GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-10-12 12:35:45 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545050B9A300 rev.PB4OC64G 465,76GB Running: 29j01w4f.exe; Driver: C:\Users\BETONO~1\AppData\Local\Temp\pgddqpoc.sys ---- Threads - GMER 2.1 ---- Thread [1500:1880] 0000000079f2ec1f Thread [1500:1892] 0000000079f77e6b Thread [1500:2004] 0000000079f77e6b Thread [1500:1508] 000000007dec2e3e Thread [1500:2248] 0000000079f77e6b Thread [1500:2252] 0000000079ec24cb Thread [1500:2256] 0000000079f77e6b Thread [1500:2276] 0000000079f77e6b Thread [1500:2280] 0000000079eb60b7 Thread [1500:2300] 0000000079f77e6b Thread [1500:2328] 0000000079f77e6b Thread [1500:2348] 000000007a1620ec Thread [1500:2868] 000000007dec3e59 Thread [1500:3708] 000000007dec3e59 Thread [1500:4752] 000000007dec3e59 Thread C:\Windows\System32\svchost.exe [3780:2984] 000007ff31919688 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e839df35635c Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e839df35635c@a8f274a4c174 0x2A 0x16 0x8A 0xDC ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e839df35635c@ec9b5b05d41a 0x35 0xB5 0x7D 0x6F ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e839df35635c@0021bacf8cf0 0x3A 0x29 0x5F 0x4C ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e839df35635c@0007abeb8544 0xEA 0x03 0xC2 0x22 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e839df35635c@b8c68ea2f2c3 0xA8 0x2A 0xBE 0x60 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e839df35635c@f4f5a5084412 0x73 0xDF 0xD0 0x04 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e839df35635c@8cc8cd83e2a5 0xCF 0x93 0x70 0xBA ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e839df35635c@183f47138a12 0x27 0x2C 0xB0 0x2D ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e839df35635c@102f6b31911b 0x4E 0xC4 0x51 0xF6 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e839df35635c@206274d0bb65 0xC1 0x50 0xB9 0x2D ... Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 53054 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 19949 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Program Files (x86)\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD1 0x0C 0x04 0xCB ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x99 0x1C 0x0B 0x41 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC2 0x27 0x4B 0x18 ... Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{1964F4F4-F83B-4CA4-8295-D5EE81B0C32E}@LeaseObtainedTime 1444642445 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{1964F4F4-F83B-4CA4-8295-D5EE81B0C32E}@T1 1444685645 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{1964F4F4-F83B-4CA4-8295-D5EE81B0C32E}@T2 1444718045 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{1964F4F4-F83B-4CA4-8295-D5EE81B0C32E}@LeaseTerminatesTime 1444728845 Reg HKLM\SYSTEM\CurrentControlSet\services\{1964F4F4-F83B-4CA4-8295-D5EE81B0C32E}\Parameters\Tcpip@LeaseObtainedTime 1444642445 Reg HKLM\SYSTEM\CurrentControlSet\services\{1964F4F4-F83B-4CA4-8295-D5EE81B0C32E}\Parameters\Tcpip@T1 1444685645 Reg HKLM\SYSTEM\CurrentControlSet\services\{1964F4F4-F83B-4CA4-8295-D5EE81B0C32E}\Parameters\Tcpip@T2 1444718045 Reg HKLM\SYSTEM\CurrentControlSet\services\{1964F4F4-F83B-4CA4-8295-D5EE81B0C32E}\Parameters\Tcpip@LeaseTerminatesTime 1444728845 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e839df35635c (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e839df35635c@a8f274a4c174 0x2A 0x16 0x8A 0xDC ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e839df35635c@ec9b5b05d41a 0x35 0xB5 0x7D 0x6F ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e839df35635c@0021bacf8cf0 0x3A 0x29 0x5F 0x4C ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e839df35635c@0007abeb8544 0xEA 0x03 0xC2 0x22 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e839df35635c@b8c68ea2f2c3 0xA8 0x2A 0xBE 0x60 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e839df35635c@f4f5a5084412 0x73 0xDF 0xD0 0x04 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e839df35635c@8cc8cd83e2a5 0xCF 0x93 0x70 0xBA ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e839df35635c@183f47138a12 0x27 0x2C 0xB0 0x2D ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e839df35635c@102f6b31911b 0x4E 0xC4 0x51 0xF6 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e839df35635c@206274d0bb65 0xC1 0x50 0xB9 0x2D ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Program Files (x86)\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD1 0x0C 0x04 0xCB ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x99 0x1C 0x0B 0x41 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC2 0x27 0x4B 0x18 ... ---- EOF - GMER 2.1 ----