNP NDIS.sys!NdisImmediateWritePciSlotInformation + 22 F741F187 20 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENPNP NDIS.sys!NdisImmediateWritePciSlotInformation + 38 F741F19D 22 Bytes [83, C9, FF, F0, 0F, C1, 08, ...] PAGENPNP ... PAGENPNP NDIS.sys!NdisMDeregisterInterrupt + C F741F1EE 14 Bytes CALL F741F189 NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) PAGENPNP NDIS.sys!NdisMDeregisterInterrupt + 1B F741F1FD 4 Bytes [5E, 5D, C2, 04] PAGENPNP NDIS.sys!NdisMDeregisterInterrupt + 20 F741F202 20 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENPNP NDIS.sys!NdisMDeregisterInterrupt + 36 F741F218 8 Bytes [33, DB, 53, FF, 15, 18, 1E, ...] PAGENPNP NDIS.sys!NdisMDeregisterInterrupt + 3F F741F221 16 Bytes [8B, F0, 3B, F3, 8B, 45, 18, ...] PAGENPNP ... PAGENPNP NDIS.sys!NdisIMNotifyPnPEvent + 2D F741F5E5 20 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENPNP NDIS.sys!NdisIMNotifyPnPEvent + 42 F741F5FA 17 Bytes CALL F740CD39 NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) PAGENPNP NDIS.sys!NdisIMNotifyPnPEvent + 54 F741F60C 5 Bytes [88, 45, FF, FF, 15] PAGENPNP NDIS.sys!NdisIMNotifyPnPEvent + 5A F741F612 2 Bytes [1E, 41] {PUSH DS; INC ECX} PAGENPNP NDIS.sys!NdisIMNotifyPnPEvent + 5D F741F615 4 Bytes [89, 86, 1C, 01] PAGENPNP ... PAGENDSP NDIS.sys!NdisReturnPackets + 10 F7421810 14 Bytes [88, 45, FE, 33, C0, 39, 45, ...] PAGENDSP NDIS.sys!NdisReturnPackets + 21 F7421821 17 Bytes [53, 56, 57, 8B, 4D, 08, 8B, ...] PAGENDSP NDIS.sys!NdisReturnPackets + 33 F7421833 5 Bytes [3B, C1, C6, 45, FF] PAGENDSP NDIS.sys!NdisReturnPackets + 39 F7421839 4 Bytes [0F, 83, 2C, 07] PAGENDSP NDIS.sys!NdisReturnPackets + 3F F742183F 36 Bytes [2B, C1, 8D, 04, 40, 8D, 5C, ...] PAGENDSP ... PAGENDSP NDIS.sys!NdisRequest + 18 F7421983 32 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENDSP NDIS.sys!NdisRequest + 39 F74219A4 2 Bytes [8B, 1D] PAGENDSP NDIS.sys!NdisRequest + 3C F74219A7 2 Bytes [1E, 41] {PUSH DS; INC ECX} PAGENDSP NDIS.sys!NdisRequest + 3F F74219AA 12 Bytes [88, 45, FF, FF, D3, 8B, 55, ...] PAGENDSP NDIS.sys!NdisRequest + 4D F74219B8 4 Bytes [C7, 86, 50, 04] PAGENDSP ... PAGENDSP NDIS.sys!NdisGetReceivedPacket + 16 F7421F20 8 Bytes [8B, 55, 0C, 39, 94, 81, 28, ...] PAGENDSP NDIS.sys!NdisGetReceivedPacket + 20 F7421F2A 20 Bytes [75, 0C, 85, D2, 74, 08, 0F, ...] PAGENDSP NDIS.sys!NdisGetReceivedPacket + 35 F7421F3F 5 Bytes [FF, 15, 30, 1E, 41] PAGENDSP NDIS.sys!NdisGetReceivedPacket + 3B F7421F45 13 Bytes JMP F7421E6C NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) PAGENDSP NDIS.sys!NdisGetReceivedPacket + 4A F7421F54 17 Bytes [83, C9, FF, F0, 0F, C1, 08, ...] PAGENDSP ... PAGENDSP NDIS.sys!NdisOpenProtocolConfiguration + 19 F7421FA2 2 Bytes [56, 6A] PAGENDSP NDIS.sys!NdisOpenProtocolConfiguration + 1C F7421FA5 5 Bytes [FF, 15, 18, 1E, 41] PAGENDSP NDIS.sys!NdisOpenProtocolConfiguration + 22 F7421FAB 16 Bytes [8B, 4D, 08, 8B, D0, F7, D8, ...] PAGENDSP NDIS.sys!NdisOpenProtocolConfiguration + 34 F7421FBD 7 Bytes [C0, 89, 01, 0F, 85, A7, 09] {ROR BYTE [ECX-0x587af0ff], 0x9} PAGENDSP NDIS.sys!NdisOpenProtocolConfiguration + 3D F7421FC6 50 Bytes JMP 830252CD PAGENDSP ... PAGENDSP NDIS.sys!NdisQueryAdapterInstanceName + 12 F742208A 6 Bytes [85, C0, C7, 45, FC, 01] PAGENDSP NDIS.sys!NdisQueryAdapterInstanceName + 1A F7422092 23 Bytes [C0, 89, 45, 0C, 74, 59, 53, ...] PAGENDSP NDIS.sys!NdisQueryAdapterInstanceName + 32 F74220AA 5 Bytes [FF, 15, 18, 1E, 41] PAGENDSP NDIS.sys!NdisQueryAdapterInstanceName + 38 F74220B0 8 Bytes [8B, D8, 85, DB, 0F, 84, BE, ...] PAGENDSP NDIS.sys!NdisQueryAdapterInstanceName + 42 F74220BA 29 Bytes [FF, 75, 0C, 8B, CF, 8B, D1, ...] PAGENDSP ... PAGENDSP NDIS.sys!NdisSetPacketPoolProtocolId + 2D F7422133 33 Bytes [8D, 04, 40, 8D, 44, C6, 08, ...] PAGENDSP NDIS.sys!NdisSetPacketPoolProtocolId + 4F F7422155 36 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENDSP NDIS.sys!NdisReEnumerateProtocolBindings + 20 F742217A 27 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENDSP NDIS.sys!NdisGetDriverHandle + 17 F7422196 8 Bytes [8D, 4E, 30, FF, 15, F8, 1D, ...] PAGENDSP NDIS.sys!NdisGetDriverHandle + 20 F742219F 2 Bytes [FF, 15] PAGENDSP NDIS.sys!NdisGetDriverHandle + 23 F74221A2 2 Bytes [1E, 41] {PUSH DS; INC ECX} PAGENDSP NDIS.sys!NdisGetDriverHandle + 26 F74221A5 3 Bytes [80, 7E, 2D] PAGENDSP NDIS.sys!NdisGetDriverHandle + 2A F74221A9 4 Bytes [89, 86, 1C, 01] PAGENDSP ... PAGENDSP NDIS.sys!NdisMSendComplete + B F7422BCE 29 Bytes [53, 57, 8B, 7D, 0C, 8B, 47, ...] PAGENDSP NDIS.sys!NdisMSendComplete + 29 F7422BEC 7 Bytes [8B, 5D, 0C, 8B, 43, 08, 25] PAGENDSP NDIS.sys!NdisMSendComplete + 31 F7422BF4 4 Bytes [FF, FF, FF, 3D] PAGENDSP NDIS.sys!NdisMSendComplete + 36 F7422BF9 7 Bytes [43, 4F, 4D, 0F, 84, 26, 01] PAGENDSP NDIS.sys!NdisMSendComplete + 3F F7422C02 9 Bytes [8A, 47, 1D, A8, 10, 0F, 84, ...] PAGENDSP ... PAGENDSP NDIS.sys!NdisMTransferDataComplete + C F7422F50 19 Bytes [53, 56, 57, 8B, 7D, 0C, 8D, ...] PAGENDSP NDIS.sys!NdisMTransferDataComplete + 20 F7422F64 26 Bytes [73, 1B, 6A, 03, 33, D2, 5E, ...] PAGENDSP NDIS.sys!NdisMTransferDataComplete + 3B F7422F7F 19 Bytes [EB, 02, 33, F6, 85, F6, 74, ...] PAGENDSP NDIS.sys!NdisMTransferDataComplete + 50 F7422F94 1 Byte [04] PAGENDSP NDIS.sys!NdisMTransferDataComplete + 50 F7422F94 14 Bytes [04, 00, 85, 58, 3C, 74, 0B, ...] PAGENDSP ... PAGENDSP NDIS.sys!NdisMWanSendComplete + 14 F7423281 9 Bytes [74, 0B, B1, 02, FF, 15, 2C, ...] PAGENDSP NDIS.sys!NdisMWanSendComplete + 1E F742328B 8 Bytes [88, 45, FF, 8B, 1D, F8, 1D, ...] PAGENDSP NDIS.sys!NdisMWanSendComplete + 27 F7423294 7 Bytes [8D, 4E, 30, FF, D3, FF, 15] PAGENDSP NDIS.sys!NdisMWanSendComplete + 2F F742329C 2 Bytes [1E, 41] {PUSH DS; INC ECX} PAGENDSP NDIS.sys!NdisMWanSendComplete + 32 F742329F 7 Bytes [8B, 7E, 1C, 89, 86, 1C, 01] PAGENDSP ... PAGENDSP NDIS.sys!NdisSetProtocolFilter + A F7424878 1 Byte [BB] PAGENDSP NDIS.sys!NdisSetProtocolFilter + D F742487B 4 Bytes [C0, 5D, C2, 20] {RCR BYTE [EBP-0x3e], 0x20} PAGENDSP NDIS.sys!NdisSetProtocolFilter + 12 F7424880 14 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENDSP NDIS.sys!NdisWriteEventLogEntry + A F742488F 4 Bytes [66, 83, 7D, 14] PAGENDSP NDIS.sys!NdisWriteEventLogEntry + F F7424894 26 Bytes [53, 56, 57, 76, 21, 8B, 4D, ...] PAGENDSP NDIS.sys!NdisWriteEventLogEntry + 2A F74248AF 40 Bytes [75, F6, 01, 55, FC, 83, C1, ...] PAGENDSP NDIS.sys!NdisWriteEventLogEntry + 53 F74248D8 4 Bytes [01, C0, E9, 8C] PAGENDSP NDIS.sys!NdisWriteEventLogEntry + 5A F74248DF 22 Bytes [83, F8, 04, 76, 05, 83, C0, ...] PAGENDSP ... PAGENDSP NDIS.sys!NdisSend + 18 F742498F 26 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENDSP NDIS.sys!NdisSendPackets + 16 F74249AA 40 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENDSP NDIS.sys!NdisTransferData + 24 F74249D3 20 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENDSP NDIS.sys!NdisReset + 10 F74249E8 18 Bytes [01, 80, 8B, 41, 58, 85, C0, ...] PAGENDSP NDIS.sys!NdisReset + 23 F74249FB 30 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENDSP NDIS.sys!NdisReset + 42 F7424A1A 28 Bytes [8D, 51, FC, 8B, 02, 3B, C7, ...] PAGENDSP NDIS.sys!NdisReset + 5F F7424A37 23 Bytes [83, C8, FF, F0, 0F, C1, 02, ...] PAGENDSP NDIS.sys!NdisReset + 78 F7424A50 17 Bytes [83, C9, FF, F0, 0F, C1, 08, ...] PAGENDSP ... PAGENDSP NDIS.sys!NdisCompletePnPEvent + D F7424D9B 1 Byte [6A] PAGENDSP NDIS.sys!NdisCompletePnPEvent + D F7424D9B 13 Bytes [6A, 00, FF, 70, 0C, 89, 48, ...] PAGENDSP NDIS.sys!NdisCompletePnPEvent + 1B F7424DA9 3 Bytes [5D, C2, 0C] PAGENDSM NDIS.sys!NdisCompletePnPEvent + 72 F7424E00 148 Bytes [90, 90, 90, 90, 90, 90, 90, ...] PAGENDSM NDIS.sys!NdisCompletePnPEvent + 107 F7424E95 8 Bytes [F6, 40, 3C, 01, 0F, 85, 31, ...] PAGENDSM ... PAGENDSM NDIS.sys!NdisMSetTimer + 2C F7424F66 8 Bytes [02, 89, 55, FC, 0F, 85, 52, ...] PAGENDSM NDIS.sys!NdisMSetTimer + 36 F7424F70 14 Bytes [8D, 46, 28, 50, FF, 75, FC, ...] PAGENDSM NDIS.sys!NdisMSetTimer + 45 F7424F7F 5 Bytes [5E, 5B, C9, C2, 08] PAGENDSM NDIS.sys!NdisMSetTimer + 4B F7424F85 25 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENDSM NDIS.sys!NdisMSetTimer + 67 F7424FA1 14 Bytes CALL F740C485 NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) PAGENDSM ... PAGENDSM NDIS.sys!NdisMQueryInformationComplete + 1C F7425923 5 Bytes [88, 45, 0B, FF, 15] PAGENDSM NDIS.sys!NdisMQueryInformationComplete + 22 F7425929 2 Bytes [1E, 41] {PUSH DS; INC ECX} PAGENDSM NDIS.sys!NdisMQueryInformationComplete + 25 F742592C 12 Bytes [8B, 55, 0C, 33, DB, 53, 8B, ...] PAGENDSM NDIS.sys!NdisMQueryInformationComplete + 33 F742593A 4 Bytes [C7, 86, 50, 04] PAGENDSM NDIS.sys!NdisMQueryInformationComplete + 39 F7425940 3 Bytes [9E, 0A, 0C] PAGENDSM ... PAGENDSM NDIS.sys!NdisMSetInformationComplete + 1C F7425CFF 5 Bytes [88, 45, 0B, FF, 15] PAGENDSM NDIS.sys!NdisMSetInformationComplete + 22 F7425D05 2 Bytes [1E, 41] {PUSH DS; INC ECX} PAGENDSM NDIS.sys!NdisMSetInformationComplete + 25 F7425D08 12 Bytes [8B, 55, 0C, 33, DB, 53, 8B, ...] PAGENDSM NDIS.sys!NdisMSetInformationComplete + 33 F7425D16 4 Bytes [C7, 86, 50, 04] PAGENDSM NDIS.sys!NdisMSetInformationComplete + 39 F7425D1C 3 Bytes [57, 03, 0C] PAGENDSM ... PAGENDSM NDIS.sys!NdisMSetPeriodicTimer + 28 F74267A8 9 Bytes [89, 55, FC, 74, 1A, 3D, DF, ...] PAGENDSM NDIS.sys!NdisMSetPeriodicTimer + 32 F74267B2 11 Bytes [74, 13, 8B, 46, 50, 8B, 48, ...] PAGENDSM NDIS.sys!NdisMSetPeriodicTimer + 40 F74267C0 5 Bytes [02, 0F, 85, 86, 09] PAGENDSM NDIS.sys!NdisMSetPeriodicTimer + 47 F74267C7 17 Bytes [8D, 46, 28, 50, FF, 75, 0C, ...] PAGENDSM NDIS.sys!NdisMSetPeriodicTimer + 59 F74267D9 5 Bytes [5E, 5B, C9, C2, 08] PAGENDSM ... PAGENDSM NDIS.sys!NdisMCreateLog + 1D F7426801 5 Bytes [88, 45, 0B, FF, 15] PAGENDSM NDIS.sys!NdisMCreateLog + 23 F7426807 2 Bytes [1E, 41] {PUSH DS; INC ECX} PAGENDSM NDIS.sys!NdisMCreateLog + 26 F742680A 4 Bytes [39, 9F, DC, 01] PAGENDSM NDIS.sys!NdisMCreateLog + 2C F7426810 4 Bytes [89, 87, 1C, 01] PAGENDSM NDIS.sys!NdisMCreateLog + 32 F7426816 4 Bytes [C7, 87, 50, 04] PAGENDSM ... PAGENDSM NDIS.sys!NdisMIndicateStatus + 11 F7426A70 5 Bytes [01, 40, C6, 45, FD] {ADD [EAX-0x3a], EAX; INC EBP; STD } PAGENDSM NDIS.sys!NdisMIndicateStatus + 17 F7426A76 3 Bytes [C6, 45, FE] PAGENDSM NDIS.sys!NdisMIndicateStatus + 1B F7426A7A 6 Bytes [89, 7D, F0, C6, 45, FF] PAGENDSM NDIS.sys!NdisMIndicateStatus + 22 F7426A81 4 Bytes [0F, 84, 81, 01] PAGENDSM NDIS.sys!NdisMIndicateStatus + 28 F7426A87 4 Bytes [81, 7D, 0C, 0C] PAGENDSM ... PAGENDSM NDIS.sys!NdisMIndicateStatusComplete + 1A F7426CB7 2 Bytes [8B, 1D] PAGENDSM NDIS.sys!NdisMIndicateStatusComplete + 1D F7426CBA 2 Bytes [1E, 41] {PUSH DS; INC ECX} PAGENDSM NDIS.sys!NdisMIndicateStatusComplete + 20 F7426CBD 12 Bytes [88, 45, 0B, FF, D3, 8B, 7E, ...] PAGENDSM NDIS.sys!NdisMIndicateStatusComplete + 2E F7426CCB 4 Bytes [C7, 86, 50, 04] PAGENDSM NDIS.sys!NdisMIndicateStatusComplete + 34 F7426CD1 3 Bytes [A2, 0C, 0B] PAGENDSM ... PAGENDSM NDIS.sys!NdisMSendResourcesAvailable + 11 F7428A35 15 Bytes [74, 45, 53, 8D, 4E, 30, 57, ...] PAGENDSM NDIS.sys!NdisMSendResourcesAvailable + 21 F7428A45 4 Bytes [8D, BE, 1C, 01] PAGENDSM NDIS.sys!NdisMSendResourcesAvailable + 27 F7428A4B 2 Bytes [FF, 15] PAGENDSM NDIS.sys!NdisMSendResourcesAvailable + 2A F7428A4E 2 Bytes [1E, 41] {PUSH DS; INC ECX} PAGENDSM NDIS.sys!NdisMSendResourcesAvailable + 2D F7428A51 6 Bytes [33, D2, 8D, 9E, 50, 04] PAGENDSM ... PAGENDSM NDIS.sys!NdisMStartBufferPhysicalMapping + B F7428A91 7 Bytes [53, 57, 8B, 7D, 08, 8B, 87] PAGENDSM NDIS.sys!NdisMStartBufferPhysicalMapping + 13 F7428A99 1 Byte [04] PAGENDSM NDIS.sys!NdisMStartBufferPhysicalMapping + 16 F7428A9C 57 Bytes [8B, 40, 04, 8B, 40, 20, 89, ...] PAGENDSM NDIS.sys!NdisMStartBufferPhysicalMapping + 51 F7428AD7 7 Bytes [53, FF, 34, D1, 50, FF, B7] PAGENDSM NDIS.sys!NdisMStartBufferPhysicalMapping + 59 F7428ADF 1 Byte [04] PAGENDSM ... PAGENDSM NDIS.sys!NdisMCompleteBufferPhysicalMapping + E F7428B33 8 Bytes [8B, 55, 10, 8D, 0C, D1, 8B, ...] PAGENDSM NDIS.sys!NdisMCompleteBufferPhysicalMapping + 17 F7428B3C 1 Byte [04] PAGENDSM NDIS.sys!NdisMCompleteBufferPhysicalMapping + 1A F7428B3F 36 Bytes [56, 8B, 72, 04, 33, C0, 8A, ...] PAGENDSM NDIS.sys!NdisMCompleteBufferPhysicalMapping + 3F F7428B64 35 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENDSM NDIS.sys!NdisMCompleteBufferPhysicalMapping + 63 F7428B88 9 Bytes [8B, F2, 8B, F9, FF, 15, 18, ...] PAGENDSM ... PAGENDSM NDIS.sys!NdisIMCopySendPerPacketInfo + 57 F7429432 37 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENDSM NDIS.sys!NdisIMCopySendCompletePerPacketInfo + 21 F7429458 28 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENDSM NDIS.sys!NdisMCloseLog + 18 F7429475 5 Bytes [88, 45, 0B, FF, 15] PAGENDSM NDIS.sys!NdisMCloseLog + 1E F742947B 2 Bytes [1E, 41] {PUSH DS; INC ECX} PAGENDSM NDIS.sys!NdisMCloseLog + 21 F742947E 11 Bytes [8A, 55, 0B, 33, C0, 8B, CF, ...] PAGENDSM NDIS.sys!NdisMCloseLog + 2E F742948B 4 Bytes [89, 86, 1C, 01] PAGENDSM NDIS.sys!NdisMCloseLog + 34 F7429491 4 Bytes [89, 86, 50, 04] PAGENDSM ... PAGENDSM NDIS.sys!NdisMWriteLogData + B F74294BD 12 Bytes [53, 56, 57, 8D, 45, F8, 50, ...] PAGENDSM NDIS.sys!NdisMWriteLogData + 18 F74294CA 14 Bytes [8B, 5D, 08, 8D, 4B, 04, 89, ...] PAGENDSM NDIS.sys!NdisMWriteLogData + 27 F74294D9 12 Bytes [8B, 53, 0C, 8B, 4D, 10, 3B, ...] PAGENDSM NDIS.sys!NdisMWriteLogData + 35 F74294E7 127 Bytes [8B, 43, 14, 8B, 75, 0C, 2B, ...] PAGENDSM NDIS.sys!NdisMWriteLogData + B7 F7429569 3 Bytes [83, 63, 08] PAGENDSM ... PAGENDSM NDIS.sys!NdisMFlushLog + 15 F74297EA 20 Bytes [33, C9, 89, 4E, 14, 89, 4E, ...] PAGENDSM NDIS.sys!NdisMFlushLog + 2A F74297FF 5 Bytes [5F, 5E, 5D, C2, 04] PAGENDSM NDIS.sys!NdisMFlushLog + 30 F7429805 20 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENDSM NDIS.sys!NdisIMSwitchToMiniport + 10 F742981A 5 Bytes [8B, 5D, 0C, 8B, 3D] PAGENDSM NDIS.sys!NdisIMSwitchToMiniport + 16 F7429820 2 Bytes [1E, 41] {PUSH DS; INC ECX} PAGENDSM NDIS.sys!NdisIMSwitchToMiniport + 19 F7429823 11 Bytes [8B, 75, 08, 88, 03, FF, D7, ...] PAGENDSM NDIS.sys!NdisIMSwitchToMiniport + 26 F7429830 21 Bytes [75, 09, 83, 0B, FF, C6, 45, ...] PAGENDSM NDIS.sys!NdisIMSwitchToMiniport + 3C F7429846 5 Bytes [FF, D7, 80, 7E, 2D] PAGENDSM ... PAGENDSM NDIS.sys!NdisMWanIndicateReceive + 18 F74298B9 2 Bytes [8B, 1D] PAGENDSM NDIS.sys!NdisMWanIndicateReceive + 1B F74298BC 2 Bytes [1E, 41] {PUSH DS; INC ECX} PAGENDSM NDIS.sys!NdisMWanIndicateReceive + 1E F74298BF 12 Bytes [88, 45, 0F, FF, D3, 8B, 7E, ...] PAGENDSM NDIS.sys!NdisMWanIndicateReceive + 2C F74298CD 4 Bytes [C7, 86, 50, 04] PAGENDSM NDIS.sys!NdisMWanIndicateReceive + 32 F74298D3 3 Bytes [EB, 0C, 0B] PAGENDSM ... PAGENDSM NDIS.sys!NdisMWanIndicateReceiveComplete + 18 F7429959 2 Bytes [8B, 1D] PAGENDSM NDIS.sys!NdisMWanIndicateReceiveComplete + 1B F742995C 2 Bytes [1E, 41] {PUSH DS; INC ECX} PAGENDSM NDIS.sys!NdisMWanIndicateReceiveComplete + 1E F742995F 12 Bytes [88, 45, 0B, FF, D3, 8B, 7E, ...] PAGENDSM NDIS.sys!NdisMWanIndicateReceiveComplete + 2C F742996D 4 Bytes [C7, 86, 50, 04] PAGENDSM NDIS.sys!NdisMWanIndicateReceiveComplete + 32 F7429973 3 Bytes [1D, 0D, 0B] PAGENDSM ... PAGENDSM NDIS.sys!NdisMSetMiniportSecondary + 31 F7429DAA 9 Bytes [C0, 5F, 5E, 8B, C3, 5B, 5D, ...] PAGENDSM NDIS.sys!NdisMSetMiniportSecondary + 3B F7429DB4 41 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENDSM NDIS.sys!NdisMSetMiniportSecondary + 65 F7429DDE 14 Bytes [01, 80, EB, 76, 8B, 46, 3C, ...] PAGENDSM NDIS.sys!NdisMSetMiniportSecondary + 75 F7429DEE 1 Byte [20] PAGENDSM NDIS.sys!NdisMSetMiniportSecondary + 75 F7429DEE 6 Bytes [20, 00, 6A, 01, BA, 0D] PAGENDSM ... PAGENDSM NDIS.sys!NdisMPromoteMiniport + 1D F7429F8C 5 Bytes [88, 45, 0B, FF, 15] PAGENDSM NDIS.sys!NdisMPromoteMiniport + 23 F7429F92 2 Bytes [1E, 41] {PUSH DS; INC ECX} PAGENDSM NDIS.sys!NdisMPromoteMiniport + 26 F7429F95 8 Bytes [F6, 46, 3F, 10, 89, 86, 1C, ...] PAGENDSM NDIS.sys!NdisMPromoteMiniport + 30 F7429F9F 4 Bytes [C7, 86, 50, 04] PAGENDSM NDIS.sys!NdisMPromoteMiniport + 36 F7429FA5 3 Bytes [10, 14, 0B] {ADC [EBX+ECX], DL} PAGENDSM ... PAGENDSM NDIS.sys!NdisMResetComplete + 16 F742A0A5 5 Bytes [88, 45, 0B, FF, 15] PAGENDSM NDIS.sys!NdisMResetComplete + 1C F742A0AB 2 Bytes [1E, 41] {PUSH DS; INC ECX} PAGENDSM NDIS.sys!NdisMResetComplete + 1F F742A0AE 8 Bytes [F6, 46, 3E, 20, 89, 86, 1C, ...] PAGENDSM NDIS.sys!NdisMResetComplete + 29 F742A0B8 4 Bytes [C7, 86, 50, 04] PAGENDSM NDIS.sys!NdisMResetComplete + 2F F742A0BE 3 Bytes [9C, 10, 0B] {PUSHF ; ADC [EBX], CL} PAGENDSM ... PAGENDSM NDIS.sys!NdisIMRevertBack + 16 F742A1A7 2 Bytes [FF, 15] PAGENDSM NDIS.sys!NdisIMRevertBack + 19 F742A1AA 2 Bytes [1E, 41] {PUSH DS; INC ECX} PAGENDSM NDIS.sys!NdisIMRevertBack + 1C F742A1AD 6 Bytes [8B, CE, 89, 86, 1C, 01] PAGENDSM NDIS.sys!NdisIMRevertBack + 24 F742A1B5 4 Bytes [C7, 86, 50, 04] PAGENDSM NDIS.sys!NdisIMRevertBack + 2A F742A1BB 3 Bytes [C0, 08, 0B] {ROR BYTE [EAX], 0xb} PAGENDSM ... PAGENDSM NDIS.sys!NdisIMQueueMiniportCallback + 11 F742A21C 2 Bytes [8B, 3D] PAGENDSM NDIS.sys!NdisIMQueueMiniportCallback + 14 F742A21F 2 Bytes [1E, 41] {PUSH DS; INC ECX} PAGENDSM NDIS.sys!NdisIMQueueMiniportCallback + 17 F742A222 12 Bytes [8B, 75, 08, 88, 45, FF, FF, ...] PAGENDSM NDIS.sys!NdisIMQueueMiniportCallback + 25 F742A230 12 Bytes [8D, 5E, 30, 8B, CB, 75, 1A, ...] PAGENDSM NDIS.sys!NdisIMQueueMiniportCallback + 32 F742A23D 6 Bytes [FF, D7, 89, 86, 1C, 01] PAGENDSM ... PAGENDSM NDIS.sys!NdisMReadDmaCounter + 16 F742A3D9 17 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENDSM NDIS.sys!NdisMRemoveMiniport + E F742A3EC 9 Bytes [80, 48, 41, 01, FF, 15, 10, ...] PAGENDSM NDIS.sys!NdisMRemoveMiniport + 18 F742A3F6 5 Bytes [33, C0, 5D, C2, 04] PAGENDSM NDIS.sys!NdisMRemoveMiniport + 1E F742A3FC 45 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENDSM NDIS.sys!NdisMRemoveMiniport + 4D F742A42B 1 Byte [04] PAGENDSM NDIS.sys!NdisMRemoveMiniport + 4D F742A42B 14 Bytes [04, 00, 85, 78, 3C, 74, 0D, ...] PAGENDSM ... PAGENDSM NDIS.sys!NdisMFreeSharedMemory + B F742A4E4 37 Bytes [3C, 02, 73, 19, FF, 75, 1C, ...] PAGENDSM NDIS.sys!NdisMFreeSharedMemory + 32 F742A50B 13 Bytes CALL F740DA7E NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) PAGENDSM NDIS.sys!NdisMFreeSharedMemory + 40 F742A519 5 Bytes [FF, 15, 18, 1E, 41] PAGENDSM NDIS.sys!NdisMFreeSharedMemory + 46 F742A51F 9 Bytes [85, C0, 74, 3A, 8B, 4D, 0C, ...] PAGENDSM NDIS.sys!NdisMFreeSharedMemory + 50 F742A529 29 Bytes [89, 48, 14, 8A, 4D, 10, 88, ...] PAGENDSM ... PAGENDSM NDIS.sys!NdisMCancelTimer + 12 F742A579 7 Bytes [08, 74, 08, 8B, 45, 0C, C6] {OR [EAX+ECX-0x75], DH; INC EBP; OR AL, 0xc6} PAGENDSM NDIS.sys!NdisMCancelTimer + 1B F742A582 8 Bytes [EB, 61, 56, FF, 15, F8, 1C, ...] PAGENDSM NDIS.sys!NdisMCancelTimer + 24 F742A58B 14 Bytes [8B, 4D, 0C, 88, 01, 8B, 4E, ...] PAGENDSM NDIS.sys!NdisMCancelTimer + 35 F742A59C 11 Bytes [02, 74, 46, 84, C0, 74, 42, ...] PAGENDSM NDIS.sys!NdisMCancelTimer + 42 F742A5A9 5 Bytes [FF, 15, 50, 1E, 41] PAGENDSM ... PAGENDSM NDIS.sys!NdisMSynchronizeWithInterrupt + 16 F742A605 3 Bytes [5D, C2, 0C] PAGENDSM NDIS.sys!NdisMSynchronizeWithInterrupt + 1A F742A609 16 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENDSM NDIS.sys!NdisMSynchronizeWithInterrupt + 2B F742A61A 12 Bytes [56, 8B, 75, 0C, 57, 8D, 4E, ...] PAGENDSM NDIS.sys!NdisMSynchronizeWithInterrupt + 38 F742A627 2 Bytes [1E, 41] {PUSH DS; INC ECX} PAGENDSM NDIS.sys!NdisMSynchronizeWithInterrupt + 3B F742A62A 6 Bytes [FF, D7, C7, 86, 50, 04] PAGENDSM ... PAGENDCO NDIS.sys!NdisCmOpenAddressFamilyComplete + 1E F742AC1E 5 Bytes [88, 45, 0F, FF, 15] PAGENDCO NDIS.sys!NdisCmOpenAddressFamilyComplete + 24 F742AC24 2 Bytes [1E, 41] {PUSH DS; INC ECX} PAGENDCO NDIS.sys!NdisCmOpenAddressFamilyComplete + 27 F742AC27 3 Bytes [83, 7D, 08] PAGENDCO NDIS.sys!NdisCmOpenAddressFamilyComplete + 2B F742AC2B 4 Bytes [89, 87, 1C, 01] PAGENDCO NDIS.sys!NdisCmOpenAddressFamilyComplete + 31 F742AC31 7 Bytes [8B, 45, 10, C7, 87, 50, 04] PAGENDCO ... PAGENDCO NDIS.sys!NdisCoRequest + 1A F742ACFA 13 Bytes CALL F742AC9E NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) PAGENDCO NDIS.sys!NdisCoRequest + 29 F742AD09 3 Bytes [83, 65, FC] PAGENDCO NDIS.sys!NdisCoRequest + 2D F742AD0D 3 Bytes [83, 65, 0C] PAGENDCO NDIS.sys!NdisCoRequest + 31 F742AD11 9 Bytes [33, C0, 8B, FB, AB, AB, AB, ...] PAGENDCO NDIS.sys!NdisCoRequest + 3B F742AD1B 2 Bytes [AB, 6A] PAGENDCO ... PAGENDCO NDIS.sys!NdisCoRequestComplete + 20 F742ADE0 3 Bytes [5D, C2, 14] PAGENDCO NDIS.sys!NdisCoRequestComplete + 24 F742ADE4 31 Bytes [90, 90, 90, 90, 90, 90, 90, ...] PAGENDCO NDIS.sys!NdisCoRequestComplete + 44 F742AE04 7 Bytes [FF, 4E, 08, 0F, 84, 99, 01] PAGENDCO NDIS.sys!NdisCoRequestComplete + 4D F742AE0D 9 Bytes [8A, D0, 8B, CF, FF, 15, 54, ...] PAGENDCO NDIS.sys!NdisCoRequestComplete + 57 F742AE17 6 Bytes [84, DB, 0F, 85, 8E, 01] PAGENDCO ... PAGENDCO NDIS.sys!NdisClRegisterSap + C F742AE34 17 Bytes [57, 8B, 7D, 08, 8B, CF, E8, ...] PAGENDCO NDIS.sys!NdisClRegisterSap + 1F F742AE47 9 Bytes [56, 68, 4E, 44, 63, 6F, 6A, ...] PAGENDCO NDIS.sys!NdisClRegisterSap + 29 F742AE51 5 Bytes [FF, 15, 18, 1E, 41] PAGENDCO NDIS.sys!NdisClRegisterSap + 2F F742AE57 8 Bytes [8B, F0, 85, F6, 0F, 84, 3A, ...] PAGENDCO NDIS.sys!NdisClRegisterSap + 39 F742AE61 3 Bytes [83, 66, 10] PAGENDCO ... PAGENDCO NDIS.sys!NdisCmRegisterSapComplete + 22 F742AED3 3 Bytes [0F, 85, E2] PAGENDCO NDIS.sys!NdisCmRegisterSapComplete + 28 F742AED9 4 Bytes [5E, 5D, C2, 0C] PAGENDCO NDIS.sys!NdisCmRegisterSapComplete + 2D F742AEDE 33 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENDCO NDIS.sys!NdisMCoRequestComplete + 1D F742AF00 3 Bytes [0F, 84, CB] PAGENDCO NDIS.sys!NdisMCoRequestComplete + 23 F742AF06 6 Bytes [3B, D6, 0F, 84, 6C, 01] PAGENDCO NDIS.sys!NdisMCoRequestComplete + 2B F742AF0E 9 Bytes [8B, 48, 0C, F6, C1, 01, 0F, ...] PAGENDCO NDIS.sys!NdisMCoRequestComplete + 37 F742AF1A 13 Bytes [83, 78, 10, 01, FF, 75, 08, ...] PAGENDCO NDIS.sys!NdisMCoRequestComplete + 47 F742AF2A 9 Bytes CALL F7425907 NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) PAGENDCO ... PAGENDCO NDIS.sys!NdisCoCreateVc + 28 F742B2C7 16 Bytes [85, DB, 74, 09, 3B, 43, 6C, ...] PAGENDCO NDIS.sys!NdisCoCreateVc + 39 F742B2D8 39 Bytes [8B, 40, 0C, 8B, 40, 18, 8B, ...] PAGENDCO NDIS.sys!NdisCoCreateVc + 62 F742B301 4 Bytes JMP F742B6C0 NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) PAGENDCO NDIS.sys!NdisCoCreateVc + 68 F742B307 7 Bytes [68, 4E, 44, 63, 6F, 68, 98] PAGENDCO NDIS.sys!NdisCoCreateVc + 72 F742B311 1 Byte [6A] PAGENDCO ... PAGENDCO NDIS.sys!NdisMCmCreateVc + 11 F742B6E5 4 Bytes JMP F742B870 NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) PAGENDCO NDIS.sys!NdisMCmCreateVc + 17 F742B6EB 5 Bytes [8B, 45, 14, 83, 20] PAGENDCO NDIS.sys!NdisMCmCreateVc + 1D F742B6F1 6 Bytes [56, 8B, 35, 18, 1E, 41] PAGENDCO NDIS.sys!NdisMCmCreateVc + 24 F742B6F8 8 Bytes [68, 4E, 44, 63, 6F, 6A, 48, ...] PAGENDCO NDIS.sys!NdisMCmCreateVc + 2D F742B701 13 Bytes [FF, D6, 8B, D0, 85, D2, 89, ...] PAGENDCO ... PAGENDCO NDIS.sys!NdisMCmActivateVc + 18 F742B893 31 Bytes [83, 4E, 04, 01, 8B, 4D, 0C, ...] PAGENDCO NDIS.sys!NdisMCmActivateVc + 38 F742B8B3 7 Bytes [5F, 33, C0, 5E, 5D, C2, 08] PAGENDCO NDIS.sys!NdisMCmActivateVc + 40 F742B8BB 28 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENDCO NDIS.sys!NdisMCoActivateVcComplete + 18 |
|
|
|
|
|
|
07.04.2011, 18:34
...neu hier
Themenstarter Beiträge: 4 |
#3
F742B8D8 7 Bytes [83, 66, 04, FD, 83, 7D, 08]
PAGENDCO NDIS.sys!NdisMCoActivateVcComplete + 20 F742B8E0 20 Bytes [8B, 4E, 04, 75, 06, 83, C9, ...] PAGENDCO NDIS.sys!NdisMCoActivateVcComplete + 35 F742B8F5 17 Bytes [FF, 75, 10, FF, 76, 28, FF, ...] PAGENDCO NDIS.sys!NdisMCoActivateVcComplete + 47 F742B907 29 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENDCO NDIS.sys!NdisMCmDeactivateVc + 19 F742B925 10 Bytes [8B, 4E, 04, F6, C1, 01, 75, ...] PAGENDCO NDIS.sys!NdisMCmDeactivateVc + 24 F742B930 1 Byte [01] PAGENDCO NDIS.sys!NdisMCmDeactivateVc + 24 F742B930 21 Bytes [01, 00, EB, 08, 33, DB, 83, ...] PAGENDCO NDIS.sys!NdisMCmDeactivateVc + 3A F742B946 8 Bytes [5F, 5E, 8B, C3, 5B, 5D, C2, ...] PAGENDCO NDIS.sys!NdisMCmDeactivateVc + 43 F742B94F 28 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENDCO NDIS.sys!NdisMCoDeactivateVcComplete + 18 F742B96C 7 Bytes [83, 66, 04, FB, 83, 7D, 08] PAGENDCO NDIS.sys!NdisMCoDeactivateVcComplete + 20 F742B974 20 Bytes [8B, 4E, 04, 75, 06, 83, E1, ...] PAGENDCO NDIS.sys!NdisMCoDeactivateVcComplete + 35 F742B989 14 Bytes [FF, 76, 28, FF, 75, 08, FF, ...] PAGENDCO NDIS.sys!NdisMCoDeactivateVcComplete + 44 F742B998 13 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENDCO NDIS.sys!NdisClIncomingCallComplete + 9 F742B9A6 15 Bytes [56, 8B, 75, 0C, 75, 56, 8B, ...] PAGENDCO NDIS.sys!NdisClIncomingCallComplete + 19 F742B9B6 29 Bytes [57, 83, C1, 74, FF, D3, FF, ...] PAGENDCO NDIS.sys!NdisClIncomingCallComplete + 39 F742B9D6 20 Bytes [8B, 07, 89, 79, 04, 89, 01, ...] PAGENDCO NDIS.sys!NdisClIncomingCallComplete + 4E F742B9EB 45 Bytes [83, C1, 74, FF, D7, 8D, 4E, ...] PAGENDCO NDIS.sys!NdisClIncomingCallComplete + 7C F742BA19 22 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENDCO NDIS.sys!NdisCmDispatchCallConnected + 12 F742BA30 25 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENDCO NDIS.sys!NdisClModifyCallQoS + 15 F742BA4A 28 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENDCO NDIS.sys!NdisCmModifyCallQoSComplete + 18 F742BA67 25 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENDCO NDIS.sys!NdisCmDispatchIncomingCallQoSChange + 15 F742BA81 34 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENDCO NDIS.sys!NdisCmDispatchIncomingCloseCall + 1E F742BAA4 11 Bytes [90, 90, 90, 90, 90, 6A, 0C, ...] PAGENDCO NDIS.sys!NdisCmDispatchIncomingCloseCall + 2A F742BAB0 78 Bytes CALL F740D0EF NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) PAGENDCO NDIS.sys!NdisCmDispatchIncomingCloseCall + 79 F742BAFF 5 Bytes [72, 0E, 66, 3D, 39] PAGENDCO NDIS.sys!NdisCmDispatchIncomingCloseCall + 7F F742BB05 13 Bytes [77, 08, 0F, B7, C0, 83, E8, ...] PAGENDCO NDIS.sys!NdisCmDispatchIncomingCloseCall + 8D F742BB13 5 Bytes [72, 0E, 66, 3D, 46] PAGENDCO ... PAGENDCO NDIS.sys!NdisClGetProtocolVcContextFromTapiCallId + 1D F742BBB3 4 Bytes [C0, 5D, C2, 0C] {RCR BYTE [EBP-0x3e], 0xc} PAGENDCO NDIS.sys!NdisClGetProtocolVcContextFromTapiCallId + 22 F742BBB8 31 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENDCO NDIS.sys!NdisCmDispatchIncomingDropParty + 1B F742BBD8 24 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGENDCO NDIS.sys!NdisCmDispatchIncomingDropParty + 34 F742BBF1 19 Bytes [F6, 46, 07, 80, 75, 04, FF, ...] PAGENDCO NDIS.sys!NdisCmDispatchIncomingDropParty + 48 F742BC05 33 Bytes [5F, 5E, 8A, C3, 5B, C3, 90, ...] PAGENDCO NDIS.sys!NdisCmDispatchIncomingDropParty + 6A F742BC27 16 Bytes [FF, 0E, 8B, 7E, 28, 8A, D0, ...] PAGENDCO NDIS.sys!NdisCmDispatchIncomingDropParty + 7B F742BC38 13 Bytes [08, 74, 19, 83, 20, F7, 8B, ...] PAGENDCO ... PAGENDCO NDIS.sys!NdisCoAssignInstanceName + 13 F742BD0C 20 Bytes [8B, 43, 64, 89, 45, FC, 66, ...] PAGENDCO NDIS.sys!NdisCoAssignInstanceName + 29 F742BD22 15 Bytes [8B, 45, 0C, 85, C0, 6A, 30, ...] PAGENDCO NDIS.sys!NdisCoAssignInstanceName + 39 F742BD32 17 Bytes [66, 03, C1, 89, 45, 08, 0F, ...] PAGENDCO NDIS.sys!NdisCoAssignInstanceName + 4B F742BD44 5 Bytes [FF, 15, 18, 1E, 41] PAGENDCO NDIS.sys!NdisCoAssignInstanceName + 51 F742BD4A 8 Bytes [8B, D0, 85, D2, 0F, 84, 4D, ...] PAGENDCO ... PAGE Mup.sys F788D000 11 Bytes [8D, 45, F8, 50, 6A, 04, FF, ...] PAGE Mup.sys F788D00C 5 Bytes [FF, 35, 40, 03, 88] PAGE Mup.sys F788D012 4 Bytes [68, 08, 03, 88] PAGE Mup.sys F788D038 5 Bytes [FF, 15, 04, FC, 87] PAGE Mup.sys F788D03E 6 Bytes [53, 53, 68, 38, 19, 88] PAGE ... .text USBPORT.SYS!USBPORT_RegisterUSBPortDriver + FFFF84FE B6DA1000 8 Bytes [0C, 8B, F8, F3, A5, C6, 40, ...] .text USBPORT.SYS!USBPORT_RegisterUSBPortDriver + FFFF8507 B6DA1009 4 Bytes [FF, B3, 1C, 01] .text USBPORT.SYS!USBPORT_RegisterUSBPortDriver + FFFF850D B6DA100F 5 Bytes [FF, 15, A8, D8, DA] .text USBPORT.SYS!USBPORT_RegisterUSBPortDriver + FFFF8513 B6DA1015 6 Bytes [5F, 5E, 5B, C9, C2, 08] .text USBPORT.SYS!USBPORT_RegisterUSBPortDriver + FFFF851A B6DA101C 44 Bytes [CC, CC, CC, CC, CC, CC, 8B, ...] .text ... .text USBPORT.SYS!DllUnload + 7 B6DA8633 6 Bytes [74, 10, A1, 08, DE, DA] .text USBPORT.SYS!DllUnload + E B6DA863A 10 Bytes [85, C0, 74, 07, 50, FF, 15, ...] .text USBPORT.SYS!DllUnload + 19 B6DA8645 5 Bytes [FF, 35, 0C, DE, DA] .text USBPORT.SYS!DllUnload + 1F B6DA864B 10 Bytes CALL B6D9DF42 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) .text USBPORT.SYS!DllUnload + 2A B6DA8656 10 Bytes CALL B6D9DF42 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) .text ... .text USBPORT.SYS!USBPORT_GetHciMn + 4 B6DA8676 20 Bytes [10, C3, CC, CC, CC, CC, CC, ...] .text USBPORT.SYS!USBPORT_GetHciMn + 19 B6DA868B 10 Bytes [53, 8B, 58, 28, 56, 57, BF, ...] .text USBPORT.SYS!USBPORT_GetHciMn + 24 B6DA8696 7 Bytes [8B, CF, FF, 15, 88, D7, DA] .text USBPORT.SYS!USBPORT_GetHciMn + 2C B6DA869E 5 Bytes [8B, 0D, 58, DE, DA] .text USBPORT.SYS!USBPORT_GetHciMn + 32 B6DA86A4 4 Bytes [BE, 58, DE, DA] .text ... .text USBPORT.SYS!USBPORT_RegisterUSBPortDriver + C B6DA8B0E 7 Bytes [53, 56, 8B, 35, CC, D7, DA] .text USBPORT.SYS!USBPORT_RegisterUSBPortDriver + 14 B6DA8B16 5 Bytes [57, BB, 60, DE, DA] .text USBPORT.SYS!USBPORT_RegisterUSBPortDriver + 1A B6DA8B1C 3 Bytes [0F, 85, B2] .text USBPORT.SYS!USBPORT_RegisterUSBPortDriver + 20 B6DA8B22 4 Bytes [B8, 58, DE, DA] .text USBPORT.SYS!USBPORT_RegisterUSBPortDriver + 25 B6DA8B27 4 Bytes [A3, 5C, DE, DA] .text ... PAGE portcls.sys!PcDispatchIrp + 800 B6963000 17 Bytes CALL B6952F2A \SystemRoot\system32\drivers\portcls.sys (Port Class (Class Driver for Port/Miniport Devices)/Microsoft Corporation) PAGE portcls.sys!PcDispatchIrp + 812 B6963012 31 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGE portcls.sys!PcDispatchIrp + 832 B6963032 11 Bytes CALL B696257F \SystemRoot\system32\drivers\portcls.sys (Port Class (Class Driver for Port/Miniport Devices)/Microsoft Corporation) PAGE portcls.sys!PcDispatchIrp + 83F B696303F 5 Bytes [48, 0F, 84, 75, 54] PAGE portcls.sys!PcDispatchIrp + 846 B6963046 5 Bytes [48, 0F, 85, 9B, 54] PAGE ... PAGE portcls.sys!PcValidateConnectRequest + 19 B696309E 3 Bytes [5D, C2, 0C] PAGE portcls.sys!PcValidateConnectRequest + 1D B69630A2 5 Bytes [FF, 15, F8, D2, 95] PAGE portcls.sys!PcValidateConnectRequest + 23 B69630A8 8 Bytes JMP B6962FEC \SystemRoot\system32\drivers\portcls.sys (Port Class (Class Driver for Port/Miniport Devices)/Microsoft Corporation) PAGE portcls.sys!PcValidateConnectRequest + 2D B69630B2 10 Bytes [C0, 0F, 85, C0, FE, FF, FF, ...] PAGE portcls.sys!PcValidateConnectRequest + 39 B69630BE 46 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGE portcls.sys!KsoDispatchCreateWithGenericFactory + 2A B69630ED 21 Bytes [8B, 42, 28, EB, EC, 90, 90, ...] PAGE portcls.sys!PcCaptureFormat + C B6963103 20 Bytes [53, 8B, 5D, 0C, 56, 8B, 33, ...] PAGE portcls.sys!PcCaptureFormat + 21 B6963118 17 Bytes CALL B695245C \SystemRoot\system32\drivers\portcls.sys (Port Class (Class Driver for Port/Miniport Devices)/Microsoft Corporation) PAGE portcls.sys!PcCaptureFormat + 33 B696312A 15 Bytes CALL B695245C \SystemRoot\system32\drivers\portcls.sys (Port Class (Class Driver for Port/Miniport Devices)/Microsoft Corporation) PAGE portcls.sys!PcCaptureFormat + 44 B696313B 13 Bytes [68, 50, 63, 44, 66, 56, 6A, ...] PAGE portcls.sys!PcCaptureFormat + 52 B6963149 40 Bytes [85, C0, 8B, 55, 08, 89, 02, ...] PAGE ... PAGE portcls.sys!PcAcquireFormatResources + F B69631C5 19 Bytes [8D, 7D, D8, A5, A5, A5, A5, ...] PAGE portcls.sys!PcAcquireFormatResources + 25 B69631DB 4 Bytes [C7, 45, EC, 02] PAGE portcls.sys!PcAcquireFormatResources + 2B B69631E1 13 Bytes [10, 89, 75, F0, 89, 75, F4, ...] PAGE portcls.sys!PcAcquireFormatResources + 39 B69631EF 17 Bytes CALL B695245C \SystemRoot\system32\drivers\portcls.sys (Port Class (Class Driver for Port/Miniport Devices)/Microsoft Corporation) PAGE portcls.sys!PcAcquireFormatResources + 4B B6963201 15 Bytes CALL B695245C \SystemRoot\system32\drivers\portcls.sys (Port Class (Class Driver for Port/Miniport Devices)/Microsoft Corporation) PAGE ... PAGE portcls.sys!PcTerminateConnection + 25 B69632D3 22 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGE portcls.sys!PcTerminateConnection + 3C B69632EA 6 Bytes [C7, 46, 04, 30, D5, 95] PAGE portcls.sys!PcTerminateConnection + 43 B69632F1 5 Bytes [C7, 07, 1C, D5, 95] PAGE portcls.sys!PcTerminateConnection + 49 B69632F7 8 Bytes CALL B6952B77 \SystemRoot\system32\drivers\portcls.sys (Port Class (Class Driver for Port/Miniport Devices)/Microsoft Corporation) PAGE portcls.sys!PcTerminateConnection + 54 B6963302 6 Bytes [85, C0, 0F, 85, 46, 50] PAGE ... PAGE portcls.sys!PcPinPropertyHandler + 1C B696376B 20 Bytes [C0, 74, 07, 8B, 56, 18, 3B, ...] PAGE portcls.sys!PcPinPropertyHandler + 32 B6963781 6 Bytes [0F, B6, 92, C4, 37, 96] PAGE portcls.sys!PcPinPropertyHandler + 39 B6963788 6 Bytes [FF, 24, 95, AC, 37, 96] PAGE portcls.sys!PcPinPropertyHandler + 40 B696378F 15 Bytes [FF, 77, 08, FF, 37, FF, 75, ...] PAGE portcls.sys!PcPinPropertyHandler + 50 B696379F 6 Bytes [5F, 5E, 5B, 5D, C2, 0C] PAGE ... PAGE portcls.sys!PcNewRegistryKey + 11 B69639D3 10 Bytes [56, 6A, 01, FF, 75, 0C, 8D, ...] PAGE portcls.sys!PcNewRegistryKey + 1C B69639DE 2 Bytes [D5, 95] {AAD 0x95} PAGE portcls.sys!PcNewRegistryKey + 1F B69639E1 26 Bytes CALL B6962CF8 \SystemRoot\system32\drivers\portcls.sys (Port Class (Class Driver for Port/Miniport Devices)/Microsoft Corporation) PAGE portcls.sys!PcNewRegistryKey + 3A B69639FC 50 Bytes [57, FF, 10, 8B, F0, 85, F6, ...] PAGE portcls.sys!PcNewRegistryKey + 6E B6963A30 16 Bytes [89, 03, 8B, 07, 57, FF, 50, ...] PAGE ... PAGE portcls.sys!PcNewServiceGroup + 11 B6963BC0 2 Bytes [57, 6A] PAGE portcls.sys!PcNewServiceGroup + 14 B6963BC3 7 Bytes [FF, 75, 0C, 8D, 45, 08, 68] PAGE portcls.sys!PcNewServiceGroup + 1C B6963BCB 2 Bytes [D5, 95] {AAD 0x95} PAGE portcls.sys!PcNewServiceGroup + 1F B6963BCE 3 Bytes CALL B6963C12 \SystemRoot\system32\drivers\portcls.sys (Port Class (Class Driver for Port/Miniport Devices)/Microsoft Corporation) PAGE portcls.sys!PcNewServiceGroup + 25 B6963BD4 20 Bytes [8B, F8, 85, FF, 7C, 24, 56, ...] PAGE ... PAGE portcls.sys!PcHandleEnableEventWithTable + 7 B69649CC 8 Bytes CALL B6953CEE \SystemRoot\system32\drivers\portcls.sys (Port Class (Class Driver for Port/Miniport Devices)/Microsoft Corporation) PAGE portcls.sys!PcHandleEnableEventWithTable + 10 B69649D5 17 Bytes [8B, 5D, 08, 8B, 7B, 60, 8B, ...] PAGE portcls.sys!PcHandleEnableEventWithTable + 22 B69649E7 3 Bytes [80, 7B, 20] PAGE portcls.sys!PcHandleEnableEventWithTable + 26 B69649EB 4 Bytes [0F, 85, A9, 36] PAGE portcls.sys!PcHandleEnableEventWithTable + 2C B69649F1 13 Bytes [8B, 47, 10, 8B, 40, 14, 89, ...] PAGE ... PAGE portcls.sys!PcHandleDisableEventWithTable + 1F B6964D92 3 Bytes [5D, C2, 08] PAGE portcls.sys!PcHandleDisableEventWithTable + 23 B6964D96 17 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGE portcls.sys!PcHandleDisableEventWithTable + 35 B6964DA8 7 Bytes [57, 8B, 7D, 0C, 8D, 9F, C8] PAGE portcls.sys!PcHandleDisableEventWithTable + 3F B6964DB2 7 Bytes [6A, 01, 6A, 01, 8D, 87, C0] PAGE portcls.sys!PcHandleDisableEventWithTable + 49 B6964DBC 10 Bytes [53, 50, FF, D6, 85, C0, 0F, ...] PAGE ... PAGE portcls.sys!PcFreePropertyTable + D B6964E4C 39 Bytes [56, 8B, 75, 08, 8B, 46, 0C, ...] PAGE portcls.sys!PcFreePropertyTable + 35 B6964E74 31 Bytes [75, 09, 8B, 07, 85, C0, 74, ...] PAGE portcls.sys!PcFreePropertyTable + 55 B6964E94 10 Bytes [8B, 46, 04, 85, C0, 74, 10, ...] PAGE portcls.sys!PcFreePropertyTable + 60 B6964E9F 4 Bytes [75, 0A, 83, 26] PAGE portcls.sys!PcFreePropertyTable + 65 B6964EA4 6 Bytes [50, FF, D3, 83, 66, 04] PAGE ... PAGE portcls.sys!PcDeleteSubdeviceDescriptor + 1D B6964FF5 127 Bytes [8B, 06, 85, C0, 8B, 7E, 20, ...] PAGE portcls.sys!PcDeleteSubdeviceDescriptor + 9F B6965077 12 Bytes [83, C7, 10, 4B, 75, C7, 56, ...] PAGE portcls.sys!PcDeleteSubdeviceDescriptor + AC B6965084 6 Bytes [5F, 5E, 5B, 5D, C2, 04] PAGE portcls.sys!PcDeleteSubdeviceDescriptor + B3 B696508B 17 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGE portcls.sys!PcFreeEventTable + D B696509D 16 Bytes [56, 8B, 75, 08, 8B, 46, 0C, ...] PAGE portcls.sys!PcFreeEventTable + 1F B69650AF 16 Bytes [8B, 46, 04, 85, C0, 75, 0A, ...] PAGE portcls.sys!PcFreeEventTable + 30 B69650C0 3 Bytes [80, 7E, 08] PAGE portcls.sys!PcFreeEventTable + 34 B69650C4 4 Bytes [0F, 84, 09, 32] PAGE portcls.sys!PcFreeEventTable + 3A B69650CA 27 Bytes JMP 90909090 PAGE ... PAGE portcls.sys!PcGetDeviceProperty + 21 B6965739 3 Bytes [5D, C2, 14] PAGE portcls.sys!PcGetDeviceProperty + 25 B696573D 27 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGE portcls.sys!PcGetDeviceProperty + 41 B6965759 16 Bytes [83, F8, 01, 75, 1D, FF, 76, ...] PAGE portcls.sys!PcGetDeviceProperty + 52 B696576A 4 Bytes CALL 6A1B666F PAGE portcls.sys!PcGetDeviceProperty + 58 B6965770 10 Bytes CALL B695425D \SystemRoot\system32\drivers\portcls.sys (Port Class (Class Driver for Port/Miniport Devices)/Microsoft Corporation) PAGE ... PAGE portcls.sys!PcAddToPropertyTable + 55 B69659BB 45 Bytes [89, 45, EC, FF, 36, FF, 75, ...] PAGE portcls.sys!PcAddToPropertyTable + 83 B69659E9 3 Bytes [83, 65, F0] PAGE portcls.sys!PcAddToPropertyTable + 87 B69659ED 25 Bytes [8D, 3C, BF, 68, 50, 63, 53, ...] PAGE portcls.sys!PcAddToPropertyTable + A2 B6965A08 21 Bytes [68, 50, 63, 53, 62, FF, 75, ...] PAGE portcls.sys!PcAddToPropertyTable + B9 B6965A1F 3 Bytes [83, 7D, 08] PAGE ... PAGE portcls.sys!PcCreateSubdeviceDescriptor + C B6965D5F 3 Bytes [83, 65, E8] PAGE portcls.sys!PcCreateSubdeviceDescriptor + 10 B6965D63 86 Bytes [53, 56, 57, 8B, 7D, 08, 8B, ...] PAGE portcls.sys!PcCreateSubdeviceDescriptor + 68 B6965DBB 18 Bytes [50, FF, 73, 20, 8D, 75, E4, ...] PAGE portcls.sys!PcCreateSubdeviceDescriptor + 7B B6965DCE 117 Bytes [75, DD, 68, 50, 63, 46, 70, ...] PAGE portcls.sys!PcCreateSubdeviceDescriptor + F2 B6965E45 55 Bytes [8B, 77, 18, 8B, C1, 89, 42, ...] PAGE ... PAGE portcls.sys!PcRegisterSubdevice + 17 B69661F8 7 Bytes [39, 7D, 0C, 0F, 84, 50, 01] PAGE portcls.sys!PcRegisterSubdevice + 20 B6966201 9 Bytes [8B, 45, 10, 3B, C7, 0F, 84, ...] PAGE portcls.sys!PcRegisterSubdevice + 2B B696620C 10 Bytes [8B, 08, 8D, 55, 10, 52, 68, ...] PAGE portcls.sys!PcRegisterSubdevice + 36 B6966217 12 Bytes [50, FF, 11, 3B, C7, 89, 45, ...] PAGE portcls.sys!PcRegisterSubdevice + 44 B6966225 21 Bytes [57, FF, 75, 0C, FF, 75, 10, ...] PAGE ... PAGE portcls.sys!PcInitializeAdapterDriver + 11 B6966534 18 Bytes [74, 6B, 8B, 45, 10, 85, C0, ...] PAGE portcls.sys!PcInitializeAdapterDriver + 24 B6966547 12 Bytes [89, 41, 04, 6A, 0E, 57, C7, ...] PAGE portcls.sys!PcInitializeAdapterDriver + 31 B6966554 3 Bytes [C7, 87, A4] PAGE portcls.sys!PcInitializeAdapterDriver + 37 B696655A 3 Bytes [7F, 27, 96] {JG 0x29; XCHG ESI, EAX} PAGE portcls.sys!PcInitializeAdapterDriver + 3B B696655E 3 Bytes [C7, 87, 90] PAGE ... PAGE portcls.sys!PcNewPort + B B696664F 4 Bytes [0F, 84, 9A, 1F] PAGE portcls.sys!PcNewPort + 11 B6966655 10 Bytes [56, 8D, 45, F8, 50, FF, 75, ...] PAGE portcls.sys!PcNewPort + 1E B6966662 6 Bytes [85, C0, 0F, 8C, 8F, 1F] PAGE portcls.sys!PcNewPort + 26 B696666A 1 Byte [6A] PAGE portcls.sys!PcNewPort + 26 B696666A 3 Bytes [6A, 00, 6A] PAGE ... PAGE portcls.sys!PcAddAdapterDevice + 16 B69666FE 7 Bytes [39, 75, 0C, 0F, 84, 54, 02] PAGE portcls.sys!PcAddAdapterDevice + 1F B6966707 7 Bytes [39, 75, 10, 0F, 84, 4B, 02] PAGE portcls.sys!PcAddAdapterDevice + 28 B6966710 9 Bytes [8B, 5D, 14, 3B, DE, 0F, 84, ...] PAGE portcls.sys!PcAddAdapterDevice + 33 B696671B 9 Bytes [8B, 7D, 18, 3B, FE, 0F, 85, ...] PAGE portcls.sys!PcAddAdapterDevice + 3E B6966726 1 Byte [BF] PAGE ... PAGE portcls.sys!PcNewResourceList + 11 B6966A00 11 Bytes [56, FF, 75, 10, 8D, 45, 08, ...] PAGE portcls.sys!PcNewResourceList + 1D B6966A0C 2 Bytes [D5, 95] {AAD 0x95} PAGE portcls.sys!PcNewResourceList + 20 B6966A0F 3 Bytes CALL B6966A6B \SystemRoot\system32\drivers\portcls.sys (Port Class (Class Driver for Port/Miniport Devices)/Microsoft Corporation) PAGE portcls.sys!PcNewResourceList + 26 B6966A15 20 Bytes [8B, F0, 85, F6, 7C, 3C, 57, ...] PAGE portcls.sys!PcNewResourceList + 3B B6966A2A 52 Bytes [57, FF, 10, 8B, F0, 85, F6, ...] PAGE ... PAGE portcls.sys!PcDmaMasterDescription + 56 B6967294 4 Bytes [5F, 5D, C2, 28] PAGE portcls.sys!PcDmaMasterDescription + 5B B6967299 38 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGE portcls.sys!PcDmaMasterDescription + 82 B69672C0 1 Byte [6A] PAGE portcls.sys!PcDmaMasterDescription + 82 B69672C0 15 Bytes [6A, 00, 0F, 94, C0, 88, 46, ...] PAGE portcls.sys!PcDmaMasterDescription + 92 B69672D0 5 Bytes [FF, 15, 44, D3, 95] PAGE ... PAGE portcls.sys!PcNewDmaChannel + 11 B69675AE 2 Bytes [D5, 95] {AAD 0x95} PAGE portcls.sys!PcNewDmaChannel + 14 B69675B1 3 Bytes CALL B696760F \SystemRoot\system32\drivers\portcls.sys (Port Class (Class Driver for Port/Miniport Devices)/Microsoft Corporation) PAGE portcls.sys!PcNewDmaChannel + 1A B69675B7 20 Bytes [8B, F0, 85, F6, 7C, 3C, 57, ...] PAGE portcls.sys!PcNewDmaChannel + 2F B69675CC 51 Bytes [57, FF, 10, 8B, F0, 85, F6, ...] PAGE portcls.sys!PcNewDmaChannel + 63 B6967600 70 Bytes [8B, 45, 10, 8B, 08, 50, FF, ...] PAGE ... PAGE portcls.sys!PcRegisterPhysicalConnection + 2A B6967681 3 Bytes [5D, C2, 14] PAGE portcls.sys!PcRegisterPhysicalConnection + 2E B6967685 2 Bytes [B8, 0D] PAGE portcls.sys!PcRegisterPhysicalConnection + 32 B6967689 19 Bytes [C0, EB, F5, 90, 90, 90, 90, ...] PAGE portcls.sys!PcRegisterPhysicalConnection + 46 B696769D 3 Bytes [83, 65, F4] PAGE portcls.sys!PcRegisterPhysicalConnection + 4A B69676A1 15 Bytes [85, C0, 53, 8B, 5D, 14, 56, ...] PAGE ... PAGE portcls.sys!PcNewInterruptSync + 11 B69677AE 4 Bytes [74, 66, 56, 6A] PAGE portcls.sys!PcNewInterruptSync + 16 B69677B3 7 Bytes [FF, 75, 0C, 8D, 45, 08, 68] PAGE portcls.sys!PcNewInterruptSync + 1E B69677BB 2 Bytes [D5, 95] {AAD 0x95} PAGE portcls.sys!PcNewInterruptSync + 21 B69677BE 3 Bytes CALL B6967821 \SystemRoot\system32\drivers\portcls.sys (Port Class (Class Driver for Port/Miniport Devices)/Microsoft Corporation) PAGE portcls.sys!PcNewInterruptSync + 27 B69677C4 17 Bytes [8B, F0, 85, F6, 7C, 3C, 57, ...] PAGE ... PAGE portcls.sys!DllInitialize + 5 B69678AF 42 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGE portcls.sys!PcRegisterAdapterPowerManagement + 26 B69678DA 13 Bytes [50, FF, 11, 85, C0, 7C, 0E, ...] PAGE portcls.sys!PcRegisterAdapterPowerManagement + 36 B69678EA 4 Bytes [5E, 5D, C2, 08] PAGE portcls.sys!PcRegisterAdapterPowerManagement + 3B B69678EF 3 Bytes [83, A6, 84] PAGE portcls.sys!PcRegisterAdapterPowerManagement + 42 B69678F6 4 Bytes [EB, F2, B8, 0D] PAGE portcls.sys!PcRegisterAdapterPowerManagement + 48 B69678FC 30 Bytes [C0, EB, EB, 8B, 45, 10, 3B, ...] PAGE ... PAGE portcls.sys!PcAddToEventTable + 47 B6967C4D 19 Bytes [8B, 45, 14, 01, 45, 08, FF, ...] PAGE portcls.sys!PcAddToEventTable + 5B B6967C61 3 Bytes [83, 65, F0] PAGE portcls.sys!PcAddToEventTable + 5F B6967C65 13 Bytes [8D, 3C, 7F, 68, 50, 63, 45, ...] PAGE portcls.sys!PcAddToEventTable + 6D B6967C73 11 Bytes [FF, D6, 85, C0, 89, 45, 08, ...] PAGE portcls.sys!PcAddToEventTable + 7A B6967C80 21 Bytes [68, 50, 63, 53, 62, FF, 75, ...] PAGE ... PAGE portcls.sys!PcDmaSlaveDescription + 21 B6969B34 70 Bytes [C0, EB, 47, 8B, 55, 24, 57, ...] PAGE portcls.sys!PcDmaSlaveDescription + 6A B6969B7D 8 Bytes [5F, 5E, 8B, C3, 5B, 5D, C2, ...] PAGE portcls.sys!PcDmaSlaveDescription + 73 B6969B86 14 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGE portcls.sys!PcDmaSlaveDescription + 83 B6969B96 9 Bytes [8B, 55, 0C, 85, D2, 75, 0A, ...] PAGE portcls.sys!PcDmaSlaveDescription + 8E B6969BA1 4 Bytes JMP B6969D83 \SystemRoot\system32\drivers\portcls.sys (Port Class (Class Driver for Port/Miniport Devices)/Microsoft Corporation) PAGE ... PAGE portcls.sys!PcCompletePendingEventRequest + C B6969DE6 19 Bytes [C0, 8B, D1, 23, D0, 3B, D0, ...] PAGE portcls.sys!PcCompletePendingEventRequest + 20 B6969DFA 16 Bytes [8B, 46, 18, 89, 48, 18, 8B, ...] PAGE portcls.sys!PcCompletePendingEventRequest + 31 B6969E0B 6 Bytes [56, FF, 15, 90, D3, 95] PAGE portcls.sys!PcCompletePendingEventRequest + 38 B6969E12 6 Bytes [33, C0, 5E, 5D, C2, 08] PAGE portcls.sys!PcCompletePendingEventRequest + 3F B6969E19 19 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGE ... PAGE portcls.sys!PcNewMiniport + B B696A3C4 4 Bytes [75, 07, B8, 0D] PAGE portcls.sys!PcNewMiniport + 11 B696A3CA 21 Bytes [C0, EB, 5F, 56, 8D, 45, F8, ...] PAGE portcls.sys!PcNewMiniport + 27 B696A3E0 1 Byte [6A] PAGE portcls.sys!PcNewMiniport + 27 B696A3E0 30 Bytes [6A, 00, FF, 75, 0C, 8D, 45, ...] PAGE portcls.sys!PcNewMiniport + 46 B696A3FF 23 Bytes [50, FF, 11, 8B, F0, 8B, 45, ...] PAGE ... PAGE portcls.sys!PcGetContentRights + 15 B696A4AA 22 Bytes [90, 90, 90, 90, 90, 33, C0, ...] PAGE portcls.sys!DllUnload + 12 B696A4C1 48 Bytes [53, 56, 8B, 75, 0C, 85, F6, ...] PAGE portcls.sys!DllUnload + 43 B696A4F2 55 Bytes [74, 40, 0F, B7, 46, 02, 57, ...] PAGE portcls.sys!DllUnload + 7C B696A52B 6 Bytes [C0, FF, 15, 90, D3, 95] PAGE portcls.sys!DllUnload + 83 B696A532 5 Bytes [EB, 1A, 83, 63, 04] PAGE portcls.sys!DllUnload + 89 B696A538 11 Bytes [8B, 45, 08, 89, 18, EB, 0F, ...] PAGE ... PAGE portcls.sys!PcForwardIrpSynchronous + 26 B696A5AF 6 Bytes [C0, FF, 15, 24, D3, 95] {SAR BH, 0x15; AND AL, 0xd3; XCHG EBP, EAX} PAGE portcls.sys!PcForwardIrpSynchronous + 2D B696A5B6 2 Bytes [B8, 0D] PAGE portcls.sys!PcForwardIrpSynchronous + 31 B696A5BA 4 Bytes [C0, 5D, C2, 08] {RCR BYTE [EBP-0x3e], 0x8} PAGE portcls.sys!PcForwardIrpSynchronous + 36 B696A5BF 44 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGE portcls.sys!PcForwardIrpSynchronous + 63 B696A5EC 22 Bytes [8B, C6, EB, 0D, 56, E8, 4B, ...] PAGE ... PAGE portcls.sys!PcRegisterPhysicalConnectionToExternal + 30 B696A737 4 Bytes [C0, 5D, C2, 14] {RCR BYTE [EBP-0x3e], 0x14} PAGE portcls.sys!PcRegisterPhysicalConnectionToExternal + 35 B696A73C 51 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGE portcls.sys!PcRegisterPhysicalConnectionFromExternal + 30 B696A771 4 Bytes [C0, 5D, C2, 14] {RCR BYTE [EBP-0x3e], 0x14} PAGE portcls.sys!PcRegisterPhysicalConnectionFromExternal + 35 B696A776 16 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGE portcls.sys!PcRegisterPhysicalConnectionFromExternal + 46 B696A787 3 Bytes [83, 65, F4] PAGE portcls.sys!PcRegisterPhysicalConnectionFromExternal + 4A B696A78B 14 Bytes [85, C0, 53, 56, 8B, 71, 28, ...] PAGE portcls.sys!PcRegisterPhysicalConnectionFromExternal + 59 B696A79A 22 Bytes [74, 0F, 8B, 08, 8D, 55, F8, ...] PAGE ... PAGE portcls.sys!PcVerifyFilterIsReady + 32 B696A9A2 6 Bytes [C0, 5F, 5E, 5D, C2, 08] PAGE portcls.sys!PcVerifyFilterIsReady + 39 B696A9A9 103 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGE portcls.sys!PcVerifyFilterIsReady + A1 B696AA11 100 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGE portcls.sys!PcVerifyFilterIsReady + 106 B696AA76 82 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGE portcls.sys!PcVerifyFilterIsReady + 159 B696AAC9 25 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGE ... PAGE portcls.sys!PcRequestNewPowerState + 16 B696ACF6 15 Bytes [C0, EB, 64, 56, 8B, 70, 28, ...] PAGE portcls.sys!PcRequestNewPowerState + 27 B696AD07 10 Bytes [C0, EB, 52, 53, 8B, 5D, 0C, ...] PAGE portcls.sys!PcRequestNewPowerState + 34 B696AD14 14 Bytes [74, 45, 57, 6A, 01, 8D, 45, ...] PAGE portcls.sys!PcRequestNewPowerState + 43 B696AD23 15 Bytes [57, 8D, 45, E0, 89, 45, F0, ...] PAGE portcls.sys!PcRequestNewPowerState + 53 B696AD33 17 Bytes [53, 6A, 02, FF, 76, 08, 89, ...] PAGE ... PAGE portcls.sys!PcCompletePendingPropertyRequest + 11 B696AEB3 7 Bytes [C0, EB, 33, 8B, 4D, 0C, B8] PAGE portcls.sys!PcCompletePendingPropertyRequest + 1B B696AEBD 34 Bytes [C0, 8B, D1, 23, D0, 3B, D0, ...] PAGE portcls.sys!PcCompletePendingPropertyRequest + 3E B696AEE0 6 Bytes [56, FF, 15, 90, D3, 95] PAGE portcls.sys!PcCompletePendingPropertyRequest + 45 B696AEE7 6 Bytes [33, C0, 5E, 5D, C2, 08] PAGE portcls.sys!PcCompletePendingPropertyRequest + 4C B696AEEE 16 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGE ... PAGE portcls.sys!PcNewResourceSublist + 11 B696B224 5 Bytes [74, 6A, 83, 7D, 18] PAGE portcls.sys!PcNewResourceSublist + 17 B696B22A 13 Bytes [74, 64, 56, FF, 75, 10, 8D, ...] PAGE portcls.sys!PcNewResourceSublist + 25 B696B238 2 Bytes [D5, 95] {AAD 0x95} PAGE portcls.sys!PcNewResourceSublist + 28 B696B23B 26 Bytes CALL B6966A6B \SystemRoot\system32\drivers\portcls.sys (Port Class (Class Driver for Port/Miniport Devices)/Microsoft Corporation) PAGE portcls.sys!PcNewResourceSublist + 43 B696B256 60 Bytes [57, FF, 10, 8B, F0, 85, F6, ...] PAGE ... PAGE ks.sys B6940000 3 Bytes [B8, 06, 02] PAGE ks.sys B6940004 16 Bytes JMP B6937DB9 \SystemRoot\system32\drivers\ks.sys (Kernel CSA Library/Microsoft Corporation) PAGE ks.sys B6940016 46 Bytes JMP B6937DB9 \SystemRoot\system32\drivers\ks.sys (Kernel CSA Library/Microsoft Corporation) PAGE ks.sys B6940045 1 Byte [08] PAGE ks.sys B6940048 4 Bytes [74, 1B, 81, F9] PAGE ... .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB5FC03A0, 0x5FE082, 0xE8000020] .text VIDEOPRT.SYS!VideoPortInitialize + FFFF0A98 B5F9B3FA 3 Bytes [DE, F9, B5] .text VIDEOPRT.SYS!VideoPortInitialize + FFFF0ADC B5F9B43E 3 Bytes CALL 87AFAE22 .text VIDEOPRT.SYS!VideoPortInitialize + FFFF0B1D B5F9B47F 3 Bytes JMP 3DFB6A7D .text VIDEOPRT.SYS!VideoPortInitialize + FFFF0B24 B5F9B486 3 Bytes JMP 41606A84 .text VIDEOPRT.SYS!VideoPortInitialize + FFFF0B51 B5F9B4B3 3 Bytes JMP 03856AB1 .text ... .text VIDEOPRT.SYS!VideoPortAllocateContiguousMemory + 1E B5F9B7C4 3 Bytes [DF, F9, B5] .text VIDEOPRT.SYS!VideoPortUnlockBuffer + 11 B5F9B80F 3 Bytes [DF, F9, B5] .text VIDEOPRT.SYS!VideoPortUnlockBuffer + 1A B5F9B818 3 Bytes [DF, F9, B5] .text VIDEOPRT.SYS!VideoPortUnlockBuffer + 5D B5F9B85B 3 Bytes [B8, F9, B5] .text VIDEOPRT.SYS!VideoPortUnlockBuffer + 73 B5F9B871 3 Bytes CALL 14AFB255 .text VIDEOPRT.SYS!VideoPortCompleteDma + B B5F9B889 3 Bytes [DE, F9, B5] .text VIDEOPRT.SYS!VideoPortCompleteDma + 28 B5F9B8A6 3 Bytes [DE, F9, B5] .text VIDEOPRT.SYS!VideoPortStartDma + 1C B5F9B910 3 Bytes [DE, F9, B5] .text VIDEOPRT.SYS!VideoPortStartDma + 84 B5F9B978 3 Bytes [DE, F9, B5] .text VIDEOPRT.SYS!VideoPortStartDma + 90 B5F9B984 3 Bytes [B8, F9, B5] .text VIDEOPRT.SYS!VideoPortStartDma + B4 B5F9B9A8 3 Bytes [DE, F9, B5] .text VIDEOPRT.SYS!VideoPortStartDma + C4 B5F9B9B8 3 Bytes CALL 20AFB39C .text ... .text VIDEOPRT.SYS!VideoPortDisableInterrupt + 26 B5F9BFC8 3 Bytes [DE, F9, B5] .text VIDEOPRT.SYS!VideoPortEnableInterrupt + 33 B5F9C015 3 Bytes [DE, F9, B5] .text VIDEOPRT.SYS!VideoPortGetBusData + 58 B5F9C080 3 Bytes [DE, F9, B5] .text VIDEOPRT.SYS!VideoPortGetCurrentIrql + 3 B5F9C08F 3 Bytes [DE, F9, B5] .text VIDEOPRT.SYS!VideoPortSetBusData + 58 B5F9C0F0 3 Bytes [DE, F9, B5] .text VIDEOPRT.SYS!VideoPortSetBusData + 6B B5F9C103 3 Bytes [C0, FA, B5] {SAR DL, 0xb5} .text VIDEOPRT.SYS!VideoPortSetBusData + 72 B5F9C10A 3 Bytes [C0, FA, B5] {SAR DL, 0xb5} .text VIDEOPRT.SYS!VideoPortQueueDpc + 1A B5F9C1AE 3 Bytes [DF, F9, B5] .text VIDEOPRT.SYS!VideoPortQueueDpc + 44 B5F9C1D8 3 Bytes JMP C83BB5F9 .text VIDEOPRT.SYS!VideoPortQueueDpc + 5D B5F9C1F1 3 Bytes JMP CB8BB5F9 .text VIDEOPRT.SYS!VideoPortQueueDpc + 76 B5F9C20A 3 Bytes JMP EA68B5F9 .text VIDEOPRT.SYS!VideoPortQueueDpc + 8A B5F9C21E 3 Bytes JMP B68BB5F9 \SystemRoot\system32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 266.58 /NVIDIA Corporation) .text ... .text VIDEOPRT.SYS!PortNotification + 1E B5F9C7C4 3 Bytes [E0, F9, B5] .text VIDEOPRT.SYS!PortNotification + 23 B5F9C7C9 3 Bytes [E0, F9, B5] .text VIDEOPRT.SYS!PortNotification + 81 B5F9C827 3 Bytes [CB, F9, B5] .text VIDEOPRT.SYS!PortNotification + 88 B5F9C82E 3 Bytes [C7, F9, B5] .text VIDEOPRT.SYS!PortNotification + AB B5F9C851 3 Bytes JMP C8E57E4F .text ... .text VIDEOPRT.SYS!VideoPortDeleteSpinLock + D B5F9C8C7 3 Bytes CALL E9AFC2AB .text VIDEOPRT.SYS!VideoPortAcquireSpinLock + B B5F9C8E1 3 Bytes [DE, F9, B5] .text VIDEOPRT.SYS!VideoPortAcquireSpinLockAtDpcLevel + B B5F9C8FD 3 Bytes [E0, F9, B5] .text VIDEOPRT.SYS!VideoPortReleaseSpinLock + E B5F9C918 3 Bytes [DE, F9, B5] .text VIDEOPRT.SYS!VideoPortReleaseSpinLockFromDpcLevel + B B5F9C92F 3 Bytes [E0, F9, B5] .text VIDEOPRT.SYS!VideoPortDeleteEvent + 22 B5F9C95E 3 Bytes CALL E9AFC342 .text VIDEOPRT.SYS!VideoPortSetEvent + 11 B5F9C97D 3 Bytes [DF, F9, B5] .text VIDEOPRT.SYS!VideoPortClearEvent + D B5F9C997 3 Bytes [E0, F9, B5] .text VIDEOPRT.SYS!VideoPortReadStateEvent + D B5F9C9B1 3 Bytes [E0, F9, B5] .text VIDEOPRT.SYS!VideoPortWaitForSingleObject + 25 B5F9C9E3 3 Bytes [E1, F9, B5] .text VIDEOPRT.SYS!VideoPortDebugPrint + 4D B5F9CA53 3 Bytes [E0, F9, B5] .text VIDEOPRT.SYS!VideoPortDebugPrint + 61 B5F9CA67 3 Bytes [DE, F9, B5] .text VIDEOPRT.SYS!VideoPortDebugPrint + 7C B5F9CA82 3 Bytes [DF, F9, B5] .text VIDEOPRT.SYS!VideoPortDebugPrint + B5 B5F9CABB 3 Bytes [E0, F9, B5] .text VIDEOPRT.SYS!VideoPortDebugPrint + D4 B5F9CADA 3 Bytes [6A, FA, B5] .text ... .text VIDEOPRT.SYS!VideoPortAllocatePool + 11 B5F9CCC3 3 Bytes [DE, F9, B5] .text VIDEOPRT.SYS!VideoPortFreePool + D B5F9CCDD 3 Bytes CALL 13AFC6C1 .text VIDEOPRT.SYS!VideoPortFreePool + 3C B5F9CD0C 3 Bytes [DF, F9, B5] .text VIDEOPRT.SYS!VideoPortFreePool + 45 B5F9CD15 3 Bytes CALL 14AFC6F9 .text VIDEOPRT.SYS!VideoPortFreePool + 60 B5F9CD30 3 Bytes JMP C085B5F9 .text VIDEOPRT.SYS!VideoPortFreePool + 6A B5F9CD3A 3 Bytes JMP D285B5F9 .text ... .text VIDEOPRT.SYS!VideoPortFlushRegistry + 64 B5F9CEF8 3 Bytes [DE, F9, B5] .text VIDEOPRT.SYS!VideoPortFlushRegistry + 71 B5F9CF05 3 Bytes [DF, F9, B5] .text VIDEOPRT.SYS!VideoPortFlushRegistry + 7A B5F9CF0E 3 Bytes [DE, F9, B5] .text VIDEOPRT.SYS!VideoPortStartTimer + 1A B5F9CF54 3 Bytes [E0, F9, B5] .text VIDEOPRT.SYS!VideoPortStopTimer + 1A B5F9CF7A 3 Bytes [E0, F9, B5] .text VIDEOPRT.SYS!VideoPortStopTimer + 53 B5F9CFB3 3 Bytes [E0, F9, B5] .text VIDEOPRT.SYS!VideoPortEnumerateChildren + 13 B5F9CFE9 3 Bytes [DF, F9, B5] .text VIDEOPRT.SYS!VideoPortQueryPerformanceCounter + B B5F9D003 3 Bytes [DE, F9, B5] .text VIDEOPRT.SYS!VideoPortQueryPerformanceCounter + 67 B5F9D05F 3 Bytes [DE, F9, B5] .text VIDEOPRT.SYS!VideoPortQueryPerformanceCounter + 88 B5F9D080 3 Bytes [E0, F9, B5] .text VIDEOPRT.SYS!VideoPortQueryPerformanceCounter + 9E B5F9D096 3 Bytes CALL 41AFCA7A .text VIDEOPRT.SYS!VideoPortQueryPerformanceCounter + B8 B5F9D0B0 3 Bytes [DE, F9, B5] .text ... .text VIDEOPRT.SYS!VideoPortGetVersion + D B5F9D395 3 Bytes JMP 41508993 .text VIDEOPRT.SYS!VideoPortGetVersion + 3E B5F9D3C6 3 Bytes [E0, F9, B5] .text VIDEOPRT.SYS!VideoPortLogError + 35 B5F9D447 3 Bytes [CB, F9, B5] .text VIDEOPRT.SYS!VideoPortSynchronizeExecution + 35 B5F9D491 3 Bytes [DE, F9, B5] .text VIDEOPRT.SYS!VideoPortSynchronizeExecution + 4C B5F9D4A8 3 Bytes [DE, F9, B5] .text VIDEOPRT.SYS!VideoPortSynchronizeExecution + 95 B5F9D4F1 3 Bytes [DF, F9, B5] .text VIDEOPRT.SYS!VideoPortSynchronizeExecution + A3 B5F9D4FF 3 Bytes [D4, F9, B5] .text VIDEOPRT.SYS!VideoPortSynchronizeExecution + FC B5F9D558 3 Bytes [DE, F9, B5] .text ... PAGE VIDEOPRT.SYS!VideoPortInt10 + 7 B5F9F025 3 Bytes [E2, F9, B5] PAGE VIDEOPRT.SYS!VideoPortInt10 + 3D B5F9F05B 3 Bytes [E1, F9, B5] PAGE VIDEOPRT.SYS!VideoPortInt10 + 4B B5F9F069 3 Bytes [C0, FA, B5] {SAR DL, 0xb5} PAGE VIDEOPRT.SYS!VideoPortInt10 + 57 B5F9F075 3 Bytes JMP 3A09A673 PAGE VIDEOPRT.SYS!VideoPortInt10 + 63 B5F9F081 3 Bytes [E1, F9, B5] PAGE ... PAGE VIDEOPRT.SYS!VideoPortSetTrappedEmulatorPorts + 2C B5F9FD56 3 Bytes [E2, F9, B5] PAGE VIDEOPRT.SYS!VideoPortSetTrappedEmulatorPorts + 3C B5F9FD66 3 Bytes JMP C06FB364 PAGE VIDEOPRT.SYS!VideoPortSetTrappedEmulatorPorts + 59 B5F9FD83 3 Bytes [DE, F9, B5] PAGE VIDEOPRT.SYS!VideoPortSetTrappedEmulatorPorts + 61 B5F9FD8B 3 Bytes [E1, F9, B5] PAGE VIDEOPRT.SYS!VideoPortSetTrappedEmulatorPorts + 70 B5F9FD9A 3 Bytes [E1, F9, B5] PAGE ... PAGE VIDEOPRT.SYS!VideoPortGetAgpServices + 34 B5FA134C 3 Bytes [09, FA, B5] PAGE VIDEOPRT.SYS!VideoPortGetAgpServices + 3B B5FA1353 3 Bytes [0B, FA, B5] PAGE VIDEOPRT.SYS!VideoPortGetAgpServices + 42 B5FA135A 3 Bytes [0B, FA, B5] PAGE VIDEOPRT.SYS!VideoPortGetAgpServices + 49 B5FA1361 3 Bytes [10, FA, B5] PAGE VIDEOPRT.SYS!VideoPortGetAgpServices + 50 B5FA1368 3 Bytes [10, FA, B5] PAGE ... PAGE VIDEOPRT.SYS!VideoPortDDCMonitorHelper + 64 B5FA15F6 3 Bytes [DE, F9, B5] PAGE VIDEOPRT.SYS!VideoPortGetDmaAdapter + 1C B5FA1774 3 Bytes [DE, F9, B5] PAGE VIDEOPRT.SYS!VideoPortGetDmaAdapter + 90 B5FA17E8 3 Bytes [DF, F9, B5] PAGE VIDEOPRT.SYS!VideoPortGetDmaAdapter + 9F B5FA17F7 3 Bytes CALL E9B011DB PAGE VIDEOPRT.SYS!VideoPortPutDmaAdapter + 48 B5FA1866 3 Bytes CALL 15B0124A PAGE VIDEOPRT.SYS!VideoPortLockBuffer + 4 B5FA18F0 3 Bytes [E2, F9, B5] PAGE VIDEOPRT.SYS!VideoPortLockBuffer + 1A B5FA1906 3 Bytes [DF, F9, B5] PAGE VIDEOPRT.SYS!VideoPortLockBuffer + 35 B5FA1921 3 Bytes [DF, F9, B5] PAGE VIDEOPRT.SYS!VideoPortLockBuffer + 47 B5FA1933 3 Bytes [DF, F9, B5] PAGE VIDEOPRT.SYS!VideoPortUnlockPages + 83 B5FA1A59 3 Bytes [DF, F9, B5] PAGE VIDEOPRT.SYS!VideoPortUnlockPages + 9E B5FA1A74 3 Bytes [E1, F9, B5] PAGE VIDEOPRT.SYS!VpNotifyEaData + 16 B5FA1ACE 3 Bytes JMP CAE5D0CC PAGE VIDEOPRT.SYS!VpNotifyEaData + 26 B5FA1ADE 3 Bytes JMP 808BB5F9 PAGE VIDEOPRT.SYS!VpNotifyEaData + 3D B5FA1AF5 3 Bytes [C0, FA, B5] {SAR DL, 0xb5} PAGE VIDEOPRT.SYS!VpNotifyEaData + 58 B5FA1B10 3 Bytes [DE, F9, B5] PAGE VIDEOPRT.SYS!VpNotifyEaData + 62 B5FA1B1A 3 Bytes [C0, FA, B5] {SAR DL, 0xb5} PAGE ... PAGE VIDEOPRT.SYS!VideoPortDbgReportCreate + A B5FA21DC 3 Bytes JMP 3F4DD7DA PAGE VIDEOPRT.SYS!VideoPortDbgReportCreate + 1F B5FA21F1 3 Bytes [DE, F9, B5] PAGE VIDEOPRT.SYS!VideoPortDbgReportCreate + 30 B5FA2202 3 Bytes JMP 7551D800 PAGE VIDEOPRT.SYS!VideoPortDbgReportCreate + 41 B5FA2213 3 Bytes [DF, F9, B5] PAGE VIDEOPRT.SYS!VideoPortDbgReportCreate + 6B B5FA223D 3 Bytes [B9, F9, B5] PAGE ... PAGE VIDEOPRT.SYS!VideoPortDbgReportSecondaryData + 8 B5FA22D4 3 Bytes [DE, F9, B5] PAGE VIDEOPRT.SYS!VideoPortDbgReportSecondaryData + 53 B5FA231F 3 Bytes [22, FA, B5] PAGE VIDEOPRT.SYS!VideoPortDbgReportComplete + A B5FA2358 3 Bytes JMP 414DD956 PAGE VIDEOPRT.SYS!VideoPortDbgReportComplete + 17 B5FA2365 3 Bytes [DE, F9, B5] PAGE VIDEOPRT.SYS!VideoPortDbgReportComplete + 2E B5FA237C 3 Bytes [23, FA, B5] PAGE VIDEOPRT.SYS!VideoPortDbgReportComplete + B6 B5FA2404 3 Bytes [DF, F9, B5] PAGE VIDEOPRT.SYS!VideoPortDbgReportComplete + 12E B5FA247C 3 Bytes JMP 4150DA7A PAGE ... PAGE VIDEOPRT.SYS!VideoPortGetRomImage + 22 B5FA3A4E 3 Bytes CALL 3FB03432 PAGE VIDEOPRT.SYS!VideoPortGetRomImage + 51 B5FA3A7D 3 Bytes [DE, F9, B5] PAGE VIDEOPRT.SYS!VideoPortGetRomImage + 84 B5FA3AB0 3 Bytes CALL 9FB03494 PAGE VIDEOPRT.SYS!VideoPortGetRomImage + FB B5FA3B27 3 Bytes CALL E9B0350B PAGE VIDEOPRT.SYS!VideoPortAcquireDeviceLock + 1B B5FA3BF5 3 Bytes [E1, F9, B5] PAGE VIDEOPRT.SYS!VideoPortAcquireDeviceLock + 28 B5FA3C02 3 Bytes [E1, F9, B5] PAGE VIDEOPRT.SYS!VideoPortAcquireDeviceLock + 35 B5FA3C0F 3 Bytes [E1, F9, B5] PAGE VIDEOPRT.SYS!VideoPortReleaseDeviceLock + 13 B5FA3C31 3 Bytes [E1, F9, B5] PAGE VIDEOPRT.SYS!VideoPortReleaseDeviceLock + 36 B5FA3C54 3 Bytes [DF, F9, B5] PAGE VIDEOPRT.SYS!VideoPortReleaseDeviceLock + 4F B5FA3C6D 3 Bytes [DF, F9, B5] PAGE VIDEOPRT.SYS!VideoPortReleaseDeviceLock + 7A B5FA3C98 3 Bytes [E1, F9, B5] PAGE VIDEOPRT.SYS!VideoPortReleaseDeviceLock + AB B5FA3CC9 3 Bytes [DE, F9, B5] PAGE ... PAGE VIDEOPRT.SYS!VideoPortCheckForDeviceExistence + 29 B5FA3D19 3 Bytes [DF, F9, B5] PAGE VIDEOPRT.SYS!VideoPortCheckForDeviceExistence + 3F B5FA3D2F 3 Bytes [DF, F9, B5] PAGE VIDEOPRT.SYS!VideoPortCheckForDeviceExistence + 69 B5FA3D59 3 Bytes [E1, F9, B5] PAGE VIDEOPRT.SYS!VideoPortCheckForDeviceExistence + 9B B5FA3D8B 3 Bytes [DE, F9, B5] PAGE VIDEOPRT.SYS!VideoPortCheckForDeviceExistence + B0 B5FA3DA0 3 Bytes [E1, F9, B5] PAGE ... PAGE VIDEOPRT.SYS!VideoPortRegisterBugcheckCallback + 52 B5FA3F28 3 Bytes JMP 1575B5F9 PAGE VIDEOPRT.SYS!VideoPortRegisterBugcheckCallback + 65 B5FA3F3B 3 Bytes JMP 2574B5F9 PAGE VIDEOPRT.SYS!VideoPortGetVgaStatus + 51 B5FA3FCB 3 Bytes [DE, F9, B5] PAGE VIDEOPRT.SYS!VideoPortGetVgaStatus + 6D B5FA3FE7 3 Bytes [DF, F9, B5] PAGE VIDEOPRT.SYS!VideoPortGetVgaStatus + 91 B5FA400B 3 Bytes [C4, F9, B5] PAGE VIDEOPRT.SYS!VideoPortGetVgaStatus + A6 B5FA4020 3 Bytes [DE, F9, B5] PAGE VIDEOPRT.SYS!VideoPortGetVgaStatus + BD B5FA4037 3 Bytes [E1, F9, B5] PAGE ... PAGE VIDEOPRT.SYS!VideoPortGetAccessRanges + D B5FA5DC5 3 Bytes JMP 038613C3 PAGE VIDEOPRT.SYS!VideoPortGetAccessRanges + 56 B5FA5E0E 3 Bytes [DE, F9, B5] PAGE VIDEOPRT.SYS!VideoPortGetAccessRanges + C7 B5FA5E7F 3 Bytes [DE, F9, B5] PAGE VIDEOPRT.SYS!VideoPortGetAccessRanges + 119 B5FA5ED1 3 Bytes [C0, FA, B5] {SAR DL, 0xb5} PAGE VIDEOPRT.SYS!VideoPortGetAccessRanges + 120 B5FA5ED8 3 Bytes [DE, F9, B5] PAGE ... PAGE VIDEOPRT.SYS!VideoPortVerifyAccessRanges + 46 B5FA620A 3 Bytes [C0, FA, B5] {SAR DL, 0xb5} PAGE VIDEOPRT.SYS!VideoPortVerifyAccessRanges + 71 B5FA6235 3 Bytes [C0, FA, B5] {SAR DL, 0xb5} PAGE VIDEOPRT.SYS!VideoPortVerifyAccessRanges + 87 B5FA624B 3 Bytes CALL 3FB05C2F PAGE VIDEOPRT.SYS!VideoPortVerifyAccessRanges + 8D B5FA6251 3 Bytes [C0, FA, B5] {SAR DL, 0xb5} PAGE VIDEOPRT.SYS!VideoPortVerifyAccessRanges + 93 B5FA6257 3 Bytes [C0, FA, B5] {SAR DL, 0xb5} PAGE ... PAGE VIDEOPRT.SYS!VideoPortCreateSpinLock + 11 B5FA62B7 3 Bytes [DE, F9, B5] PAGE VIDEOPRT.SYS!VideoPortCreateSpinLock + 21 B5FA62C7 3 Bytes [E0, F9, B5] PAGE VIDEOPRT.SYS!VideoPortCreateEvent + 12 B5FA62EC 3 Bytes [DE, F9, B5] PAGE VIDEOPRT.SYS!VideoPortCreateEvent + 3F B5FA6319 3 Bytes [DF, F9, B5] PAGE VIDEOPRT.SYS!VideoPortCreateEvent + 65 B5FA633F 3 Bytes JMP 3961193D PAGE VIDEOPRT.SYS!VideoPortCreateEvent + A9 B5FA6383 3 Bytes [E0, F9, B5] PAGE VIDEOPRT.SYS!VideoPortCreateEvent + B5 B5FA638F 3 Bytes [E0, F9, B5] PAGE ... PAGE VIDEOPRT.SYS!VideoPortGetDeviceData + 57 B5FA6875 3 Bytes [66, FA, B5] PAGE VIDEOPRT.SYS!VideoPortGetDeviceData + 5C B5FA687A 3 Bytes [C0, FA, B5] {SAR DL, 0xb5} PAGE VIDEOPRT.SYS!VideoPortGetDeviceData + 61 B5FA687F 3 Bytes [C0, FA, B5] {SAR DL, 0xb5} PAGE VIDEOPRT.SYS!VideoPortGetDeviceData + 66 B5FA6884 3 Bytes [C0, FA, B5] {SAR DL, 0xb5} PAGE VIDEOPRT.SYS!VideoPortGetDeviceData + 6B B5FA6889 3 Bytes [C0, FA, B5] {SAR DL, 0xb5} PAGE ... PAGE VIDEOPRT.SYS!VideoPortScanRom + 44 B5FA7CA6 3 Bytes [E0, F9, B5] PAGE VIDEOPRT.SYS!VideoPortUnmapMemory + 2D B5FA7D07 3 Bytes [E1, F9, B5] PAGE VIDEOPRT.SYS!VideoPortUnmapMemory + E6 B5FA7DC0 3 Bytes [E1, F9, B5] PAGE VIDEOPRT.SYS!VideoPortUnmapMemory + ED B5FA7DC7 3 Bytes [E0, F9, B5] PAGE VIDEOPRT.SYS!VideoPortUnmapMemory + 101 B5FA7DDB 3 Bytes [E0, F9, B5] PAGE VIDEOPRT.SYS!VideoPortUnmapMemory + 12D B5FA7E07 3 Bytes [DE, F9, B5] PAGE ... PAGE VIDEOPRT.SYS!VideoPortGetRegistryParameters + 49 B5FA942B 3 Bytes [E0, F9, B5] PAGE VIDEOPRT.SYS!VideoPortGetRegistryParameters + 79 B5FA945B 3 Bytes [C0, FA, B5] {SAR DL, 0xb5} PAGE VIDEOPRT.SYS!VideoPortGetRegistryParameters + A2 B5FA9484 3 Bytes [E0, F9, B5] PAGE VIDEOPRT.SYS!VideoPortGetRegistryParameters + B2 B5FA9494 3 Bytes [C0, FA, B5] {SAR DL, 0xb5} PAGE VIDEOPRT.SYS!VideoPortGetRegistryParameters + B8 B5FA949A 3 Bytes [DF, F9, B5] PAGE ... PAGE VIDEOPRT.SYS!VideoPortQueryServices + 54 B5FA95F4 3 Bytes [7D, FA, B5] PAGE VIDEOPRT.SYS!VideoPortQueryServices + 5B B5FA95FB 3 Bytes [7D, FA, B5] PAGE VIDEOPRT.SYS!VideoPortQueryServices + 95 B5FA9635 3 Bytes [34, FA, B5] PAGE VIDEOPRT.SYS!VideoPortQueryServices + 9C B5FA963C 3 Bytes [35, FA, B5] PAGE VIDEOPRT.SYS!VideoPortQueryServices + A3 B5FA9643 3 Bytes [39, FA, B5] PAGE ... PAGE VIDEOPRT.SYS!VideoPortCreateSecondaryDisplay + D B5FAA28F 3 Bytes JMP 0386588D PAGE VIDEOPRT.SYS!VideoPortCreateSecondaryDisplay + 30 B5FAA2B2 3 Bytes [E0, F9, B5] PAGE VIDEOPRT.SYS!VideoPortCreateSecondaryDisplay + 43 B5FAA2C5 3 Bytes [C0, FA, B5] {SAR DL, 0xb5} PAGE VIDEOPRT.SYS!VideoPortCreateSecondaryDisplay + 48 B5FAA2CA 3 Bytes [A1, FA, B5] PAGE VIDEOPRT.SYS!VideoPortCreateSecondaryDisplay + 87 B5FAA309 3 Bytes [DF, F9, B5] PAGE ... PAGE VIDEOPRT.SYS!VideoPortInitialize + 9 B5FAA96B 3 Bytes [C0, FA, B5] {SAR DL, 0xb5} PAGE VIDEOPRT.SYS!VideoPortInitialize + 12 B5FAA974 3 Bytes [C0, FA, B5] {SAR DL, 0xb5} PAGE VIDEOPRT.SYS!VideoPortInitialize + 5C B5FAA9BE 3 Bytes [C0, FA, B5] {SAR DL, 0xb5} PAGE VIDEOPRT.SYS!VideoPortInitialize + 79 B5FAA9DB 3 Bytes [86, FA, B5] PAGE