GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-03-19 16:27:07 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHZ2160BH_G2 rev.008B000B 149,05GB Running: re8skfw9.exe; Driver: C:\DOCUME~1\samsung\USTAWI~1\Temp\kflciaob.sys ---- System - GMER 2.2 ---- Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA9F5D44A] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA9F5D3F8] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xA9F5D40C] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xA9F5D3D0] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xA9F5D3E4] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA9F5D45E] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xA9F5D436] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xA9F5D422] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA9F5D3BC] Code \??\C:\Program Files\Tencent\QQPCMgr\11.1.16923.222\TSKsp.sys (????-????/????) KeUserModeCallback Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess ---- Kernel code sections - GMER 2.2 ---- .text ntoskrnl.exe!KiDeliverApc + B8C 804DD98D 6 Bytes JMP F758E2EF TsFltMgr.sys (????-????/????) PAGE ntoskrnl.exe!KeUserModeCallback 8056F133 5 Bytes JMP AA036188 \??\C:\Program Files\Tencent\QQPCMgr\11.1.16923.222\TSKsp.sys (????-????/????) PAGE ntoskrnl.exe!NtCreateFile 80573E0B 5 Bytes JMP A9F5D44E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!NtSetInformationProcess 80574B2F 5 Bytes JMP A9F5D426 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwProtectVirtualMemory 8057F587 7 Bytes JMP A9F5D462 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!NtOpenProcess 8057F956 5 Bytes JMP A9F5D3D4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwCreateProcessEx 8058BA0C 7 Bytes JMP A9F5D410 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwTerminateProcess 8058E8D1 5 Bytes JMP A9F5D3C0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwCreateProcess 805B6DCD 5 Bytes JMP A9F5D3FC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!NtOpenThread 805E4867 5 Bytes JMP A9F5D3E8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwSetContextThread 80636401 5 Bytes JMP A9F5D43A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ? lxdj.sys Nie można odnaleźć określonego pliku. ! .text ntoskrnl.exe!KiDeliverApc + B8C 804DD98D 6 Bytes JMP F758E2EF TsFltMgr.sys (????-????/????) PAGE ntoskrnl.exe!KeUserModeCallback 8056F133 5 Bytes JMP AA036188 \??\C:\Program Files\Tencent\QQPCMgr\11.1.16923.222\TSKsp.sys (????-????/????) PAGE ntoskrnl.exe!NtCreateFile 80573E0B 5 Bytes JMP A9F5D44E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!NtSetInformationProcess 80574B2F 5 Bytes JMP A9F5D426 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!NtDuplicateObject + 3DE 8057F587 7 Bytes JMP A9F5D462 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!NtOpenProcess 8057F956 5 Bytes JMP A9F5D3D4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!SeQueryInformationToken + A0C 8058BA0C 7 Bytes JMP A9F5D410 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ExRundownCompleted + 2C3 8058E8D1 5 Bytes JMP A9F5D3C0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!KeQueryActiveProcessors + 81 805B6DCD 5 Bytes JMP A9F5D3FC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!NtOpenThread 805E4867 5 Bytes JMP A9F5D3E8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!PsSetContextThread + 1B4 80636401 5 Bytes JMP A9F5D43A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ---- User code sections - GMER 2.2 ---- .text C:\WINDOWS\system32\wuauclt.exe[144] kernel32.dll!ExitProcess 7C81BFA2 5 Bytes JMP 10008423 C:\Documents and Settings\All Users\Dane aplikacji\Tencent\TSVulFw\TSVulFW.DAT (????-TSVulFW/Tencent) .text C:\WINDOWS\system32\wuauclt.exe[144] USER32.dll!ShowWindow 7E37AF56 5 Bytes JMP 1001593B C:\Documents and Settings\All Users\Dane aplikacji\Tencent\TSVulFw\TSVulFW.DAT (????-TSVulFW/Tencent) .text C:\Program Files\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 68, 94, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 6B, 94, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 68, 94, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 69, 94, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B916A82 .text C:\Program Files\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 6A, 94, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 69, 94, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 6A, 94, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B916AF3 .text C:\Program Files\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 68, 94, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B916C21 .text C:\Program Files\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 69, 94, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 6A, 94, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 6B, 94, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[612] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[652] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.) .