GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-12-14 23:00:37
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB4O 465,76GB
Running: gmer.exe; Driver: C:\Users\Admin\AppData\Local\Temp\uxddqpow.sys


---- User code sections - GMER 2.1 ----

.text    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1876] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                                               00000000771d8791 4 bytes [C2, 04, 00, 00]
.text    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1876] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                                    0000000075931465 2 bytes [93, 75]
.text    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1876] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                                   00000000759314bb 2 bytes [93, 75]
.text    ...                                                                                                                                                                     * 2
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[2036] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                     0000000077c70038 5 bytes JMP 0000000169921986
.text    C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe[4376] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35                                      00000000747d11a8 2 bytes [7D, 74]
.text    C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe[4376] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21                                00000000747d13a8 2 bytes [7D, 74]
.text    C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe[4376] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21                                    00000000747d1422 2 bytes [7D, 74]
.text    C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe[4376] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19                             00000000747d1498 2 bytes [7D, 74]
.text    C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe[4376] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195                  0000000073ee1b41 2 bytes [EE, 73]
.text    C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe[4376] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362                  0000000073ee1be8 2 bytes [EE, 73]
.text    C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe[4376] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418                  0000000073ee1c20 2 bytes [EE, 73]
.text    C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe[4376] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596                  0000000073ee1cd2 2 bytes [EE, 73]
.text    C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe[4376] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628                  0000000073ee1cf2 2 bytes [EE, 73]

---- Threads - GMER 2.1 ----

Thread   C:\Windows\SysWOW64\ntdll.dll [4672:4676]                                                                                                                               0000000000417d00
Thread   C:\Windows\SysWOW64\ntdll.dll [4672:5768]                                                                                                                               0000000000416b00
---- Processes - GMER 2.1 ----

Process  C:\Users\Admin\AppData\Local\Temp\Temp2_gmer.zip\gmer.exe (*** suspicious ***) @ C:\Users\Admin\AppData\Local\Temp\Temp2_gmer.zip\gmer.exe [2440](2014-01-28 17:36:04)  0000000000400000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind                                \Device\{BB6D4E1A-F722-4E7D-9C4B-BF0A0697DC02}?\Device\{D7119D47-A02C-44E7-AB0E-99B1FB7E2B34}?\Device\{9D1A240B-6C44-4756-99D9-8CF7123D06F5}?\Device\{171AD822-4AC2-480D-BAA1-965A8FC346D5}?\Device\{DC7BC413-EF9E-4232-9772-67C9916F6AF3}?\Device\{3AD41505-E72A-4222-89B7-AB148FE2A40E}?\Device\{F87E531C-C1E0-46A0-BF51-45CDEC341F94}?
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route                               "{BB6D4E1A-F722-4E7D-9C4B-BF0A0697DC02}"?"{D7119D47-A02C-44E7-AB0E-99B1FB7E2B34}"?"{9D1A240B-6C44-4756-99D9-8CF7123D06F5}"?"{171AD822-4AC2-480D-BAA1-965A8FC346D5}"?"{DC7BC413-EF9E-4232-9772-67C9916F6AF3}"?"{3AD41505-E72A-4222-89B7-AB148FE2A40E}"?"{F87E531C-C1E0-46A0-BF51-45CDEC341F94}"?
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export                              \Device\TCPIP6TUNNEL_{BB6D4E1A-F722-4E7D-9C4B-BF0A0697DC02}?\Device\TCPIP6TUNNEL_{D7119D47-A02C-44E7-AB0E-99B1FB7E2B34}?\Device\TCPIP6TUNNEL_{9D1A240B-6C44-4756-99D9-8CF7123D06F5}?\Device\TCPIP6TUNNEL_{171AD822-4AC2-480D-BAA1-965A8FC346D5}?\Device\TCPIP6TUNNEL_{DC7BC413-EF9E-4232-9772-67C9916F6AF3}?\Device\TCPIP6TUNNEL_{3AD41505-E72A-4222-89B7-AB148FE2A40E}?\Device\TCPIP6TUNNEL_{F87E531C-C1E0-46A0-BF51-45CDEC341F94}?

---- EOF - GMER 2.1 ----