GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-04-17 23:52:53 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3250820A rev.3.AAF 232,88GB Running: t239ydz7.exe; Driver: C:\Users\Tomek\AppData\Local\Temp\kwddykog.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe[2492] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000751c1401 2 bytes JMP 76b0b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe[2492] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000751c1419 2 bytes JMP 76b0b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe[2492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000751c1431 2 bytes JMP 76b88f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe[2492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000751c144a 2 bytes CALL 76ae4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe[2492] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751c14dd 2 bytes JMP 76b88802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe[2492] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751c14f5 2 bytes JMP 76b889d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe[2492] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000751c150d 2 bytes JMP 76b886f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe[2492] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000751c1525 2 bytes JMP 76b88ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe[2492] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000751c153d 2 bytes JMP 76affc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe[2492] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000751c1555 2 bytes JMP 76b068bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe[2492] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000751c156d 2 bytes JMP 76b88fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe[2492] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000751c1585 2 bytes JMP 76b88b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe[2492] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000751c159d 2 bytes JMP 76b886bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe[2492] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751c15b5 2 bytes JMP 76affd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe[2492] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751c15cd 2 bytes JMP 76b0b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe[2492] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751c16b2 2 bytes JMP 76b88e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe[2492] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751c16bd 2 bytes JMP 76b88651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3840] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074fa2ab1 5 bytes JMP 0000000101412ac0 .text C:\Users\Tomek\AppData\Local\Temp\wnqieun.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000751c1401 2 bytes JMP 76b0b1ef C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomek\AppData\Local\Temp\wnqieun.exe[1560] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000751c1419 2 bytes JMP 76b0b31a C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomek\AppData\Local\Temp\wnqieun.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000751c1431 2 bytes JMP 76b88f09 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomek\AppData\Local\Temp\wnqieun.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000751c144a 2 bytes CALL 76ae4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Tomek\AppData\Local\Temp\wnqieun.exe[1560] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751c14dd 2 bytes JMP 76b88802 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomek\AppData\Local\Temp\wnqieun.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751c14f5 2 bytes JMP 76b889d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomek\AppData\Local\Temp\wnqieun.exe[1560] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000751c150d 2 bytes JMP 76b886f8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomek\AppData\Local\Temp\wnqieun.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000751c1525 2 bytes JMP 76b88ac2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomek\AppData\Local\Temp\wnqieun.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000751c153d 2 bytes JMP 76affc78 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomek\AppData\Local\Temp\wnqieun.exe[1560] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000751c1555 2 bytes JMP 76b068bf C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomek\AppData\Local\Temp\wnqieun.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000751c156d 2 bytes JMP 76b88fc1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomek\AppData\Local\Temp\wnqieun.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000751c1585 2 bytes JMP 76b88b22 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomek\AppData\Local\Temp\wnqieun.exe[1560] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000751c159d 2 bytes JMP 76b886bc C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomek\AppData\Local\Temp\wnqieun.