ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2010/12/28 21:03 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: PCI_PNP5716 Image Path: \Driver\PCI_PNP5716 Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xB364E000 Size: 49152 File Visible: No Signed: - Status: - Name: spbj.sys Image Path: spbj.sys Address: 0xB7EB4000 Size: 995328 File Visible: No Signed: - Status: - Name: sptd Image Path: \Driver\sptd Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: c:\documents and settings\janusz\ustawienia lokalne\dane aplikacji\mozilla\firefox\profiles\j8it8a7k.default\cache\_cache_001_ Status: Size mismatch (API: 155490, Raw: 154722) Path: c:\documents and settings\janusz\ustawienia lokalne\dane aplikacji\mozilla\firefox\profiles\j8it8a7k.default\cache\_cache_002_ Status: Size mismatch (API: 117832, Raw: 115872) SSDT ------------------- #: 041 Function Name: NtCreateKey Status: Hooked by "spbj.sys" at address 0xb7eb50e0 #: 071 Function Name: NtEnumerateKey Status: Hooked by "spbj.sys" at address 0xb7ecdda4 #: 073 Function Name: NtEnumerateValueKey Status: Hooked by "spbj.sys" at address 0xb7ece132 #: 119 Function Name: NtOpenKey Status: Hooked by "spbj.sys" at address 0xb7eb50c0 #: 160 Function Name: NtQueryKey Status: Hooked by "spbj.sys" at address 0xb7ece20a #: 177 Function Name: NtQueryValueKey Status: Hooked by "spbj.sys" at address 0xb7ece08a #: 247 Function Name: NtSetValueKey Status: Hooked by "spbj.sys" at address 0xb7ece29c Stealth Objects ------------------- Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE] Process: System Address: 0x8a3481f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE] Process: System Address: 0x8a3481f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ] Process: System Address: 0x8a3481f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE] Process: System Address: 0x8a3481f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8a3481f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION] Process: System Address: 0x8a3481f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA] Process: System Address: 0x8a3481f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA] Process: System Address: 0x8a3481f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8a3481f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8a3481f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x8a3481f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8a3481f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x8a3481f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a3481f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN] Process: System Address: 0x8a3481f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8a3481f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP] Process: System Address: 0x8a3481f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x8a3481f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY] Process: System Address: 0x8a3481f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x8a3481f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA] Process: System Address: 0x8a3481f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP] Process: System Address: 0x8a3481f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE] Process: System Address: 0x8a2d81f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE] Process: System Address: 0x8a2d81f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_READ] Process: System Address: 0x8a2d81f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE] Process: System Address: 0x8a2d81f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8a2d81f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a2d81f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a2d81f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN] Process: System Address: 0x8a2d81f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_POWER] Process: System Address: 0x8a2d81f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a2d81f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_PNP] Process: System Address: 0x8a2d81f8 Size: 121 Object: Hidden Code [Driver: ayxhp9dgࠅఅ晤睤HDAudioMofNa, IRP_MJ_CREATE] Process: System Address: 0x89eda368 Size: 121 Object: Hidden Code [Driver: ayxhp9dgࠅఅ晤睤HDAudioMofNa, IRP_MJ_CLOSE] Process: System Address: 0x89eda368 Size: 121 Object: Hidden Code [Driver: ayxhp9dgࠅఅ晤睤HDAudioMofNa, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89eda368 Size: 121 Object: Hidden Code [Driver: ayxhp9dgࠅఅ晤睤HDAudioMofNa, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89eda368 Size: 121 Object: Hidden Code [Driver: ayxhp9dgࠅఅ晤睤HDAudioMofNa, IRP_MJ_POWER] Process: System Address: 0x89eda368 Size: 121 Object: Hidden Code [Driver: ayxhp9dgࠅఅ晤睤HDAudioMofNa, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89eda368 Size: 121 Object: Hidden Code [Driver: ayxhp9dgࠅఅ晤睤HDAudioMofNa, IRP_MJ_PNP] Process: System Address: 0x89eda368 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE] Process: System Address: 0x8a05b1f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE] Process: System Address: 0x8a05b1f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ] Process: System Address: 0x8a05b1f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE] Process: System Address: 0x8a05b1f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8a05b1f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a05b1f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a05b1f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN] Process: System Address: 0x8a05b1f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER] Process: System Address: 0x8a05b1f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a05b1f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP] Process: System Address: 0x8a05b1f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE] Process: System Address: 0x8a1241f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE] Process: System Address: 0x8a1241f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a1241f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a1241f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER] Process: System Address: 0x8a1241f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a1241f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP] Process: System Address: 0x8a1241f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE] Process: System Address: 0x8a34a1f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ] Process: System Address: 0x8a34a1f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE] Process: System Address: 0x8a34a1f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8a34a1f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a34a1f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a34a1f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN] Process: System Address: 0x8a34a1f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP] Process: System Address: 0x8a34a1f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER] Process: System Address: 0x8a34a1f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a34a1f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP] Process: System Address: 0x8a34a1f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE] Process: System Address: 0x89f591f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE] Process: System Address: 0x89f591f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89f591f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89f591f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP] Process: System Address: 0x89f591f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP] Process: System Address: 0x89f591f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE] Process: System Address: 0x8a10d3e8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE] Process: System Address: 0x8a10d3e8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a10d3e8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a10d3e8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER] Process: System Address: 0x8a10d3e8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a10d3e8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP] Process: System Address: 0x8a10d3e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE] Process: System Address: 0x8a1021f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x8a1021f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE] Process: System Address: 0x8a1021f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ] Process: System Address: 0x8a1021f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE] Process: System Address: 0x8a1021f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8a1021f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION] Process: System Address: 0x8a1021f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA] Process: System Address: 0x8a1021f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA] Process: System Address: 0x8a1021f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8a1021f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8a1021f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x8a1021f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8a1021f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x8a1021f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a1021f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a1021f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN] Process: System Address: 0x8a1021f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8a1021f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP] Process: System Address: 0x8a1021f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x8a1021f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x8a1021f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY] Process: System Address: 0x8a1021f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER] Process: System Address: 0x8a1021f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a1021f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x8a1021f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x8a1021f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA] Process: System Address: 0x8a1021f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP] Process: System Address: 0x8a1021f8 Size: 121 Object: Hidden Code [Driver: Cdfs؅ఝ癁⩧, IRP_MJ_CREATE] Process: System Address: 0x89fcd500 Size: 121 Object: Hidden Code [Driver: Cdfs؅ఝ癁⩧, IRP_MJ_CLOSE] Process: System Address: 0x89fcd500 Size: 121 Object: Hidden Code [Driver: Cdfs؅ఝ癁⩧, IRP_MJ_READ] Process: System Address: 0x89fcd500 Size: 121 Object: Hidden Code [Driver: Cdfs؅ఝ癁⩧, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x89fcd500 Size: 121 Object: Hidden Code [Driver: Cdfs؅ఝ癁⩧, IRP_MJ_SET_INFORMATION] Process: System Address: 0x89fcd500 Size: 121 Object: Hidden Code [Driver: Cdfs؅ఝ癁⩧, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x89fcd500 Size: 121 Object: Hidden Code [Driver: Cdfs؅ఝ癁⩧, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x89fcd500 Size: 121 Object: Hidden Code [Driver: Cdfs؅ఝ癁⩧, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x89fcd500 Size: 121 Object: Hidden Code [Driver: Cdfs؅ఝ癁⩧, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89fcd500 Size: 121 Object: Hidden Code [Driver: Cdfs؅ఝ癁⩧, IRP_MJ_SHUTDOWN] Process: System Address: 0x89fcd500 Size: 121 Object: Hidden Code [Driver: Cdfs؅ఝ癁⩧, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x89fcd500 Size: 121 Object: Hidden Code [Driver: Cdfs؅ఝ癁⩧, IRP_MJ_CLEANUP] Process: System Address: 0x89fcd500 Size: 121 Object: Hidden Code [Driver: Cdfs؅ఝ癁⩧, IRP_MJ_PNP] Process: System Address: 0x89fcd500 Size: 121 ==EOF==