GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-05-27 20:03:54 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545050B9A300 rev.PB4OC64G 465,76GB Running: bvnr45hz.exe; Driver: C:\Users\BETONO~1\AppData\Local\Temp\pgddqpoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Internet Explorer\iexplore.exe[3320] C:\Windows\system32\OLEAUT32.dll!OleCreatePropertyFrameIndirect 000007ff768e0640 9 bytes JMP 000007ff7a1f0148 .text C:\Program Files\Internet Explorer\iexplore.exe[3320] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7\comctl32.dll!PropertySheetW 000007ff7a245c04 4 bytes JMP 000008007a1f00d8 .text C:\Program Files\Internet Explorer\iexplore.exe[3320] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7\comctl32.dll!PropertySheetW + 5 000007ff7a245c09 2 bytes [CC, CC] .text C:\Program Files\Internet Explorer\iexplore.exe[3320] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7\comctl32.dll!PropertySheet 000007ff7a245c14 9 bytes JMP 000008007a1f0110 .text C:\Program Files\Internet Explorer\iexplore.exe[3320] C:\Windows\system32\comdlg32.dll!PageSetupDlgW 000007ff75562540 9 bytes JMP 000007ff7a1f0180 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\ole32.dll!CoCreateInstance 000007ff7a6287b0 11 bytes JMP 000008007a1f01b8 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\ole32.dll!OleLoadFromStream 000007ff7a747710 5 bytes JMP 000008007a1f0228 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\OLEAUT32.dll!VariantClear 000007ff76881180 5 bytes JMP 000007ff7a1f0308 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\OLEAUT32.dll!SysFreeString 000007ff76881320 7 bytes JMP 000007ff7a1f0298 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\OLEAUT32.dll!SysAllocStringByteLen 000007ff76884260 6 bytes JMP 000007ff7a1f0260 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\OLEAUT32.dll!VariantChangeType 000007ff76886960 10 bytes JMP 000007ff7a1f02d0 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\OLEAUT32.dll!OleCreatePropertyFrameIndirect 000007ff768e0640 9 bytes JMP 000007ff7a1f0148 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7\comctl32.dll!PropertySheetW 000007ff7a245c04 4 bytes JMP 000008007a1f00d8 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7\comctl32.dll!PropertySheetW + 5 000007ff7a245c09 2 bytes [CC, CC] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7\comctl32.dll!PropertySheet 000007ff7a245c14 9 bytes JMP 000008007a1f0110 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\comdlg32.dll!PrintDlgW 000007ff75561d80 9 bytes JMP 000007ff7a1f01f0 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\comdlg32.dll!PageSetupDlgW 000007ff75562540 9 bytes JMP 000007ff7a1f0180 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e839df35635c Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e839df35635c@a8f274a4c174 0x2A 0x16 0x8A 0xDC ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e839df35635c@ec9b5b05d41a 0x35 0xB5 0x7D 0x6F ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e839df35635c@0021bacf8cf0 0x3A 0x29 0x5F 0x4C ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e839df35635c@0007abeb8544 0xEA 0x03 0xC2 0x22 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e839df35635c@b8c68ea2f2c3 0xA8 0x2A 0xBE 0x60 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e839df35635c@f4f5a5084412 0x73 0xDF 0xD0 0x04 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e839df35635c@8cc8cd83e2a5 0xCF 0x93 0x70 0xBA ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e839df35635c@183f47138a12 0x27 0x2C 0xB0 0x2D ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e839df35635c@102f6b31911b 0x4E 0xC4 0x51 0xF6 ... Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 51284 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 19140 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Program Files (x86)\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD1 0x0C 0x04 0xCB ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x99 0x1C 0x0B 0x41 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC2 0x27 0x4B 0x18 ... Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{1964F4F4-F83B-4CA4-8295-D5EE81B0C32E}@LeaseObtainedTime 1432744480 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{1964F4F4-F83B-4CA4-8295-D5EE81B0C32E}@T1 1432787680 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{1964F4F4-F83B-4CA4-8295-D5EE81B0C32E}@T2 1432820080 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{1964F4F4-F83B-4CA4-8295-D5EE81B0C32E}@LeaseTerminatesTime 1432830880 Reg HKLM\SYSTEM\CurrentControlSet\services\{1964F4F4-F83B-4CA4-8295-D5EE81B0C32E}\Parameters\Tcpip@LeaseObtainedTime 1432744480 Reg HKLM\SYSTEM\CurrentControlSet\services\{1964F4F4-F83B-4CA4-8295-D5EE81B0C32E}\Parameters\Tcpip@T1 1432787680 Reg HKLM\SYSTEM\CurrentControlSet\services\{1964F4F4-F83B-4CA4-8295-D5EE81B0C32E}\Parameters\Tcpip@T2 1432820080 Reg HKLM\SYSTEM\CurrentControlSet\services\{1964F4F4-F83B-4CA4-8295-D5EE81B0C32E}\Parameters\Tcpip@LeaseTerminatesTime 1432830880 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e839df35635c (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e839df35635c@a8f274a4c174 0x2A 0x16 0x8A 0xDC ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e839df35635c@ec9b5b05d41a 0x35 0xB5 0x7D 0x6F ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e839df35635c@0021bacf8cf0 0x3A 0x29 0x5F 0x4C ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e839df35635c@0007abeb8544 0xEA 0x03 0xC2 0x22 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e839df35635c@b8c68ea2f2c3 0xA8 0x2A 0xBE 0x60 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e839df35635c@f4f5a5084412 0x73 0xDF 0xD0 0x04 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e839df35635c@8cc8cd83e2a5 0xCF 0x93 0x70 0xBA ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e839df35635c@183f47138a12 0x27 0x2C 0xB0 0x2D ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e839df35635c@102f6b31911b 0x4E 0xC4 0x51 0xF6 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Program Files (x86)\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD1 0x0C 0x04 0xCB ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x99 0x1C 0x0B 0x41 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC2 0x27 0x4B 0x18 ... ---- EOF - GMER 2.1 ----