ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2011/12/22 21:48 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP2 ================================================== Drivers ------------------- Name: atapi.sys Image Path: atapi.sys Address: 0xF74B1000 Size: 95360 File Visible: - Signed: - Status: Hidden from the Windows API! Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xF31CB000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF7B05000 Size: 8192 File Visible: No Signed: - Status: - Name: giveio.sys Image Path: giveio.sys Address: 0xF7B38000 Size: 1664 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xB5E0C000 Size: 49152 File Visible: No Signed: - Status: - Name: speedfan.sys Image Path: speedfan.sys Address: 0xF7A75000 Size: 5248 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! Path: c:\windows\temp\perflib_perfdata_354.dat Status: Allocation size mismatch (API: 16384, Raw: 0) Path: c:\documents and settings\dominik kossakowski\ustawienia lokalne\temporary internet files\content.ie5\index.dat Status: Allocation size mismatch (API: 1593344, Raw: 1589248) Path: C:\Documents and Settings\Dominik Kossakowski\Dane aplikacji\Opera\Opera\sessions\opr0KFYJ.tmp Status: Locked to the Windows API! Path: C:\Documents and Settings\Dominik Kossakowski\Ustawienia lokalne\Temporary Internet Files\Content.IE5\HZCQQHT5\1[1] Status: Visible to the Windows API, but not on disk. SSDT ------------------- #: 009 Function Name: NtAddBootEntry Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xf3565202 #: 017 Function Name: NtAllocateVirtualMemory Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf35cbd8c #: 025 Function Name: NtClose Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xf35896c1 #: 035 Function Name: NtCreateEvent Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xf35677f0 #: 036 Function Name: NtCreateEventPair Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xf3567848 #: 038 Function Name: NtCreateIoCompletion Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xf356795e #: 041 Function Name: NtCreateKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xf3589075 #: 043 Function Name: NtCreateMutant Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xf3567746 #: 050 Function Name: NtCreateSection Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xf3567898 #: 051 Function Name: NtCreateSemaphore Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xf356779a #: 054 Function Name: NtCreateTimer Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xf356790c #: 061 Function Name: NtDeleteBootEntry Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xf3565226 #: 063 Function Name: NtDeleteKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xf3589d87 #: 065 Function Name: NtDeleteValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xf358a03d #: 068 Function Name: NtDuplicateObject Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xf3567be2 #: 071 Function Name: NtEnumerateKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xf3589bf2 #: 073 Function Name: NtEnumerateValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xf3589a5d #: 083 Function Name: NtFreeVirtualMemory Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf35cbe3c #: 097 Function Name: NtLoadDriver Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xf3564ff0 #: 109 Function Name: NtModifyBootEntry Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xf356524a #: 111 Function Name: NtNotifyChangeKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xf3567d56 #: 112 Function Name: NtNotifyChangeMultipleKeys Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xf3565cda #: 114 Function Name: NtOpenEvent Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xf3567820 #: 115 Function Name: NtOpenEventPair Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xf3567870 #: 117 Function Name: NtOpenIoCompletion Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xf3567988 #: 119 Function Name: NtOpenKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xf35893d1 #: 120 Function Name: NtOpenMutant Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xf3567772 #: 122 Function Name: NtOpenProcess Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xf3567a1a #: 125 Function Name: NtOpenSection Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xf35678d8 #: 126 Function Name: NtOpenSemaphore Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xf35677c8 #: 128 Function Name: NtOpenThread Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xf3567afe #: 131 Function Name: NtOpenTimer Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xf3567936 #: 137 Function Name: NtProtectVirtualMemory Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf35cbed4 #: 160 Function Name: NtQueryKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xf35898d8 #: 163 Function Name: NtQueryObject Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xf3565ba0 #: 177 Function Name: NtQueryValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xf358972a #: 192 Function Name: NtRenameKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf35d410e #: 204 Function Name: NtRestoreKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xf35886e8 #: 211 Function Name: NtSetBootEntryOrder Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xf356526e #: 212 Function Name: NtSetBootOptions Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xf3565292 #: 240 Function Name: NtSetSystemInformation Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xf356504a #: 241 Function Name: NtSetSystemPowerState Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xf3565186 #: 247 Function Name: NtSetValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xf3589e8e #: 249 Function Name: NtShutdownSystem Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xf3565162 #: 255 Function Name: NtSystemDebugControl Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xf35651aa #: 268 Function Name: NtVdmControl Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xf35652b6 ==EOF==