Tu je log z rootrepal... Vopred dakujem
ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time: 2009/05/24 14:33
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF3650000 Size: 98304 File Visible: No
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B0E000 Size: 8192 File Visible: No
Status: -
Name: gxvxcldyujolthipfqjwswwsrtudppetilfot.sys
Image Path: C:\WINDOWS\system32\drivers\gxvxcldyujolthipfqjwswwsrtudppetilfot.sys
Address: 0xF3819000 Size: 122880 File Visible: -
Status: Hidden from Windows API!
Name: PCI_PNP8000
Image Path: \Driver\PCI_PNP8000
Address: 0x00000000 Size: 0 File Visible: No
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xBA44B000 Size: 45056 File Visible: No
Status: -
Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No
Status: -
Name: spub.sys
Image Path: spub.sys
Address: 0xF744C000 Size: 1052672 File Visible: No
Status: -
Name: Start1Driver.SYS
Image Path: C:\WINDOWS\System32\Drivers\Start1Driver.SYS
Address: 0xF790E000 Size: 28672 File Visible: No
Status: -
Hidden/Locked Files
-------------------
Path: C:\Program Files\heels\DA_BRI~1.MPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.
Path: C:\Program Files\heels\DA_MAR~1.MPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.
Path: C:\Program Files\heels\GINA&L~1.ZIP:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.
Path: C:\Program Files\heels\GL-FW3~2.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.
Path: C:\Program Files\heels\GL-FW3~3.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.
Path: C:\Program Files\heels\GL-FW3~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.
Path: C:\Program Files\heels\KARINA~1.ZIP:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.
Path: C:\Program Files\heels\MGB_BR~1.MPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.
Path: C:\Program Files\heels\PLIB_N~1.MPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.
Path: C:\WINDOWS\system32\gxvxccounter
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\gxvxckptepbvytaeyxjeojxuqmnrrseurkvuk.dll
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\gxvxcpxrdltareqgooeukdairogqvegoxubqa.dll
Status: Invisible to the Windows API!
Path: C:\Program Files\heels\total new\POVPAN~2.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.
Path: C:\Program Files\heels\total new\POVPAN~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.
Path: C:\Program Files\heels\red\JB07DC~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.
Path: C:\WINDOWS\system32\drivers\gxvxcbqoewprrskltoijnbgkvdkmxfqvoyirw.sys
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\drivers\gxvxckneswxrpnwmiecpjnrjlvmxtqjisqswo.sys
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\drivers\gxvxcldyujolthipfqjwswwsrtudppetilfot.sys
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\drivers\gxvxcowftowqbdqomqxfcxrxhkdkbxrmpxuhj.sys
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\drivers\gxvxcqxsduymawofjgewivaqrxmpcimnwhose.sys
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\drivers\gxvxcwwkteooqxrxumejpyavchosrtxnrirsn.sys
Status: Invisible to the Windows API!
Path: C:\Documents and Settings\Martin\Local Settings\Temp\etilqs_SeDNqXsi7FLs1CnLIt6A
Status: Allocation size mismatch (API: 32768, Raw: 0)
Path: C:\Program Files\heels\ny\cd1\NY5009~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.
Path: C:\Program Files\heels\ny\cd1\NYLON_~3.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.
Path: C:\Program Files\heels\ny\cd1\NY5809~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.
Path: C:\Program Files\heels\ny\cd1\NYLON_~4.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.
Path: C:\Program Files\heels\ny\cd1\NY5019~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.
Path: C:\Program Files\heels\ny\cd1\NYLON_~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.
Path: C:\Program Files\heels\ny\cd1\NYLON_~2.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.
Path: C:\Program Files\heels\ny\cd1\NY5C19~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.
Path: C:\Program Files\heels\ny\cd2\NYLON_~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.
Path: C:\Program Files\heels\ny\cd2\NYLON_~2.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.
Path: C:\Program Files\heels\ny\cd2\NYLON_~4.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.
