GMER 2.1.19115 - http://www.gmer.net Rootkit scan 2013-03-06 19:28:15 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0003 465,76GB Running: 2noy9qpe.exe; Driver: C:\Users\Asus\AppData\Local\Temp\kftcqaoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1856] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000074e91401 2 bytes JMP 000000010579a47a .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1856] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000074e91419 2 bytes JMP 000000010579a492 .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1856] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000074e91431 2 bytes JMP 000000010579a4aa .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1856] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000074e9144a 2 bytes JMP 0000000074f5fcc3 .text ... * 9 .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1856] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000074e914dd 2 bytes JMP 000000010579a556 .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1856] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000074e914f5 2 bytes JMP 000000010579a56e .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1856] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000074e9150d 2 bytes JMP 000000010579a586 .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1856] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000074e91525 2 bytes JMP 000000010579a59e .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1856] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000074e9153d 2 bytes JMP 000000010579a5b6 .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1856] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000074e91555 2 bytes JMP 000000010579a5ce .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1856] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000074e9156d 2 bytes JMP 000000010579a5e6 .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1856] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000074e91585 2 bytes JMP 000000010579a5fe .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1856] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000074e9159d 2 bytes JMP 000000010579a616 .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1856] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000074e915b5 2 bytes JMP 000000010579a62e .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1856] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000074e915cd 2 bytes JMP 000000015b37ce46 .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1856] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000074e916b2 2 bytes JMP 000000010579a72b .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1856] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000074e916bd 2 bytes JMP 000000010579a736 .text C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074e91401 2 bytes JMP 000000010579a47a .text C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe[3768] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074e91419 2 bytes JMP 000000010579a492 .text C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074e91431 2 bytes JMP 000000010579a4aa .text C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074e9144a 2 bytes JMP 0000000074f5fcc3 .text ... * 9 .text C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe[3768] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074e914dd 2 bytes JMP 000000010579a556 .text C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074e914f5 2 bytes JMP 000000010579a56e .text C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe[3768] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074e9150d 2 bytes JMP 000000010579a586 .text C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074e91525 2 bytes JMP 000000010579a59e .text C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074e9153d 2 bytes JMP 000000010579a5b6 .text C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe[3768] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074e91555 2 bytes JMP 000000010579a5ce .text C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074e9156d 2 bytes JMP 000000010579a5e6 .text C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074e91585 2 bytes JMP 000000010579a5fe .text C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe[3768] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074e9159d 2 bytes JMP 000000010579a616 .text C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074e915b5 2 bytes JMP 000000010579a62e .text C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074e915cd 2 bytes JMP 000000015b37ce46 .text C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074e916b2 2 bytes JMP 000000010579a72b .text C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074e916bd 2 bytes JMP 000000010579a736 .text C:\Windows\AsScrPro.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074e91401 2 bytes JMP 000000010579a47a .text C:\Windows\AsScrPro.exe[3832] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074e91419 2 bytes JMP 000000010579a492 .text C:\Windows\AsScrPro.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074e91431 2 bytes JMP 000000010579a4aa .text C:\Windows\AsScrPro.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074e9144a 2 bytes JMP 0000000074f5fcc3 .text ... * 9 .text C:\Windows\AsScrPro.exe[3832] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074e914dd 2 bytes JMP 000000010579a556 .text C:\Windows\AsScrPro.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074e914f5 2 bytes JMP 000000010579a56e .text C:\Windows\AsScrPro.exe[3832] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074e9150d 2 bytes JMP 000000010579a586 .text C:\Windows\AsScrPro.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074e91525 2 bytes JMP 000000010579a59e .text C:\Windows\AsScrPro.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074e9153d 2 bytes JMP 000000010579a5b6 .text C:\Windows\AsScrPro.exe[3832] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074e91555 2 bytes JMP 000000010579a5ce .text C:\Windows\AsScrPro.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074e9156d 2 bytes JMP 000000010579a5e6 .text C:\Windows\AsScrPro.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074e91585 2 bytes JMP 000000010579a5fe .text C:\Windows\AsScrPro.exe[3832] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074e9159d 2 bytes JMP 000000010579a616 .text C:\Windows\AsScrPro.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074e915b5 2 bytes JMP 000000010579a62e .text C:\Windows\AsScrPro.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074e915cd 2 bytes JMP 000000015b37ce46 .text C:\Windows\AsScrPro.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074e916b2 2 bytes JMP 000000010579a72b .text C:\Windows\AsScrPro.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074e916bd 2 bytes JMP 000000010579a736 .text C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe[3908] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074e91401 2 bytes JMP 000000010579a47a .text C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe[3908] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074e91419 2 bytes JMP 000000010579a492 .text C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe[3908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074e91431 2 bytes JMP 000000010579a4aa .text C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe[3908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074e9144a 2 bytes JMP 0000000074f5fcc3 .text ... * 9 .text C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe[3908] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074e914dd 2 bytes JMP 000000010579a556 .text C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe[3908] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074e914f5 2 bytes JMP 000000010579a56e .text C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe[3908] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074e9150d 2 bytes JMP 000000010579a586 .text C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe[3908] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074e91525 2 bytes JMP 000000010579a59e .text C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe[3908] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074e9153d 2 bytes JMP 000000010579a5b6 .text C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe[3908] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074e91555 2 bytes JMP 000000010579a5ce .text C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe[3908] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074e9156d 2 bytes JMP 000000010579a5e6 .text C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe[3908] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074e91585 2 bytes JMP 000000010579a5fe .text C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe[3908] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074e9159d 2 bytes JMP 000000010579a616 .text C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe[3908] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074e915b5 2 bytes JMP 000000010579a62e .text C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe[3908] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074e915cd 2 bytes JMP 000000015b37ce46 .text C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe[3908] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074e916b2 2 bytes JMP 000000010579a72b .text C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe[3908] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074e916bd 2 bytes JMP 000000010579a736 ---- EOF - GMER 2.1 ----