Forum » Pomoč in nasveti » Rootkiti
Rootkiti
booz ::
Oj.
Pregledal z rootkit hook analyzer. Je resno?
Service name Syscall Address Hooked Module Product Company Description
--------------------------------------------------------------------------------------------------------------------------------------------------
NtAssignProcessToJobObject, ZwAssignProcessToJobObject 19 0xEEBBA880 YES Sandbox.SYS
NtClose, ZwClose 25 0xEEBACBB0 YES Sandbox.SYS
NtCreateFile, ZwCreateFile 37 0xEEBAA1B0 YES Sandbox.SYS
NtCreateKey, ZwCreateKey 41 0xEEBB0F70 YES Sandbox.SYS
NtCreateProcess, ZwCreateProcess 47 0xEEBB80F0 YES Sandbox.SYS
NtCreateProcessEx, ZwCreateProcessEx 48 0xEEBB87C0 YES Sandbox.SYS
NtCreateSection, ZwCreateSection 50 0xEEBA9470 YES Sandbox.SYS
NtCreateSymbolicLinkObject, ZwCreateSymbolicLinkObject 52 0xEEBB0D70 YES Sandbox.SYS
NtDeleteFile, ZwDeleteFile 62 0xEEBAFF40 YES Sandbox.SYS
NtDeleteKey, ZwDeleteKey 63 0xEEBB21C0 YES Sandbox.SYS
NtDeleteValueKey, ZwDeleteValueKey 65 0xEEBB6530 YES Sandbox.SYS
NtLoadDriver, ZwLoadDriver 97 0xEEBB6EE0 YES Sandbox.SYS
NtMakeTemporaryObject, ZwMakeTemporaryObject 105 0xEEBB06C0 YES Sandbox.SYS
NtOpenFile, ZwOpenFile 116 0xEEBABAA0 YES Sandbox.SYS
NtOpenKey, ZwOpenKey 119 0xEEBB1BA0 YES Sandbox.SYS
NtOpenProcess, ZwOpenProcess 122 0xEEBB8EA0 YES Sandbox.SYS
NtOpenSection, ZwOpenSection 125 0xEEBA9B70 YES Sandbox.SYS
NtProtectVirtualMemory, ZwProtectVirtualMemory 137 0xEEBBB640 YES Sandbox.SYS
NtQueryDirectoryFile, ZwQueryDirectoryFile 145 0xEEBACFE0 YES Sandbox.SYS
NtQueryKey, ZwQueryKey 160 0xEEBB2B50 YES Sandbox.SYS
NtQueryValueKey, ZwQueryValueKey 177 0xEEBB31B0 YES Sandbox.SYS
NtReplaceKey, ZwReplaceKey 193 0xEEBB4280 YES Sandbox.SYS
NtRestoreKey, ZwRestoreKey 204 0xEEBB5EC0 YES Sandbox.SYS
NtSaveKey, ZwSaveKey 207 0xEEBB51F0 YES Sandbox.SYS
NtSaveKeyEx, ZwSaveKeyEx 208 0xEEBB5850 YES Sandbox.SYS
NtSetInformationFile, ZwSetInformationFile 224 0xEEBAE160 YES Sandbox.SYS
NtTerminateThread, ZwTerminateThread 258 0xEEBBA080 YES Sandbox.SYS
NtUnloadDriver, ZwUnloadDriver 262 0xEEBB7420 YES Sandbox.SYS
Pregledal z rootkit hook analyzer. Je resno?
Service name Syscall Address Hooked Module Product Company Description
--------------------------------------------------------------------------------------------------------------------------------------------------
NtAssignProcessToJobObject, ZwAssignProcessToJobObject 19 0xEEBBA880 YES Sandbox.SYS
NtClose, ZwClose 25 0xEEBACBB0 YES Sandbox.SYS
NtCreateFile, ZwCreateFile 37 0xEEBAA1B0 YES Sandbox.SYS
NtCreateKey, ZwCreateKey 41 0xEEBB0F70 YES Sandbox.SYS
NtCreateProcess, ZwCreateProcess 47 0xEEBB80F0 YES Sandbox.SYS
NtCreateProcessEx, ZwCreateProcessEx 48 0xEEBB87C0 YES Sandbox.SYS
NtCreateSection, ZwCreateSection 50 0xEEBA9470 YES Sandbox.SYS
NtCreateSymbolicLinkObject, ZwCreateSymbolicLinkObject 52 0xEEBB0D70 YES Sandbox.SYS
NtDeleteFile, ZwDeleteFile 62 0xEEBAFF40 YES Sandbox.SYS
NtDeleteKey, ZwDeleteKey 63 0xEEBB21C0 YES Sandbox.SYS
NtDeleteValueKey, ZwDeleteValueKey 65 0xEEBB6530 YES Sandbox.SYS
NtLoadDriver, ZwLoadDriver 97 0xEEBB6EE0 YES Sandbox.SYS
NtMakeTemporaryObject, ZwMakeTemporaryObject 105 0xEEBB06C0 YES Sandbox.SYS
NtOpenFile, ZwOpenFile 116 0xEEBABAA0 YES Sandbox.SYS
NtOpenKey, ZwOpenKey 119 0xEEBB1BA0 YES Sandbox.SYS
NtOpenProcess, ZwOpenProcess 122 0xEEBB8EA0 YES Sandbox.SYS
NtOpenSection, ZwOpenSection 125 0xEEBA9B70 YES Sandbox.SYS
NtProtectVirtualMemory, ZwProtectVirtualMemory 137 0xEEBBB640 YES Sandbox.SYS
NtQueryDirectoryFile, ZwQueryDirectoryFile 145 0xEEBACFE0 YES Sandbox.SYS
NtQueryKey, ZwQueryKey 160 0xEEBB2B50 YES Sandbox.SYS
NtQueryValueKey, ZwQueryValueKey 177 0xEEBB31B0 YES Sandbox.SYS
NtReplaceKey, ZwReplaceKey 193 0xEEBB4280 YES Sandbox.SYS
NtRestoreKey, ZwRestoreKey 204 0xEEBB5EC0 YES Sandbox.SYS
NtSaveKey, ZwSaveKey 207 0xEEBB51F0 YES Sandbox.SYS
NtSaveKeyEx, ZwSaveKeyEx 208 0xEEBB5850 YES Sandbox.SYS
NtSetInformationFile, ZwSetInformationFile 224 0xEEBAE160 YES Sandbox.SYS
NtTerminateThread, ZwTerminateThread 258 0xEEBBA080 YES Sandbox.SYS
NtUnloadDriver, ZwUnloadDriver 262 0xEEBB7420 YES Sandbox.SYS
Vredno ogleda ...
| Tema | Ogledi | Zadnje sporočilo | |
|---|---|---|---|
| Tema | Ogledi | Zadnje sporočilo | |
| » | Š čim temeljito pretestirate PC?Oddelek: Pomoč in nasveti | 1200 (865) | fosil |
| » | mysql 5.0.16 gentooOddelek: Operacijski sistemi | 1263 (1181) | yimi |
| » | LG GSA-4120B dela probleme pri pečenju DL DVD+RjevOddelek: Strojna oprema | 1702 (1511) | mtosev |
| » | Lag pri filmčkih v špilihOddelek: Igre | 2340 (2202) | Matev |