GMER 2.2.19882 - httpwww.gmer.net Rootkit scan 2016-03-21 191323 Windows 6.1.7601 Service Pack 1 x64 DeviceHarddisk0DR0 - DeviceIdeIdeDeviceP5T0L0-a WDC_WD3200AAKS-22B3A0 rev.01.03A01 298,09GB Running wx8m1oux.exe; Driver CUsersKKAppDataLocalTempuglcraoc.sys ---- User code sections - GMER 2.2 ---- .text CProgram Files (x86)TencentQQPCMgr11.3.17195.214QQPCRTP.exe[672] CWindowsSysWOW64ntdll.dll!KiUserCallbackDispatcher 000000007773010c 7 bytes JMP 0000000074bb3d40 .text CProgram Files (x86)TencentQQPCMgr11.3.17195.214QQPCRTP.exe[672] CWindowsSysWOW64ntdll.dll!RtlProcessFlsData 00000000777594d7 5 bytes JMP 0000000074da3e1a .text CProgram Files (x86)TencentQQPCMgr11.3.17195.214QQPCRTP.exe[672] CWindowsSysWOW64ntdll.dll!RtlPcToFileHeader 0000000077762fd0 7 bytes JMP 0000000074da3e54 .text CProgram Files (x86)TencentQQPCMgr11.3.17195.214QQPCRTP.exe[672] CWindowsSysWOW64ntdll.dll!LdrShutdownThread 00000000777768a5 7 bytes JMP 0000000074da3f61 .text CProgram Files (x86)TencentQQPCMgr11.3.17195.214QQPCRTP.exe[672] CWindowsSysWOW64ntdll.dll!RtlExitUserProcess 0000000077779dc6 5 bytes JMP 0000000074da3db9 .text CProgram Files (x86)TencentQQPCMgr11.3.17195.214QQPCRTP.exe[672] CWindowsSysWOW64ntdll.dll!LdrShutdownProcess 0000000077779e57 7 bytes JMP 0000000074da3ee9 .text CProgram Files (x86)TencentQQPCMgr11.3.17195.214QQPCRTP.exe[672] CWindowssyswow64kernel32.dll!LoadLibraryExW 0000000076fe4925 5 bytes JMP 0000000074da3d6a .text CProgram Files (x86)TencentQQPCMgr11.3.17195.214QQPCRTP.exe[672] CWindowssyswow64kernel32.dll!SetUnhandledExceptionFilter 0000000076fe8791 5 bytes [33, C0, C2, 04, 00] .text CProgram Files (x86)TencentQQPCMgr11.3.17195.214QQPCRTP.exe[672] CWindowssyswow64WS2_32.dll!gethostbyname 0000000075947673 5 bytes JMP 0000000072641257 .text CProgram Files (x86)TencentQQPCMgr11.3.17195.214QQPCRTP.exe[672] CWindowssyswow64PSAPI.DLL!GetModuleFileNameExW + 17 0000000076e31401 2 bytes JMP 7700b233 CWindowssyswow64kernel32.dll .text CProgram Files (x86)TencentQQPCMgr11.3.17195.214QQPCRTP.exe[672] CWindowssyswow64PSAPI.DLL!EnumProcessModules + 17 0000000076e31419 2 bytes JMP 7700b35e CWindowssyswow64kernel32.dll .text CProgram Files (x86)TencentQQPCMgr11.3.17195.214QQPCRTP.exe[672] CWindowssyswow64PSAPI.DLL!GetModuleInformation + 17 0000000076e31431 2 bytes JMP 77089011 CWindowssyswow64kernel32.dll .text CProgram Files (x86)TencentQQPCMgr11.3.17195.214QQPCRTP.exe[672] CWindowssyswow64PSAPI.DLL!GetModuleInformation + 42 0000000076e3144a 2 bytes CALL 76fe48ad CWindowssyswow64kernel32.dll .text ... 