GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-12-20 00:23:31 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD10EZEX-00ZF5A0 rev.80.00A80 931,51GB Running: uvj7elji.exe; Driver: C:\Users\Bazooka\AppData\Local\Temp\axddrpow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1472] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000762d1401 2 bytes JMP 756bb21b C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1472] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000762d1419 2 bytes JMP 756bb346 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1472] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000762d1431 2 bytes JMP 75738fd1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1472] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000762d144a 2 bytes CALL 7569489d C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1472] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000762d14dd 2 bytes JMP 757388c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1472] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000762d14f5 2 bytes JMP 75738aa0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1472] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000762d150d 2 bytes JMP 757387ba C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1472] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000762d1525 2 bytes JMP 75738b8a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1472] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000762d153d 2 bytes JMP 756afca8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1472] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000762d1555 2 bytes JMP 756b68ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1472] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000762d156d 2 bytes JMP 75739089 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1472] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000762d1585 2 bytes JMP 75738bea C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1472] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000762d159d 2 bytes JMP 7573877e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1472] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000762d15b5 2 bytes JMP 756afd41 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1472] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000762d15cd 2 bytes JMP 756bb2dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1472] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000762d16b2 2 bytes JMP 75738f4c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1472] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000762d16bd 2 bytes JMP 75738713 C:\Windows\syswow64\KERNEL32.dll .text D:\Programy\Eset\x86\ekrn.exe[1684] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075698781 4 bytes [C2, 04, 00, 00] .text D:\Programy\Eset\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000762d1401 2 bytes JMP 756bb21b C:\Windows\syswow64\kernel32.dll .text D:\Programy\Eset\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000762d1419 2 bytes JMP 756bb346 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Eset\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000762d1431 2 bytes JMP 75738fd1 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Eset\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000762d144a 2 bytes CALL 7569489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Programy\Eset\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000762d14dd 2 bytes JMP 757388c4 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Eset\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000762d14f5 2 bytes JMP 75738aa0 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Eset\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000762d150d 2 bytes JMP 757387ba C:\Windows\syswow64\kernel32.dll .text D:\Programy\Eset\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000762d1525 2 bytes JMP 75738b8a C:\Windows\syswow64\kernel32.dll .text D:\Programy\Eset\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000762d153d 2 bytes JMP 756afca8 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Eset\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000762d1555 2 bytes JMP 756b68ef C:\Windows\syswow64\kernel32.dll .text D:\Programy\Eset\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000762d156d 2 bytes JMP 75739089 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Eset\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000762d1585 2 bytes JMP 75738bea C:\Windows\syswow64\kernel32.dll .text D:\Programy\Eset\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000762d159d 2 bytes JMP 7573877e C:\Windows\syswow64\kernel32.dll .text D:\Programy\Eset\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000762d15b5 2 bytes JMP 756afd41 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Eset\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000762d15cd 2 bytes JMP 756bb2dc C:\Windows\syswow64\kernel32.dll .text D:\Programy\Eset\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000762d16b2 2 bytes JMP 75738f4c C:\Windows\syswow64\kernel32.dll .text D:\Programy\Eset\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000762d16bd 2 bytes JMP 75738713 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Last.fm\Last.fm Scrobbler.