ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2010/10/11 15:14 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP2 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xB255F000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF7B30000 Size: 8192 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xB1682000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\Documents and Settings\Anna\Ustawienia lokalne\temp\~DFB58D.tmp Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\Anna\Ustawienia lokalne\temp\~DFB599.tmp Status: Visible to the Windows API, but not on disk. SSDT ------------------- #: 019 Function Name: NtAssignProcessToJobObject Status: Hooked by "" at address 0x85854580 #: 057 Function Name: NtDebugActiveProcess Status: Hooked by "" at address 0x85855100 #: 068 Function Name: NtDuplicateObject Status: Hooked by "" at address 0x85854b30 #: 122 Function Name: NtOpenProcess Status: Hooked by "" at address 0x85853cc0 #: 128 Function Name: NtOpenThread Status: Hooked by "" at address 0x85853fc0 #: 137 Function Name: NtProtectVirtualMemory Status: Hooked by "" at address 0x858549c0 #: 213 Function Name: NtSetContextThread Status: Hooked by "" at address 0x85854860 #: 229 Function Name: NtSetInformationThread Status: Hooked by "" at address 0x858546e0 #: 237 Function Name: NtSetSecurityObject Status: Hooked by "" at address 0x85851700 #: 253 Function Name: NtSuspendProcess Status: Hooked by "" at address 0x85854420 #: 254 Function Name: NtSuspendThread Status: Hooked by "" at address 0x858542c0 #: 257 Function Name: NtTerminateProcess Status: Hooked by "" at address 0x85853e50 #: 258 Function Name: NtTerminateThread Status: Hooked by "" at address 0x85854150 #: 277 Function Name: NtWriteVirtualMemory Status: Hooked by "" at address 0x85854f50 ==EOF==