9 .text CProgram Files (x86)TencentQQPCMgr11.3.17195.214QQPCRTP.exe[672] CWindowssyswow64PSAPI.DLL!EnumDeviceDrivers + 17 0000000076e314dd 2 bytes JMP 7708890a CWindowssyswow64kernel32.dll .text CProgram Files (x86)TencentQQPCMgr11.3.17195.214QQPCRTP.exe[672] CWindowssyswow64PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076e314f5 2 bytes JMP 77088ae0 CWindowssyswow64kernel32.dll .text CProgram Files (x86)TencentQQPCMgr11.3.17195.214QQPCRTP.exe[672] CWindowssyswow64PSAPI.DLL!QueryWorkingSetEx + 17 0000000076e3150d 2 bytes JMP 77088800 CWindowssyswow64kernel32.dll .text CProgram Files (x86)TencentQQPCMgr11.3.17195.214QQPCRTP.exe[672] CWindowssyswow64PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076e31525 2 bytes JMP 77088bca CWindowssyswow64kernel32.dll .text CProgram Files (x86)TencentQQPCMgr11.3.17195.214QQPCRTP.exe[672] CWindowssyswow64PSAPI.DLL!GetModuleBaseNameW + 17 0000000076e3153d 2 bytes JMP 76fffcc0 CWindowssyswow64kernel32.dll .text CProgram Files (x86)TencentQQPCMgr11.3.17195.214QQPCRTP.exe[672] CWindowssyswow64PSAPI.DLL!EnumProcesses + 17 0000000076e31555 2 bytes JMP 77006907 CWindowssyswow64kernel32.dll .text CProgram Files (x86)TencentQQPCMgr11.3.17195.214QQPCRTP.exe[672] CWindowssyswow64PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076e3156d 2 bytes JMP 770890c9 CWindowssyswow64kernel32.dll .text CProgram Files (x86)TencentQQPCMgr11.3.17195.214QQPCRTP.exe[672] CWindowssyswow64PSAPI.DLL!GetPerformanceInfo + 17 0000000076e31585 2 bytes JMP 77088c2a CWindowssyswow64kernel32.dll .text CProgram Files (x86)TencentQQPCMgr11.3.17195.214QQPCRTP.exe[672] CWindowssyswow64PSAPI.DLL!QueryWorkingSet + 17 0000000076e3159d 2 bytes JMP 770887c4 CWindowssyswow64kernel32.dll .text CProgram Files (x86)TencentQQPCMgr11.3.17195.214QQPCRTP.exe[672] CWindowssyswow64PSAPI.DLL!GetModuleBaseNameA + 17 0000000076e315b5 2 bytes JMP 76fffd59 CWindowssyswow64kernel32.dll .text CProgram Files (x86)TencentQQPCMgr11.3.17195.214QQPCRTP.exe[672] CWindowssyswow64PSAPI.DLL!GetModuleFileNameExA + 17 0000000076e315cd 2 bytes JMP 7700b2f4 CWindowssyswow64kernel32.dll .text CProgram Files (x86)TencentQQPCMgr11.3.17195.214QQPCRTP.exe[672] CWindowssyswow64PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076e316b2 2 bytes JMP 77088f8c CWindowssyswow64kernel32.dll .text CProgram Files (x86)TencentQQPCMgr11.3.17195.214QQPCRTP.exe[672] CWindowssyswow64PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076e316bd 2 bytes JMP 77088759 CWindowssyswow64kernel32.dll .text CProgram Files (x86)TencentQQPCMgr11.3.17195.214QQPCRTP.exe[672] CWindowssyswow64ole32.dll!CoUninitialize 00000000754d8693 5 bytes JMP 0000000074da3e91 .text CWindowsExplorer.EXE[1356] CWindowsSYSTEM32ntdll.dll!RtlCreateProcessParametersEx 0000000077576060 15 bytes JMP 000000006fff0158 .text CWindowsExplorer.EXE[1356] CWindowsSYSTEM32ntdll.dll!NtQueryValueKey 000000007758d520 1 byte JMP 000000006fff01b0 .text CWindowsExplorer.EXE[1356] CWindowsSYSTEM32ntdll.dll!NtQueryValueKey + 2 000000007758d522 6 bytes {JMP 0xfffffffff8a62c90} ---- EOF - GMER 2.2 ----