ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2012/04/24 15:43 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\windows\System32\Drivers\dump_atapi.sys Address: 0xB430C000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\windows\System32\Drivers\dump_WMILIB.SYS Address: 0xB862C000 Size: 8192 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\windows\system32\drivers\rootrepeal.sys Address: 0xB184E000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\Documents and Settings\All Users\Dane aplikacji\AVG2012\Chjw\64ac8254ac822122.dat:e41c1339-3509-4312-a02e-160c48788754 Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\All Users\Dane aplikacji\AVG2012\Chjw\841c77dd1c77c926.dat:f970e151-0014-4111-9ffa-fd22fa3c4d54 Status: Visible to the Windows API, but not on disk. Path: c:\documents and settings\hyra\ustawienia lokalne\dane aplikacji\mozilla\firefox\profiles\33godsn9.default\cache\_cache_002_ Status: Size mismatch (API: 240544, Raw: 228349) Path: c:\documents and settings\hyra\ustawienia lokalne\dane aplikacji\mozilla\firefox\profiles\33godsn9.default\cache\_cache_003_ Status: Size mismatch (API: 922634, Raw: 809414) Path: C:\Documents and Settings\HYRA\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\33godsn9.default\Cache\2\5A Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\HYRA\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\33godsn9.default\Cache\2\C5 Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\HYRA\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\33godsn9.default\Cache\3\F2 Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\HYRA\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\33godsn9.default\Cache\5\8D Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\HYRA\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\33godsn9.default\Cache\A\8F Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\HYRA\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\33godsn9.default\Cache\B\EC Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\HYRA\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\33godsn9.default\Cache\D\14 Status: Visible to the Windows API, but not on disk. SSDT ------------------- #: 122 Function Name: NtOpenProcess Status: Hooked by "C:\windows\system32\DRIVERS\AVGIDSShim.Sys" at address 0xb3dd4f3c #: 257 Function Name: NtTerminateProcess Status: Hooked by "C:\windows\system32\DRIVERS\AVGIDSShim.Sys" at address 0xb3dd4fe4 #: 258 Function Name: NtTerminateThread Status: Hooked by "C:\windows\system32\DRIVERS\AVGIDSShim.Sys" at address 0xb3dd5080 #: 277 Function Name: NtWriteVirtualMemory Status: Hooked by "C:\windows\system32\DRIVERS\AVGIDSShim.Sys" at address 0xb3dd511c Shadow SSDT ------------------- #: 383 Function Name: NtUserGetAsyncKeyState Status: Hooked by "C:\windows\system32\DRIVERS\AVGIDSShim.Sys" at address 0xb3dd543a #: 414 Function Name: NtUserGetKeyboardState Status: Hooked by "C:\windows\system32\DRIVERS\AVGIDSShim.Sys" at address 0xb3dd53a6 #: 416 Function Name: NtUserGetKeyState Status: Hooked by "C:\windows\system32\DRIVERS\AVGIDSShim.Sys" at address 0xb3dd53e6 #: 549 Function Name: NtUserSetWindowsHookEx Status: Hooked by "C:\windows\system32\DRIVERS\AVGIDSShim.Sys" at address 0xb3dd5338 ==EOF==