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[652] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.) .text C:\Program Files\Tencent\QQPCMgr\11.1.16923.222\QQPCRTP.exe[1052] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01163610 C:\Program Files\Tencent\QQPCMgr\11.1.16923.222\ptrate.dll (QQ????????/Tencent) .text C:\Program Files\Tencent\QQPCMgr\11.1.16923.222\QQPCRTP.exe[1052] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 01163660 C:\Program Files\Tencent\QQPCMgr\11.1.16923.222\ptrate.dll (QQ????????/Tencent) .text C:\Program Files\Tencent\QQPCMgr\11.1.16923.222\QQPCRTP.exe[1052] ntdll.dll!LdrShutdownThread 7C91388E 7 Bytes JMP 20003F36 C:\Program Files\Tencent\QQPCMgr\11.1.16923.222\QMCommon.dll (????-???/Tencent) .text C:\Program Files\Tencent\QQPCMgr\11.1.16923.222\QQPCRTP.exe[1052] ntdll.dll!LdrShutdownProcess 7C9225C8 7 Bytes JMP 20003EBE C:\Program Files\Tencent\QQPCMgr\11.1.16923.222\QMCommon.dll (????-???/Tencent) .text C:\Program Files\Tencent\QQPCMgr\11.1.16923.222\QQPCRTP.exe[1052] ntdll.dll!RtlPcToFileHeader 7C93463B 7 Bytes JMP 20003E29 C:\Program Files\Tencent\QQPCMgr\11.1.16923.222\QMCommon.dll (????-???/Tencent) .text C:\Program Files\Tencent\QQPCMgr\11.1.16923.222\QQPCRTP.exe[1052] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 20003D3F C:\Program Files\Tencent\QQPCMgr\11.1.16923.222\QMCommon.dll (????-???/Tencent) .text C:\Program Files\Tencent\QQPCMgr\11.1.16923.222\QQPCRTP.exe[1052] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\Tencent\QQPCMgr\11.1.16923.222\QQPCRTP.exe[1052] WS2_32.dll!gethostbyname 71A55355 5 Bytes JMP 06E41257 C:\Program Files\Tencent\QQPCMgr\11.1.16923.222\QMDns.dll (????-DNS????/Tencent) .text C:\Program Files\Tencent\QQPCMgr\11.1.16923.222\QQPCRTP.exe[1052] ole32.dll!CoUninitialize 774F1364 5 Bytes JMP 20003E66 C:\Program Files\Tencent\QQPCMgr\11.1.16923.222\QMCommon.dll (????-???/Tencent) .text C:\Program Files\Google\Chrome\Application\chrome.exe[2296] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 48, 6C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2296] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2296] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 4B, 6C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2296] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2296] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 48, 6C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2296] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2296] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 49, 6C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2296] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2296] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B914262 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2296] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2296] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 4A, 6C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2296] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2296] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 49, 6C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2296] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2296] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 4A, 6C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2296] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2296] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9142D3 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2296] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2296] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 48, 6C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2296] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2296] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B914401 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2296] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2296] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 49, 6C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2296] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2296] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 4A, 6C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2296] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2296] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 4B, 6C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2296] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\WINDOWS\Explorer.EXE[2600] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 01E2420E C:\Program Files\Tencent\QQPCMgr\11.1.16923.222\QMBrowserSafe.dll (????-?????????/Tencent) .text C:\WINDOWS\Explorer.EXE[2600] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 01CEB87B C:\Program Files\Tencent\QQPCMgr\11.1.16923.222\QMIEsafeDll.dll (????-IE?????????/Tencent) .text C:\WINDOWS\Explorer.EXE[2600] ntdll.dll!NtQueryValueKey 7C90D96E 5 Bytes JMP 01CEB1E4 C:\Program Files\Tencent\QQPCMgr\11.1.16923.222\QMIEsafeDll.dll (????-IE?????????/Tencent) .text C:\WINDOWS\Explorer.EXE[2600] ntdll.dll!RtlCreateProcessParameters 7C92188B 7 Bytes JMP 01CE6C0F C:\Program Files\Tencent\QQPCMgr\11.1.16923.222\QMIEsafeDll.dll (????