| Franky007 | 08.01.2010 11:07 |
RootRepeal
so. spybot hat im abgesicherten Modus Fraud.Malware Defense gefunden.
nun wurde leuten, die das selbe problem haben empfohlen: RootRepeal.exe auszuführen (entpackende Datei).
könnte einer das durchchecken?
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/01/08 10:54
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8E1F6000 Size: 32768 File Visible: No Signed: -
Status: -
Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8E1EB000 Size: 45056 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xA3824000 Size: 49152 File Visible: No Signed: -
Status: -
Name: spsx.sys
Image Path: C:\Windows\System32\Drivers\spsx.sys
Address: 0x80697000 Size: 995328 File Visible: No Signed: -
Status: -
Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -
Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!
Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
Path: C:\System Volume Information\{40aedc7f-e36c-11de-9faf-e780066ef5ae}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_a6e4a7980e9b18a2.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_b7e610287b2b4ea5.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_58843c41d2730d3f.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.flightsimulator.simconnect_67c7c14424d61b5b_10.0.61242.0_none_e079b46b85043c20.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_7658964504b9f3b6.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_b7e10f227b2fceff.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b19c2866332652.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_516e2e610f48bda6.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.flightsimulator.simconnect_67c7c14424d61b5b_10.0.61259.0_none_55f5ecdc14f60568.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.flightsimulator.simconnect_67c7c14424d61b5b_10.0.60905.0_none_dd92b94d8a196297.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_a6dfa6920e9f98fc.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.1.0.0_none_6c030d6fdc86522c.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_45e008191e507087.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI2095~1.MAN
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MIC237~1.MAN
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE4BA2~1.XRM
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE5F3C~1.XRM
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE6DB5~1.XRM
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE9AEB~1.XRM
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE9942~1.XRM
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE3B5D~1.XRM
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE54EE~1.XRM
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE5DF7~1.XRM
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRole s.config
Status: Locked to the Windows API!
Path: C:\Windows\System32\migwiz\dlmanifests\MIC237~1.MAN
Status: Locked to the Windows API!
Path: C:\Windows\System32\migwiz\dlmanifests\MI2095~1.MAN
Status: Locked to the Windows API!
Path: c:\programdata\electronic arts\eadm\cache\logs\core.html
Status: Allocation size mismatch (API: 32768, Raw: 16384)
Path: C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.0.6000.16386__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!
Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SE3B5D~1.XRM
Status: Locked to the Windows API!
Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SE5DF7~1.XRM
Status: Locked to the Windows API!
Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SE9942~1.XRM
Status: Locked to the Windows API!
Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SE4BA2~1.XRM
Status: Locked to the Windows API!
Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SE5F3C~1.XRM
Status: Locked to the Windows API!
Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SE6DB5~1.XRM
Status: Locked to the Windows API!
Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SE54EE~1.XRM
Status: Locked to the Windows API!
Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SE9AEB~1.XRM
Status: Locked to the Windows API!
Path: c:\users\fabian\appdata\roaming\mozilla\firefox\profiles\5c4l27bs.default\cookies.sqlite-journal
Status: Allocation size mismatch (API: 32768, Raw: 0)
Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!
Path: C:\Windows\System32\audiodg.exe
PID: 1240 Status: Locked to the Windows API!
Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x84d201f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x84d201f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x84d201f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x84d201f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x84d201f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x84d201f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x84d201f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x84d201f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x84d201f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x84d201f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x84d201f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x84d201f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x84d201f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x84d201f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x84d201f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x84d201f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x84d201f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x84d201f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x84d201f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x84d201f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x84d201f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x84d201f8 Size: 121
Object: Hidden Code [Driver: aqcjgt7j��捅牃�Ъ浍楃긘誹ᴴ蘾⯼蓫, IRP_MJ_CREATE]
Process: System Address: 0x863e0500 Size: 121
Object: Hidden Code [Driver: aqcjgt7j��捅牃�Ъ浍楃긘誹ᴴ蘾⯼蓫, IRP_MJ_CLOSE]
Process: System Address: 0x863e0500 Size: 121
Object: Hidden Code [Driver: aqcjgt7j��捅牃�Ъ浍楃긘誹ᴴ蘾⯼蓫, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x863e0500 Size: 121
Object: Hidden Code [Driver: aqcjgt7j��捅牃�Ъ浍楃긘誹ᴴ蘾⯼蓫, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x863e0500 Size: 121
Object: Hidden Code [Driver: aqcjgt7j��捅牃�Ъ浍楃긘誹ᴴ蘾⯼蓫, IRP_MJ_POWER]
Process: System Address: 0x863e0500 Size: 121
Object: Hidden Code [Driver: aqcjgt7j��捅牃�Ъ浍楃긘誹ᴴ蘾⯼蓫, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x863e0500 Size: 121
Object: Hidden Code [Driver: aqcjgt7j��捅牃�Ъ浍楃긘誹ᴴ蘾⯼蓫, IRP_MJ_PNP]
Process: System Address: 0x863e0500 Size: 121
Object: Hidden Code [Driver: cdromi�, IRP_MJ_CREATE]
Process: System Address: 0x862881f8 Size: 121
Object: Hidden Code [Driver: cdromi�, IRP_MJ_CLOSE]
Process: System Address: 0x862881f8 Size: 121
Object: Hidden Code [Driver: cdromi�, IRP_MJ_READ]
Process: System Address: 0x862881f8 Size: 121
Object: Hidden Code [Driver: cdromi�, IRP_MJ_WRITE]
Process: System Address: 0x862881f8 Size: 121
Object: Hidden Code [Driver: cdromi�, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x862881f8 Size: 121
Object: Hidden Code [Driver: cdromi�, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x862881f8 Size: 121
Object: Hidden Code [Driver: cdromi�, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x862881f8 Size: 121
Object: Hidden Code [Driver: cdromi�, IRP_MJ_SHUTDOWN]
Process: System Address: 0x862881f8 Size: 121
Object: Hidden Code [Driver: cdromi�, IRP_MJ_POWER]
Process: System Address: 0x862881f8 Size: 121
Object: Hidden Code [Driver: cdromi�, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x862881f8 Size: 121
Object: Hidden Code [Driver: cdromi�, IRP_MJ_PNP]
Process: System Address: 0x862881f8 Size: 121
Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x84d1f1f8 Size: 121
Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x84d1f1f8 Size: 121
Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x84d1f1f8 Size: 121
Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x84d1f1f8 Size: 121
Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x84d1f1f8 Size: 121
Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x84d1f1f8 Size: 121
Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x84d1f1f8 Size: 121
Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CREATE]
Process: System Address: 0x86769500 Size: 121
Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CLOSE]
Process: System Address: 0x86769500 Size: 121
Object: Hidden Code [Driver: USBSTOR, IRP_MJ_READ]
Process: System Address: 0x86769500 Size: 121
Object: Hidden Code [Driver: USBSTOR, IRP_MJ_WRITE]
Process: System Address: 0x86769500 Size: 121
Object: Hidden Code [Driver: USBSTOR, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86769500 Size: 121
Object: Hidden Code [Driver: USBSTOR, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86769500 Size: 121
