Gå till innehåll

Niki

Medlem
 Visa profil  Visa deras aktivitet

  • Innehållsantal

    16

  • Gick med

  • Besökte senast

Niki's Achievements

(1/8)

  1. Niki
    Ok! Här kommer den då. http://www.woofiles.com/dl-206423-kK1X7MdV-catchme.log
  2. Niki
    Sås niki.txt
  3. Niki
    MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows 7 Home Premium Edition Windows Information: (build 7600), 32-bit Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD. BIOS Manufacturer: American Megatrends Inc. System Manufacturer: SAMSUNG ELECTRONICS CO., LTD. System Product Name: R780/R778 Logical Drives Mask: 0x0000001c Kernel Drivers (total 205): 0x83615000 \SystemRoot\system32\ntkrnlpa.exe 0x83A25000 \SystemRoot\system32\halmacpi.dll 0x80BCB000 \SystemRoot\system32\kdcom.dll 0x8C826000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x8C89E000 \SystemRoot\system32\PSHED.dll 0x8C8AF000 \SystemRoot\system32\BOOTVID.dll 0x8C8B7000 \SystemRoot\system32\CLFS.SYS 0x8C8F9000 \SystemRoot\system32\CI.dll 0x8CA09000 \SystemRoot\system32\drivers\Wdf01000.sys 0x8CA7A000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8CA88000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x8CAD0000 \SystemRoot\system32\DRIVERS\WMILIB.SYS 0x8CAD9000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x8CAE1000 \SystemRoot\system32\DRIVERS\pci.sys 0x8CB0B000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x8CB16000 \SystemRoot\System32\drivers\partmgr.sys 0x8CB27000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x8CB2F000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x8CB3A000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x8CB4A000 \SystemRoot\System32\drivers\volmgrx.sys 0x8CB95000 \SystemRoot\System32\drivers\mountmgr.sys 0x8CC02000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x8CDB7000 \SystemRoot\system32\DRIVERS\atapi.sys 0x8CDC0000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x8CDE3000 \SystemRoot\system32\DRIVERS\msahci.sys 0x8CDED000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x8CBAB000 \SystemRoot\system32\DRIVERS\amdxata.sys 0x8CBB4000 \SystemRoot\system32\drivers\fltmgr.sys 0x8CBE8000 \SystemRoot\system32\drivers\fileinfo.sys 0x8CE1E000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8CF4D000 \SystemRoot\System32\Drivers\msrpc.sys 0x8CF78000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8CF8B000 \SystemRoot\System32\Drivers\cng.sys 0x8CFE8000 \SystemRoot\System32\drivers\pcw.sys 0x8CFF6000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x8D00F000 \SystemRoot\system32\drivers\ndis.sys 0x8D0C6000 \SystemRoot\system32\drivers\NETIO.SYS 0x8D104000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x8D129000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x8D168000 \SystemRoot\System32\Drivers\spldr.sys 0x8D170000 \SystemRoot\System32\drivers\rdyboost.sys 0x8D19D000 \SystemRoot\System32\Drivers\mup.sys 0x8D1AD000 \SystemRoot\System32\drivers\hwpolicy.sys 0x8D1B5000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x8D1E7000 \SystemRoot\system32\DRIVERS\disk.sys 0x8C9A4000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x923D5000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x923F4000 \SystemRoot\System32\Drivers\Null.SYS 0x92200000 \SystemRoot\System32\Drivers\Beep.SYS 0x8CE00000 \SystemRoot\System32\drivers\vga.sys 0x8C9C9000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x8CE0C000 \SystemRoot\System32\drivers\watchdog.sys 0x92207000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x8D1F8000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8CA00000 \SystemRoot\system32\drivers\rdprefmp.sys 0x8C9EA000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8C800000 \SystemRoot\System32\Drivers\Npfs.SYS 0x91C38000 \SystemRoot\System32\drivers\tcpip.sys 0x91D81000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x91DB2000 \SystemRoot\system32\DRIVERS\tdx.sys 0x91DC9000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x92430000 \SystemRoot\System32\Drivers\avgtdix.sys 0x9246A000 \SystemRoot\System32\DRIVERS\netbt.sys 0x9249C000 \SystemRoot\system32\drivers\afd.sys 0x924F6000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x924FD000 \SystemRoot\system32\DRIVERS\pacer.sys 0x9251C000 \SystemRoot\system32\DRIVERS\vwififlt.sys 0x9252D000 \SystemRoot\system32\DRIVERS\netbios.sys 0x9253B000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x9254E000 \SystemRoot\system32\DRIVERS\termdd.sys 0x9255E000 \SystemRoot\System32\Drivers\SCDEmu.SYS 0x9256C000 \??\C:\windows\system32\Drivers\SABI.sys 0x92574000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x925B5000 \SystemRoot\system32\drivers\nsiproxy.sys 0x925BF000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x925C9000 \SystemRoot\System32\drivers\discache.sys 0x925D5000 \SystemRoot\System32\Drivers\dfsc.sys 0x925ED000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x92400000 \SystemRoot\System32\Drivers\avgmfx86.sys 0x91C00000 \SystemRoot\System32\Drivers\avgldx86.sys 0x92406000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x93019000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x93A97000 \SystemRoot\system32\DRIVERS\nvBridge.kmd 0x93A99000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x93B50000 \SystemRoot\System32\drivers\dxgmms1.sys 0x93B89000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x93BA8000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x9420E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x94259000 \SystemRoot\system32\DRIVERS\athr.sys 0x94393000 \SystemRoot\system32\DRIVERS\vwifibus.sys 0x9439D000 \SystemRoot\system32\DRIVERS\yk62x86.sys 0x93BB7000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x943EE000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x94021000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x9405B000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x9405D000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x9406A000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x94070000 \SystemRoot\system32\DRIVERS\Impcd.sys 0x9408F000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x94093000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x940A5000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x940B2000 \SystemRoot\system32\drivers\ScreamingBAudio.sys 0x940BF000 \SystemRoot\system32\drivers\portcls.sys 0x940EE000 \SystemRoot\system32\drivers\drmk.sys 0x94107000 \SystemRoot\system32\drivers\ks.sys 0x9413B000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x9414D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x94165000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x94170000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x94192000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x941AA000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x941C1000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x941D8000 \SystemRoot\system32\DRIVERS\vHidDev.sys 0x941DA000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x941ED000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x941F4000 \SystemRoot\system32\DRIVERS\swenum.sys 0x94000000 \SystemRoot\system32\DRIVERS\umbus.sys 0x95010000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x95054000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x95065000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x95070000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x9507C000 \SystemRoot\system32\drivers\nvhda32v.sys 0x97022000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x97750000 \SystemRoot\System32\win32k.sys 0x972F8000 \SystemRoot\System32\drivers\Dxapi.sys 0x97302000 \SystemRoot\system32\DRIVERS\udfs.sys 0x97342000 \SystemRoot\System32\Drivers\crashdmp.sys 0x9220F000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x9734F000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x97360000 \SystemRoot\system32\DRIVERS\monitor.sys 0x9736B000 \SystemRoot\system32\drivers\dadder.sys 0x9736E000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x979B0000 \SystemRoot\System32\TSDDD.dll 0x979E0000 \SystemRoot\System32\cdd.dll 0x97600000 \SystemRoot\System32\ATMFD.DLL 0x97379000 \SystemRoot\system32\drivers\luafv.sys 0x97394000 \SystemRoot\system32\drivers\WudfPf.sys 0x973AE000 \SystemRoot\system32\drivers\btusbflt.sys 0x973B8000 \SystemRoot\System32\Drivers\BTHUSB.sys 0x95099000 \SystemRoot\System32\Drivers\bthport.sys 0x973CA000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x950FD000 \SystemRoot\System32\Drivers\usbvideo.sys 0x95121000 \SystemRoot\system32\DRIVERS\rfcomm.sys 0x973E1000 \SystemRoot\system32\DRIVERS\BthEnum.sys 0x95145000 \SystemRoot\system32\DRIVERS\btwavdt.sys 0x97415000 \SystemRoot\system32\drivers\btwaudio.sys 0x97496000 \SystemRoot\system32\DRIVERS\btwl2cap.sys 0x974A1000 \SystemRoot\system32\DRIVERS\btwrchid.sys 0x974A4000 \??\C:\Program Files\Sandboxie\SbieDrv.sys 0x974C3000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x974D3000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x97519000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x97529000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x9753C000 \SystemRoot\system32\drivers\HTTP.sys 0x975C1000 \SystemRoot\system32\DRIVERS\bowser.sys 0x975DA000 \SystemRoot\System32\drivers\mpsdrv.sys 0x951B8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x83219000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x83254000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x83287000 \SystemRoot\system32\drivers\peauth.sys 0x8331E000 \SystemRoot\System32\Drivers\secdrv.SYS 0x83328000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x83349000 \SystemRoot\System32\drivers\tcpipreg.sys 0x83356000 \SystemRoot\System32\DRIVERS\srv2.sys 0x833A5000 \SystemRoot\System32\DRIVERS\srv.sys 0x93BCF000 \SystemRoot\System32\drivers\ipnat.sys 0x76FE0000 \Windows\System32\ntdll.dll 0x47F70000 \Windows\System32\smss.exe 0x77220000 \Windows\System32\apisetschema.dll 0x008F0000 \Windows\System32\autochk.exe 0x77160000 \Windows\System32\msvcrt.dll 0x76F80000 \Windows\System32\shlwapi.dll 0x77130000 \Windows\System32\imagehlp.dll 0x77120000 \Windows\System32\nsi.dll 0x76F00000 \Windows\System32\comdlg32.dll 0x76EB0000 \Windows\System32\gdi32.dll 0x76EA0000 \Windows\System32\lpk.dll 0x76E10000 \Windows\System32\clbcatq.dll 0x76DF0000 \Windows\System32\imm32.dll 0x76D50000 \Windows\System32\advapi32.dll 0x76B50000 \Windows\System32\iertutil.dll 0x75F00000 \Windows\System32\shell32.dll 0x75EB0000 \Windows\System32\Wldap32.dll 0x75EA0000 \Windows\System32\psapi.dll 0x75E40000 \Windows\System32\difxapi.dll 0x75D70000 \Windows\System32\user32.dll 0x75CE0000 \Windows\System32\oleaut32.dll 0x75C10000 \Windows\System32\msctf.dll 0x75B60000 \Windows\System32\rpcrt4.dll 0x759C0000 \Windows\System32\setupapi.dll 0x75920000 \Windows\System32\usp10.dll 0x75820000 \Windows\System32\wininet.dll 0x757E0000 \Windows\System32\ws2_32.dll 0x757D0000 \Windows\System32\normaliz.dll 0x75690000 \Windows\System32\urlmon.dll 0x75670000 \Windows\System32\sechost.dll 0x75590000 \Windows\System32\kernel32.dll 0x75430000 \Windows\System32\ole32.dll 0x75400000 \Windows\System32\wintrust.dll 0x753B0000 \Windows\System32\KernelBase.dll 0x75390000 \Windows\System32\devobj.dll 0x75360000 \Windows\System32\cfgmgr32.dll 0x752D0000 \Windows\System32\comctl32.dll 0x751B0000 \Windows\System32\crypt32.dll 0x751A0000 \Windows\System32\msasn1.dll Processes (total 79): 0 System Idle Process 4 System 412 C:\Windows\System32\smss.exe 560 csrss.exe 636 C:\Windows\System32\wininit.exe 644 csrss.exe 692 C:\Windows\System32\services.exe 708 C:\Windows\System32\lsass.exe 716 C:\Windows\System32\lsm.exe 812 C:\Windows\System32\svchost.exe 876 C:\Windows\System32\nvvsvc.exe 920 C:\Windows\System32\svchost.exe 984 C:\Windows\System32\svchost.exe 1032 C:\Windows\System32\svchost.exe 1068 C:\Windows\System32\svchost.exe 1180 C:\Windows\System32\svchost.exe 1232 C:\Windows\System32\winlogon.exe 1284 C:\Program Files\Sandboxie\SbieSvc.exe 1384 C:\Windows\System32\svchost.exe 1584 C:\Windows\System32\nvvsvc.exe 1660 C:\Windows\System32\spoolsv.exe 1716 C:\Windows\System32\svchost.exe 1816 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1844 C:\Program Files\AVG\AVG9\avgwdsvc.exe 1864 C:\Program Files\Bonjour\mDNSResponder.exe 1904 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 292 C:\Windows\System32\Rezip.exe 556 C:\Program Files\CyberLink\Shared files\RichVideo.exe 1776 C:\Windows\System32\dwm.exe 900 C:\Windows\System32\taskhost.exe 1940 C:\Windows\System32\svchost.exe 2204 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE 2252 C:\Windows\explorer.exe 2336 C:\Program Files\AVG\AVG9\avgemc.exe 2404 C:\Program Files\AVG\AVG9\avgnsx.exe 2888 C:\Program Files\AVG\AVG9\avgcsrvx.exe 3036 C:\Windows\System32\taskeng.exe 3052 C:\Windows\System32\SearchIndexer.exe 3216 C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe 3228 C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe 3240 C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe 3276 C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe 3292 C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe 3388 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe 3396 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 3412 C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe 3580 C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe 3656 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE 3728 C:\Program Files\AVG\AVG9\avgtray.exe 3736 C:\Program Files\Razer\DeathAdder\razerhid.exe 3760 C:\Program Files\Common Files\Java\Java Update\jusched.exe 3768 C:\Program Files\PowerISO\PWRISOVM.EXE 3832 C:\Program Files\AVG\AVG9\avgchsvx.exe 3840 C:\Program Files\AVG\AVG9\avgrsx.exe 3912 C:\Program Files\Razer\DeathAdder\razertra.exe 3928 C:\Program Files\AVG\AVG9\avgcsrvx.exe 3968 C:\Program Files\iTunes\iTunesHelper.exe 828 C:\Windows\System32\alg.exe 3028 C:\Program Files\Sandboxie\SbieCtrl.exe 3572 C:\Windows\System32\svchost.exe 4448 C:\Windows\System32\svchost.exe 4688 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 5196 C:\Program Files\Windows Media Player\wmpnetwk.exe 5336 C:\Program Files\Razer\DeathAdder\razerofa.exe 5500 C:\Program Files\iPod\bin\iPodService.exe 4336 C:\Windows\System32\svchost.exe 5768 C:\Users\Samsung\AppData\Local\Google\Chrome\Application\chrome.exe 1348 C:\Users\Samsung\AppData\Local\Google\Chrome\Application\chrome.exe 1492 C:\Users\Samsung\AppData\Local\Google\Chrome\Application\chrome.exe 3672 C:\Users\Samsung\AppData\Local\Google\Chrome\Application\chrome.exe 4252 C:\Users\Samsung\AppData\Local\Google\Chrome\Application\chrome.exe 6012 C:\Windows\System32\audiodg.exe 2244 C:\Windows\System32\SearchProtocolHost.exe 1632 C:\Windows\System32\SearchFilterHost.exe 2036 C:\Windows\System32\notepad.exe 5920 dllhost.exe 5744 dllhost.exe 632 C:\Users\Samsung\Desktop\MBRCheck.exe 5060 C:\Windows\System32\conhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c6500000 (NTFS) PhysicalDrive0 Model Number: SAMSUNGHM500JI, Rev: 2AC101C4 Size Device Name MBR Status -------------------------------------------- 465 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: F5C09ACABD4A5370BDD907E8EDFE0C1DA0F9D3F5 Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Options: [1] Dump the MBR of a physical disk to file. [2] Restore the MBR of a physical disk with a standard boot code. [3] Exit. Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit): 0Dumping \\.\PhysicalDisk0... Enter filename to dump to: c:\niki2Dumped successfully! Enter the physical disk number to dump (0-99, -1 to exit): 0Dumping \\.\PhysicalDisk0... Enter filename to dump to: c:\niki.txtDumped successfully! Enter the physical disk number to dump (0-99, -1 to exit): -1 Done!
  4. Niki
    MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows 7 Home Premium Edition Windows Information: (build 7600), 32-bit Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD. BIOS Manufacturer: American Megatrends Inc. System Manufacturer: SAMSUNG ELECTRONICS CO., LTD. System Product Name: R780/R778 Logical Drives Mask: 0x0000001c Kernel Drivers (total 207): 0x83611000 \SystemRoot\system32\ntkrnlpa.exe 0x83A21000 \SystemRoot\system32\halmacpi.dll 0x80BBA000 \SystemRoot\system32\kdcom.dll 0x8C820000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x8C898000 \SystemRoot\system32\PSHED.dll 0x8C8A9000 \SystemRoot\system32\BOOTVID.dll 0x8C8B1000 \SystemRoot\system32\CLFS.SYS 0x8C8F3000 \SystemRoot\system32\CI.dll 0x8CA1E000 \SystemRoot\system32\drivers\Wdf01000.sys 0x8CA8F000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8CA9D000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x8CAE5000 \SystemRoot\system32\DRIVERS\WMILIB.SYS 0x8CAEE000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x8CAF6000 \SystemRoot\system32\DRIVERS\pci.sys 0x8CB20000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x8CB2B000 \SystemRoot\System32\drivers\partmgr.sys 0x8CB3C000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x8CB44000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x8CB4F000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x8CB5F000 \SystemRoot\System32\drivers\volmgrx.sys 0x8CBAA000 \SystemRoot\System32\drivers\mountmgr.sys 0x8CC15000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x8CDCA000 \SystemRoot\system32\DRIVERS\atapi.sys 0x8CDD3000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x8CDF6000 \SystemRoot\system32\DRIVERS\msahci.sys 0x8CC00000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x8CBC0000 \SystemRoot\system32\DRIVERS\amdxata.sys 0x8CBC9000 \SystemRoot\system32\drivers\fltmgr.sys 0x8CA00000 \SystemRoot\system32\drivers\fileinfo.sys 0x8CE13000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8CF42000 \SystemRoot\System32\Drivers\msrpc.sys 0x8CF6D000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8CF80000 \SystemRoot\System32\Drivers\cng.sys 0x8CFDD000 \SystemRoot\System32\drivers\pcw.sys 0x8CFEB000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x8D030000 \SystemRoot\system32\drivers\ndis.sys 0x8D0E7000 \SystemRoot\system32\drivers\NETIO.SYS 0x8D125000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x8D14A000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x8D189000 \SystemRoot\System32\Drivers\spldr.sys 0x8D191000 \SystemRoot\System32\drivers\rdyboost.sys 0x8D1BE000 \SystemRoot\System32\Drivers\mup.sys 0x8D1CE000 \SystemRoot\System32\drivers\hwpolicy.sys 0x8C99E000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x8D1D6000 \SystemRoot\system32\DRIVERS\disk.sys 0x8D000000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x90E00000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x90FEA000 \SystemRoot\System32\Drivers\Null.SYS 0x90FF1000 \SystemRoot\System32\Drivers\Beep.SYS 0x8D1F4000 \SystemRoot\System32\drivers\vga.sys 0x8C9D0000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x8CE00000 \SystemRoot\System32\drivers\watchdog.sys 0x90FF8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x8D025000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8CFF4000 \SystemRoot\system32\drivers\rdprefmp.sys 0x8CA11000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8C9F1000 \SystemRoot\System32\Drivers\Npfs.SYS 0x91C20000 \SystemRoot\System32\drivers\tcpip.sys 0x91D69000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x91D9A000 \SystemRoot\system32\DRIVERS\tdx.sys 0x91DB1000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x91DBC000 \SystemRoot\System32\Drivers\avgtdix.sys 0x9281B000 \SystemRoot\System32\DRIVERS\netbt.sys 0x9284D000 \SystemRoot\system32\drivers\afd.sys 0x928A7000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x928AE000 \SystemRoot\system32\DRIVERS\pacer.sys 0x928CD000 \SystemRoot\system32\DRIVERS\vwififlt.sys 0x928DE000 \SystemRoot\system32\DRIVERS\netbios.sys 0x928EC000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x928FF000 \SystemRoot\system32\DRIVERS\termdd.sys 0x9290F000 \SystemRoot\System32\Drivers\SCDEmu.SYS 0x9291D000 \??\C:\windows\system32\Drivers\SABI.sys 0x92925000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x92966000 \SystemRoot\system32\drivers\nsiproxy.sys 0x92970000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x9297A000 \SystemRoot\System32\drivers\discache.sys 0x92986000 \SystemRoot\System32\Drivers\dfsc.sys 0x9299E000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x929AC000 \SystemRoot\System32\Drivers\avgmfx86.sys 0x929B2000 \SystemRoot\System32\Drivers\avgldx86.sys 0x92A18000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x94C32000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x956B0000 \SystemRoot\system32\DRIVERS\nvBridge.kmd 0x956B2000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x95769000 \SystemRoot\System32\drivers\dxgmms1.sys 0x957A2000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x957C1000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x92A39000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x92A84000 \SystemRoot\system32\DRIVERS\athr.sys 0x957D0000 \SystemRoot\system32\DRIVERS\vwifibus.sys 0x93218000 \SystemRoot\system32\DRIVERS\yk62x86.sys 0x93269000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x93281000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x9328E000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x932C8000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x932CA000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x932D7000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x932DD000 \SystemRoot\system32\DRIVERS\Impcd.sys 0x932FC000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x93300000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x93312000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x9331F000 \SystemRoot\system32\drivers\ScreamingBAudio.sys 0x9332C000 \SystemRoot\system32\drivers\portcls.sys 0x9335B000 \SystemRoot\system32\drivers\drmk.sys 0x93374000 \SystemRoot\system32\drivers\ks.sys 0x933A8000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x933BA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x933D2000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x933DD000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x93200000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x957DA000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x94C00000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x94C17000 \SystemRoot\system32\DRIVERS\vHidDev.sys 0x94C19000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x957F1000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x957F8000 \SystemRoot\system32\DRIVERS\swenum.sys 0x92BBE000 \SystemRoot\system32\DRIVERS\umbus.sys 0x9423E000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x94282000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x94293000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x9429E000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x942AA000 \SystemRoot\system32\drivers\nvhda32v.sys 0x96009000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x962DF000 \SystemRoot\system32\DRIVERS\udfs.sys 0x970B0000 \SystemRoot\System32\win32k.sys 0x9631F000 \SystemRoot\System32\drivers\Dxapi.sys 0x96329000 \SystemRoot\System32\Drivers\crashdmp.sys 0x90E1F000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x96336000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x96347000 \SystemRoot\system32\DRIVERS\monitor.sys 0x96352000 \SystemRoot\system32\drivers\dadder.sys 0x96355000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x97310000 \SystemRoot\System32\TSDDD.dll 0x97340000 \SystemRoot\System32\cdd.dll 0x97360000 \SystemRoot\System32\ATMFD.DLL 0x96360000 \SystemRoot\system32\drivers\btusbflt.sys 0x9636A000 \SystemRoot\System32\Drivers\BTHUSB.sys 0x9637C000 \SystemRoot\System32\Drivers\bthport.sys 0x963E0000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x942C7000 \SystemRoot\System32\Drivers\usbvideo.sys 0x942EB000 \SystemRoot\system32\DRIVERS\rfcomm.sys 0x9430F000 \SystemRoot\system32\DRIVERS\BthEnum.sys 0x9431C000 \SystemRoot\system32\DRIVERS\btwavdt.sys 0x92E0C000 \SystemRoot\system32\drivers\btwaudio.sys 0x92E8D000 \SystemRoot\system32\DRIVERS\btwl2cap.sys 0x92E98000 \SystemRoot\system32\DRIVERS\btwrchid.sys 0x92E9B000 \SystemRoot\system32\drivers\luafv.sys 0x92EB6000 \SystemRoot\system32\drivers\WudfPf.sys 0x92ED0000 \??\C:\Program Files\Sandboxie\SbieDrv.sys 0x92EEF000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x92EFF000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x92F45000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x92F55000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x92F68000 \SystemRoot\system32\drivers\HTTP.sys 0x9438F000 \SystemRoot\system32\DRIVERS\bowser.sys 0x92FED000 \SystemRoot\System32\drivers\mpsdrv.sys 0x943A8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x94200000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x943CB000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x9D232000 \SystemRoot\system32\drivers\peauth.sys 0x9D2C9000 \SystemRoot\System32\Drivers\secdrv.SYS 0x9D2D3000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x9D2F4000 \SystemRoot\System32\drivers\tcpipreg.sys 0x9D301000 \SystemRoot\System32\DRIVERS\srv2.sys 0x9D350000 \SystemRoot\System32\DRIVERS\srv.sys 0x9D3A1000 \SystemRoot\System32\drivers\ipnat.sys 0x9D200000 \SystemRoot\System32\Drivers\fastfat.SYS 0x9D3D0000 \??