API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 28th, 2017
112
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.50 KB | None | 0 0
raw download clone embed print report
  1. GMER 2.2.19882 - http://www.gmer.net
  2. Rootkit scan 2017-02-28 18:29:48
  3. Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3500418AS rev.CC46 465,76GB
  4. Running: vf4971kj.exe; Driver: C:\Users\Daniel\AppData\Local\Temp\kxldqpog.sys
  5.  
  6.  
  7. ---- User code sections - GMER 2.2 ----
  8.  
  9. .text C:\Program Files\ESET\ESET Smart Security Premium\ekrn.exe[796] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter 0000000077a19010 4 bytes [C3, 00, 00, 00]
  10. .text D:\Program Files (x86)\GameTracker\GSInGameService.exe[1708] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076dc1401 2 bytes JMP 774ab263 C:\Windows\syswow64\kernel32.dll
  11. .text D:\Program Files (x86)\GameTracker\GSInGameService.exe[1708] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076dc1419 2 bytes JMP 774ab38e C:\Windows\syswow64\kernel32.dll
  12. .text D:\Program Files (x86)\GameTracker\GSInGameService.exe[1708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076dc1431 2 bytes JMP 775290f1 C:\Windows\syswow64\kernel32.dll
  13. .text D:\Program Files (x86)\GameTracker\GSInGameService.exe[1708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076dc144a 2 bytes CALL 774848ad C:\Windows\syswow64\kernel32.dll
  14. .text ... * 9
  15. .text D:\Program Files (x86)\GameTracker\GSInGameService.exe[1708] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076dc14dd 2 bytes JMP 775289ea C:\Windows\syswow64\kernel32.dll
  16. .text D:\Program Files (x86)\GameTracker\GSInGameService.exe[1708] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076dc14f5 2 bytes JMP 77528bc0 C:\Windows\syswow64\kernel32.dll
  17. .text D:\Program Files (x86)\GameTracker\GSInGameService.exe[1708] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076dc150d 2 bytes JMP 775288e0 C:\Windows\syswow64\kernel32.dll
  18. .text D:\Program Files (x86)\GameTracker\GSInGameService.exe[1708] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076dc1525 2 bytes JMP 77528caa C:\Windows\syswow64\kernel32.dll
  19. .text D:\Program Files (x86)\GameTracker\GSInGameService.exe[1708] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076dc153d 2 bytes JMP 7749fce8 C:\Windows\syswow64\kernel32.dll
  20. .text D:\Program Files (x86)\GameTracker\GSInGameService.exe[1708] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076dc1555 2 bytes JMP 774a6937 C:\Windows\syswow64\kernel32.dll
  21. .text D:\Program Files (x86)\GameTracker\GSInGameService.exe[1708] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076dc156d 2 bytes JMP 775291a9 C:\Windows\syswow64\kernel32.dll
  22. .text D:\Program Files (x86)\GameTracker\GSInGameService.exe[1708] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076dc1585 2 bytes JMP 77528d0a C:\Windows\syswow64\kernel32.dll
  23. .text D:\Program Files (x86)\GameTracker\GSInGameService.exe[1708] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076dc159d 2 bytes JMP 775288a4 C:\Windows\syswow64\kernel32.dll
  24. .text D:\Program Files (x86)\GameTracker\GSInGameService.exe[1708] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076dc15b5 2 bytes JMP 7749fd81 C:\Windows\syswow64\kernel32.dll
  25. .text D:\Program Files (x86)\GameTracker\GSInGameService.exe[1708] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076dc15cd 2 bytes JMP 774ab324 C:\Windows\syswow64\kernel32.dll
  26. .text D:\Program Files (x86)\GameTracker\GSInGameService.exe[1708] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076dc16b2 2 bytes JMP 7752906c C:\Windows\syswow64\kernel32.dll
  27. .text D:\Program Files (x86)\GameTracker\GSInGameService.exe[1708] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076dc16bd 2 bytes JMP 77528839 C:\Windows\syswow64\kernel32.dll
  28. .text C:\Windows\SysWOW64\PnkBstrA.exe[2108] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000742117fa 2 bytes CALL 774811a9 C:\Windows\syswow64\kernel32.dll
  29. .text C:\Windows\SysWOW64\PnkBstrA.exe[2108] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000074211860 2 bytes CALL 774811a9 C:\Windows\syswow64\kernel32.dll
  30. .text C:\Windows\SysWOW64\PnkBstrA.exe[2108] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000074211942 2 bytes JMP 75876da1 C:\Windows\syswow64\WS2_32.dll
  31. .text C:\Windows\SysWOW64\PnkBstrA.exe[2108] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 000000007421194d 2 bytes JMP 7587e8de C:\Windows\syswow64\WS2_32.dll
  32. .text C:\Program Files (x86)\UCBrowser\Application\UCService.exe[2484] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076dc1401 2 bytes JMP 774ab263 C:\Windows\syswow64\kernel32.dll
  33. .text C:\Program Files (x86)\UCBrowser\Application\UCService.exe[2484] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076dc1419 2 bytes JMP 774ab38e C:\Windows\syswow64\kernel32.dll
  34. .text C:\Program Files (x86)\UCBrowser\Application\UCService.exe[2484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076dc1431 2 bytes JMP 775290f1 C:\Windows\syswow64\kernel32.dll
  35. .text C:\Program Files (x86)\UCBrowser\Application\UCService.exe[2484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076dc144a 2 bytes CALL 774848ad C:\Windows\syswow64\kernel32.dll
  36. .text ... * 9
  37. .text C:\Program Files (x86)\UCBrowser\Application\UCService.exe[2484] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076dc14dd 2 bytes JMP 775289ea C:\Windows\syswow64\kernel32.dll
  38. .text C:\Program Files (x86)\UCBrowser\Application\UCService.exe[2484] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076dc14f5 2 bytes JMP 77528bc0 C:\Windows\syswow64\kernel32.dll
  39. .text C:\Program Files (x86)\UCBrowser\Application\UCService.exe[2484] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076dc150d 2 bytes JMP 775288e0 C:\Windows\syswow64\kernel32.dll
  40. .text C:\Program Files (x86)\UCBrowser\Application\UCService.exe[2484] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076dc1525 2 bytes JMP 77528caa C:\Windows\syswow64\kernel32.dll
  41. .text C:\Program Files (x86)\UCBrowser\Application\UCService.exe[2484] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076dc153d 2 bytes JMP 7749fce8 C:\Windows\syswow64\kernel32.dll
  42. .text C:\Program Files (x86)\UCBrowser\Application\UCService.exe[2484] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076dc1555 2 bytes JMP 774a6937 C:\Windows\syswow64\kernel32.dll
  43. .text C:\Program Files (x86)\UCBrowser\Application\UCService.exe[2484] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076dc156d 2 bytes JMP 775291a9 C:\Windows\syswow64\kernel32.dll
  44. .text C:\Program Files (x86)\UCBrowser\Application\UCService.exe[2484] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076dc1585 2 bytes JMP 77528d0a C:\Windows\syswow64\kernel32.dll
  45. .text C:\Program Files (x86)\UCBrowser\Application\UCService.exe[2484] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076dc159d 2 bytes JMP 775288a4 C:\Windows\syswow64\kernel32.dll
  46. .text C:\Program Files (x86)\UCBrowser\Application\UCService.exe[2484] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076dc15b5 2 bytes JMP 7749fd81 C:\Windows\syswow64\kernel32.dll
  47. .text C:\Program Files (x86)\UCBrowser\Application\UCService.exe[2484] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076dc15cd 2 bytes JMP 774ab324 C:\Windows\syswow64\kernel32.dll
  48. .text C:\Program Files (x86)\UCBrowser\Application\UCService.exe[2484] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076dc16b2 2 bytes JMP 7752906c C:\Windows\syswow64\kernel32.dll
  49. .text C:\Program Files (x86)\UCBrowser\Application\UCService.exe[2484] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076dc16bd 2 bytes JMP 77528839 C:\Windows\syswow64\kernel32.dll
  50.  
  51. ---- Modules - GMER 2.2 ----
  52.  
  53. Module \??\C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys fffff880041eb000-fffff880041fa000 (61440 bytes)
  54.  
  55. ---- Files - GMER 2.2 ----
  56.  
  57. ADS C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys 50888 bytes executable <-- ROOTKIT !!!
  58. ADS C:\Program Files (x86)\UCBrowser\Security:x64 748304 bytes executable
  59. ADS C:\Program Files (x86)\UCBrowser\Security:x86 610576 bytes executable
  60.  
  61. ---- Services - GMER 2.2 ----
  62.  
  63. Service C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [SYSTEM] ucdrv <-- ROOTKIT !!!
  64.  
  65. ---- EOF - GMER 2.2 ----
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!