Object: Hidden Code [Driver: USBSTOR, IRP_MJ_POWER]
Process: System Address: 0x86769500 Size: 121
Object: Hidden Code [Driver: USBSTOR, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86769500 Size: 121
Object: Hidden Code [Driver: USBSTOR, IRP_MJ_PNP]
Process: System Address: 0x86769500 Size: 121
Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x862851f8 Size: 121
Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x862851f8 Size: 121
Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x862851f8 Size: 121
Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x862851f8 Size: 121
Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x862851f8 Size: 121
Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x862851f8 Size: 121
Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x862851f8 Size: 121
Object: Hidden Code [Driver: Smb, IRP_MJ_CREATE]
Process: System Address: 0x865621f8 Size: 121
Object: Hidden Code [Driver: Smb, IRP_MJ_CLOSE]
Process: System Address: 0x865621f8 Size: 121
Object: Hidden Code [Driver: Smb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x865621f8 Size: 121
Object: Hidden Code [Driver: Smb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x865621f8 Size: 121
Object: Hidden Code [Driver: Smb, IRP_MJ_CLEANUP]
Process: System Address: 0x865621f8 Size: 121
Object: Hidden Code [Driver: Smb, IRP_MJ_PNP]
Process: System Address: 0x865621f8 Size: 121
Object: Hidden Code [Driver: netbt, IRP_MJ_CREATE]
Process: System Address: 0x865cf1f8 Size: 121
Object: Hidden Code [Driver: netbt, IRP_MJ_CLOSE]
Process: System Address: 0x865cf1f8 Size: 121
Object: Hidden Code [Driver: netbt, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x865cf1f8 Size: 121
Object: Hidden Code [Driver: netbt, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x865cf1f8 Size: 121
Object: Hidden Code [Driver: netbt, IRP_MJ_CLEANUP]
Process: System Address: 0x865cf1f8 Size: 121
Object: Hidden Code [Driver: netbt, IRP_MJ_PNP]
Process: System Address: 0x865cf1f8 Size: 121
Object: Hidden Code [Driver: iScsiPrt�П牄幨誥��赡�, IRP_MJ_CREATE]
Process: System Address: 0x8631b1f8 Size: 121
Object: Hidden Code [Driver: iScsiPrt�П牄幨誥��赡�, IRP_MJ_CLOSE]
Process: System Address: 0x8631b1f8 Size: 121
Object: Hidden Code [Driver: iScsiPrt�П牄幨誥��赡�, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8631b1f8 Size: 121
Object: Hidden Code [Driver: iScsiPrt�П牄幨誥��赡�, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8631b1f8 Size: 121
Object: Hidden Code [Driver: iScsiPrt�П牄幨誥��赡�, IRP_MJ_POWER]
Process: System Address: 0x8631b1f8 Size: 121
Object: Hidden Code [Driver: iScsiPrt�П牄幨誥��赡�, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8631b1f8 Size: 121
Object: Hidden Code [Driver: iScsiPrt�П牄幨誥��赡�, IRP_MJ_PNP]
Process: System Address: 0x8631b1f8 Size: 121
Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE]
Process: System Address: 0x84d1d1f8 Size: 121
Object: Hidden Code [Driver: volmgr, IRP_MJ_READ]
Process: System Address: 0x84d1d1f8 Size: 121
Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE]
Process: System Address: 0x84d1d1f8 Size: 121
Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x84d1d1f8 Size: 121
Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x84d1d1f8 Size: 121
Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x84d1d1f8 Size: 121
Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN]
Process: System Address: 0x84d1d1f8 Size: 121
Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP]
Process: System Address: 0x84d1d1f8 Size: 121
Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER]
Process: System Address: 0x84d1d1f8 Size: 121
Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x84d1d1f8 Size: 121
Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP]
Process: System Address: 0x84d1d1f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x862821f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x862821f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x862821f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x862821f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x862821f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x862821f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x862821f8 Size: 121
Object: Hidden Code [Driver: mrxsmb룸蛍�Е畍捆焈œ�, IRP_MJ_CREATE]
Process: System Address: 0x86cb71f8 Size: 121
Object: Hidden Code [Driver: mrxsmb룸蛍�Е畍捆焈œ�, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x86cb71f8 Size: 121
