I scanned my pc with RogueKiller and this is what it found:
RogueKiller V10.0.0.0 (x64) [Oct 7 2014] by Adlice Software
mail :
http://www.adlice.com/contact/Feedback :
http://forum.adlice.comWebsite :
http://www.adlice.com/softwares/roguekiller/Blog :
http://www.adlice.comOperating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Ant [Administrator]
Mode : Scan -- Date : 10/08/2014 17:11:52
¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] explorer.exe -- C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll[-] -> Unloaded
¤¤¤ Registry : 10 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\1SecureIconsProvider | (default) : {FC9D8189-520A-4417-AED7-9EAC810C6FBA} -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NVR0Dev (\??\C:\Windows\nvoclk64.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NVR0Dev (\??\C:\Windows\nvoclk64.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NVR0Dev (\??\C:\Windows\nvoclk64.sys) -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-14057114-1929341420-811863276-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-14057114-1929341420-811863276-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] \\{AEEA16D3-3F13-425B-BC64-0F6ED5FE7537} -- C:\Users\Ant\Desktop\Repair\SETUP.EXE -> Found
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 7 (Driver: Loaded) ¤¤¤
[IRP:Addr()] \SystemRoot\system32\drivers\winhv.sys - IRP_MJ_CREATE[0] : C:\Windows\system32\DRIVERS\wanarp.sys @ 0x44172c0
[IRP:Addr()] \SystemRoot\system32\drivers\winhv.sys - IRP_MJ_CLOSE[2] : C:\Windows\system32\DRIVERS\wanarp.sys @ 0x44172c0
[IRP:Addr()] \SystemRoot\system32\drivers\winhv.sys - IRP_MJ_DEVICE_CONTROL[14] : C:\Windows\system32\DRIVERS\wanarp.sys @ 0x44172c0
[IRP:Addr()] \SystemRoot\system32\drivers\winhv.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : C:\Windows\system32\DRIVERS\wanarp.sys @ 0x44172c0
[IRP:Addr()] \SystemRoot\system32\drivers\winhv.sys - IRP_MJ_POWER[22] : C:\Windows\system32\DRIVERS\wanarp.sys @ 0x44172c0
[IRP:Addr()] \SystemRoot\system32\drivers\winhv.sys - IRP_MJ_SYSTEM_CONTROL[23] : C:\Windows\system32\DRIVERS\wanarp.sys @ 0x44172c0
[IRP:Addr()] \SystemRoot\system32\drivers\winhv.sys - IRP_MJ_PNP[27] : C:\Windows\system32\DRIVERS\wanarp.sys @ 0x44172c0
¤¤¤ Web browsers : 2 ¤¤¤
[PUP][FIREFX:Addon] zn2mznam.default-1401590938101 : Yahoo Toolbar [{635abd67-4fe9-1b23-4f01-e679fa7484c1}] -> Found
[PUM.HomePage][FIREFX:Config] zn2mznam.default-1401590938101 : user_pref("browser.startup.homepage", "
https://www.yahoo.com/"); -> Found
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDT725050VLA SCSI Disk Device +++++
--- User ---
[MBR] 47d76333728429985490a5f9fad5fb30
[BSP] ceb84c3e7b096f62a58a22cb4210973b : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 476937 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )
+++++ PhysicalDrive1: WDC WD25 00YD-01NVB1 SCSI Disk Device +++++
--- User ---
[MBR] 1ee9b8534a60ce0cc5c1155e085baba1
[BSP] c051dc113bef829b0bec51989611ac9a : Windows XP MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 239371 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )
============================================
RKreport_SCN_10012014_215041.log - RKreport_SCN_10072014_194254.log - RKreport_SCN_10072014_205334.log
What should I do?
Topic: RogueKiller detected bad processes, need help. (Read 4830 times)
