API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 27th, 2017
46
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.76 KB | None | 0 0
raw download clone embed print report
  1. ROOTREPEAL (c) AD, 2007-2009
  2. ==================================================
  3. Scan Start Time: 2010/11/13 20:58
  4. Program Version: Version 1.3.5.0
  5. Windows Version: Windows XP SP2
  6. ==================================================
  7.  
  8. Drivers
  9. -------------------
  10. Name: dump_atapi.sys
  11. Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
  12. Address: 0xF6DA4000 Size: 98304 File Visible: No Signed: -
  13. Status: -
  14.  
  15. Name: dump_WMILIB.SYS
  16. Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
  17. Address: 0xF7A1B000 Size: 8192 File Visible: No Signed: -
  18. Status: -
  19.  
  20. Name: rootrepeal.sys
  21. Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
  22. Address: 0xF614D000 Size: 49152 File Visible: No Signed: -
  23. Status: -
  24.  
  25. SSDT
  26. -------------------
  27. #: 041 Function Name: NtCreateKey
  28. Status: Hooked by "<unknown>" at address 0xf7c254f6
  29.  
  30. #: 053 Function Name: NtCreateThread
  31. Status: Hooked by "<unknown>" at address 0xf7c254ec
  32.  
  33. #: 063 Function Name: NtDeleteKey
  34. Status: Hooked by "<unknown>" at address 0xf7c254fb
  35.  
  36. #: 065 Function Name: NtDeleteValueKey
  37. Status: Hooked by "<unknown>" at address 0xf7c25505
  38.  
  39. #: 098 Function Name: NtLoadKey
  40. Status: Hooked by "<unknown>" at address 0xf7c2550a
  41.  
  42. #: 122 Function Name: NtOpenProcess
  43. Status: Hooked by "<unknown>" at address 0xf7c254d8
  44.  
  45. #: 128 Function Name: NtOpenThread
  46. Status: Hooked by "<unknown>" at address 0xf7c254dd
  47.  
  48. #: 193 Function Name: NtReplaceKey
  49. Status: Hooked by "<unknown>" at address 0xf7c25514
  50.  
  51. #: 204 Function Name: NtRestoreKey
  52. Status: Hooked by "<unknown>" at address 0xf7c2550f
  53.  
  54. #: 247 Function Name: NtSetValueKey
  55. Status: Hooked by "<unknown>" at address 0xf7c25500
  56.  
  57. #: 257 Function Name: NtTerminateProcess
  58. Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS" at address 0xf6eac620
  59.  
  60. ==EOF==
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!