Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ROOTREPEAL (c) AD, 2007-2009
- ==================================================
- Scan Start Time: 2010/11/13 20:58
- Program Version: Version 1.3.5.0
- Windows Version: Windows XP SP2
- ==================================================
- Drivers
- -------------------
- Name: dump_atapi.sys
- Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
- Address: 0xF6DA4000 Size: 98304 File Visible: No Signed: -
- Status: -
- Name: dump_WMILIB.SYS
- Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
- Address: 0xF7A1B000 Size: 8192 File Visible: No Signed: -
- Status: -
- Name: rootrepeal.sys
- Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
- Address: 0xF614D000 Size: 49152 File Visible: No Signed: -
- Status: -
- SSDT
- -------------------
- #: 041 Function Name: NtCreateKey
- Status: Hooked by "<unknown>" at address 0xf7c254f6
- #: 053 Function Name: NtCreateThread
- Status: Hooked by "<unknown>" at address 0xf7c254ec
- #: 063 Function Name: NtDeleteKey
- Status: Hooked by "<unknown>" at address 0xf7c254fb
- #: 065 Function Name: NtDeleteValueKey
- Status: Hooked by "<unknown>" at address 0xf7c25505
- #: 098 Function Name: NtLoadKey
- Status: Hooked by "<unknown>" at address 0xf7c2550a
- #: 122 Function Name: NtOpenProcess
- Status: Hooked by "<unknown>" at address 0xf7c254d8
- #: 128 Function Name: NtOpenThread
- Status: Hooked by "<unknown>" at address 0xf7c254dd
- #: 193 Function Name: NtReplaceKey
- Status: Hooked by "<unknown>" at address 0xf7c25514
- #: 204 Function Name: NtRestoreKey
- Status: Hooked by "<unknown>" at address 0xf7c2550f
- #: 247 Function Name: NtSetValueKey
- Status: Hooked by "<unknown>" at address 0xf7c25500
- #: 257 Function Name: NtTerminateProcess
- Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS" at address 0xf6eac620
- ==EOF==
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement