GMER 1.0.15.15077 [0xkew1f4.exe] - http://www.gmer.net
Rootkit scan 2009-08-22 21:30:38
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xEE1734EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xEE173581]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xEE173498]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xEE1734AC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xEE173595]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xEE1735C1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xEE17362F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xEE173619]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xEE17352A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xEE17365B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xEE17356D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xEE173470]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xEE173484]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xEE1734FE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xEE173697]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xEE173603]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xEE1735ED]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xEE1735AB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xEE173683]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xEE17366F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xEE1734D6]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xEE1734C2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xEE1735D7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xEE173559]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xEE173645]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xEE173540]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xEE173514]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwYieldExecution 8050223C 7 Bytes JMP EE173518 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 8056E2FC 5 Bytes JMP EE1734EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805A7500 7 Bytes JMP EE17352E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805A8316 5 Bytes JMP EE173544 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805ADA94 7 Bytes JMP EE173502 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805C1322 5 Bytes JMP EE173474 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805C15AE 5 Bytes JMP EE173488 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805C3DE0 5 Bytes JMP EE1734C6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C73F6 7 Bytes JMP EE1734B0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805C74AC 5 Bytes JMP EE17349C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805C79B6 5 Bytes JMP EE1734DA \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805C8CB6 5 Bytes JMP EE17355D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 80618568 7 Bytes JMP EE1735F1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 806188B6 7 Bytes JMP EE1735DB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80618BE0 7 Bytes JMP EE173649 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 8061947E 7 Bytes JMP EE173607 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 80619D52 7 Bytes JMP EE1735AF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 8061A330 5 Bytes JMP EE173585 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 8061A7C0 7 Bytes JMP EE173599 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 8061A990 7 Bytes JMP EE1735C5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 8061AB70 7 Bytes JMP EE173633 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 8061ADDA 7 Bytes JMP EE17361D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 8061B702 5 Bytes JMP EE173571 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryKey 8061BA28 7 Bytes JMP EE17369B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 8061BCE8 5 Bytes JMP EE173673 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8061C3DC 5 Bytes JMP EE173687 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 8061C4F6 5 Bytes JMP EE17365F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)