-IE?????????/Tencent) .text C:\WINDOWS\Explorer.EXE[2600] kernel32.dll!ExitProcess 7C81BFA2 5 Bytes JMP 01C38423 C:\Documents and Settings\All Users\Dane aplikacji\Tencent\TSVulFw\TSVulFW.DAT (????-TSVulFW/Tencent) .text C:\WINDOWS\Explorer.EXE[2600] USER32.dll!ShowWindow 7E37AF56 5 Bytes JMP 01C38BF0 C:\Documents and Settings\All Users\Dane aplikacji\Tencent\TSVulFw\TSVulFW.DAT (????-TSVulFW/Tencent) .text C:\WINDOWS\Explorer.EXE[2600] SHELL32.dll!StrStrW 7C9C85D8 4 Bytes [C5, 67, CE, 01] .text C:\WINDOWS\Explorer.EXE[2600] SHELL32.dll!StrStrW 7C9CFA5C 4 Bytes [EC, 64, CE, 01] .text C:\WINDOWS\Explorer.EXE[2600] SHELL32.dll!SHGetSpecialFolderPathW 7C9EB218 5 Bytes JMP 01CE6984 C:\Program Files\Tencent\QQPCMgr\11.1.16923.222\QMIEsafeDll.dll (????-IE?????????/Tencent) .text C:\WINDOWS\Explorer.EXE[2600] SHELL32.dll!ShellExecuteExW 7CA0995B 5 Bytes JMP 01CE6A2A C:\Program Files\Tencent\QQPCMgr\11.1.16923.222\QMIEsafeDll.dll (????-IE?????????/Tencent) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 38, B5, 00] {SUB [EAX], BH; MOV CH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 3B, B5, 00] {SUB [EBX], BH; MOV CH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 38, B5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 39, B5, 00] {TEST AL, 0x39; MOV CH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B918B52 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 3A, B5, 00] {TEST AL, 0x3a; MOV CH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 39, B5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 3A, B5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B918BC3 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 38, B5, 00] {TEST AL, 0x38; MOV CH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B918CF1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 39, B5, 00] {SUB [ECX], BH; MOV CH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 3A, B5, 00] {SUB [EDX], BH; MOV CH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 3B, B5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4612] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [18, F0, C3, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 24, A3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 27, A3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 24, A3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 25, A3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91793E .text C:\Program Files\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 26, A3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 25, A3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 26, A3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9179AF .text C:\Program Files\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 24, A3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B917ADD .text C:\Program Files\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 25, A3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 26, A3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 27, A3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] ---- Kernel IAT/EAT - GMER 2.2 ---- IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!KeAddSystemServiceTable] [F758DC40] TsFltMgr.sys (????-????/????) ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files\Google\Chrome\Application\chrome.exe[612] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00AB0010 IAT C:\Program Files\Tencent\QQPCMgr\11.1.16923.222\QQPCRTP.exe[1052] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [10005360] C:\Program Files\Tencent\QQPCMgr\11.1.16923.222\RefuseInject.dll (????-refuseinject/Tencent) IAT C:\Program Files\Google\Chrome\Application\chrome.exe[2296] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00830010 IAT C:\WINDOWS\Explorer.EXE[2600] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [01CE6AC3] C:\Program Files\Tencent\QQPCMgr\11.1.16923.222\QMIEsafeDll.dll (????-IE?????????/Tencent) IAT C:\WINDOWS\Explorer.EXE[2600] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [01E23AB6] C:\Program Files\Tencent\QQPCMgr\11.1.16923.222\QMBrowserSafe.dll (????-?????????/Tencent) IAT C:\Program Files\Google\Chrome\Application\chrome.exe[4612] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00CB0010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[5096] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00BA0010 ---- Devices - GMER 2.2 ---- AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Ip TAOKernelXP.sys (TAOKernel/Tencent Technology(Shenzhen) Company Limited) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp TAOKernelXP.sys (TAOKernel/Tencent Technology(Shenzhen) Company Limited) AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Udp TAOKernelXP.sys (TAOKernel/Tencent Technology(Shenzhen) Company Limited) AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp TAOKernelXP.sys (TAOKernel/Tencent Technology(Shenzhen) Company Limited) ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----