\C:\windows\system32\A6FD.tmp 0x771B0000 \Windows\System32\ntdll.dll 0x47B60000 \Windows\System32\smss.exe 0x773F0000 \Windows\System32\apisetschema.dll 0x00820000 \Windows\System32\autochk.exe 0x77380000 \Windows\System32\shlwapi.dll 0x77010000 \Windows\System32\setupapi.dll 0x772F0000 \Windows\System32\clbcatq.dll 0x76FF0000 \Windows\System32\imm32.dll 0x76F60000 \Windows\System32\oleaut32.dll 0x76F40000 \Windows\System32\sechost.dll 0x76EA0000 \Windows\System32\usp10.dll 0x76E50000 \Windows\System32\gdi32.dll 0x76E40000 \Windows\System32\nsi.dll 0x76DE0000 \Windows\System32\difxapi.dll 0x76DA0000 \Windows\System32\ws2_32.dll 0x76D90000 \Windows\System32\psapi.dll 0x76CB0000 \Windows\System32\kernel32.dll 0x76C10000 \Windows\System32\advapi32.dll 0x76A10000 \Windows\System32\iertutil.dll 0x75DC0000 \Windows\System32\shell32.dll 0x75D70000 \Windows\System32\Wldap32.dll 0x75D40000 \Windows\System32\imagehlp.dll 0x75C70000 \Windows\System32\user32.dll 0x75C60000 \Windows\System32\lpk.dll 0x75B60000 \Windows\System32\wininet.dll 0x75A90000 \Windows\System32\msctf.dll 0x75950000 \Windows\System32\urlmon.dll 0x758D0000 \Windows\System32\comdlg32.dll 0x75820000 \Windows\System32\msvcrt.dll 0x75810000 \Windows\System32\normaliz.dll 0x75760000 \Windows\System32\rpcrt4.dll 0x75600000 \Windows\System32\ole32.dll 0x75570000 \Windows\System32\comctl32.dll 0x75540000 \Windows\System32\cfgmgr32.dll 0x75420000 \Windows\System32\crypt32.dll 0x75400000 \Windows\System32\devobj.dll 0x753D0000 \Windows\System32\wintrust.dll 0x75380000 \Windows\System32\KernelBase.dll 0x75370000 \Windows\System32\msasn1.dll Processes (total 83): 0 System Idle Process 4 System 412 C:\Windows\System32\smss.exe 560 csrss.exe 628 C:\Windows\System32\wininit.exe 636 csrss.exe 684 C:\Windows\System32\services.exe 700 C:\Windows\System32\lsass.exe 708 C:\Windows\System32\lsm.exe 824 C:\Windows\System32\winlogon.exe 860 C:\Windows\System32\svchost.exe 920 C:\Windows\System32\nvvsvc.exe 960 C:\Windows\System32\svchost.exe 1032 C:\Windows\System32\svchost.exe 1072 C:\Windows\System32\svchost.exe 1112 C:\Windows\System32\svchost.exe 1256 C:\Windows\System32\svchost.exe 1344 C:\Program Files\Sandboxie\SbieSvc.exe 1356 C:\Windows\System32\nvvsvc.exe 1460 C:\Windows\System32\svchost.exe 1612 C:\Windows\System32\spoolsv.exe 1648 C:\Windows\System32\svchost.exe 1760 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1788 C:\Program Files\AVG\AVG9\avgwdsvc.exe 1824 C:\Program Files\Bonjour\mDNSResponder.exe 1848 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 1980 C:\Windows\System32\Rezip.exe 2024 C:\Program Files\CyberLink\Shared files\RichVideo.exe 500 C:\Windows\System32\svchost.exe 1192 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE 2124 C:\Program Files\AVG\AVG9\avgemc.exe 2400 C:\Program Files\AVG\AVG9\avgnsx.exe 2628 C:\Windows\System32\dwm.exe 2656 C:\Windows\explorer.exe 2704 C:\Windows\System32\taskhost.exe 2824 C:\Program Files\AVG\AVG9\avgcsrvx.exe 3008 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE 3080 C:\Windows\System32\alg.exe 3108 C:\Windows\System32\SearchIndexer.exe 3124 C:\Windows\System32\taskeng.exe 3240 C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe 3264 C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe 3288 C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe 3304 C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe 3388 C:\Program Files\AVG\AVG9\avgrsx.exe 3396 C:\Program Files\AVG\AVG9\avgchsvx.exe 3444 C:\Program Files\AVG\AVG9\avgcsrvx.exe 3972 C:\Windows\System32\svchost.exe 4016 C:\Windows\System32\svchost.exe 3660 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe 2372 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 3340 C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe 2080 C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe 3216 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 4176 C:\Program Files\AVG\AVG9\avgtray.exe 4192 C:\Program Files\Razer\DeathAdder\razerhid.exe 4212 C:\Program Files\Common Files\Java\Java Update\jusched.exe 4228 C:\Program Files\PowerISO\PWRISOVM.EXE 4404 C:\Program Files\iTunes\iTunesHelper.exe 4412 C:\Program Files\Razer\DeathAdder\razertra.exe 4600 C:\Program Files\Sandboxie\SbieCtrl.exe 4856 C:\Program Files\iPod\bin\iPodService.exe 4972 C:\Program Files\Razer\DeathAdder\razerofa.exe 5432 C:\Users\Samsung\AppData\Local\Google\Chrome\Application\chrome.exe 5520 C:\Users\Samsung\AppData\Local\Google\Chrome\Application\chrome.exe 5528 C:\Users\Samsung\AppData\Local\Google\Chrome\Application\chrome.exe 6128 C:\Program Files\Windows Media Player\wmpnetwk.exe 2696 C:\Users\Samsung\AppData\Local\Google\Chrome\Application\chrome.exe 5272 C:\Windows\System32\svchost.exe 4704 C:\Program Files\Spotify\spotify.exe 1900 C:\Steam\Steam.exe 4144 C:\Program Files\Common Files\Steam\SteamService.exe 6088 C:\Windows\System32\audiodg.exe 5776 C:\Users\Samsung\AppData\Local\Google\Chrome\Application\chrome.exe 5176 C:\Users\Samsung\AppData\Local\Google\Chrome\Application\chrome.exe 3368 Game.exe 3376 C:\Users\Samsung\AppData\Local\Google\Chrome\Application\chrome.exe 4736 C:\Windows\System32\SearchProtocolHost.exe 5564 C:\Windows\System32\SearchFilterHost.exe 6040 dllhost.exe 5652 dllhost.exe 3324 C:\Users\Samsung\Desktop\MBRCheck.exe 6140 C:\Windows\System32\conhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c6500000 (NTFS) PhysicalDrive0 Model Number: SAMSUNGHM500JI, Rev: 2AC101C4 Size Device Name MBR Status -------------------------------------------- 465 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: F5C09ACABD4A5370BDD907E8EDFE0C1DA0F9D3F5 Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Done! RkU Version: 3.8.388.590, Type LE (SR2) ============================================== OS Name: Windows 7 Version 6.1.7600 Number of processors #4 ============================================== >Drivers ============================================== 0x93E3D000 C:\windows\system32\DRIVERS\nvlddmkm.sys 11001856 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 258.96 ) 0x8361E000 C:\windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System) 0x8361E000 PnpManager 4259840 bytes 0x8361E000 RAW 4259840 bytes 0x8361E000 WMIxWDM 4259840 bytes 0x98431000 C:\windows\system32\drivers\RTKVHDA.sys 2973696 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver) 0x98B00000 Win32k 2400256 bytes 0x98B00000 C:\windows\System32\win32k.sys 2400256 bytes (Microsoft Corporation, Win32-drivrutin för flera användare) 0x9241F000 C:\windows\System32\Drivers\dump_iaStor.sys 1789952 bytes 0x8CC10000 C:\windows\system32\DRIVERS\iaStor.sys 1789952 bytes (Intel Corporation, Intel Rapid Storage Technology driver - x86) 0x9263A000 C:\windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP-drivrutin) 0x93A74000 C:\windows\system32\DRIVERS\athr.sys 1286144 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver) 0x8CE13000 C:\windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NTFS-drivrutin) 0x948BD000 C:\windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel) 0x8D03F000 C:\windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20-drivrutin) 0x8C90F000 C:\windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module) 0x9C83D000 C:\windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver) 0x83293000 C:\windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP-protokollstack) 0x9315F000 C:\windows\system32\drivers\btwaudio.sys 528384 bytes (Broadcom Corporation., Bluetooth Audio Device) 0x8C83C000 C:\windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library) 0x930EC000 C:\windows\system32\DRIVERS\btwavdt.sys 471040 bytes (Broadcom Corporation., Broadcom Bluetooth AVDT Service) 0x8CA0E000 C:\windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernellägesdrivrutin för Framework Runtime) 0x98796000 C:\windows\System32\Drivers\bthport.sys 409600 bytes (Microsoft Corporation, Bluetooth-bussdrivrutin) 0x8CF80000 C:\windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation) 0x9285C000 C:\windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock) 0x9C95B000 C:\windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver) 0x9343D000 C:\windows\system32\DRIVERS\yk62x86.sys 331776 bytes (-, -) 0x9C90C000 C:\windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver) 0x98DB0000 C:\windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver) 0x93A29000 C:\windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 portdrivrutin) 0x8CB4F000 C:\windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver) 0x8CA8D000 C:\windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI-drivrutin för NT) 0x8322A000 C:\windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport-drivrutin) 0x9301B000 C:\windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB) 0x8C8CD000 C:\windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver) 0x92934000 C:\windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Drivrutin för Redirected Drive Buffering SubSystem) 0x98711000 C:\windows\system32\DRIVERS\udfs.sys 262144 bytes (Microsoft Corporation, UDF File System Driver) 0x8D159000 C:\windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Drivrutin för skuggkopior av volymer) 0x8D0F6000 C:\windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem) 0x83366000 C:\windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr) 0x92600000 C:\windows\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher) 0x934B3000 C:\windows\system32\DRIVERS\SynTP.sys 237568 bytes (Synaptics Incorporated, Synaptics Touchpad Driver) 0x94974000 C:\windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS) 0x83A2E000 ACPI_HAL 225280 bytes 0x83A2E000 C:\windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL) 0x929C1000 C:\windows\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver) 0x8CBB9000 C:\windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Filterhanteraren för Microsofts filsystem) 0x93599000 C:\windows\system32\drivers\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library) 0x8D000000 C:\windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver) 0x9282A000 C:\windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver) 0x92783000 C:\windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API) 0x93551000 C:\windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices)) 0x8D1A0000 C:\windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver) 0x8CF42000 C:\windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider) 0x8CAE6000 C:\windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI-uppräknare) 0x9C9AC000 C:\windows\System32\drivers\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator) 0x8C9BA000 C:\windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll) 0x8D134000 C:\windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages) 0x930C8000 C:\windows\system32\DRIVERS\rfcomm.sys 147456 bytes (Microsoft Corporation, Bluetooth RFCOMM Driver) 0x930A4000 C:\windows\System32\Drivers\usbvideo.sys 147456 bytes (Microsoft Corporation, USB Video Class Driver) 0x8CDCE000 C:\windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension) 0x83343000 C:\windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr) 0x9340B000 C:\windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption)) 0x9C8DE000 C:\windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver) 0x92800000 C:\windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface-drivrutin) 0x8C9DF000 C:\windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver) 0x92400000 C:\windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver) 0x949AD000 C:\windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver) 0x93502000 C:\windows\system32\DRIVERS\Impcd.sys 126976 bytes (Intel Corporation, Intel® Turbo Boost Technology Driver) 0x928BD000 C:\windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler) 0x93E00000 C:\Program Files\Sandboxie\SbieDrv.sys 126976 bytes (tzuk, Sandboxie Kernel Mode Driver) 0x98D90000 C:\windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver) 0x93087000 C:\windows\system32\drivers\nvhda32v.sys 118784 bytes (NVIDIA Corporation, NVIDIA HDMI Audio Driver) 0x93000000 C:\windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, Filterdrivrutin för LUA-filvirtualisering) 0x833A1000 C:\windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector) 0x949DB000 C:\windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver) 0x83318000 C:\windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver) 0x93580000 C:\windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers) 0x92995000 C:\windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver) 0x9348E000 C:\windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, Drivrutin för i8042 Port) 0x935DF000 C:\windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver) 0x93BB8000 C:\windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver) 0x93BD0000 C:\windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol) 0x93BE7000 C:\windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager) 0x927B4000 C:\windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver) 0x98400000 C:\windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver) 0x8CB9A000 C:\windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager) 0x93A00000 C:\windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library) 0x8CF6D000 C:\windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface) 0x83280000 C:\windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6) 0x928FB000 C:\windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver) 0x935CD000 C:\windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager) 0x98784000 C:\windows\System32\Drivers\BTHUSB.sys 73728 bytes (Microsoft Corporation, Bluetooth Miniport Driver) 0x93525000 C:\windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver) 0x83331000 C:\windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver) 0x8D1E5000 C:\windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver) 0x9875E000 C:\windows\System32\Drivers\dump_dumpfve.sys 69632 bytes 0x8CBED000 C:\windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver) 0x9305F000 C:\windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy) 0x8CB1B000 C:\windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver) 0x8C8B4000 C:\windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Plattformsspecifik drivrutin för maskinvarufel) 0x928DC000 C:\windows\system32\DRIVERS\vwififlt.sys 69632 bytes (Microsoft Corporation, Virtual WiFi Filter Driver) 0x931EB000 C:\windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver) 0x8D1CD000 C:\windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver) 0x83270000 C:\windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, I/O-drivrutin för NDIS-användarläge) 0x9290E000 C:\windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver) 0x8CB3F000 C:\windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver) 0x949CC000 C:\windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver) 0x929AD000 C:\windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver) 0x928ED000 C:\windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver) 0x8C80B000 C:\windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver) 0x8CC00000 C:\windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension) 0x8CFDD000 C:\windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver) 0x9291E000 C:\windows\System32\Drivers\SCDEmu.SYS 57344 