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000762d1401 2 bytes JMP 756bb21b C:\Windows\syswow64\kernel32.dll .text D:\Programy\Last.fm\Last.fm Scrobbler.exe[2464] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000762d1419 2 bytes JMP 756bb346 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Last.fm\Last.fm Scrobbler.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000762d1431 2 bytes JMP 75738fd1 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Last.fm\Last.fm Scrobbler.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000762d144a 2 bytes CALL 7569489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Programy\Last.fm\Last.fm Scrobbler.exe[2464] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000762d14dd 2 bytes JMP 757388c4 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Last.fm\Last.fm Scrobbler.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000762d14f5 2 bytes JMP 75738aa0 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Last.fm\Last.fm Scrobbler.exe[2464] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000762d150d 2 bytes JMP 757387ba C:\Windows\syswow64\kernel32.dll .text D:\Programy\Last.fm\Last.fm Scrobbler.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000762d1525 2 bytes JMP 75738b8a C:\Windows\syswow64\kernel32.dll .text D:\Programy\Last.fm\Last.fm Scrobbler.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000762d153d 2 bytes JMP 756afca8 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Last.fm\Last.fm Scrobbler.exe[2464] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000762d1555 2 bytes JMP 756b68ef C:\Windows\syswow64\kernel32.dll .text D:\Programy\Last.fm\Last.fm Scrobbler.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000762d156d 2 bytes JMP 75739089 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Last.fm\Last.fm Scrobbler.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000762d1585 2 bytes JMP 75738bea C:\Windows\syswow64\kernel32.dll .text D:\Programy\Last.fm\Last.fm Scrobbler.exe[2464] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000762d159d 2 bytes JMP 7573877e C:\Windows\syswow64\kernel32.dll .text D:\Programy\Last.fm\Last.fm Scrobbler.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000762d15b5 2 bytes JMP 756afd41 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Last.fm\Last.fm Scrobbler.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000762d15cd 2 bytes JMP 756bb2dc C:\Windows\syswow64\kernel32.dll .text D:\Programy\Last.fm\Last.fm Scrobbler.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000762d16b2 2 bytes JMP 75738f4c C:\Windows\syswow64\kernel32.dll .text D:\Programy\Last.fm\Last.fm Scrobbler.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000762d16bd 2 bytes JMP 75738713 C:\Windows\syswow64\kernel32.dll .text D:\Programy\GMER\uvj7elji.exe[3576] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000762d1401 2 bytes JMP 756bb21b C:\Windows\syswow64\kernel32.dll .text D:\Programy\GMER\uvj7elji.exe[3576] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000762d1419 2 bytes JMP 756bb346 C:\Windows\syswow64\kernel32.dll .text D:\Programy\GMER\uvj7elji.exe[3576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000762d1431 2 bytes JMP 75738fd1 C:\Windows\syswow64\kernel32.dll .text D:\Programy\GMER\uvj7elji.exe[3576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000762d144a 2 bytes CALL 7569489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Programy\GMER\uvj7elji.exe[3576] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000762d14dd 2 bytes JMP 757388c4 C:\Windows\syswow64\kernel32.dll .text D:\Programy\GMER\uvj7elji.exe[3576] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000762d14f5 2 bytes JMP 75738aa0 C:\Windows\syswow64\kernel32.dll .text D:\Programy\GMER\uvj7elji.exe[3576] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000762d150d 2 bytes JMP 757387ba C:\Windows\syswow64\kernel32.dll .text D:\Programy\GMER\uvj7elji.exe[3576] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000762d1525 2 bytes JMP 75738b8a C:\Windows\syswow64\kernel32.dll .text D:\Programy\GMER\uvj7elji.exe[3576] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000762d153d 2 bytes JMP 756afca8 C:\Windows\syswow64\kernel32.dll .text D:\Programy\GMER\uvj7elji.exe[3576] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000762d1555 2 bytes JMP 756b68ef C:\Windows\syswow64\kernel32.dll .text D:\Programy\GMER\uvj7elji.exe[3576] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000762d156d 2 bytes JMP 75739089 C:\Windows\syswow64\kernel32.dll .text D:\Programy\GMER\uvj7elji.exe[3576] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000762d1585 2 bytes JMP 75738bea C:\Windows\syswow64\kernel32.dll .text D:\Programy\GMER\uvj7elji.exe[3576] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000762d159d 2 bytes JMP 7573877e C:\Windows\syswow64\kernel32.dll .text D:\Programy\GMER\uvj7elji.exe[3576] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000762d15b5 2 bytes JMP 756afd41 C:\Windows\syswow64\kernel32.dll .text D:\Programy\GMER\uvj7elji.exe[3576] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000762d15cd 2 bytes JMP 756bb2dc C:\Windows\syswow64\kernel32.dll .text D:\Programy\GMER\uvj7elji.exe[3576] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000762d16b2 2 bytes JMP 75738f4c C:\Windows\syswow64\kernel32.dll .text D:\Programy\GMER\uvj7elji.exe[3576] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000762d16bd 2 bytes JMP 75738713 C:\Windows\syswow64\kernel32.dll ---- Files - GMER 2.1 ---- File C:\Users\Bazooka\AppData\Local\Temp\tmp14A6.tmp 0 bytes ---- EOF - GMER 2.1 ----