VIDEOPRT.SYS!VideoPortInitialize + 91 B5FAA9F3 3 Bytes [77, FA, B5] PAGE ... .text ndiswan.sys B29A0000 1 Byte [9D] .text ndiswan.sys B29A0004 57 Bytes [66, 8B, 43, 02, 8A, E8, 8A, ...] .text ndiswan.sys B29A0040 95 Bytes [8B, 02, 89, 45, DC, 8B, 45, ...] .text ndiswan.sys B29A00A1 16 Bytes [B0, 40, 8B, 4D, FC, 5F, 5E, ...] .text ndiswan.sys B29A00B2 82 Bytes [3B, 7D, DC, 75, 07, 8B, 45, ...] .text ... .text rdpdr.sys B295E000 15 Bytes [02, 74, 22, 53, 8D, 47, 10, ...] .text rdpdr.sys B295E010 5 Bytes [FF, 35, 90, 0D, 96] .text rdpdr.sys B295E016 4 Bytes [68, 58, 0D, 96] .text rdpdr.sys B295E01B 5 Bytes [6A, 11, E8, 94, 18] .text rdpdr.sys B295E022 8 Bytes [83, C4, 1C, 57, E8, 05, 61, ...] .text ... .text tcpip.sys B06E7388 3 Bytes [5E, 72, B0] {POP ESI; JB 0xffffffffffffffb3} .text tcpip.sys B06E7393 3 Bytes [5F, 72, B0] {POP EDI; JB 0xffffffffffffffb3} .text tcpip.sys B06E739E 3 Bytes [5F, 72, B0] {POP EDI; JB 0xffffffffffffffb3} .text tcpip.sys B06E73AE 3 Bytes [84, 72, B0] {TEST [EDX-0x50], DH} .text tcpip.sys B06E73B6 3 Bytes [84, 72, B0] {TEST [EDX-0x50], DH} .text ... PAGEAFD afd.sys B0686000 12 Bytes [FF, 68, 41, 66, 64, C2, 56, ...] PAGEAFD afd.sys B068600D 10 Bytes JMP B0680402 \SystemRoot\System32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) PAGEAFD afd.sys B0686018 4 Bytes [8D, 46, 38, 39] PAGEAFD afd.sys B068601D 16 Bytes [8D, 4D, E4, 74, 75, FF, D3, ...] PAGEAFD afd.sys B068602E 32 Bytes [8B, CF, EB, 3E, 8B, 7E, 38, ...] PAGEAFD ... .text rdbss.sys!MZ + FFFF0524 B0649393 3 Bytes [33, 65, B0] {XOR ESP, [EBP-0x50]} .text rdbss.sys!MZ + FFFF0533 B06493A2 3 Bytes [21, 65, B0] {AND [EBP-0x50], ESP} .text rdbss.sys!MZ + FFFF0539 B06493A8 3 Bytes [33, 65, B0] {XOR ESP, [EBP-0x50]} .text rdbss.sys!MZ + FFFF053F B06493AE 3 Bytes [33, 65, B0] {XOR ESP, [EBP-0x50]} .text rdbss.sys!MZ + FFFF0544 B06493B3 3 Bytes [33, 65, B0] {XOR ESP, [EBP-0x50]} .text ... .text mrxsmb.sys B05DA40B 3 Bytes [68, 5F, B0] .text mrxsmb.sys B05DA411 3 Bytes [9E, 5F, B0] .text mrxsmb.sys B05DA41C 3 Bytes [9D, 5F, B0] .text mrxsmb.sys B05DA422 3 Bytes [9D, 5F, B0] .text mrxsmb.sys B05DA42B 3 Bytes [9D, 5F, B0] .text ... .text ipnat.sys B05B938E 3 Bytes [59, 5D, B0] .text ipnat.sys B05B9394 3 Bytes [C5, 5C, B0] .text ipnat.sys B05B939A 3 Bytes [59, 5D, B0] .text ipnat.sys B05B939F 3 Bytes [59, 5D, B0] .text ipnat.sys B05B93CE 3 Bytes [59, 5D, B0] .text ... .text win32k.sys!EngDeleteSurface + ED0 BF811000 8 Bytes [9C, 89, 5D, A0, E8, 54, 95, ...] .text win32k.sys!EngDeleteSurface + ED9 BF811009 21 Bytes [85, C0, 74, 08, 8B, 7D, 14, ...] .text win32k.sys!EngDeleteSurface + EF0 BF811020 1 Byte [20] .text win32k.sys!EngDeleteSurface + EF0 BF811020 12 Bytes [20, 00, 0F, 84, 26, FE, FF, ...] .text win32k.sys!EngDeleteSurface + EFD BF81102D 7 Bytes [8B, 40, 2C, F6, 80, 94, 01] .text ... .text win32k.sys!EngNineGrid + 6E BF81782E 5 Bytes [5F, 5E, C9, C2, 24] .text win32k.sys!EngNineGrid + 74 BF817834 5 Bytes [6A, 57, E8, C1, 4B] .text win32k.sys!EngNineGrid + 7B BF81783B 25 Bytes [33, C0, EB, F0, 90, 90, 90, ...] .text win32k.sys!EngNineGrid + 95 BF817855 1 Byte [07] .text win32k.sys!EngNineGrid + 98 BF817858 22 Bytes [85, C0, 75, 05, B8, 93, 7C, ...] .text ... .text win32k.sys!EngTransparentBlt + B BF8198DA 20 Bytes [8B, 4D, 1C, 53, 8B, 5D, 08, ...] .text win32k.sys!EngTransparentBlt + 20 BF8198EF 1 Byte [03] .text win32k.sys!EngTransparentBlt + 23 BF8198F2 11 Bytes [8B, 55, 0C, 66, 39, 42, 30, ...] .text win32k.sys!EngTransparentBlt + 30 BF8198FF 93 Bytes [8D, 7D, F0, A5, A5, A5, A5, ...] .text win32k.sys!EngTransparentBlt + 8E BF81995D 16 Bytes CALL BF8191CD \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation) .text ... .text win32k.sys!EngCreateDeviceBitmap + C BF819E5F 4 Bytes [FF, 75, 14, 6A] .text win32k.sys!EngCreateDeviceBitmap + 11 BF819E64 19 Bytes [FF, 75, 10, FF, 75, 0C, FF, ...] .text win32k.sys!EngCreateDeviceBitmap + 25 BF819E78 51 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngCreateDeviceBitmap + 59 BF819EAC 42 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngCreateDeviceBitmap + 84 BF819ED7 30 Bytes [EB, F0, 8B, 48, 08, 3B, 4D, ...] .text ... .text win32k.sys!EngAssociateSurface + 15 BF819F30 23 Bytes [53, 8B, 5D, 08, 56, 53, 8D, ...] .text win32k.sys!EngAssociateSurface + 2D BF819F48 1 Byte [03] .text win32k.sys!EngAssociateSurface + 30 BF819F4B 52 Bytes CALL BF819E2C \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation) .text win32k.sys!EngAssociateSurface + 65 BF819F80 1 Byte [03] .text win32k.sys!EngAssociateSurface + 68 BF819F83 12 Bytes CALL BF819E79 \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation) .text ... .text win32k.sys!EngRestoreFloatingPointState + B BF819FC9 4 Bytes [74, 1A, 83, 20] .text win32k.sys!EngRestoreFloatingPointState + 10 BF819FCE 22 Bytes [83, C0, 04, 50, FF, 15, C0, ...] .text win32k.sys!EngRestoreFloatingPointState + 27 BF819FE5 32 Bytes [33, C0, EB, F8, 33, C0, EB, ...] .text win32k.sys!EngSaveFloatingPointState + 14 BF81A006 40 Bytes [74, 27, 83, 7D, 0C, 24, 72, ...] .text win32k.sys!EngSaveFloatingPointState + 3D BF81A02F 40 Bytes [8D, 45, E0, 50, FF, 15, C4, ...] .text win32k.sys!EngQueryPerformanceCounter + 7 BF81A058 17 Bytes [FF, 15, 1C, AC, 98, BF, 8B, ...] .text win32k.sys!EngQueryPerformanceCounter + 19 BF81A06A 35 Bytes [8B, 46, 2C, 8B, 04, 85, 64, ...] .text win32k.sys!EngQueryPerformanceCounter + 3E BF81A08F 7 Bytes [2B, F0, 89, 75, 0C, E9, F6] .text win32k.sys!EngQueryPerformanceCounter + 48 BF81A099 3 Bytes [83, 61, 18] .text win32k.sys!EngQueryPerformanceCounter + 4C BF81A09D 5 Bytes [33, C0, E9, 38, 02] .text ... .text win32k.sys!BRUSHOBJ_pvGetRbrush + 1C BF81AD8B 19 Bytes [8B, 4E, 48, 50, 56, 51, E8, ...] .text win32k.sys!BRUSHOBJ_pvGetRbrush + 30 BF81AD9F 10 Bytes CALL A7D7FDB4 .text win32k.sys!BRUSHOBJ_pvGetRbrush + 3D BF81ADAC 7 Bytes [8B, 46, 04, 5E, 5D, C2, 04] .text win32k.sys!BRUSHOBJ_pvGetRbrush + 45 BF81ADB4 20 Bytes [85, C0, 75, 04, 33, C0, EB, ...] .text win32k.sys!BRUSHOBJ_pvGetRbrush + 5A BF81ADC9 26 Bytes [EB, ED, 90, 90, 90, 90, 90, ...] .text ... .text win32k.sys!BRUSHOBJ_pvAllocRbrush + C BF81AEDF 44 Bytes [56, 8B, 75, 0C, 74, D2, 33, ...] .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 39 BF81AF0C 17 Bytes CALL BF8029D1 \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation) .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 4C BF81AF1F 7 Bytes [03, 41, 4C, 89, 81, 14, 04] .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 55 BF81AF28 4 Bytes [8B, 81, D4, 03] .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 5B BF81AF2E 7 Bytes [03, 41, 50, 89, 81, 18, 04] .text ... .text win32k.sys!EngSetLastError + 20 BF81C41C 11 Bytes [90, 90, 90, 90, 90, 8B, 01, ...] .text win32k.sys!EngSetLastError + 2E BF81C42A 45 Bytes [74, 09, F6, 40, 19, 08, 75, ...] .text win32k.sys!EngSetLastError + 5E BF81C45A 11 Bytes [8B, 01, 3B, C2, 75, 06, 5F, ...] .text win32k.sys!EngSetLastError + 6A BF81C466 11 Bytes CALL BF801881 \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation) .text win32k.sys!EngSetLastError + 76 BF81C472 85 Bytes [74, 2A, 3B, 3D, 38, 99, 9A, ...] .text ... .text win32k.sys!EngLockSurface + 24E4 BF830E00 6 Bytes [39, 5D, 14, 0F, 84, E0] .text win32k.sys!EngLockSurface + 24ED BF830E09 16 Bytes CALL BF80EB8F \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation) .text win32k.sys!EngLockSurface + 24FF BF830E1B 9 Bytes [8B, 46, 3C, 3B, C3, 0F, 84, ...] .text win32k.sys!EngLockSurface + 250A BF830E26 15 Bytes [8B, 40, 04, 8B, 40, 08, 8B, ...] .text win32k.sys!EngLockSurface + 251C BF830E38 8 Bytes [89, 5D, E4, 3B, C3, 0F, 84, ...] .text ... .text win32k.sys!CLIPOBJ_cEnumStart + 19 BF8313AD 3 Bytes [5D, C2, 14] .text win32k.sys!CLIPOBJ_cEnumStart + 1D BF8313B1 22 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!CLIPOBJ_bEnum + 13 BF8313C9 3 Bytes [5D, C2, 0C] .text win32k.sys!CLIPOBJ_bEnum + 17 BF8313CD 48 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!CLIPOBJ_bEnum + 48 BF8313FE 16 Bytes [89, 46, 14, 8B, 45, 0C, 89, ...] .text win32k.sys!CLIPOBJ_bEnum + 59 BF83140F 1 Byte [6A] .text win32k.sys!CLIPOBJ_bEnum + 59 BF83140F 13 Bytes [6A, 00, EB, D8, 83, EA, 04, ...] .text ... .text win32k.sys!EngCopyBits + B BF831DC5 19 Bytes [53, 8B, 5D, 0C, 8B, C3, F7, ...] .text win32k.sys!EngCopyBits + 1F BF831DD9 9 Bytes [56, 57, 89, 45, FC, 0F, 85, ...] .text win32k.sys!EngCopyBits + 2A BF831DE4 88 Bytes [8B, 75, 08, 8B, 46, 0C, 33, ...] .text win32k.sys!EngCopyBits + 84 BF831E3E 24 Bytes [6A, 04, 59, 8B, 43, 24, 89, ...] .text win32k.sys!EngCopyBits + 9E BF831E58 3 Bytes [83, 65, 0C] .text ... .text win32k.sys!EngMapFontFileFD + 15 BF832398 3 Bytes [5D, C2, 0C] .text win32k.sys!EngMapFontFileFD + 19 BF83239C 39 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngMapFontFileFD + 41 BF8323C4 9 Bytes [33, C0, EB, F8, 89, 7D, FC, ...] .text win32k.sys!EngMapFontFileFD + 4D BF8323D0 7 Bytes [39, 7E, 20, 0F, 84, 89, 01] .text win32k.sys!EngMapFontFileFD + 56 BF8323D9 8 Bytes [8B, 46, 14, 3B, C7, 0F, 84, ...] .text ... .text win32k.sys!EngUnmapFontFileFD + 40 BF8325DE 8 Bytes [8D, 45, E0, 50, E8, 45, 7E, ...] .text win32k.sys!EngUnmapFontFileFD + 49 BF8325E7 8 Bytes [EB, F1, 85, C9, 0F, 84, 2D, ...] .text win32k.sys!EngUnmapFontFileFD + 53 BF8325F1 7 Bytes [F6, C1, 01, 0F, 85, 24, 03] .text win32k.sys!EngUnmapFontFileFD + 5C BF8325FA 23 Bytes [8B, 40, 4C, 49, 83, E1, FE, ...] .text win32k.sys!EngUnmapFontFileFD + 75 BF832613 7 Bytes [8D, 4D, F4, E8, 09, 43, 0C] .text ... .text win32k.sys!PATHOBJ_bEnum + 2C97 BF850C00 2 Bytes [E0, 02] {LOOPNZ 0x4} .text win32k.sys!PATHOBJ_bEnum + 2C9B BF850C04 6 Bytes [8B, 08, 89, 8E, C4, 02] .text win32k.sys!PATHOBJ_bEnum + 2CA3 BF850C0C 11 Bytes [8B, 40, 04, 83, 4E, 18, 04, ...] .text win32k.sys!PATHOBJ_bEnum + 2CB0 BF850C19 4 Bytes [8B, 86, A4, 02] .text win32k.sys!PATHOBJ_bEnum + 2CB6 BF850C1F 4 Bytes [89, 86, E4, 02] .text ... .text win32k.sys!STROBJ_vEnumStart + C BF852899 3 Bytes [83, 60, 28] .text win32k.sys!STROBJ_vEnumStart + 10 BF85289D 3 Bytes [5D, C2, 04] .text win32k.sys!STROBJ_vEnumStart + 14 BF8528A1 49 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!STROBJ_vEnumStart + 46 BF8528D3 16 Bytes CALL 48956A65 .text win32k.sys!STROBJ_vEnumStart + 58 BF8528E5 140 Bytes [8D, 45, F0, 50, FF, 76, 0C, ...] .text ... .text win32k.sys!EngTextOut + B BF8537C8 118 Bytes [A1, B4, 85, 99, BF, 89, 45, ...] .text win32k.sys!EngTextOut + 83 BF853840 1 Byte [01] .text win32k.sys!EngTextOut + 83 BF853840 30 Bytes [01, 00, 89, BD, BC, FB, FF, ...] .text win32k.sys!EngTextOut + A3 BF853860 54 Bytes [F6, C1, 02, 0F, 85, 0A, FF, ...] .text win32k.sys!EngTextOut + DA BF853897 47 Bytes [89, 95, A0, FB, FF, FF, 0F, ...] .text ... .text win32k.sys!EngFillPath + B BF856AA5 32 Bytes [53, 56, 8B, 75, 08, 8B, DE, ...] .text win32k.sys!EngFillPath + 2D BF856AC7 20 Bytes [8B, 4D, 0C, F6, 01, 01, 0F, ...] .text win32k.sys!EngFillPath + 42 BF856ADC 26 Bytes [50, 56, 8D, 4D, EC, 89, 45, ...] .text win32k.sys!EngFillPath + 5D BF856AF7 3 Bytes [0F, 85, AD] .text win32k.sys!EngFillPath + 63 BF856AFD 15 Bytes [33, C0, 50, FF, 75, 20, 8D, ...] .text ... .text win32k.sys!EngStretchBltROP + 2C BF858052 9 Bytes [89, 4D, F0, 89, 45, F4, 0F, ...] .text win32k.sys!EngStretchBltROP + 38 BF85805E 48 Bytes [8B, 71, 1C, 8B, 50, 1C, FF, ...] .text win32k.sys!EngStretchBltROP + 6A BF858090 42 Bytes [FF, 75, 2C, F7, DF, 56, FF, ...] .text win32k.sys!EngStretchBltROP + 95 BF8580BB 4 Bytes [8B, B6, E8, 05] .text win32k.sys!EngStretchBltROP + 9B BF8580C1 24 Bytes [EB, B4, 3B, D3, 0F, 84, FB, ...] .text ... .text win32k.sys!EngLineTo + B BF85BD2C 97 Bytes [8B, 45, 08, 53, 56, 8B, F0, ...] .text win32k.sys!EngLineTo + 6E BF85BD8F 22 Bytes [0F, 85, 2C, FF, FF, FF, 8B, ...] .text win32k.sys!EngLineTo + 85 BF85BDA6 4 Bytes [C7, 45, FC, 01] .text win32k.sys!EngLineTo + 8C BF85BDAD 9 Bytes [8B, 45, FC, 5F, 5E, 5B, C9, ...] .text win32k.sys!EngLineTo + 96 BF85BDB7 20 Bytes [6A, 08, 59, 33, C0, 8D, 7D, ...] .text ... .text win32k.sys!EngEraseSurface + 1B BF85C8A0 1 Byte [6A] .text win32k.sys!EngEraseSurface + 1B BF85C8A0 15 Bytes [6A, 00, 89, 4D, 08, 50, 8D, ...] .text win32k.sys!EngEraseSurface + 2B BF85C8B0 4 Bytes [FF, 75, 10, 6A] .text win32k.sys!EngEraseSurface + 30 BF85C8B5 16 Bytes CALL BF827582 \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation) .text win32k.sys!EngEraseSurface + 41 BF85C8C6 9 Bytes [33, C0, EB, F7, 33, C0, E9, ...] .text ... .text win32k.sys!EngDeleteSemaphore + 3609 BF870A00 34 Bytes [0C, 8B, 75, 1C, 89, B5, 50, ...] .text win32k.sys!EngDeleteSemaphore + 362E BF870A25 78 Bytes [83, 8D, 4C, FF, FF, FF, FF, ...] .text win32k.sys!EngDeleteSemaphore + 367E BF870A75 19 Bytes [8B, 45, 18, 3B, C1, 74, 57, ...] .text win32k.sys!EngDeleteSemaphore + 3694 BF870A8B 6 Bytes [83, F8, 20, 0F, 8F, F0] .text win32k.sys!EngDeleteSemaphore + 369D BF870A94 181 Bytes [8D, 4D, C4, 89, 8D, 54, FF, ...] .text ... .text win32k.sys!EngComputeGlyphSet + B BF878488 10 Bytes [56, 8B, 75, 10, 85, F6, 7C, ...] .text win32k.sys!EngComputeGlyphSet + 17 BF878494 1 Byte [01] .text win32k.sys!EngComputeGlyphSet + 17 BF878494 45 Bytes [01, 00, 7D, 5B, 53, 57, BF, ...] .text win32k.sys!EngComputeGlyphSet + 46 BF8784C3 13 Bytes [89, 45, 10, 8D, 44, 46, 04, ...] .text win32k.sys!EngComputeGlyphSet + 54 BF8784D1 4 Bytes CALL BF8E7FB0 \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation) .text ... .text win32k.sys!EngMultiByteToWideChar + 1B BF87851B 3 Bytes [5D, C2, 14] .text win32k.sys!EngMultiByteToWideChar + 1F BF87851F 95 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngMultiByteToWideChar + 7F BF87857F 24 Bytes [6A, 01, 53, 6A, 02, FF, 75, ...] .text win32k.sys!EngMultiByteToWideChar + 99 BF878599 7 Bytes [33, FF, 85, F6, 0F, 8E, F9] .text win32k.sys!EngMultiByteToWideChar + A3 BF8785A3 36 Bytes [8B, 45, 14, 89, 45, FC, 6A, ...] .text ... .text win32k.sys!EngStrokePath + 7A BF879DA0 16 Bytes [FF, 75, 24, 57, FF, 75, 18, ...] .text win32k.sys!EngStrokePath + 8B BF879DB1 67 Bytes [EB, E6, 90, 90, 90, 90, 90, ...] .text win32k.sys!EngStrokePath + CF BF879DF5 6 Bytes [33, F6, 46, E9, 9B, 01] .text win32k.sys!EngStrokePath + D7 BF879DFD 5 Bytes [33, F6, E9, 94, 01] .text win32k.sys!EngStrokePath + DE BF879E04 11 Bytes CALL BF8047D9 \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation) .text ... .text win32k.sys!STROBJ_bEnum + 339C BF890801 3 Bytes [83, 7D, 84] .text win32k.sys!STROBJ_bEnum + 33A0 BF890805 4 Bytes [0F, 85, 73, 01] .text win32k.sys!STROBJ_bEnum + 33A6 BF89080B 2 Bytes [BE, FF] .text win32k.sys!STROBJ_bEnum + 33AB BF890810 7 Bytes [56, FF, 75, E0, E8, 9E, 78] .text win32k.sys!STROBJ_bEnum + 33B4 BF890819 16 Bytes [8B, BD, 74, FF, FF, FF, 56, ...] .text ... .text win32k.sys!EngAllocUserMem + 1A BF892B5E 1 Byte [30] .text win32k.sys!EngAllocUserMem + 1D BF892B61 49 Bytes [8D, 45, 08, 50, 53, 8D, 45, ...] .text win32k.sys!EngAllocUserMem + 4F BF892B93 103 Bytes [A6, 98, BF, 8B, F0, 89, 75, ...] .text win32k.sys!EngAllocUserMem + B7 BF892BFB 8 Bytes [57, FF, 15, D4, AA, 98, BF, ...] .text win32k.sys!EngAllocUserMem + C0 BF892C04 1 Byte [80] .text ... .text win32k.sys!EngMarkBandingSurface + D BF893149 26 Bytes CALL BF810045 \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation) .text win32k.sys!EngMarkBandingSurface + 28 BF893164 4 Bytes [33, F6, E9, E7] .text win32k.sys!EngMarkBandingSurface + 2F BF89316B 29 Bytes [8D, 45, EC, 50, 8D, 45, F8, ...] .text win32k.sys!EngMarkBandingSurface + 4F BF89318B 4 Bytes CALL BF974EF8 \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation) .text win32k.sys!EngMarkBandingSurface + 54 BF893190 29 Bytes [89, 45, FC, EB, 35, 90, 90, ...] .text ... .text win32k.sys!BRUSHOBJ_ulGetBrushColor + 1D BF893A5A 51 Bytes [83, C8, FF, EB, F7, F6, 40, ...] .text win32k.sys!BRUSHOBJ_ulGetBrushColor + 53 BF893A90 41 Bytes [01, 53, 57, 8B, 7D, 08, 57, ...] .text win32k.sys!BRUSHOBJ_ulGetBrushColor + 7F BF893ABC 9 Bytes [FE, 5F, 8B, C3, 5B, 5E, 5D, ...] .text win32k.sys!BRUSHOBJ_ulGetBrushColor + 89 BF893AC6 9 Bytes [33, C0, EB, F7, 33, C0, 40, ...] .text win32k.sys!BRUSHOBJ_ulGetBrushColor + 95 BF893AD2 4 Bytes [B9, 40, 42, 0F] .text ... .text win32k.sys!STROBJ_bEnumPositionsOnly + 23 BF893F44 11 Bytes [FF, 75, 10, FF, 75, 0C, 50, ...] .text win32k.sys!STROBJ_bEnumPositionsOnly + 2F BF893F50 6 Bytes [EB, EE, 33, C0, E9, B7] .text win32k.sys!STROBJ_bEnumPositionsOnly + 38 BF893F59 5 Bytes [FF, 31, 83, 65, FC] .text win32k.sys!STROBJ_bEnumPositionsOnly + 3E BF893F5F 13 Bytes [8D, 45, B8, 8D, 4D, F4, 89, ...] .text win32k.sys!STROBJ_bEnumPositionsOnly + 4C BF893F6D 5 Bytes [85, C0, 0F, 84, F6] .text ... .text win32k.sys!XFORMOBJ_bApplyXform + 3E BF89400E 6 Bytes [5E, 5B, 5F, C9, C2, 14] .text win32k.sys!XFORMOBJ_bApplyXform + 45 BF894015 16 Bytes [3B, F3, 0F, 84, 68, FF, FF, ...] .text win32k.sys!XFORMOBJ_bApplyXform + 58 BF894028 64 Bytes [85, C0, 74, 3F, 8D, 0C, FB, ...] .text win32k.sys!XFORMOBJ_bApplyXform + 99 BF894069 104 Bytes [EB, A3, 33, C0, EB, 9F, 8B, ...] .text win32k.sys!XFORMOBJ_bApplyXform + 102 BF8940D2 3 Bytes [68, 16, 02] .text ... .text win32k.sys!FONTOBJ_vGetInfo + 1C BF894244 9 Bytes [8B, 4D, 0C, 8B, 7D, 10, 83, ...] .text win32k.sys!FONTOBJ_vGetInfo + 26 BF89424E 30 Bytes JMP A3FECF55 .text win32k.sys!FONTOBJ_vGetInfo + 45 BF89426D 29 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!FONTOBJ_vGetInfo + 65 BF89428D 4 Bytes [8B, 06, 8B, 80] .text win32k.sys!FONTOBJ_vGetInfo + 6A BF894292 1 Byte [02] .text ... .text win32k.sys!FONTOBJ_cGetGlyphs + 11 BF8944E7 43 Bytes [89, 45, F0, 8B, 45, 08, 56, ...] .text win32k.sys!FONTOBJ_cGetGlyphs + 3D BF894513 14 Bytes CALL BF8049C2 \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation) .text win32k.sys!FONTOBJ_cGetGlyphs + 4C BF894522 28 Bytes [33, C0, EB, F8, 90, 90, 90, ...] .text win32k.sys!FONTOBJ_cGetGlyphs + 6A BF894540 3 Bytes [5D, C2, 0C] .text win32k.sys!FONTOBJ_cGetGlyphs + 6E BF894544 37 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text ... .text win32k.sys!STROBJ_bGetAdvanceWidths + 39 BF8945D7 42 Bytes [74, 3D, 3B, CA, 73, 1E, 8B, ...] .text win32k.sys!STROBJ_bGetAdvanceWidths + 64 BF894602 33 Bytes [8B, 71, 04, 8B, 7D, 14, 83, ...] .text win32k.sys!STROBJ_bGetAdvanceWidths + 88 BF894626 4 Bytes [89, 31, E9, EF] .text win32k.sys!STROBJ_bGetAdvanceWidths + 8F BF89462D 20 Bytes [90, 90, 90, 90, 90, 33, C0, ...] .text win32k.sys!STROBJ_bGetAdvanceWidths + A4 BF894642 3 Bytes [83, 65, E0] .text ... .text win32k.sys!BRUSHOBJ_hGetColorTransform + 18 BF89487A 36 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!BRUSHOBJ_hGetColorTransform + 3E BF8948A0 10 Bytes [8B, 4D, 08, 53, 57, 89, 03, ...] .text win32k.sys!BRUSHOBJ_hGetColorTransform + 4A BF8948AC 22 Bytes [8B, 7D, 14, 85, FF, 74, 1D, ...] .text win32k.sys!BRUSHOBJ_hGetColorTransform + 62 BF8948C4 10 Bytes [8B, 4D, 08, 53, 57, 89, 03, ...] .text win32k.sys!BRUSHOBJ_hGetColorTransform + 6E BF8948D0 17 Bytes [8B, 45, 08, 2B, 70, 20, 8B, ...] .text ... .text win32k.sys!EngMultiByteToUnicodeN + 3724 BF8B0600 10 Bytes [F8, 8D, 04, 90, 8B, 30, 89, ...] .text win32k.sys!EngMultiByteToUnicodeN + 372F BF8B060B 22 Bytes [0F, B6, 78, 03, 2B, 75, 0C, ...] .text win32k.sys!EngMultiByteToUnicodeN + 3746 BF8B0622 34 Bytes [89, 75, D0, 8D, 75, CC, C1, ...] .text win32k.sys!EngMultiByteToUnicodeN + 376B BF8B0647 25 Bytes [8D, 45, CC, 50, FF, 75, EC, ...] .text win32k.sys!EngMultiByteToUnicodeN + 3785 BF8B0661 1 Byte [8B] .text ... .text win32k.sys!EngFindImageProcAddress + 14 BF8B0B71 29 Bytes [8B, 70, 08, 8B, 45, 0C, 8D, ...] .text win32k.sys!EngFindImageProcAddress + 34 BF8B0B91 10 Bytes [83, C4, 0C, 85, C0, 74, A3, ...] .text win32k.sys!EngFindImageProcAddress + 3F BF8B0B9C 24 Bytes [53, 74, 5E, 8B, 46, 14, 8B, ...] .text win32k.sys!EngFindImageProcAddress + 58 BF8B0BB5 47 Bytes [03, C1, 03, F9, 03, D9, 85, ...] .text win32k.sys!EngFindImageProcAddress + 8A BF8B0BE7 30 Bytes [83, C4, 0C, 85, C0, 0F, 84, ...] .text ... .text win32k.sys!EngLoadImage + 21 BF8B0CF4 19 Bytes [8B, 0D, C8, 9A, 9A, BF, 8B, ...] .text win32k.sys!EngLoadImage + 35 BF8B0D08 6 Bytes [83, C0, 03, E9, 98, 0C] .text win32k.sys!EngLoadImage + 3D BF8B0D10 37 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngLoadImage + 63 BF8B0D36 21 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngLoadImage + 79 BF8B0D4C 5 Bytes [33, F6, E9, F8, 04] .text ... .text win32k.sys!EngQueryPerformanceFrequency + 15 BF8B2BA1 32 Bytes CALL BF8B0A76 \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation) .text win32k.sys!EngQueryPerformanceFrequency + 37 BF8B2BC3 12 Bytes CALL BF8029D1 \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation) .text win32k.sys!EngQueryPerformanceFrequency + 45 BF8B2BD1 5 Bytes [33, C0, E9, 0D, 1A] .text win32k.sys!EngQueryPerformanceFrequency + 4C BF8B2BD8 6 Bytes [89, 75, FC, E9, 21, 1A] .text win32k.sys!EngQueryPerformanceFrequency + 54 BF8B2BE0 6 Bytes [8B, 76, 40, E9, 0E, 14] .text ... .text win32k.sys!EngSecureMem + 17 BF8B4C1D 14 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngUnloadImage + B BF8B4C2D 38 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngCreateEvent + 22 BF8B4C54 28 Bytes [AB, 8D, 46, 08, 6A, 01, 50, ...] .text win32k.sys!EngCreateEvent + 3F BF8B4C71 20 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngQuerySystemAttribute + 10 BF8B4C86 32 Bytes [6A, 0C, 8D, 45, F4, 50, 6A, ...] .text win32k.sys!EngQuerySystemAttribute + 31 BF8B4CA7 4 Bytes [48, 75, 1F, 6A] .text win32k.sys!EngQuerySystemAttribute + 36 BF8B4CAC 7 Bytes [6A, 2C, 8D, 45, C8, 50, 6A] .text win32k.sys!EngQuerySystemAttribute + 3E BF8B4CB4 34 Bytes [FF, 15, C8, AA, 98, BF, 85, ...] .text win32k.sys!EngQuerySystemAttribute + 61 BF8B4CD7 1 Byte [8B] .text ... .text win32k.sys!EngFindResource + 1A BF8B6E7F 3 Bytes [5D, C2, 10] .text win32k.sys!EngFindResource + 1E BF8B6E83 35 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngFindResource + 44 BF8B6EA9 3 Bytes [5D, C2, 14] .text win32k.sys!EngFindResource + 48 BF8B6EAD 19 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngFindResource + 5C BF8B6EC1 41 Bytes [89, 45, F4, 8B, 45, 10, 89, ...] .text ... .text win32k.sys!EngLoadModule + 7 BF8B77FB 5 Bytes [FF, 75, 08, E8, 09] .text win32k.sys!EngLoadModule + F BF8B7803 3 Bytes [5D, C2, 04] .text win32k.sys!EngLoadModule + 13 BF8B7807 35 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngLoadModule + 39 BF8B782D 8 Bytes [39, 5D, 0C, 75, 11, 56, E8, ...] .text win32k.sys!EngLoadModule + 44 BF8B7838 8 Bytes [3B, C3, 89, 45, FC, 0F, 85, ...] .text ... .text win32k.sys!EngFreeModule + 4A BF8B79BC 15 Bytes [8B, C6, 2B, 46, FC, 50, E8, ...] .text win32k.sys!EngFreeModule + 5A BF8B79CC 26 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngFreeModule + 75 BF8B79E7 14 Bytes [75, 09, 8B, 4E, 14, FF, 15, ...] .text win32k.sys!EngFreeModule + 84 BF8B79F6 4 Bytes [5E, 5D, C2, 04] .text win32k.sys!EngFreeModule + 89 BF8B79FB 10 Bytes CALL BF80593F \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation) .text ... .text win32k.sys!EngGetLastError + DE BF8BB81C 46 Bytes CALL BF8029CF \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation) .text win32k.sys!EngGetLastError + 10E BF8BB84C 48 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngGetLastError + 13F BF8BB87D 32 Bytes [02, 8D, 78, 1F, 59, 89, 45, ...] .text win32k.sys!EngGetLastError + 160 BF8BB89E 19 Bytes [02, 8D, 7C, 07, 03, 59, 89, ...] .text win32k.sys!EngGetLastError + 175 BF8BB8B3 23 Bytes [3B, FB, 74, 0E, 53, 68, 47, ...] .text ... .text win32k.sys!EngGetCurrentCodePage + 15 BF8BF1F7 23 Bytes [90, 90, 90, 90, 90, 33, C0, ...] .text win32k.sys!EngGetCurrentCodePage + 2D BF8BF20F 18 Bytes [83, 4D, FC, FF, 8B, 9D, 34, ...] .text win32k.sys!EngGetCurrentCodePage + 42 BF8BF224 10 Bytes CALL BF81C3FA \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation) .text win32k.sys!EngGetCurrentCodePage + 4E BF8BF230 15 Bytes CALL BF8018CA \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation) .text win32k.sys!EngGetCurrentCodePage + 5F BF8BF241 3 Bytes JMP BF8BF3B3 \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation) .text ... .text win32k.sys!PATHOBJ_bPolyLineTo + 21E BF8D0400 2 Bytes [8F, B5] .text win32k.sys!PATHOBJ_bPolyLineTo + 223 BF8D0405 23 Bytes [0F, BF, 45, 0C, 8B, 4D, DC, ...] .text win32k.sys!PATHOBJ_bPolyLineTo + 23B BF8D041D 62 Bytes [88, 45, 17, 75, 0E, 8B, 55, ...] .text win32k.sys!PATHOBJ_bPolyLineTo + 27B BF8D045D 51 Bytes [FF, 75, EC, 8B, 07, FF, 75, ...] .text win32k.sys!PATHOBJ_bPolyLineTo + 2B0 BF8D0492 3 Bytes [83, 7D, F8] .text ... .text win32k.sys!PATHOBJ_bCloseFigure + 11 BF8D0654 5 Bytes [56, E8, 6C, 93, 02] .text win32k.sys!PATHOBJ_bCloseFigure + 17 BF8D065A 6 Bytes [85, C0, 0F, 84, 30, 01] .text win32k.sys!PATHOBJ_bCloseFigure + 1F BF8D0662 28 Bytes [EB, 27, 90, 90, 90, 90, 90, ...] .text win32k.sys!PATHOBJ_bCloseFigure + 3D BF8D0680 4 Bytes [8D, B8, 24, 02] .text win32k.sys!PATHOBJ_bCloseFigure + 43 BF8D0686 26 Bytes [89, 7D, F8, 74, C9, 8B, 03, ...] .text ... .text win32k.sys!EngFreeMem + 81F9 BF8F0200 2 Bytes [86, E4] {XCHG AH, AH} .text win32k.sys!EngFreeMem + 81FE BF8F0205 4 Bytes [8D, 8E, AC, 02] .text win32k.sys!EngFreeMem + 8204 BF8F020B 43 Bytes [51, 8B, 48, 0C, 8B, D7, E8, ...] .text win32k.sys!EngFreeMem + 8231 BF8F0238 14 Bytes CALL BF8E96A1 \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation) .text win32k.sys!EngFreeMem + 8242 BF8F0249 24 Bytes [0F, 84, A6, FD, FF, FF, 66, ...] .text ... .text win32k.sys!XFORMOBJ_iGetXform + 11 BF8FA756 38 Bytes [74, 0A, FF, 75, 0C, 8B, CE, ...] .text win32k.sys!XFORMOBJ_iGetXform + 38 BF8FA77D 20 Bytes [6A, 03, 58, EB, F6, 90, 90, ...] .text win32k.sys!FONTOBJ_pxoGetXform + D BF8FA794 3 Bytes [5D, C2, 04] .text win32k.sys!FONTOBJ_pxoGetXform + 11 BF8FA798 41 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!FONTOBJ_pxoGetXform + 3B BF8FA7C2 46 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!FONTOBJ_pxoGetXform + 6C BF8FA7F3 9 Bytes [39, 45, 0C, 1B, C0, 40, 5D, ...] .text win32k.sys!FONTOBJ_pxoGetXform + 76 BF8FA7FD 21 Bytes [33, C0, EB, F8, 90, 90, 90, ...] .text ... .text win32k.sys!PALOBJ_cGetColors + 29F2 BF910000 9 Bytes [85, DB, 5F, 74, 7D, 8B, 45, ...] .text win32k.sys!PALOBJ_cGetColors + 29FC BF91000A 15 Bytes [8B, 70, 20, 8B, 4E, 28, E8, ...] .text win32k.sys!PALOBJ_cGetColors + 2A0D BF91001B 17 Bytes [85, C0, 74, 09, 8B, 48, 04, ...] .text win32k.sys!PALOBJ_cGetColors + 2A20 BF91002E 30 Bytes [01, 74, 36, FF, 76, 2C, 8D, ...] .text win32k.sys!PALOBJ_cGetColors + 2A3F BF91004D 1 Byte [6A] .text ... .text win32k.sys!EngCreateClip + 13 BF910159 23 Bytes CALL BF8E7FAE \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation) .text win32k.sys!EngCreateClip + 2D BF910173 28 Bytes [F8, 89, 45, F0, 89, 45, EC, ...] .text win32k.sys!EngCreateClip + 4A BF910190 7 Bytes [C6, 46, 15, 01, C6, 46, 16] .text win32k.sys!EngCreateClip + 52 BF910198 71 Bytes CALL BF8058C7 \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation) .text win32k.sys!EngCreateClip + 9A BF9101E0 3 Bytes [83, 7E, 34] .text ... .text win32k.sys!XFORMOBJ_iGetFloatObjXform + 16 BF932551 11 Bytes [74, 0A, FF, 75, 0C, 8B, CE, ...] .text win32k.sys!XFORMOBJ_iGetFloatObjXform + 22 BF93255D 40 Bytes [8B, 06, 8B, 40, 38, 83, E0, ...] .text win32k.sys!XFORMOBJ_iGetFloatObjXform + 4B BF932586 24 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!FLOATOBJ_SetFloat + 14 BF93259F 24 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!FLOATOBJ_SetLong + 14 BF9325B8 27 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!FLOATOBJ_GetLong + 7 BF9325D4 18 Bytes [8D, 45, 08, 50, FF, 75, 08, ...] .text win32k.sys!FLOATOBJ_GetLong + 1A BF9325E7 42 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!FLOATOBJ_AddFloat + 26 BF932612 42 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!FLOATOBJ_AddLong + 26 BF93263D 27 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!FLOATOBJ_Add + 17 BF932659 42 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!FLOATOBJ_SubFloat + 26 BF932684 42 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!FLOATOBJ_SubLong + 26 BF9326AF 27 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!FLOATOBJ_Sub + 17 BF9326CB 42 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!FLOATOBJ_MulFloat + 26 BF9326F6 42 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!FLOATOBJ_MulLong + 26 BF932721 27 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!FLOATOBJ_Mul + 17 BF93273D 42 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!FLOATOBJ_DivFloat + 26 BF932768 42 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!FLOATOBJ_DivLong + 26 BF932793 27 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!FLOATOBJ_Div + 17 BF9327AF 21 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!FLOATOBJ_Neg + 11 BF9327C5 67 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!FLOATOBJ_EqualLong + 3F BF932809 15 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!FLOATOBJ_GreaterThanLong + B BF932819 16 Bytes [75, 1A, 8B, 4D, 08, 8B, 01, ...] .text win32k.sys!FLOATOBJ_GreaterThanLong + 1C BF93282A 38 Bytes [74, 05, 33, C0, 40, EB, 1C, ...] .text win32k.sys!FLOATOBJ_GreaterThanLong + 43 BF932851 15 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!FLOATOBJ_LessThanLong + B BF932861 40 Bytes [75, 0C, 8B, 4D, 08, 33, C0, ...] .text win32k.sys!FLOATOBJ_LessThanLong + 34 BF93288A 24 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!FLOATOBJ_Equal + 14 BF9328A3 24 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!FLOATOBJ_GreaterThan + 14 BF9328BC 24 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!FLOATOBJ_LessThan + 14 BF9328D5 31 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!FLOATOBJ_LessThan + 34 BF9328F5 17 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!FLOATOBJ_LessThan + 46 BF932907 27 Bytes [75, 2B, 56, 8B, 75, 0C, 68, ...] .text win32k.sys!FLOATOBJ_LessThan + 62 BF932923 7 Bytes [89, 70, 04, C7, 40, 0C, 01] .text win32k.sys!FLOATOBJ_LessThan + 6C BF93292D 14 Bytes [83, C0, 10, 89, 47, 04, 5E, ...] .text ... .text win32k.sys!CLIPOBJ_ppoGetPath + 11 BF932BDB 31 Bytes [90, 90, 90, 90, 90, 33, C0, ...] .text win32k.sys!EngGetCurrentThreadId + 13 BF932BFB 12 Bytes [74, 14, FF, 75, 08, FF, 15, ...] .text win32k.sys!EngGetCurrentThreadId + 20 BF932C08 12 Bytes [FF, 75, 08, FF, 15, E0, A6, ...] .text win32k.sys!EngGetCurrentThreadId + 2D BF932C15 25 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngIsSemaphoreOwned + 15 BF932C2F 30 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngDebugPrint + B BF932C4F 24 Bytes [A1, B4, 85, 99, BF, 56, 8B, ...] .text win32k.sys!EngDebugPrint + 24 BF932C68 13 Bytes [57, 8D, 85, FC, FE, FF, FF, ...] .text win32k.sys!EngDebugPrint + 32 BF932C76 11 Bytes [8D, 85, FC, FE, FF, FF, 50, ...] .text win32k.sys!EngDebugPrint + 3E BF932C82 16 Bytes [8B, 4D, FC, 83, C4, 14, 5F, ...] .text win32k.sys!EngDebugPrint + 4F BF932C93 93 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngProbeForRead + 3A BF932CF1 37 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngAllocSectionMem + 23 BF932D19 13 Bytes [08, 6A, 04, 89, 45, F4, 8D, ...] .text win32k.sys!EngAllocSectionMem + 31 BF932D27 1 Byte [0F] .text win32k.sys!EngAllocSectionMem + 31 BF932D27 8 Bytes [0F, 00, 56, 89, 7D, F8, FF, ...] .text win32k.sys!EngAllocSectionMem + 3A BF932D30 88 Bytes [A7, 98, BF, 85, C0, 7D, 04, ...] .text win32k.sys!EngAllocSectionMem + 93 BF932D89 13 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngFreeSectionMem + 9 BF932D97 27 Bytes [74, 09, FF, 75, 0C, FF, 15, ...] .text win32k.sys!EngFreeSectionMem + 25 BF932DB3 146 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngMapSection + 8E BF932E46 39 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngInitializeSafeSemaphore + 12 BF932E6E 36 Bytes CALL BF8FA6E9 \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation) .text win32k.sys!EngInitializeSafeSemaphore + 37 BF932E93 34 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngDeleteSafeSemaphore + 1E BF932EB6 12 Bytes CALL BF8049F5 \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation) .text win32k.sys!EngDeleteSafeSemaphore + 2B BF932EC3 98 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngDeleteSafeSemaphore + 8E BF932F26 1 Byte [10] .text win32k.sys!EngDeleteSafeSemaphore + 8E BF932F26 18 Bytes [10, 00, C3, 90, 90, 90, 90, ...] .text win32k.sys!EngDeleteSafeSemaphore + A1 BF932F39 