Niki Postad September 16, 2010 Författare Dela Postad September 16, 2010 RkU Version: 3.8.388.590, Type LE (SR2) ============================================== OS Name: Windows 7 Version 6.1.7600 Number of processors #4 ============================================== >Drivers ============================================== 0x94C32000 C:\windows\system32\DRIVERS\nvlddmkm.sys 11001856 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 258.96 ) 0x83611000 C:\windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System) 0x83611000 PnpManager 4259840 bytes 0x83611000 RAW 4259840 bytes 0x83611000 WMIxWDM 4259840 bytes 0x96009000 C:\windows\system32\drivers\RTKVHDA.sys 2973696 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver) 0x970B0000 Win32k 2400256 bytes 0x970B0000 C:\windows\System32\win32k.sys 2400256 bytes (Microsoft Corporation, Win32-drivrutin för flera användare) 0x90E1F000 C:\windows\System32\Drivers\dump_iaStor.sys 1789952 bytes 0x8CC15000 C:\windows\system32\DRIVERS\iaStor.sys 1789952 bytes (Intel Corporation, Intel Rapid Storage Technology driver - x86) 0x91C20000 C:\windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP-drivrutin) 0x92A84000 C:\windows\system32\DRIVERS\athr.sys 1286144 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver) 0x8CE13000 C:\windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NTFS-drivrutin) 0x956B2000 C:\windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel) 0x8D030000 C:\windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20-drivrutin) 0x8C8F3000 C:\windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module) 0x9D232000 C:\windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver) 0x92F68000 C:\windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP-protokollstack) 0x92E0C000 C:\windows\system32\drivers\btwaudio.sys 528384 bytes (Broadcom Corporation., Bluetooth Audio Device) 0x8C820000 C:\windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library) 0x9431C000 C:\windows\system32\DRIVERS\btwavdt.sys 471040 bytes (Broadcom Corporation., Broadcom Bluetooth AVDT Service) 0x8CA1E000 C:\windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernellägesdrivrutin för Framework Runtime) 0x9637C000 C:\windows\System32\Drivers\bthport.sys 409600 bytes (Microsoft Corporation, Bluetooth-bussdrivrutin) 0x8CF80000 C:\windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation) 0x9284D000 C:\windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock) 0x9D350000 C:\windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver) 0x93218000 C:\windows\system32\DRIVERS\yk62x86.sys 331776 bytes (-, -) 0x9D301000 C:\windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver) 0x97360000 C:\windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver) 0x92A39000 C:\windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 portdrivrutin) 0x8CB5F000 C:\windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver) 0x8CA9D000 C:\windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI-drivrutin för NT) 0x92EFF000 C:\windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport-drivrutin) 0x9423E000 C:\windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB) 0x8C8B1000 C:\windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver) 0x92925000 C:\windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Drivrutin för Redirected Drive Buffering SubSystem) 0x962DF000 C:\windows\system32\DRIVERS\udfs.sys 262144 bytes (Microsoft Corporation, UDF File System Driver) 0x8D14A000 C:\windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Drivrutin för skuggkopior av volymer) 0x8D0E7000 C:\windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem) 0x94200000 C:\windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr) 0x91DBC000 C:\windows\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher) 0x9328E000 C:\windows\system32\DRIVERS\SynTP.sys 237568 bytes (Synaptics Incorporated, Synaptics Touchpad Driver) 0x95769000 C:\windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS) 0x83A21000 ACPI_HAL 225280 bytes 0x83A21000 C:\windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL) 0x929B2000 C:\windows\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver) 0x8CBC9000 C:\windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Filterhanteraren för Microsofts filsystem) 0x93374000 C:\windows\system32\drivers\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library) 0x8C99E000 C:\windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver) 0x9281B000 C:\windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver) 0x91D69000 C:\windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API) 0x9332C000 C:\windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices)) 0x8D191000 C:\windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver) 0x8CF42000 C:\windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider) 0x9D200000 C:\windows\System32\Drivers\fastfat.SYS 172032 bytes (Microsoft Corporation, Fast FAT File System Driver) 0x8CAF6000 C:\windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI-uppräknare) 0x9D3A1000 C:\windows\System32\drivers\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator) 0x8D000000 C:\windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll) 0x8D125000 C:\windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages) 0x942EB000 C:\windows\system32\DRIVERS\rfcomm.sys 147456 bytes (Microsoft Corporation, Bluetooth RFCOMM Driver) 0x942C7000 C:\windows\System32\Drivers\usbvideo.sys 147456 bytes (Microsoft Corporation, USB Video Class Driver) 0x8CDD3000 C:\windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension) 0x943A8000 C:\windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr) 0x933DD000 C:\windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption)) 0x9D2D3000 C:\windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver) 0x92A18000 C:\windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface-drivrutin) 0x8C9D0000 C:\windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver) 0x90E00000 C:\windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver) 0x957A2000 C:\windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver) 0x932DD000 C:\windows\system32\DRIVERS\Impcd.sys 126976 bytes (Intel Corporation, Intel® Turbo Boost Technology Driver) 0x928AE000 C:\windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler) 0x92ED0000 C:\Program Files\Sandboxie\SbieDrv.sys 126976 bytes (tzuk, Sandboxie Kernel Mode Driver) 0x97340000 C:\windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver) 0x942AA000 C:\windows\system32\drivers\nvhda32v.sys 118784 bytes (NVIDIA Corporation, NVIDIA HDMI Audio Driver) 0x92E9B000 C:\windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, Filterdrivrutin för LUA-filvirtualisering) 0x943CB000 C:\windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector) 0x92EB6000 C:\windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver) 0x9438F000 C:\windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver) 0x9335B000 C:\windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers) 0x92986000 C:\windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver) 0x93269000 C:\windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, Drivrutin för i8042 Port) 0x933BA000 C:\windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver) 0x93200000 C:\windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver) 0x957DA000 C:\windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol) 0x94C00000 C:\windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager) 0x91D9A000 C:\windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver) 0x963E0000 C:\windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver) 0x8CBAA000 C:\windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager) 0x94C19000 C:\windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library) 0x8CF6D000 C:\windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface) 0x92F55000 C:\windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6) 0x928EC000 C:\windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver) 0x933A8000 C:\windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager) 0x9636A000 C:\windows\System32\Drivers\BTHUSB.sys 73728 bytes (Microsoft Corporation, Bluetooth Miniport Driver) 0x93300000 C:\windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver) 0x92FED000 C:\windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver) 0x8D1D6000 C:\windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver) 0x96336000 C:\windows\System32\Drivers\dump_dumpfve.sys 69632 bytes 0x8CA00000 C:\windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver) 0x94282000 C:\windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy) 0x8CB2B000 C:\windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver) 0x8C898000 C:\windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Plattformsspecifik drivrutin för maskinvarufel) 0x928CD000 C:\windows\system32\DRIVERS\vwififlt.sys 69632 bytes (Microsoft Corporation, Virtual WiFi Filter Driver) 0x92EEF000 C:\windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver) 0x8D1BE000 C:\windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver) 0x92F45000 C:\windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, I/O-drivrutin för NDIS-användarläge) 0x928FF000 C:\windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver) 0x8CB4F000 C:\windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver) 0x957C1000 C:\windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver) 0x9299E000 C:\windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver) 0x928DE000 C:\windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver) 0x8C9F1000 C:\windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver) 0x8CC00000 C:\windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension) 0x8CFDD000 C:\windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver) 0x9290F000 C:\windows\System32\Drivers\SCDEmu.SYS 57344 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive) 0x92BBE000 C:\windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator) 0x8CA8F000 C:\windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader) 0x9430F000 C:\windows\system32\DRIVERS\BthEnum.sys 53248 bytes (Microsoft Corporation, Bluetooth Bus Extender) 0x93312000 C:\windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator) 0x96329000 C:\windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver) 0x93281000 C:\windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Tangentbordsklassdrivrutin) 0x932CA000 