ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2010/12/11 20:43 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\windows\System32\Drivers\dump_atapi.sys Address: 0xB4451000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\windows\System32\Drivers\dump_WMILIB.SYS Address: 0xB8608000 Size: 8192 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\windows\system32\drivers\rootrepeal.sys Address: 0xB162E000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\Documents and Settings\HYRA\Recent\A0214680.lnk Status: Locked to the Windows API! Path: C:\Documents and Settings\All Users\Dane aplikacji\AVG10\Chjw\64ac8254ac822122.dat:4ebaee22-1acd-4e06-9932-215cb00e3804 Status: Visible to the Windows API, but not on disk. Path: c:\documents and settings\hyra\dane aplikacji\microsoft\windows\themes\custom.theme Status: Size mismatch (API: 5370, Raw: 5351) Path: C:\Documents and Settings\HYRA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Temp Status: Visible to the Windows API, but not on disk. SSDT ------------------- #: 122 Function Name: NtOpenProcess Status: Hooked by "C:\windows\system32\DRIVERS\AVGIDSShim.Sys" at address 0xb40b36c0 #: 257 Function Name: NtTerminateProcess Status: Hooked by "C:\windows\system32\DRIVERS\AVGIDSShim.Sys" at address 0xb40b3770 #: 258 Function Name: NtTerminateThread Status: Hooked by "C:\windows\system32\DRIVERS\AVGIDSShim.Sys" at address 0xb40b3810 #: 277 Function Name: NtWriteVirtualMemory Status: Hooked by "C:\windows\system32\DRIVERS\AVGIDSShim.Sys" at address 0xb40b38b0 Shadow SSDT ------------------- #: 383 Function Name: NtUserGetAsyncKeyState Status: Hooked by "C:\windows\system32\DRIVERS\AVGIDSShim.Sys" at address 0xb40b2c30 #: 414 Function Name: NtUserGetKeyboardState Status: Hooked by "C:\windows\system32\DRIVERS\AVGIDSShim.Sys" at address 0xb40b2b70 #: 416 Function Name: NtUserGetKeyState Status: Hooked by "C:\windows\system32\DRIVERS\AVGIDSShim.Sys" at address 0xb40b2bc0 #: 549 Function Name: NtUserSetWindowsHookEx Status: Hooked by "C:\windows\system32\DRIVERS\AVGIDSShim.Sys" at address 0xb40b2ae0 ==EOF==