ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:		2012/03/27 19:39
Program Version:		Version 1.3.5.0
Windows Version:		Windows XP SP2
==================================================

Drivers
-------------------
Name: 00000084
Image Path: \Driver\00000084
Address: 0x00000000	Size: 0	File Visible: No	Signed: -
Status: -

Name: 00000231
Image Path: \Driver\00000231
Address: 0x00000000	Size: 0	File Visible: No	Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA4A06000	Size: 49152	File Visible: No	Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\atsvclog.txt
Status: Size mismatch (API: 9389176, Raw: 9388708)

Path: C:\Documents and Settings\All Users\Dane aplikacji\AVG10\Chjw\70e082a0e0826c62.dat:90ca1600-db60-4e55-a674-5223ce21e77f
Status: Visible to the Windows API, but not on disk.

SSDT
-------------------
#: 122	Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys" at address 0xa5ad3738

#: 257	Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys" at address 0xa5ad37dc

#: 258	Function Name: NtTerminateThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys" at address 0xa5ad3878

#: 277	Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys" at address 0xa5ad3914

Stealth Objects
-------------------
Object: Hidden Code [ETHREAD: 0x8a8aeb68]
Process: System	Address: 0x8a8670c3	Size: 3901

Object: Hidden Code [ETHREAD: 0x8a8cd698]
Process: System	Address: 0x8a867b2d	Size: 1235

Object: Hidden Code [ETHREAD: 0x8a8cbda8]
Process: System	Address: 0x8a868a11	Size: 1519

Shadow SSDT
-------------------
#: 383	Function Name: NtUserGetAsyncKeyState
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys" at address 0xa5ad2dfc

#: 414	Function Name: NtUserGetKeyboardState
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys" at address 0xa5ad2d3c

#: 416	Function Name: NtUserGetKeyState
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys" at address 0xa5ad2d90

#: 549	Function Name: NtUserSetWindowsHookEx
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys" at address 0xa5ad2cba

==EOF==