C:\windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Musklassdrivrutin) 0x9331F000 C:\windows\system32\drivers\ScreamingBAudio.sys 53248 bytes (Screaming Bee LLC, Screaming Bee Audio Driver) 0x9D2F4000 C:\windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver) 0x8CE00000 C:\windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver) 0x9297A000 C:\windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver) 0x9429E000 C:\windows\system32\DRIVERS\kbdhid.sys 49152 bytes (Microsoft Corporation, Filterdrivrutin för HID-tangentbord) 0x8D1F4000 C:\windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver) 0x8CB44000 C:\windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver) 0x92E8D000 C:\windows\system32\DRIVERS\btwl2cap.sys 45056 bytes (Broadcom Corporation., Broadcom Bluetooth L2CAP Service) 0x96355000 C:\windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices) 0x96347000 C:\windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver) 0x94293000 C:\windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, Filterdrivrutin för HID-mus) 0x8CA11000 C:\windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver) 0x933D2000 C:\windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver) 0x91DB1000 C:\windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper) 0x8CB20000 C:\windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Rotnumrerare för virtuell enhet) 0x96360000 C:\windows\system32\drivers\btusbflt.sys 40960 bytes (Broadcom Corporation., Widcomm Bluetooth USB Filter for Windows XP) 0x9631F000 C:\windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver) 0x8CDF6000 C:\windows\system32\DRIVERS\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver) 0x92970000 C:\windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver) 0x92966000 C:\windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy) 0x9D2C9000 C:\windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver) 0x957D0000 C:\windows\system32\DRIVERS\vwifibus.sys 40960 bytes (Microsoft Corporation, Virtuell WiFi-bussdrivrutin) 0x8CBC0000 C:\windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver) 0x8CDCA000 C:\windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver) 0x8CFEB000 C:\windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver) 0x9D3C7000 C:\windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver) 0x97310000 C:\windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver) 0x8CAE5000 C:\windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll) 0x8C8A9000 C:\windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver) 0x8CB3C000 C:\windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver) 0x8D1CE000 C:\windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver) 0x80BBA000 C:\windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger) 0x8CAEE000 C:\windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver) 0x90FF8000 C:\windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport) 0x8D025000 C:\windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport) 0x8CFF4000 C:\windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport) 0x9291D000 C:\windows\system32\Drivers\SABI.sys 32768 bytes (SAMSUNG ELECTRONICS, SAMSUNG Kernel Driver) 0x8D189000 C:\windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor) 0x90FF1000 C:\windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver) 0x957F1000 C:\windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library) 0x90FEA000 C:\windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver) 0x928A7000 C:\windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver) 0x929AC000 C:\windows\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver) 0x932D7000 C:\windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter) 0x932FC000 C:\windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver) 0x92E98000 C:\windows\system32\DRIVERS\btwrchid.sys 12288 bytes (Broadcom Corporation., Bluetooth Remote Control HID Minidriver) 0x96352000 C:\windows\system32\drivers\dadder.sys 12288 bytes (Razer (Asia-Pacific) Pte Ltd, Razer Habu USB Optical Mouse Driver) 0x956B0000 C:\windows\system32\DRIVERS\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 258.96 ) 0x957F8000 C:\windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator) 0x932C8000 C:\windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver) 0x94C17000 C:\windows\system32\DRIVERS\vHidDev.sys 8192 bytes (Windows ® Win 7 DDK provider, Virtual Hid Device) ============================================== >Stealth ============================================== 0xAD62FF2E Unknown thread object [ ETHREAD 0x86116AE0 ] , 600 bytes ============================================== >Files ============================================== !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00363b !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00363c !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00363d !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00363e !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00363f !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003640 !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003641 !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003642 !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003643 !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003644 !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003645 !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003646 !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003647 !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003648 !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003649 !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00364a !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00364b !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\D053.tmp !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\D054.tmp !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\D055.tmp !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\D056.tmp !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\D066.tmp !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\D067.tmp !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\D068.tmp !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\D069.tmp !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\D06A.tmp !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\D07B.tmp !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\2623.tmp !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\2634.tmp !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\2635.tmp !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\2636.tmp !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\2646.tmp !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\2647.tmp !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\2648.tmp !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\2659.tmp !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\265A.tmp !-->[Hidden] C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\265B.tmp !-->[Hidden] C:\Users\Samsung\AppData\Local\Spotify\Storage\2e\2edc579d13ca0e4c80f5878d4aa17f2bd88f0192.file::$DATA !-->[Hidden] C:\Users\Samsung\AppData\Local\Spotify\Storage\32\324e138350b9b4d8c024c43842855ad7e4f77fde.file::$DATA !-->[Hidden] C:\Users\Samsung\AppData\Local\Spotify\Storage\4f\4f4adfc55cffc09a6d149aa9f83ef0e968c560d9.file::$DATA !-->[Hidden] C:\Users\Samsung\AppData\Local\Spotify\Storage\6f\6f8186bb17c4d0a060e612fd7694ee1006cd87a6.file::$DATA !-->[Hidden] C:\Users\Samsung\AppData\Local\Spotify\Storage\9a\9aa6f4ffd17e0a45faecdf62bac6412265addd0d.file::$DATA !-->[Hidden] C:\Users\Samsung\AppData\Local\Spotify\Storage\bc\bcac4534e5b4b3191bdfb091c8bc46fb112e99d1.file::$DATA !-->[Hidden] C:\Users\Samsung\AppData\Local\Spotify\Storage\be\beca8b94296360dee59e186cf626e9bfeb1dad9f.file::$DATA !-->[Hidden] C:\Users\Samsung\AppData\Local\Spotify\Storage\d1\d12c41767e29ed0582260fbc75d29912cd040c98.file::$DATA !-->[Hidden] C:\Users\Samsung\AppData\Local\Spotify\Storage\da\da1c7b7d092ec3fdfd329af3a6da8e7d5b785d9a.file::$DATA !-->[Hidden] C:\Users\Samsung\AppData\Local\Spotify\Storage\e5\e50416add6c45c838f8eea98efd556f6f1b58802.file::$DATA !-->[Hidden] C:\Users\Samsung\AppData\Local\Spotify\Storage\f4\f4935ac2ae9d4b4a6ee6ca3adf59d77a05c4147c.file::$DATA !-->[Hidden] C:\Users\Samsung\AppData\Local\Spotify\Storage\f8\f8905ff75030dc684442640efd7a1bcdb8fd1154.file::$DATA ============================================== >Hooks ============================================== Device object-->ParseProcedure, Type: Kernel Object [unknown_code_page] File object-->ParseProcedure, Type: Kernel Object [unknown_code_page] Key object-->ParseProcedure, Type: Kernel Object [unknown_code_page] LpcPort object-->OpenProcedure, Type: Kernel Object [unknown_code_page] ntkrnlpa.exe-->NtAlpcSendWaitReceivePort, Type: Inline - RelativeJump 0x83886135-->97ED0DE0 [unknown_code_page] ntkrnlpa.exe-->NtRequestPort, Type: Inline - RelativeJump 0x8389BDC3-->97ED0CA0 [unknown_code_page] ntkrnlpa.exe-->NtRequestWaitReplyPort, Type: Inline - RelativeJump 0x83887B5D-->97ED0D40 [unknown_code_page] ntkrnlpa.exe-->NtTraceEvent, Type: Inline - RelativeJump 0x83643E34-->97ED0C00 [unknown_code_page] Section object-->OpenProcedure, Type: Kernel Object [unknown_code_page] [2696]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x771F5206-->00000000 [shell32.dll] [2696]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x771F5296-->00000000 [shell32.dll] [2696]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x771F5456-->00000000 [shell32.dll] [4988]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x771F5206-->00000000 [shell32.dll] [4988]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x771F5296-->00000000 [shell32.dll] [4988]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x771F5456-->00000000 [shell32.dll] [5520]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x771F5206-->00000000 [shell32.dll] [5520]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x771F5296-->00000000 [shell32.dll] [5520]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x771F5456-->00000000 [shell32.dll] [5528]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x771F5206-->00000000 [shell32.dll] [5528]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x771F5296-->00000000 [shell32.dll] [5528]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x771F5456-->00000000 [shell32.dll] !!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =) Citera Länk till kommentar Dela på andra webbplatser Fler delningsalternativ...