15 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text ... .text win32k.sys!HeapVidMemAllocAligned + 11 BF9333C6 20 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!VidMemFree + 11 BF9333DC 20 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngAllocPrivateUserMem + 11 BF9333F2 20 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngFreePrivateUserMem + 11 BF933408 20 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngDxIoctl + 11 BF93341E 20 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngLockDirectDrawSurface + 11 BF933434 20 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngUnlockDirectDrawSurface + 11 BF93344A 20 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngUnlockDirectDrawSurface + 27 BF933460 20 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngUnlockDirectDrawSurface + 3D BF933476 56 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngUnlockDirectDrawSurface + 76 BF9334AF 61 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngUnlockDirectDrawSurface + B4 BF9334ED 36 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text ... .text win32k.sys!EngGetType1FontList + 13 BF933F3B 14 Bytes [89, 7D, FC, 75, 0B, E8, 7B, ...] .text win32k.sys!EngGetType1FontList + 23 BF933F4B 4 Bytes [39, BE, CC, 02] .text win32k.sys!EngGetType1FontList + 29 BF933F51 4 Bytes [8B, 86, D4, 02] .text win32k.sys!EngGetType1FontList + 2F BF933F57 7 Bytes [75, 08, 3B, C7, 0F, 84, EB] .text win32k.sys!EngGetType1FontList + 39 BF933F61 20 Bytes [8B, 55, 18, 89, 3A, EB, 05, ...] .text ... .text win32k.sys!EngQueryLocalTime + 6F BF9340C9 18 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngQueryLocalTime + 84 BF9340DE 6 Bytes [8B, 40, 04, 83, 89, A8] .text win32k.sys!EngQueryLocalTime + 8D BF9340E7 4 Bytes [04, 89, 81, B0] .text win32k.sys!EngQueryLocalTime + 94 BF9340EE 3 Bytes [5D, C2, 04] .text win32k.sys!EngQueryLocalTime + 98 BF9340F2 63 Bytes [90, 90, 90, 90, 90, 8B, 01, ...] .text ... .text win32k.sys!EngCheckAbort + 17 BF9342FE 6 Bytes [74, 0A, 8B, 40, 48, 25] .text win32k.sys!EngCheckAbort + 20 BF934307 8 Bytes [40, EB, 02, 33, C0, 5D, C2, ...] .text win32k.sys!EngCheckAbort + 29 BF934310 26 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngCheckAbort + 44 BF93432B 15 Bytes [74, 10, FF, 75, 0C, 8D, 4D, ...] .text win32k.sys!EngCheckAbort + 54 BF93433B 7 Bytes [EB, 02, 33, C0, C9, C2, 08] .text ... .text win32k.sys!EngDeleteEvent + 1F BF935AD0 59 Bytes [90, 90, 90, 90, 90, 6A, 18, ...] .text win32k.sys!EngMapEvent + 39 BF935B0E 63 Bytes [10, FF, 75, 0C, FF, 15, 74, ...] .text win32k.sys!EngMapEvent + 79 BF935B4E 43 Bytes [C3, 90, 90, 90, 90, 90, 8B, ...] .text win32k.sys!EngMapEvent + A5 BF935B7A 45 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngUnmapEvent + 29 BF935BA8 14 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngSetEvent + A BF935BB7 1 Byte [6A] .text win32k.sys!EngSetEvent + A BF935BB7 13 Bytes [6A, 00, FF, 30, FF, 15, 88, ...] .text win32k.sys!EngSetEvent + 18 BF935BC5 24 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngClearEvent + 14 BF935BDE 17 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngReadStateEvent + D BF935BF0 6 Bytes [AB, 98, BF, 5D, C2, 04] .text win32k.sys!EngReadStateEvent + 14 BF935BF7 25 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngReadStateEvent + 2E BF935C11 70 Bytes [8B, F0, 59, 8D, 5C, 36, 3A, ...] .text win32k.sys!EngReadStateEvent + 75 BF935C58 76 Bytes [CE, EC, FF, 85, C0, 89, 47, ...] .text win32k.sys!EngReadStateEvent + C2 BF935CA5 23 Bytes [74, 08, 68, 9C, 01, 99, BF, ...] .text ... .text win32k.sys!EngGetFilePath + 27 BF935CE9 30 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngGetFileChangeTime + 1C BF935D0A 20 Bytes [39, 70, 18, 74, 12, 8B, 10, ...] .text win32k.sys!EngGetFileChangeTime + 33 BF935D21 26 Bytes [51, 8D, 45, F4, 50, FF, 15, ...] .text win32k.sys!EngGetFileChangeTime + 50 BF935D3E 19 Bytes [50, 56, 8D, 4D, EC, 51, 8D, ...] .text win32k.sys!EngGetFileChangeTime + 66 BF935D54 7 Bytes [89, 75, D8, C7, 45, E0, 40] .text win32k.sys!EngGetFileChangeTime + 70 BF935D5E 86 Bytes [89, 75, E4, 89, 75, E8, FF, ...] .text ... .text win32k.sys!EngDeleteFile + 1D BF935F89 3 Bytes [83, 65, F0] .text win32k.sys!EngDeleteFile + 21 BF935F8D 3 Bytes [83, 65, F4] .text win32k.sys!EngDeleteFile + 25 BF935F91 14 Bytes [8D, 45, F8, 89, 45, E8, 8D, ...] .text win32k.sys!EngDeleteFile + 36 BF935FA2 4 Bytes [C7, 45, EC, 40] .text win32k.sys!EngDeleteFile + 3D BF935FA9 18 Bytes [FF, 15, 20, AB, 98, BF, 85, ...] .text ... .text win32k.sys!EngControlSprites + 22 BF937145 89 Bytes [8B, 40, 10, 56, 57, 8B, 78, ...] .text win32k.sys!EngControlSprites + 7C BF93719F 92 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngControlSprites + DB BF9371FE 26 Bytes CALL BF822D7D \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation) .text win32k.sys!EngControlSprites + F6 BF937219 55 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngControlSprites + 130 BF937253 68 Bytes CALL BF822D7D \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation) .text ... .text win32k.sys!EngMovePointer + 1E BF937A9F 4 Bytes [0F, 84, 53, 01] .text win32k.sys!EngMovePointer + 24 BF937AA5 16 Bytes [8D, 45, FC, 50, 8D, 4D, EC, ...] .text win32k.sys!EngMovePointer + 36 BF937AB7 4 Bytes [3B, 86, 7C, 01] .text win32k.sys!EngMovePointer + 3C BF937ABD 3 Bytes [0F, 84, A9] .text win32k.sys!EngMovePointer + 42 BF937AC3 1 Byte [BA] .text ... .text win32k.sys!EngSetPointerShape + 1F BF937C22 4 Bytes [C7, 45, FC, 02] .text win32k.sys!EngSetPointerShape + 26 BF937C29 16 Bytes [8B, C8, 75, 07, 33, DB, 89, ...] .text win32k.sys!EngSetPointerShape + 38 BF937C3B 30 Bytes [F7, F1, 33, DB, 89, 45, 2C, ...] .text win32k.sys!EngSetPointerShape + 58 BF937C5B 25 Bytes [3B, C3, 74, 0F, 8B, 78, 10, ...] .text win32k.sys!EngSetPointerShape + 73 BF937C76 4 Bytes [89, 9E, C0, 01] .text ... .text win32k.sys!EngUnlockDriverObj + 33 BF938297 126 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngQueryPalette + 7A BF938316 78 Bytes [90, 90, 90, 90, 90, 8B, 49, ...] .text win32k.sys!EngQueryPalette + C9 BF938365 47 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngQueryPalette + F9 BF938395 84 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngQueryPalette + 150 BF9383EC 196 Bytes [8B, 46, 08, 89, 78, 38, 8B, ...] .text win32k.sys!EngQueryPalette + 215 BF9384B1 192 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text ... .text win32k.sys!EngDeletePath + 9 BF9385CF 19 Bytes [74, 0E, 8B, 4D, 08, E8, 80, ...] .text win32k.sys!EngDeletePath + 1D BF9385E3 63 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngDeletePath + 5D BF938623 21 Bytes [03, 03, 8B, CF, 89, 45, F8, ...] .text win32k.sys!EngDeletePath + 73 BF938639 20 Bytes CALL BF84E027 \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation) .text win32k.sys!EngDeletePath + 88 BF93864E 14 Bytes CALL BF84E38B \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation) .text ... .text win32k.sys!PATHOBJ_bPolyBezierTo + 10 BF9386B7 8 Bytes CALL BF85B164 \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation) .text win32k.sys!PATHOBJ_bPolyBezierTo + 19 BF9386C0 16 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!PATHOBJ_bPolyBezierTo + 2C BF9386D3 6 Bytes [83, E0, 20, 5D, C2, 04] .text win32k.sys!PATHOBJ_bPolyBezierTo + 33 BF9386DA 32 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!WNDOBJ_cEnumStart + 1C BF9386FB 16 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!WNDOBJ_vSetConsumer + E BF93870E 14 Bytes [3B, 41, 08, 74, 06, 8B, 4D, ...] .text win32k.sys!WNDOBJ_vSetConsumer + 1D BF93871D 17 Bytes [90, 90, 90, 90, 90, 81, 79, ...] .text win32k.sys!WNDOBJ_vSetConsumer + 31 BF938731 29 Bytes [81, 38, 54, 52, 41, 43, 75, ...] .text win32k.sys!WNDOBJ_vSetConsumer + 4F BF93874F 11 Bytes [68, A0, 90, 99, BF, FF, 75, ...] .text win32k.sys!WNDOBJ_vSetConsumer + 5B BF93875B 35 Bytes [C4, EC, FF, 8D, 7B, 1C, 8D, ...] .text ... .text win32k.sys!EngCreateWnd + 3E BF938888 3 Bytes [F7, 45, 14] .text win32k.sys!EngCreateWnd + 42 BF93888C 7 Bytes [FE, FF, F7, 0F, 85, A6, 02] .text win32k.sys!EngCreateWnd + 4B BF938895 35 Bytes [FF, 35, CC, 9A, 9A, BF, 8D, ...] .text win32k.sys!EngCreateWnd + 71 BF9388BB 4 Bytes [0F, 84, CE, 01] .text win32k.sys!EngCreateWnd + 77 BF9388C1 3 Bytes [8B, 80, 80] .text ... .text win32k.sys!EngDeleteWnd + 18 BF938C8A 5 Bytes [85, C0, 74, 08, 6A] .text win32k.sys!EngDeleteWnd + 1E BF938C90 16 Bytes CALL BF923851 \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation) .text win32k.sys!EngDeleteWnd + 2F BF938CA1 73 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngDeleteWnd + 79 BF938CEB 11 Bytes CALL BF80C908 \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation) .text win32k.sys!EngDeleteWnd + 87 BF938CF9 25 Bytes [85, FF, 75, E4, EB, 26, 3B, ...] .text ... .text win32k.sys!EngDitherColor + 14 BF9399C8 4 Bytes [08, 0F, 85, A5] .text win32k.sys!EngDitherColor + 1B BF9399CF 5 Bytes [66, 83, B9, 2E, 04] .text win32k.sys!EngDitherColor + 22 BF9399D6 4 Bytes [08, 0F, 85, 97] .text win32k.sys!EngDitherColor + 29 BF9399DD 11 Bytes [83, 7D, 0C, 02, 56, 74, 41, ...] .text win32k.sys!EngDitherColor + 36 BF9399EA 83 Bytes [83, FE, 03, 74, 05, 83, FE, ...] .text ... .text win32k.sys!EngEnumForms + 15 BF93A25D 6 Bytes [39, 45, 1C, 0F, 84, C0] .text win32k.sys!EngEnumForms + 1E BF93A266 28 Bytes [53, 56, 57, BB, 47, 73, 70, ...] .text win32k.sys!EngEnumForms + 3D BF93A285 20 Bytes [8B, 45, 0C, 89, 3E, 8B, 7D, ...] .text win32k.sys!EngEnumForms + 52 BF93A29A 40 Bytes CALL BF802A59 \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation) .text win32k.sys!EngEnumForms + 7B BF93A2C3 111 Bytes [8B, 45, 18, 89, 08, 8B, 4B, ...] .text ... .text win32k.sys!EngGetPrinter + B BF93A343 3 Bytes [83, 7D, 18] .text win32k.sys!EngGetPrinter + F BF93A347 35 Bytes [75, 04, 6A, 57, EB, 14, 8B, ...] .text win32k.sys!EngGetPrinter + 35 BF93A36D 68 Bytes [C7, 45, FC, 30, 95, 99, BF, ...] .text win32k.sys!EngGetPrinter + 7C BF93A3B4 20 Bytes [8B, 45, 0C, 89, 3B, 8B, 7D, ...] .text win32k.sys!EngGetPrinter + 91 BF93A3C9 17 Bytes CALL BF802A59 \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation) .text ... .text win32k.sys!EngGetForm + 1F BF93A46F 16 Bytes [39, 75, 0C, 74, 0D, FF, 75, ...] .text win32k.sys!EngGetForm + 30 BF93A480 24 Bytes [02, 53, 57, 68, 47, 73, 70, ...] .text win32k.sys!EngGetForm + 4B BF93A49B 3 Bytes [83, 7D, 0C] .text win32k.sys!EngGetForm + 4F BF93A49F 46 Bytes [8B, 45, 18, 8B, 4D, 10, 89, ...] .text win32k.sys!EngGetForm + 7E BF93A4CE 21 Bytes [68, 47, 73, 70, 6C, 57, E8, ...] .text ... .text win32k.sys!EngGetPrinterData + 13 BF93A6F9 14 Bytes CALL BF81C3F8 \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation) .text win32k.sys!EngGetPrinterData + 24 BF93A70A 18 Bytes [56, 8B, 75, 0C, 3B, F3, 57, ...] .text win32k.sys!EngGetPrinterData + 37 BF93A71D 23 Bytes [02, 68, 47, 73, 70, 6C, 8D, ...] .text win32k.sys!EngGetPrinterData + 51 BF93A737 68 Bytes [85, F6, 8B, 4D, 18, 89, 38, ...] .text win32k.sys!EngGetPrinterData + 96 BF93A77C 2 Bytes [68, 09] .text ... .text win32k.sys!EngSetPrinterData + B BF93A7FE 7 Bytes [53, 56, 57, C7, 45, F8, 08] .text win32k.sys!EngSetPrinterData + 15 BF93A808 12 Bytes [74, 12, FF, 75, 0C, E8, 2D, ...] .text win32k.sys!EngSetPrinterData + 22 BF93A815 10 Bytes [02, 59, 89, 7D, FC, EB, 07, ...] .text win32k.sys!EngSetPrinterData + 2D BF93A820 35 Bytes [8B, 7D, FC, 8B, 45, 14, F7, ...] .text win32k.sys!EngSetPrinterData + 53 BF93A846 68 Bytes [89, 33, 8B, 75, 0C, 85, F6, ...] .text ... .text win32k.sys!EngWritePrinter + 24 BF93A8FD 6 Bytes [89, 75, E4, 8D, BB, B0] .text win32k.sys!EngWritePrinter + 2D BF93A906 39 Bytes [8B, 75, 10, 8D, 46, 10, 89, ...] .text win32k.sys!EngWritePrinter + 56 BF93A92F 1 Byte [01] .text win32k.sys!EngWritePrinter + 56 BF93A92F 14 Bytes [01, 00, 72, 19, 89, 57, 04, ...] .text win32k.sys!EngWritePrinter + 67 BF93A940 4 Bytes [C7, 43, 6C, 10] .text ... .text win32k.sys!EngFileWrite + B BF93AB37 1 Byte [6A] .text win32k.sys!EngFileWrite + B BF93AB37 3 Bytes [6A, 00, 6A] .text win32k.sys!EngFileWrite + F BF93AB3B 11 Bytes [57, FF, 75, 0C, FF, 75, 08, ...] .text win32k.sys!EngFileWrite + 1B BF93AB47 9 Bytes [85, C0, 8B, 45, 14, 7D, 05, ...] .text win32k.sys!EngFileWrite + 25 BF93AB51 8 Bytes [EB, 02, 89, 38, 5F, 5D, C2, ...] .text ... .text win32k.sys!EngFileIoControl + 25 BF93AB84 1 Byte [03] .text win32k.sys!EngFileIoControl + 25 BF93AB84 13 Bytes [03, 00, 8B, 4D, 20, 8B, 55, ...] .text win32k.sys!EngFileIoControl + 33 BF93AB92 6 Bytes [90, 90, 90, 90, 90, BA] .text win32k.sys!EngGetTickCount + 3 BF93AB9A 61 Bytes [FE, 7F, 8B, 02, F7, 62, 04, ...] .text win32k.sys!EngGetTickCount + 41 BF93ABD8 13 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngGetTickCount + 4F BF93ABE6 115 Bytes [74, 77, 53, 56, 8B, 75, 08, ...] .text win32k.sys!EngGetTickCount + C3 BF93AC5A 10 Bytes [75, 98, 5F, 5E, 5B, 33, C0, ...] .text win32k.sys!EngGetTickCount + CE BF93AC65 7 Bytes [90, 90, 90, 90, 90, 68, DC] .text ... .text win32k.sys!EngHangNotification + 1B BF93D4A1 4 Bytes [8B, B7, 74, 05] .text win32k.sys!EngHangNotification + 21 BF93D4A7 6 Bytes [83, FE, FC, 0F, 84, B9] .text win32k.sys!EngHangNotification + 2A BF93D4B0 5 Bytes [85, F6, 0F, 84, B1] .text win32k.sys!EngHangNotification + 32 BF93D4B8 14 Bytes [53, 8D, 46, 20, 50, 68, 88, ...] .text win32k.sys!EngHangNotification + 41 BF93D4C7 8 Bytes CALL BF80F43E \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation) .text ... .text win32k.sys!EngFntCacheFault + 25 BF93DF3D 52 Bytes [76, 27, 83, 7D, 0C, 02, 77, ...] .text win32k.sys!EngFntCacheFault + 5A BF93DF72 21 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngFntCacheFault + 70 BF93DF88 11 Bytes [F6, 40, 10, 04, 74, 07, 33, ...] .text win32k.sys!EngFntCacheFault + 7D BF93DF95 33 Bytes [8B, 08, 8B, 51, 18, 53, 8B, ...] .text win32k.sys!EngFntCacheFault + 9F BF93DFB7 1 Byte [20] .text ... .text win32k.sys!EngMapModule + 17 BF93E121 61 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngUnmapFile + 39 BF93E15F 40 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngUnmapFile + 62 BF93E188 3 Bytes [F7, D9, 3D] .text win32k.sys!EngUnmapFile + 66 BF93E18C 20 Bytes [68, C4, 61, 75, 0A, 83, F9, ...] .text win32k.sys!EngUnmapFile + 7B BF93E1A1 33 Bytes [90, 90, 90, 90, 90, 6A, 40, ...] .text win32k.sys!EngUnmapFile + 9F BF93E1C5 7 Bytes [10, 39, 75, 0C, 0F, 87, AB] .text ... .text win32k.sys!EngLoadModuleForWrite + 1C BF93E84A 82 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngMapFile + 4E BF93E89D 106 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngMapFile + BB BF93E90A 182 Bytes [89, 5D, F8, FF, 35, D8, 41, ...] .text win32k.sys!EngMapFile + 172 BF93E9C1 17 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngGetPrinterDataFileName + E BF93E9D4 3 Bytes [5D, C2, 04] .text win32k.sys!EngGetPrinterDataFileName + 12 BF93E9D8 15 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngGetDriverName + B BF93E9E8 1 Byte [03] .text win32k.sys!EngGetDriverName + E BF93E9EB 9 Bytes [8B, 40, 08, 8B, 40, 04, 5D, ...] .text win32k.sys!EngGetDriverName + 18 BF93E9F5 38 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngQueryDeviceAttribute + 23 BF93EA1D 8 Bytes [89, 01, 33, C0, 40, 5D, C2, ...] .text win32k.sys!EngQueryDeviceAttribute + 2C BF93EA26 18 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngQueryDeviceAttribute + 3F BF93EA39 15 Bytes [83, 7D, 0C, 05, 56, 8B, 75, ...] .text win32k.sys!EngQueryDeviceAttribute + 50 BF93EA4A 6 Bytes [85, F6, 0F, 84, 61, 04] .text win32k.sys!EngQueryDeviceAttribute + 58 BF93EA52 8 Bytes [F6, 46, 20, 01, 0F, 84, 57, ...] .text ... .text win32k.sys!XLATEOBJ_hGetColorTransform + 97E5 BF94FC00 49 Bytes [CE, FF, 70, 54, 50, E8, 78, ...] .text win32k.sys!XLATEOBJ_hGetColorTransform + 9818 BF94FC33 45 Bytes [F6, 45, C4, 01, 75, 29, 8D, ...] .text win32k.sys!XLATEOBJ_hGetColorTransform + 9847 BF94FC62 4 Bytes [8D, 88, D0, 03] .text win32k.sys!XLATEOBJ_hGetColorTransform + 984D BF94FC68 15 Bytes [8B, 11, 01, 55, E4, 8B, 49, ...] .text win32k.sys!XLATEOBJ_hGetColorTransform + 985E BF94FC79 12 Bytes [85, C9, 74, 04, 8B, C1, EB, ...] .text ... .text win32k.sys!EngDeleteClip + 2B BF9748CE 27 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngDeleteClip + 49 BF9748EC 8 Bytes [EB, 03, 83, C8, FF, 5D, C2, ...] .text win32k.sys!EngDeleteClip + 52 BF9748F5 211 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text win32k.sys!EngDeleteClip + 126 BF9749C9 1 Byte [01] .text win32k.sys!EngDeleteClip + 129 BF9749CC 4 Bytes [74, 10, 81, FE] .text ... .text win32k.sys!HT_ComputeRGBGammaTable + 10 BF97BCD9 1 Byte [01] .text win32k.sys!HT_ComputeRGBGammaTable + 13 BF97BCDC 7 Bytes [89, 75, F4, 0F, 8F, 14, 01] .text win32k.sys!HT_ComputeRGBGammaTable + 1C BF97BCE5 7 Bytes [83, FE, 02, 0F, 8C, 0B, 01] .text win32k.sys!HT_ComputeRGBGammaTable + 25 BF97BCEE 3 Bytes [83, 65, FC] .text win32k.sys!HT_ComputeRGBGammaTable + 29 BF97BCF2 80 Bytes [53, 57, 8D, 46, FF, 33, DB, ...] .text ... .text dxg.sys!DriverEntry + FFFFB35B BD00B3E1 2 Bytes [00, BD] .text dxg.sys!DriverEntry + FFFFB363 BD00B3E9 2 Bytes [00, BD] .text dxg.sys!DriverEntry + FFFFB3CA BD00B450 2 Bytes [00, BD] .text dxg.sys!DriverEntry + FFFFB3D2 BD00B458 2 Bytes [00, BD] .text dxg.sys!DriverEntry + FFFFB41D BD00B4A3 2 Bytes [00, BD] .text ... .text dxg.sys!DxDdStartupDxGraphics + 23 BD00EF91 2 Bytes [00, BD] .text dxg.sys!DxDdStartupDxGraphics + 29 BD00EF97 2 Bytes [00, BD] .text dxg.sys!DxDdStartupDxGraphics + 2F BD00EF9D 2 Bytes [00, BD] .text dxg.sys!DxDdStartupDxGraphics + 3B BD00EFA9 2 Bytes [00, BD] .text dxg.sys!DxDdStartupDxGraphics + 45 BD00EFB3 2 Bytes [00, BD] .text ... .text dxg.sys!DxDdCleanupDxGraphics + E BD00F05C 2 Bytes [00, BD] .text dxg.sys!DxDdCleanupDxGraphics + 15 BD00F063 2 Bytes [00, BD] .text dxg.sys!DxDdCleanupDxGraphics + 21 BD00F06F 2 Bytes CALL 46BDF166 .text dxg.sys!DxDdCleanupDxGraphics + 27 BD00F075 2 Bytes [00, BD] .text dxg.sys!DxDdCleanupDxGraphics + 2D BD00F07B 2 Bytes [00, BD] .text ... .text wdmaud.sys 8C3ED404 3 Bytes [F9, 3E, 8C] .text wdmaud.sys 8C3ED42D 3 Bytes [F7, 3E, 8C] .text wdmaud.sys 8C3ED458 3 Bytes [F6, 3E, 8C] .text wdmaud.sys 8C3ED4B0 3 Bytes [F7, 3E, 8C] .text wdmaud.sys 8C3ED4BB 3 Bytes [01, 3F, 8C] .text ... PAGE mrxdav.sys 8C1CE000 41 Bytes [55, 4D, 53, 42, 89, 7E, 08, ...] PAGE mrxdav.sys 8C1CE02A 8 Bytes [8B, C6, 5F, 5E, 5B, C9, C2, ...] PAGE mrxdav.sys 8C1CE033 18 Bytes [CC, CC, CC, CC, CC, 8B, FF, ...] PAGE mrxdav.sys 8C1CE047 22 Bytes [50, FF, 75, 08, 33, FF, E8, ...] PAGE mrxdav.sys 8C1CE05F 6 Bytes [C0, EB, 38, 83, 7D, 10] PAGE ... PAGESMBC srv.sys 8C13D699 3 Bytes [D9, 13, 8C] PAGESMBC srv.sys 8C13D6A3 3 Bytes [FB, 0F, 8C] PAGESMBC srv.sys 8C13D6A9 3 Bytes [D8, 13, 8C] PAGESMBC srv.sys 8C13D6B2 3 Bytes [D9, 13, 8C] PAGESMBC srv.sys 8C13D6C9 3 Bytes [FB, 0F, 8C] PAGESMBC ... .text HTTP.sys 8BC0131E 3 Bytes [87, C1, 8B] .text HTTP.sys 8BC0134D 3 Bytes [87, C1, 8B] .text HTTP.sys 8BC01373 3 Bytes [84, C1, 8B] .text HTTP.sys 8BC013AE 3 Bytes [84, C1, 8B] .text HTTP.sys 8BC01405 3 Bytes [84, C1, 8B] .text ... ---- User code sections - GMER 1.0.15 ---- ? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[464] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch; ? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[464] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; ? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[660] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch; ? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[660] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [B8320DA0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!] [80578014] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!] [804E8EE4] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!] [8056AB6F] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!] [8056429D] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!] [8057C0C9] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!] [805642D2] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!] [8058009F] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!] [80563A72] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!] [8058001D] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!] [805714F7] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!] [8054B044] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!] [80509F64] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!] [80564468] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!] [804DCF7B] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!] [805C5301] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!] [B8320C50] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!] [804E8EBA] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!] [8050BF20] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!] [8052DF69] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!] [804D9535] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!] [804ECC66] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!] [80506559] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!] [804DCB9A] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!] [80502F37] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!] [804D93BD] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!] [80518261] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!] [8057A125] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!] [8057164C] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!] [804DA87E] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!] [804E6B90] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!] [8053F23A] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!] [8053F2DF] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!] [8053F14B] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!] [8053F203] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!] [8053F335] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!] [8053F164] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!] [804E72C4] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!] [804DB609] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!] [805583D8] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!] [8053396F] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!] [8050BF55] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!] [804E75F1] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80581F51] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DA17A] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8050CC4C] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8053E2C7] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80560C60] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804F2B1A] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80587127] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8058009F] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804E5F8B] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804E5F74] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8062C1BF] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80588F75] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8056AB97] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80570167] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804E7B48] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8056C47D] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80561F3C] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804ED218] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804E8EE4] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8054AF07] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804E7548] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8054B044] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DCF62] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805DF87F] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80502664] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80502FE3] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80573B01] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804E4A0F] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8059F85F] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8059F9BC] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80575F20] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DE183] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8068D188] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8068D170] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804E7B67] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80506559] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804F1CF0] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804ECC66] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805DF2A2] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805B6859] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80561F40] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804E7B0E] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804F1CD9] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8056C91A] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DD913] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804E7B31] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804E29EF] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804E2A19] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8050123A] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804E4131] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804E4114] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80575CB0] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80574725] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80578A69] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80578A85] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805463C4] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804E9065] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805B6380] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804E3F8D] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DC750] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804D9929] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804E3F16] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804E75F1] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80561EC0] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DCF7B] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804EA439] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8058001D] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804D93FA] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80518354] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80560CDC] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8057C0C9] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8056393B] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80504187] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805890B7] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8056B7FD] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804F3CF7] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8053E30F] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8062C8F3] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DDA17] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8056A902] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804EA769] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8058A026] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804FAB72] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DE2FF] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [806469B9] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804FD1E9] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804E72C4] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804E3B14] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805058B1] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805530C1] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DDC15] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DD6E3] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [806311A7] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804F288F] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804FD8F7] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DC4B8] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804E3579] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8056C537] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80630A37] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804E74F6] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804E50BF] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80621132] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804E5257] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805ABF48] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8055F534] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805BC541] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805BC019] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DD92C] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DDF8A] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DDF71] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804EE836] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804D9535] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805919D9] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DD82D] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804E700A] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DD232] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804E8B26] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804FA335] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804E75AA] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80557F00] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80567B4B] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8059DE73] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805AC4A4] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8059DE8F] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805AC5F0] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80581A06] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805AC4EE] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805780A8] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80567ABF] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8068D9D0] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805665F8] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80563A9E] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805654DD] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80563A41] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80563A72] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805642D2] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8057B0D3] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8056AE1E] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8056429D] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8056AB6F] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DD3BD] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DCDDC] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DDA49] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8056339D] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DE06B] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DDAE4] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80564DCE] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804F1BA1] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804F1C63] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DD264] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805A42E6] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804E9CFD] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804EB63A] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DE142] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8058F914] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805A49B6] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805700D3] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80567AED] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805655A8] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80578311] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80565496] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80583D10] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8057725A] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80567B88] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804E9DB1] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804EA0E9] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804EA173] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804F6FEE] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804FA581] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80507701] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80588351] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DD670] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DE09D] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805AC24D] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80566F9D] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805AC2F9] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8056A7ED] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805DEE2F] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8058F8BD] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8059C087] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80577E76] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805648A3] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DD657] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8056A7AF] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DD756] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DD7E7] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80563365] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80567A2D] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8057DF7D] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8057EAEA] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804F853A] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DE4D5] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8057FF31] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8057D750] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80569757] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8062C938] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8053E35B] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804F9BC5] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8057D5A7] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80570035] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80661963] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DC99A] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8057240E] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80587455] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DDAA3] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DD2DC] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DE228] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80569805] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805955DC] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8050B8EC] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804FD4D3] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DA981] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80545753] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80545737] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805B3AB6] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8058AF8A] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8057E16F] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DDFBC] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805185BB] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805B4BBD] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804FA36B] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8068D174] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805789BC] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80578C51] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80579105] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DE3E0] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DD5E9] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DD0C5] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804E7593] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804E3568] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80581FBC] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805847C3] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805666A9] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8055F538] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804E3D45] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805077F0] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805583D8] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DD69D] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804FCC21] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8050DEA4] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8050DD3C] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DBB4A] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8050995B] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8059FE64] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80619C25] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805D6BEA] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8050C436] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805A5AD6] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DCFA8] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DCE4A] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80505299] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80598412] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805B35B5] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DDCA1] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80586384] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805583E0] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805D60E3] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80619AEE] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8050D070] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8057E643] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8050C745] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80630AF9] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80630FCD] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804D9796] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804D9A7F] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8050E16B] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80569739] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804ECD5F] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804ECE36] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DDBC0] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804FD812] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804E358B] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80569721] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805167B9] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804F7668] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8051672C] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804E5FF6] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8050F346] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DB11D] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8050D4E4] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804F35C4] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8053E3C9] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8059AFAA] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804E4846] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DD9D1] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80595348] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805BB378] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8062F91F] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8062F736] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805D201C] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80584C43] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DD1D3] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805D635E] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8056AB16] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8058C798] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8055F53C] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8062C213] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8058FEAE] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DD002] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8057240E] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804FA9D5] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805026FD] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804FBF65] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8050E1DC] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8050E1BE] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DA841] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8050AF25] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805B4C4A] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DD2AF] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805AD979] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804E7E80] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80592059] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DD1EC] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805BA9A4] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805B342E] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805BA8AB] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805714F7] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DE025] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DDC47] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804E91A1] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804D9845] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804D9AA5] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8055F2A0] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804FD260] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DB01E] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805B8BC0] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8050BE1A] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80504321] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80504151] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8057E129] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [80566892] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804DB5A8] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804D9B12] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804F9AA4] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804FEC8D] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8050DAEB] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [8062263A] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [805BB201] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!] [804E52B7] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[464] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 010404E0 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[464] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01040550 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[464] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 010405C0 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[464] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 01040630 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[464] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 010406A0 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[464] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 00E70940 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[464] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapCreate] 00E709B0 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[464] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualFree] 00E70A20 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[464] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualAlloc] 00E70A90 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[464] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 00E70B70 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[464] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 010408D0 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[464] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 01040940 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[464] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 010409B0 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[464] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] 00E70CC0 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[464] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] 01040A20 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[464] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7D1F0B70 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[464] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7D1F0BE0 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[464] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D200400 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[464] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7D200470 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[464] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7D2004E0 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[464] @ C:\WINDOWS\system32\secur32.dll [ntdll.dll!RtlFreeHeap] 00E802B0 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[464] @ C:\WINDOWS\system32\secur32.dll [ntdll.dll!RtlAllocateHeap] 00E80320 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[464] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D200D30 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[464] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!GetModuleHandleW] 7D200DA0 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[464] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!GetProcAddress] 7D200E10 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[464] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!FreeLibrary] 7D200E80 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[464] @ C:\WINDOWS\system32\netapi32.dll [ntdll.dll!RtlAllocateHeap] 00E80390 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[464] @ C:\WINDOWS\system32\netapi32.dll [ntdll.dll!RtlFreeHeap] 00E80400 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[464] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D200EF0 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[464] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!FreeLibrary] 7D200F60 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[464] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!GetProcAddress] 01050010 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[464] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!CreateThread] 00E80550 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[464] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01050550 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[464] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 010505C0 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[464] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 01050630 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[464] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 010506A0 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[464] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 01050710 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[464] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 00E80940 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[464] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy] 00E809B0 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[464] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapCreate] 00E80A90 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[464] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 01050780 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[464] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 00E80D30 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[464] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] 01060780 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[464] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 010607F0 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[464] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 01060860 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[660] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 00EC04E0 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[660] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00EC0550 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[660] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 00EC05C0 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[660] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 00EC0630 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[660] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 00EC06A0 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[660] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 00BF0940 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[660] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapCreate] 00BF09B0 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[660] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualFree] 00BF0A20 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[660] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualAlloc] 00BF0A90 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[660] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 00BF0B70 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[660] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 00EC08D0 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[660] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 00EC0940 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[660] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00EC09B0 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[660] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] 00BF0CC0 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[660] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] 00EC0A20 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[660] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7D1F0B70 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[660] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7D1F0BE0 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[660] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D200400 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[660] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7D200470 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[660] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7D2004E0 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[660] @ C:\WINDOWS\system32\secur32.dll [ntdll.dll!RtlFreeHeap] 00C002B0 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[660] @ C:\WINDOWS\system32\secur32.dll [ntdll.dll!RtlAllocateHeap] 00C00320 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[660] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D200D30 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[660] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!GetModuleHandleW] 7D200DA0 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[660] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!GetProcAddress] 7D200E10 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[660] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!FreeLibrary] 7D200E80 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[660] @ C:\WINDOWS\system32\netapi32.dll [ntdll.dll!RtlAllocateHeap] 00C00390 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[660] @ C:\WINDOWS\system32\netapi32.dll [ntdll.dll!RtlFreeHeap] 00C00400 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[660] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D200EF0 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[660] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!FreeLibrary] 7D200F60 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[660] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!GetProcAddress] 00ED0010 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[660] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!CreateThread] 00C00550 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[660] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00ED0550 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[660] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 00ED05C0 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[660] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 00ED0630 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[660] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 00ED06A0 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[660] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 00ED0710 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[660] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 00C00940 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[660] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy] 00C009B0 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[660] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapCreate] 00C00A90 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[660] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 00ED0780 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[660] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 00C00D30 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[660] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] 00EE05C0 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[660] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 00EE0630 IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[660] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 00EE06A0 ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) Device \Driver\Gpc \Device\Gpc msgpc.sys (MS General Packet Classifier/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- |
|
|
|
|
|
|
07.04.2011, 18:40
...neu hier
Themenstarter Beiträge: 4 |
#4
Hier ist dass OTL Logfile(das mit dem Code funktioniert irgendwie net):
OTL logfile created on: 07.04.2011 18:23:20 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 62,00% Memory free 3,00 Gb Paging File | 3,00 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 136,71 Gb Total Space | 131,66 Gb Free Space | 96,30% Space Free | Partition Type: NTFS Drive E: | 12,33 Gb Total Space | 11,77 Gb Free Space | 95,53% Space Free | Partition Type: NTFS Drive F: | 498,76 Mb Total Space | 213,42 Mb Free Space | 42,79% Space Free | Partition Type: FAT32 Drive G: | 931,51 Gb Total Space | 91,42 Gb Free Space | 9,81% Space Free | Partition Type: NTFS Computer Name: AND-DF02BACAE05 | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\ttedxx17.exe () PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation) [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - (HidServ) -- File not found SRV - (AVP) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab) DRV - (kl2) -- C:\WINDOWS\system32\drivers\kl2.sys (Kaspersky Lab ZAO) DRV - (KL1) -- C:\WINDOWS\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO) DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab ZAO) DRV - (klmouflt) -- C:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (NVENET) -- C:\WINDOWS\system32\drivers\NVENET.sys (NVIDIA Corporation) DRV - (nvidesm) -- C:\WINDOWS\system32\drivers\nvidesm.sys (NVIDIA Corporation) DRV - (nv_agp) -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys (NVIDIA Corporation) DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.04.07 15:14:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.07 16:33:00 | 000,000,000 | ---D | M] [2011.04.07 15:15:00 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2011.04.07 16:31:13 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\ehxv4gib.default\extensions [2011.04.07 16:33:06 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.04.07 16:33:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.04.07 15:27:24 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru [2011.04.07 15:27:23 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru File not found (No name found) -- () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\EHXV4GIB.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.04.07 16:31:54 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll [2011.04.07 16:31:51 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.04.07 17:30:21 | 000,000,716 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O4 - HKLM..\Run: [AVP] C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe () O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1 O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm () O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.04.07 14:36:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{60620841-6120-11e0-9196-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{60620841-6120-11e0-9196-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{60620841-6120-11e0-9196-806d6172696f}\Shell\AutoRun\command - "" = F:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011.04.07 18:25:53 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2011.04.07 18:25:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\HiJackThis [2011.04.07 17:53:53 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent [2011.04.07 17:47:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes [2011.04.07 17:45:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.04.07 17:45:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2011.04.07 17:45:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2011.04.07 17:45:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.04.07 17:45:32 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.04.07 17:17:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2011.04.07 16:34:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun [2011.04.07 16:34:00 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2011.04.07 16:33:00 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2011.04.07 16:33:00 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2011.04.07 16:33:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2011.04.07 16:33:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2011.04.07 16:33:00 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2011.04.07 16:32:04 | 000,000,000 | ---D | C] -- C:\Programme\DivX [2011.04.07 16:32:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DivX [2011.04.07 16:31:28 | 000,000,000 | ---D | C] -- C:\Programme\Java [2011.04.07 16:30:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vlc [2011.04.07 16:28:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun [2011.04.07 16:20:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia [2011.04.07 16:20:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Adobe [2011.04.07 16:19:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VideoLAN [2011.04.07 16:16:56 | 000,000,000 | ---D | C] -- C:\Programme\VideoLAN [2011.04.07 16:09:41 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts [2011.04.07 16:09:41 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache [2011.04.07 16:09:41 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web [2011.04.07 16:09:41 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32 [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32 [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\system [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\security [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\java [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076 [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052 [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054 [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042 [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041 [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037 [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033 [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031 [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028 [2011.04.07 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025 [2011.04.07 16:01:02 | 000,000,000 | ---D | C] -- C:\Programme\xp-AntiSpy [2011.04.07 16:01:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\xp-AntiSpy [2011.04.07 15:27:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Kaspersky Internet Security 2011 [2011.04.07 15:26:14 | 000,000,000 | ---D | C] -- C:\Programme\Kaspersky Lab [2011.04.07 15:26:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab [2011.04.07 15:26:03 | 000,475,736 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [2011.04.07 15:26:00 | 000,145,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys [2011.04.07 15:26:00 | 000,145,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\portcls.sys [2011.04.07 15:26:00 | 000,060,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys [2011.04.07 15:26:00 | 000,060,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmk.sys [2011.04.07 15:26:00 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msmpu401.sys [2011.04.07 15:25:59 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax [2011.04.07 15:25:59 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksproxy.ax [2011.04.07 15:25:59 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll [2011.04.07 15:25:59 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksuser.dll [2011.04.07 15:25:58 | 000,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gameenum.sys [2011.04.07 15:25:38 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll [2011.04.07 15:24:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files [2011.04.07 15:20:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NVIDIA Corporation [2011.04.07 15:20:07 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer [2011.04.07 15:20:06 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\ODBC [2011.04.07 15:20:05 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcommon.dll [2011.04.07 15:20:05 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcplui.dll [2011.04.07 15:20:04 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spttseng.dll [2011.04.07 15:20:03 | 000,741,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapi.dll [2011.04.07 15:20:03 | 000,159,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapi.cpl [2011.04.07 15:20:03 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapisvr.exe [2011.04.07 15:20:03 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\SpeechEngines [2011.04.07 15:20:02 | 000,000,000 | R--D | C] -- C:\Programme [2011.04.07 15:20:02 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared [2011.04.07 15:20:02 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien [2011.04.07 15:20:01 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt041f.dll [2011.04.07 15:19:59 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll [2011.04.07 15:19:59 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll [2011.04.07 15:19:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuq.dll [2011.04.07 15:19:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuf.dll [2011.04.07 15:19:59 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll [2011.04.07 15:19:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdazel.dll [2011.04.07 15:19:58 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0419.dll [2011.04.07 15:19:57 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll [2011.04.07 15:19:57 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll [2011.04.07 15:19:57 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll [2011.04.07 15:19:57 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll [2011.04.07 15:19:57 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll [2011.04.07 15:19:57 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll [2011.04.07 15:19:57 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbduzb.dll [2011.04.07 15:19:57 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtat.dll [2011.04.07 15:19:57 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdmon.dll [2011.04.07 15:19:57 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkyr.dll [2011.04.07 15:19:57 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkaz.dll [2011.04.07 15:19:57 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdaze.dll [2011.04.07 15:19:56 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0408.dll [2011.04.07 15:19:56 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll [2011.04.07 15:19:56 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll [2011.04.07 15:19:56 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll [2011.04.07 15:19:56 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll [2011.04.07 15:19:56 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll [2011.04.07 15:19:56 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll [2011.04.07 15:19:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycc.dll [2011.04.07 15:19:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdur.dll [2011.04.07 15:19:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru1.dll [2011.04.07 15:19:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru.dll [2011.04.07 15:19:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdbu.dll [2011.04.07 15:19:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdblr.dll [2011.04.07 15:19:54 | 000,008,192 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll [2011.04.07 15:19:54 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhept.dll [2011.04.07 15:19:54 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll [2011.04.07 15:19:54 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela3.dll [2011.04.07 15:19:54 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll [2011.04.07 15:19:54 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll [2011.04.07 15:19:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela2.dll [2011.04.07 15:19:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgkl.dll [2011.04.07 15:19:54 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll [2011.04.07 15:19:54 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll [2011.04.07 15:19:54 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll [2011.04.07 15:19:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe319.dll [2011.04.07 15:19:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe220.dll [2011.04.07 15:19:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe.dll [2011.04.07 15:19:52 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040e.dll [2011.04.07 15:19:52 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0415.dll [2011.04.07 15:19:52 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0405.dll [2011.04.07 15:19:52 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll [2011.04.07 15:19:52 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll [2011.04.07 15:19:52 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll [2011.04.07 15:19:52 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv1.dll [2011.04.07 15:19:52 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv.dll [2011.04.07 15:19:52 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdest.dll [2011.04.07 15:19:52 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll [2011.04.07 15:19:52 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll [2011.04.07 15:19:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt1.dll [2011.04.07 15:19:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt.dll [2011.04.07 15:19:50 | 000,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll [2011.04.07 15:19:50 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz.dll [2011.04.07 15:19:50 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycl.dll [2011.04.07 15:19:50 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll [2011.04.07 15:19:50 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll [2011.04.07 15:19:50 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll [2011.04.07 15:19:50 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll [2011.04.07 15:19:50 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll [2011.04.07 15:19:50 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll [2011.04.07 15:19:50 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll [2011.04.07 15:19:50 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL [2011.04.07 15:19:50 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycl.dll [2011.04.07 15:19:50 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl1.dll [2011.04.07 15:19:50 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl.dll [2011.04.07 15:19:50 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl.dll [2011.04.07 15:19:50 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu.dll [2011.04.07 15:19:50 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz2.dll [2011.04.07 15:19:50 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz1.dll [2011.04.07 15:19:50 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcr.dll [2011.04.07 15:19:50 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdal.dll [2011.04.07 15:19:50 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdro.dll [2011.04.07 15:19:50 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl1.dll [2011.04.07 15:19:50 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll [2011.04.07 15:19:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdro.dll [2011.04.07 15:19:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl1.dll [2011.04.07 15:19:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu1.dll [2011.04.07 15:19:47 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\dgrpsetu.dll [2011.04.07 15:19:47 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dgrpsetu.dll [2011.04.07 15:19:47 | 000,086,556 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgsetup.dll [2011.04.07 15:19:47 | 000,086,556 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dgsetup.dll [2011.04.07 15:19:47 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll [2011.04.07 15:19:47 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll [2011.04.07 15:19:47 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll [2011.04.07 15:19:47 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll [2011.04.07 15:19:46 | 000,103,936 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\EqnClass.Dll [2011.04.07 15:19:46 | 000,103,936 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnclass.dll [2011.04.07 15:19:46 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL [2011.04.07 15:19:46 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL [2011.04.07 15:19:46 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL [2011.04.07 15:19:46 | 000,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV [2011.04.07 15:19:46 | 000,009,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL [2011.04.07 15:19:46 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL [2011.04.07 15:19:46 | 000,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV [2011.04.07 15:19:46 | 000,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV [2011.04.07 15:19:46 | 000,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV [2011.04.07 15:19:46 | 000,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV [2011.04.07 15:19:45 | 000,127,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL [2011.04.07 15:19:45 | 000,109,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL [2011.04.07 15:19:45 | 000,073,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV [2011.04.07 15:19:45 | 000,070,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL [2011.04.07 15:19:45 | 000,033,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL [2011.04.07 15:19:45 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV [2011.04.07 15:19:45 | 000,025,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV [2011.04.07 15:19:45 | 000,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL [2011.04.07 15:19:45 | 000,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV [2011.04.07 15:19:45 | 000,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV [2011.04.07 15:19:45 | 000,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK [2011.04.07 15:19:44 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WINSPOOL.DRV [2011.04.07 15:19:44 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE [2011.04.07 15:19:44 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\taskman.exe [2011.04.07 15:19:44 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irenum.sys [2011.04.07 15:19:44 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\batt.dll [2011.04.07 15:19:44 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll [2011.04.07 15:19:43 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMSYSTEM.DLL [2011.04.07 15:19:41 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll [2011.04.07 15:19:34 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü [2011.04.07 15:19:34 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente [2011.04.07 15:19:34 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart [2011.04.07 15:19:34 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Vorlagen [2011.04.07 15:19:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Favoriten [2011.04.07 15:19:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Desktop [2011.04.07 15:19:31 | 000,015,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll [2011.04.07 15:19:27 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$ [2011.04.07 15:18:56 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll [2011.04.07 15:18:55 | 014,671,872 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll [2011.04.07 15:18:55 | 004,980,736 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll [2011.04.07 15:18:55 | 002,916,968 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll [2011.04.07 15:18:55 | 002,251,368 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll [2011.04.07 15:18:55 | 000,941,160 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco322090.dll [2011.04.07 15:18:55 | 000,837,736 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco322040.dll [2011.04.07 15:18:52 | 013,004,800 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll [2011.04.07 15:18:52 | 009,888,672 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_mini.sys [2011.04.07 15:18:52 | 006,397,824 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll [2011.04.07 15:18:52 | 006,397,824 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_disp.dll [2011.04.07 15:18:52 | 001,958,400 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll [2011.04.07 15:18:38 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation [2011.04.07 15:18:08 | 000,000,000 | ---D | C] -- C:\NVIDIA [2011.04.07 15:17:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2 [2011.04.07 15:17:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot [2011.04.07 15:17:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads [2011.04.07 15:17:36 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft [2011.04.07 15:17:36 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten [2011.04.07 15:16:46 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2011.04.07 15:16:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen [2011.04.07 15:14:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Mozilla [2011.04.07 15:14:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla [2011.04.07 15:14:27 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2011.04.07 15:12:34 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Administrator\UserData [2011.04.07 15:07:01 | 010,528,768 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTLCPL.exe [2011.04.07 15:07:01 | 000,000,000 | ---D | C] -- C:\Programme\Realtek AC97 [2011.04.07 15:06:59 | 018,804,736 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\alsndmgr.cpl [2011.04.07 15:06:59 | 004,030,144 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\alcxwdm.sys [2011.04.07 15:06:59 | 000,577,536 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe [2011.04.07 15:06:58 | 000,315,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcupd.exe [2011.04.07 15:06:58 | 000,217,088 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\Alcrmv.exe [2011.04.07 15:06:58 | 000,000,000 | -H-D | C] -- C:\Programme\InstallShield Installation Information [2011.04.07 15:06:26 | 000,013,568 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv_agp.SYS [2011.04.07 15:06:05 | 000,028,160 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmdcoi.dll [2011.04.07 15:06:05 | 000,020,224 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvidesm.sys [2011.04.07 15:05:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups [2011.04.07 15:05:15 | 000,080,896 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\NVENET.sys [2011.04.07 15:04:56 | 000,126,976 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NVNFINST.DLL [2011.04.07 15:04:49 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\InstallShield [2011.04.07 15:04:40 | 000,000,000 | ---D | C] -- C:\Programme\Driver [2011.04.07 15:04:35 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe [2011.04.07 14:54:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Lavalys [2011.04.07 14:54:05 | 000,000,000 | ---D | C] -- C:\Programme\Lavalys [2011.04.07 14:40:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Identities [2011.04.07 14:40:53 | 000,000,000 | -H-D | C] -- C:\Programme\Uninstall Information [2011.04.07 14:40:52 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Eigene Musik [2011.04.07 14:40:52 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien [2011.04.07 14:40:52 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Eigene Bilder [2011.04.07 14:40:41 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft [2011.04.07 14:40:41 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Administrator\Cookies [2011.04.07 14:40:41 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\SendTo [2011.04.07 14:40:41 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten [2011.04.07 14:40:41 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Zubehör [2011.04.07 14:40:41 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü [2011.04.07 14:40:41 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Favoriten [2011.04.07 14:40:41 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart [2011.04.07 14:40:41 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Vorlagen [2011.04.07 14:40:41 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Netzwerkumgebung [2011.04.07 14:40:41 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen [2011.04.07 14:40:41 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Druckumgebung [2011.04.07 14:40:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft [2011.04.07 14:40:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop [2011.04.07 14:40:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution [2011.04.07 14:40:32 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft [2011.04.07 14:40:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2011.04.07 14:40:31 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft [2011.04.07 14:40:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft [2011.04.07 14:40:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft [2011.04.07 14:40:27 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft [2011.04.07 14:39:20 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpns.dll [2011.04.07 14:39:17 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime [2011.04.07 14:39:16 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime [2011.04.07 14:39:16 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime [2011.04.07 14:39:16 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime [2011.04.07 14:39:16 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime [2011.04.07 14:39:15 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime [2011.04.07 14:39:14 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg51.dll [2011.04.07 14:39:14 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll [2011.04.07 14:39:14 | 000,031,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys [2011.04.07 14:39:13 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll [2011.04.07 14:39:13 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam51.dll [2011.04.07 14:39:13 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll [2011.04.07 14:39:13 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll [2011.04.07 14:39:13 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll [2011.04.07 14:39:12 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll [2011.04.07 14:39:12 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll [2011.04.07 14:39:12 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll [2011.04.07 14:39:12 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll [2011.04.07 14:39:10 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll [2011.04.07 14:39:09 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll [2011.04.07 14:39:09 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime [2011.04.07 14:39:09 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe [2011.04.07 14:39:08 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe [2011.04.07 14:39:08 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll [2011.04.07 14:39:08 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll [2011.04.07 14:39:07 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime [2011.04.07 14:39:07 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll [2011.04.07 14:39:07 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe [2011.04.07 14:39:06 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys [2011.04.07 14:39:06 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys [2011.04.07 14:39:06 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys [2011.04.07 14:39:04 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext51.dll [2011.04.07 14:39:04 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll [2011.04.07 14:39:03 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll [2011.04.07 14:39:03 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll [2011.04.07 14:39:03 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc51.dll [2011.04.07 14:39:02 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll [2011.04.07 14:39:01 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll [2011.04.07 14:39:01 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll [2011.04.07 14:39:01 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll [2011.04.07 14:39:01 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe [2011.04.07 14:39:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll [2011.04.07 14:39:01 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll [2011.04.07 14:39:00 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll [2011.04.07 14:39:00 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll [2011.04.07 14:39:00 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll [2011.04.07 14:39:00 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe [2011.04.07 14:38:59 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe [2011.04.07 14:38:59 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll [2011.04.07 14:38:59 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll [2011.04.07 14:38:59 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpapi.dll [2011.04.07 14:38:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll [2011.04.07 14:38:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll [2011.04.07 14:38:58 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll [2011.04.07 14:38:58 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll [2011.04.07 14:38:58 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll [2011.04.07 14:38:58 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll [2011.04.07 14:38:58 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll [2011.04.07 14:38:58 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll [2011.04.07 14:38:58 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll [2011.04.07 14:38:58 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll [2011.04.07 14:38:57 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll [2011.04.07 14:38:57 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll [2011.04.07 14:38:57 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll [2011.04.07 14:38:57 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll [2011.04.07 14:38:57 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll [2011.04.07 14:38:57 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll [2011.04.07 14:38:53 | 000,221,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seo.dll [2011.04.07 14:38:53 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll [2011.04.07 14:38:53 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll [2011.04.07 14:38:52 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll [2011.04.07 14:38:52 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll [2011.04.07 14:38:52 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll [2011.04.07 14:38:52 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll [2011.04.07 14:38:52 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwnh.dll [2011.04.07 14:38:51 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime [2011.04.07 14:38:51 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcref.dll [2011.04.07 14:38:50 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe [2011.04.07 14:38:50 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe [2011.04.07 14:38:49 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys [2011.04.07 14:38:49 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe [2011.04.07 14:38:48 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime [2011.04.07 14:38:48 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe [2011.04.07 14:38:48 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pwsdata.dll [2011.04.07 14:38:47 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll [2011.04.07 14:38:46 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime [2011.04.07 14:38:46 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe [2011.04.07 14:38:46 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll [2011.04.07 14:38:46 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll [2011.04.07 14:38:46 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll [2011.04.07 14:38:45 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll [2011.04.07 14:38:44 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime [2011.04.07 14:38:44 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll [2011.04.07 14:38:44 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll [2011.04.07 14:38:43 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll [2011.04.07 14:38:43 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll [2011.04.07 14:38:43 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll [2011.04.07 14:38:43 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll [2011.04.07 14:38:41 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npdrmv2.dll [2011.04.07 14:38:41 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsepm.dll [2011.04.07 14:38:41 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll [2011.04.07 14:38:40 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll [2011.04.07 14:38:39 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll [2011.04.07 14:38:38 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe [2011.04.07 14:38:36 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex [2011.04.07 14:38:36 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiregmv.exe [2011.04.07 14:38:35 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll [2011.04.07 14:38:30 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys [2011.04.07 14:38:30 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll [2011.04.07 14:38:30 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe [2011.04.07 14:38:29 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metada51.dll [2011.04.07 14:38:29 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\md5filt.dll [2011.04.07 14:38:29 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll [2011.04.07 14:38:28 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll [2011.04.07 14:38:28 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll [2011.04.07 14:38:27 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll [2011.04.07 14:38:27 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll [2011.04.07 14:38:27 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll [2011.04.07 14:38:27 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lonsint.dll [2011.04.07 14:38:26 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll [2011.04.07 14:38:25 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll [2011.04.07 14:38:25 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll [2011.04.07 14:38:25 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll [2011.04.07 14:38:25 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll [2011.04.07 14:38:25 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll [2011.04.07 14:38:24 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll [2011.04.07 14:38:24 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll [2011.04.07 14:38:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll [2011.04.07 14:38:24 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll [2011.04.07 14:38:24 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll [2011.04.07 14:38:24 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll [2011.04.07 14:38:24 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll [2011.04.07 14:38:23 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll [2011.04.07 14:38:23 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll [2011.04.07 14:38:23 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll [2011.04.07 14:38:23 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll [2011.04.07 14:38:23 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll [2011.04.07 14:38:23 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll [2011.04.07 14:38:23 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll [2011.04.07 14:38:23 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll [2011.04.07 14:38:22 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll [2011.04.07 14:38:22 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll [2011.04.07 14:38:22 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll [2011.04.07 14:38:22 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll [2011.04.07 14:38:22 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll [2011.04.07 14:38:22 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll [2011.04.07 14:38:22 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll [2011.04.07 14:38:21 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll [2011.04.07 14:38:21 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll [2011.04.07 14:38:21 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll [2011.04.07 14:38:21 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll [2011.04.07 14:38:21 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll [2011.04.07 14:38:21 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll [2011.04.07 14:38:21 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll [2011.04.07 14:38:20 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iscomlog.dll [2011.04.07 14:38:20 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll [2011.04.07 14:38:20 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll [2011.04.07 14:38:20 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll [2011.04.07 14:38:20 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll [2011.04.07 14:38:20 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll [2011.04.07 14:38:19 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll [2011.04.07 14:38:19 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll [2011.04.07 14:38:18 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infocomm.dll [2011.04.07 14:38:18 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetin51.exe [2011.04.07 14:38:18 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll [2011.04.07 14:38:17 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll [2011.04.07 14:38:17 | 000,315,452 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll [2011.04.07 14:38:17 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll [2011.04.07 14:38:17 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll [2011.04.07 14:38:17 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe [2011.04.07 14:38:16 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe [2011.04.07 14:38:16 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe [2011.04.07 14:38:16 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe [2011.04.07 14:38:16 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe [2011.04.07 14:38:16 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe [2011.04.07 14:38:15 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll [2011.04.07 14:38:15 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll [2011.04.07 14:38:15 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe [2011.04.07 14:38:15 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll [2011.04.07 14:38:15 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe [2011.04.07 14:38:14 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll [2011.04.07 14:38:14 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime [2011.04.07 14:38:14 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe [2011.04.07 14:38:14 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll [2011.04.07 14:38:14 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe [2011.04.07 14:38:13 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll [2011.04.07 14:38:13 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime [2011.04.07 14:38:13 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll [2011.04.07 14:38:13 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe [2011.04.07 14:38:13 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll [2011.04.07 14:38:12 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iische51.dll [2011.04.07 14:38:12 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iislog51.dll [2011.04.07 14:38:12 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll [2011.04.07 14:38:12 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisadmin.dll [2011.04.07 14:38:12 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll [2011.04.07 14:38:12 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisfecnv.dll [2011.04.07 14:38:07 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll [2011.04.07 14:37:58 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll [2011.04.07 14:37:58 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll [2011.04.07 14:37:58 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpod51.dll [2011.04.07 14:37:58 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpmb51.dll [2011.04.07 14:37:57 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll [2011.04.07 14:37:57 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll [2011.04.07 14:37:56 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gzip.dll [2011.04.07 14:37:55 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll [2011.04.07 14:37:55 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll [2011.04.07 14:37:55 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll [2011.04.07 14:37:55 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll [2011.04.07 14:37:55 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll [2011.04.07 14:37:54 | 000,563,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll [2011.04.07 14:37:54 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe [2011.04.07 14:37:54 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll [2011.04.07 14:37:54 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe [2011.04.07 14:37:54 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll [2011.04.07 14:37:54 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll [2011.04.07 14:37:53 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll [2011.04.07 14:37:53 