GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-04-22 01:10:34 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST1000DM003-1CH162 rev.CC49 931,51GB Running: 0chikgpr.exe; Driver: C:\Users\UKASZ~1\AppData\Local\Temp\kwdiapow.sys ---- User code sections - GMER 2.2 ---- .text C:\Users\Łukasz\AppData\Local\clean\Kyubey.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f51465 2 bytes [F5, 76] .text C:\Users\Łukasz\AppData\Local\clean\Kyubey.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f514bb 2 bytes [F5, 76] .text ... * 2 .text C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f51465 2 bytes [F5, 76] .text C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f514bb 2 bytes [F5, 76] .text ... * 2 .text C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe[4804] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f51465 2 bytes [F5, 76] .text C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe[4804] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f514bb 2 bytes [F5, 76] .text ... * 2 ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\Explorer.EXE[USER32.dll!MoveWindow] [7fef8301a60] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\Explorer.EXE[USER32.dll!DeferWindowPos] [7fef8301da0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\Explorer.EXE[USER32.dll!EndPaint] [7fef8301f40] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\Explorer.EXE[USER32.dll!SetWindowPos] [7fef8301bf0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\SHELL32.dll[USER32.dll!MoveWindow] [7fef8301a60] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\SHELL32.dll[USER32.dll!SetWindowPos] [7fef8301bf0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\SHELL32.dll[USER32.dll!DeferWindowPos] [7fef8301da0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\SHELL32.dll[USER32.dll!EndPaint] [7fef8301f40] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\ole32.dll[USER32.dll!MoveWindow] [7fef8301a60] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\EXPLORERFRAME.dll[USER32.dll!EndPaint] [7fef8301f40] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\EXPLORERFRAME.dll[USER32.dll!MoveWindow] [7fef8301a60] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\EXPLORERFRAME.dll[USER32.dll!SetWindowPos] [7fef8301bf0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\DUser.dll[USER32.dll!EndPaint] [7fef8301f40] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\DUI70.dll[USER32.dll!SetWindowPos] [7fef8301bf0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\IMM32.dll[USER32.dll!EndPaint] [7fef8301f40] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\IMM32.dll[USER32.dll!SetWindowPos] [7fef8301bf0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\MSCTF.dll[USER32.dll!MoveWindow] [7fef8301a60] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\MSCTF.dll[USER32.dll!EndPaint] [7fef8301f40] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\MSCTF.dll[USER32.dll!SetWindowPos] [7fef8301bf0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\UxTheme.dll[USER32.dll!SetWindowPos] [7fef8301bf0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!MoveWindow] [7fef8301a60] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!SetWindowPos] [7fef8301bf0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll[USER32.dll!DeferWindowPos] [7fef8301da0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll[USER32.dll!SetWindowPos] [7fef8301bf0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll[USER32.dll!MoveWindow] [7fef8301a60] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll[USER32.dll!EndPaint] [7fef8301f40] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\svchost.exe [672:3700] 0000000001570bcc Thread C:\Windows\system32\svchost.exe [672:3704] 0000000001570bcc Thread C:\Windows\system32\svchost.exe [672:3708] 0000000001570bcc Thread C:\Windows\system32\svchost.exe [672:3740] 0000000001567378 Thread C:\Windows\system32\svchost.exe [672:3744] 0000000001567378 Thread C:\Windows\SysWOW64\svchost.exe [4712:5032] 00000000003da721 Thread C:\Windows\SysWOW64\svchost.exe [4712:4352] 00000000003da721 Thread C:\Windows\SysWOW64\svchost.exe [4712:5040] 00000000003da721 Thread C:\Windows\SysWOW64\svchost.exe [4712:5044] 00000000003da721 Thread C:\Windows\SysWOW64\svchost.exe [4712:4952] 00000000003da721 Thread C:\Windows\SysWOW64\rundll32.exe [2888:5548] 000000000084a721 Thread C:\Windows\SysWOW64\rundll32.exe [2888:5188] 000000000084a721 Thread C:\Windows\SysWOW64\rundll32.exe [2888:5312] 000000000084a721 Thread C:\Windows\SysWOW64\rundll32.exe [2888:5344] 000000000084a721 Thread C:\Windows\SysWOW64\rundll32.exe [2888:5460] 000000000084a721 ---- EOF - GMER 2.2 ----