Cecilia Postad September 16, 2010 Dela Postad September 16, 2010 Tack för filen! 1. Spara MBRCheck.exe av a_d_13 på Skrivbordet. Kör programmet. Vänta tills programmet är klart eller till texten "Enter 'Y' and hit ENTER for more options, or 'N' to exit:" visas. I det senare fallet tryck på N följt av Enter. När det är klart skapas en loggfil på Skrivbordet som heter MBRCheckxxxxxx.txt där xxxxxx är klockslaget för körningen. Öppna loggen i Anteckningar genom att dubbelklicka på loggen och klistra in innehållet i ditt svar. 2. Starta om datorn. Stäng av alla program inkl. antivirusprogram på samma sätt som du gjorde när du skulle köra ComboFix och så kör Rootkit Unhooker en gång till på samma sätt förutom att du inte ska bocka för "Files". Citera Länk till kommentar Dela på andra webbplatser Fler delningsalternativ...
Niki Postad September 16, 2010 Författare Dela Postad September 16, 2010 (redigerade) Tack för filen! 1. Spara MBRCheck.exe av a_d_13 på Skrivbordet. Kör programmet. Vänta tills programmet är klart eller till texten "Enter 'Y' and hit ENTER for more options, or 'N' to exit:" visas. I det senare fallet tryck på N följt av Enter. När det är klart skapas en loggfil på Skrivbordet som heter MBRCheckxxxxxx.txt där xxxxxx är klockslaget för körningen. Öppna loggen i Anteckningar genom att dubbelklicka på loggen och klistra in innehållet i ditt svar. MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows 7 Home Premium Edition Windows Information: (build 7600), 32-bit Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD. BIOS Manufacturer: American Megatrends Inc. System Manufacturer: SAMSUNG ELECTRONICS CO., LTD. System Product Name: R780/R778 Logical Drives Mask: 0x0000001c Kernel Drivers (total 207): 0x83611000 \SystemRoot\system32\ntkrnlpa.exe 0x83A21000 \SystemRoot\system32\halmacpi.dll 0x80BBA000 \SystemRoot\system32\kdcom.dll 0x8C820000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x8C898000 \SystemRoot\system32\PSHED.dll 0x8C8A9000 \SystemRoot\system32\BOOTVID.dll 0x8C8B1000 \SystemRoot\system32\CLFS.SYS 0x8C8F3000 \SystemRoot\system32\CI.dll 0x8CA1E000 \SystemRoot\system32\drivers\Wdf01000.sys 0x8CA8F000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8CA9D000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x8CAE5000 \SystemRoot\system32\DRIVERS\WMILIB.SYS 0x8CAEE000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x8CAF6000 \SystemRoot\system32\DRIVERS\pci.sys 0x8CB20000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x8CB2B000 \SystemRoot\System32\drivers\partmgr.sys 0x8CB3C000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x8CB44000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x8CB4F000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x8CB5F000 \SystemRoot\System32\drivers\volmgrx.sys 0x8CBAA000 \SystemRoot\System32\drivers\mountmgr.sys 0x8CC15000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x8CDCA000 \SystemRoot\system32\DRIVERS\atapi.sys 0x8CDD3000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x8CDF6000 \SystemRoot\system32\DRIVERS\msahci.sys 0x8CC00000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x8CBC0000 \SystemRoot\system32\DRIVERS\amdxata.sys 0x8CBC9000 \SystemRoot\system32\drivers\fltmgr.sys 0x8CA00000 \SystemRoot\system32\drivers\fileinfo.sys 0x8CE13000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8CF42000 \SystemRoot\System32\Drivers\msrpc.sys 0x8CF6D000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8CF80000 \SystemRoot\System32\Drivers\cng.sys 0x8CFDD000 \SystemRoot\System32\drivers\pcw.sys 0x8CFEB000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x8D030000 \SystemRoot\system32\drivers\ndis.sys 0x8D0E7000 \SystemRoot\system32\drivers\NETIO.SYS 0x8D125000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x8D14A000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x8D189000 \SystemRoot\System32\Drivers\spldr.sys 0x8D191000 \SystemRoot\System32\drivers\rdyboost.sys 0x8D1BE000 \SystemRoot\System32\Drivers\mup.sys 0x8D1CE000 \SystemRoot\System32\drivers\hwpolicy.sys 0x8C99E000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x8D1D6000 \SystemRoot\system32\DRIVERS\disk.sys 0x8D000000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x90E00000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x90FEA000 \SystemRoot\System32\Drivers\Null.SYS 0x90FF1000 \SystemRoot\System32\Drivers\Beep.SYS 0x8D1F4000 \SystemRoot\System32\drivers\vga.sys 0x8C9D0000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x8CE00000 \SystemRoot\System32\drivers\watchdog.sys 0x90FF8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x8D025000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8CFF4000 \SystemRoot\system32\drivers\rdprefmp.sys 0x8CA11000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8C9F1000 \SystemRoot\System32\Drivers\Npfs.SYS 0x91C20000 \SystemRoot\System32\drivers\tcpip.sys 0x91D69000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x91D9A000 \SystemRoot\system32\DRIVERS\tdx.sys 0x91DB1000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x91DBC000 \SystemRoot\System32\Drivers\avgtdix.sys 0x9281B000 \SystemRoot\System32\DRIVERS\netbt.sys 0x9284D000 \SystemRoot\system32\drivers\afd.sys 0x928A7000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x928AE000 \SystemRoot\system32\DRIVERS\pacer.sys 0x928CD000 \SystemRoot\system32\DRIVERS\vwififlt.sys 0x928DE000 \SystemRoot\system32\DRIVERS\netbios.sys 0x928EC000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x928FF000 \SystemRoot\system32\DRIVERS\termdd.sys 0x9290F000 \SystemRoot\System32\Drivers\SCDEmu.SYS 0x9291D000 \??\C:\windows\system32\Drivers\SABI.sys 0x92925000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x92966000 \SystemRoot\system32\drivers\nsiproxy.sys 0x92970000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x9297A000 \SystemRoot\System32\drivers\discache.sys 0x92986000 \SystemRoot\System32\Drivers\dfsc.sys 0x9299E000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x929AC000 \SystemRoot\System32\Drivers\avgmfx86.sys 0x929B2000 \SystemRoot\System32\Drivers\avgldx86.sys 0x92A18000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x94C32000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x956B0000 \SystemRoot\system32\DRIVERS\nvBridge.kmd 0x956B2000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x95769000 \SystemRoot\System32\drivers\dxgmms1.sys 0x957A2000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x957C1000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x92A39000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x92A84000 \SystemRoot\system32\DRIVERS\athr.sys 0x957D0000 \SystemRoot\system32\DRIVERS\vwifibus.sys 0x93218000 \SystemRoot\system32\DRIVERS\yk62x86.sys 0x93269000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x93281000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x9328E000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x932C8000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x932CA000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x932D7000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x932DD000 \SystemRoot\system32\DRIVERS\Impcd.sys 0x932FC000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x93300000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x93312000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x9331F000 \SystemRoot\system32\drivers\ScreamingBAudio.sys 0x9332C000 \SystemRoot\system32\drivers\portcls.sys 0x9335B000 \SystemRoot\system32\drivers\drmk.sys 0x93374000 \SystemRoot\system32\drivers\ks.sys 0x933A8000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x933BA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x933D2000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x933DD000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x93200000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x957DA000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x94C00000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x94C17000 \SystemRoot\system32\DRIVERS\vHidDev.sys 0x94C19000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x957F1000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x957F8000 \SystemRoot\system32\DRIVERS\swenum.sys 0x92BBE000 \SystemRoot\system32\DRIVERS\umbus.sys 0x9423E000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x94282000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x94293000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x9429E000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x942AA000 \SystemRoot\system32\drivers\nvhda32v.sys 0x96009000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x962DF000 \SystemRoot\system32\DRIVERS\udfs.sys 0x970B0000 \SystemRoot\System32\win32k.sys 0x9631F000 \SystemRoot\System32\drivers\Dxapi.sys 0x96329000 \SystemRoot\System32\Drivers\crashdmp.sys 0x90E1F000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x96336000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x96347000 \SystemRoot\system32\DRIVERS\monitor.sys 0x96352000 \SystemRoot\system32\drivers\dadder.sys 0x96355000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x97310000 \SystemRoot\System32\TSDDD.dll 0x97340000 \SystemRoot\System32\cdd.dll 0x97360000 \SystemRoot\System32\ATMFD.DLL 0x96360000 \SystemRoot\system32\drivers\btusbflt.sys 0x9636A000 \SystemRoot\System32\Drivers\BTHUSB.sys 0x9637C000 \SystemRoot\System32\Drivers\bthport.sys 0x963E0000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x942C7000 \SystemRoot\System32\Drivers\usbvideo.sys 0x942EB000 \SystemRoot\system32\DRIVERS\rfcomm.sys 0x9430F000 \SystemRoot\system32\DRIVERS\BthEnum.sys 0x9431C000 \SystemRoot\system32\DRIVERS\btwavdt.sys 0x92E0C000 \SystemRoot\system32\drivers\btwaudio.sys 0x92E8D000 \SystemRoot\system32\DRIVERS\btwl2cap.sys 0x92E98000 \SystemRoot\system32\DRIVERS\btwrchid.sys 0x92E9B000 \SystemRoot\system32\drivers\luafv.sys 0x92EB6000 \SystemRoot\system32\drivers\WudfPf.sys 0x92ED0000 \??