GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-10-23 23:56:42 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-4 WDC_WD5000AADS-00S9B0 rev.01.00A01 465,76GB Running: gmer.exe; Driver: C:\Users\Konrad\AppData\Local\Temp\awkdapog.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1604] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000074fc8769 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1604] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075781401 2 bytes JMP 74feb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1604] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075781419 2 bytes JMP 74feb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1604] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075781431 2 bytes JMP 75069149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1604] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007578144a 2 bytes CALL 74fc4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1604] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000757814dd 2 bytes JMP 75068a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1604] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000757814f5 2 bytes JMP 75068c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1604] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007578150d 2 bytes JMP 75068938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1604] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075781525 2 bytes JMP 75068d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1604] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007578153d 2 bytes JMP 74fdfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1604] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075781555 2 bytes JMP 74fe6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1604] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007578156d 2 bytes JMP 75069201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1604] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075781585 2 bytes JMP 75068d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1604] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007578159d 2 bytes JMP 750688fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1604] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000757815b5 2 bytes JMP 74fdfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1604] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000757815cd 2 bytes JMP 74feb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1604] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000757816b2 2 bytes JMP 750690c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1604] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000757816bd 2 bytes JMP 75068891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe[2876] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000074fc8769 5 bytes [33, C0, C2, 04, 00] .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[1196] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075781401 2 bytes JMP 74feb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[1196] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075781419 2 bytes JMP 74feb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[1196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075781431 2 bytes JMP 75069149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[1196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007578144a 2 bytes CALL 74fc4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[1196] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757814dd 2 bytes JMP 75068a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[1196] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757814f5 2 bytes JMP 75068c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[1196] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007578150d 2 bytes JMP 75068938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[1196] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075781525 2 bytes JMP 75068d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[1196] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007578153d 2 bytes JMP 74fdfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[1196] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075781555 2 bytes JMP 74fe6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[1196] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007578156d 2 bytes JMP 75069201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[1196] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075781585 2 bytes JMP 75068d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[1196] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007578159d 2 bytes JMP 750688fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[1196] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757815b5 2 bytes JMP 74fdfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[1196] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757815cd 2 bytes JMP 74feb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[1196] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757816b2 2 bytes JMP 750690c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[1196] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757816bd 2 bytes JMP 75068891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[3240] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075781401 2 bytes JMP 74feb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[3240] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075781419 2 bytes JMP 74feb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[3240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075781431 2 bytes JMP 75069149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[3240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007578144a 2 bytes CALL 74fc4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[3240] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757814dd 2 bytes JMP 75068a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[3240] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757814f5 2 bytes JMP 75068c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[3240] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007578150d 2 bytes JMP 75068938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[3240] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075781525 2 bytes JMP 75068d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[3240] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007578153d 2 bytes JMP 74fdfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[3240] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075781555 2 bytes JMP 74fe6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[3240] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007578156d 2 bytes JMP 75069201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[3240] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075781585 2 bytes JMP 75068d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[3240] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007578159d 2 bytes JMP 750688fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[3240] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757815b5 2 bytes JMP 74fdfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[3240] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757815cd 2 bytes JMP 74feb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[3240] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757816b2 2 bytes JMP 750690c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[3240] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757816bd 2 bytes JMP 75068891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075781401 2 bytes JMP 74feb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[3836] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075781419 2 bytes JMP 74feb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075781431 2 bytes JMP 75069149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007578144a 2 bytes CALL 74fc4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[3836] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757814dd 2 bytes JMP 75068a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757814f5 2 bytes JMP 75068c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[3836] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007578150d 2 bytes JMP 75068938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075781525 2 bytes JMP 75068d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007578153d 2 bytes JMP 74fdfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[3836] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075781555 2 bytes JMP 74fe6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007578156d 2 bytes JMP 75069201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075781585 2 bytes JMP 75068d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[3836] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007578159d 2 bytes JMP 750688fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757815b5 2 bytes JMP 74fdfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757815cd 2 bytes JMP 74feb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757816b2 2 bytes JMP 750690c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757816bd 2 bytes JMP 75068891 C:\Windows\syswow64\kernel32.dll ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\svchost.exe [928:3572] 000007fef4a9d3c8 Thread C:\Windows\system32\svchost.exe [928:3576] 000007fef4a9d3c8 Thread C:\Windows\system32\svchost.exe [928:3580] 000007fef4a9d3c8 Thread C:\Windows\system32\svchost.exe [928:3584] 000007fef4a9d3c8 Thread C:\Windows\system32\svchost.exe [928:3892] 000007fee93db1b0 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3232:3472] 000007fefb2e2be0 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3232:3480] 000007feeeed8a28 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3232:3488] 000007feeeed8a28 ---- EOF - GMER 2.2 ----