-
Junior Member
- Вес репутации
- 49
Что думаете по поводу лога ? (rootkit unhooker)
>SSDT State
NtClose
Actual Address 0xB1F3CCD2
Hooked by: D:\WINDOWS\System32\Drivers\aswSP.SYS
NtCreateKey
Actual Address 0xB1F3CB8E
Hooked by: D:\WINDOWS\System32\Drivers\aswSP.SYS
NtCreatePagingFile
Actual Address 0xB9E67B00
Hooked by: a347bus.sys
NtDeleteKey
Actual Address 0xB1F3D142
Hooked by: D:\WINDOWS\System32\Drivers\aswSP.SYS
NtDeleteValueKey
Actual Address 0xB1F3D06C
Hooked by: D:\WINDOWS\System32\Drivers\aswSP.SYS
NtDuplicateObject
Actual Address 0xB1F3C764
Hooked by: D:\WINDOWS\System32\Drivers\aswSP.SYS
NtEnumerateKey
Actual Address 0xB9E685DC
Hooked by: a347bus.sys
NtEnumerateValueKey
Actual Address 0xB9E74120
Hooked by: a347bus.sys
NtOpenFile
Actual Address 0xB9E67B40
Hooked by: a347bus.sys
NtOpenKey
Actual Address 0xB1F3CC68
Hooked by: D:\WINDOWS\System32\Drivers\aswSP.SYS
NtOpenProcess
Actual Address 0xB1F3C6A4
Hooked by: D:\WINDOWS\System32\Drivers\aswSP.SYS
NtOpenThread
Actual Address 0xB1F3C708
Hooked by: D:\WINDOWS\System32\Drivers\aswSP.SYS
NtQueryKey
Actual Address 0xB9E685FC
Hooked by: a347bus.sys
NtQueryValueKey
Actual Address 0xB1F3CD88
Hooked by: D:\WINDOWS\System32\Drivers\aswSP.SYS
NtRenameKey
Actual Address 0xB1F3D210
Hooked by: D:\WINDOWS\System32\Drivers\aswSP.SYS
NtRestoreKey
Actual Address 0xB1F3CD48
Hooked by: D:\WINDOWS\System32\Drivers\aswSP.SYS
NtSetSystemPowerState
Actual Address 0xB9E73550
Hooked by: a347bus.sys
NtSetValueKey
Actual Address 0xB1F3CEC8
Hooked by: D:\WINDOWS\System32\Drivers\aswSP.SYS
NtTerminateProcess
Actual Address 0xB2014620
Hooked by: C:\spa\SASKUTIL.SYS
>Shadow
>Processes
>Drivers
>Stealth
>Hooks
ntkrnlpa.exe+0x0002C904, Type: Inline - RelativeJump at address 0x80503904 hook handler located in [ntkrnlpa.exe]
ntkrnlpa.exe+0x0006DC5E, Type: Inline - RelativeJump at address 0x80544C5E hook handler located in [ntkrnlpa.exe]
ntkrnlpa.exe-->KeInsertQueueDpc, Type: Inline - RelativeJump at address 0x804FB4A4 hook handler located in [FStarForce.sys]
ntkrnlpa.exe-->NtCreateProcessEx, Type: Inline - RelativeJump at address 0x805CF966 hook handler located in [aswSP.SYS]
ntkrnlpa.exe-->NtCreateSection, Type: Inline - RelativeJump at address 0x805A9DE6 hook handler located in [aswSP.SYS]
ntkrnlpa.exe-->NtLoadDriver, Type: Inline - RelativeJump at address 0x80582DF6 hook handler located in [aswSP.SYS]
ntkrnlpa.exe-->ObInsertObject, Type: Inline - RelativeJump at address 0x805C1808 hook handler located in [aswSP.SYS]
ntkrnlpa.exe-->ObMakeTemporaryObject, Type: Inline - RelativeJump at address 0x805BAED2 hook handler located in [aswSP.SYS]
[708]services.exe-->advapi32.dll-->CreateProcessAsUserW, Type: IAT modification at address 0x010010F0 hook handler located in [unknown_code_page]
[708]services.exe-->kernel32.dll-->CreateProcessW, Type: IAT modification at address 0x0100117C hook handler located in [unknown_code_page]
!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)
-
Будь в курсе!
Будь в курсе!
Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:
-
-