\C:\Program Files\Sandboxie\SbieDrv.sys 0x92EEF000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x92EFF000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x92F45000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x92F55000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x92F68000 \SystemRoot\system32\drivers\HTTP.sys 0x9438F000 \SystemRoot\system32\DRIVERS\bowser.sys 0x92FED000 \SystemRoot\System32\drivers\mpsdrv.sys 0x943A8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x94200000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x943CB000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x9D232000 \SystemRoot\system32\drivers\peauth.sys 0x9D2C9000 \SystemRoot\System32\Drivers\secdrv.SYS 0x9D2D3000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x9D2F4000 \SystemRoot\System32\drivers\tcpipreg.sys 0x9D301000 \SystemRoot\System32\DRIVERS\srv2.sys 0x9D350000 \SystemRoot\System32\DRIVERS\srv.sys 0x9D3A1000 \SystemRoot\System32\drivers\ipnat.sys 0x9D200000 \SystemRoot\System32\Drivers\fastfat.SYS 0x9D3D0000 \??\C:\windows\system32\A6FD.tmp 0x771B0000 \Windows\System32\ntdll.dll 0x47B60000 \Windows\System32\smss.exe 0x773F0000 \Windows\System32\apisetschema.dll 0x00820000 \Windows\System32\autochk.exe 0x77380000 \Windows\System32\shlwapi.dll 0x77010000 \Windows\System32\setupapi.dll 0x772F0000 \Windows\System32\clbcatq.dll 0x76FF0000 \Windows\System32\imm32.dll 0x76F60000 \Windows\System32\oleaut32.dll 0x76F40000 \Windows\System32\sechost.dll 0x76EA0000 \Windows\System32\usp10.dll 0x76E50000 \Windows\System32\gdi32.dll 0x76E40000 \Windows\System32\nsi.dll 0x76DE0000 \Windows\System32\difxapi.dll 0x76DA0000 \Windows\System32\ws2_32.dll 0x76D90000 \Windows\System32\psapi.dll 0x76CB0000 \Windows\System32\kernel32.dll 0x76C10000 \Windows\System32\advapi32.dll 0x76A10000 \Windows\System32\iertutil.dll 0x75DC0000 \Windows\System32\shell32.dll 0x75D70000 \Windows\System32\Wldap32.dll 0x75D40000 \Windows\System32\imagehlp.dll 0x75C70000 \Windows\System32\user32.dll 0x75C60000 \Windows\System32\lpk.dll 0x75B60000 \Windows\System32\wininet.dll 0x75A90000 \Windows\System32\msctf.dll 0x75950000 \Windows\System32\urlmon.dll 0x758D0000 \Windows\System32\comdlg32.dll 0x75820000 \Windows\System32\msvcrt.dll 0x75810000 \Windows\System32\normaliz.dll 0x75760000 \Windows\System32\rpcrt4.dll 0x75600000 \Windows\System32\ole32.dll 0x75570000 \Windows\System32\comctl32.dll 0x75540000 \Windows\System32\cfgmgr32.dll 0x75420000 \Windows\System32\crypt32.dll 0x75400000 \Windows\System32\devobj.dll 0x753D0000 \Windows\System32\wintrust.dll 0x75380000 \Windows\System32\KernelBase.dll 0x75370000 \Windows\System32\msasn1.dll Processes (total 83): 0 System Idle Process 4 System 412 C:\Windows\System32\smss.exe 560 csrss.exe 628 C:\Windows\System32\wininit.exe 636 csrss.exe 684 C:\Windows\System32\services.exe 700 C:\Windows\System32\lsass.exe 708 C:\Windows\System32\lsm.exe 824 C:\Windows\System32\winlogon.exe 860 C:\Windows\System32\svchost.exe 920 C:\Windows\System32\nvvsvc.exe 960 C:\Windows\System32\svchost.exe 1032 C:\Windows\System32\svchost.exe 1072 C:\Windows\System32\svchost.exe 1112 C:\Windows\System32\svchost.exe 1256 C:\Windows\System32\svchost.exe 1344 C:\Program Files\Sandboxie\SbieSvc.exe 1356 C:\Windows\System32\nvvsvc.exe 1460 C:\Windows\System32\svchost.exe 1612 C:\Windows\System32\spoolsv.exe 1648 C:\Windows\System32\svchost.exe 1760 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1788 C:\Program Files\AVG\AVG9\avgwdsvc.exe 1824 C:\Program Files\Bonjour\mDNSResponder.exe 1848 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 1980 C:\Windows\System32\Rezip.exe 2024 C:\Program Files\CyberLink\Shared files\RichVideo.exe 500 C:\Windows\System32\svchost.exe 1192 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE 2124 C:\Program Files\AVG\AVG9\avgemc.exe 2400 C:\Program Files\AVG\AVG9\avgnsx.exe 2628 C:\Windows\System32\dwm.exe 2656 C:\Windows\explorer.exe 2704 C:\Windows\System32\taskhost.exe 2824 C:\Program Files\AVG\AVG9\avgcsrvx.exe 3008 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE 3080 C:\Windows\System32\alg.exe 3108 C:\Windows\System32\SearchIndexer.exe 3124 C:\Windows\System32\taskeng.exe 3240 C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe 3264 C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe 3288 C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe 3304 C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe 3388 C:\Program Files\AVG\AVG9\avgrsx.exe 3396 C:\Program Files\AVG\AVG9\avgchsvx.exe 3444 C:\Program Files\AVG\AVG9\avgcsrvx.exe 3972 C:\Windows\System32\svchost.exe 4016 C:\Windows\System32\svchost.exe 3660 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe 2372 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 3340 C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe 2080 C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe 3216 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 4176 C:\Program Files\AVG\AVG9\avgtray.exe 4192 C:\Program Files\Razer\DeathAdder\razerhid.exe 4212 C:\Program Files\Common Files\Java\Java Update\jusched.exe 4228 C:\Program Files\PowerISO\PWRISOVM.EXE 4404 C:\Program Files\iTunes\iTunesHelper.exe 4412 C:\Program Files\Razer\DeathAdder\razertra.exe 4600 C:\Program Files\Sandboxie\SbieCtrl.exe 4856 C:\Program Files\iPod\bin\iPodService.exe 4972 C:\Program Files\Razer\DeathAdder\razerofa.exe 5432 C:\Users\Samsung\AppData\Local\Google\Chrome\Application\chrome.exe 5520 C:\Users\Samsung\AppData\Local\Google\Chrome\Application\chrome.exe 5528 C:\Users\Samsung\AppData\Local\Google\Chrome\Application\chrome.exe 6128 C:\Program Files\Windows Media Player\wmpnetwk.exe 2696 C:\Users\Samsung\AppData\Local\Google\Chrome\Application\chrome.exe 5272 C:\Windows\System32\svchost.exe 4704 C:\Program Files\Spotify\spotify.exe 1900 C:\Steam\Steam.exe 4144 C:\Program Files\Common Files\Steam\SteamService.exe 6088 C:\Windows\System32\audiodg.exe 5776 C:\Users\Samsung\AppData\Local\Google\Chrome\Application\chrome.exe 5176 C:\Users\Samsung\AppData\Local\Google\Chrome\Application\chrome.exe 3368 Game.exe 3376 C:\Users\Samsung\AppData\Local\Google\Chrome\Application\chrome.exe 4736 C:\Windows\System32\SearchProtocolHost.exe 5564 C:\Windows\System32\SearchFilterHost.exe 6040 dllhost.exe 5652 dllhost.exe 3324 C:\Users\Samsung\Desktop\MBRCheck.exe 6140 C:\Windows\System32\conhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c6500000 (NTFS) PhysicalDrive0 Model Number: SAMSUNGHM500JI, Rev: 2AC101C4 Size Device Name MBR Status -------------------------------------------- 465 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: F5C09ACABD4A5370BDD907E8EDFE0C1DA0F9D3F5 Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Done! 2.Starta om datorn. Stäng av alla program inkl. antivirusprogram på samma sätt som du gjorde när du skulle köra ComboFix och så kör Rootkit Unhooker en gång till på samma sätt förutom att du inte ska bocka för "Files". RkU Version: 3.8.388.590, Type LE (SR2) ============================================== OS Name: Windows 7 Version 6.1.7600 Number of processors #4 ============================================== >Drivers ============================================== 0x93E3D000 C:\windows\system32\DRIVERS\nvlddmkm.sys 11001856 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 258.96 ) 0x8361E000 C:\windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System) 0x8361E000 PnpManager 4259840 bytes 0x8361E000 RAW 4259840 bytes 0x8361E000 WMIxWDM 4259840 bytes 0x98431000 C:\windows\system32\drivers\RTKVHDA.sys 2973696 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver) 0x98B00000 Win32k 2400256 