ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:		2010/10/31 22:04
Program Version:		Version 1.3.5.0
Windows Version:		Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB0B39000	Size: 98304	File Visible: No	Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xB85C0000	Size: 8192	File Visible: No	Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAEF26000	Size: 49152	File Visible: No	Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\documents and settings\caba\ustawienia lokalne\temp\etilqs_jm9shzhw9jmw9elied43
Status: Allocation size mismatch (API: 0, Raw: 65536)

Path: c:\documents and settings\all users\dane aplikacji\g data\isdb\avs.isdb
Status: Size mismatch (API: 1873640, Raw: 1873600)

Path: c:\documents and settings\all users\dane aplikacji\g data\isdb\avs.isdb.save
Status: Size mismatch (API: 1873600, Raw: 1873460)

Path: c:\documents and settings\all users\dane aplikacji\g data\isdb\avsu.isdb
Status: Size mismatch (API: 2490800, Raw: 2490780)

Path: c:\documents and settings\caba\ustawienia lokalne\dane aplikacji\google\chrome\user data\default\current session
Status: Size mismatch (API: 95941, Raw: 90147)

Path: c:\documents and settings\caba\ustawienia lokalne\dane aplikacji\google\chrome\user data\default\current tabs
Status: Size mismatch (API: 1363, Raw: 774)

Path: C:\Documents and Settings\Caba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Cache\f_000256
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Caba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Cache\f_000257
Status: Visible to the Windows API, but not on disk.

SSDT
-------------------
#: 025	Function Name: NtClose
Status: Hooked by "C:\WINDOWS\system32\drivers\HookCentre.sys" at address 0xb83e9376

#: 041	Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\drivers\HookCentre.sys" at address 0xb83ea420

#: 063	Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\drivers\HookCentre.sys" at address 0xb83ea55c

#: 065	Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\drivers\HookCentre.sys" at address 0xb83ea57e

#: 119	Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\system32\drivers\HookCentre.sys" at address 0xb83ea4b4

#: 122	Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\HookCentre.sys" at address 0xb83ea2fe

#: 247	Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\drivers\HookCentre.sys" at address 0xb83ea52e

Hidden Services
-------------------
Service Name: sxyeyeeoe
Image Path: %SystemRoot%\system32\svchost.exe -k netsvcs

==EOF==