Object: Hidden Code [Driver: mrxsmb룸蛍�Е畍捆焈œ�, IRP_MJ_CLOSE]
Process: System Address: 0x86cb71f8 Size: 121
Object: Hidden Code [Driver: mrxsmb룸蛍�Е畍捆焈œ�, IRP_MJ_READ]
Process: System Address: 0x86cb71f8 Size: 121
Object: Hidden Code [Driver: mrxsmb룸蛍�Е畍捆焈œ�, IRP_MJ_WRITE]
Process: System Address: 0x86cb71f8 Size: 121
Object: Hidden Code [Driver: mrxsmb룸蛍�Е畍捆焈œ�, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86cb71f8 Size: 121
Object: Hidden Code [Driver: mrxsmb룸蛍�Е畍捆焈œ�, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86cb71f8 Size: 121
Object: Hidden Code [Driver: mrxsmb룸蛍�Е畍捆焈œ�, IRP_MJ_QUERY_EA]
Process: System Address: 0x86cb71f8 Size: 121
Object: Hidden Code [Driver: mrxsmb룸蛍�Е畍捆焈œ�, IRP_MJ_SET_EA]
Process: System Address: 0x86cb71f8 Size: 121
Object: Hidden Code [Driver: mrxsmb룸蛍�Е畍捆焈œ�, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86cb71f8 Size: 121
Object: Hidden Code [Driver: mrxsmb룸蛍�Е畍捆焈œ�, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86cb71f8 Size: 121
Object: Hidden Code [Driver: mrxsmb룸蛍�Е畍捆焈œ�, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86cb71f8 Size: 121
Object: Hidden Code [Driver: mrxsmb룸蛍�Е畍捆焈œ�, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86cb71f8 Size: 121
Object: Hidden Code [Driver: mrxsmb룸蛍�Е畍捆焈œ�, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86cb71f8 Size: 121
Object: Hidden Code [Driver: mrxsmb룸蛍�Е畍捆焈œ�, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86cb71f8 Size: 121
Object: Hidden Code [Driver: mrxsmb룸蛍�Е畍捆焈œ�, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86cb71f8 Size: 121
Object: Hidden Code [Driver: mrxsmb룸蛍�Е畍捆焈œ�, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86cb71f8 Size: 121
Object: Hidden Code [Driver: mrxsmb룸蛍�Е畍捆焈œ�, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86cb71f8 Size: 121
Object: Hidden Code [Driver: mrxsmb룸蛍�Е畍捆焈œ�, IRP_MJ_CLEANUP]
Process: System Address: 0x86cb71f8 Size: 121
Object: Hidden Code [Driver: mrxsmb룸蛍�Е畍捆焈œ�, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x86cb71f8 Size: 121
Object: Hidden Code [Driver: mrxsmb룸蛍�Е畍捆焈œ�, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86cb71f8 Size: 121
Object: Hidden Code [Driver: mrxsmb룸蛍�Е畍捆焈œ�, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86cb71f8 Size: 121
Object: Hidden Code [Driver: mrxsmb룸蛍�Е畍捆焈œ�, IRP_MJ_POWER]
Process: System Address: 0x86cb71f8 Size: 121
Object: Hidden Code [Driver: mrxsmb룸蛍�Е畍捆焈œ�, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86cb71f8 Size: 121
Object: Hidden Code [Driver: mrxsmb룸蛍�Е畍捆焈œ�, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x86cb71f8 Size: 121
Object: Hidden Code [Driver: mrxsmb룸蛍�Е畍捆焈œ�, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86cb71f8 Size: 121
Object: Hidden Code [Driver: mrxsmb룸蛍�Е畍捆焈œ�, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86cb71f8 Size: 121
Object: Hidden Code [Driver: mrxsmb룸蛍�Е畍捆焈œ�, IRP_MJ_PNP]
Process: System Address: 0x86cb71f8 Size: 121
Object: Hidden Code [Driver: cdfs��慖�І癅�, IRP_MJ_CREATE]
Process: System Address: 0x8754e1f8 Size: 121
Object: Hidden Code [Driver: cdfs��慖�І癅�, IRP_MJ_CLOSE]
Process: System Address: 0x8754e1f8 Size: 121
Object: Hidden Code [Driver: cdfs��慖�І癅�, IRP_MJ_READ]
Process: System Address: 0x8754e1f8 Size: 121
Object: Hidden Code [Driver: cdfs��慖�І癅�, IRP_MJ_WRITE]
Process: System Address: 0x8754e1f8 Size: 121
Object: Hidden Code [Driver: cdfs��慖�І癅�, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8754e1f8 Size: 121
Object: Hidden Code [Driver: cdfs��慖�І癅�, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8754e1f8 Size: 121
Object: Hidden Code [Driver: cdfs��慖�І癅�, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8754e1f8 Size: 121
Object: Hidden Code [Driver: cdfs��慖�І癅�, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8754e1f8 Size: 121
Object: Hidden Code [Driver: cdfs��慖�І癅�, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8754e1f8 Size: 121
Object: Hidden Code [Driver: cdfs��慖�І癅�, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8754e1f8 Size: 121
Object: Hidden Code [Driver: cdfs��慖�І癅�, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8754e1f8 Size: 121
Object: Hidden Code [Driver: cdfs��慖�І癅�, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8754e1f8 Size: 121
Object: Hidden Code [Driver: cdfs��慖�І癅�, IRP_MJ_CLEANUP]
Process: System Address: 0x8754e1f8 Size: 121
Object: Hidden Code [Driver: cdfs��慖�І癅�, IRP_MJ_PNP]
Process: System Address: 0x8754e1f8 Size: 121
==EOF== |