bytes 0x98B00000 C:\windows\System32\win32k.sys 2400256 bytes (Microsoft Corporation, Win32-drivrutin för flera användare) 0x9241F000 C:\windows\System32\Drivers\dump_iaStor.sys 1789952 bytes 0x8CC10000 C:\windows\system32\DRIVERS\iaStor.sys 1789952 bytes (Intel Corporation, Intel Rapid Storage Technology driver - x86) 0x9263A000 C:\windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP-drivrutin) 0x93A74000 C:\windows\system32\DRIVERS\athr.sys 1286144 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver) 0x8CE13000 C:\windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NTFS-drivrutin) 0x948BD000 C:\windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel) 0x8D03F000 C:\windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20-drivrutin) 0x8C90F000 C:\windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module) 0x9C83D000 C:\windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver) 0x83293000 C:\windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP-protokollstack) 0x9315F000 C:\windows\system32\drivers\btwaudio.sys 528384 bytes (Broadcom Corporation., Bluetooth Audio Device) 0x8C83C000 C:\windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library) 0x930EC000 C:\windows\system32\DRIVERS\btwavdt.sys 471040 bytes (Broadcom Corporation., Broadcom Bluetooth AVDT Service) 0x8CA0E000 C:\windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernellägesdrivrutin för Framework Runtime) 0x98796000 C:\windows\System32\Drivers\bthport.sys 409600 bytes (Microsoft Corporation, Bluetooth-bussdrivrutin) 0x8CF80000 C:\windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation) 0x9285C000 C:\windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock) 0x9C95B000 C:\windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver) 0x9343D000 C:\windows\system32\DRIVERS\yk62x86.sys 331776 bytes (-, -) 0x9C90C000 C:\windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver) 0x98DB0000 C:\windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver) 0x93A29000 C:\windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 portdrivrutin) 0x8CB4F000 C:\windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver) 0x8CA8D000 C:\windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI-drivrutin för NT) 0x8322A000 C:\windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport-drivrutin) 0x9301B000 C:\windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB) 0x8C8CD000 C:\windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver) 0x92934000 C:\windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Drivrutin för Redirected Drive Buffering SubSystem) 0x98711000 C:\windows\system32\DRIVERS\udfs.sys 262144 bytes (Microsoft Corporation, UDF File System Driver) 0x8D159000 C:\windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Drivrutin för skuggkopior av volymer) 0x8D0F6000 C:\windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem) 0x83366000 C:\windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr) 0x92600000 C:\windows\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher) 0x934B3000 C:\windows\system32\DRIVERS\SynTP.sys 237568 bytes (Synaptics Incorporated, Synaptics Touchpad Driver) 0x94974000 C:\windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS) 0x83A2E000 ACPI_HAL 225280 bytes 0x83A2E000 C:\windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL) 0x929C1000 C:\windows\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver) 0x8CBB9000 C:\windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Filterhanteraren för Microsofts filsystem) 0x93599000 C:\windows\system32\drivers\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library) 0x8D000000 C:\windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver) 0x9282A000 C:\windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver) 0x92783000 C:\windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API) 0x93551000 C:\windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices)) 0x8D1A0000 C:\windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver) 0x8CF42000 C:\windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider) 0x8CAE6000 C:\windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI-uppräknare) 0x9C9AC000 C:\windows\System32\drivers\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator) 0x8C9BA000 C:\windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll) 0x8D134000 C:\windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages) 0x930C8000 C:\windows\system32\DRIVERS\rfcomm.sys 147456 bytes (Microsoft Corporation, Bluetooth RFCOMM Driver) 0x930A4000 C:\windows\System32\Drivers\usbvideo.sys 147456 bytes (Microsoft Corporation, USB Video Class Driver) 0x8CDCE000 C:\windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension) 0x83343000 C:\windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr) 0x9340B000 C:\windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption)) 0x9C8DE000 C:\windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver) 0x92800000 C:\windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface-drivrutin) 0x8C9DF000 C:\windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver) 0x92400000 C:\windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver) 0x949AD000 C:\windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver) 0x93502000 C:\windows\system32\DRIVERS\Impcd.sys 126976 bytes (Intel Corporation, Intel® Turbo Boost Technology Driver) 0x928BD000 C:\windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler) 0x93E00000 C:\Program Files\Sandboxie\SbieDrv.sys 126976 bytes (tzuk, Sandboxie Kernel Mode Driver) 0x98D90000 C:\windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver) 0x93087000 C:\windows\system32\drivers\nvhda32v.sys 118784 bytes (NVIDIA Corporation, NVIDIA HDMI Audio Driver) 0x93000000 C:\windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, Filterdrivrutin för LUA-filvirtualisering) 0x833A1000 C:\windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector) 0x949DB000 C:\windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver) 0x83318000 C:\windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver) 0x93580000 C:\windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers) 0x92995000 C:\windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver) 0x9348E000 C:\windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, Drivrutin för i8042 Port) 0x935DF000 C:\windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver) 0x93BB8000 C:\windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver) 0x93BD0000 C:\windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol) 0x93BE7000 C:\windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager) 0x927B4000 C:\windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver) 0x98400000 C:\windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver) 0x8CB9A000 C:\windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager) 0x93A00000 C:\windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library) 0x8CF6D000 C:\windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface) 0x83280000 C:\windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6) 0x928FB000 C:\windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver) 0x935CD000 C:\windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager) 0x98784000 C:\windows\System32\Drivers\BTHUSB.sys 73728 bytes (Microsoft Corporation, Bluetooth Miniport Driver) 0x93525000 C:\windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver) 0x83331000 C:\windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver) 0x8D1E5000 C:\windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver) 0x9875E000 C:\windows\System32\Drivers\dump_dumpfve.sys 69632 bytes 0x8CBED000 C:\windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver) 0x9305F000 C:\windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy) 0x8CB1B000 C:\windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver) 0x8C8B4000 C:\windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Plattformsspecifik drivrutin för maskinvarufel) 0x928DC000 C:\windows\system32\DRIVERS\vwififlt.sys 69632 bytes (Microsoft Corporation, Virtual WiFi Filter Driver) 0x931EB000 C:\windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver) 0x8D1CD000 C:\windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver) 0x83270000 C:\windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, I/O-drivrutin för NDIS-användarläge) 0x9290E000 C:\windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver) 0x8CB3F000 C:\windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver) 0x949CC000 C:\windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver) 0x929AD000 C:\windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver) 0x928ED000 C:\windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver) 