GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-08-16 22:01:15 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Maxtor_6Y080L0 rev.YAR41BW0 76,34GB Running: oqu1du3c.exe; Driver: C:\Users\Bla\AppData\Local\Temp\uxrirpow.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[2748] C:\Windows\syswow64\kernel32.dll!CreateThread + 28 00000000761e34b1 4 bytes {CALL 0xffffffff8b33e524} .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c31401 2 bytes JMP 7620b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[2748] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c31419 2 bytes JMP 7620b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c31431 2 bytes JMP 762890f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c3144a 2 bytes CALL 761e48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[2748] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c314dd 2 bytes JMP 762889ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c314f5 2 bytes JMP 76288bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[2748] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c3150d 2 bytes JMP 762888e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c31525 2 bytes JMP 76288caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c3153d 2 bytes JMP 761ffce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[2748] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c31555 2 bytes JMP 76206937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c3156d 2 bytes JMP 762891a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c31585 2 bytes JMP 76288d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[2748] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c3159d 2 bytes JMP 762888a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c315b5 2 bytes JMP 761ffd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c315cd 2 bytes JMP 7620b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c316b2 2 bytes JMP 7628906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c316bd 2 bytes JMP 76288839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe[2720] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075c31401 2 bytes JMP 7620b263 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe[2720] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075c31419 2 bytes JMP 7620b38e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe[2720] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075c31431 2 bytes JMP 762890f1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe[2720] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000075c3144a 2 bytes CALL 761e48ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe[2720] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000075c314dd 2 bytes JMP 762889ea C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe[2720] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000075c314f5 2 bytes JMP 76288bc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe[2720] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000075c3150d 2 bytes JMP 762888e0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe[2720] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075c31525 2 bytes JMP 76288caa C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe[2720] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000075c3153d 2 bytes JMP 761ffce8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe[2720] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075c31555 2 bytes JMP 76206937 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe[2720] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000075c3156d 2 bytes JMP 762891a9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe[2720] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075c31585 2 bytes JMP 76288d0a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe[2720] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000075c3159d 2 bytes JMP 762888a4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe[2720] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000075c315b5 2 bytes JMP 761ffd81 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe[2720] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000075c315cd 2 bytes JMP 7620b324 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe[2720] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000075c316b2 2 bytes JMP 7628906c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe[2720] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000075c316bd 2 bytes JMP 76288839 C:\Windows\syswow64\KERNEL32.dll ---- Files - GMER 2.2 ---- File C:\Users\Bla\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6YIDK7PO\wbkDAD5.tmp 6877 bytes ---- EOF - GMER 2.2 ----