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe [2011.04.07 14:37:53 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll [2011.04.07 14:37:53 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll [2011.04.07 14:37:53 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll [2011.04.07 14:37:53 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll [2011.04.07 14:37:53 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll [2011.04.07 14:37:53 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll [2011.04.07 14:37:52 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll [2011.04.07 14:37:52 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe [2011.04.07 14:37:52 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsv251.dll [2011.04.07 14:37:52 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll [2011.04.07 14:37:52 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll [2011.04.07 14:37:52 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll [2011.04.07 14:37:51 | 000,618,605 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4autl.dll [2011.04.07 14:37:51 | 000,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe [2011.04.07 14:37:51 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll [2011.04.07 14:37:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll [2011.04.07 14:37:50 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll [2011.04.07 14:37:50 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe [2011.04.07 14:37:50 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll [2011.04.07 14:37:49 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll [2011.04.07 14:37:49 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe [2011.04.07 14:37:49 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe [2011.04.07 14:37:49 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys [2011.04.07 14:37:49 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exstrace.dll [2011.04.07 14:37:48 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll [2011.04.07 14:37:48 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll [2011.04.07 14:37:48 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll [2011.04.07 14:37:47 | 000,514,587 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\edb500.dll [2011.04.07 14:37:43 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime [2011.04.07 14:37:43 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\davcdata.exe [2011.04.07 14:37:42 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe [2011.04.07 14:37:42 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe [2011.04.07 14:37:41 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe [2011.04.07 14:37:41 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll [2011.04.07 14:37:41 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll [2011.04.07 14:37:40 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compfilt.dll [2011.04.07 14:37:39 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe [2011.04.07 14:37:39 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll [2011.04.07 14:37:39 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll [2011.04.07 14:37:39 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime [2011.04.07 14:37:38 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll [2011.04.07 14:37:38 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll [2011.04.07 14:37:38 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll [2011.04.07 14:37:37 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime [2011.04.07 14:37:37 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe [2011.04.07 14:37:37 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe [2011.04.07 14:37:37 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe [2011.04.07 14:37:37 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe [2011.04.07 14:37:36 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys [2011.04.07 14:37:36 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll [2011.04.07 14:37:35 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll [2011.04.07 14:37:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll [2011.04.07 14:37:27 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll [2011.04.07 14:37:26 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll [2011.04.07 14:37:25 | 000,375,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asp51.dll [2011.04.07 14:37:25 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll [2011.04.07 14:37:25 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll [2011.04.07 14:37:25 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll [2011.04.07 14:37:25 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll [2011.04.07 14:37:24 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\appconf.dll [2011.04.07 14:37:24 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll [2011.04.07 14:37:24 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll [2011.04.07 14:37:24 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll [2011.04.07 14:37:24 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll [2011.04.07 14:37:23 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll [2011.04.07 14:37:23 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll [2011.04.07 14:37:23 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll [2011.04.07 14:37:22 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll [2011.04.07 14:37:22 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admexs.dll [2011.04.07 14:37:22 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll [2011.04.07 14:37:21 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npwmsdrm.dll [2011.04.07 14:37:20 | 000,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll [2011.04.07 14:37:19 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe [2011.04.07 14:37:19 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll [2011.04.07 14:37:19 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll [2011.04.07 14:37:18 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsnap.dll [2011.04.07 14:37:18 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpadm.dll [2011.04.07 14:37:18 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\staxmem.dll [2011.04.07 14:37:17 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll [2011.04.07 14:37:17 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe [2011.04.07 14:37:13 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logui.ocx [2011.04.07 14:37:12 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.dll [2011.04.07 14:37:12 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isatq.dll [2011.04.07 14:37:12 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll [2011.04.07 14:37:12 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoadmn.dll [2011.04.07 14:37:12 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe [2011.04.07 14:37:11 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll [2011.04.07 14:37:11 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrtl.dll [2011.04.07 14:37:11 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismap.dll [2011.04.07 14:37:11 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstas.exe [2011.04.07 14:37:11 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe [2011.04.07 14:37:11 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll [2011.04.07 14:37:10 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll [2011.04.07 14:37:10 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll [2011.04.07 14:37:10 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisext51.dll [2011.04.07 14:37:10 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe [2011.04.07 14:37:10 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll [2011.04.07 14:37:09 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll [2011.04.07 14:37:09 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe [2011.04.07 14:37:09 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe [2011.04.07 14:37:09 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll [2011.04.07 14:37:09 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll [2011.04.07 14:37:09 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe [2011.04.07 14:37:08 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll [2011.04.07 14:37:08 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll [2011.04.07 14:37:08 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll [2011.04.07 14:37:08 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll [2011.04.07 14:37:08 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll [2011.04.07 14:37:08 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll [2011.04.07 14:37:08 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll [2011.04.07 14:37:07 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certwiz.ocx [2011.04.07 14:37:07 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe [2011.04.07 14:37:07 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnfgprts.ocx [2011.04.07 14:37:07 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\coadmin.dll [2011.04.07 14:37:06 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis51.dll [2011.04.07 14:37:06 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx [2011.04.07 14:37:06 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll [2011.04.07 14:37:06 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll [2011.04.07 14:37:06 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe [2011.04.07 14:37:05 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe [2011.04.07 14:37:04 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll [2011.04.07 14:37:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom [2011.04.07 14:37:03 | 000,000,000 | ---D | C] -- C:\Programme\xerox [2011.04.07 14:37:03 | 000,000,000 | ---D | C] -- C:\Programme\microsoft frontpage [2011.04.07 14:36:08 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll [2011.04.07 14:35:29 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users\DRM [2011.04.07 14:35:18 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files [2011.04.07 14:35:18 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages [2011.04.07 14:35:07 | 000,000,000 | -H-D | C] -- C:\Programme\WindowsUpdate [2011.04.07 14:35:03 | 000,000,000 | ---D | C] -- C:\Programme\Online-Dienste [2011.04.07 14:34:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX [2011.04.07 14:34:22 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoobe.exe [2011.04.07 14:34:20 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helphost.exe [2011.04.07 14:34:20 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\notiflag.exe [2011.04.07 14:34:20 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brpinfo.dll [2011.04.07 14:34:20 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atrace.dll [2011.04.07 14:34:20 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll [2011.04.07 14:34:20 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hcappres.dll [2011.04.07 14:34:11 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srdiag.exe [2011.04.07 14:34:10 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wb32.exe [2011.04.07 14:34:10 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll [2011.04.07 14:34:10 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmevtmsg.dll [2011.04.07 14:34:09 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acctres.dll [2011.04.07 14:34:09 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll [2011.04.07 14:34:09 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msinfo32.exe [2011.04.07 14:34:09 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cb32.exe [2011.04.07 14:34:08 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Dienste [2011.04.07 14:34:05 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwtutor.exe [2011.04.07 14:34:05 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwres.dll [2011.04.07 14:34:05 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trialoc.dll [2011.04.07 14:34:05 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoapr.dll [2011.04.07 14:34:05 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe [2011.04.07 14:34:05 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll [2011.04.07 14:34:05 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icfgnt5.dll [2011.04.07 14:34:05 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks [2011.04.07 14:34:04 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoap1.dll [2011.04.07 14:34:04 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieinfo5.ocx [2011.04.07 14:34:04 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wisc10.dll [2011.04.07 14:34:04 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\MSSoap [2011.04.07 14:34:01 | 000,727,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srchui.dll [2011.04.07 14:34:01 | 000,058,434 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srchctls.dll [2011.04.07 14:34:00 | 003,166,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgr3en.dll [2011.04.07 14:34:00 | 000,848,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll [2011.04.07 14:34:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst [2011.04.07 14:33:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed [2011.04.07 14:33:58 | 000,827,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup_wm.exe [2011.04.07 14:33:57 | 000,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migrate.exe [2011.04.07 14:33:57 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpvis.dll [2011.04.07 14:33:57 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpband.dll [2011.04.07 14:33:57 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmplayer.exe [2011.04.07 14:33:57 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\custsat.dll [2011.04.07 14:33:56 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll [2011.04.07 14:33:56 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng1.dll [2011.04.07 14:33:56 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll [2011.04.07 14:33:56 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll [2011.04.07 14:33:56 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll [2011.04.07 14:33:56 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauserv.dll [2011.04.07 14:33:55 | 001,134,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll [2011.04.07 14:33:55 | 000,431,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll [2011.04.07 14:33:55 | 000,431,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll [2011.04.07 14:33:55 | 000,168,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe [2011.04.07 14:33:55 | 000,168,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt1.exe [2011.04.07 14:33:55 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl [2011.04.07 14:33:55 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe [2011.04.07 14:33:55 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll [2011.04.07 14:33:55 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll [2011.04.07 14:33:55 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx3.dll [2011.04.07 14:33:55 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll [2011.04.07 14:33:54 | 000,382,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qmgr.dll [2011.04.07 14:33:54 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll [2011.04.07 14:33:54 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qmgrprxy.dll [2011.04.07 14:33:54 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx2.dll [2011.04.07 14:33:54 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll [2011.04.07 14:33:52 | 004,293,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2res.dll [2011.04.07 14:33:52 | 000,502,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2fxa.dll [2011.04.07 14:33:52 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2fxb.dll [2011.04.07 14:33:52 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2res2.dll [2011.04.07 14:33:52 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2eres.dll [2011.04.07 14:33:51 | 000,402,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2filt.dll [2011.04.07 14:33:51 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2ae.dll [2011.04.07 14:33:51 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2ext.dll [2011.04.07 14:33:50 | 003,555,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe [2011.04.07 14:33:50 | 000,000,000 | ---D | C] -- C:\Programme\Movie Maker [2011.04.07 14:33:49 | 000,562,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobmain.dll [2011.04.07 14:33:49 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobshel.dll [2011.04.07 14:33:49 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobdl.dll [2011.04.07 14:33:48 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobcomm.dll [2011.04.07 14:33:48 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oobebaln.exe [2011.04.07 14:33:48 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobweb.dll [2011.04.07 14:33:46 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uploadm.exe [2011.04.07 14:33:46 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll [2011.04.07 14:33:46 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrslv.dll [2011.04.07 14:33:46 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll [2011.04.07 14:33:46 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\racpldlg.dll [2011.04.07 14:33:46 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll [2011.04.07 14:33:46 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrcdlg.dll [2011.04.07 14:33:46 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pchsvc.dll [2011.04.07 14:33:46 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll [2011.04.07 14:33:46 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrdm.dll [2011.04.07 14:33:45 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pchshell.dll [2011.04.07 14:33:43 | 000,768,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpctr.exe [2011.04.07 14:33:43 | 000,743,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe [2011.04.07 14:33:43 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msconfig.exe [2011.04.07 14:33:43 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hscupd.exe [2011.04.07 14:33:42 | 000,385,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rstrui.exe [2011.04.07 14:33:42 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll [2011.04.07 14:33:42 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srrstr.dll [2011.04.07 14:33:42 | 000,124,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmgr.sys [2011.04.07 14:33:42 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltMc.exe [2011.04.07 14:33:42 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmc.exe [2011.04.07 14:33:42 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltlib.dll [2011.04.07 14:33:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore [2011.04.07 14:33:41 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srsvc.dll [2011.04.07 14:33:41 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll [2011.04.07 14:33:41 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ils.dll [2011.04.07 14:33:41 | 000,073,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sr.sys [2011.04.07 14:33:41 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srclient.dll [2011.04.07 14:33:41 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll [2011.04.07 14:33:41 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mnmdd.dll [2011.04.07 14:33:41 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll [2011.04.07 14:33:41 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\isrdbg32.dll [2011.04.07 14:33:40 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmas.dll [2011.04.07 14:33:40 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll [2011.04.07 14:33:40 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msconf.dll [2011.04.07 14:33:40 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dcap32.dll [2011.04.07 14:33:40 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mnmsrvc.exe [2011.04.07 14:33:40 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll [2011.04.07 14:33:40 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmmkcert.dll [2011.04.07 14:33:40 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmasnt.dll [2011.04.07 14:33:39 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\callcont.dll [2011.04.07 14:33:39 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nac.dll [2011.04.07 14:33:39 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rrcm.dll [2011.04.07 14:33:39 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\h323cc.dll [2011.04.07 14:33:39 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\confmrsl.dll [2011.04.07 14:33:38 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mst120.dll [2011.04.07 14:33:38 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmwb.dll [2011.04.07 14:33:38 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmoldwb.dll [2011.04.07 14:33:38 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmft.dll [2011.04.07 14:33:38 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmchat.dll [2011.04.07 14:33:38 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmcom.dll [2011.04.07 14:33:38 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mst123.dll [2011.04.07 14:33:37 | 001,040,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\conf.exe [2011.04.07 14:33:37 | 000,504,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab32.dll [2011.04.07 14:33:37 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll [2011.04.07 14:33:37 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoeacct.dll [2011.04.07 14:33:37 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll [2011.04.07 14:33:37 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoert2.dll [2011.04.07 14:33:37 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabimp.dll [2011.04.07 14:33:37 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe [2011.04.07 14:33:37 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabfind.dll [2011.04.07 14:33:37 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabmig.exe [2011.04.07 14:33:37 | 000,000,000 | ---D | C] -- C:\Programme\NetMeeting [2011.04.07 14:33:36 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll [2011.04.07 14:33:36 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab32res.dll [2011.04.07 14:33:36 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\directdb.dll [2011.04.07 14:33:36 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msimn.exe [2011.04.07 14:33:36 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll [2011.04.07 14:33:36 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetres.dll [2011.04.07 14:33:35 | 002,532,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoeres.dll [2011.04.07 14:33:35 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oeimport.dll [2011.04.07 14:33:34 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstask.dll [2011.04.07 14:33:34 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schedsvc.dll [2011.04.07 14:33:34 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup50.exe [2011.04.07 14:33:34 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oemig50.exe [2011.04.07 14:33:34 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oemiglib.dll [2011.04.07 14:33:34 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe [2011.04.07 14:33:34 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstinit.exe [2011.04.07 14:33:34 | 000,000,000 | ---D | C] -- C:\Programme\Outlook Express [2011.04.07 14:33:33 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll [2011.04.07 14:33:33 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcfg.dll [2011.04.07 14:33:33 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll [2011.04.07 14:33:33 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll [2011.04.07 14:33:33 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll [2011.04.07 14:33:33 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwdial.dll [2011.04.07 14:33:33 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll [2011.04.07 14:33:33 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwphbk.dll [2011.04.07 14:33:32 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwhelp.dll [2011.04.07 14:33:32 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn.dll [2011.04.07 14:33:32 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwutil.dll [2011.04.07 14:33:32 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwdl.dll [2011.04.07 14:33:32 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwrmind.exe [2011.04.07 14:33:32 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetwiz.exe [2011.04.07 14:33:31 | 000,561,179 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dao360.dll [2011.04.07 14:33:31 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn1.exe [2011.04.07 14:33:31 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sqlxmlx.dll [2011.04.07 14:33:31 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn2.exe [2011.04.07 14:33:30 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oledb32.dll [2011.04.07 14:33:30 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasql.dll [2011.04.07 14:33:30 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaps.dll [2011.04.07 14:33:30 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdatl3.dll [2011.04.07 14:33:30 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaosp.dll [2011.04.07 14:33:30 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oledb32r.dll [2011.04.07 14:33:30 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxactps.dll [2011.04.07 14:33:30 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdatt.dll [2011.04.07 14:33:30 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasqlr.dll [2011.04.07 14:33:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaurl.dll [2011.04.07 14:33:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasc.dll [2011.04.07 14:33:29 | 000,536,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll [2011.04.07 14:33:29 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaora.dll [2011.04.07 14:33:29 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadox.dll [2011.04.07 14:33:29 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadomd.dll [2011.04.07 14:33:29 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msjro.dll [2011.04.07 14:33:29 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado27.tlb [2011.04.07 14:33:29 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado26.tlb [2011.04.07 14:33:29 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado25.tlb [2011.04.07 14:33:29 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado21.tlb [2011.04.07 14:33:29 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado20.tlb [2011.04.07 14:33:29 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadrh15.dll [2011.04.07 14:33:29 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msador15.dll [2011.04.07 14:33:29 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaorar.dll [2011.04.07 14:33:29 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaer.dll [2011.04.07 14:33:29 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaenum.dll [2011.04.07 14:33:29 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdadc.dll [2011.04.07 14:33:28 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaprst.dll [2011.04.07 14:33:28 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadds.dll [2011.04.07 14:33:28 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadco.dll [2011.04.07 14:33:28 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdarem.dll [2011.04.07 14:33:28 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcs.dll [2011.04.07 14:33:28 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdfmap.dll [2011.04.07 14:33:28 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msader15.dll [2011.04.07 14:33:28 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaddsr.dll [2011.04.07 14:33:28 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaremr.dll [2011.04.07 14:33:28 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaprsr.dll [2011.04.07 14:33:28 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcor.dll [2011.04.07 14:33:27 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll [2011.04.07 14:33:27 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcf.dll [2011.04.07 14:33:27 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcer.dll [2011.04.07 14:33:27 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcfr.dll [2011.04.07 14:33:27 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\System [2011.04.07 14:33:26 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe [2011.04.07 14:33:26 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hmmapi.dll [2011.04.07 14:33:26 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedw.exe [2011.04.07 14:33:26 | 000,000,000 | ---D | C] -- C:\Programme\Internet Explorer [2011.04.07 14:33:25 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Musik [2011.04.07 14:33:25 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Bilder [2011.04.07 14:33:03 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spiele [2011.04.07 14:32:53 | 000,000,000 | ---D | C] -- C:\Programme\ComPlus Applications [2011.04.07 14:32:46 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Verwaltung [2011.04.07 14:32:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration [2011.04.07 14:32:38 | 000,000,000 | ---D | C] -- C:\Programme\Windows Media Player [2011.04.07 14:32:38 | 000,000,000 | ---D | C] -- C:\Programme\Online Services [2011.04.07 14:32:32 | 000,000,000 | ---D | C] -- C:\Programme\Messenger [2011.04.07 14:32:31 | 001,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll [2011.04.07 14:32:31 | 000,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll [2011.04.07 14:32:31 | 000,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll [2011.04.07 14:32:31 | 000,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll [2011.04.07 14:32:31 | 000,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe [2011.04.07 14:32:31 | 000,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe [2011.04.07 14:32:31 | 000,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe [2011.04.07 14:32:30 | 002,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll [2011.04.07 14:32:30 | 001,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll [2011.04.07 14:32:30 | 000,781,397 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll [2011.04.07 14:32:30 | 000,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll [2011.04.07 14:32:30 | 000,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll [2011.04.07 14:32:30 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe [2011.04.07 14:32:30 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe [2011.04.07 14:32:30 | 000,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll [2011.04.07 14:32:29 | 001,042,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll [2011.04.07 14:32:29 | 000,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll [2011.04.07 14:32:29 | 000,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll [2011.04.07 14:32:29 | 000,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll [2011.04.07 14:32:29 | 000,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll [2011.04.07 14:32:29 | 000,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll [2011.04.07 14:32:28 | 000,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll [2011.04.07 14:32:28 | 000,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe [2011.04.07 14:32:28 | 000,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll [2011.04.07 14:32:28 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe [2011.04.07 14:32:28 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\write.exe [2011.04.07 14:32:28 | 000,000,000 | ---D | C] -- C:\Programme\MSN Gaming Zone [2011.04.07 14:32:17 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avtapi.dll [2011.04.07 14:32:17 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll [2011.04.07 14:32:17 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe [2011.04.07 14:32:17 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe [2011.04.07 14:32:17 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avwav.dll [2011.04.07 14:32:17 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll [2011.04.07 14:32:17 | 000,044,544 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hticons.dll [2011.04.07 14:32:17 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avmeter.dll [2011.04.07 14:32:17 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll [2011.04.07 14:32:17 | 000,013,312 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\dllcache\htrn_jis.dll [2011.04.07 14:32:16 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe [2011.04.07 14:32:16 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winchat.exe [2011.04.07 14:32:09 | 000,683,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll [2011.04.07 14:32:09 | 000,683,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\getuname.dll [2011.04.07 14:32:08 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe [2011.04.07 14:32:08 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe [2011.04.07 14:32:08 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\charmap.exe [2011.04.07 14:32:08 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe [2011.04.07 14:32:08 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe [2011.04.07 14:32:08 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe [2011.04.07 14:32:07 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe [2011.04.07 14:32:07 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe [2011.04.07 14:32:07 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe [2011.04.07 14:32:07 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe [2011.04.07 14:32:07 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe [2011.04.07 14:32:07 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe [2011.04.07 14:32:07 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe [2011.04.07 14:32:07 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsshutdn.exe [2011.04.07 14:32:07 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe [2011.04.07 14:32:07 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tskill.exe [2011.04.07 14:32:07 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe [2011.04.07 14:32:07 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\reset.exe [2011.04.07 14:32:06 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe [2011.04.07 14:32:06 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regini.exe [2011.04.07 14:32:06 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe [2011.04.07 14:32:06 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qwinsta.exe [2011.04.07 14:32:06 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe [2011.04.07 14:32:06 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msg.exe [2011.04.07 14:32:06 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe [2011.04.07 14:32:06 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qappsrv.exe [2011.04.07 14:32:06 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe [2011.04.07 14:32:06 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwinsta.exe [2011.04.07 14:32:06 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe [2011.04.07 14:32:06 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logoff.exe [2011.04.07 14:32:06 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe [2011.04.07 14:32:06 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsdiscon.exe [2011.04.07 14:32:06 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe [2011.04.07 14:32:06 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscon.exe [2011.04.07 14:32:06 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe [2011.04.07 14:32:06 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shadow.exe [2011.04.07 14:32:06 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll [2011.04.07 14:32:06 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpcfgex.dll [2011.04.07 14:32:05 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtsadmin.tlb [2011.04.07 14:32:05 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdmodem.dll [2011.04.07 14:32:05 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdmodem.dll [2011.04.07 14:32:05 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrereg.exe [2011.04.07 14:32:04 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comsnap.dll [2011.04.07 14:32:04 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll [2011.04.07 14:32:04 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.dll [2011.04.07 14:32:04 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll [2011.04.07 14:32:04 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll [2011.04.07 14:32:04 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stclient.dll [2011.04.07 14:32:04 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comaddin.dll [2011.04.07 14:32:04 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll [2011.04.07 14:32:04 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll [2011.04.07 14:32:04 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxlegih.dll [2011.04.07 14:32:04 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll [2011.04.07 14:32:04 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxdm.dll [2011.04.07 14:32:04 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dcomcnfg.exe [2011.04.07 14:32:04 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe [2011.04.07 14:32:04 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll [2011.04.07 14:32:04 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxex.dll [2011.04.07 14:32:03 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmi2xml.dll [2011.04.07 14:32:00 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipicmp.dll [2011.04.07 14:32:00 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmimsg.dll [2011.04.07 14:32:00 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmitimep.dll [2011.04.07 14:31:59 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiprov.dll [2011.04.07 14:31:59 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\updprov.dll [2011.04.07 14:31:59 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmplprov.dll [2011.04.07 14:31:59 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.tlb [2011.04.07 14:31:59 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trnsprov.dll [2011.04.07 14:31:59 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpcons.dll [2011.04.07 14:31:59 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.tlb [2011.04.07 14:31:59 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmtr.dll [2011.04.07 14:31:59 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unsecapp.exe [2011.04.07 14:31:59 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmt.exe [2011.04.07 14:31:59 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.dll [2011.04.07 14:31:58 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsprov.dll [2011.04.07 14:31:58 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fwdprov.dll [2011.04.07 14:31:48 | 000,000,000 | ---D | C] -- C:\Programme\MSN [2011.04.07 14:31:47 | 000,282,624 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe [2011.04.07 14:31:47 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\accwiz.exe [2011.04.07 14:31:47 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe [2011.04.07 14:31:47 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\access.cpl [2011.04.07 14:31:47 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl [2011.04.07 14:31:46 | 000,545,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dialer.exe [2011.04.07 14:31:46 | 000,354,304 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hypertrm.dll [2011.04.07 14:31:46 | 000,133,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe [2011.04.07 14:31:46 | 000,133,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndrec32.exe [2011.04.07 14:31:46 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe [2011.04.07 14:31:46 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplay32.exe [2011.04.07 14:31:45 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe [2011.04.07 14:31:45 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spider.exe [2011.04.07 14:31:45 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe [2011.04.07 14:31:45 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe [2011.04.07 14:31:45 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clipbrd.exe [2011.04.07 14:31:45 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe [2011.04.07 14:31:45 | 000,000,000 | ---D | C] -- C:\Programme\Windows NT [2011.04.07 14:31:44 | 000,655,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll [2011.04.07 14:31:44 | 000,412,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstsc.exe [2011.04.07 14:31:44 | 000,139,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys [2011.04.07 14:31:44 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll [2011.04.07 14:31:44 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscfgwmi.dll [2011.04.07 14:31:44 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe [2011.04.07 14:31:44 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdshost.exe [2011.04.07 14:31:44 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\remotepg.dll [2011.04.07 14:31:44 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdtcp.sys [2011.04.07 14:31:44 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe [2011.04.07 14:31:44 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdsaddin.exe [2011.04.07 14:31:44 | 000,012,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdpipe.sys [2011.04.07 14:31:43 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\termsrv.dll [2011.04.07 14:31:43 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll [2011.04.07 14:31:43 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdchost.dll [2011.04.07 14:31:43 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sessmgr.exe [2011.04.07 14:31:43 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll [2011.04.07 14:31:43 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwsx.dll [2011.04.07 14:31:43 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe [2011.04.07 14:31:43 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpclip.exe [2011.04.07 14:31:43 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe [2011.04.07 14:31:43 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscupgrd.exe [2011.04.07 14:31:43 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe [2011.04.07 14:31:43 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qprocess.exe [2011.04.07 14:31:43 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll [2011.04.07 14:31:43 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpsnd.dll [2011.04.07 14:31:43 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icaapi.dll [2011.04.07 14:31:43 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icaapi.dll [2011.04.07 14:31:42 | 000,949,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll [2011.04.07 14:31:42 | 000,949,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtctm.dll [2011.04.07 14:31:42 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll [2011.04.07 14:31:42 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcprx.dll [2011.04.07 14:31:42 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll [2011.04.07 14:31:42 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcuiu.dll [2011.04.07 14:31:42 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxoci.dll [2011.04.07 14:31:42 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxoci.dll [2011.04.07 14:31:42 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgbkend.dll [2011.04.07 14:31:42 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll [2011.04.07 14:31:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc [2011.04.07 14:31:41 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll [2011.04.07 14:31:41 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtclog.dll [2011.04.07 14:31:41 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll [2011.04.07 14:31:41 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xolehlp.dll [2011.04.07 14:31:41 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtc.exe [2011.04.07 14:31:40 | 000,628,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrvut.dll [2011.04.07 14:31:40 | 000,628,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvut.dll [2011.04.07 14:31:40 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrv.dll [2011.04.07 14:31:40 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrv.dll [2011.04.07 14:31:40 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comadmin.dll [2011.04.07 14:31:40 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clbcatex.dll [2011.04.07 14:31:40 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll [2011.04.07 14:31:40 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrvps.dll [2011.04.07 14:31:40 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll [2011.04.07 14:31:40 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll [2011.04.07 14:31:40 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\colbact.dll [2011.04.07 14:31:40 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.exe [2011.04.07 14:31:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com [2011.04.07 14:31:39 | 001,251,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comsvcs.dll [2011.04.07 14:31:39 | 001,251,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsvcs.dll [2011.04.07 14:31:39 | 000,540,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comuid.dll [2011.04.07 14:31:39 | 000,540,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll [2011.04.07 14:31:39 | 000,501,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clbcatq.dll [2011.04.07 14:31:37 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmisvc.dll [2011.04.07 14:31:37 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprov.dll [2011.04.07 14:31:37 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiutils.dll [2011.04.07 14:31:37 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipjobj.dll [2011.04.07 14:31:37 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipsess.dll [2011.04.07 14:31:36 | 000,370,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmic.exe [2011.04.07 14:31:36 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemupgd.dll [2011.04.07 14:31:36 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiadap.exe [2011.04.07 14:31:36 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipcima.dll [2011.04.07 14:31:36 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmidcprv.dll [2011.04.07 14:31:36 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipdskq.dll [2011.04.07 14:31:36 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiapsrv.exe [2011.04.07 14:31:36 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemtest.exe [2011.04.07 14:31:36 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiaprpl.dll [2011.04.07 14:31:36 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipiprt.dll [2011.04.07 14:31:36 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmicookr.dll [2011.04.07 14:31:36 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemsvc.dll [2011.04.07 14:31:36 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemprox.dll [2011.04.07 14:31:36 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiapres.dll [2011.04.07 14:31:35 | 000,530,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcore.dll [2011.04.07 14:31:35 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemess.dll [2011.04.07 14:31:35 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcomn.dll [2011.04.07 14:31:35 | 000,201,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcntl.dll [2011.04.07 14:31:35 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.dll [2011.04.07 14:31:35 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viewprov.dll [2011.04.07 14:31:35 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stdprov.dll [2011.04.07 14:31:35 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcons.dll [2011.04.07 14:31:35 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrcons.exe [2011.04.07 14:31:34 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\provthrd.dll [2011.04.07 14:31:34 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntevt.dll [2011.04.07 14:31:34 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\repdrvfs.dll [2011.04.07 14:31:34 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mofd.dll [2011.04.07 14:31:34 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\policman.dll [2011.04.07 14:31:34 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ncprov.dll [2011.04.07 14:31:34 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mofcomp.exe [2011.04.07 14:31:33 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\esscli.dll [2011.04.07 14:31:33 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\framedyn.dll [2011.04.07 14:31:33 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\krnlprov.dll [2011.04.07 14:31:32 | 001,352,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cimwin32.dll [2011.04.07 14:31:32 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmprops.dll [2011.04.07 14:31:32 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll [2011.04.07 14:31:32 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll [2011.04.07 14:31:32 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licwmi.dll [2011.04.07 14:31:32 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll [2011.04.07 14:31:32 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\servdeps.dll [2011.04.07 14:31:32 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll [2011.04.07 14:31:32 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mmfutil.dll [2011.04.07 14:31:08 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Zubehör [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011.04.07 18:25:53 | 000,002,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\HiJackThis.lnk [2011.04.07 17:54:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.04.07 17:45:41 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.07 17:30:21 | 000,000,716 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2011.04.07 17:07:54 | 000,004,608 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.07 16:32:51 | 000,001,404 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DivX Movies.lnk [2011.04.07 16:31:49 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2011.04.07 16:31:49 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2011.04.07 16:31:49 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2011.04.07 16:31:49 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2011.04.07 16:31:49 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2011.04.07 16:19:50 | 000,000,691 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk [2011.04.07 16:01:03 | 000,001,544 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\xp-AntiSpy.lnk [2011.04.07 15:35:24 | 000,115,267 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat [2011.04.07 15:35:24 | 000,097,859 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat [2011.04.07 15:26:03 | 000,475,736 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [2011.04.07 15:19:07 | 000,252,080 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2011.04.07 15:19:07 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin [2011.04.07 15:19:05 | 000,252,080 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2011.04.07 15:19:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk [2011.04.07 15:14:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat [2011.04.07 15:14:30 | 000,000,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2011.04.07 14:54:06 | 000,000,747 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\EVEREST Home Edition.lnk [2011.04.07 14:42:04 | 000,316,594 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2011.04.07 14:42:04 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.04.07 14:42:04 | 000,048,156 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2011.04.07 14:42:04 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.04.07 14:40:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.04.07 14:40:30 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD [2011.04.07 14:40:19 | 000,090,296 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.04.07 14:39:32 | 000,004,326 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011.04.07 14:39:32 | 000,000,320 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf [2011.04.07 14:36:29 | 000,002,951 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2011.04.07 14:36:29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2011.04.07 14:36:29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2011.04.07 14:36:29 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2011.04.07 14:36:29 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2011.04.07 14:36:18 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2011.04.07 14:36:18 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2011.04.07 14:36:17 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2011.04.07 14:36:08 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI [2011.04.07 14:33:01 | 000,021,740 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat [2011.04.07 14:30:43 | 000,000,211 | -HS- | M] () -- C:\boot.ini [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011.04.07 18:25:53 | 000,002,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\HiJackThis.lnk [2011.04.07 17:45:41 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.07 17:07:52 | 000,004,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.07 16:32:51 | 000,001,404 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DivX Movies.lnk [2011.04.07 16:19:50 | 000,000,691 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk [2011.04.07 16:15:56 | 000,000,211 | -HS- | C] () -- C:\boot.ini [2011.04.07 16:15:53 | 000,000,320 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf [2011.04.07 16:01:03 | 000,001,544 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\xp-AntiSpy.lnk [2011.04.07 15:27:13 | 000,115,267 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat [2011.04.07 15:27:13 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat [2011.04.07 15:20:10 | 000,004,326 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2011.04.07 15:20:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011.04.07 15:20:04 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd [2011.04.07 15:20:04 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa [2011.04.07 15:20:04 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf [2011.04.07 15:20:03 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa [2011.04.07 15:19:44 | 000,001,806 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT [2011.04.07 15:19:07 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2011.04.07 15:19:05 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2011.04.07 15:19:05 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2011.04.07 15:19:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk [2011.04.07 15:18:55 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin [2011.04.07 15:18:55 | 000,003,630 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb [2011.04.07 15:17:55 | 000,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat [2011.04.07 15:17:55 | 000,130,715 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat [2011.04.07 15:17:55 | 000,103,124 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat [2011.04.07 15:17:55 | 000,077,881 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plus.cat [2011.04.07 15:17:55 | 000,018,989 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat [2011.04.07 15:17:55 | 000,017,916 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sonic.cat [2011.04.07 15:17:55 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat [2011.04.07 15:17:55 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT [2011.04.07 15:17:55 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT [2011.04.07 15:17:54 | 001,896,083 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT [2011.04.07 15:17:54 | 000,817,199 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT [2011.04.07 15:17:54 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT [2011.04.07 15:17:54 | 000,106,147 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT [2011.04.07 15:17:54 | 000,041,270 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT [2011.04.07 15:17:54 | 000,030,983 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT [2011.04.07 15:17:54 | 000,014,043 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT [2011.04.07 15:17:54 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT [2011.04.07 15:17:54 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT [2011.04.07 15:17:54 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT [2011.04.07 15:17:54 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat [2011.04.07 15:17:53 | 000,621,329 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT [2011.04.07 15:16:45 | 000,090,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.04.07 15:14:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011.04.07 15:14:30 | 000,000,702 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk [2011.04.07 15:14:30 | 000,000,696 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2011.04.07 15:07:20 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2011.04.07 15:07:01 | 000,141,016 | ---- | C] () -- C:\WINDOWS\System32\alsndmgr.wav [2011.04.07 15:06:59 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2011.04.07 15:05:15 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\drivers\jedih2rx.bin [2011.04.07 15:05:15 | 000,000,122 | R--- | C] () -- C:\WINDOWS\System32\drivers\ramsed.bin [2011.04.07 15:05:15 | 000,000,042 | R--- | C] () -- C:\WINDOWS\System32\drivers\jedireg.pat [2011.04.07 14:54:06 | 000,000,747 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\EVEREST Home Edition.lnk [2011.04.07 14:40:55 | 000,000,718 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Outlook Express.lnk [2011.04.07 14:40:53 | 000,000,747 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Internet Explorer.lnk [2011.04.07 14:40:42 | 000,001,599 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Remoteunterstützung.lnk [2011.04.07 14:40:42 | 000,000,772 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Windows Media Player.lnk [2011.04.07 14:40:30 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD [2011.04.07 14:39:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011.04.07 14:38:45 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll [2011.04.07 14:38:26 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex [2011.04.07 14:38:17 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe [2011.04.07 14:38:16 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe [2011.04.07 14:38:13 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex [2011.04.07 14:38:02 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll [2011.04.07 14:37:56 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex [2011.04.07 14:37:51 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll [2011.04.07 14:37:39 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll [2011.04.07 14:36:36 | 000,004,639 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.exe [2011.04.07 14:36:29 | 000,002,951 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT [2011.04.07 14:36:29 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2011.04.07 14:36:29 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2011.04.07 14:36:29 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS [2011.04.07 14:36:29 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT [2011.04.07 14:36:18 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb [2011.04.07 14:36:18 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb [2011.04.07 14:36:17 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx [2011.04.07 14:35:06 | 000,000,758 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Windows Movie Maker.lnk [2011.04.07 14:34:54 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex [2011.04.07 14:34:18 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp [2011.04.07 14:34:18 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp [2011.04.07 14:34:11 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf [2011.04.07 14:33:44 | 000,379,904 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll [2011.04.07 14:33:01 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011.04.07 14:32:38 | 000,002,004 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\MSN.lnk [2011.04.07 14:32:11 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotek.bmp [2011.04.07 14:32:10 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Seifenblase.bmp [2011.04.07 14:32:10 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Präriewind.bmp [2011.04.07 14:32:10 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe-Stuck.bmp [2011.04.07 14:32:10 | 000,026,680 | ---- | C] () -- C:\WINDOWS\Fächer.bmp [2011.04.07 14:32:10 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Granit.bmp [2011.04.07 14:32:10 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp [2011.04.07 14:32:10 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Angler.bmp [2011.04.07 14:32:10 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Kaffeetasse.bmp [2011.04.07 14:32:10 | 000,016,730 | ---- | C] () -- C:\WINDOWS\Feder.bmp [2011.04.07 14:32:10 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blaue Spitzen 16.bmp [2011.04.07 14:32:07 | 000,001,237 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd [2011.04.07 14:32:06 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h [2011.04.07 14:32:05 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h [2011.04.07 14:31:58 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc [2009.09.09 18:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat [2006.07.27 04:05:58 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2006.06.21 12:43:08 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe [2006.06.21 12:33:40 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2004.11.11 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004.11.11 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004.11.11 14:00:00 | 000,316,594 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2004.11.11 14:00:00 | 000,311,604 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004.11.11 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004.11.11 14:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2004.11.11 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004.11.11 14:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll [2004.11.11 14:00:00 | 000,048,156 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2004.11.11 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004.11.11 14:00:00 | 000,039,992 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004.11.11 14:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2004.11.11 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004.11.11 14:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2004.11.11 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004.11.11 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004.11.11 14:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2004.11.11 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [color=#E56717]========== LOP Check ==========[/color] [color=#E56717]========== Purity Check ==========[/color] < End of report > Dieser Beitrag wurde am 07.04.2011 um 18:49 Uhr von flotzen editiert.
|
|
|
|
|
|
|
08.04.2011, 12:40
Moderator
Beiträge: 5694 |
#5
Du hast also neu aufgesetz und trotzdem kommen Meldungen von KAV?
Hast Du komplett formatiert und das Syste, neu aufgesetzt oder nur darüber installiert? |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Ich habe mir eure Threadanleitung durchgelesen und hänge die gewünschten Reports nun an.
Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 07.04.2011 17:30:03
Attempting to delete infected files...
Making registry repairs.
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Administratoren - Succeeded
Ach verdammt, habe mir die Anleitung nicht zu ende durchgelesen... den GmerScan und OTL werde ich nochmal nachreichen, da die Daten verfälscht worden seien könnten. Vielleicht hilft euch dass hier aber schon...
Würde mich freuen wenn ihr mir helfen könnt
LG Flotzen