ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2011/01/10 20:40 Program Version: Version 1.3.5.0 Windows Version: Windows Vista SP2 ================================================== Drivers ------------------- Name: dump_iaStor.sys Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys Address: 0x8CA0A000 Size: 1789952 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\Windows\system32\drivers\rootrepeal.sys Address: 0xA2149000 Size: 49152 File Visible: No Signed: - Status: - Name: sphj.sys Image Path: C:\Windows\System32\Drivers\sphj.sys Address: 0x82E85000 Size: 1036288 File Visible: No Signed: - Status: - Name: sptd Image Path: \Driver\sptd Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Processes ------------------- Path: System PID: 4 Status: Locked to the Windows API! Path: C:\WINDOWS\System32\audiodg.exe PID: 1288 Status: Locked to the Windows API! Stealth Objects ------------------- Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ] Process: System Address: 0x8581a1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8581a1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA] Process: System Address: 0x8581a1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA] Process: System Address: 0x8581a1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8581a1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8581a1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x8581a1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8581a1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x8581a1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8581a1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN] Process: System Address: 0x8581a1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8581a1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x8581a1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY] Process: System Address: 0x8581a1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x8581a1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA] Process: System Address: 0x8581a1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP] Process: System Address: 0x8581a1f8 Size: 121 Object: Hidden Code [Driver: ai1041c2П牄蟰襦襻, IRP_MJ_CREATE] Process: System Address: 0x882b01f8 Size: 121 Object: Hidden Code [Driver: ai1041c2П牄蟰襦襻, IRP_MJ_CLOSE] Process: System Address: 0x882b01f8 Size: 121 Object: Hidden Code [Driver: ai1041c2П牄蟰襦襻, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x882b01f8 Size: 121 Object: Hidden Code [Driver: ai1041c2П牄蟰襦襻, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x882b01f8 Size: 121 Object: Hidden Code [Driver: ai1041c2П牄蟰襦襻, IRP_MJ_POWER] Process: System Address: 0x882b01f8 Size: 121 Object: Hidden Code [Driver: ai1041c2П牄蟰襦襻, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x882b01f8 Size: 121 Object: Hidden Code [Driver: ai1041c2П牄蟰襦襻, IRP_MJ_PNP] Process: System Address: 0x882b01f8 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_CREATE] Process: System Address: 0x882af1f8 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_CLOSE] Process: System Address: 0x882af1f8 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_READ] Process: System Address: 0x882af1f8 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_WRITE] Process: System Address: 0x882af1f8 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x882af1f8 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x882af1f8 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x882af1f8 