Path: C:\Program Files\heels\ny\cd2\NYDC09~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.
Path: C:\Program Files\heels\ny\cd2\NYD019~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.
Path: C:\Program Files\heels\ny\cd2\NYD419~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.
Path: C:\Program Files\heels\ny\cd2\NYD819~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.
Path: C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\wk5extt3.default\sessionstore.js
Status: Could not get file information (Error 0xc0000008)
Path: C:\Documents and Settings\Martin\Local Settings\Application Data\Mozilla\Firefox\Profiles\wk5extt3.default\Cache\_CACHE_001_
Status: Size mismatch (API: 1085233, Raw: 1084609)
Path: E:\NOVE\Sd8V55.rar:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.
Path: E:\NOVE\VALENT~1.ZIP:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.
Path: E:\NOVE\7929VH~1.AVI:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.
SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "PCTCore.sys" at address 0xf735b514
#: 047 Function Name: NtCreateProcess
Status: Hooked by "PCTCore.sys" at address 0xf734a282
#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "PCTCore.sys" at address 0xf734a474
#: 063 Function Name: NtDeleteKey
Status: Hooked by "PCTCore.sys" at address 0xf735bd00
#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "PCTCore.sys" at address 0xf735bfb8
#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spub.sys" at address 0xf746bca4
#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spub.sys" at address 0xf746c032
#: 119 Function Name: NtOpenKey
Status: Hooked by "PCTCore.sys" at address 0xf735a3fa
#: 160 Function Name: NtQueryKey
Status: Hooked by "spub.sys" at address 0xf746c10a
#: 177 Function Name: NtQueryValueKey
Status: Hooked by "spub.sys" at address 0xf746bf8a
#: 192 Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xf735c422
#: 247 Function Name: NtSetValueKey
Status: Hooked by "PCTCore.sys" at address 0xf735b7d8
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "PCTCore.sys" at address 0xf7349f32
Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x86f671f8 Size: -
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x86f671f8 Size: -
Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x86f671f8 Size: -
Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x86f671f8 Size: -
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86f671f8 Size: -
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86f671f8 Size: -
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x86f671f8 Size: -
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x86f671f8 Size: -
Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86f671f8 Size: -
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86f671f8 Size: -
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86f671f8 Size: -
Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86f671f8 Size: -
Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86f671f8 Size: -
Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f671f8 Size: -
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86f671f8 Size: -
Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86f671f8 Size: -
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x86f671f8 Size: -
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86f671f8 Size: -
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86f671f8 Size: -
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86f671f8 Size: -
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86f671f8 Size: -
Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x86f671f8 Size: -
Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x86c841f8 Size: -
Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x86c841f8 Size: -
Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x86c841f8 Size: -
Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x86c841f8 Size: -
Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86c841f8 Size: -
Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86c841f8 Size: -
Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86c841f8 Size: -
Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86c841f8 Size: -
Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x86c841f8 Size: -
Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86c841f8 Size: -
Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x86c841f8 Size: -
Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x86fd81f8 Size: -
Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x86fd81f8 Size: -
Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x86fd81f8 Size: -
Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x86fd81f8 Size: -
Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86fd81f8 Size: -
Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86fd81f8 Size: -
Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86fd81f8 Size: -
Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86fd81f8 Size: -
Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x86fd81f8 Size: -
Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86fd81f8 Size: -
Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x86fd81f8 Size: -
Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x86cce1f8 Size: -
Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x86cce1f8 Size: -
Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86cce1f8 Size: -
Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86cce1f8 Size: -
Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x86cce1f8 Size: -
Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86cce1f8 Size: -
Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x86cce1f8 Size: -
Object: Hidden Code [Driver: axlskjy1ఐ卆浩", IRP_MJ_CREATE]
Process: System Address: 0x86c601f8 Size: -
Object: Hidden Code [Driver: axlskjy1ఐ卆浩", IRP_MJ_CLOSE]
Process: System Address: 0x86c601f8 Size: -
Object: Hidden Code [Driver: axlskjy1ఐ卆浩", IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86c601f8 Size: -
Object: Hidden Code [Driver: axlskjy1ఐ卆浩", IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86c601f8 Size: -
Object: Hidden Code [Driver: axlskjy1ఐ卆浩", IRP_MJ_POWER]
Process: System Address: 0x86c601f8 Size: -
Object: Hidden Code [Driver: axlskjy1ఐ卆浩", IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86c601f8 Size: -
Object: Hidden Code [Driver: axlskjy1ఐ卆浩", IRP_MJ_PNP]
Process: System Address: 0x86c601f8 Size: -
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x86f691f8 Size: -
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x86f691f8 Size: -
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x86f691f8 Size: -
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86f691f8 Size: -
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f691f8 Size: -
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86f691f8 Size: -
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86f691f8 Size: -
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x86f691f8 Size: -
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x86f691f8 Size: -
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86f691f8 Size: -
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x86f691f8 Size: -
Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x8626a1f8 Size: -
Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x8626a1f8 Size: -
Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8626a1f8 Size: -
Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8626a1f8 Size: -
Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x8626a1f8 Size: -
Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x8626a1f8 Size: -
Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x86ca11f8 Size: -
Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x86ca11f8 Size: -
Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86ca11f8 Size: -
Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86ca11f8 Size: -
Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x86ca11f8 Size: -
Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86ca11f8 Size: -
Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x86ca11f8 Size: -
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x8626c1f8 Size: -
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8626c1f8 Size: -
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x8626c1f8 Size: -
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x8626c1f8 Size: -
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x8626c1f8 Size: -
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8626c1f8 Size: -
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8626c1f8 Size: -
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x8626c1f8 Size: -
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x8626c1f8 Size: -
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8626c1f8 Size: -
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8626c1f8 Size: -
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8626c1f8 Size: -
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8626c1f8 Size: -
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8626c1f8 Size: -
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8626c1f8 Size: -
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8626c1f8 Size: -
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8626c1f8 Size: -
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8626c1f8 Size: -
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x8626c1f8 Size: -
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8626c1f8 Size: -
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8626c1f8 Size: -
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8626c1f8 Size: -
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x8626c1f8 Size: -
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8626c1f8 Size: -
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8626c1f8 Size: -
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8626c1f8 Size: -
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8626c1f8 Size: -
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x8626c1f8 Size: -
Object: Hidden Code [Driver: Program F, IRP_MJ_CREATE]
Process: System Address: 0x867a8500 Size: -
Object: Hidden Code [Driver: Program F, IRP_MJ_CLOSE]
Process: System Address: 0x867a8500 Size: -
Object: Hidden Code [Driver: Program F, IRP_MJ_READ]
Process: System Address: 0x867a8500 Size: -
Object: Hidden Code [Driver: Program F, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x867a8500 Size: -
Object: Hidden Code [Driver: Program F, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x867a8500 Size: -
Object: Hidden Code [Driver: Program F, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x867a8500 Size: -
Object: Hidden Code [Driver: Program F, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x867a8500 Size: -
Object: Hidden Code [Driver: Program F, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x867a8500 Size: -
Object: Hidden Code [Driver: Program F, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x867a8500 Size: -
Object: Hidden Code [Driver: Program F, IRP_MJ_SHUTDOWN]
Process: System Address: 0x867a8500 Size: -
Object: Hidden Code [Driver: Program F, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x867a8500 Size: -
Object: Hidden Code [Driver: Program F, IRP_MJ_CLEANUP]
Process: System Address: 0x867a8500 Size: -
Object: Hidden Code [Driver: Program F, IRP_MJ_PNP]
Process: System Address: 0x867a8500 Size: -
Hidden Services
-------------------
Service Name: gxvxcserv.sys
Image Path: C:\WINDOWS\system32\drivers\gxvxcldyujolthipfqjwswwsrtudppetilfot.sys