ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2011/01/16 19:58 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: atapi.sys Image Path: atapi.sys Address: 0xB9F0A000 Size: 96512 File Visible: - Signed: - Status: Hidden from the Windows API! Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xB571C000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xBA604000 Size: 8192 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xB359B000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\System Volume Information\_restore{756D7A8E-3C73-4FF7-9D48-674FDA5D67E9}\Fifoed\A0048950.lnk Status: Locked to the Windows API! Path: C:\Program Files\Nero\Nero 7\Nero CoverDesigner\NeroCoverDesigner_plk.chm Status: Locked to the Windows API! Path: c:\documents and settings\bueczka.asd-0ae2cd0e3d8\ustawienia lokalne\dane aplikacji\google\chrome\user data\default\current session Status: Size mismatch (API: 194167, Raw: 187065) Path: C:\Documents and Settings\bueczka.ASD-0AE2CD0E3D8\Pulpit\q2\q2\Paintball2\pball\models\weapons\g_autoc Status: Locked to the Windows API! Path: C:\Documents and Settings\bueczka.ASD-0AE2CD0E3D8\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Cache\f_000090 Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\bueczka.ASD-0AE2CD0E3D8\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Cache\f_000091 Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\bueczka.ASD-0AE2CD0E3D8\Pulpit\q2\q2\Paintball2\pball\models\weapons\g_68carbine\tris.md2 Status: Could not get file information (Error 0xc0000008) Path: \\?\C:\Documents and Settings\bueczka.ASD-0AE2CD0E3D8\Pulpit\q2\q2\Paintball2\pball\models\weapons\g_autoc\* Status: Could not enumerate files with the Windows API (0x00000017)! Path: C:\Documents and Settings\bueczka.ASD-0AE2CD0E3D8\Pulpit\q2\q2\Paintball2\pball\models\weapons\g_autoc\skin.jpg Status: Invisible to the Windows API! Path: C:\Documents and Settings\bueczka.ASD-0AE2CD0E3D8\Pulpit\q2\q2\Paintball2\pball\models\weapons\g_autoc\tris.md2 Status: Invisible to the Windows API! SSDT ------------------- #: 017 Function Name: NtAllocateVirtualMemory Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb5765728 #: 025 Function Name: NtClose Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb576c7ea #: 041 Function Name: NtCreateKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb576c6a2 #: 063 Function Name: NtDeleteKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb576cca8 #: 065 Function Name: NtDeleteValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb576cbbe #: 068 Function Name: NtDuplicateObject Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb576c276 #: 083 Function Name: NtFreeVirtualMemory Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb57657d8 #: 119 Function Name: NtOpenKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb576c77e #: 122 Function Name: NtOpenProcess Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb576c1b2 #: 128 Function Name: NtOpenThread Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb576c218 #: 137 Function Name: NtProtectVirtualMemory Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb5765870 #: 177 Function Name: NtQueryValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb576c8c2 #: 192 Function Name: NtRenameKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb576cd76 #: 204 Function Name: NtRestoreKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb576c880 #: 247 Function Name: NtSetValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb576ca04 ==EOF==