GMER 2.2.19882 - http://www.gmer.netRootkit scan 2016-03-22 02:07:51Windows

1. GMER 2.2.19882 - http://www.gmer.net
2. Rootkit scan 2016-03-22 02:07:51
3. Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-4 WDC_WD10EZRX-00L4HB0 rev.01.01A01 931,51GB
4. Running: gqjc904z.exe; Driver: C:\Users\LAMBER~1\AppData\Local\Temp\ufroiaoc.sys
5.  
6.  
7. ---- User code sections - GMER 2.2 ----
8.  
9. .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe[1820] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 0000000076fcfa98 5 bytes JMP 00000000727828e0
10. .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe[1820] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076fd0028 5 bytes JMP 00000000727828a0
11. .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe[1820] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize + 779 000000007525b9f8 4 bytes [C0, 3C, 78, 72]
12. .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe[1820] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075371465 2 bytes [37, 75]
13. .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe[1820] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753714bb 2 bytes [37, 75]
14. .text ... * 2
15. .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avpui.exe[2968] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize + 779 000000007525b9f8 4 bytes [C0, 3C, 78, 72]
16. .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avpui.exe[2968] C:\Windows\syswow64\USER32.dll!CallNextHookEx + 196 0000000075266349 5 bytes JMP 0000000072784ae0
17. .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avpui.exe[2968] C:\Windows\syswow64\USER32.dll!RemovePropA + 92 00000000752682e0 5 bytes JMP 0000000072784a60
18. .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avpui.exe[2968] C:\Windows\syswow64\USER32.dll!GetRawInputDeviceInfoW + 16 000000007529c1b9 5 bytes JMP 0000000072784790
19. .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avpui.exe[2968] C:\Windows\syswow64\USER32.dll!GetRawInputDeviceInfoW + 167 000000007529c250 5 bytes JMP 00000000727849d0
20. .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avpui.exe[2968] C:\Windows\syswow64\USER32.dll!GetRawInputDeviceInfoA + 231 00000000752b69f2 5 bytes JMP 0000000072784700
21. .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avpui.exe[2968] C:\Windows\syswow64\USER32.dll!GetRawInputDeviceInfoA + 382 00000000752b6a89 5 bytes JMP 0000000072784940
22. .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avpui.exe[2968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075371465 2 bytes [37, 75]
23. .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avpui.exe[2968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753714bb 2 bytes [37, 75]
24. .text ... * 2
25. .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074f21bb2 5 bytes JMP 0000000000ff36f6
26.  
27. ---- Kernel IAT/EAT - GMER 2.2 ----
28.  
29. IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff8800351bad8] \SystemRoot\system32\DRIVERS\klif.sys [PAGE]
30.  
31. ---- Disk sectors - GMER 2.2 ----
32.  
33. Disk \Device\Harddisk0\DR0 unknown MBR code
34.  
35. ---- EOF - GMER 2.2 ----