0x8C80B000 C:\windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver) 0x8CC00000 C:\windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension) 0x8CFDD000 C:\windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver) 0x9291E000 C:\windows\System32\Drivers\SCDEmu.SYS 57344 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive) 0x93A13000 C:\windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator) 0x8CA7F000 C:\windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader) 0x98417000 C:\windows\system32\DRIVERS\BthEnum.sys 53248 bytes (Microsoft Corporation, Bluetooth Bus Extender) 0x93537000 C:\windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator) 0x98751000 C:\windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver) 0x934A6000 C:\windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Tangentbordsklassdrivrutin) 0x934EF000 C:\windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Musklassdrivrutin) 0x93544000 C:\windows\system32\drivers\ScreamingBAudio.sys 53248 bytes (Screaming Bee LLC, Screaming Bee Audio Driver) 0x9C8FF000 C:\windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver) 0x8CE00000 C:\windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver) 0x92989000 C:\windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver) 0x9307B000 C:\windows\system32\DRIVERS\kbdhid.sys 49152 bytes (Microsoft Corporation, Filterdrivrutin för HID-tangentbord) 0x8CFF4000 C:\windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver) 0x8CB34000 C:\windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver) 0x98424000 C:\windows\system32\DRIVERS\btwl2cap.sys 45056 bytes (Broadcom Corporation., Broadcom Bluetooth L2CAP Service) 0x931E0000 C:\windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices) 0x9876F000 C:\windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver) 0x93070000 C:\windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, Filterdrivrutin för HID-mus) 0x8C800000 C:\windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver) 0x93400000 C:\windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver) 0x927CB000 C:\windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper) 0x8CB10000 C:\windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Rotnumrerare för virtuell enhet) 0x9877A000 C:\windows\system32\drivers\btusbflt.sys 40960 bytes (Broadcom Corporation., Widcomm Bluetooth USB Filter for Windows XP) 0x98707000 C:\windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver) 0x8CDF1000 C:\windows\system32\DRIVERS\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver) 0x9297F000 C:\windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver) 0x92975000 C:\windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy) 0x9C8D4000 C:\windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver) 0x93BAE000 C:\windows\system32\DRIVERS\vwifibus.sys 40960 bytes (Microsoft Corporation, Virtuell WiFi-bussdrivrutin) 0x8CBB0000 C:\windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver) 0x8CDC5000 C:\windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver) 0x8CFEB000 C:\windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver) 0x9C9D2000 C:\windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver) 0x98D60000 C:\windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver) 0x8CAD5000 C:\windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll) 0x8C8C5000 C:\windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver) 0x8CB2C000 C:\windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver) 0x8D1DD000 C:\windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver) 0x80BAB000 C:\windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger) 0x8CADE000 C:\windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver) 0x925F7000 C:\windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport) 0x8D1F6000 C:\windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport) 0x8CA00000 C:\windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport) 0x9292C000 C:\windows\system32\Drivers\SABI.sys 32768 bytes (SAMSUNG ELECTRONICS, SAMSUNG Kernel Driver) 0x8D198000 C:\windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor) 0x925F0000 C:\windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver) 0x9342F000 C:\windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library) 0x925E9000 C:\windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver) 0x928B6000 C:\windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver) 0x929BB000 C:\windows\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver) 0x934FC000 C:\windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter) 0x93521000 C:\windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver) 0x987FA000 C:\windows\system32\DRIVERS\btwrchid.sys 12288 bytes (Broadcom Corporation., Bluetooth Remote Control HID Minidriver) 0x987FD000 C:\windows\system32\drivers\dadder.sys 12288 bytes (Razer (Asia-Pacific) Pte Ltd, Razer Habu USB Optical Mouse Driver) 0x948BB000 C:\windows\system32\DRIVERS\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 258.96 ) 0x93436000 C:\windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator) 0x934ED000 C:\windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver) 0x9342D000 C:\windows\system32\DRIVERS\vHidDev.sys 8192 bytes (Windows ® Win 7 DDK provider, Virtual Hid Device) ============================================== >Stealth ============================================== ============================================== >Hooks ============================================== Device object-->ParseProcedure, Type: Kernel Object [unknown_code_page] File object-->ParseProcedure, Type: Kernel Object [unknown_code_page] Key object-->ParseProcedure, Type: Kernel Object [unknown_code_page] LpcPort object-->OpenProcedure, Type: Kernel Object [unknown_code_page] ntkrnlpa.exe-->NtAlpcSendWaitReceivePort, Type: Inline - RelativeJump 0x83893135-->805B1DE0 [unknown_code_page] ntkrnlpa.exe-->NtRequestPort, Type: Inline - RelativeJump 0x838A8DC3-->805B1CA0 [unknown_code_page] ntkrnlpa.exe-->NtRequestWaitReplyPort, Type: Inline - RelativeJump 0x83894B5D-->805B1D40 [unknown_code_page] ntkrnlpa.exe-->NtTraceEvent, Type: Inline - RelativeJump 0x83650E34-->805B1C00 [unknown_code_page] Section object-->OpenProcedure, Type: Kernel Object [unknown_code_page] !!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =) Redigerad September 16, 2010 av Niki Citera Länk till kommentar Dela på andra webbplatser Fler delningsalternativ...
Cecilia Postad September 16, 2010 Dela Postad September 16, 2010 Det är Sandboxie som får Rootkit Unhooker att tycka att det är rootkit-aktivitet i datorn, så det är ett falsklarm. Du ska få göra en kopia av MBR eftersom den rapporterades som "Found non-standard or infected MBR." Kör MBRCheck. Vänta tills texten "Enter 'Y' and hit ENTER for more options, or 'N' to exit:" visas. Tryck Y följt av Enter. Texten "Enter your choice:" visas. Tryck 1 följt av Enter. Tryck 0 och Enter för att ange att det gäller den första hårddisken. Därefter kommer en fråga om i vilken mapp dumpfilen ska skapas och vad den ska heta. Du kan t ex skriva in C:\nikimbr.txt följt av Enter. När det är klart tryck på Enter. En loggfil skapas på Skrivbordet som heter MBRCheckxxxxxx.txt där xxxxxx är klockslaget för körningen. Klistra in dess innehåll i ditt svar. Dumpfilen C:\nikimbr.txt ska du bifoga till ditt svar. Citera Länk till kommentar Dela på andra webbplatser Fler delningsalternativ...
Niki Postad September 17, 2010 Författare Dela Postad September 17, 2010 (redigerade) Det är Sandboxie som får Rootkit Unhooker att tycka att det är rootkit-aktivitet i datorn, så det är ett falsklarm. Du ska få göra en kopia av MBR eftersom den rapporterades som "Found non-standard or infected MBR." Kör MBRCheck. Vänta tills texten "Enter 'Y' and hit ENTER for more options, or 'N' to exit:" visas. Tryck Y följt av Enter. Texten "Enter your choice:" visas. Tryck 1 följt av Enter. Tryck 0 och Enter för att ange att det gäller den första hårddisken. Därefter kommer en fråga om i vilken mapp dumpfilen ska skapas och vad den ska heta. Du kan t ex skriva in C:\nikimbr.txt följt av Enter. När det är klart tryck på Enter. En loggfil skapas på Skrivbordet som heter MBRCheckxxxxxx.txt där xxxxxx är klockslaget för körningen. Klistra in dess innehåll i ditt svar. Dumpfilen C:\nikimbr.txt ska du bifoga till ditt svar. MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows 7 Home Premium Edition Windows Information: (build 7600), 32-bit Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD. BIOS Manufacturer: American Megatrends Inc. System Manufacturer: SAMSUNG ELECTRONICS CO., LTD. System Product Name: R780/R778 Logical Drives Mask: 0x0000001c Kernel Drivers (total 205): 0x83615000 \SystemRoot\system32\ntkrnlpa.exe 0x83A25000 \SystemRoot\system32\halmacpi.dll 0x80BCB000 \SystemRoot\system32\kdcom.dll 0x8C826000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x8C89E000 \SystemRoot\system32\PSHED.dll 0x8C8AF000 \SystemRoot\system32\BOOTVID.dll 0x8C8B7000 \SystemRoot\system32\CLFS.SYS 0x8C8F9000 \SystemRoot\system32\CI.dll 0x8CA09000 \SystemRoot\system32\drivers\Wdf01000.sys 0x8CA7A000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8CA88000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x8CAD0000 \SystemRoot\system32\DRIVERS\WMILIB.SYS 0x8CAD9000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x8CAE1000 \SystemRoot\system32\DRIVERS\pci.sys 0x8CB0B000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x8CB16000 \SystemRoot\System32\drivers\partmgr.sys 0x8CB27000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x8CB2F000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x8CB3A000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x8CB4A000 \SystemRoot\System32\drivers\volmgrx.sys 0x8CB95000 \SystemRoot\System32\drivers\mountmgr.sys 0x8CC02000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x8CDB7000 \SystemRoot\system32\DRIVERS\atapi.sys 0x8CDC0000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x8CDE3000 \SystemRoot\system32\DRIVERS\msahci.sys 0x8CDED000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x8CBAB000 \SystemRoot\system32\DRIVERS\amdxata.sys 0x8CBB4000 \SystemRoot\system32\drivers\fltmgr.sys 0x8CBE8000 \SystemRoot\system32\drivers\fileinfo.sys 0x8CE1E000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8CF4D000 \SystemRoot\System32\Drivers\msrpc.sys 0x8CF78000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8CF8B000 \SystemRoot\System32\Drivers\cng.sys 0x8CFE8000 \SystemRoot\System32\drivers\pcw.sys 0x8CFF6000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x8D00F000 \SystemRoot\system32\drivers\ndis.sys 0x8D0C6000 \SystemRoot\system32\drivers\NETIO.SYS 0x8D104000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x8D129000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x8D168000 \SystemRoot\System32\Drivers\spldr.sys 0x8D170000 \SystemRoot\System32\drivers\rdyboost.sys 0x8D19D000 \SystemRoot\System32\Drivers\mup.sys 0x8D1AD000 \SystemRoot\System32\drivers\hwpolicy.sys 0x8D1B5000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x8D1E7000 \SystemRoot\system32\DRIVERS\disk.sys 0x8C9A4000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x923D5000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x923F4000 \SystemRoot\System32\Drivers\Null.SYS 0x92200000 \SystemRoot\System32\Drivers\Beep.SYS 0x8CE00000 \SystemRoot\System32\drivers\vga.sys 0x8C9C9000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x8CE0C000 \SystemRoot\System32\drivers\watchdog.sys 0x92207000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x8D1F8000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8CA00000 \SystemRoot\system32\drivers\rdprefmp.sys 0x8C9EA000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8C800000 \SystemRoot\System32\Drivers\Npfs.SYS 0x91C38000 \SystemRoot\System32\drivers\tcpip.sys 0x91D81000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x91DB2000 \SystemRoot\system32\DRIVERS\tdx.sys 0x91DC9000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x92430000 \SystemRoot\System32\Drivers\avgtdix.sys 0x9246A000 \SystemRoot\System32\DRIVERS\netbt.sys 0x9249C000 \SystemRoot\system32\drivers\afd.sys 0x924F6000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x924FD000 \SystemRoot\system32\DRIVERS\pacer.sys 0x9251C000 \SystemRoot\system32\DRIVERS\vwififlt.sys 0x9252D000 \SystemRoot\system32\DRIVERS\netbios.sys 0x9253B000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x9254E000 \SystemRoot\system32\DRIVERS\termdd.sys 0x9255E000 \SystemRoot\System32\Drivers\SCDEmu.SYS 0x9256C000 \??\C:\windows\system32\Drivers\SABI.sys 0x92574000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x925B5000 \SystemRoot\system32\drivers\nsiproxy.sys 0x925BF000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x925C9000 \SystemRoot\System32\drivers\discache.sys 0x925D5000 \SystemRoot\System32\Drivers\dfsc.sys 0x925ED000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x92400000 \SystemRoot\System32\Drivers\avgmfx86.sys 0x91C00000 \SystemRoot\System32\Drivers\avgldx86.sys 0x92406000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x93019000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x93A97000 \SystemRoot\system32\DRIVERS\nvBridge.kmd 0x93A99000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x93B50000 \SystemRoot\System32\drivers\dxgmms1.sys 0x93B89000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x93BA8000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x9420E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x94259000 \SystemRoot\system32\DRIVERS\athr.sys 0x94393000 \SystemRoot\system32\DRIVERS\vwifibus.sys 0x9439D000 \SystemRoot\system32\DRIVERS\yk62x86.sys 0x93BB7000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x943EE000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x94021000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x9405B000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x9405D000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x9406A000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x94070000 \SystemRoot\system32\DRIVERS\Impcd.sys 0x9408F000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x94093000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x940A5000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x940B2000 \SystemRoot\system32\drivers\ScreamingBAudio.sys 0x940BF000 \SystemRoot\system32\drivers\portcls.sys 0x940EE000 \SystemRoot\system32\drivers\drmk.sys 0x94107000 \SystemRoot\system32\drivers\ks.sys 0x9413B000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x9414D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x94165000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x94170000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x94192000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x941AA000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x941C1000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x941D8000 \SystemRoot\system32\DRIVERS\vHidDev.sys 0x941DA000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x941ED000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x941F4000 \SystemRoot\system32\DRIVERS\swenum.sys 0x94000000 \SystemRoot\system32\DRIVERS\umbus.sys 0x95010000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x95054000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x95065000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x95070000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x9507C000 \SystemRoot\system32\drivers\nvhda32v.sys 0x97022000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x97750000 \SystemRoot\System32\win32k.sys 0x972F8000 \SystemRoot\System32\drivers\Dxapi.sys 0x97302000 \SystemRoot\system32\DRIVERS\udfs.sys 0x97342000 \SystemRoot\System32\Drivers\crashdmp.sys 0x9220F000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x9734F000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x97360000 \SystemRoot\system32\DRIVERS\monitor.sys 0x9736B000 \SystemRoot\system32\drivers\dadder.sys 0x9736E000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x979B0000 \SystemRoot\System32\TSDDD.dll 0x979E0000 \SystemRoot\System32\cdd.dll 0x97600000 \SystemRoot\System32\ATMFD.DLL 0x97379000 \SystemRoot\system32\drivers\luafv.sys 0x97394000 \SystemRoot\system32\drivers\WudfPf.sys 0x973AE000 \SystemRoot\system32\drivers\btusbflt.sys 0x973B8000 \SystemRoot\System32\Drivers\BTHUSB.sys 0x95099000 \SystemRoot\System32\Drivers\bthport.sys 0x973CA000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x950FD000 \SystemRoot\System32\Drivers\usbvideo.sys 0x95121000 \SystemRoot\system32\DRIVERS\rfcomm.sys 0x973E1000 \SystemRoot\system32\DRIVERS\BthEnum.sys 0x95145000 \SystemRoot\system32\DRIVERS\btwavdt.sys 0x97415000 \SystemRoot\system32\drivers\btwaudio.sys 0x97496000 \SystemRoot\system32\DRIVERS\btwl2cap.sys 0x974A1000 \SystemRoot\system32\DRIVERS\btwrchid.sys 0x974A4000 \??