GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-12-09 01:27:59 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596,17GB Running: qud7ieji.exe; Driver: C:\Users\Radek\AppData\Local\Temp\pgddqpoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\wininit.exe[728] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077acef8d 1 byte [62] .text C:\Windows\system32\services.exe[792] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077acef8d 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077acef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[136] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077acef8d 1 byte [62] .text C:\Windows\System32\svchost.exe[424] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077acef8d 1 byte [62] .text C:\Windows\system32\winlogon.exe[640] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077acef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[940] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077acef8d 1 byte [62] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1332] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007786a2fd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1380] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077acef8d 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[1392] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077acef8d 1 byte [62] .text C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[1456] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007786a2fd 1 byte [62] .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1496] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007786a2fd 1 byte [62] .text C:\Windows\Explorer.EXE[1736] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077acef8d 1 byte [62] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1824] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007786a2fd 1 byte [62] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1920] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007786a2fd 1 byte [62] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1940] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007786a2fd 1 byte [62] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1948] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007786a2fd 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1212] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077acef8d 1 byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1244] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077acef8d 1 byte [62] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2136] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007786a2fd 1 byte [62] .text C:\Windows\AsScrPro.exe[2244] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007786a2fd 1 byte [62] .text C:\Windows\AsScrPro.exe[2244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b21465 2 bytes [B2, 76] .text C:\Windows\AsScrPro.exe[2244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b214bb 2 bytes [B2, 76] .text ... * 2 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2352] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077acef8d 1 byte [62] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2452] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077acef8d 1 byte [62] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2468] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077acef8d 1 byte [62] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2700] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007786a2fd 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2972] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077acef8d 1 byte [62] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4640] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007786a2fd 1 byte [62] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4844] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007786a2fd 1 byte [62] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4908] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007786a2fd 1 byte [62] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4944] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007786a2fd 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5068] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007786a2fd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4152] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000077848791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4152] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007786a2fd 1 byte [62] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4200] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007786a2fd 1 byte [62] .text C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe[4172] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007786a2fd 1 byte [62] .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4240] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007786a2fd 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1340] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007786a2fd 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b21465 2 bytes [B2, 76] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b214bb 2 bytes [B2, 76] .text ... * 2 .text C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3800] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007786a2fd 1 byte [62] .text C:\Users\Radek\Desktop\qud7ieji.exe[4260] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007786a2fd 1 byte [62] ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1636:3816] 000007fefbb32a7c ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f682041dc Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f682041dc@78595ee65f26 0x20 0x83 0xAF 0x56 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x27 0x78 0x54 0xDD ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f682041dc (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f682041dc@78595ee65f26 0x20 0x83 0xAF 0x56 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x27 0x78 0x54 0xDD ... ---- EOF - GMER 2.1 ----