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive) 0x93A13000 C:\windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator) 0x8CA7F000 C:\windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader) 0x98417000 C:\windows\system32\DRIVERS\BthEnum.sys 53248 bytes (Microsoft Corporation, Bluetooth Bus Extender) 0x93537000 C:\windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator) 0x98751000 C:\windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver) 0x934A6000 C:\windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Tangentbordsklassdrivrutin) 0x934EF000 C:\windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Musklassdrivrutin) 0x93544000 C:\windows\system32\drivers\ScreamingBAudio.sys 53248 bytes (Screaming Bee LLC, Screaming Bee Audio Driver) 0x9C8FF000 C:\windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver) 0x8CE00000 C:\windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver) 0x92989000 C:\windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver) 0x9307B000 C:\windows\system32\DRIVERS\kbdhid.sys 49152 bytes (Microsoft Corporation, Filterdrivrutin för HID-tangentbord) 0x8CFF4000 C:\windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver) 0x8CB34000 C:\windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver) 0x98424000 C:\windows\system32\DRIVERS\btwl2cap.sys 45056 bytes (Broadcom Corporation., Broadcom Bluetooth L2CAP Service) 0x931E0000 C:\windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices) 0x9876F000 C:\windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver) 0x93070000 C:\windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, Filterdrivrutin för HID-mus) 0x8C800000 C:\windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver) 0x93400000 C:\windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver) 0x927CB000 C:\windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper) 0x8CB10000 C:\windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Rotnumrerare för virtuell enhet) 0x9877A000 C:\windows\system32\drivers\btusbflt.sys 40960 bytes (Broadcom Corporation., Widcomm Bluetooth USB Filter for Windows XP) 0x98707000 C:\windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver) 0x8CDF1000 C:\windows\system32\DRIVERS\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver) 0x9297F000 C:\windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver) 0x92975000 C:\windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy) 0x9C8D4000 C:\windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver) 0x93BAE000 C:\windows\system32\DRIVERS\vwifibus.sys 40960 bytes (Microsoft Corporation, Virtuell WiFi-bussdrivrutin) 0x8CBB0000 C:\windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver) 0x8CDC5000 C:\windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver) 0x8CFEB000 C:\windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver) 0x9C9D2000 C:\windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver) 0x98D60000 C:\windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver) 0x8CAD5000 C:\windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll) 0x8C8C5000 C:\windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver) 0x8CB2C000 C:\windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver) 0x8D1DD000 C:\windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver) 0x80BAB000 C:\windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger) 0x8CADE000 C:\windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver) 0x925F7000 C:\windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport) 0x8D1F6000 C:\windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport) 0x8CA00000 C:\windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport) 0x9292C000 C:\windows\system32\Drivers\SABI.sys 32768 bytes (SAMSUNG ELECTRONICS, SAMSUNG Kernel Driver) 0x8D198000 C:\windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor) 0x925F0000 C:\windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver) 0x9342F000 C:\windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library) 0x925E9000 C:\windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver) 0x928B6000 C:\windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver) 0x929BB000 C:\windows\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver) 0x934FC000 C:\windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter) 0x93521000 C:\windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver) 0x987FA000 C:\windows\system32\DRIVERS\btwrchid.sys 12288 bytes (Broadcom Corporation., Bluetooth Remote Control HID Minidriver) 0x987FD000 C:\windows\system32\drivers\dadder.sys 12288 bytes (Razer (Asia-Pacific) Pte Ltd, Razer Habu USB Optical Mouse Driver) 0x948BB000 C:\windows\system32\DRIVERS\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 258.96 ) 0x93436000 C:\windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator) 0x934ED000 C:\windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver) 0x9342D000 C:\windows\system32\DRIVERS\vHidDev.sys 8192 bytes (Windows ® Win 7 DDK provider, Virtual Hid Device) ============================================== >Stealth ============================================== ============================================== >Hooks ============================================== Device object-->ParseProcedure, Type: Kernel Object [unknown_code_page] File object-->ParseProcedure, Type: Kernel Object [unknown_code_page] Key object-->ParseProcedure, Type: Kernel Object [unknown_code_page] LpcPort object-->OpenProcedure, Type: Kernel Object [unknown_code_page] ntkrnlpa.exe-->NtAlpcSendWaitReceivePort, Type: Inline - RelativeJump 0x83893135-->805B1DE0 [unknown_code_page] ntkrnlpa.exe-->NtRequestPort, Type: Inline - RelativeJump 0x838A8DC3-->805B1CA0 [unknown_code_page] ntkrnlpa.exe-->NtRequestWaitReplyPort, Type: Inline - RelativeJump 0x83894B5D-->805B1D40 [unknown_code_page] ntkrnlpa.exe-->NtTraceEvent, Type: Inline - RelativeJump 0x83650E34-->805B1C00 [unknown_code_page] Section object-->OpenProcedure, Type: Kernel Object [unknown_code_page] !!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)
  5. Niki
    RkU Version: 3.8.388.590, Type LE (SR2) ============================================== OS Name: Windows 7 Version 6.1.7600 Number of processors #4 ============================================== >Drivers ============================================== 0x94C32000 C:\windows\system32\DRIVERS\nvlddmkm.sys 11001856 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 258.96 ) 0x83611000 C:\windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System) 0x83611000 PnpManager 4259840 bytes 0x83611000 RAW 4259840 bytes 0x83611000 WMIxWDM 4259840 bytes 0x96009000 C:\windows\system32\drivers\RTKVHDA.sys 2973696 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver) 0x970B0000 Win32k 2400256 bytes 0x970B0000 C:\windows\System32\win32k.sys 2400256 bytes (Microsoft Corporation, Win32-drivrutin för flera användare) 0x90E1F000 C:\windows\System32\Drivers\dump_iaStor.sys 1789952 bytes 0x8CC15000 C:\windows\system32\DRIVERS\iaStor.sys 1789952 bytes (Intel Corporation, Intel Rapid Storage Technology driver - x86) 0x91C20000 C:\windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP-drivrutin) 0x92A84000 C:\windows\system32\DRIVERS\athr.sys 1286144 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver) 0x8CE13000 C:\windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NTFS-drivrutin) 0x956B2000 C:\windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel) 0x8D030000 C:\windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20-drivrutin) 0x8C8F3000 C:\windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module) 0x9D232000 C:\windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver) 0x92F68000 C:\windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP-protokollstack) 0x92E0C000 C:\windows\system32\drivers\btwaudio.sys 528384 bytes (Broadcom Corporation., Bluetooth Audio Device) 0x8C820000 C:\windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library) 0x9431C000 C:\windows\system32\DRIVERS\btwavdt.sys 471040 bytes (Broadcom Corporation., Broadcom Bluetooth AVDT Service) 0x8CA1E000 C:\windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernellägesdrivrutin för Framework Runtime) 0x9637C000 C:\windows\System32\Drivers\bthport.sys 409600 bytes (Microsoft Corporation, Bluetooth-bussdrivrutin) 0x8CF80000 C:\windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation) 0x9284D000 C:\windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock) 0x9D350000 C:\windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver) 0x93218000 C:\windows\system32\DRIVERS\yk62x86.sys 331776 bytes (-, -) 0x9D301000 C:\windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver) 0x97360000 C:\windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver) 0x92A39000 C:\windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 portdrivrutin) 0x8CB5F000 C:\windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver) 0x8CA9D000 C:\windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI-drivrutin för NT) 0x92EFF000 C:\windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport-drivrutin) 0x9423E000 C:\windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB) 0x8C8B1000 C:\windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver) 0x92925000 C:\windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Drivrutin för Redirected Drive Buffering SubSystem) 0x962DF000 C:\windows\system32\DRIVERS\udfs.sys 262144 bytes (Microsoft Corporation, UDF File System Driver) 0x8D14A000 C:\windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Drivrutin för skuggkopior av volymer) 0x8D0E7000 C:\windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem) 0x94200000 C:\windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr) 0x91DBC000 C:\windows\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher) 0x9328E000 C:\windows\system32\DRIVERS\SynTP.sys 237568 bytes (Synaptics Incorporated, Synaptics Touchpad Driver) 0x95769000 C:\windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS) 0x83A21000 ACPI_HAL 225280 bytes 0x83A21000 C:\windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL) 0x929B2000 C:\windows\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver) 0x8CBC9000 C:\windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Filterhanteraren för Microsofts filsystem) 0x93374000 C:\windows\system32\drivers\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library) 0x8C99E000 C:\windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver) 0x9281B000 C:\windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver) 0x91D69000 C:\windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API) 0x9332C000 C:\windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices)) 0x8D191000 C:\windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver) 0x8CF42000 C:\windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider) 0x9D200000 C:\windows\System32\Drivers\fastfat.SYS 172032 bytes (Microsoft Corporation, Fast FAT File System Driver) 0x8CAF6000 C:\windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI-uppräknare) 0x9D3A1000 C:\windows\System32\drivers\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator) 0x8D000000 C:\windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll) 0x8D125000 C:\windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages) 0x942EB000 C:\windows\system32\DRIVERS\rfcomm.sys 147456 bytes (Microsoft Corporation, Bluetooth RFCOMM Driver) 0x942C7000 C:\windows\System32\Drivers\usbvideo.sys 147456 bytes (Microsoft Corporation, USB Video Class Driver) 0x8CDD3000 C:\windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension) 0x943A8000 C:\windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr) 0x933DD000 C:\windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption)) 0x9D2D3000 C:\windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver) 0x92A18000 C:\windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface-drivrutin) 0x8C9D0000 C:\windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver) 0x90E00000 C:\windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver) 0x957A2000 C:\windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver) 0x932DD000 C:\windows\system32\DRIVERS\Impcd.sys 126976 bytes (Intel Corporation, Intel® Turbo Boost Technology Driver) 0x928AE000 C:\windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler) 0x92ED0000 C:\Program Files\Sandboxie\SbieDrv.sys 126976 bytes (tzuk, Sandboxie Kernel Mode Driver) 0x97340000 C:\windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver) 0x942AA000 C:\windows\system32\drivers\nvhda32v.sys 118784 bytes (NVIDIA Corporation, NVIDIA HDMI Audio Driver) 0x92E9B000 C:\windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, Filterdrivrutin för LUA-filvirtualisering) 0x943CB000 C:\windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector) 0x92EB6000 C:\windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver) 0x9438F000 C:\windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver) 0x9335B000 C:\windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers) 0x92986000 C:\windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver) 0x93269000 C:\windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, Drivrutin för i8042 Port) 0x933BA000 C:\windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver) 0x93200000 C:\windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver) 0x957DA000 C:\windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol) 0x94C00000 C:\windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager) 0x91D9A000 