ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2010/10/19 19:29 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP2 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xF1DE9000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF7AF4000 Size: 8192 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xBAAFA000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: c:\windows\wincmd.ini Status: Size mismatch (API: 2797, Raw: 2781) Path: C:\WINDOWS\Prefetch\ROOTREPEAL.EXE-01207B04.pf Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\Krystian\Dane aplikacji\uTorrent\resume.dat.new Status: Invisible to the Windows API! Path: C:\Documents and Settings\Krystian\Dane aplikacji\uTorrent\resume.dat.new Status: Invisible to the Windows API! Path: C:\Documents and Settings\Krystian\Dane aplikacji\uTorrent\RESUME~1.NE0 Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\Krystian\Dane aplikacji\uTorrent\RESUME~1.NE1 Status: Visible to the Windows API, but not on disk. Path: c:\documents and settings\krystian\ustawienia lokalne\dane aplikacji\mozilla\firefox\profiles\buch6skk.default\urlclassifier3.sqlite Status: Allocation size mismatch (API: 22921216, Raw: 17186816) Path: c:\documents and settings\krystian\ustawienia lokalne\dane aplikacji\mozilla\firefox\profiles\buch6skk.default\cache\_cache_001_ Status: Allocation size mismatch (API: 688128, Raw: 245760) Path: c:\documents and settings\krystian\ustawienia lokalne\dane aplikacji\mozilla\firefox\profiles\buch6skk.default\cache\_cache_002_ Status: Allocation size mismatch (API: 720896, Raw: 327680) Path: c:\documents and settings\krystian\ustawienia lokalne\dane aplikacji\mozilla\firefox\profiles\buch6skk.default\cache\_cache_003_ Status: Allocation size mismatch (API: 1015808, Raw: 802816) SSDT ------------------- #: 025 Function Name: NtClose Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf1ebe6b8 #: 041 Function Name: NtCreateKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf1ebe574 #: 065 Function Name: NtDeleteValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf1ebea52 #: 068 Function Name: NtDuplicateObject Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf1ebe14c #: 119 Function Name: NtOpenKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf1ebe64e #: 122 Function Name: NtOpenProcess Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf1ebe08c #: 128 Function Name: NtOpenThread Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf1ebe0f0 #: 177 Function Name: NtQueryValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf1ebe76e #: 204 Function Name: NtRestoreKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf1ebe72e #: 247 Function Name: NtSetValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf1ebe8ae ==EOF==