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_SHUTDOWN] Process: System Address: 0x882af1f8 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_POWER] Process: System Address: 0x882af1f8 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x882af1f8 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_PNP] Process: System Address: 0x882af1f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE] Process: System Address: 0x858181f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE] Process: System Address: 0x858181f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x858181f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x858181f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_POWER] Process: System Address: 0x858181f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x858181f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_PNP] Process: System Address: 0x858181f8 Size: 121 Object: Hidden Code [Driver: usbuhci蝒Ѝ䵆汳`វ껛វ껛膨蜼ᝰ껛, IRP_MJ_CREATE] Process: System Address: 0x880d11f8 Size: 121 Object: Hidden Code [Driver: usbuhci蝒Ѝ䵆汳`វ껛វ껛膨蜼ᝰ껛, IRP_MJ_CLOSE] Process: System Address: 0x880d11f8 Size: 121 Object: Hidden Code [Driver: usbuhci蝒Ѝ䵆汳`វ껛វ껛膨蜼ᝰ껛, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x880d11f8 Size: 121 Object: Hidden Code [Driver: usbuhci蝒Ѝ䵆汳`វ껛វ껛膨蜼ᝰ껛, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x880d11f8 Size: 121 Object: Hidden Code [Driver: usbuhci蝒Ѝ䵆汳`វ껛វ껛膨蜼ᝰ껛, IRP_MJ_POWER] Process: System Address: 0x880d11f8 Size: 121 Object: Hidden Code [Driver: usbuhci蝒Ѝ䵆汳`វ껛វ껛膨蜼ᝰ껛, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x880d11f8 Size: 121 Object: Hidden Code [Driver: usbuhci蝒Ѝ䵆汳`វ껛វ껛膨蜼ᝰ껛, IRP_MJ_PNP] Process: System Address: 0x880d11f8 Size: 121 Object: Hidden Code [Driver: Smb, IRP_MJ_CREATE] Process: System Address: 0x8fc2b500 Size: 121 Object: Hidden Code [Driver: Smb, IRP_MJ_CLOSE] Process: System Address: 0x8fc2b500 Size: 121 Object: Hidden Code [Driver: Smb, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8fc2b500 Size: 121 Object: Hidden Code [Driver: Smb, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8fc2b500 Size: 121 Object: Hidden Code [Driver: Smb, IRP_MJ_CLEANUP] Process: System Address: 0x8fc2b500 Size: 121 Object: Hidden Code [Driver: Smb, IRP_MJ_PNP] Process: System Address: 0x8fc2b500 Size: 121 Object: Hidden Code [Driver: Ђ浍慐Ҩ迚Ѕ, IRP_MJ_CREATE] Process: System Address: 0x8fd43500 Size: 121 Object: Hidden Code [Driver: Ђ浍慐Ҩ迚Ѕ, IRP_MJ_CLOSE] Process: System Address: 0x8fd43500 Size: 121 Object: Hidden Code [Driver: Ђ浍慐Ҩ迚Ѕ, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8fd43500 Size: 121 Object: Hidden Code [Driver: Ђ浍慐Ҩ迚Ѕ, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8fd43500 Size: 121 Object: Hidden Code [Driver: Ђ浍慐Ҩ迚Ѕ, IRP_MJ_CLEANUP] Process: System Address: 0x8fd43500 Size: 121 Object: Hidden Code [Driver: Ђ浍慐Ҩ迚Ѕ, IRP_MJ_PNP] Process: System Address: 0x8fd43500 Size: 121 Object: Hidden Code [Driver: iScsiPrtП牄蟰襦玈豊, IRP_MJ_CREATE] Process: System Address: 0x883941f8 Size: 121 Object: Hidden Code [Driver: iScsiPrtП牄蟰襦玈豊, IRP_MJ_CLOSE] Process: System Address: 0x883941f8 Size: 121 Object: Hidden Code [Driver: iScsiPrtП牄蟰襦玈豊, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x883941f8 Size: 121 Object: Hidden Code [Driver: iScsiPrtП牄蟰襦玈豊, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x883941f8 Size: 121 Object: Hidden Code [Driver: iScsiPrtП牄蟰襦玈豊, IRP_MJ_POWER] Process: System Address: 0x883941f8 Size: 121 Object: Hidden Code [Driver: iScsiPrtП牄蟰襦玈豊, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x883941f8 Size: 121 Object: Hidden Code [Driver: iScsiPrtП牄蟰襦玈豊, IRP_MJ_PNP] Process: System Address: 0x883941f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE] Process: System Address: 0x84a5a1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_READ] Process: System Address: 0x84a5a1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE] Process: System Address: 0x84a5a1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x84a5a1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x84a5a1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x84a5a1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN] Process: System Address: 0x84a5a1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP] Process: System Address: 0x84a5a1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER] Process: System Address: 0x84a5a1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x84a5a1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP] Process: System Address: 0x84a5a1f8 Size: 121 Object: Hidden Code [Driver: usbehci潉Ђ扦浄㡈轄ܜ芔Ѕ浍汤, IRP_MJ_CREATE] Process: System Address: 0x880d01f8 Size: 121 Object: Hidden Code [Driver: usbehci潉Ђ扦浄㡈轄ܜ芔Ѕ浍汤, IRP_MJ_CLOSE] Process: System Address: 0x880d01f8 Size: 121 Object: Hidden Code [Driver: usbehci潉Ђ扦浄㡈轄ܜ芔Ѕ浍汤, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x880d01f8 Size: 121 Object: Hidden Code [Driver: usbehci潉Ђ扦浄㡈轄ܜ芔Ѕ浍汤, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x880d01f8 Size: 121 Object: Hidden Code [Driver: usbehci潉Ђ扦浄㡈轄ܜ芔Ѕ浍汤, IRP_MJ_POWER] Process: System Address: 0x880d01f8 Size: 121 Object: Hidden Code [Driver: usbehci潉Ђ扦浄㡈轄ܜ芔Ѕ浍汤, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x880d01f8 Size: 121 Object: Hidden Code [Driver: usbehci潉Ђ扦浄㡈轄ܜ芔Ѕ浍汤, IRP_MJ_PNP] Process: System Address: 0x880d01f8 Size: 121 Object: Hidden Code [Driver: msahci, IRP_MJ_POWER] Process: System Address: 0x858191f8 Size: 121 Object: Hidden Code [Driver: msahci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x858191f8 Size: 121 Object: Hidden Code [Driver: msahci, IRP_MJ_PNP] Process: System Address: 0x858191f8 Size: 121 Object: Hidden Code [Driver: mrxsmb݄芔Ѕ潉†, IRP_MJ_CREATE] Process: System Address: 0x8814b500 Size: 121 Object: Hidden Code [Driver: mrxsmb݄芔Ѕ潉†, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x8814b500 Size: 121 Object: Hidden Code [Driver: mrxsmb݄芔Ѕ潉†, IRP_MJ_CLOSE] Process: System Address: 0x8814b500 Size: 121 Object: Hidden Code [Driver: mrxsmb݄芔Ѕ潉†, IRP_MJ_READ] Process: System Address: 0x8814b500 Size: 121 Object: Hidden Code [Driver: mrxsmb݄芔Ѕ潉†, IRP_MJ_WRITE] Process: System Address: 0x8814b500 Size: 121 Object: Hidden Code [Driver: mrxsmb݄芔Ѕ潉†, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8814b500 Size: 121 Object: Hidden Code [Driver: mrxsmb݄芔Ѕ潉†, IRP_MJ_SET_INFORMATION] Process: System Address: 0x8814b500 Size: 121 Object: Hidden Code [Driver: mrxsmb݄芔Ѕ潉†, IRP_MJ_QUERY_EA] Process: System Address: 0x8814b500 Size: 121 Object: Hidden Code [Driver: mrxsmb݄芔Ѕ潉†, IRP_MJ_SET_EA] Process: System Address: 0x8814b500 Size: 121 Object: Hidden Code [Driver: mrxsmb݄芔Ѕ潉†, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8814b500 Size: 121 Object: Hidden Code [Driver: mrxsmb݄芔Ѕ潉†, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8814b500 Size: 121 Object: Hidden Code [Driver: mrxsmb݄芔Ѕ潉†, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x8814b500 Size: 121 Object: Hidden Code [Driver: mrxsmb݄芔Ѕ潉†, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8814b500 Size: 121 Object: Hidden Code [Driver: mrxsmb݄芔Ѕ潉†, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x8814b500 Size: 121 Object: Hidden Code [Driver: mrxsmb݄芔Ѕ潉†, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8814b500 Size: 121 Object: Hidden Code [Driver: mrxsmb݄芔Ѕ潉†, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8814b500 Size: 121 Object: Hidden Code [Driver: mrxsmb݄芔Ѕ潉†, IRP_MJ_SHUTDOWN] Process: System Address: 0x8814b500 Size: 121 Object: Hidden Code [Driver: mrxsmb݄芔Ѕ潉†, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8814b500 Size: 121 Object: Hidden Code [Driver: mrxsmb݄芔Ѕ潉†, IRP_MJ_CLEANUP] Process: System Address: 0x8814b500 Size: 121 Object: Hidden Code [Driver: mrxsmb݄芔Ѕ潉†, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x8814b500 Size: 121 Object: Hidden Code [Driver: mrxsmb݄芔Ѕ潉†, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x8814b500 Size: 121 Object: Hidden Code [Driver: mrxsmb݄芔Ѕ潉†, IRP_MJ_SET_SECURITY] Process: System Address: 0x8814b500 Size: 121 Object: Hidden Code [Driver: mrxsmb݄芔Ѕ潉†, IRP_MJ_POWER] Process: System Address: 0x8814b500 Size: 121 Object: Hidden Code [Driver: mrxsmb݄芔Ѕ潉†, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8814b500 Size: 121 Object: Hidden Code [Driver: mrxsmb݄芔Ѕ潉†, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x8814b500 Size: 121 Object: Hidden Code [Driver: mrxsmb݄芔Ѕ潉†, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x8814b500 Size: 121 Object: Hidden Code [Driver: mrxsmb݄芔Ѕ潉†, IRP_MJ_SET_QUOTA] Process: System Address: 0x8814b500 Size: 121 Object: Hidden Code [Driver: mrxsmb݄芔Ѕ潉†, IRP_MJ_PNP] Process: System Address: 0x8814b500 Size: 121 Object: Hidden Code [Driver: cdfs噎䵒薠ꁘ㚀ꃍБ浍慃돸껎萴ꁳ, IRP_MJ_CREATE] Process: System Address: 0x80da41f8 Size: 121 Object: Hidden Code [Driver: cdfs噎䵒薠ꁘ㚀ꃍБ浍慃돸껎萴ꁳ, IRP_MJ_CLOSE] Process: System Address: 0x80da41f8 Size: 121 Object: Hidden Code [Driver: cdfs噎䵒薠ꁘ㚀ꃍБ浍慃돸껎萴ꁳ, IRP_MJ_READ] Process: System Address: 0x80da41f8 Size: 121 Object: Hidden Code [Driver: cdfs噎䵒薠ꁘ㚀ꃍБ浍慃돸껎萴ꁳ, IRP_MJ_WRITE] Process: System Address: 0x80da41f8 Size: 121 Object: Hidden Code [Driver: cdfs噎䵒薠ꁘ㚀ꃍБ浍慃돸껎萴ꁳ, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x80da41f8 Size: 121 Object: Hidden Code [Driver: cdfs噎䵒薠ꁘ㚀ꃍБ浍慃돸껎萴ꁳ, IRP_MJ_SET_INFORMATION] Process: System Address: 0x80da41f8 Size: 121 Object: Hidden Code [Driver: cdfs噎䵒薠ꁘ㚀ꃍБ浍慃돸껎萴ꁳ, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x80da41f8 Size: 121 Object: Hidden Code [Driver: cdfs噎䵒薠ꁘ㚀ꃍБ浍慃돸껎萴ꁳ, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x80da41f8 Size: 121 Object: Hidden Code [Driver: cdfs噎䵒薠ꁘ㚀ꃍБ浍慃돸껎萴ꁳ, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x80da41f8 Size: 121 Object: Hidden Code [Driver: cdfs噎䵒薠ꁘ㚀ꃍБ浍慃돸껎萴ꁳ, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x80da41f8 Size: 121 Object: Hidden Code [Driver: cdfs噎䵒薠ꁘ㚀ꃍБ浍慃돸껎萴ꁳ, IRP_MJ_SHUTDOWN] Process: System Address: 0x80da41f8 Size: 121 Object: Hidden Code [Driver: cdfs噎䵒薠ꁘ㚀ꃍБ浍慃돸껎萴ꁳ, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x80da41f8 Size: 121 Object: Hidden Code [Driver: cdfs噎䵒薠ꁘ㚀ꃍБ浍慃돸껎萴ꁳ, IRP_MJ_CLEANUP] Process: System Address: 0x80da41f8 Size: 121 Object: Hidden Code [Driver: cdfs噎䵒薠ꁘ㚀ꃍБ浍慃돸껎萴ꁳ, IRP_MJ_PNP] Process: System Address: 0x80da41f8 Size: 121 ==EOF==