C:\windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver) 0x963E0000 C:\windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver) 0x8CBAA000 C:\windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager) 0x94C19000 C:\windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library) 0x8CF6D000 C:\windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface) 0x92F55000 C:\windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6) 0x928EC000 C:\windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver) 0x933A8000 C:\windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager) 0x9636A000 C:\windows\System32\Drivers\BTHUSB.sys 73728 bytes (Microsoft Corporation, Bluetooth Miniport Driver) 0x93300000 C:\windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver) 0x92FED000 C:\windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver) 0x8D1D6000 C:\windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver) 0x96336000 C:\windows\System32\Drivers\dump_dumpfve.sys 69632 bytes 0x8CA00000 C:\windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver) 0x94282000 C:\windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy) 0x8CB2B000 C:\windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver) 0x8C898000 C:\windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Plattformsspecifik drivrutin för maskinvarufel) 0x928CD000 C:\windows\system32\DRIVERS\vwififlt.sys 69632 bytes (Microsoft Corporation, Virtual WiFi Filter Driver) 0x92EEF000 C:\windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver) 0x8D1BE000 C:\windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver) 0x92F45000 C:\windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, I/O-drivrutin för NDIS-användarläge) 0x928FF000 C:\windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver) 0x8CB4F000 C:\windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver) 0x957C1000 C:\windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver) 0x9299E000 C:\windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver) 0x928DE000 C:\windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver) 0x8C9F1000 C:\windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver) 0x8CC00000 C:\windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension) 0x8CFDD000 C:\windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver) 0x9290F000 C:\windows\System32\Drivers\SCDEmu.SYS 57344 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive) 0x92BBE000 C:\windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator) 0x8CA8F000 C:\windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader) 0x9430F000 C:\windows\system32\DRIVERS\BthEnum.sys 53248 bytes (Microsoft Corporation, Bluetooth Bus Extender) 0x93312000 C:\windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator) 0x96329000 C:\windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver) 0x93281000 C:\windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Tangentbordsklassdrivrutin) 0x932CA000 C:\windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Musklassdrivrutin) 0x9331F000 C:\windows\system32\drivers\ScreamingBAudio.sys 53248 bytes (Screaming Bee LLC, Screaming Bee Audio Driver) 0x9D2F4000 C:\windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver) 0x8CE00000 C:\windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver) 0x9297A000 C:\windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver) 0x9429E000 C:\windows\system32\DRIVERS\kbdhid.sys 49152 bytes (Microsoft Corporation, Filterdrivrutin för HID-tangentbord) 0x8D1F4000 C:\windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver) 0x8CB44000 C:\windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver) 0x92E8D000 C:\windows\system32\DRIVERS\btwl2cap.sys 45056 bytes (Broadcom Corporation., Broadcom Bluetooth L2CAP Service) 0x96355000 C:\windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices) 0x96347000 C:\windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver) 0x94293000 C:\windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, Filterdrivrutin för HID-mus) 0x8CA11000 C:\windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver) 0x933D2000 C:\windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver) 0x91DB1000 C:\windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper) 0x8CB20000 C:\windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Rotnumrerare för virtuell enhet) 0x96360000 C:\windows\system32\drivers\btusbflt.sys 40960 bytes (Broadcom Corporation., Widcomm Bluetooth USB Filter for Windows XP) 0x9631F000 C:\windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver) 0x8CDF6000 C:\windows\system32\DRIVERS\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver) 0x92970000 C:\windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver) 0x92966000 C:\windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy) 0x9D2C9000 C:\windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver) 0x957D0000 C:\windows\system32\DRIVERS\vwifibus.sys 40960 bytes (Microsoft Corporation, Virtuell WiFi-bussdrivrutin) 0x8CBC0000 C:\windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver) 0x8CDCA000 C:\windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver) 0x8CFEB000 C:\windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver) 0x9D3C7000 C:\windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver) 0x97310000 C:\windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver) 0x8CAE5000 C:\windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll) 0x8C8A9000 C:\windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver) 0x8CB3C000 C:\windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver) 0x8D1CE000 C:\windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver) 0x80BBA000 C:\windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger) 0x8CAEE000 C:\windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver) 0x90FF8000 C:\windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport) 0x8D025000 C:\windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport) 0x8CFF4000 C:\windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport) 0x9291D000 C:\windows\system32\Drivers\SABI.sys 32768 bytes (SAMSUNG ELECTRONICS, SAMSUNG Kernel Driver) 0x8D189000 C:\windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor) 0x90FF1000 C:\windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver) 0x957F1000 C:\windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library) 0x90FEA000 C:\windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver) 0x928A7000 C:\windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver) 0x929AC000 C:\windows\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver) 0x932D7000 C:\windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter) 0x932FC000 C:\windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver) 0x92E98000 C:\windows\system32\DRIVERS\btwrchid.sys 12288 bytes (Broadcom Corporation., Bluetooth Remote Control HID Minidriver) 0x96352000 C:\windows\system32\drivers\dadder.sys 12288 bytes (Razer (Asia-Pacific) Pte Ltd, Razer Habu USB Optical Mouse Driver) 0x956B0000 C:\windows\system32\DRIVERS\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 258.96 ) 0x957F8000 C:\windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator) 0x932C8000 C:\windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver) 0x94C17000 C:\windows\system32\DRIVERS\vHidDev.sys 8192 bytes (Windows ® Win 7 DDK provider, Virtual Hid Device) ============================================== >Stealth ============================================== 0xAD62FF2E Unknown thread object [ ETHREAD 0x86116AE0 ] , 600 bytes ============================================== >Files ============================================== !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00363b !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00363c !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00363d !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00363e !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00363f !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003640 !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003641 !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003642 !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003643 !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003644 !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003645 !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003646 !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003647 !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003648 !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003649 !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00364a !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00364b !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\D053.tmp !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\D054.tmp !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\D055.tmp !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\D056.tmp !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\D066.tmp !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\D067.tmp !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\D068.tmp !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\D069.tmp !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\D06A.tmp !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\D07B.tmp !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\2623.tmp !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\2634.tmp !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\2635.tmp !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\2636.tmp !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\2646.tmp !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\2647.tmp !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\2648.tmp !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\2659.tmp !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\265A.tmp !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\265B.tmp !-->[Hidden] C:\Users\Samsung\AppData\Local\Spotify\Storage\2e\2edc579d13ca0e4c80f5878d4aa17f2bd88f0192.file::$DATA !-->[Hidden] C:\Users\Samsung\AppData\Local\Spotify\Storage\32\324e138350b9b4d8c024c43842855ad7e4f77fde.file::$DATA !-->[Hidden] C:\Users\Samsung\AppData\Local\Spotify\Storage\4f\4f4adfc55cffc09a6d149aa9f83ef0e968c560d9.file::$DATA !-->[Hidden] C:\Users\Samsung\AppData\Local\Spotify\Storage\6f\6f8186bb17c4d0a060e612fd7694ee1006cd87a6.file::$DATA !-->[Hidden] C:\Users\Samsung\AppData\Local\Spotify\Storage\9a\9aa6f4ffd17e0a45faecdf62bac6412265addd0d.file::$DATA !-->[Hidden] C:\Users\Samsung\AppData\Local\Spotify\Storage\bc\bcac4534e5b4b3191bdfb091c8bc46fb112e99d1.file::$DATA !-->[Hidden] C:\Users\Samsung\AppData\Local\Spotify\Storage\be\beca8b94296360dee59e186cf626e9bfeb1dad9f.file::$DATA !-->[Hidden] C:\Users\Samsung\AppData\Local\Spotify\Storage\d1\d12c41767e29ed0582260fbc75d29912cd040c98.file::$DATA !-->[Hidden] C:\Users\Samsung\AppData\Local\Spotify\Storage\da\da1c7b7d092ec3fdfd329af3a6da8e7d5b785d9a.file::$DATA !-->[Hidden] C:\Users\Samsung\AppData\Local\Spotify\Storage\e5\e50416add6c45c838f8eea98efd556f6f1b58802.file::$DATA !-->[Hidden] C:\Users\Samsung\AppData\Local\Spotify\Storage\f4\f4935ac2ae9d4b4a6ee6ca3adf59d77a05c4147c.file::$DATA !-->[Hidden] C:\Users\Samsung\AppData\Local\Spotify\Storage\f8\f8905ff75030dc684442640efd7a1bcdb8fd1154.file::$DATA ============================================== >Hooks ============================================== Device object-->ParseProcedure, Type: Kernel Object [unknown_code_page] File object-->ParseProcedure, Type: Kernel Object [unknown_code_page] Key object-->ParseProcedure, Type: Kernel Object [unknown_code_page] LpcPort object-->OpenProcedure, Type: Kernel Object [unknown_code_page] ntkrnlpa.exe-->NtAlpcSendWaitReceivePort, Type: Inline - RelativeJump 0x83886135-->97ED0DE0 [unknown_code_page] ntkrnlpa.exe-->NtRequestPort, Type: Inline - RelativeJump 0x8389BDC3-->97ED0CA0 [unknown_code_page] ntkrnlpa.exe-->NtRequestWaitReplyPort, Type: Inline - RelativeJump 0x83887B5D-->97ED0D40 [unknown_code_page] ntkrnlpa.exe-->NtTraceEvent, Type: Inline - RelativeJump 0x83643E34-->97ED0C00 [unknown_code_page] Section object-->OpenProcedure, Type: Kernel Object [unknown_code_page] [2696]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x771F5206-->00000000 [shell32.dll] [2696]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x771F5296-->00000000 [shell32.dll] [2696]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x771F5456-->00000000 [shell32.dll] [4988]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x771F5206-->00000000 [shell32.dll] [4988]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x771F5296-->00000000 [shell32.dll] [4988]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x771F5456-->00000000 [shell32.dll] [5520]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x771F5206-->00000000 [shell32.dll] [5520]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x771F5296-->00000000 [shell32.dll] [5520]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x771F5456-->00000000 [shell32.dll] [5528]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x771F5206-->00000000 [shell32.dll] [5528]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x771F5296-->00000000 [shell32.dll] [5528]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x771F5456-->00000000 [shell32.dll] !!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)
  6. Niki
    Qoobox Det ska jag definitivt göra! Återkommer när det är klart. Verkar ta sin lilla stund.