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751c15b5 2 bytes JMP 76affd11 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomek\AppData\Local\Temp\wnqieun.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751c15cd 2 bytes JMP 76b0b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomek\AppData\Local\Temp\wnqieun.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751c16b2 2 bytes JMP 76b88e84 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomek\AppData\Local\Temp\wnqieun.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751c16bd 2 bytes JMP 76b88651 C:\Windows\syswow64\kernel32.dll ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff880010d6e94] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff880010d6c38] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff880010d7654] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff880010d7a50] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010d78ac] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[2080] @ C:\Windows\Explorer.EXE[USER32.dll!MoveWindow] [7fef6d91ad0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2080] @ C:\Windows\Explorer.EXE[USER32.dll!DeferWindowPos] [7fef6d91e30] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2080] @ C:\Windows\Explorer.EXE[USER32.dll!EndPaint] [7fef6d91fe0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2080] @ C:\Windows\Explorer.EXE[USER32.dll!SetWindowPos] [7fef6d91c70] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2080] @ C:\Windows\system32\SHELL32.dll[USER32.dll!MoveWindow] [7fef6d91ad0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2080] @ C:\Windows\system32\SHELL32.dll[USER32.dll!SetWindowPos] [7fef6d91c70] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2080] @ C:\Windows\system32\SHELL32.dll[USER32.dll!DeferWindowPos] [7fef6d91e30] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2080] @ C:\Windows\system32\SHELL32.dll[USER32.dll!EndPaint] [7fef6d91fe0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2080] @ C:\Windows\system32\ole32.dll[USER32.dll!MoveWindow] [7fef6d91ad0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2080] @ C:\Windows\system32\EXPLORERFRAME.dll[USER32.dll!EndPaint] [7fef6d91fe0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2080] @ C:\Windows\system32\EXPLORERFRAME.dll[USER32.dll!MoveWindow] [7fef6d91ad0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2080] @ C:\Windows\system32\EXPLORERFRAME.dll[USER32.dll!SetWindowPos] [7fef6d91c70] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2080] @ C:\Windows\system32\DUser.dll[USER32.dll!EndPaint] [7fef6d91fe0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2080] @ C:\Windows\system32\DUI70.dll[USER32.dll!SetWindowPos] [7fef6d91c70] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2080] @ C:\Windows\system32\IMM32.dll[USER32.dll!EndPaint] [7fef6d91fe0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2080] @ C:\Windows\system32\IMM32.dll[USER32.dll!SetWindowPos] [7fef6d91c70] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2080] @ C:\Windows\system32\MSCTF.dll[USER32.dll!MoveWindow] [7fef6d91ad0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2080] @ C:\Windows\system32\MSCTF.dll[USER32.dll!EndPaint] [7fef6d91fe0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2080] @ C:\Windows\system32\MSCTF.dll[USER32.dll!SetWindowPos] [7fef6d91c70] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2080] @ C:\Windows\system32\UxTheme.dll[USER32.dll!SetWindowPos] [7fef6d91c70] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2080] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!MoveWindow] [7fef6d91ad0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2080] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!SetWindowPos] [7fef6d91c70] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2080] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll[USER32.dll!DeferWindowPos] [7fef6d91e30] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2080] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll[USER32.dll!SetWindowPos] [7fef6d91c70] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2080] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll[USER32.dll!MoveWindow] [7fef6d91ad0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2080] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll[USER32.dll!EndPaint] [7fef6d91fe0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2080] @ C:\Windows\system32\CLBCatQ.DLL[USER32.dll!SetWindowPos] [7fef6d91c70] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2080] @ C:\Windows\system32\msi.dll[USER32.dll!MoveWindow] [7fef6d91ad0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2080] @ C:\Windows\system32\msi.dll[USER32.dll!SetWindowPos] [7fef6d91c70] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2080] @ C:\Windows\System32\cscui.dll[USER32.dll!SetWindowPos] [7fef6d91c70] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2080] @ C:\Windows\system32\ntshrui.dll[USER32.dll!SetWindowPos] [7fef6d91c70] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2080] @ C:\Windows\system32\ntshrui.dll[USER32.dll!DeferWindowPos] [7fef6d91e30] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll ---- Devices - GMER 2.1 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 fffffa8006a9f2c0 Device \Driver\atapi \Device\Ide\IdePort4 fffffa8006a9f2c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa8006a9f2c0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-2 fffffa8006a9f2c0 Device \Driver\atapi \Device\Ide\IdePort5 fffffa8006a9f2c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa8006a9f2c0 Device \Driver\atapi \Device\Ide\IdePort2 fffffa8006a9f2c0 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3 fffffa8006a9f2c0 Device \Driver\atapi \Device\Ide\IdePort3 fffffa8006a9f2c0 Device \FileSystem\Ntfs \Ntfs fffffa8006aa52c0 Device \FileSystem\fastfat \Fat fffffa800822a2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{B5FDCFEA-175E-4A4E-BD0D-B640B34D5443} fffffa8007b422c0 Device \Driver\usbehci \Device\USBFDO-7 fffffa8007fc22c0 Device \Driver\USBSTOR \Device\00000078 fffffa80083162c0 Device \Driver\usbuhci \Device\USBPDO-5 fffffa8007f392c0 Device \Driver\usbehci \Device\USBFDO-3 fffffa8007fc22c0 Device \Driver\usbuhci \Device\USBPDO-1 fffffa8007f392c0 Device \Driver\cdrom \Device\CdRom0 fffffa8007b242c0 Device \Driver\USBSTOR \Device\00000080 fffffa80083162c0 Device \Driver\cdrom \Device\CdRom1 fffffa8007b242c0 Device \Driver\USBSTOR \Device\00000079 fffffa80083162c0 Device \Driver\usbuhci \Device\USBPDO-6 fffffa8007f392c0 Device \Driver\usbuhci \Device\USBFDO-4 fffffa8007f392c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{65DAB010-0F6B-4969-B283-04F1906F55B0} fffffa8007b422c0 Device \Driver\usbuhci \Device\USBFDO-0 fffffa8007f392c0 Device \Driver\usbuhci \Device\USBPDO-2 fffffa8007f392c0 Device \Driver\USBSTOR \Device\00000075 fffffa80083162c0 Device \Driver\USBSTOR \Device\00000081 fffffa80083162c0 Device \Driver\dtlitescsibus \Device\0000008c fffffa80081722c0 Device \Driver\usbehci \Device\USBPDO-7 fffffa8007fc22c0 Device \Driver\usbuhci \Device\USBFDO-5 fffffa8007f392c0 Device \Driver\USBSTOR \Device\00000076 fffffa80083162c0 Device \Driver\usbehci \Device\USBPDO-3 fffffa8007fc22c0 Device \Driver\usbuhci \Device\USBFDO-1 fffffa8007f392c0 Device \Driver\USBSTOR \Device\0000006d fffffa80083162c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8007b422c0 Device \Driver\usbuhci \Device\USBFDO-6 fffffa8007f392c0 Device \Driver\USBSTOR \Device\00000077 fffffa80083162c0 Device \Driver\usbuhci \Device\USBPDO-4 fffffa8007f392c0 Device \Driver\atapi \Device\ScsiPort0 fffffa8006a9f2c0 Device \Driver\usbuhci \Device\USBFDO-2 fffffa8007f392c0 Device \Driver\usbuhci \Device\USBPDO-0 fffffa8007f392c0 Device \Driver\atapi \Device\ScsiPort1 fffffa8006a9f2c0 Device \Driver\atapi \Device\ScsiPort2 fffffa8006a9f2c0 Device \Driver\atapi \Device\ScsiPort3 fffffa8006a9f2c0 Device \Driver\atapi \Device\ScsiPort4 fffffa8006a9f2c0 Device \Driver\atapi \Device\ScsiPort5 fffffa8006a9f2c0 Device \Driver\USBSTOR \Device\0000006e fffffa80083162c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8006a9f2c0]<< sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys fffffa8006a9f2c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80075a6060] fffffa80075a6060 Trace 3 CLASSPNP.SYS[fffff880015a243f] -> nt!IofCallDriver -> [0xfffffa8006b03920] fffffa8006b03920 Trace 5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8006b31060] fffffa8006b31060 Trace \Driver\atapi[0xfffffa80069ac5a0] -> IRP_MJ_CREATE -> 0xfffffa8006a9f2c0 fffffa8006a9f2c0 ---- Threads - GMER 2.1 ---- Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3376:912] 0000000076ab7587 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3376:1808] 000000006af68aa6 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3376:940] 00000000773713b5 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3376:3044] 00000000773827e5 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3376:4320] 00000000773827e5 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3376:4408] 00000000773827e5 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3248:3720] 000007fefa4a2bf8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3248:2424] 000007fef06ccf60 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3248:1416] 000007fef8455124 ---- Processes - GMER 2.1 ---- Process C:\ProgramData\MobileBrServ\tray.exe (*** suspicious ***) @ C:\ProgramData\MobileBrServ\tray.exe [3160](2015-03-17 15:50:19) 0000000000d60000 Process C:\ProgramData\{5967b0a1-0bde-d483-5967-7b0a10bdc284}\FIFA 14 Ultimate Edition Key Generator.exe (*** suspicious ***) @ C:\ProgramData\{5967b0a1-0bde-d483-5967-7b0a10bdc284}\FIFA 14 Ultimate Edition Key Generator.exe [636](2014-04-10 21:19:53) 0000000000250000 Process C:\Users\Tomek\AppData\Local\Temp\wnqieun.exe (*** suspicious ***) @ C:\Users\Tomek\AppData\Local\Temp\wnqieun.exe [1560](2015-04-16 21:36: 0000000000400000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001b10002aec Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001b10002aec (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ ---- EOF - GMER 2.1 ----