\C:\Program Files\Sandboxie\SbieDrv.sys 0x974C3000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x974D3000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x97519000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x97529000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x9753C000 \SystemRoot\system32\drivers\HTTP.sys 0x975C1000 \SystemRoot\system32\DRIVERS\bowser.sys 0x975DA000 \SystemRoot\System32\drivers\mpsdrv.sys 0x951B8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x83219000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x83254000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x83287000 \SystemRoot\system32\drivers\peauth.sys 0x8331E000 \SystemRoot\System32\Drivers\secdrv.SYS 0x83328000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x83349000 \SystemRoot\System32\drivers\tcpipreg.sys 0x83356000 \SystemRoot\System32\DRIVERS\srv2.sys 0x833A5000 \SystemRoot\System32\DRIVERS\srv.sys 0x93BCF000 \SystemRoot\System32\drivers\ipnat.sys 0x76FE0000 \Windows\System32\ntdll.dll 0x47F70000 \Windows\System32\smss.exe 0x77220000 \Windows\System32\apisetschema.dll 0x008F0000 \Windows\System32\autochk.exe 0x77160000 \Windows\System32\msvcrt.dll 0x76F80000 \Windows\System32\shlwapi.dll 0x77130000 \Windows\System32\imagehlp.dll 0x77120000 \Windows\System32\nsi.dll 0x76F00000 \Windows\System32\comdlg32.dll 0x76EB0000 \Windows\System32\gdi32.dll 0x76EA0000 \Windows\System32\lpk.dll 0x76E10000 \Windows\System32\clbcatq.dll 0x76DF0000 \Windows\System32\imm32.dll 0x76D50000 \Windows\System32\advapi32.dll 0x76B50000 \Windows\System32\iertutil.dll 0x75F00000 \Windows\System32\shell32.dll 0x75EB0000 \Windows\System32\Wldap32.dll 0x75EA0000 \Windows\System32\psapi.dll 0x75E40000 \Windows\System32\difxapi.dll 0x75D70000 \Windows\System32\user32.dll 0x75CE0000 \Windows\System32\oleaut32.dll 0x75C10000 \Windows\System32\msctf.dll 0x75B60000 \Windows\System32\rpcrt4.dll 0x759C0000 \Windows\System32\setupapi.dll 0x75920000 \Windows\System32\usp10.dll 0x75820000 \Windows\System32\wininet.dll 0x757E0000 \Windows\System32\ws2_32.dll 0x757D0000 \Windows\System32\normaliz.dll 0x75690000 \Windows\System32\urlmon.dll 0x75670000 \Windows\System32\sechost.dll 0x75590000 \Windows\System32\kernel32.dll 0x75430000 \Windows\System32\ole32.dll 0x75400000 \Windows\System32\wintrust.dll 0x753B0000 \Windows\System32\KernelBase.dll 0x75390000 \Windows\System32\devobj.dll 0x75360000 \Windows\System32\cfgmgr32.dll 0x752D0000 \Windows\System32\comctl32.dll 0x751B0000 \Windows\System32\crypt32.dll 0x751A0000 \Windows\System32\msasn1.dll Processes (total 79): 0 System Idle Process 4 System 412 C:\Windows\System32\smss.exe 560 csrss.exe 636 C:\Windows\System32\wininit.exe 644 csrss.exe 692 C:\Windows\System32\services.exe 708 C:\Windows\System32\lsass.exe 716 C:\Windows\System32\lsm.exe 812 C:\Windows\System32\svchost.exe 876 C:\Windows\System32\nvvsvc.exe 920 C:\Windows\System32\svchost.exe 984 C:\Windows\System32\svchost.exe 1032 C:\Windows\System32\svchost.exe 1068 C:\Windows\System32\svchost.exe 1180 C:\Windows\System32\svchost.exe 1232 C:\Windows\System32\winlogon.exe 1284 C:\Program Files\Sandboxie\SbieSvc.exe 1384 C:\Windows\System32\svchost.exe 1584 C:\Windows\System32\nvvsvc.exe 1660 C:\Windows\System32\spoolsv.exe 1716 C:\Windows\System32\svchost.exe 1816 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1844 C:\Program Files\AVG\AVG9\avgwdsvc.exe 1864 C:\Program Files\Bonjour\mDNSResponder.exe 1904 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 292 C:\Windows\System32\Rezip.exe 556 C:\Program Files\CyberLink\Shared files\RichVideo.exe 1776 C:\Windows\System32\dwm.exe 900 C:\Windows\System32\taskhost.exe 1940 C:\Windows\System32\svchost.exe 2204 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE 2252 C:\Windows\explorer.exe 2336 C:\Program Files\AVG\AVG9\avgemc.exe 2404 C:\Program Files\AVG\AVG9\avgnsx.exe 2888 C:\Program Files\AVG\AVG9\avgcsrvx.exe 3036 C:\Windows\System32\taskeng.exe 3052 C:\Windows\System32\SearchIndexer.exe 3216 C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe 3228 C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe 3240 C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe 3276 C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe 3292 C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe 3388 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe 3396 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 3412 C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe 3580 C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe 3656 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE 3728 C:\Program Files\AVG\AVG9\avgtray.exe 3736 C:\Program Files\Razer\DeathAdder\razerhid.exe 3760 C:\Program Files\Common Files\Java\Java Update\jusched.exe 3768 C:\Program Files\PowerISO\PWRISOVM.EXE 3832 C:\Program Files\AVG\AVG9\avgchsvx.exe 3840 C:\Program Files\AVG\AVG9\avgrsx.exe 3912 C:\Program Files\Razer\DeathAdder\razertra.exe 3928 C:\Program Files\AVG\AVG9\avgcsrvx.exe 3968 C:\Program Files\iTunes\iTunesHelper.exe 828 C:\Windows\System32\alg.exe 3028 C:\Program Files\Sandboxie\SbieCtrl.exe 3572 C:\Windows\System32\svchost.exe 4448 C:\Windows\System32\svchost.exe 4688 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 5196 C:\Program Files\Windows Media Player\wmpnetwk.exe 5336 C:\Program Files\Razer\DeathAdder\razerofa.exe 5500 C:\Program Files\iPod\bin\iPodService.exe 4336 C:\Windows\System32\svchost.exe 5768 C:\Users\Samsung\AppData\Local\Google\Chrome\Application\chrome.exe 1348 C:\Users\Samsung\AppData\Local\Google\Chrome\Application\chrome.exe 1492 C:\Users\Samsung\AppData\Local\Google\Chrome\Application\chrome.exe 3672 C:\Users\Samsung\AppData\Local\Google\Chrome\Application\chrome.exe 4252 C:\Users\Samsung\AppData\Local\Google\Chrome\Application\chrome.exe 6012 C:\Windows\System32\audiodg.exe 2244 C:\Windows\System32\SearchProtocolHost.exe 1632 C:\Windows\System32\SearchFilterHost.exe 2036 C:\Windows\System32\notepad.exe 5920 dllhost.exe 5744 dllhost.exe 632 C:\Users\Samsung\Desktop\MBRCheck.exe 5060 C:\Windows\System32\conhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c6500000 (NTFS) PhysicalDrive0 Model Number: SAMSUNGHM500JI, Rev: 2AC101C4 Size Device Name MBR Status -------------------------------------------- 465 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: F5C09ACABD4A5370BDD907E8EDFE0C1DA0F9D3F5 Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Options: [1] Dump the MBR of a physical disk to file. [2] Restore the MBR of a physical disk with a standard boot code. [3] Exit. Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit): 0Dumping \\.\PhysicalDisk0... Enter filename to dump to: c:\niki2Dumped successfully! Enter the physical disk number to dump (0-99, -1 to exit): 0Dumping \\.\PhysicalDisk0... Enter filename to dump to: c:\niki.txtDumped successfully! Enter the physical disk number to dump (0-99, -1 to exit): -1 Done! Redigerad September 17, 2010 av Niki Citera Länk till kommentar Dela på andra webbplatser Fler delningsalternativ...
Cecilia Postad September 17, 2010 Dela Postad September 17, 2010 Bifoga c:\niki.txt som du gjorde med Attach.txt, dvs klistra inte in den. Citera Länk till kommentar Dela på andra webbplatser Fler delningsalternativ...
Niki Postad September 17, 2010 Författare Dela Postad September 17, 2010 (redigerade) Bifoga c:\niki.txt som du gjorde med Attach.txt, dvs klistra inte in den. Sås niki.txt Redigerad September 17, 2010 av Niki Citera Länk till kommentar Dela på andra webbplatser Fler delningsalternativ...
Cecilia Postad September 17, 2010 Dela Postad September 17, 2010 Tack, jag har skickat dumpfilen till en annan person för kontroll så det kan ta ett par dagar innan jag har ett svar. Spara Catchme på Skrivbordet från: http://www2.gmer.net/catchme.exe Stäng alla program, även antivirusprogrammet. Starta programmet Catchme. Klicka på knappen "Scan". Loggen skapas i filen catchme.log. Öppna den och klistra in resultatet. Citera Länk till kommentar Dela på andra webbplatser Fler delningsalternativ...
Niki Postad September 17, 2010 Författare Dela Postad September 17, 2010 Tack, jag har skickat dumpfilen till en annan person för kontroll så det kan ta ett par dagar innan jag har ett svar. Spara Catchme på Skrivbordet från: http://www2.gmer.net/catchme.exe Stäng alla program, även antivirusprogrammet. Starta programmet Catchme. Klicka på knappen "Scan". Loggen skapas i filen catchme.log. Öppna den och klistra in resultatet. Ok! Här kommer den då. http://www.woofiles.com/dl-206423-kK1X7MdV-catchme.log Citera Länk till kommentar Dela på andra webbplatser Fler delningsalternativ...
Cecilia Postad September 21, 2010 Dela Postad September 21, 2010 Jag är ledsen att det drar ut så på tiden för det brukar inte dröja så här länge innan jag får svar. Citera Länk till kommentar Dela på andra webbplatser Fler delningsalternativ...
Cecilia Postad September 30, 2010 Dela Postad September 30, 2010 Har du gett upp, Niki, och formaterat om eller vad har hänt under väntetiden? Jag vet inte varför vi plötsligt inte får några svar när det gäller innehållet i MBR. Är det en märkesdator du har? Citera Länk till kommentar Dela på andra webbplatser Fler delningsalternativ...
Recommended Posts
Delta i dialogen
Du kan skriva svaret nu och registrera dig senare, Om du har ett konto, logga in nu för att svara på inlägget.