ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2012/02/01 18:36 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: atapi.sys Image Path: atapi.sys Address: 0xF7499000 Size: 96512 File Visible: - Signed: - Status: Hidden from the Windows API! Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xAD338000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF79BD000 Size: 8192 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xAA12E000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\WINDOWS\Temp\sig8.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\karol dawid\Pulpit\HCKlog - Microsoft Automatyczne naprawianie systemu.log:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} Status: Visible to the Windows API, but not on disk. SSDT ------------------- #: 009 Function Name: NtAddBootEntry Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xad579fc4 #: 017 Function Name: NtAllocateVirtualMemory Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xad5de510 #: 025 Function Name: NtClose Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xad59d6a9 #: 035 Function Name: NtCreateEvent Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xad57c456 #: 036 Function Name: NtCreateEventPair Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xad57c4ae #: 038 Function Name: NtCreateIoCompletion Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xad57c5c4 #: 041 Function Name: NtCreateKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xad59d05d #: 043 Function Name: NtCreateMutant Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xad57c3ac #: 050 Function Name: NtCreateSection Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xad57c4fe #: 051 Function Name: NtCreateSemaphore Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xad57c400 #: 054 Function Name: NtCreateTimer Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xad57c572 #: 061 Function Name: NtDeleteBootEntry Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xad579fe8 #: 063 Function Name: NtDeleteKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xad59dd6f #: 065 Function Name: NtDeleteValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xad59e025 #: 068 Function Name: NtDuplicateObject Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xad57c848 #: 071 Function Name: NtEnumerateKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xad59dbda #: 073 Function Name: NtEnumerateValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xad59da45 #: 083 Function Name: NtFreeVirtualMemory Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xad5de5c0 #: 097 Function Name: NtLoadDriver Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xad579db2 #: 109 Function Name: NtModifyBootEntry Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xad57a00c #: 111 Function Name: NtNotifyChangeKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xad57c9bc #: 112 Function Name: NtNotifyChangeMultipleKeys Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xad57aaa4 #: 114 Function Name: NtOpenEvent Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xad57c486 #: 115 Function Name: NtOpenEventPair Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xad57c4d6 #: 117 Function Name: NtOpenIoCompletion Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xad57c5ee #: 119 Function Name: NtOpenKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xad59d3b9 #: 120 Function Name: NtOpenMutant Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xad57c3d8 #: 122 Function Name: NtOpenProcess Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xad57c680 #: 125 Function Name: NtOpenSection Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xad57c53e #: 126 Function Name: NtOpenSemaphore Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xad57c42e #: 128 Function Name: NtOpenThread Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xad57c764 #: 131 Function Name: NtOpenTimer Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xad57c59c #: 137 Function Name: NtProtectVirtualMemory Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xad5de658 #: 160 Function Name: NtQueryKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xad59d8c0 #: 163 Function Name: NtQueryObject Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xad57a96a #: 177 Function Name: NtQueryValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xad59d712 #: 192 Function Name: NtRenameKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xad5e69e6 #: 204 Function Name: NtRestoreKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xad59c6d0 #: 211 Function Name: NtSetBootEntryOrder Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xad57a030 #: 212 Function Name: NtSetBootOptions Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xad57a054 #: 240 Function Name: NtSetSystemInformation Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xad579e0c #: 241 Function Name: NtSetSystemPowerState Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xad579f48 #: 247 Function Name: NtSetValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xad59de76 #: 249 Function Name: NtShutdownSystem Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xad579f24 #: 255 Function Name: NtSystemDebugControl Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xad579f6c #: 268 Function Name: NtVdmControl Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xad57a078 ==EOF==