API tools faq
paste
Guest User

Untitled

a guest
Apr 8th, 2013
27
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.58 KB | None | 0 0
raw download clone embed print report
  1. GMER 2.1.19163 - http://www.gmer.net
  2. Rootkit scan 2013-04-08 21:11:20
  3. Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Intel___ rev.1.0. 931,52GB
  4. Running: 299vbv0i.exe; Driver: C:\Users\Jacek\AppData\Local\Temp\pxldypog.sys
  5.  
  6.  
  7. ---- Kernel code sections - GMER 2.1 ----
  8.  
  9. .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff960001a3c00 7 bytes [00, 96, F3, FF, 01, A2, F0]
  10. .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff960001a3c08 3 bytes [C0, 06, 02]
  11. .text ... * 112
  12. .text C:\Windows\System32\win32k.sys!BRUSHOBJ_pvGetRbrush + 432 fffff9600025b878 8 bytes [00, 88, E2, 04, 80, F8, FF, ...]
  13. .text C:\Windows\System32\win32k.sys!BRUSHOBJ_hGetColorTransform + 468 fffff9600025ba88 8 bytes [D0, 88, E2, 04, 80, F8, FF, ...]
  14. .text C:\Windows\System32\win32k.sys!EngReleaseFastMutex + 8 fffff9600025c538 8 bytes [D8, 97, E2, 04, 80, F8, FF, ...]
  15. .text C:\Windows\System32\win32k.sys!EngGetLastError + 792 fffff9600025c8d8 8 bytes [BC, 8E, E2, 04, 80, F8, FF, ...]
  16. .text C:\Windows\System32\win32k.sys!EngQueryPerformanceFrequency + 8 fffff9600025ce08 8 bytes [B0, 89, E2, 04, 80, F8, FF, ...]
  17. .text C:\Windows\System32\win32k.sys!EngFreeSectionMem + 76 fffff9600025cf28 8 bytes [E4, A0, E2, 04, 80, F8, FF, ...]
  18. .text C:\Windows\System32\win32k.sys!EngGetProcessHandle + 398 fffff9600026291a 6 bytes {JMP QWORD [RIP-0x17aa38]}
  19. .text C:\Windows\System32\win32k.sys!EngCreateBitmap + 44 fffff96000264448 8 bytes [E0, 8B, E2, 04, 80, F8, FF, ...]
  20. .text C:\Windows\System32\win32k.sys!EngCTGetCurrentGamma + 40 fffff96000268d98 8 bytes [60, 8A, E2, 04, 80, F8, FF, ...]
  21. .text C:\Windows\System32\win32k.sys!EngCreateRectRgn + 48 fffff9600026cfc8 8 bytes [F8, 8F, E2, 04, 80, F8, FF, ...]
  22. .text C:\Windows\System32\win32k.sys!EngGetFileChangeTime + 304 fffff9600026d8c8 8 bytes [1C, 91, E2, 04, 80, F8, FF, ...]
  23. .text C:\Windows\System32\win32k.sys!EngCreateDriverObj + 164 fffff96000287878 8 bytes [E4, 9B, E2, 04, 80, F8, FF, ...]
  24. .text C:\Windows\System32\win32k.sys!EngUnlockDriverObj + 44 fffff960002878d8 8 bytes [78, 8F, E2, 04, 80, F8, FF, ...]
  25. .text C:\Windows\System32\win32k.sys!EngLoadModuleForWrite + 16 fffff9600029e118 8 bytes {CALL QWORD [RAX+0x4e29a6c]}
  26. .text C:\Windows\System32\win32k.sys!EngUnmapFile + 944 fffff9600029e7e8 8 bytes [D4, 93, E2, 04, 80, F8, FF, ...]
  27. .text C:\Windows\System32\win32k.sys!EngGetPrinterDataFileName + 8 fffff9600029e7f8 8 bytes [E0, 92, E2, 04, 80, F8, FF, ...]
  28.  
  29. ---- User code sections - GMER 2.1 ----
  30.  
  31. .text C:\Windows\Explorer.EXE[2524] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefd7545c1 5 bytes {JMP QWORD [RIP-0x7fef458e]}
  32. .text C:\Windows\Explorer.EXE[2524] C:\Windows\system32\WS2_32.dll!getsockname 000007fefd759480 6 bytes {JMP QWORD [RIP-0x7fed9416]}
  33. .text C:\Windows\Explorer.EXE[2524] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefd77e0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]}
  34. .text C:\Windows\Explorer.EXE[2524] C:\Windows\system32\WS2_32.dll!getpeername 000007fefd77e450 6 bytes {JMP QWORD [RIP-0x7fefe3ae]}
  35.  
  36. ---- Disk sectors - GMER 2.1 ----
  37.  
  38. Disk \Device\Harddisk0\DR0 unknown MBR code
  39.  
  40. ---- EOF - GMER 2.1 ----
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!