  7. Niki
    c:\windows\uninst.exe File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis: MD5: 72827d5d38d38a46231cb38e1f3fc5e3 Date first seen: 2008-12-23 08:46:02 (UTC) Date last seen: 2010-08-25 02:15:04 (UTC) Detection ratio: 0/40 c:\programdata\nvUnsupRes.dat 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware. File name: nvUnsupRes.dat Submission date: 2010-09-16 16:44:13 (UTC) Current status: finished Result: 0/ 43 (0.0%) VT Community not reviewed Safety score: - Compact Print results Antivirus Version Last Update Result AhnLab-V3 2010.09.16.01 2010.09.16 - AntiVir 8.2.4.52 2010.09.16 - Antiy-AVL 2.0.3.7 2010.09.16 - Authentium 5.2.0.5 2010.09.16 - Avast 4.8.1351.0 2010.09.16 - Avast5 5.0.594.0 2010.09.16 - AVG 9.0.0.851 2010.09.16 - BitDefender 7.2 2010.09.16 - CAT-QuickHeal 11.00 2010.09.16 - ClamAV 0.96.2.0-git 2010.09.16 - Comodo 6099 2010.09.16 - DrWeb 5.0.2.03300 2010.09.16 - Emsisoft 5.0.0.37 2010.09.16 - eSafe 7.0.17.0 2010.09.15 - eTrust-Vet 36.1.7859 2010.09.16 - F-Prot 4.6.1.107 2010.09.16 - F-Secure 9.0.15370.0 2010.09.16 - Fortinet 4.1.143.0 2010.09.16 - GData 21 2010.09.16 - Ikarus T3.1.1.88.0 2010.09.16 - Jiangmin 13.0.900 2010.09.16 - K7AntiVirus 9.63.2533 2010.09.16 - Kaspersky 7.0.0.125 2010.09.16 - McAfee 5.400.0.1158 2010.09.16 - McAfee-GW-Edition 2010.1C 2010.09.16 - Microsoft 1.6103 2010.09.16 - NOD32 5455 2010.09.16 - Norman 6.06.06 2010.09.16 - nProtect 2010-09-16.02 2010.09.16 - Panda 10.0.2.7 2010.09.16 - PCTools 7.0.3.5 2010.09.16 - Prevx 3.0 2010.09.16 - Rising 22.65.03.04 2010.09.16 - Sophos 4.57.0 2010.09.16 - Sunbelt 6877 2010.09.16 - SUPERAntiSpyware 4.40.0.1006 2010.09.16 - Symantec 20101.1.1.7 2010.09.16 - TheHacker 6.7.0.0.020 2010.09.16 - TrendMicro 9.120.0.1004 2010.09.16 - TrendMicro-HouseCall 9.120.0.1004 2010.09.16 - VBA32 3.12.14.0 2010.09.16 - ViRobot 2010.8.25.4006 2010.09.16 - VirusBuster 12.65.10.0 2010.09.16 - Additional informationShow all MD5 : ff0708d38778c50a1eca8ac0b361893a SHA1 : ba3d980f7b9f5c6abf0bba038ba4c9d448bc894f SHA256: c2933e79ea37c2d7b97be672f336dfcc338248e06d9dc16d635b828225f9bfdd ---------------------------------------------------------------------------------- Min uppkoppling verkar vara OK nu. Men det går i perioder..
  8. Niki
    Japp det är en Samsung R780 laptop. Japp jag har installerat det. Dock kan det vara så att jag var lat och googlade Ventrilomix. Och att jag inte tog en säker källa.
  9. Niki
    ComboFix: ComboFix 10-09-15.02 - Samsung 2010-09-16 17:51:26.1.4 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.46.1053.18.3566.2595 [GMT 2:00] Körs från: c:\users\Samsung\Desktop\ComboFix.exe * Skapade en ny återställningspunkt . ((((((((((((((((((((((((((((((((((((((( Andra raderingar )))))))))))))))))))))))))))))))))))))))))))))))) . c:\programdata\FullRemove.exe c:\users\Samsung\AppData\Roaming\Microsoft\taskeng.exe c:\users\Samsung\AppData\Roaming\Microsoft\Windows\Templates\taskeng.exe c:\windows\SEC c:\windows\SEC\172100logo.bmp c:\windows\SEC\banner.png c:\windows\SEC\Computer.png c:\windows\SEC\Media _S_ Logo.png c:\windows\SEC\Samsung.png c:\windows\SEC\Samsung2.png c:\windows\SEC\SamsungLogo.png c:\windows\SEC\Thumbs.db c:\windows\SEC\Wallpapers\Thumbs.db c:\windows\SEC\Wallpapers\wallpaper.jpg c:\windows\SEC\Wallpapers\wallpaper1.jpg c:\windows\SEC\Wallpapers\Wallpaper2.jpg c:\windows\system32\tmp.reg c:\windows\system32\vbzlib1.dll . (((((((((((((((((((((((( Filer Skapade från 2010-08-16 till 2010-09-16 )))))))))))))))))))))))))))))) . 2010-09-15 18:27 . 2010-09-15 18:27 -------- d-----w- c:\users\Samsung\AppData\Roaming\Malwarebytes 2010-09-15 18:27 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-09-15 18:27 . 2010-09-15 18:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-09-15 18:27 . 2010-09-15 18:27 -------- d-----w- c:\programdata\Malwarebytes 2010-09-15 18:27 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-15 01:00 . 2010-09-15 01:02 -------- d-----w- C:\05001902cdbcc91ca822668e3774 2010-09-14 22:28 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe 2010-09-13 18:40 . 2010-09-13 18:40 -------- d-----w- c:\users\Samsung\AppData\Roaming\StealthBot 2010-09-13 18:40 . 2010-09-13 18:40 7358 ----a-r- c:\users\Samsung\AppData\Roaming\Microsoft\Installer\{C05DEB30-501D-4106-958D-C5E147D2BF7E}\_7a653c12.exe 2010-09-13 18:40 . 2010-09-13 18:40 7358 ----a-r- c:\users\Samsung\AppData\Roaming\Microsoft\Installer\{C05DEB30-501D-4106-958D-C5E147D2BF7E}\_3c6a7f4.exe 2010-09-13 18:40 . 2010-09-13 18:40 -------- d-----w- C:\Stealthbot 2010-09-12 09:13 . 2010-09-12 11:24 -------- d-----w- c:\users\Samsung\AppData\Roaming\vlc 2010-09-12 08:00 . 1998-02-06 20:37 299520 ----a-w- c:\windows\uninst.exe 2010-09-12 07:57 . 2010-09-12 07:57 -------- d-----w- c:\program files\Your Freedom 2010-09-05 14:27 . 2010-09-05 14:27 -------- d-----w- c:\program files\iPod 2010-09-05 14:27 . 2010-09-05 14:27 -------- d-----w- c:\program files\iTunes 2010-09-05 14:25 . 2010-09-05 14:26 -------- d-----w- c:\program files\QuickTime 2010-09-05 14:24 . 2010-09-05 14:24 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe 2010-08-30 21:01 . 2010-08-30 21:01 -------- d-----w- c:\users\Samsung\AppData\Local\Boss Media 2010-08-30 21:01 . 2010-08-30 21:01 -------- d-----w- c:\programdata\Boss Media 2010-08-30 21:01 . 2010-08-30 21:01 -------- d-----w- C:\Svenska Spels Poker 2010-08-26 10:22 . 2010-08-26 10:22 -------- d-----w- c:\programdata\Office Genuine Advantage 2010-08-25 20:38 . 2010-08-25 20:38 -------- d-----w- c:\users\Samsung\AppData\Roaming\AVG9 2010-08-25 13:43 . 2010-08-25 13:43 -------- d-----w- c:\program files\Gabest 2010-08-24 21:12 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll 2010-08-24 08:13 . 2010-08-24 08:13 -------- d-----w- C:\Ventrilo 3.0.5 2010-08-24 08:13 . 2010-08-24 08:13 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-08-23 06:41 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll 2010-08-23 06:41 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys 2010-08-23 06:40 . 2010-05-09 09:14 641536 ----a-w- c:\windows\system32\CPFilters.dll 2010-08-23 06:40 . 2010-05-09 09:14 417792 ----a-w- c:\windows\system32\msdri.dll 2010-08-23 06:40 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll 2010-08-23 06:40 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2010-08-23 06:40 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp.dll 2010-08-23 06:40 . 2010-01-18 23:29 365568 ----a-w- c:\windows\system32\secproc_isv.dll 2010-08-23 06:40 . 2010-01-18 23:29 369152 ----a-w- c:\windows\system32\secproc.dll 2010-08-23 06:40 . 2010-01-18 23:28 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe 2010-08-23 06:40 . 2010-01-18 23:28 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2010-08-23 06:40 . 2010-01-18 23:28 320512 ----a-w- c:\windows\system32\RMActivate.exe 2010-08-23 06:40 . 2010-01-18 23:28 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2010-08-22 18:53 . 2010-08-22 18:53 -------- d-----w- c:\users\Samsung\AppData\Roaming\dvdcss 2010-08-20 10:36 . 2010-08-20 10:36 -------- d-----w- c:\program files\Screaming Bee LLC 2010-08-20 10:31 . 2010-08-20 10:31 -------- d-----w- c:\users\Samsung\AppData\Local\IsolatedStorage 2010-08-20 10:30 . 2010-08-20 10:30 -------- d-----w- C:\MorphVOX Pro 2010-08-20 10:27 . 2010-08-20 10:45 -------- d-----w- c:\program files\Screaming Bee 2010-08-20 07:38 . 2010-08-20 07:45 -------- d-----w- c:\users\Samsung\AppData\Roaming\Screaming Bee 2010-08-20 07:38 . 2010-08-20 10:31 -------- d-----w- c:\programdata\Screaming Bee 2010-08-19 15:39 . 2010-08-19 15:39 -------- d-----w- c:\users\Samsung\AppData\Local\Diagnostics 2010-08-19 15:17 . 2010-08-19 15:17 -------- d-----w- c:\program files\SpotifyRemotelessHelper . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-16 15:24 . 2010-08-01 17:59 -------- d-----w- c:\users\Samsung\AppData\Roaming\uTorrent 2010-09-16 15:05 . 2010-08-01 14:36 -------- d-----w- c:\program files\Common Files\Steam 2010-09-16 04:40 . 2010-08-02 19:06 261 ----a-w- c:\programdata\nvUnsupRes.dat 2010-09-15 21:33 . 2010-08-01 15:03 -------- d-----w- c:\users\Samsung\AppData\Roaming\Spotify 2010-09-15 21:16 . 2010-08-15 16:59 -------- d-----w- c:\users\Samsung\AppData\Roaming\Mumble 2010-09-15 01:18 . 2010-03-10 20:50 -------- d-----w- c:\program files\Microsoft Silverlight 2010-09-15 01:02 . 2010-03-10 20:43 -------- d-----w- c:\programdata\Microsoft Help 2010-09-14 22:58 . 2010-08-12 16:20 -------- d-----w- c:\program files\DsNET Corp 2010-09-12 11:24 . 2010-09-12 09:13 -------- d-----w- c:\users\Samsung\AppData\Roaming\vlc 2010-09-06 18:05 . 2010-03-10 20:37 -------- d-----w- c:\program files\Common Files\Adobe 2010-09-05 14:29 . 2010-01-05 11:09 -------- d-----w- c:\programdata\Partner 2010-09-05 14:27 . 2010-08-14 18:48 -------- d-----w- c:\program files\Common Files\Apple 2010-09-03 19:42 . 2010-01-06 04:20 617470 ----a-w- c:\windows\system32\perfh01D.dat 2010-09-03 19:42 . 2010-01-06 04:20 120802 ----a-w- c:\windows\system32\perfc01D.dat 2010-08-26 17:18 . 2010-03-10 20:47 85408 ----a-w- c:\users\Samsung\AppData\Local\GDIPFONTCACHEV1.DAT 2010-08-25 12:24 . 2010-03-10 20:48 -------- d-----w- c:\program files\Microsoft 2010-08-24 08:14 . 2010-08-01 17:26 -------- d-----w- c:\users\Samsung\AppData\Roaming\Ventrilo 2010-08-18 14:34 . 2010-08-14 18:50 -------- d-----w- c:\users\Samsung\AppData\Roaming\Apple Computer 2010-08-17 15:43 . 2010-01-05 22:49 -------- d-----w- c:\programdata\NVIDIA 2010-08-17 15:39 . 2010-08-17 15:39 -------- d-----w- c:\program files\Western Railway NV 3D Screensaver 2010-08-17 13:46 . 2010-08-17 13:46 -------- d-----w- c:\programdata\AVG Security Toolbar 2010-08-15 17:03 . 2010-08-15 16:58 -------- d-----w- c:\program files\Mumble 2010-08-14 18:53 . 2010-08-14 18:49 -------- d-----w- c:\programdata\Apple Computer 2010-08-14 18:52 . 2010-08-14 18:52 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_netaapl_01009.Wdf 2010-08-14 18:52 . 2010-08-14 18:52 -------- d-----w- c:\program files\Bonjour 2010-08-14 18:49 . 2010-08-14 18:49 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-08-14 18:49 . 2010-08-14 18:49 -------- d-----w- c:\program files\Apple Software Update 2010-08-14 18:49 . 2010-08-14 18:48 -------- d-----w- c:\programdata\Apple 2010-08-14 18:49 . 2010-08-14 18:49 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_netaapl_01005.Wdf 2010-08-14 14:40 . 2010-03-10 20:42 -------- d-----w- c:\program files\Microsoft Works 2010-08-08 18:34 . 