GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2010-11-18 18:32:41 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932032 rev.DE06 Running: fni6m0yg.exe; Driver: C:\Users\KAROLI~1\AppData\Local\Temp\kxdoquog.sys ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[272] kernel32.dll!SetUnhandledExceptionFilter 76A9A84F 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\DellTPad\Apntex.exe[1620] kernel32.dll!TerminateProcess 76A718EF 1 Byte [C3] .text C:\Program Files\DellTPad\Apntex.exe[1620] kernel32.dll!TerminateThread 76AB41F7 1 Byte [C3] .text C:\Windows\system32\Dwm.exe[1628] kernel32.dll!TerminateProcess 76A718EF 1 Byte [C3] .text C:\Windows\system32\Dwm.exe[1628] kernel32.dll!TerminateThread 76AB41F7 1 Byte [C3] .text C:\Program Files\IDT\WDM\sttray.exe[2668] kernel32.dll!TerminateProcess 76A718EF 1 Byte [C3] .text C:\Program Files\IDT\WDM\sttray.exe[2668] kernel32.dll!TerminateThread 76AB41F7 1 Byte [C3] .text C:\Program Files\ESET\ESET Smart Security\egui.exe[2808] kernel32.dll!TerminateProcess 76A718EF 1 Byte [C3] .text C:\Program Files\ESET\ESET Smart Security\egui.exe[2808] kernel32.dll!TerminateThread 76AB41F7 1 Byte [C3] .text C:\Program Files\DellTPad\Apoint.exe[2820] kernel32.dll!TerminateProcess 76A718EF 1 Byte [C3] .text C:\Program Files\DellTPad\Apoint.exe[2820] kernel32.dll!TerminateThread 76AB41F7 1 Byte [C3] .text C:\Windows\system32\taskeng.exe[2888] kernel32.dll!TerminateProcess 76A718EF 1 Byte [C3] .text C:\Windows\system32\taskeng.exe[2888] kernel32.dll!TerminateThread 76AB41F7 1 Byte [C3] .text C:\Users\KAROLINKA\Favorites\Desktop\fni6m0yg.exe[3004] kernel32.dll!TerminateProcess 76A718EF 1 Byte [C3] .text C:\Users\KAROLINKA\Favorites\Desktop\fni6m0yg.exe[3004] kernel32.dll!TerminateThread 76AB41F7 1 Byte [C3] .text C:\Program[3188] KERNEL32.dll!TerminateProcess 76A718EF 1 Byte [C3] .text C:\Program[3188] KERNEL32.dll!TerminateThread 76AB41F7 1 Byte [C3] .text C:\Windows\system32\wuauclt.exe[3252] kernel32.dll!TerminateProcess 76A718EF 1 Byte [C3] .text C:\Windows\system32\wuauclt.exe[3252] kernel32.dll!TerminateThread 76AB41F7 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3448] kernel32.dll!TerminateProcess 76A718EF 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3448] kernel32.dll!TerminateThread 76AB41F7 1 Byte [C3] .text C:\Program Files\DellTPad\ApMsgFwd.exe[3724] kernel32.dll!TerminateProcess 76A718EF 1 Byte [C3] .text C:\Program Files\DellTPad\ApMsgFwd.exe[3724] kernel32.dll!TerminateThread 76AB41F7 1 Byte [C3] .text C:\Program Files\DellTPad\HidFind.exe[3780] kernel32.dll!TerminateProcess 76A718EF 1 Byte [C3] .text C:\Program Files\DellTPad\HidFind.exe[3780] kernel32.dll!TerminateThread 76AB41F7 1 Byte [C3] ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group) Device \Driver\volmgr \Device\VolMgrControl BioNT_bs.sys AttachedDevice \Driver\tdx \Device\Tcp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET) Device \Driver\volmgr \Device\HarddiskVolume1 BioNT_bs.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group) Device \Driver\volmgr \Device\HarddiskVolume2 BioNT_bs.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group) Device \Driver\volmgr \Device\HarddiskVolume3 BioNT_bs.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group) AttachedDevice \Driver\tdx \Device\Udp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET) AttachedDevice \Driver\tdx \Device\RawIp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedzer filtrów systemu plików firmy Microsoft/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat eamon.sys (Amon monitor/ESET) ---- Processes - GMER 1.0.15 ---- Library C:\Program (*** hidden *** ) @ C:\Program [3188] 0x00A30000 ---- EOF - GMER 1.0.15 ----