GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-24 11:36:28 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MQ01ABD050 rev.AX002J 465,76GB Running: xmqu4x79.exe; Driver: C:\Users\Tomek\AppData\Local\Temp\pgddqpoc.sys ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [1148:1616] 000007fef98f59a0 Thread C:\Windows\System32\svchost.exe [1148:1852] 000007fefc3f1a70 Thread C:\Windows\System32\svchost.exe [1148:2852] 000007fef54c20c0 Thread C:\Windows\System32\svchost.exe [1148:2840] 000007fef54c26a8 Thread C:\Windows\System32\svchost.exe [1148:3280] 000007fef63944e0 Thread C:\Windows\System32\svchost.exe [1148:3392] 000007fef67389b8 Thread C:\Windows\System32\svchost.exe [1148:5712] 000007feee3e3efc Thread C:\Windows\System32\svchost.exe [1148:5656] 000007feee0c8a4c Thread C:\Windows\System32\svchost.exe [1148:5492] 000007fef54c29dc Thread C:\Windows\system32\svchost.exe [1436:3456] 000007fef70a5170 Thread C:\Windows\system32\svchost.exe [1436:2896] 000007fef0fe83d8 Thread C:\Windows\system32\svchost.exe [1436:1044] 000007fef0fe83d8 Thread C:\Windows\system32\svchost.exe [1436:3916] 000007fef4263f1c Thread C:\Windows\system32\svchost.exe [1436:3936] 000007fef4f422b8 Thread C:\Windows\system32\svchost.exe [1436:3932] 000007fef4f41a38 Thread C:\Windows\system32\svchost.exe [1436:3284] 000007fef41e5388 Thread C:\Windows\system32\svchost.exe [1436:4032] 000007fef41c7738 Thread C:\Windows\system32\svchost.exe [1436:4016] 000007fef41b1f90 Thread C:\Windows\system32\svchost.exe [1604:1892] 000007fefc3f1a70 Thread C:\Windows\system32\svchost.exe [1604:1928] 000007fefc3f1a70 Thread C:\Windows\system32\svchost.exe [1604:1940] 000007fefc3f1a70 Thread C:\Windows\system32\svchost.exe [1604:1948] 000007fef8352c70 Thread C:\Windows\system32\svchost.exe [1604:1964] 000007fef835fb40 Thread C:\Windows\system32\svchost.exe [1604:1984] 000007fef8371d20 Thread C:\Windows\system32\svchost.exe [1604:1988] 000007fef835f6f0 Thread C:\Windows\system32\svchost.exe [1604:2100] 000007fef82835c0 Thread C:\Windows\system32\svchost.exe [1604:248] 000007fef8285600 Thread C:\Windows\system32\svchost.exe [1604:1564] 000007fef5312940 Thread C:\Windows\system32\svchost.exe [1604:3692] 000007fef7542888 Thread C:\Windows\system32\svchost.exe [1604:5668] 000007fef7542a40 Thread C:\Windows\System32\spoolsv.exe [1840:3008] 000007fef58310c8 Thread C:\Windows\System32\spoolsv.exe [1840:3016] 000007fef57f6144 Thread C:\Windows\System32\spoolsv.exe [1840:3020] 000007fef7c15fd0 Thread C:\Windows\System32\spoolsv.exe [1840:3024] 000007fef57d3438 Thread C:\Windows\System32\spoolsv.exe [1840:3028] 000007fef7c163ec Thread C:\Windows\System32\spoolsv.exe [1840:3036] 000007fef58d5e5c Thread C:\Windows\System32\spoolsv.exe [1840:3040] 000007fef5905074 Thread C:\Windows\System32\spoolsv.exe [1840:1036] 000007fef5972288 Thread C:\Windows\system32\rundll32.exe [2524:2584] 000007fefafa2bf8 Thread C:\Windows\system32\rundll32.exe [2524:2604] 000007fefad06204 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4664:4988] 000007fefafa2bf8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4664:4552] 000007feef10cf60 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4664:3236] 000007feef10cf60 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4664:3240] 000007feef10cf60 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4664:5216] 000007fef9bb5124 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\240a647447fc Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\240a647447fc@ac932f2e8b26 0xAD 0xEC 0x61 0x93 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\606c666dcbf2 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 5700 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\240a647447fc (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\240a647447fc@ac932f2e8b26 0xAD 0xEC 0x61 0x93 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\606c666dcbf2 (not active ControlSet) ---- EOF - GMER 2.1 ----