2010-08-08 10:58 -------- d-----w- c:\programdata\regid.1986-12.com.adobe 2010-08-08 10:56 . 2010-08-08 10:56 -------- d-----w- c:\program files\Adobe Media Player 2010-08-08 10:55 . 2010-08-08 10:55 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-08-08 10:55 . 2010-08-08 10:55 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-08-08 10:27 . 2010-01-05 10:52 -------- d-----w- c:\programdata\WinClon 2010-08-08 10:27 . 2010-01-05 10:42 -------- d-----w- c:\program files\Samsung 2010-08-08 10:27 . 2010-01-05 10:38 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-08-07 20:23 . 2010-08-07 20:23 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2010-08-07 20:19 . 2010-08-07 20:19 -------- d-----w- c:\program files\VideoLAN 2010-08-04 14:31 . 2010-03-10 20:48 -------- d-----w- c:\program files\Windows Live 2010-08-02 22:54 . 2010-08-02 22:54 -------- d-----w- c:\program files\PowerISO 2010-08-02 16:12 . 2010-08-01 16:31 28457 ----a-w- c:\windows\DIIUnin.dat 2010-08-02 16:06 . 2010-08-02 16:06 -------- d-----w- c:\program files\Sandboxie 2010-08-01 17:59 . 2010-08-01 17:59 -------- d-----w- c:\program files\uTorrent 2010-08-01 17:38 . 2010-08-01 17:38 -------- d-----w- c:\program files\Common Files\Java 2010-08-01 17:38 . 2010-08-01 17:38 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-08-01 17:38 . 2010-08-01 17:38 -------- d-----w- c:\program files\Java 2010-08-01 17:26 . 2010-08-01 17:26 -------- d-----w- c:\program files\VentriloMIX 2010-08-01 17:04 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail 2010-08-01 16:48 . 2010-08-01 16:48 21840 ----a-w- c:\windows\system32\SIntfNT.dll 2010-08-01 16:48 . 2010-08-01 16:48 17212 ----a-w- c:\windows\system32\SIntf32.dll 2010-08-01 16:48 . 2010-08-01 16:48 12067 ----a-w- c:\windows\system32\SIntf16.dll 2010-08-01 16:31 . 2010-08-01 16:31 94208 ----a-w- c:\windows\DIIUnin.exe 2010-08-01 16:31 . 2010-08-01 16:31 2829 ----a-w- c:\windows\DIIUnin.pif 2010-08-01 15:22 . 2010-08-01 15:22 -------- d-----w- c:\program files\Marvell 2010-08-01 15:03 . 2010-08-01 15:03 655360 ----a-w- c:\users\Samsung\AppData\Roaming\Spotify\Gracenote\gnsdk_sdkmanager.dll 2010-08-01 15:03 . 2010-08-01 15:03 282624 ----a-w- c:\users\Samsung\AppData\Roaming\Spotify\Gracenote\gnsdk_musicid_file.dll 2010-08-01 15:03 . 2010-08-01 15:03 208896 ----a-w- c:\users\Samsung\AppData\Roaming\Spotify\Gracenote\gnsdk_dsp.dll 2010-08-01 15:03 . 2010-08-01 15:03 -------- d-----w- c:\program files\Spotify 2010-08-01 14:55 . 2010-08-01 14:55 -------- d-----w- c:\users\Samsung\AppData\Roaming\Razer 2010-08-01 14:53 . 2010-08-01 14:53 -------- d-----w- c:\program files\Razer 2010-08-01 14:41 . 2010-01-05 10:54 -------- d-----w- c:\programdata\McAfee 2010-08-01 14:40 . 2010-08-01 14:40 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-08-01 14:39 . 2010-08-01 14:39 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-08-01 14:39 . 2010-08-01 14:39 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-08-01 14:39 . 2010-08-01 14:39 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-08-01 14:37 . 2010-08-01 14:37 -------- d-----w- c:\program files\AVG 2010-08-01 14:37 . 2010-08-01 14:37 -------- d-----w- c:\programdata\avg9 2010-08-01 14:36 . 2010-01-05 11:09 -------- d-----w- c:\program files\Google 2010-08-01 14:35 . 2010-08-01 14:34 -------- d-----w- c:\program files\NVIDIA Corporation 2010-08-01 14:35 . 2010-08-01 14:35 -------- d-----w- c:\programdata\NVIDIA Corporation 2010-08-01 14:27 . 2010-01-05 10:38 -------- d-----w- c:\program files\Intel 2010-08-01 14:27 . 2010-08-01 14:27 -------- d-----w- c:\users\Samsung\AppData\Roaming\InstallShield 2010-08-01 14:26 . 2010-08-01 14:26 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbB166.tmp.exe 2010-07-29 06:30 . 2010-08-14 14:36 197632 ----a-w- c:\windows\system32\ir32_32.dll 2010-07-29 06:30 . 2010-08-14 14:36 82944 ----a-w- c:\windows\system32\iccvid.dll 2010-07-09 14:20 . 2010-07-09 14:20 110696 ----a-w- c:\windows\system32\nvmctray.dll 2010-07-09 14:20 . 2010-07-09 14:20 1881704 ----a-w- c:\windows\system32\nvsvcr.dll 2010-07-09 14:20 . 2010-07-09 14:20 1469544 ----a-w- c:\windows\system32\nvsvc.dll 2010-07-09 14:20 . 2010-07-09 14:20 13939816 ----a-w- c:\windows\system32\nvcpl.dll 2010-07-09 14:20 . 2010-07-09 14:20 129640 ----a-w- c:\windows\system32\nvvsvc.exe 2010-07-07 12:03 . 2010-01-05 10:38 604776 ----a-w- c:\windows\system32\NVUNINST.EXE 2010-07-01 12:21 . 2010-07-01 12:21 34896 ----a-w- c:\windows\system32\drivers\ScreamingBAudio.sys 2010-06-30 06:25 . 2010-08-14 14:36 978432 ----a-w- c:\windows\system32\wininet.dll 2010-06-23 02:47 . 2010-06-23 02:47 32768 ----a-w- c:\windows\system32\drivers\taphss.sys 2010-06-22 02:47 . 2010-08-14 14:36 310784 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-22 02:47 . 2010-08-14 14:36 307200 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-06-22 02:47 . 2010-08-14 14:36 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-06-21 22:07 . 2010-08-01 14:33 26216 ----a-w- c:\windows\system32\nvhdap32.dll 2010-06-21 22:07 . 2010-01-06 03:54 600680 ----a-w- c:\windows\system32\nvuhda.exe 2010-06-21 22:07 . 2010-01-06 03:54 232040 ----a-w- c:\windows\system32\nvcohda.dll 2010-06-21 22:07 . 2010-08-01 14:33 105576 ----a-w- c:\windows\system32\drivers\nvhda32v.sys 2010-06-19 06:33 . 2010-08-14 14:36 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-06-19 06:33 . 2010-08-14 14:36 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-06-19 06:23 . 2010-08-14 14:36 37376 ----a-w- c:\windows\system32\rtutils.dll 2010-06-19 04:07 . 2010-08-14 14:36 2326016 ----a-w- c:\windows\system32\win32k.sys 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . *Not* Tomma poster & legitima standardposter visas inte. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2010-04-19 08:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-09-04 328568] "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-07-04 398568] "Google Update"="c:\users\Samsung\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-08-01 135664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-15 8120864] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-26 1713448] "UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720] "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504] "RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432] "PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472] "UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408] "UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 210216] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-01 2065760] "DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2010-05-05 251392] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp R2 gupdate;Tjänsten Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-01 135664] R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-04-19 430152] R3 CYUSB;Cypress Generic USB Driver;c:\windows\system32\Drivers\CYUSB.sys [2009-08-10 39936] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2010-04-19 18432] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776] R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-01 1343400] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-08-01 216400] S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-08-01 243024] S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-08-02 921952] S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-08-01 308136] S2 Rezip;Rezip;c:\windows\SYSTEM32\Rezip.exe [2009-03-05 311296] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472] S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2010-04-19 9728] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-06-21 105576] S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2010-07-01 34896] S3 vHidDev;Razer Gaming Device;c:\windows\system32\DRIVERS\vHidDev.sys [2009-12-21 5760] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392] . Innehållet i mappen 'Schemalagda aktiviteter': 2010-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-01 14:36] 2010-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-01 14:36] 2010-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3668850500-1260674723-286945001-1000Core.job - c:\users\Samsung\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-30 14:36] 2010-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3668850500-1260674723-286945001-1000UA.job - c:\users\Samsung\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-30 14:36] . . ------- Extra genomsökning ------- . uInternet Settings,ProxyOverride = *.local IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: Skicka bild till &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Skicka sida till &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll FF - ProfilePath - c:\users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\xz66l5jx.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/ FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\users\Samsung\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll ---- FIREFOX POLICY ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - - Toolbar-Locked - (no file) HKCU-Run-ATI - c:\users\Samsung\AppData\Roaming\Microsoft\Windows\Templates\taskeng.exe HKCU-Run-ControlPanel - c:\users\Samsung\AppData\Roaming\Microsoft\taskeng.exe SafeBoot-mcmscsvc SafeBoot-MCODS . --------------------- LÅSTA REGISTERNYCKLAR --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Sluttid: 2010-09-16 17:57:30 ComboFix-quarantined-files.txt 2010-09-16 15:57 Före genomsökningen: 386 940 141 568 byte ledigt Efter genomsökningen: 387 040 559 104 byte ledigt - - End Of File - - 2799AECAC713D12B07CB8D24B40F9E38
  10. Niki
    Nej det gör jag inte, aldrig sett dem tidigare. Nepp, avinsallerade Mcaffe eller vare heter precis efter att jag återställt datorn till tillståndet den var i när jag köpte den. (backup) Och efter det insallerade jag AVG. Nej, inte vad jag märkt. Men min kära flickvän har börjat tanka hem serier.. Så jag har stora antagningar om att det kan vara där jag fått det ifrån. När jag frågade henne om vad hon laddat ner så sa hon något i stil med att det var en RAR-fil med lösenord eller nått.. Första gången måste ha varit i Tisdag runt 17-18 snåret. Då har jag precis kommit hem från jobbet. Men när jag tittar i loggarna på AVG så står detta datum och klockslag. 2010-9-15, 20:00 (Detta är efter att jag lagt upp en tråd på detta forum) 2010-9-16, 16:52 (Idag när jag kom hem) Återkommer när jag kört Combofix.
