GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-10-19 20:49:05
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000066 Hitachi_ rev.JP4O 931,51GB
Running: hoeskec8.exe; Driver: C:\Users\admin\AppData\Local\Temp\uwddakob.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files\AVAST Software\Avast\AvastUI.exe[2080] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                                             0000000076a08781 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]

---- Threads - GMER 2.1 ----

Thread  C:\Windows\System32\svchost.exe [1452:4348]                                                                                                                      000007fef2ad9688

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\ngvss\Parameters@asserts                                                                                                  ???v?????????????????u????d?????????????? ???????v?????v???????,???????????? ????????d??????????? ???????????v?????v????? ???????u???????????u?,??????.?"????????0????"??u??????????????????RDPDD Chained DD?????v???????u???????????????s??????????????????????? ??????????????e????u?u?u??? ???????u???????????u?,????????N???????o?????N??u???????D??{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}???????????u???????e???u?u???????u???u????? ???????n?????u????????????????????????D???? ???????u???????????u????????.?"????????0????"??u??????????????????RDPDD Chained DD?????????u???????????????s??RDPDD???????? ??????????????e??????u????? ???????n?????u?????i??????????b???????????{4d36e96f-e325-11ce-bfc1-08002be10318}\0003??????r?v?v?v?v?v?v?v?v?v?v???????????????????v???????????????u?u????\Device\{702255F3-BEC6-4471-AE31-3D176E5AC835}???????????????m?????????s????????????????????????????????????????????????????RDPENCDD?????? ??k???2??p0????X??u???????????d???????????I???e?????????????u????? ???????u???????????u?,??????.?4????????0?
Reg     HKLM\SYSTEM\ControlSet002\services\ngvss\Parameters@asserts                                                                                                      ???hs????????????y?y????????????????????@%SystemRoot%\system32\drivers\nsiproxy.sys,-2???????e?e?e?e?h?h?h???????h??????????NO_DRV???????????e????????????????????????????????$????????????n??????????????8??h????????h?????system32\drivers\pci.sys?????y?y?????i?i?????????????$???$???????????$???$???h???????e???????????????????????????4??55??????????????????? ???????????????????\?m??"???&??????????????0??@%systemroot%\system32\rascfg.dll,-32002????@%SystemRoot%\system32\drivers\nsiproxy.sys,-1???????????????????????????????????????h???h?h?3??@%systemroot%\system32\rascfg.dll,-32001?????????i??????????Microsoft????????????h?h?$???h?h?h?h?h?h?h??????????????t?????????????????????(??h???????????????h???$???t??netrasa.inf?in???????????????????????h???$???s??Ndi-Mp-L2tp?2t???????????5??1C???? ??h???5??40??ms_l2tpminiport??$???????????????????????e???$???m??????????????????????????????????? ??????????????x????h???????e???????????????????e????????????????????????????>??h???????7???h?h55??{00000000-0000-0000-0000-000000

---- Files - GMER 2.1 ----

File    C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ufovbja0.default\cache2\entries\EE95E26BED8C324EA906B875FC02A34F121D1DFB                                   0 bytes
File    C:\avast! sandbox                                                                                                                                                0 bytes
File    C:\avast! sandbox\S-1-5-21-1360549727-2693629194-3738010788-1000                                                                                                 0 bytes
File    C:\avast! sandbox\S-1-5-21-1360549727-2693629194-3738010788-1000\r45                                                                                             0 bytes
File    C:\avast! sandbox\S-1-5-21-1360549727-2693629194-3738010788-1000\r45\wtw.exe_{ec2c399c-57ad-11e5-ac1d-74d43550b322}                                              0 bytes
File    C:\avast! sandbox\S-1-5-21-1360549727-2693629194-3738010788-1000\r45\wtw.exe_{ec2c399c-57ad-11e5-ac1d-74d43550b322}\C                                            0 bytes
File    C:\avast! sandbox\S-1-5-21-1360549727-2693629194-3738010788-1000\r45\wtw.exe_{ec2c399c-57ad-11e5-ac1d-74d43550b322}\C\Users                                      0 bytes
File    C:\avast! sandbox\S-1-5-21-1360549727-2693629194-3738010788-1000\r45\wtw.exe_{ec2c399c-57ad-11e5-ac1d-74d43550b322}\C\Users\admin                                0 bytes
File    C:\avast! sandbox\S-1-5-21-1360549727-2693629194-3738010788-1000\r45\wtw.exe_{ec2c399c-57ad-11e5-ac1d-74d43550b322}\C\Users\admin\AppData                        0 bytes
File    C:\avast! sandbox\S-1-5-21-1360549727-2693629194-3738010788-1000\r45\wtw.exe_{ec2c399c-57ad-11e5-ac1d-74d43550b322}\C\Users\admin\AppData\Roaming                0 bytes
File    C:\avast! sandbox\S-1-5-21-1360549727-2693629194-3738010788-1000\r45\wtw.exe_{ec2c399c-57ad-11e5-ac1d-74d43550b322}\C\Users\admin\AppData\Roaming\.wtw           0 bytes
File    C:\avast! sandbox\S-1-5-21-1360549727-2693629194-3738010788-1000\r45\wtw.exe_{ec2c399c-57ad-11e5-ac1d-74d43550b322}\C\Users\admin\AppData\Roaming\.wtw\profiles  0 bytes
File    C:\Windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin                                                                                          (size mismatch) 112402/89388 bytes executable

---- EOF - GMER 2.1 ----