GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-06-28 13:17:08 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000031 ST500LM000-SSHD-8GB rev.LVD3 465,76GB Running: n4n53bub.exe; Driver: C:\Users\Morgana\AppData\Local\Temp\fxlyrpog.sys ---- Devices - GMER 2.1 ---- Device \Driver\iaStorA \Device\RaidPort0 ffffe000186142c0 Device \Driver\iaStorA \Device\00000031 ffffe000186142c0 Device \Driver\USBSTOR \Device\0000005c ffffe0001b4002c0 Device \Driver\USBSTOR \Device\0000005d ffffe0001b4002c0 Device \Driver\iaStorA \Device\ScsiPort0 ffffe000186142c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xffffe000186142c0]<< sptd.sys storport.sys hal.dll iaStorA.sys ffffe000186142c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe00018799060] ffffe00018799060 Trace 3 CLASSPNP.SYS[fffff800bc0cc170] -> nt!IofCallDriver -> [0xffffe00016f69400] ffffe00016f69400 Trace 5 ACPI.sys[fffff800bb06bc21] -> nt!IofCallDriver -> \Device\00000031[0xffffe00017c35060] ffffe00017c35060 Trace \Driver\iaStorA[0xffffe00017c42e60] -> IRP_MJ_CREATE -> 0xffffe000186142c0 ffffe000186142c0 ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [632:656] fffff960008b92d0 ---- Processes - GMER 2.1 ---- Process C:\Users\Morgana\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe (*** suspicious ***) @ C:\Users\Morgana\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [1564] (Microsoft® Volume Shadow Copy Service/Microsoft Corporation)(2015-06-23 09:21:04) 0000000000400000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----