  11. Niki
    Kom precis hem och kikade på Malware scanningen. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databasversion: 4621 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 2010-09-16 16:48:05 mbam-log-2010-09-16 (16-48-05).txt Skanningstyp: Fullständig skanning (C:\|) Antal skannade objekt: 256005 Förfluten tid: 46 minut(er), 38 sekund(er) Infekterade minnesprocesser: 0 Infekterade minnesmoduler: 0 Infekterade registernycklar: 0 Infekterade registervärden: 0 Infekterade registerdataposter: 0 Infekterade mappar: 0 Infekterade filer: 2 Infekterade minnesprocesser: (Inga illasinnade poster hittades) Infekterade minnesmoduler: (Inga illasinnade poster hittades) Infekterade registernycklar: (Inga illasinnade poster hittades) Infekterade registervärden: (Inga illasinnade poster hittades) Infekterade registerdataposter: (Inga illasinnade poster hittades) Infekterade mappar: (Inga illasinnade poster hittades) Infekterade filer: C:\Users\Samsung\Desktop\Niki\Installfiler\ventriloMIX05.exe (Trojan.Wreckit) -> Quarantined and deleted successfully. C:\Windows\MSetup\BASW-01278A18\FailSafeFactoryInstaller_1017.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. ----------------------------------------------------- Nu fick ja samtidigt ett nytt meddelande av AVG. Vad ska jag ta mig till? Ny DDS log samt Attatch: DDS (Ver_10-03-17.01) - NTFSx86 Run by Samsung at 16:52:40,67 on 2010-09-16 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.46.1053.18.3566.2071 [GMT 2:00] ============== Running Processes =============== C:\windows\system32\wininit.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\windows\system32\lsm.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\nvvsvc.exe C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\Program Files\Sandboxie\SbieSvc.exe C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\nvvsvc.exe C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\windows\SYSTEM32\Rezip.exe C:\windows\system32\taskhost.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\windows\system32\svchost.exe -k imgsvc C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\windows\system32\taskeng.exe C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\AVG\AVG9\avgemc.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\windows\system32\SearchIndexer.exe C:\windows\System32\alg.exe C:\windows\system32\svchost.exe -k bthsvcs C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\Razer\DeathAdder\razerhid.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Razer\DeathAdder\razertra.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Sandboxie\SbieCtrl.exe C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Templates\taskeng.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Razer\DeathAdder\razerofa.exe C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\taskmgr.exe C:\Program Files\AVG\AVG9\avgui.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\windows\system32\NOTEPAD.EXE C:\Users\Samsung\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Samsung\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Samsung\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Samsung\AppData\Local\Google\Chrome\Application\chrome.exe C:\windows\system32\mspaint.exe C:\Users\Samsung\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Samsung\AppData\Local\Google\Chrome\Application\chrome.exe C:\windows\explorer.exe C:\windows\system32\DllHost.exe C:\windows\system32\DllHost.exe C:\Users\Samsung\Desktop\dds.scr C:\windows\system32\conhost.exe C:\windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn uInternet Settings,ProxyOverride = *.local uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: Inloggningshjälp för Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" uRun: [sandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe" uRun: [Google Update] "c:\users\samsung\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [ATI] c:\users\samsung\appdata\roaming\microsoft\windows\templates\taskeng.exe uRun: [ControlPanel] c:\users\samsung\appdata\roaming\microsoft\taskeng.exe mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun: [updateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5" mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe" mRun: [updateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0" mRun: [updatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0" mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe" mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe" mRun: [updatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0" mRun: [updatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter" mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0" mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [DeathAdder] c:\program files\razer\deathadder\razerhid.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xportera till Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: Skicka bild till &Bluetooth-enhet... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Skicka sida till &Bluetooth-enhet... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll AppInit_DLLs: avgrsstx.dll ================= FIREFOX =================== FF - ProfilePath - c:\users\samsung\appdata\roaming\mozilla\firefox\profiles\xz66l5jx.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/ FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\users\samsung\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B"); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-8-1 216400] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-8-1 29584] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-8-1 243024] R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2010-1-5 10752] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-8-1 921952] R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-8-1 308136] R2 Rezip;Rezip;c:\windows\system32\Rezip.exe [2010-1-5 311296] R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2010-8-1 9728] R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-1-6 125696] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-9-15 38224] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-8-1 105576] R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-7-4 119016] R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2010-7-1 34896] R3 vHidDev;Razer Gaming Device;c:\windows\system32\drivers\vHidDev.sys [2010-8-1 5760] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392] S2 gupdate;Tjänsten Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-1 135664] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-8-17 430152] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-1-6 43944] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-3-10 29472] S3 CYUSB;Cypress Generic USB Driver;c:\windows\system32\drivers\CYUSB.sys [2010-8-1 39936] S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-3-10 54632] S3 fsssvc;Tjänsten Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-4-19 18432] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776] S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-1 1343400] =============== Created Last 30 ================ 2010-09-15 18:27:46 0 d-----w- c:\users\samsung\appdata\roaming\Malwarebytes 2010-09-15 18:27:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-09-15 18:27:33 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-15 18:27:33 0 d-----w- c:\programdata\Malwarebytes 2010-09-15 18:27:33 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-09-15 01:00:44 0 d-----w- C:\05001902cdbcc91ca822668e3774 2010-09-14 22:28:31 316928 ----a-w- c:\windows\system32\spoolsv.exe 2010-09-13 18:40:42 0 d-----w- c:\users\samsung\appdata\roaming\StealthBot 2010-09-13 18:40:12 0 d-----w- C:\Stealthbot 2010-09-12 08:01:13 49917 ----a-w- c:\users\samsung\.ems.cfg 2010-09-12 08:00:18 299520 ----a-w- c:\windows\uninst.exe 2010-09-12 07:57:44 0 d-----w- c:\program files\Your Freedom 2010-09-05 14:27:15 0 d-----w- c:\program files\iPod 2010-09-05 14:27:14 0 d-----w- c:\program files\iTunes 2010-08-30 21:01:36 0 d-----w- c:\programdata\Boss Media 2010-08-30 21:01:33 0 d-----w- C:\Svenska Spels Poker 2010-08-26 10:22:21 0 d-----w- c:\programdata\Office Genuine Advantage 2010-08-25 20:38:22 0 d-----w- c:\users\samsung\appdata\roaming\AVG9 2010-08-24 21:12:50 571904 ----a-w- c:\windows\system32\oleaut32.dll 2010-08-24 08:13:58 0 d-----w- C:\Ventrilo 3.0.5 2010-08-24 08:13:56 254 ----a-w- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini 2010-08-24 08:13:22 0 d-----w- c:\program files\common files\Wise Installation Wizard 2010-08-23 06:41:00 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys 2010-08-23 06:41:00 1286456 ----a-w- c:\windows\system32\ntdll.dll 2010-08-20 10:36:05 0 d-----w- c:\program files\Screaming Bee LLC 2010-08-20 10:30:06 0 d-----w- C:\MorphVOX Pro 2010-08-20 10:27:36 0 d-----w- c:\program files\Screaming Bee 2010-08-20 07:38:53 0 d-----w- c:\users\samsung\appdata\roaming\Screaming Bee 2010-08-20 07:38:37 0 d-----w- c:\programdata\Screaming Bee 2010-08-19 15:17:28 0 d-----w- c:\program files\SpotifyRemotelessHelper 2010-08-17 15:39:04 574976 ----a-w- c:\windows\system32\Western_Railway_NV_3D_Screensaver.scr 2010-08-17 15:39:04 0 d-----w- c:\program files\Western Railway NV 3D Screensaver ==================== Find3M ==================== 2010-09-16 04:40:46 261 ----a-w- c:\programdata\nvUnsupRes.dat 2010-09-03 19:42:48 617470 ----a-w- c:\windows\system32\perfh01D.dat 2010-09-03 19:42:48 120802 ----a-w- c:\windows\system32\perfc01D.dat 2010-08-14 18:52:44 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_netaapl_01009.Wdf 2010-08-14 18:49:01 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_netaapl_01005.Wdf 2010-08-07 20:23:37 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2010-08-02 16:12:22 28457 ----a-w- c:\windows\DIIUnin.dat 2010-08-01 17:38:04 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-08-01 16:48:33 21840 ----a-w- c:\windows\system32\SIntfNT.dll 2010-08-01 16:48:33 17212 ----a-w- c:\windows\system32\SIntf32.dll 2010-08-01 16:48:33 12067 ----a-w- c:\windows\system32\SIntf16.dll 2010-08-01 16:31:01 94208 ----a-w- c:\windows\DIIUnin.exe 2010-08-01 16:31:01 2829 ----a-w- c:\windows\DIIUnin.pif 2010-08-01 14:40:04 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-08-01 14:39:59 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-08-01 14:39:33 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll 2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll 2010-07-09 14:20:08 110696 ----a-w- c:\windows\system32\nvmctray.dll 2010-07-09 14:20:06 1881704 ----a-w- c:\windows\system32\nvsvcr.dll 2010-07-09 14:20:06 1469544 ----a-w- c:\windows\system32\nvsvc.dll 2010-07-09 14:20:06 13939816 ----a-w- c:\windows\system32\nvcpl.dll 2010-07-09 14:20:06 129640 ----a-w- c:\windows\system32\nvvsvc.exe 2010-07-07 12:03:14 604776 ----a-w- c:\windows\system32\NVUNINST.EXE 2010-06-30 06:25:31 978432 ----a-w- c:\windows\system32\wininet.dll 2010-06-21 22:07:47 26216 ----a-w- c:\windows\system32\nvhdap32.dll 2010-06-21 22:07:45 600680 ----a-w- c:\windows\system32\nvuhda.exe 2010-06-21 22:07:43 232040 ----a-w- c:\windows\system32\nvcohda.dll 2010-06-19 06:33:29 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-06-19 06:33:29 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-06-19 06:23:50 37376 ----a-w- c:\windows\system32\rtutils.dll 2010-06-19 04:07:18 2326016 ----a-w- c:\windows\system32\win32k.sys 2010-01-06 04:19:35 37052 ----a-w- c:\windows\inf\perflib\041d\perfd.dat 2010-01-06 04:19:35 37052 ----a-w- c:\windows\inf\perflib\041d\perfc.dat 2010-01-06 04:19:35 294764 ----a-w- c:\windows\inf\perflib\041d\perfi.dat 2010-01-06 04:19:35 294764 ----a-w- c:\windows\inf\perflib\041d\perfh.dat 2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 16:53:04,76 =============== Attach.txt
  12. Niki
    Jag drog igång en fullständig scanning med det där malware programmet. Jag ska även kolla loggarna från avg så snart jag kommer hem. Återkommer ikväll! För övrct så verkar datorn fungera som den ska. Dock verkar mitt internet jäkla slött för o vara 25mbit. Men det kan ju vara driftstörningar eller nått annat.
  13. Niki
    i C:\05001902cdbcc91ca822668e3774 finns en MRT.exe. Jag tänkte jag skulle scanna den i total virus, men det kunde jag inte.. Står att jag ska kontakta filens ägare för mer information :S Jag har aldrig varit med om dess like. €: Jag googlade och det verkar vara en legitim fil (MRT.exe). Men du ser inget annat som kan tänkas vara något?
  14. Niki
    AVG hittade denna: "C:\Users\Samsung\AppData\Local\Temp\412gg.exe";"Trojan horse Generic18.BYZH";"Moved to Virus Vault" Rezip.exe gav detta: File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis: MD5: f85ae59a52885f4b09aadafb23001a3b Date first seen: 2009-07-25 03:29:46 (UTC) Date last seen: 2010-09-14 14:24:45 (UTC) Detection ratio: 0/43 Spoolsv.exe gav detta: File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis: MD5: d1bb750eb51694de183e08b9c33be5b2 Date first seen: 2010-09-14 21:58:56 (UTC) Date last seen: 2010-09-15 00:09:31 (UTC) Detection ratio: 0/42 Stealthbot är en chat-client för spelet Diablo II. Inget märkvärdigt, då jag använt det i åratal. Tack igen!
  15. Niki
    Först och främst tack för visat intresse! Filen är bifogad och här kommer DDS logen. Attach.txt
×
×
  • Skapa nytt...